diff --git a/filebeat/README.md b/filebeat/README.md index fd4142c14..b44830376 100644 --- a/filebeat/README.md +++ b/filebeat/README.md @@ -86,43 +86,72 @@ activate it by setting `hostNetworking: true` in [values.yaml][]. as a reference. They are also used in the automated testing of this chart. -## Configuration - -| Parameter | Description | Default | -|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------| -| `affinity` | Configurable [affinity][] | `{}` | -| `envFrom` | Templatable string of envFrom to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | -| `extraContainers` | List of additional init containers to be added at the DaemonSet | `""` | -| `extraEnvs` | Extra [environment variables][] which will be appended to the `env:` definition for the container | `[]` | -| `extraInitContainers` | List of additional init containers to be added at the DaemonSet. It also accepts a templatable string of additional containers to be passed to the `tpl` function | `[]` | -| `extraVolumeMounts` | List of additional volumeMounts to be mounted on the DaemonSet | `[]` | -| `extraVolumes` | List of additional volumes to be mounted on the DaemonSet | `[]` | -| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` | see [values.yaml][] | -| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` | -| `hostNetworking` | Use host networking in the DaemonSet so that hostname is reported correctly | `false` | -| `dnsConfig` | Configurable [dnsConfig][] | `{}` | -| `hostPathRoot` | Fully-qualified [hostPath][] that will be used to persist Filebeat registry data | `/var/lib` | -| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | -| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | -| `imageTag` | The Filebeat Docker image tag | `8.0.0-SNAPSHOT` | -| `image` | The Filebeat Docker image | `docker.elastic.co/beats/filebeat` | -| `labels` | Configurable [labels][] applied to all Filebeat pods | `{}` | -| `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | -| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this Helm chart. Set this to `false` in order to manage your own service account and related roles | `true` | -| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | -| `nodeSelector` | Configurable [nodeSelector][] | `{}` | -| `podAnnotations` | Configurable [annotations][] applied to all Filebeat pods | `{}` | -| `podSecurityContext` | Configurable [podSecurityContext][] for Filebeat pod execution environment | see [values.yaml][] | -| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | -| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | -| `resources` | Allows you to set the [resources][] for the `DaemonSet` | see [values.yaml][] | -| `secretMounts` | Allows you easily mount a secret as a file inside the `DaemonSet`. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | -| `serviceAccount` | Custom [serviceAccount][] that Filebeat will use during execution. By default will use the service account created by this chart | `""` | -| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}` | -| `terminationGracePeriod` | Termination period (in seconds) to wait before killing Filebeat pod process on pod shutdown | `30` | -| `tolerations` | Configurable [tolerations][] | `[]` | -| `updateStrategy` | The [updateStrategy][] for the `DaemonSet`. By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` | - +| Parameter | Description | Default | +|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------| +| `daemonset.annotations` | Configurable [annotations][] for filebeat daemonset | `{}` | +| `daemonset.labels` | Configurable [labels][] applied to all filebeat DaemonSet pods | `{}` | +| `daemonset.affinity` | Configurable [affinity][] for filebeat daemonset | `{}` | +| `daemonset.enabled` | If true, enable daemonset | `true` | +| `daemonset.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for DaemonSet | `[]` | +| `daemonset.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for DaemonSet | `[]` | +| `daemonset.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function or DaemonSet | `[]` | +| `daemonset.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function or DaemonSet | `[]` | +| `daemonset.hostNetworking` | Enable filebeat DaemonSet to use `hostNetwork` | `false` | +| `daemonset.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat DaemonSet | see [values.yaml][] | +| `daemonset.nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` | +| `daemonset.secretMounts` | Allows you easily mount a secret as a file inside the DaemonSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `daemonset.podSecurityContext` | Configurable [podSecurityContext][] for filebeat DaemonSet pod execution environment | see [values.yaml][] | +| `daemonset.resources` | Allows you to set the [resources][] for filebeat DaemonSet | see [values.yaml][] | +| `daemonset.tolerations` | Configurable [tolerations][] for filebeat DaemonSet | `[]` | +| `deployment.annotations` | Configurable [annotations][] for filebeat Deployment | `{}` | +| `deployment.labels` | Configurable [labels][] applied to all filebeat Deployment pods | `{}` | +| `deployment.affinity` | Configurable [affinity][] for filebeat Deployment | `{}` | +| `deployment.enabled` | If true, enable deployment | `false` | +| `deployment.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for Deployment | `[]` | +| `deployment.