From a160dee2d50584a9e5b9ed73b461c52a383af0f6 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Tue, 5 Jan 2021 17:36:25 +0100 Subject: [PATCH] Filebeat deployment support feature (#964) (#1004) Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Co-authored-by: John Torakis --- filebeat/README.md | 109 +- filebeat/examples/deployment/Makefile | 13 + filebeat/examples/deployment/README.md | 27 + filebeat/examples/deployment/test/goss.yaml | 6 + filebeat/examples/deployment/values.yaml | 16 + filebeat/templates/configmap.yaml | 36 + filebeat/templates/daemonset.yaml | 80 +- filebeat/templates/deployment.yaml | 157 +++ filebeat/tests/filebeat_test.py | 1131 +++++++++++++++++-- filebeat/values.yaml | 201 ++-- helpers/matrix.yml | 1 + 11 files changed, 1544 insertions(+), 233 deletions(-) create mode 100644 filebeat/examples/deployment/Makefile create mode 100644 filebeat/examples/deployment/README.md create mode 100644 filebeat/examples/deployment/test/goss.yaml create mode 100644 filebeat/examples/deployment/values.yaml create mode 100644 filebeat/templates/deployment.yaml diff --git a/filebeat/README.md b/filebeat/README.md index 516f9adca..48c03737d 100644 --- a/filebeat/README.md +++ b/filebeat/README.md @@ -17,6 +17,7 @@ This Helm chart is a lightweight way to configure and run our official - [Upgrading](#upgrading) - [Usage notes](#usage-notes) - [Configuration](#configuration) + - [Deprecated](#deprecated) - [FAQ](#faq) - [How to use Filebeat with Elasticsearch with security (authentication and TLS) enabled?](#how-to-use-filebeat-with-elasticsearch-with-security-authentication-and-tls-enabled) - [How to install OSS version of Filebeat?](#how-to-install-oss-version-of-filebeat) @@ -90,44 +91,76 @@ activate it by setting `hostNetworking: true` in [values.yaml][]. as a reference. They are also used in the automated testing of this chart. -## Configuration - -| Parameter | Description | Default | -|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------| -| `affinity` | Configurable [affinity][] | `{}` | -| `dnsConfig` | Configurable [dnsConfig][] | `{}` | -| `envFrom` | Templatable string of envFrom to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | -| `extraContainers` | List of additional init containers to be added at the DaemonSet | `""` | -| `extraEnvs` | Extra [environment variables][] which will be appended to the `env:` definition for the container | `[]` | -| `extraInitContainers` | List of additional init containers to be added at the DaemonSet. It also accepts a templatable string of additional containers to be passed to the `tpl` function | `[]` | -| `extraVolumeMounts` | List of additional volumeMounts to be mounted on the DaemonSet | `[]` | -| `extraVolumes` | List of additional volumes to be mounted on the DaemonSet | `[]` | -| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` | see [values.yaml][] | -| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` | -| `hostAliases` | Configurable [hostAliases][] | `[]` | -| `hostNetworking` | Use host networking in the DaemonSet so that hostname is reported correctly | `false` | -| `hostPathRoot` | Fully-qualified [hostPath][] that will be used to persist Filebeat registry data | `/var/lib` | -| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | -| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | -| `imageTag` | The Filebeat Docker image tag | `6.8.14-SNAPSHOT` | -| `image` | The Filebeat Docker image | `docker.elastic.co/beats/filebeat` | -| `labels` | Configurable [labels][] applied to all Filebeat pods | `{}` | -| `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | -| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this Helm chart. Set this to `false` in order to manage your own service account and related roles | `true` | -| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | -| `nodeSelector` | Configurable [nodeSelector][] | `{}` | -| `podAnnotations` | Configurable [annotations][] applied to all Filebeat pods | `{}` | -| `podSecurityContext` | Configurable [podSecurityContext][] for Filebeat pod execution environment | see [values.yaml][] | -| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | -| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | -| `resources` | Allows you to set the [resources][] for the `DaemonSet` | see [values.yaml][] | -| `secretMounts` | Allows you easily mount a secret as a file inside the `DaemonSet`. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | -| `serviceAccount` | Custom [serviceAccount][] that Filebeat will use during execution. By default will use the service account created by this chart | `""` | -| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}` | -| `terminationGracePeriod` | Termination period (in seconds) to wait before killing Filebeat pod process on pod shutdown | `30` | -| `tolerations` | Configurable [tolerations][] | `[]` | -| `updateStrategy` | The [updateStrategy][] for the `DaemonSet`. By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` | - +| Parameter | Description | Default | +|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------| +| `daemonset.annotations` | Configurable [annotations][] for filebeat daemonset | `{}` | +| `daemonset.labels` | Configurable [labels][] applied to all filebeat DaemonSet pods | `{}` | +| `daemonset.affinity` | Configurable [affinity][] for filebeat daemonset | `{}` | +| `daemonset.enabled` | If true, enable daemonset | `true` | +| `daemonset.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for DaemonSet | `[]` | +| `daemonset.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for DaemonSet | `[]` | +| `daemonset.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for DaemonSet | `[]` | +| `daemonset.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for DaemonSet | `[]` | +| `daemonset.hostAliases` | Configurable [hostAliases][] for filebeat DaemonSet | `[]` | +| `daemonset.hostNetworking` | Enable filebeat DaemonSet to use `hostNetwork` | `false` | +| `daemonset.