Last active
January 6, 2022 17:53
-
-
Save mchepukov/0d773b858e3af790ce356c52d1516a11 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Source: filebeat/templates/serviceaccount.yaml | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: logging-filebeat | |
annotations: | |
labels: | |
app: "logging-filebeat" | |
chart: "filebeat-7.16.2" | |
heritage: "Helm" | |
release: "logging" | |
--- | |
# Source: filebeat/templates/configmap.yaml | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: logging-filebeat-daemonset-config | |
labels: | |
app: "logging-filebeat" | |
chart: "filebeat-7.16.2" | |
heritage: "Helm" | |
release: "logging" | |
data: | |
filebeat.yml: | | |
logging.level: info | |
setup.ilm.enabled: false | |
filebeat.modules: | |
- module: system | |
syslog: | |
enabled: true | |
var.paths: ["/var/log/syslog"] | |
auth: | |
enabled: false | |
var.paths: ["/var/log/auth"] | |
- module: elasticsearch | |
server: | |
enabled: true | |
var.paths: ["/var/log/containers/*elasticsearch*.log"] | |
gc: | |
enabled: true | |
var.paths: ["/var/log/containers/*elasticsearch*.log"] | |
audit: | |
enabled: true | |
var.paths: ["/var/log/containers/*elasticsearch*.log"] | |
slowlog: | |
enabled: true | |
var.paths: ["/var/log/containers/*elasticsearch*.log"] | |
deprecation: | |
enabled: true | |
var.paths: ["/var/log/containers/*elasticsearch*.log"] | |
filebeat.autodiscover: | |
providers: | |
- type: kubernetes | |
hints.enabled: false | |
exclude_labels: | |
in_cluster: true | |
kubernetes.labels.chart: true | |
templates: | |
- condition: | |
equals: | |
kubernetes.namespace: lora | |
config: | |
- type: container | |
paths: | |
- /var/log/containers/*-${data.kubernetes.container.id}.log | |
- condition: | |
equals: | |
kubernetes.namespace: databases | |
config: | |
- type: container | |
paths: | |
- /var/log/containers/*-${data.kubernetes.container.id}.log | |
- condition: | |
equals: | |
kubernetes.namespace: transport | |
config: | |
- type: container | |
paths: | |
- /var/log/containers/*-${data.kubernetes.container.id}.log | |
- condition: | |
equals: | |
kubernetes.namespace: iotans | |
config: | |
- type: container | |
paths: | |
- /var/log/containers/*-${data.kubernetes.container.id}.log | |
json.keys_under_root: true | |
json.add_error_key: true | |
processors: | |
- drop_fields: | |
fields: | |
- "kubernetes.namespace_uid" | |
- "kubernetes.node.labels.kubernetes_io/arch" | |
- "kubernetes.node.labels.kubernetes_io/os" | |
- "kubernetes.node.labels.beta_kubernetes_io/arch" | |
- "kubernetes.node.labels.beta_kubernetes_io/os" | |
- "kubernetes.namespace_labels.kubernetes_io/metadata_name" | |
- "kubernetes.node.labels.kubernetes_io/hostname" | |
- "kubernetes.node.labels.iotans_io/node-role" | |
- "kubernetes.node.hostname" | |
- "kubernetes.node.uid" | |
- "kubernetes.pod.uid" | |
- "kubernetes.labels.pod-template-hash" | |
- "kubernetes.labels.heritage" | |
- "kubernetes.labels.release" | |
- "kubernetes.labels.pod-template-generation" | |
- "kubernetes.labels.statefulset_kubernetes_io" | |
- "kubernetes.labels.controller-revision-hash" | |
- "kubernetes.labels.cluster-uid" | |
- "kubernetes.labels.cluster-name" | |
- "kubernetes.statefulset.name" | |
- "kubernetes.replicaset.name" | |
- "kubernetes.labels.app_kubernetes_io/*" | |
- "ecs.version" | |
- "agent.ephemeral_id" | |
- "agent.id" | |
- "agent.name" | |
- "agent.hostname" | |
- "agent.version" | |
- "agent.type" | |
- "container.runtime" | |
- "container.id" | |
- "container.image.name" | |
ignore_missing: true | |
- drop_event: | |
when: | |
or: | |
- equals: | |
"kubernetes.labels.app_kubernetes_io/name": "kubernetes-dashboard" | |
- equals: | |
"kubernetes.labels.app": "kibana" | |
- equals: | |
"kubernetes.namespace": "sentry" | |
- equals: | |
"kubernetes.namespace": "argocd" | |
- drop_event: | |
when: | |
and: | |
- equals: | |
"kubernetes.labels.app": "logging-filebeat" | |
- regexp: | |
"message": "INFO" | |
output.elasticsearch: | |
host: '${NODE_NAME}' | |
hosts: '${ELASTICSEARCH_HOSTS}' | |