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for Deployment | `[]` | +| `deployment.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function or DaemonSet | `[]` | +| `deployment.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function or Deployment | `[]` | +| `deployment.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat Deployment | see [values.yaml][] | +| `deployment.nodeSelector` | Configurable [nodeSelector][] for filebeat Deployment | `{}` | +| `deployment.secretMounts` | Allows you easily mount a secret as a file inside the Deployment Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `deployment.resources` | Allows you to set the [resources][] for filebeat Deployment | see [values.yaml][] | +| `deployment.securityContext` | Configurable [securityContext][] for filebeat Deployment pod execution environment | see [values.yaml][] | +| `deployment.tolerations` | Configurable [tolerations][] for filebeat Deployment | `[]` | +| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` | +| `hostPathRoot` | Fully-qualified [hostPath][] that will be used to persist filebeat registry data | `/var/lib` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The filebeat Docker image tag | `8.0.0-SNAPSHOT` | +| `image` | The filebeat Docker image | `docker.elastic.co/beats/filebeat` | +| `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles | `true` | +| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | +| `podAnnotations` | Configurable [annotations][] applied to all filebeat pods | `{}` | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | +| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `serviceAccount` | Custom [serviceAccount][] that filebeat will use during execution. By default will use the service account created by this chart | `""` | +| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}` | +| `terminationGracePeriod` | Termination period (in seconds) to wait before killing filebeat pod process on pod shutdown | `30` | +| `updateStrategy` | The [updateStrategy][] for the DaemonSet By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` | + +### Deprecated + +| Parameter | Description | Default | +|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|---------| +| `affinity` | Configurable [affinity][] for filebeat DaemonSet | `{}` | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` | +| `extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` | +| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for both filebeat DaemonSet and Deployment | `{}` | +| `nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` | +| `podSecurityContext` | Configurable [securityContext][] for filebeat DaemonSet and Deployment pod execution environment | `{}` | +| `resources` | Allows you to set the [resources][] for both filebeat DaemonSet and Deployment | `{}` | +| `secretMounts` | Allows you easily mount a secret as a file inside DaemonSet and Deployment Useful for mounting certificates and other secrets | `[]` | +| `tolerations` | Configurable [tolerations][] for both filebeat DaemonSet and Deployment | `[]` | +| `labels` | Configurable [labels][] applied to all filebeat pods ## FAQ diff --git a/filebeat/templates/configmap.yaml b/filebeat/templates/configmap.yaml index 32df8d87c..559abe1ed 100644 --- a/filebeat/templates/configmap.yaml +++ b/filebeat/templates/configmap.yaml @@ -15,3 +15,39 @@ data: {{ $config | indent 4 -}} {{- end -}} {{- end -}} + +{{- if and .Values.daemonset.enabled .Values.daemonset.filebeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "filebeat.fullname" . }}-daemonset-config + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.daemonset.filebeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} + +{{- if and .Values.deployment.enabled .Values.deployment.filebeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "filebeat.fullname" . }}-deployment-config + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.deployment.filebeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml index 4b9c411b8..9396a3c8a 100644 --- a/filebeat/templates/daemonset.yaml +++ b/filebeat/templates/daemonset.yaml @@ -1,3 +1,4 @@ +{{- if .Values.daemonset.enabled }} --- apiVersion: apps/v1 kind: DaemonSet @@ -11,6 +12,12 @@ metadata: {{- range $key, $value := .Values.labels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if .Values.deployment.annotations }} + annotations: # comment 2 + {{- range $key, $value := .Values.deployment.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: selector: matchLabels: @@ -25,7 +32,7 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} {{/* This forces a restart if the configmap has changed */}} - {{- if .Values.filebeatConfig }} + {{- if or .Values.filebeatConfig .Values.daemonset.filebeatConfig }} configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} {{- end }} name: "{{ template "filebeat.fullname" . }}" @@ -38,18 +45,12 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{- with .Values.tolerations }} - tolerations: {{ toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} + tolerations: {{ toYaml ( .Values.tolerations | default .Values.daemonset.tolerations ) | nindent 8 }} + nodeSelector: {{ toYaml ( .Values.nodeSelector | default .Values.daemonset.nodeSelector ) | nindent 8 }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} - {{- with .Values.affinity }} - affinity: {{ toYaml . | nindent 8 -}} - {{- end }} + affinity: {{ toYaml ( .Values.affinity | default .Values.daemonset.affinity ) | nindent 8 }} serviceAccountName: {{ template "filebeat.serviceAccount" . }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} {{- if .Values.hostNetworking }} @@ -60,7 +61,7 @@ spec: dnsConfig: {{ toYaml .Values.dnsConfig | nindent 8 }} {{- end }} volumes: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} - name: {{ .name }} secret: secretName: {{ .secretName }} @@ -70,6 +71,11 @@ spec: configMap: defaultMode: 0600 name: {{ template "filebeat.fullname" . }}-config + {{- else if .Values.daemonset.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-daemonset-config {{- end }} - name: data hostPath: @@ -84,8 +90,8 @@ spec: - name: varrundockersock hostPath: path: /var/run/docker.sock - {{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6 }} + {{- if .Values.extraVolumes | default .Values.daemonset.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.daemonset.extraVolumes ) | indent 6 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -118,7 +124,7 @@ spec: readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} resources: -{{ toYaml .Values.resources | indent 10 }} +{{ toYaml ( .Values.resources | default .Values.daemonset.resources ) | indent 10 }} env: - name: POD_NAMESPACE valueFrom: @@ -128,19 +134,13 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName -{{- if .Values.extraEnvs }} -{{ toYaml .Values.extraEnvs | indent 8 }} -{{- end }} -{{- if .Values.envFrom }} - envFrom: -{{ toYaml .Values.envFrom | indent 10 }} -{{- end }} -{{- if .Values.podSecurityContext }} - securityContext: -{{ toYaml .Values.podSecurityContext | indent 10 }} +{{- if .Values.extraEnvs | default .Values.daemonset.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.daemonset.extraEnvs ) | indent 8 }} {{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.daemonset.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.daemonset.securityContext ) | nindent 10 }} volumeMounts: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} - name: {{ .name }} mountPath: {{ .path }} {{- if .subPath }} @@ -166,9 +166,10 @@ spec: - name: varrundockersock mountPath: /var/run/docker.sock readOnly: true - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} + {{- if .Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts }} +{{ toYaml (.Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts ) | indent 8 }} {{- end }} {{- if .Values.extraContainers }} {{ tpl .Values.extraContainers . | indent 6 }} {{- end }} +{{- end }} diff --git a/filebeat/templates/deployment.yaml b/filebeat/templates/deployment.yaml new file mode 100644 index 000000000..c02e030b7 --- /dev/null +++ b/filebeat/templates/deployment.yaml @@ -0,0 +1,143 @@ +# Deploy singleton instance in the whole cluster for some unique data sources, like aws input +{{- if .Values.deployment.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "filebeat.fullname" . }} + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} + {{- range $key, $value := .Values.labels }} # Comment 3 + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- if .Values.deployment.annotations }} + annotations: + {{- range $key, $value := .Values.deployment.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: "{{ template "filebeat.fullname" . }}" + heritage: '{{ .Release.Service }}' + release: {{ .Release.Name | quote }} + template: + metadata: + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{/* This forces a restart if the configmap has changed */}} + {{- if or .Values.filebeatConfig .Values.deployment.filebeatConfig }} + configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} + {{- end }} + labels: + app: '{{ template "filebeat.fullname" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version }}' + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }} + nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} + tolerations: {{ toYaml ( .Values.tolerations | default .Values.deployment.tolerations ) | nindent 8 }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + serviceAccountName: {{ template "filebeat.serviceAccount" . }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + volumes: + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- if .Values.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-config + {{- else if .Values.deployment.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-deployment-config + {{- end }} + {{- if .Values.extraVolumes | default .Values.deployment.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.deployment.extraVolumes ) | indent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.extraInitContainers }} + initContainers: + # All the other beats accept a string here while + # filebeat accepts a valid yaml array. We're keeping + # this as a backwards compatible change, while adding + # also a way to pass a string as other templates to + # make these implementations consistent. + # https://github.com/elastic/helm-charts/issues/490 + {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} +{{ tpl .Values.extraInitContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraInitContainers | indent 6 }} + {{- end }} + {{- end }} + containers: + - name: "filebeat" + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + args: + - "-e" + - "-E" + - "http.enabled=true" + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + resources: {{ toYaml ( .Values.resources | default .Values.deployment.resources ) | nindent 10 }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- if .Values.extraEnvs | default .Values.deployment.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.deployment.extraEnvs ) | indent 8 }} +{{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.deployment.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.deployment.securityContext ) | nindent 10 }} + volumeMounts: + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range $path, $config := .Values.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{ else }} + {{- range $path, $config := .Values.deployment.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{- end }} + {{- end }} + {{- if .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts }} +{{ toYaml ( .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts ) | indent 8 }} + {{- end }} + {{- if .Values.extraContainers }} +{{ tpl .Values.extraContainers . | indent 6 }} + {{- end }} +{{- end }} diff --git a/filebeat/values.yaml b/filebeat/values.yaml index 5a0e422d1..3ca8962c3 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -1,38 +1,115 @@ --- -# Allows you to add any config files in /usr/share/filebeat -# such as filebeat.yml -filebeatConfig: - filebeat.yml: | - filebeat.inputs: - - type: container - paths: - - /var/log/containers/*.log - processors: - - add_kubernetes_metadata: - host: ${NODE_NAME} - matchers: - - logs_path: - logs_path: "/var/log/containers/" - - output.elasticsearch: - host: '${NODE_NAME}' - hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' - -# Extra environment variables to append to the DaemonSet pod spec. -# This will be appended to the current 'env:' key. You can use any of the kubernetes env -# syntax here -extraEnvs: [] -# - name: MY_ENVIRONMENT_VAR -# value: the_value_goes_here - -extraVolumeMounts: [] +daemonset: + # Annotations to apply to the daemonset + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the daemonset + enabled: true + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + hostNetworking: false + # Allows you to add any config files in /usr/share/filebeat + # such as filebeat.yml for daemonset + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + # Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly. + # + # - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. + # - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. + podSecurityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] + +deployment: + # Annotations to apply to the deployment + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the deployment + enabled: false + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + # Allows you to add any config files in /usr/share/filebeat + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] # - name: extras # mountPath: /usr/share/extras # readOnly: true - -extraVolumes: [] - # - name: extras - # emptyDir: {} + # such as filebeat.yml for deployment + filebeatConfig: + filebeat.yml: | + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] extraContainers: "" # - name: dummy-init @@ -41,16 +118,10 @@ extraContainers: "" extraInitContainers: [] # - name: dummy-init -# image: busybox -# command: ['echo', 'hey'] - -envFrom: [] -# - configMapRef: -# name: configmap-name # Root directory where Filebeat will write data to in order to persist registry data across pod restarts (file position and other metadata). hostPathRoot: /var/lib -hostNetworking: false + dnsConfig: {} # options: # - name: ndots @@ -89,51 +160,19 @@ readinessProbe: # Whether this chart should self-manage its service account, role, and associated role binding. managedServiceAccount: true -# additionals labels -labels: {} - podAnnotations: {} # iam.amazonaws.com/role: es-cluster -# Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly. -# -# - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. -# - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. -podSecurityContext: - runAsUser: 0 - privileged: false - -resources: - requests: - cpu: "100m" - memory: "100Mi" - limits: - cpu: "1000m" - memory: "200Mi" - # Custom service account override that the pod will use serviceAccount: "" # Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set. serviceAccountAnnotations: {} - # eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount -# A list of secrets and their paths to mount inside the pod -# This is useful for mounting certificates for security other sensitive values -secretMounts: [] -# - name: filebeat-certificates -# secretName: filebeat-certificates -# path: /usr/share/filebeat/certs + # eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount # How long to wait for Filebeat pods to stop gracefully terminationGracePeriod: 30 - -tolerations: [] - -nodeSelector: {} - -affinity: {} - # This is the PriorityClass settings as defined in # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" @@ -144,3 +183,19 @@ updateStrategy: RollingUpdate # Only edit these if you know what you're doing nameOverride: "" fullnameOverride: "" + +# DEPRECATED +affinity: {} +envFrom: [] +extraEnvs: [] +extraVolumes: [] +extraVolumeMounts: [] +# Allows you to add any config files in /usr/share/filebeat +# such as filebeat.yml for both daemonset and deployment +filebeatConfig: {} +nodeSelector: {} +podSecurityContext: {} +resources: {} +secretMounts: [] +tolerations: [] +labels: {}