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat DaemonSet | see [values.yaml][] | +| `daemonset.nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` | +| `daemonset.secretMounts` | Allows you easily mount a secret as a file inside the DaemonSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `daemonset.podSecurityContext` | Configurable [podSecurityContext][] for filebeat DaemonSet pod execution environment | see [values.yaml][] | +| `daemonset.resources` | Allows you to set the [resources][] for filebeat DaemonSet | see [values.yaml][] | +| `daemonset.tolerations` | Configurable [tolerations][] for filebeat DaemonSet | `[]` | +| `deployment.annotations` | Configurable [annotations][] for filebeat Deployment | `{}` | +| `deployment.labels` | Configurable [labels][] applied to all filebeat Deployment pods | `{}` | +| `deployment.affinity` | Configurable [affinity][] for filebeat Deployment | `{}` | +| `deployment.enabled` | If true, enable deployment | `false` | +| `deployment.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for Deployment | `[]` | +| `deployment.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for Deployment | `[]` | +| `deployment.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for DaemonSet | `[]` | +| `deployment.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for Deployment | `[]` | +| `daemonset.hostAliases` | Configurable [hostAliases][] for filebeat Deployment | `[]` | +| `deployment.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat Deployment | see [values.yaml][] | +| `deployment.nodeSelector` | Configurable [nodeSelector][] for filebeat Deployment | `{}` | +| `deployment.secretMounts` | Allows you easily mount a secret as a file inside the Deployment Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `deployment.resources` | Allows you to set the [resources][] for filebeat Deployment | see [values.yaml][] | +| `deployment.securityContext` | Configurable [securityContext][] for filebeat Deployment pod execution environment | see [values.yaml][] | +| `deployment.tolerations` | Configurable [tolerations][] for filebeat Deployment | `[]` | +| `replicas` | The replica count for the Filebeat deployment | `1` | +| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` | +| `hostPathRoot` | Fully-qualified [hostPath][] that will be used to persist filebeat registry data | `/var/lib` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The filebeat Docker image tag | `8.0.0-SNAPSHOT` | +| `image` | The filebeat Docker image | `docker.elastic.co/beats/filebeat` | +| `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles | `true` | +| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | +| `podAnnotations` | Configurable [annotations][] applied to all filebeat pods | `{}` | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | +| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `serviceAccount` | Custom [serviceAccount][] that filebeat will use during execution. By default will use the service account created by this chart | `""` | +| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}` | +| `terminationGracePeriod` | Termination period (in seconds) to wait before killing filebeat pod process on pod shutdown | `30` | +| `updateStrategy` | The [updateStrategy][] for the DaemonSet By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` | + +### Deprecated + +| Parameter | Description | Default | +|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|---------| +| `affinity` | Configurable [affinity][] for filebeat DaemonSet | `{}` | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` | +| `extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` | +| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for both filebeat DaemonSet and Deployment | `{}` | +| `hostAliases` | Configurable [hostAliases][] | `[]` | +| `nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` | +| `podSecurityContext` | Configurable [securityContext][] for filebeat DaemonSet and Deployment pod execution environment | `{}` | +| `resources` | Allows you to set the [resources][] for both filebeat DaemonSet and Deployment | `{}` | +| `secretMounts` | Allows you easily mount a secret as a file inside DaemonSet and Deployment Useful for mounting certificates and other secrets | `[]` | +| `tolerations` | Configurable [tolerations][] for both filebeat DaemonSet and Deployment | `[]` | +| `labels` | Configurable [labels][] applied to all filebeat pods | `{}` | ## FAQ diff --git a/filebeat/examples/deployment/Makefile b/filebeat/examples/deployment/Makefile new file mode 100644 index 000000000..0bc285379 --- /dev/null +++ b/filebeat/examples/deployment/Makefile @@ -0,0 +1,13 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-filebeat-deployment + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/filebeat/examples/deployment/README.md b/filebeat/examples/deployment/README.md new file mode 100644 index 000000000..b41e681e4 --- /dev/null +++ b/filebeat/examples/deployment/README.md @@ -0,0 +1,27 @@ +# Default + +This example deploy Filebeat 8.0.0-SNAPSHOT using [default values][] as a Kubernetes Deployment. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Filebeat chart with the default values: `make install` + +* You can now setup a port forward to query Filebeat indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/default/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/filebeat/examples/deployment/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/master/filebeat/values.yaml diff --git a/filebeat/examples/deployment/test/goss.yaml b/filebeat/examples/deployment/test/goss.yaml new file mode 100644 index 000000000..01e656800 --- /dev/null +++ b/filebeat/examples/deployment/test/goss.yaml @@ -0,0 +1,6 @@ +http: + http://elasticsearch-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - 'filebeat-6.8.14' diff --git a/filebeat/examples/deployment/values.yaml b/filebeat/examples/deployment/values.yaml new file mode 100644 index 000000000..bf1cf06c1 --- /dev/null +++ b/filebeat/examples/deployment/values.yaml @@ -0,0 +1,16 @@ +deployment: + enabled: true + +daemonset: + enabled: false + +filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: log + paths: + - /usr/share/filebeat/logs/filebeat + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' \ No newline at end of file diff --git a/filebeat/templates/configmap.yaml b/filebeat/templates/configmap.yaml index 32df8d87c..559abe1ed 100644 --- a/filebeat/templates/configmap.yaml +++ b/filebeat/templates/configmap.yaml @@ -15,3 +15,39 @@ data: {{ $config | indent 4 -}} {{- end -}} {{- end -}} + +{{- if and .Values.daemonset.enabled .Values.daemonset.filebeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "filebeat.fullname" . }}-daemonset-config + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.daemonset.filebeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} + +{{- if and .Values.deployment.enabled .Values.deployment.filebeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "filebeat.fullname" . }}-deployment-config + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.deployment.filebeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml index fb2c42c41..3515d8ca5 100644 --- a/filebeat/templates/daemonset.yaml +++ b/filebeat/templates/daemonset.yaml @@ -1,3 +1,4 @@ +{{- if .Values.daemonset.enabled }} --- apiVersion: apps/v1 kind: DaemonSet @@ -8,9 +9,21 @@ metadata: chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} + {{- if .Values.daemonset.labels }} + {{- range $key, $value := .Values.daemonset.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} {{- range $key, $value := .Values.labels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- end }} + {{- if .Values.daemonset.annotations }} + annotations: + {{- range $key, $value := .Values.daemonset.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: selector: matchLabels: @@ -25,7 +38,7 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} {{/* This forces a restart if the configmap has changed */}} - {{- if .Values.filebeatConfig }} + {{- if or .Values.filebeatConfig .Values.daemonset.filebeatConfig }} configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} {{- end }} name: "{{ template "filebeat.fullname" . }}" @@ -34,36 +47,36 @@ spec: chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} + {{- if .Values.daemonset.labels }} + {{- range $key, $value := .Values.daemonset.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} {{- range $key, $value := .Values.labels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- end }} spec: - {{- with .Values.tolerations }} - tolerations: {{ toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} + tolerations: {{ toYaml ( .Values.tolerations | default .Values.daemonset.tolerations ) | nindent 8 }} + nodeSelector: {{ toYaml ( .Values.nodeSelector | default .Values.daemonset.nodeSelector ) | nindent 8 }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} - {{- with .Values.affinity }} - affinity: {{ toYaml . | nindent 8 -}} - {{- end }} + affinity: {{ toYaml ( .Values.affinity | default .Values.daemonset.affinity ) | nindent 8 }} serviceAccountName: {{ template "filebeat.serviceAccount" . }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- if .Values.hostNetworking }} + {{- if .Values.daemonset.hostNetworking }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet {{- end }} {{- if .Values.dnsConfig }} dnsConfig: {{ toYaml .Values.dnsConfig | nindent 8 }} {{- end }} - {{- if .Values.hostAliases }} - hostAliases: {{ toYaml .Values.hostAliases | nindent 6 }} + {{- if .Values.hostAliases | default .Values.daemonset.hostAliases }} + hostAliases: {{ toYaml ( .Values.hostAliases | default .Values.daemonset.hostAliases ) | nindent 8 }} {{- end }} volumes: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} - name: {{ .name }} secret: secretName: {{ .secretName }} @@ -73,6 +86,11 @@ spec: configMap: defaultMode: 0600 name: {{ template "filebeat.fullname" . }}-config + {{- else if .Values.daemonset.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-daemonset-config {{- end }} - name: data hostPath: @@ -87,8 +105,8 @@ spec: - name: varrundockersock hostPath: path: /var/run/docker.sock - {{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6 }} + {{- if .Values.extraVolumes | default .Values.daemonset.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.daemonset.extraVolumes ) | indent 6 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -121,7 +139,7 @@ spec: readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} resources: -{{ toYaml .Values.resources | indent 10 }} +{{ toYaml ( .Values.resources | default .Values.daemonset.resources ) | indent 10 }} env: - name: POD_NAMESPACE valueFrom: @@ -131,19 +149,13 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName -{{- if .Values.extraEnvs }} -{{ toYaml .Values.extraEnvs | indent 8 }} -{{- end }} -{{- if .Values.envFrom }} - envFrom: -{{ toYaml .Values.envFrom | indent 10 }} -{{- end }} -{{- if .Values.podSecurityContext }} - securityContext: -{{ toYaml .Values.podSecurityContext | indent 10 }} +{{- if .Values.extraEnvs | default .Values.daemonset.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.daemonset.extraEnvs ) | indent 8 }} {{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.daemonset.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.daemonset.securityContext ) | nindent 10 }} volumeMounts: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} - name: {{ .name }} mountPath: {{ .path }} {{- if .subPath }} @@ -151,11 +163,18 @@ spec: {{- end }} {{- end }} {{- range $path, $config := .Values.