indices: | |
- index: "filebeat-%{[agent.version]}-%{[event.module]}-%{+yyyy.MM.dd}" | |
--- | |
# Source: filebeat/templates/clusterrole.yaml | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: logging-filebeat-cluster-role | |
labels: | |
app: "logging-filebeat" | |
chart: "filebeat-7.16.2" | |
heritage: "Helm" | |
release: "logging" | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- namespaces | |
- nodes | |
- pods | |
verbs: | |
- get | |
- list | |
- watch | |
--- | |
# Source: filebeat/templates/clusterrolebinding.yaml | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: logging-filebeat-cluster-role-binding | |
labels: | |
app: "logging-filebeat" | |
chart: "filebeat-7.16.2" | |
heritage: "Helm" | |
release: "logging" | |
roleRef: | |
kind: ClusterRole | |
name: logging-filebeat-cluster-role | |
apiGroup: rbac.authorization.k8s.io | |
subjects: | |
- kind: ServiceAccount | |
name: logging-filebeat | |
namespace: monitoring | |
--- | |
# Source: filebeat/templates/daemonset.yaml | |
apiVersion: apps/v1 | |
kind: DaemonSet | |
metadata: | |
name: logging-filebeat | |
labels: | |
app: "logging-filebeat" | |
chart: "filebeat-7.16.2" | |
heritage: "Helm" | |
release: "logging" | |
spec: | |
selector: | |
matchLabels: | |
app: "logging-filebeat" | |
release: "logging" | |
updateStrategy: | |
rollingUpdate: | |
maxUnavailable: 1 | |
type: RollingUpdate | |
template: | |
metadata: | |
annotations: | |
configChecksum: dd52c5b5cf7f670a665945fc0670602ed77bfadbb938a9cb9adb57b2ea04e04 | |
name: "logging-filebeat" | |
labels: | |
app: "logging-filebeat" | |
chart: "filebeat-7.16.2" | |
heritage: "Helm" | |
release: "logging" | |
spec: | |
tolerations: | |
- operator: Exists | |
nodeSelector: | |
{} | |
affinity: | |
{} | |
serviceAccountName: logging-filebeat | |
terminationGracePeriodSeconds: 30 | |
volumes: | |
- name: filebeat-config | |
configMap: | |
defaultMode: 0600 | |
name: logging-filebeat-daemonset-config | |
- name: data | |
hostPath: | |
path: /var/lib/logging-filebeat-monitoring-data | |
type: DirectoryOrCreate | |
- name: varlibdockercontainers | |
hostPath: | |
path: /var/lib/docker/containers | |
- name: varlog | |
hostPath: | |
path: /var/log | |
- name: varrundockersock | |
hostPath: | |
path: /var/run/docker.sock | |
containers: | |
- name: "filebeat" | |
image: "docker.elastic.co/beats/filebeat:7.16.2" | |
imagePullPolicy: "IfNotPresent" | |
args: | |
- "-e" | |
- "-E" | |
- "http.enabled=true" | |
livenessProbe: | |
exec: | |
command: | |
- sh | |
- -c | |
- | | |
#!/usr/bin/env bash -e | |
curl --fail 127.0.0.1:5066 | |
failureThreshold: 3 | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
timeoutSeconds: 5 | |
readinessProbe: | |
exec: | |
command: | |
- sh | |
- -c | |
- | | |
#!/usr/bin/env bash -e | |
filebeat test output | |
failureThreshold: 3 | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
timeoutSeconds: 5 | |
resources: | |
limits: | |
cpu: 200m | |
memory: 300Mi | |
requests: | |
cpu: 200m | |
memory: 300Mi | |
env: | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
- name: ELASTICSEARCH_HOSTS | |
value: elasticsearch-balancer.databases | |
envFrom: | |
[] | |
securityContext: | |
privileged: false | |
runAsUser: 0 | |
volumeMounts: | |
- name: filebeat-config | |
mountPath: /usr/share/filebeat/filebeat.yml | |
readOnly: true | |
subPath: filebeat.yml | |
- name: data | |
mountPath: /usr/share/filebeat/data | |
- name: varlibdockercontainers | |
mountPath: /var/lib/docker/containers | |
readOnly: true | |
- name: varlog | |
mountPath: /var/log | |
readOnly: true | |
# Necessary when using autodiscovery; avoid mounting it otherwise | |
# See: https://www.elastic.co/guide/en/beats/filebeat/7.16/configuration-autodiscover.html | |
- name: varrundockersock | |
mountPath: /var/run/docker.sock | |
readOnly: true | |
--- | |
# Source: filebeat/templates/deployment.yaml | |
# Deploy singleton instance in the whole cluster for some unique data sources, like aws input |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment