commit 82312ccdf418c328ad16709e804ab09359743e67 Author: Sven Ketelsen Date: Fri Apr 29 19:10:32 2022 +0200 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..54f3a93 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.project +.idea \ No newline at end of file diff --git a/config/default/filebeat/filebeat.yml b/config/default/filebeat/filebeat.yml new file mode 100644 index 0000000..db7a361 --- /dev/null +++ b/config/default/filebeat/filebeat.yml @@ -0,0 +1,289 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: filebeat-config + namespace: kube-system + labels: + k8s-app: filebeat +data: + filebeat.yml: |- + filebeat.inputs: + # To enable hints based autodiscover, remove `filebeat.inputs` configuration and uncomment this: + filebeat.autodiscover: + providers: + - type: kubernetes + node: ${NODE_NAME} + hints.enabled: true + hints.default_config: + type: container + paths: + - /var/log/containers/*${data.kubernetes.container.id}.log + + processors: + - add_host_metadata: + + output.logstash: + hosts: ['dev-elastic-stack-logstash-01:5044'] + ssl: + certificate_authorities: + - /usr/share/filebeat/config/certificates/filebeat.ca + certificate: /usr/share/filebeat/config/certificates/filebeat.crt + key: /usr/share/filebeat/config/certificates/filebeat.key + filebeat.ca: |- + -----BEGIN CERTIFICATE----- + MIIDSjCCAjKgAwIBAgIVALoaO+vyeJc6elKN4SMIOb9AKm8HMA0GCSqGSIb3DQEB + CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu + ZXJhdGVkIENBMB4XDTIxMDkwMzEyMTIwNFoXDTIyMDkwMzEyMTIwNFowNDEyMDAG + A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSkIH2QlzcEncmAAwtkVw7 + Nsr7WEBO7eIIST3mY9XJwlqP4IsR9C9UnSXUSpWSJEcv1I6mrZE38Hyq/rvcEFZK + ZSgHYDsJiVglkUZFdv5S84vgVSROoy+8r10fokHfpbidtJmXabP5T6VD+LE+Mg7y + RddhHZCoM4wHveo/q55c3RCoVc0PEELrk0vVqvYK99LO+yAprBPzRuXDZx5oJkxD + +Uc4rTyNCcTTo8CkK1BfccXktBHTQvOzOYxuwyGxb/GCaKwcGG+XQ4TRt3o7r3GR + TOKCNO+sM6c0g7W0OoL38v7/IKAufTcmU7QO/tb9NBz/G9N57EOqhPdp/46ih1XX + AgMBAAGjUzBRMB0GA1UdDgQWBBQTPREWSx37K1IpHecIquNdDE7ztDAfBgNVHSME + GDAWgBQTPREWSx37K1IpHecIquNdDE7ztDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG + SIb3DQEBCwUAA4IBAQAGVoeS1hfVOrDnnLYzPSrF9IfHEzt/eSr3ymEiNUK8ZaRS + 9gpvRgX8n0pS197wVyK8hd2iXzH58H6KMkhcWZH2uNLEB8aOFOCkQxnU4NsMYRjT + RaS+qf29YbH6LkyO1kxCtGxldKybj8I8MFf8X0mBLN4Nk+w+KqKVFsl63AMtsJkq + WOgjoYZcY+FQW0HqS2AzDVkDZiXAtjwtXXjONAJOylRHDieA3UByukNHI0OtIurX + ePsDUoEakawtgXZmD8/RCt8Jpqm5UDwAioa18KJv3u5yqtX+whUnFSI7u5+Mzlay + 2aOT5tIpOXQPV3tuUSvC6CYpoJOrLjgJSJhcP8Uo + -----END CERTIFICATE----- + filebeat.crt: |- + -----BEGIN CERTIFICATE----- + MIIDZzCCAk+gAwIBAgIVAKbp3mlGRUBO1LWPiw4sN4JDbWSYMA0GCSqGSIb3DQEB + CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu + ZXJhdGVkIENBMB4XDTIxMDkwMzEyMTIwNVoXDTIyMDkwMzEyMTIwNVowJTEjMCEG + A1UEAxMaZGV2LWVsYXN0aWMtc3RhY2stZmlsZWJlYXQwggEiMA0GCSqGSIb3DQEB + AQUAA4IBDwAwggEKAoIBAQCbup6feN0+yArmD011sPRFSaY+goTLU112ojwwkkPN + bqZNIhik3+SZT325qCgFZ4mI3A1+h4t0rUl4WO9uJMiUbRGdnwrn5043UoaL5+Vr + UiEkb3nv1LMhLHbMrnfCU8uXEbTFNiXe6VWaDuD/tHx2UCBUmt9d+6HpK/VsID1L + yFVOahoKjtTAXIGBxho/lnfcePu1OIq3PhzBO3iEcgVTl1si0+4ASKrL5ZKXTrRy + ftBCAXg7wpBrpJc7yfH7GgUAqURMwZeg4Uc6chtIDzb87OEAfosjT72rGSaSb87G + u80FyPGle7bP9RWngXbqUyvXyb94iC274ihmbHSAfvFtAgMBAAGjfzB9MB0GA1Ud + DgQWBBSVuXSfZVJtPjcyXama0Pu2mL3VtDAfBgNVHSMEGDAWgBQTPREWSx37K1Ip + HecIquNdDE7ztDAwBgNVHREEKTAngglsb2NhbGhvc3SCGmRldi1lbGFzdGljLXN0 + YWNrLWZpbGViZWF0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAEiG2a66 + lHAsNGiNY2jqTXN2MnO6bBzu3wioU4W0pQMjx5YKlBTDMvludnesgHQxwp/z9/d4 + 4Bs2k3ebOBiGsj9GiEscx7kkBtUJf9MXHPF4xC6uKlI8RaGMxP+ik91FGPSMN3ei + s/AP4n/MWbrWPpFtbyQgWEmw3kHGKrlht47fo8hdNI17w3T56PalWBOzXJJu/uR3 + LDabVIeWFr7Mj8y/MyurssyX2srAJyEJRy2u0gBc04vGo6jNrbFjx8AzwbMGw6x0 + /DtxzIZ+o77z+bKVno/TcAju2rVAQhoz6PL7QqXkLjOjEJFWlJzryEuMk3ljJ0eT + adcgOervdNNzt8E= + -----END CERTIFICATE----- + filebeat.key: |- + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAm7qen3jdPsgK5g9NdbD0RUmmPoKEy1NddqI8MJJDzW6mTSIY + pN/kmU99uagoBWeJiNwNfoeLdK1JeFjvbiTIlG0RnZ8K5+dON1KGi+fla1IhJG95 + 79SzISx2zK53wlPLlxG0xTYl3ulVmg7g/7R8dlAgVJrfXfuh6Sv1bCA9S8hVTmoa + Co7UwFyBgcYaP5Z33Hj7tTiKtz4cwTt4hHIFU5dbItPuAEiqy+WSl060cn7QQgF4 + O8KQa6SXO8nx+xoFAKlETMGXoOFHOnIbSA82/OzhAH6LI0+9qxkmkm/OxrvNBcjx + pXu2z/UVp4F26lMr18m/eIgtu+IoZmx0gH7xbQIDAQABAoIBAAFGqTATVHTEPNqf + u3nAZm/+537RoPbtivGC6M1ZFXckdfZh1iPbtcrPzO7tgs5wh774Vp/3ylu9Y8G5 + sNSNNpuIvUE2YWd/DLQFWBbjYozbkmvzAePGMWWPMLYCo/aSqzNksL+A7xSBgvMN + NijCONbbVzh6QGRLwIrhklQ9e2MYkNrCWChm5cUCi1ja5t5SB4NlAASM4YoXbHwZ + bES5ZK76Xp4iFQrtwvfr+KJuqREVSyb9MdOxEsQ5CG58W6h8F8BLf1ePwhY5ieTQ + u+vQ8O+U+JULcBXnC8yGMXuY3zxwGfJ4c8guRxnzcfbZXONtHhdom69VtctozLn/ + /9vNnGECgYEA1cj2csqocpXECBIiUM/FDyek6KWs91POr9n7RnLJd62Y1D162l7n + XvFsqYB5vHz/3mZvAxTqVXHQupGTQy49JHhEdndwZxzRJxRtyoqik38GnEHfGBZA + s0chZmxjlv6M/KfdgstNOlS0Y5nNbT0RoE6bNA3zChex0xGdtj5kCPkCgYEAunre + eo8Cbabe2+1gOVxSNBCXVYocdOQq+refXWFurO9iWsw5h3f/ngApgmbH2/Re5F/v + gZnIR7TMZjC/6QkMb9dpRIJR1XhSz2njjBFkpw5kC4fKStgUbUbkM52JMt3zhEud + IVJJhmIz3UuFcbPtZSWwpS/B47QdMxpNJF72HRUCgYBX7OE/cQ46olIPp7WpWuqH + QxzV+l3bEwLs3FA2NzuZFzLGB8shSOsL52tzgz2OQjLR+3so309JeRgJw5m3harr + 9vLhbloybm2vDv3g0Yfv9cx4M7dXpr9RfK3F/Eoxbdv6hefaxVar6O6QEE+m3/kB + 35KBpEMTIY+naZVdwOdPsQKBgQCTk9Nn2K+KSapLEHO7UWW40HyDdJaKp1ugKRtU + 0lu9PoFu6/qHTB8eUnCHQ4Hdf2ptf8LSpPpMTTgJk4D9Em0mQaqMTjonH18hyGIN + ImKuloP0YBVm39RimtzUQFMoz1/9jb2fdji7whHbiv3jewpfptFCGSZvZsZJAAKW + yxQo9QKBgGpY7QMXbFWrqr/xKsBW9wYIYCboYjoNl15Yetk588u/v7WdTMxtfzCn + S3KZCSYxXJoiHCe9hTfI5Oe2fFM+X9cwjBCdtwDjVYGrDfmgPmj0lve4hkgfEGuk + gMOobA3L+bAT9eEINBUmvZap3kjOngqfVDgpPOWkj4FGlhWARRdX + -----END RSA PRIVATE KEY----- +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: filebeat + namespace: kube-system + labels: + k8s-app: filebeat +spec: + selector: + matchLabels: + k8s-app: filebeat + template: + metadata: + labels: + k8s-app: filebeat + spec: + serviceAccountName: filebeat + terminationGracePeriodSeconds: 30 + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: filebeat + image: docker.elastic.co/beats/filebeat:7.17.3 + args: [ + "-c", "/etc/filebeat.yml", + "-e", + ] + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + securityContext: + runAsUser: 0 + # If using Red Hat OpenShift uncomment this: + #privileged: true + resources: + limits: + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: config + mountPath: /etc/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: config + mountPath: /usr/share/filebeat/config/certificates/filebeat.ca + readOnly: true + subPath: filebeat.ca + - name: config + mountPath: /usr/share/filebeat/config/certificates/filebeat.crt + readOnly: true + subPath: filebeat.crt + - name: config + mountPath: /usr/share/filebeat/config/certificates/filebeat.key + readOnly: true + subPath: filebeat.key + - name: data + mountPath: /usr/share/filebeat/data + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + - name: varlog + mountPath: /var/log + readOnly: true + volumes: + - name: config + configMap: + defaultMode: 0640 + name: filebeat-config + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + - name: varlog + hostPath: + path: /var/log + # data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart + - name: data + hostPath: + # When filebeat runs as non-root user, this directory needs to be writable by group (g+w). + path: /var/lib/filebeat-data + type: DirectoryOrCreate +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: filebeat +subjects: +- kind: ServiceAccount + name: filebeat + namespace: kube-system +roleRef: + kind: ClusterRole + name: filebeat + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: filebeat + namespace: kube-system +subjects: + - kind: ServiceAccount + name: filebeat + namespace: kube-system +roleRef: + kind: Role + name: filebeat + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: filebeat-kubeadm-config + namespace: kube-system +subjects: + - kind: ServiceAccount + name: filebeat + namespace: kube-system +roleRef: + kind: Role + name: filebeat-kubeadm-config + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: filebeat + labels: + k8s-app: filebeat +rules: +- apiGroups: [""] # "" indicates the core API group + resources: + - namespaces + - pods + - nodes + verbs: + - get + - watch + - list +- apiGroups: ["apps"] + resources: + - replicasets + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: filebeat + # should be the namespace where filebeat is running + namespace: kube-system + labels: + k8s-app: filebeat +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: filebeat-kubeadm-config + namespace: kube-system + labels: + k8s-app: filebeat +rules: + - apiGroups: [""] + resources: + - configmaps + resourceNames: + - kubeadm-config + verbs: ["get"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: filebeat + namespace: kube-system + labels: + k8s-app: filebeat +--- diff --git a/config/default/filebeat/kustomization.yaml b/config/default/filebeat/kustomization.yaml new file mode 100644 index 0000000..1442957 --- /dev/null +++ b/config/default/filebeat/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - filebeat.yml \ No newline at end of file diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml new file mode 100644 index 0000000..ff6b053 --- /dev/null +++ b/config/default/kustomization.yaml @@ -0,0 +1,2 @@ +bases: +- ../filebeat \ No newline at end of file