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{ else }} + {{- range $path, $config := .Values.daemonset.filebeatConfig }} - name: filebeat-config mountPath: /usr/share/filebeat/{{ $path }} readOnly: true subPath: {{ $path }} {{- end }} + {{- end }} - name: data mountPath: /usr/share/filebeat/data - name: varlibdockercontainers @@ -169,9 +188,10 @@ spec: - name: varrundockersock mountPath: /var/run/docker.sock readOnly: true - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} + {{- if .Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts }} +{{ toYaml (.Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts ) | indent 8 }} {{- end }} {{- if .Values.extraContainers }} {{ tpl .Values.extraContainers . | indent 6 }} {{- end }} +{{- end }} diff --git a/filebeat/templates/deployment.yaml b/filebeat/templates/deployment.yaml new file mode 100644 index 000000000..a8fd82649 --- /dev/null +++ b/filebeat/templates/deployment.yaml @@ -0,0 +1,157 @@ +# Deploy singleton instance in the whole cluster for some unique data sources, like aws input +{{- if .Values.deployment.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "filebeat.fullname" . }} + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: '{{ .Release.Service }}' + release: {{ .Release.Name }} + {{- if .Values.deployment.labels }} + {{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .Values.deployment.annotations }} + annotations: + {{- range $key, $value := .Values.deployment.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: "{{ template "filebeat.fullname" . }}" + release: {{ .Release.Name | quote }} + template: + metadata: + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{/* This forces a restart if the configmap has changed */}} + {{- if or .Values.filebeatConfig .Values.deployment.filebeatConfig }} + configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} + {{- end }} + labels: + app: '{{ template "filebeat.fullname" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version }}' + release: '{{ .Release.Name }}' + {{- if .Values.deployment.labels }} + {{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }} + nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} + tolerations: {{ toYaml ( .Values.tolerations | default .Values.deployment.tolerations ) | nindent 8 }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + serviceAccountName: {{ template "filebeat.serviceAccount" . }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- if .Values.deployment.hostAliases }} + hostAliases: {{ toYaml .Values.deployment.hostAliases | nindent 8 }} + {{- end }} + volumes: + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- if .Values.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-config + {{- else if .Values.deployment.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-deployment-config + {{- end }} + {{- if .Values.extraVolumes | default .Values.deployment.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.deployment.extraVolumes ) | indent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.extraInitContainers }} + initContainers: + # All the other beats accept a string here while + # filebeat accepts a valid yaml array. We're keeping + # this as a backwards compatible change, while adding + # also a way to pass a string as other templates to + # make these implementations consistent. + # https://github.com/elastic/helm-charts/issues/490 + {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} +{{ tpl .Values.extraInitContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraInitContainers | indent 6 }} + {{- end }} + {{- end }} + containers: + - name: "filebeat" + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + args: + - "-e" + - "-E" + - "http.enabled=true" + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + resources: {{ toYaml ( .Values.resources | default .Values.deployment.resources ) | nindent 10 }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- if .Values.extraEnvs | default .Values.deployment.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.deployment.extraEnvs ) | indent 8 }} +{{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.deployment.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.deployment.securityContext ) | nindent 10 }} + volumeMounts: + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range $path, $config := .Values.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{ else }} + {{- range $path, $config := .Values.deployment.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{- end }} + {{- end }} + {{- if .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts }} +{{ toYaml ( .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts ) | indent 8 }} + {{- end }} + {{- if .Values.extraContainers }} +{{ tpl .Values.extraContainers . | indent 6 }} + {{- end }} +{{- end }} diff --git a/filebeat/tests/filebeat_test.py b/filebeat/tests/filebeat_test.py index feaba4f56..9460e8ec6 100644 --- a/filebeat/tests/filebeat_test.py +++ b/filebeat/tests/filebeat_test.py @@ -15,6 +15,7 @@ def test_defaults(): r = helm_template(config) assert name in r["daemonset"] + assert "deployment" not in r c = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0] assert c["name"] == project @@ -27,10 +28,26 @@ def test_defaults(): assert "filebeat test output" in c["readinessProbe"]["exec"]["command"][-1] + assert r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"] == [] + + assert "hostNetwork" not in r["daemonset"][name]["spec"]["template"]["spec"] + assert "dnsPolicy" not in r["daemonset"][name]["spec"]["template"]["spec"] + + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 0 + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + # Empty customizable defaults assert "imagePullSecrets" not in r["daemonset"][name]["spec"]["template"]["spec"] - assert "tolerations" not in r["daemonset"][name]["spec"]["template"]["spec"] - assert "hostAliases" not in r["daemonset"][name]["spec"]["template"]["spec"] assert