Created
August 14, 2019 10:50
-
-
Save kvaps/b08c77f297c5cab21c237fd821310653 to your computer and use it in GitHub Desktop.
Journalbeat config for Kubernetes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| data: | |
| journalbeat.yml: | | |
| name: "${NODENAME}" | |
| journalbeat.inputs: | |
| - paths: [] | |
| seek: cursor | |
| cursor_seek_fallback: tail | |
| processors: | |
| - add_kubernetes_metadata: | |
| host: "${NODENAME}" | |
| in_cluster: true | |
| default_indexers.enabled: false | |
| default_matchers.enabled: false | |
| indexers: | |
| - container: | |
| matchers: | |
| - fields: | |
| lookup_fields: ["container.id"] | |
| - decode_json_fields: | |
| fields: ["message"] | |
| process_array: false | |
| max_depth: 1 | |
| target: "" | |
| overwrite_keys: true | |
| - drop_event.when: | |
| or: | |
| - regexp.kubernetes.pod.name: "filebeat-.*" | |
| - regexp.kubernetes.pod.name: "journalbeat-.*" | |
| - regexp.kubernetes.pod.name: "nginx-ingress-controller-.*" | |
| - regexp.kubernetes.pod.name: "prometheus-operator-.*" | |
| setup.template.enabled: false | |
| setup.template.name: "journal-${ENVIRONMENT}-%{[agent.version]}" | |
| setup.template.pattern: "journal-${ENVIRONMENT}-%{[agent.version]}-*" | |
| setup.template.settings: | |
| index.number_of_shards: 10 | |
| index.refresh_interval: 10s | |
| output.elasticsearch: | |
| hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}' | |
| index: "journal-${ENVIRONMENT}-system-%{[agent.version]}-%{+YYYY.MM.dd}" | |
| indices: | |
| - index: "journal-${ENVIRONMENT}-k8s-%{[agent.version]}-%{+YYYY.MM.dd}" | |
| when.has_fields: | |
| - 'kubernetes.namespace' | |
| kind: ConfigMap | |
| metadata: | |
| name: journalbeat-config | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: journalbeat | |
| rules: | |
| - apiGroups: | |
| - extensions | |
| resourceNames: | |
| - journalbeat | |
| resources: | |
| - podsecuritypolicies | |
| verbs: | |
| - use | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - namespaces | |
| - pods | |
| verbs: | |
| - get | |
| - watch | |
| - list | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: journalbeat | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: journalbeat | |
| subjects: | |
| - kind: ServiceAccount | |
| name: journalbeat | |
| namespace: journalbeat | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| name: journalbeat | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| app: journalbeat | |
| name: journalbeat | |
| spec: | |
| containers: | |
| - args: | |
| - -e | |
| - -c | |
| - /etc/journalbeat.yml | |
| command: | |
| - journalbeat | |
| env: | |
| - name: NODENAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| - name: PODNAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: ELASTICSEARCH_HOSTS | |
| value: 10.9.8.11:9200,10.9.8.12:9200,10.9.8.13:9200 | |
| - name: ENVIRONMENT | |
| value: stage | |
| image: docker.elastic.co/beats/journalbeat:7.3.0 | |
| imagePullPolicy: Always | |
| name: journalbeat | |
| resources: | |
| limits: | |
| cpu: 600m | |
| memory: 800Mi | |
| requests: | |
| cpu: 200m | |
| memory: 400Mi | |
| volumeMounts: | |
| - mountPath: /usr/share/journalbeat/data | |
| name: data | |
| - mountPath: /var/log/journal | |
| name: var-journal | |
| - mountPath: /run/log/journal | |
| name: run-journal | |
| - mountPath: /etc/journalbeat.yml | |
| name: config | |
| subPath: journalbeat.yml | |
| - mountPath: /etc/machine-id | |
| name: machine-id | |
| hostNetwork: true | |
| nodeSelector: {} | |
| securityContext: | |
| fsGroup: 0 | |
| runAsUser: 0 | |
| serviceAccount: journalbeat | |
| terminationGracePeriodSeconds: 60 | |
| tolerations: | |
| - effect: NoSchedule | |
| key: node-role.kubernetes.io/master | |
| volumes: | |
| - hostPath: | |
| path: /var/log/journal/journalbeat-data | |
| name: data | |
| - hostPath: | |
| path: /var/log/journal | |
| name: var-journal | |
| - hostPath: | |
| path: /run/log/journal | |
| name: run-journal | |
| - hostPath: | |
| path: /etc/machine-id | |
| name: machine-id | |
| - configMap: | |
| items: | |
| - key: journalbeat.yml | |
| path: journalbeat.yml | |
| name: journalbeat-config | |
| name: config | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: PodSecurityPolicy | |
| metadata: | |
| annotations: | |
| seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default | |
| seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default | |
| name: journalbeat | |
| spec: | |
| allowedCapabilities: | |
| - KILL | |
| - CHOWN | |
| - FSETID | |
| - FOWNER | |
| - SETGID | |
| - SETUID | |
| - SETFCAP | |
| - SETPCAP | |
| - AUDIT_WRITE | |
| - NET_BIND_SERVICE | |
| fsGroup: | |
| rule: RunAsAny | |
| hostIPC: false | |
| hostNetwork: false | |
| hostPID: false | |
| privileged: false | |
| requiredDropCapabilities: | |
| - MKNOD | |
| - DAC_OVERRIDE | |
| - NET_RAW | |
| - SYS_CHROOT | |
| runAsUser: | |
| rule: RunAsAny | |
| seLinux: | |
| rule: RunAsAny | |
| supplementalGroups: | |
| rule: RunAsAny | |
| volumes: | |
| - secret | |
| - configMap | |
| - hostPath | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: journalbeat |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment