From c82fa28042693f4d56e1a3423c49c602d8afcf27 Mon Sep 17 00:00:00 2001 From: njgibbon Date: Tue, 1 Dec 2020 17:31:56 +0000 Subject: [PATCH 1/7] fix - adjusting elasticsearch output template default value as I believe there is a typo --- metricbeat/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml index 06993abc0..df0ca518a 100755 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -72,7 +72,7 @@ daemonset: - drop_event.when.regexp: system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)' output.elasticsearch: - hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + hosts: '${ELASTICSEARCH_HOSTS}:elasticsearch-master:9200' nodeSelector: {} # A list of secrets and their paths to mount inside the pod # This is useful for mounting certificates for security other sensitive values @@ -134,7 +134,7 @@ deployment: period: 10s hosts: ["${KUBE_STATE_METRICS_HOSTS}"] output.elasticsearch: - hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + hosts: '${ELASTICSEARCH_HOSTS}:elasticsearch-master:9200' nodeSelector: {} # A list of secrets and their paths to mount inside the pod # This is useful for mounting certificates for security other sensitive values From a3667d58af14e60dd82732c3811f8af01645f80b Mon Sep 17 00:00:00 2001 From: njgibbon Date: Tue, 1 Dec 2020 17:57:12 +0000 Subject: [PATCH 2/7] up failure threshold for start up checks --- filebeat/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/filebeat/values.yaml b/filebeat/values.yaml index 5a0e422d1..413793511 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -68,7 +68,7 @@ livenessProbe: - | #!/usr/bin/env bash -e curl --fail 127.0.0.1:5066 - failureThreshold: 3 + failureThreshold: 5 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 @@ -81,7 +81,7 @@ readinessProbe: - | #!/usr/bin/env bash -e filebeat test output - failureThreshold: 3 + failureThreshold: 5 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 From 79d4dcb0136a4d2890b9ebe6be78be1d163f02d9 Mon Sep 17 00:00:00 2001 From: njgibbon Date: Tue, 1 Dec 2020 18:02:39 +0000 Subject: [PATCH 3/7] taken probe thresholds out to keep change focussed --- filebeat/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/filebeat/values.yaml b/filebeat/values.yaml index 413793511..5a0e422d1 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -68,7 +68,7 @@ livenessProbe: - | #!/usr/bin/env bash -e curl --fail 127.0.0.1:5066 - failureThreshold: 5 + failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 @@ -81,7 +81,7 @@ readinessProbe: - | #!/usr/bin/env bash -e filebeat test output - failureThreshold: 5 + failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 From 37bddf04e5bc22dc7bd5237f79753f497cafb0d7 Mon Sep 17 00:00:00 2001 From: njgibbon Date: Wed, 16 Dec 2020 17:23:14 +0000 Subject: [PATCH 4/7] feat - filebeat clusterrole rules templated and managed like metricbeat. This enables easier changes and particularly enables easier addition of things like psps --- filebeat/templates/clusterrole.yaml | 12 +----------- filebeat/values.yaml | 12 ++++++++++++ metricbeat/values.yaml | 4 ++-- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/filebeat/templates/clusterrole.yaml b/filebeat/templates/clusterrole.yaml index 36dc5d310..754dfd578 100644 --- a/filebeat/templates/clusterrole.yaml +++ b/filebeat/templates/clusterrole.yaml @@ -8,15 +8,5 @@ metadata: chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} -rules: -- apiGroups: - - "" - resources: - - namespaces - - nodes - - pods - verbs: - - get - - list - - watch +rules: {{ toYaml .Values.clusterRoleRules | nindent 2 -}} {{- end -}} diff --git a/filebeat/values.yaml b/filebeat/values.yaml index 40646cddf..b64508269 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -94,6 +94,18 @@ readinessProbe: # Whether this chart should self-manage its service account, role, and associated role binding. managedServiceAccount: true +clusterRoleRules: +- apiGroups: + - "" + resources: + - namespaces + - nodes + - pods + verbs: + - get + - list + - watch + # additionals labels labels: {} diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml index f2c70bbd5..02f03d74f 100755 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -77,7 +77,7 @@ daemonset: - drop_event.when.regexp: system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)' output.elasticsearch: - hosts: '${ELASTICSEARCH_HOSTS}:elasticsearch-master:9200' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' nodeSelector: {} # A list of secrets and their paths to mount inside the pod # This is useful for mounting certificates for security other sensitive values @@ -144,7 +144,7 @@ deployment: period: 10s hosts: ["${KUBE_STATE_METRICS_HOSTS}"] output.elasticsearch: - hosts: '${ELASTICSEARCH_HOSTS}:elasticsearch-master:9200' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' nodeSelector: {} # A list of secrets and their paths to mount inside the pod # This is useful for mounting certificates for security other sensitive values From 743ae87fd7362bc8f6ae6a43967d0e8312e98bb4 Mon Sep 17 00:00:00 2001 From: njgibbon Date: Wed, 16 Dec 2020 17:28:43 +0000 Subject: [PATCH 5/7] update fb readme with field as with mb --- filebeat/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/filebeat/README.md b/filebeat/README.md index 736b99713..3f81d0cbc 100644 --- a/filebeat/README.md +++ b/filebeat/README.md @@ -91,6 +91,7 @@ as a reference. They are also used in the automated testing of this chart. | Parameter | Description | Default | |-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------| | `affinity` | Configurable [affinity][] | `{}` | +| `clusterRoleRules` | Configurable [cluster role rules][] that Metricbeat uses to access Kubernetes resources | see [values.yaml][] | | `dnsConfig` | Configurable [dnsConfig][] | `{}` | | `envFrom` | Templatable string of envFrom to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | | `extraContainers` | List of additional init containers to be added at the DaemonSet | `""` | From 4eeb11a2094e037320a3ec302e1e184059bd07de Mon Sep 17 00:00:00 2001 From: njgibbon Date: Wed, 16 Dec 2020 17:37:30 +0000 Subject: [PATCH 6/7] update fb readme with link --- filebeat/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/filebeat/README.md b/filebeat/README.md index 3f81d0cbc..9e4d38fdf 100644 --- a/filebeat/README.md +++ b/filebeat/README.md @@ -192,6 +192,7 @@ about our development and testing process. [CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity [annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +[cluster role rules]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole [default Elasticsearch Helm chart]: https://github.com/elastic/helm-charts/tree/master/elasticsearch/README.md#default [dnsConfig]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config From 4bbd69d829b6e10fd4bb3e7a7e7f09ac90a81706 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Fri, 18 Dec 2020 14:36:01 +0100 Subject: [PATCH 7/7] Update filebeat/README.md --- filebeat/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/README.md b/filebeat/README.md index 9e4d38fdf..1bb0703eb 100644 --- a/filebeat/README.md +++ b/filebeat/README.md @@ -91,7 +91,7 @@ as a reference. They are also used in the automated testing of this chart. | Parameter | Description | Default | |-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------| | `affinity` | Configurable [affinity][] | `{}` | -| `clusterRoleRules` | Configurable [cluster role rules][] that Metricbeat uses to access Kubernetes resources | see [values.yaml][] | +| `clusterRoleRules` | Configurable [cluster role rules][] that Filebeat uses to access Kubernetes resources | see [values.yaml][] | | `dnsConfig` | Configurable [dnsConfig][] | `{}` | | `envFrom` | Templatable string of envFrom to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | | `extraContainers` | List of additional init containers to be added at the DaemonSet | `""` |