r["daemonset"][name]["spec"]["updateStrategy"]["type"] == "RollingUpdate" @@ -38,77 +55,263 @@ def test_defaults(): r["daemonset"][name]["spec"]["template"]["spec"]["serviceAccountName"] == name ) - volumes = r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + cfg = r["configmap"] + + assert name + "-config" not in cfg + assert name + "-daemonset-config" in cfg + + assert "filebeat.yml" in cfg[name + "-daemonset-config"]["data"] + + daemonset = r["daemonset"][name]["spec"]["template"]["spec"] + + assert { + "configMap": {"name": name + "-config", "defaultMode": 0o600}, + "name": project + "-config", + } not in daemonset["volumes"] + assert { + "configMap": {"name": name + "-daemonset-config", "defaultMode": 0o600}, + "name": project + "-config", + } in daemonset["volumes"] + assert { "name": "data", "hostPath": { "path": "/var/lib/" + name + "-default-data", "type": "DirectoryOrCreate", }, - } in volumes + } in daemonset["volumes"] + + assert { + "mountPath": "/usr/share/filebeat/filebeat.yml", + "name": project + "-config", + "subPath": "filebeat.yml", + "readOnly": True, + } in daemonset["containers"][0]["volumeMounts"] + assert daemonset["containers"][0]["resources"] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } -def test_adding_envs(): + +def test_enable_deployment(): config = """ -extraEnvs: -- name: LOG_LEVEL - value: DEBUG -""" +deployment: + enabled: true + """ + r = helm_template(config) - envs = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["env"] - assert {"name": "LOG_LEVEL", "value": "DEBUG"} in envs + + assert name in r["deployment"] + + c = r["deployment"][name]["spec"]["template"]["spec"]["containers"][0] + assert c["name"] == project + assert c["image"].startswith("docker.elastic.co/beats/" + project + ":") + + assert c["env"][0]["name"] == "POD_NAMESPACE" + assert c["env"][0]["valueFrom"]["fieldRef"]["fieldPath"] == "metadata.namespace" + + assert "curl --fail 127.0.0.1:5066" in c["livenessProbe"]["exec"]["command"][-1] + + assert "filebeat test output" in c["readinessProbe"]["exec"]["command"][-1] + + assert r["deployment"][name]["spec"]["template"]["spec"]["tolerations"] == [] + + assert "hostNetwork" not in r["deployment"][name]["spec"]["template"]["spec"] + assert "dnsPolicy" not in r["deployment"][name]["spec"]["template"]["spec"] + + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 0 + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + + # Empty customizable defaults + assert "imagePullSecrets" not in r["deployment"][name]["spec"]["template"]["spec"] + + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["serviceAccountName"] == name + ) + + cfg = r["configmap"] + + assert name + "-config" not in cfg + assert name + "-deployment-config" in cfg + + assert "filebeat.yml" in cfg[name + "-deployment-config"]["data"] + + deployment = r["deployment"][name]["spec"]["template"]["spec"] + + assert { + "configMap": {"name": name + "-config", "defaultMode": 0o600}, + "name": project + "-config", + } not in deployment["volumes"] + assert { + "configMap": {"name": name + "-deployment-config", "defaultMode": 0o600}, + "name": project + "-config", + } in deployment["volumes"] + + assert { + "mountPath": "/usr/share/filebeat/filebeat.yml", + "name": project + "-config", + "subPath": "filebeat.yml", + "readOnly": True, + } in deployment["containers"][0]["volumeMounts"] + + assert deployment["containers"][0]["resources"] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } def test_adding_a_extra_container(): config = """ +deployment: + enabled: true extraContainers: | - name: do-something image: busybox command: ['do', 'something'] """ r = helm_template(config) - extraContainer = r["daemonset"][name]["spec"]["template"]["spec"]["containers"] + extraContainerDaemonset = r["daemonset"][name]["spec"]["template"]["spec"][ + "containers" + ] + assert { + "name": "do-something", + "image": "busybox", + "command": ["do", "something"], + } in extraContainerDaemonset + deployment_name = name + extraContainerDeployment = r["deployment"][deployment_name]["spec"]["template"][ + "spec" + ]["containers"] assert { "name": "do-something", "image": "busybox", "command": ["do", "something"], - } in extraContainer + } in extraContainerDeployment def test_adding_init_containers_as_yaml(): config = """ +deployment: + enabled: true extraInitContainers: - name: dummy-init image: busybox command: ['echo', 'hey'] """ r = helm_template(config) - initContainers = r["daemonset"][name]["spec"]["template"]["spec"]["initContainers"] + initContainersDaemonset = r["daemonset"][name]["spec"]["template"]["spec"][ + "initContainers" + ] + assert { + "name": "dummy-init", + "image": "busybox", + "command": ["echo", "hey"], + } in initContainersDaemonset + deployment_name = name + initContainersDeployment = r["deployment"][deployment_name]["spec"]["template"][ + "spec" + ]["initContainers"] assert { "name": "dummy-init", "image": "busybox", "command": ["echo", "hey"], - } in initContainers + } in initContainersDeployment -def test_adding_init_containers(): +def test_adding_a_extra_init_container(): config = """ +deployment: + enabled: true extraInitContainers: | - - name: dummy-init + - name: do-something image: busybox - command: ['echo', 'hey'] + command: ['do', 'something'] """ r = helm_template(config) - initContainers = r["daemonset"][name]["spec"]["template"]["spec"]["initContainers"] + extraInitContainerDaemonset = r["daemonset"][name]["spec"]["template"]["spec"][ + "initContainers" + ] assert { - "name": "dummy-init", + "name": "do-something", "image": "busybox", - "command": ["echo", "hey"], - } in initContainers + "command": ["do", "something"], + } in extraInitContainerDaemonset + deployment_name = name + extraInitContainerDeployment = r["deployment"][deployment_name]["spec"]["template"][ + "spec" + ]["initContainers"] + assert { + "name": "do-something", + "image": "busybox", + "command": ["do", "something"], + } in extraInitContainerDeployment + + +def test_adding_envs(): + config = """ +deployment: + enabled: true +daemonset: + extraEnvs: + - name: LOG_LEVEL + value: DEBUG +""" + r = helm_template(config) + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + assert {"name": "LOG_LEVEL", "value": "DEBUG"} not in r["deployment"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + + config = """ +deployment: + enabled: true + extraEnvs: + - name: LOG_LEVEL + value: DEBUG +""" + r = helm_template(config) + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["deployment"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + assert {"name": "LOG_LEVEL", "value": "DEBUG"} not in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + + +def test_adding_deprecated_envs(): + config = """ +deployment: + enabled: true +extraEnvs: +- name: LOG_LEVEL + value: DEBUG +""" + r = helm_template(config) + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["deployment"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] def test_adding_image_pull_secrets(): config = """ +deployment: + enabled: true imagePullSecrets: - name: test-registry """ @@ -117,10 +320,70 @@ def test_adding_image_pull_secrets(): r["daemonset"][name]["spec"]["template"]["spec"]["imagePullSecrets"][0]["name"] == "test-registry" ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["imagePullSecrets"][0]["name"] + == "test-registry" + ) + + +def test_adding_host_networking(): + config = """ +deployment: + enabled: true +daemonset: + hostNetworking: true +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["hostNetwork"] is True + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["dnsPolicy"] + == "ClusterFirstWithHostNet" + ) + assert "hostNetwork" not in r["deployment"][name]["spec"]["template"]["spec"] + assert "dnsPolicy" not in r["deployment"][name]["spec"]["template"]["spec"] def test_adding_tolerations(): config = """ +deployment: + enabled: true +daemonset: + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoExecute" + tolerationSeconds: 3600 +""" + r = helm_template(config) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"][0]["key"] + == "key1" + ) + assert r["deployment"][name]["spec"]["template"]["spec"]["tolerations"] == [] + + config = """ +deployment: + enabled: true + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoExecute" + tolerationSeconds: 3600 +""" + r = helm_template(config) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["tolerations"][0]["key"] + == "key1" + ) + assert r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"] == [] + + +def test_adding_deprecated_tolerations(): + config = """ +deployment: + enabled: true tolerations: - key: "key1" operator: "Equal" @@ -133,6 +396,10 @@ def test_adding_tolerations(): r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"][0]["key"] == "key1" ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["tolerations"][0]["key"] + == "key1" + ) def test_override_the_default_update_strategy(): @@ -144,21 +411,10 @@ def test_override_the_default_update_strategy(): assert r["daemonset"][name]["spec"]["updateStrategy"]["type"] == "OnDelete" -def test_host_networking(): - config = """ -hostNetworking: true -""" - r = helm_template(config) - assert r["daemonset"][name]["spec"]["template"]["spec"]["hostNetwork"] is True - config = """ -hostNetworking: false -""" - r = helm_template(config) - assert "hostNetwork" not in r["daemonset"][name]["spec"]["template"]["spec"] - - def test_setting_a_custom_service_account(): config = """ +deployment: + enabled: true serviceAccount: notdefault """ r = helm_template(config) @@ -166,6 +422,10 @@ def test_setting_a_custom_service_account(): r["daemonset"][name]["spec"]["template"]["spec"]["serviceAccountName"] == "notdefault" ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["serviceAccountName"] + == "notdefault" + ) def test_self_managing_rbac_resources(): @@ -180,84 +440,395 @@ def test_self_managing_rbac_resources(): def test_setting_pod_security_context(): config = """ +deployment: + enabled: true +daemonset: + securityContext: + runAsUser: 1001 + privileged: false +""" + r = helm_template(config) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 0 + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + + config = """ +deployment: + enabled: true + securityContext: + runAsUser: 1001 + privileged: false +""" + r = helm_template(config) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 0 + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + + +def test_setting_deprecated_pod_security_context(): + config = """ +deployment: + enabled: true podSecurityContext: runAsUser: 1001 privileged: false """ r = helm_template(config) - c = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0] - assert c["securityContext"]["runAsUser"] == 1001 - assert c["securityContext"]["privileged"] == False + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) def test_adding_in_filebeat_config(): config = """ +daemonset: + filebeatConfig: + filebeat.yml: | + key: daemonset + daemonset-config.yml: | + hello = daemonset + +deployment: + enabled: true + filebeatConfig: + filebeat.yml: | + key: deployment + deployment-config.yml: | + hello = deployment +""" + r = helm_template(config) + cfg = r["configmap"] + + assert "filebeat.yml" in cfg[name + "-daemonset-config"]["data"] + assert "daemonset-config.yml" in cfg[name + "-daemonset-config"]["data"] + assert "deployment-config.yml" not in cfg[name + "-daemonset-config"]["data"] + assert "filebeat.yml" in cfg[name + "-deployment-config"]["data"] + assert "deployment-config.yml" in cfg[name + "-deployment-config"]["data"] + assert "daemonset-config.yml" not in cfg[name + "-deployment-config"]["data"] + + assert "key: daemonset" in cfg[name + "-daemonset-config"]["data"]["filebeat.yml"] + assert "key: deployment" in cfg[name + "-deployment-config"]["data"]["filebeat.yml"] + + assert ( + "hello = daemonset" + in cfg[name + "-daemonset-config"]["data"]["daemonset-config.yml"] + ) + assert ( + "hello = deployment" + in cfg[name + "-deployment-config"]["data"]["deployment-config.yml"] + ) + + daemonset = r["daemonset"][name]["spec"]["template"]["spec"] + assert { + "mountPath": "/usr/share/filebeat/daemonset-config.yml", + "name": project + "-config", + "subPath": "daemonset-config.yml", + "readOnly": True, + } in daemonset["containers"][0]["volumeMounts"] + + deployment = r["deployment"][name]["spec"]["template"]["spec"] + assert { + "mountPath": "/usr/share/filebeat/deployment-config.yml", + "name": project + "-config", + "subPath": "deployment-config.yml", + "readOnly": True, + } in deployment["containers"][0]["volumeMounts"] + + +def test_adding_in_deprecated_filebeat_config(): + config = """ +deployment: + enabled: true filebeatConfig: filebeat.yml: | key: nestedkey: value dot.notation: test - - other-config.yml: | - hello = world """ r = helm_template(config) c = r["configmap"][name + "-config"]["data"] assert "filebeat.yml" in c - assert "other-config.yml" in c assert "nestedkey: value" in c["filebeat.yml"] assert "dot.notation: test" in c["filebeat.yml"] - assert "hello = world" in c["other-config.yml"] - - d = r["daemonset"][name]["spec"]["template"]["spec"] + daemonset = r["daemonset"][name]["spec"]["template"]["spec"] assert { "configMap": {"name": name + "-config", "defaultMode": 0o600}, "name": project + "-config", - } in d["volumes"] + } in daemonset["volumes"] assert { "mountPath": "/usr/share/filebeat/filebeat.yml", "name": project + "-config", "subPath": "filebeat.yml", "readOnly": True, - } in d["containers"][0]["volumeMounts"] + } in daemonset["containers"][0]["volumeMounts"] + + assert ( + "configChecksum" + in r["daemonset"][name]["spec"]["template"]["metadata"]["annotations"] + ) + + deployment = r["deployment"][name]["spec"]["template"]["spec"] + assert { - "mountPath": "/usr/share/filebeat/other-config.yml", + "configMap": {"name": name + "-config", "defaultMode": 0o600}, "name": project + "-config", - "subPath": "other-config.yml", + } in deployment["volumes"] + assert { + "mountPath": "/usr/share/filebeat/filebeat.yml", + "name": project + "-config", + "subPath": "filebeat.yml", "readOnly": True, - } in d["containers"][0]["volumeMounts"] + } in deployment["containers"][0]["volumeMounts"] assert ( "configChecksum" - in r["daemonset"][name]["spec"]["template"]["metadata"]["annotations"] + in r["deployment"][name]["spec"]["template"]["metadata"]["annotations"] ) def test_adding_a_secret_mount(): config = """ +deployment: + enabled: true +daemonset: + secretMounts: + - name: elastic-certificates + secretName: elastic-certificates-name + path: /usr/share/filebeat/config/certs +""" + r = helm_template(config) + assert ( + { + "mountPath": "/usr/share/filebeat/config/certs", + "name": "elastic-certificates", + } + in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + + assert ( + { + "mountPath": "/usr/share/filebeat/config/certs", + "name": "elastic-certificates", + } + not in r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } not in r["deployment"][name]["spec"]["template"]["spec"]["volumes"] + + config = """ +deployment: + enabled: true + secretMounts: + - name: elastic-certificates + secretName: elastic-certificates-name + path: /usr/share/filebeat/config/certs +""" + r = helm_template(config) + assert ( + { + "mountPath": "/usr/share/filebeat/config/certs", + "name": "elastic-certificates", + } + in r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } in r["deployment"][name]["spec"]["template"]["spec"]["volumes"] + + assert ( + { + "mountPath": "/usr/share/filebeat/config/certs", + "name": "elastic-certificates", + } + not in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } not in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + + +def test_adding_a_deprecated_secret_mount(): + config = """ +deployment: + enabled: true secretMounts: - name: elastic-certificates - secretName: elastic-certs + secretName: elastic-certificates-name path: /usr/share/filebeat/config/certs """ r = helm_template(config) - s = r["daemonset"][name]["spec"]["template"]["spec"] - assert s["containers"][0]["volumeMounts"][0] == { + assert ( + { + "mountPath": "/usr/share/filebeat/config/certs", + "name": "elastic-certificates", + } + in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ][0] == { "mountPath": "/usr/share/filebeat/config/certs", "name": "elastic-certificates", } - assert s["volumes"][0] == { + assert r["deployment"][name]["spec"]["template"]["spec"]["volumes"][0] == { "name": "elastic-certificates", - "secret": {"secretName": "elastic-certs"}, + "secret": {"secretName": "elastic-certificates-name"}, } def test_adding_a_extra_volume_with_volume_mount(): config = """ +deployment: + enabled: true +daemonset: + extraVolumes: + - name: extras + emptyDir: {} + extraVolumeMounts: + - name: extras + mountPath: /usr/share/extras + readOnly: true +""" + r = helm_template(config) + assert {"name": "extras", "emptyDir": {}} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "daemonset" + ][name]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] + assert {"name": "extras", "emptyDir": {}} not in r["deployment"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert ( + {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} + not in r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + + config = """ +deployment: + enabled: true + extraVolumes: + - name: extras + emptyDir: {} + extraVolumeMounts: + - name: extras + mountPath: /usr/share/extras + readOnly: true +""" + r = helm_template(config) + assert {"name": "extras", "emptyDir": {}} in r["deployment"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "deployment" + ][name]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] + assert {"name": "extras", "emptyDir": {}} not