VerosK/beat.yml

## beat.yml
apiVersion: beat.k8s.elastic.co/v1beta1
kind: Beat
metadata:
  name: syslog
spec:
  type: filebeat
  version: 8.1.3
  elasticsearchRef:
    name: logs
  config:
    filebeat.inputs:
    - type: syslog
      format: auto
      tags: [ "syslog" ]
      protocol:
        tcp.host: 0.0.0.0:9000
  daemonSet:
    podTemplate:
      metadata:
        labels:
          app.kubernetes.io/instance: syslog
      spec:
        dnsPolicy: ClusterFirstWithHostNet
        dnsConfig:
          options:
           - name: ndots
             value: "3"
        hostNetwork: true
        securityContext:
          runAsUser: 0
        containers:
          - name: filebeat
            ports:
              - name: syslog
                containerPort: 9000

## es.yaml
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: logs
  namespace: default
spec:
  version: 8.1.3
  nodeSets:
  - name: default
    count: 3
    config:
      node.store.allow_mmap: false
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path.
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        storageClassName: csi-rbd-sc
  http:
    service:
      spec:
        type: ClusterIP

## haproxy.cf
 Ansible managed
#
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------

global
log /dev/log  local0
        log /dev/log  local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------

defaults
log     global
        mode    http
        option  httplog
        option  dontlognull
        maxconn                 100
        timeout connect 5000
        timeout client  50000
        timeout server  50000

frontend default
        bind *:80
        mode http
        default_backend             forbidden

frontend elasticsearch
        bind 10.10.4.52:9200   # public address or 0.0.0.0
        mode tcp
        default_backend             elasticsearch

frontend stats
        bind 127.0.0.1:10001
        mode http
        use_backend stats

backend stats
        stats enable
        stats uri /stats/
        stats admin if TRUE

backend elasticsearch
        mode tcp
        server es01 172.28.92.01:9200 # internal svc address

backend forbidden
        #    errorfile 503 /usr/share/haproxy/403.http
        acl true always_true
        http-request deny if true

## kibana.yml
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: logs
  namespace: default
spec:
  version: 8.1.3
  count: 1
  elasticsearchRef:
    name: logs
  config:
    server.ssl.enabled: false
  http:
    tls:
      selfSignedCertificate:
        disabled: true
#  podTemplate:
#    spec:
#      containers:
#      - name: kibana
#        readinessProbe:
#          httpGet:
#            path: /login
#            port: 5601
#            scheme: HTTP
	apiVersion: beat.k8s.elastic.co/v1beta1
	kind: Beat
	metadata:
	name: syslog
	spec:
	type: filebeat
	version: 8.1.3
	elasticsearchRef:
	name: logs
	config:
	filebeat.inputs:
	- type: syslog
	format: auto
	tags: [ "syslog" ]
	protocol:
	tcp.host: 0.0.0.0:9000
	daemonSet:
	podTemplate:
	metadata:
	labels:
	app.kubernetes.io/instance: syslog
	spec:
	dnsPolicy: ClusterFirstWithHostNet
	dnsConfig:
	options:
	- name: ndots
	value: "3"
	hostNetwork: true
	securityContext:
	runAsUser: 0
	containers:
	- name: filebeat
	ports:
	- name: syslog
	containerPort: 9000
	apiVersion: elasticsearch.k8s.elastic.co/v1
	kind: Elasticsearch
	metadata:
	name: logs
	namespace: default
	spec:
	version: 8.1.3
	nodeSets:
	- name: default
	count: 3
	config:
	node.store.allow_mmap: false
	volumeClaimTemplates:
	- metadata:
	name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path.
	spec:
	accessModes:
	- ReadWriteOnce
	resources:
	requests:
	storage: 10Gi
	storageClassName: csi-rbd-sc
	http:
	service:
	spec:
	type: ClusterIP
	Ansible managed
	#
	#---------------------------------------------------------------------
	# Global settings
	#---------------------------------------------------------------------

	global
	log /dev/log local0
	log /dev/log local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	#---------------------------------------------------------------------
	# common defaults that all the 'listen' and 'backend' sections will
	# use if not designated in their block
	#---------------------------------------------------------------------

	defaults
	log global
	mode http
	option httplog
	option dontlognull
	maxconn 100
	timeout connect 5000
	timeout client 50000
	timeout server 50000

	frontend default
	bind *:80
	mode http
	default_backend forbidden

	frontend elasticsearch
	bind 10.10.4.52:9200 # public address or 0.0.0.0
	mode tcp
	default_backend elasticsearch

	frontend stats
	bind 127.0.0.1:10001
	mode http
	use_backend stats

	backend stats
	stats enable
	stats uri /stats/
	stats admin if TRUE

	backend elasticsearch
	mode tcp
	server es01 172.28.92.01:9200 # internal svc address

	backend forbidden
	# errorfile 503 /usr/share/haproxy/403.http
	acl true always_true
	http-request deny if true
	apiVersion: kibana.k8s.elastic.co/v1
	kind: Kibana
	metadata:
	name: logs
	namespace: default
	spec:
	version: 8.1.3
	count: 1
	elasticsearchRef:
	name: logs
	config:
	server.ssl.enabled: false
	http:
	tls:
	selfSignedCertificate:
	disabled: true
	# podTemplate:
	# spec:
	# containers:
	# - name: kibana
	# readinessProbe:
	# httpGet:
	# path: /login
	# port: 5601
	# scheme: HTTP