Filebeat Ingress nginx controller

k8s.filebeat.ingress.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-config
  namespace: ingress-nginx
  labels:
    app: filebeat
data:
  filebeat.yml: |-
    filebeat.autodiscover:
      providers:
        - type: kubernetes
          templates:
            - condition:
                equals:
                  kubernetes.container.name: "controller"
              config:
                - module: nginx
                  ingress_controller:
                    enabled: true
                    input:
                      type: container
                      paths:
                        - /var/lib/docker/containers/${data.kubernetes.container.id}/*.log

    output.elasticsearch:
      hosts: '${ELASTICSEARCH_HOSTS:elasticsearch.elk.svc.cluster.local:9200}'
      username: '${ELASTICSEARCH_USERNAME}'
      password: '${ELASTICSEARCH_PASSWORD}'
      indices:
        - index: "ingress-%{+yyyy.MM}"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: filebeat
  namespace: ingress-nginx
  labels:
    app: filebeat
spec:
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  replicas: 1
  selector:
    matchLabels:
      app: filebeat
  template:
    metadata:
      labels:
        app: filebeat
    spec:
      imagePullSecrets:
        - name: gitlab
      nodeSelector:
        node: tm-node-1
      serviceAccountName: filebeat
      terminationGracePeriodSeconds: 30
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
        - name: filebeat
          image: elastic/filebeat:7.17.5
          args: [
            "-c", "/etc/filebeat.yml",
            "-e",
          ]
          env:
            - name: ELASTICSEARCH_HOST
              value: "elasticsearch.elk.svc.cluster.local"
            - name: ELASTICSEARCH_PORT
              value: "9200"
            - name: ELASTICSEARCH_USERNAME
              value: "my_user"
            - name: ELASTICSEARCH_PASSWORD
              value: "my_password"
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          securityContext:
            runAsUser: 0
          resources:
            requests:
              memory: 64Mi
              cpu: 100m
            limits:
              memory: 512Mi
              cpu: 250m
          volumeMounts:
            - name: config
              mountPath: /etc/filebeat.yml
              readOnly: true
              subPath: filebeat.yml
            - name: data
              mountPath: /usr/share/filebeat/data
            - name: varlibdockercontainers
              mountPath: /var/lib/docker/containers
              readOnly: true
      volumes:
        - name: config
          configMap:
            defaultMode: 0600
            name: filebeat-config
        - name: varlibdockercontainers
          hostPath:
            path: /var/lib/docker/containers
        - name: data
          hostPath:
            path: /var/lib/filebeat
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: filebeat
  namespace: ingress-nginx
subjects:
  - kind: ServiceAccount
    name: filebeat
    namespace: ingress-nginx
roleRef:
  kind: ClusterRole
  name: filebeat
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: filebeat
  namespace: ingress-nginx
  labels:
    app: filebeat
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: filebeat
  namespace: ingress-nginx
  labels:
    app: filebeat
rules:
  - apiGroups: [""] # "" indicates the core API group
    resources:
      - namespaces
      - pods
      - nodes
      - services
      - deployments
    verbs:
      - get
      - watch
      - list
---