in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert ( + {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} + not in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + + +def test_adding_a_deprecated_extra_volume_with_volume_mount(): + config = """ +deployment: + enabled: true extraVolumes: - name: extras emptyDir: {} @@ -267,52 +838,53 @@ def test_adding_a_extra_volume_with_volume_mount(): readOnly: true """ r = helm_template(config) - extraVolume = r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] - assert {"name": "extras", "emptyDir": {}} in extraVolume - extraVolumeMounts = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][ - 0 - ]["volumeMounts"] - assert { - "name": "extras", - "mountPath": "/usr/share/extras", - "readOnly": True, - } in extraVolumeMounts + assert {"name": "extras", "emptyDir": {}} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "daemonset" + ][name]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] + assert {"name": "extras", "emptyDir": {}} in r["deployment"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "deployment" + ][name]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] -def test_adding_pod_labels(): +def test_adding_a_node_selector(): config = """ -labels: - app.kubernetes.io/name: filebeat +deployment: + enabled: true +daemonset: + nodeSelector: + disktype: ssd """ r = helm_template(config) assert ( - r["daemonset"][name]["metadata"]["labels"]["app.kubernetes.io/name"] - == "filebeat" - ) - assert ( - r["daemonset"][name]["spec"]["template"]["metadata"]["labels"][ - "app.kubernetes.io/name" - ] - == "filebeat" + r["daemonset"][name]["spec"]["template"]["spec"]["nodeSelector"]["disktype"] + == "ssd" ) + assert r["deployment"][name]["spec"]["template"]["spec"]["nodeSelector"] == {} - -def test_adding_serviceaccount_annotations(): config = """ -serviceAccountAnnotations: - eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount +deployment: + enabled: true + nodeSelector: + disktype: ssd """ r = helm_template(config) assert ( - r["serviceaccount"][name]["metadata"]["annotations"][ - "eks.amazonaws.com/role-arn" - ] - == "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount" + r["deployment"][name]["spec"]["template"]["spec"]["nodeSelector"]["disktype"] + == "ssd" ) + assert r["daemonset"][name]["spec"]["template"]["spec"]["nodeSelector"] == {} -def test_adding_a_node_selector(): +def test_adding_deprecated_node_selector(): config = """ +deployment: + enabled: true nodeSelector: disktype: ssd """ @@ -321,10 +893,73 @@ def test_adding_a_node_selector(): r["daemonset"][name]["spec"]["template"]["spec"]["nodeSelector"]["disktype"] == "ssd" ) + assert ( + "disktype" + not in r["deployment"][name]["spec"]["template"]["spec"]["nodeSelector"] + ) def test_adding_an_affinity_rule(): config = """ +deployment: + enabled: true +daemonset: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - filebeat + topologyKey: kubernetes.io/hostname +""" + + r = helm_template(config) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["affinity"]["podAntiAffinity"][ + "requiredDuringSchedulingIgnoredDuringExecution" + ][0]["topologyKey"] + == "kubernetes.io/hostname" + ) + assert ( + "podAntiAffinity" + not in r["deployment"][name]["spec"]["template"]["spec"]["affinity"] + ) + + config = """ +deployment: + enabled: true + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - filebeat + topologyKey: kubernetes.io/hostname +""" + + r = helm_template(config) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["affinity"][ + "podAntiAffinity" + ]["requiredDuringSchedulingIgnoredDuringExecution"][0]["topologyKey"] + == "kubernetes.io/hostname" + ) + assert ( + "podAntiAffinity" + not in r["daemonset"][name]["spec"]["template"]["spec"]["affinity"] + ) + + +def test_adding_deprecated_affinity_rule(): + config = """ +deployment: + enabled: true affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -344,41 +979,273 @@ def test_adding_an_affinity_rule(): ][0]["topologyKey"] == "kubernetes.io/hostname" ) + assert r["deployment"][name]["spec"]["template"]["spec"]["affinity"] == {} def test_priority_class_name(): config = """ +deployment: + enabled: true priorityClassName: "" """ r = helm_template(config) - spec = r["daemonset"][name]["spec"]["template"]["spec"] - assert "priorityClassName" not in spec + daemonset_spec = r["daemonset"][name]["spec"]["template"]["spec"] + deployment_spec = r["deployment"][name]["spec"]["template"]["spec"] + assert "priorityClassName" not in daemonset_spec + assert "priorityClassName" not in deployment_spec config = """ +deployment: + enabled: true priorityClassName: "highest" """ r = helm_template(config) - priority_class_name = r["daemonset"][name]["spec"]["template"]["spec"][ + daemonset_priority_class_name = r["daemonset"][name]["spec"]["template"]["spec"][ "priorityClassName" ] - assert priority_class_name == "highest" + deployment_priority_class_name = r["deployment"][name]["spec"]["template"]["spec"][ + "priorityClassName" + ] + assert daemonset_priority_class_name == "highest" + assert deployment_priority_class_name == "highest" + + +def test_adding_deprecated_labels(): + config = """ +deployment: + enabled: true +labels: + app-test: filebeat +""" + r = helm_template(config) + assert r["daemonset"][name]["metadata"]["labels"]["app-test"] == "filebeat" + assert r["deployment"][name]["metadata"]["labels"]["app-test"] == "filebeat" + assert ( + r["daemonset"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "filebeat" + ) + assert ( + r["deployment"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "filebeat" + ) + + +def test_adding_daemonset_labels(): + config = """ +daemonset: + labels: + app-test: filebeat +""" + r = helm_template(config) + assert r["daemonset"][name]["metadata"]["labels"]["app-test"] == "filebeat" + assert ( + r["daemonset"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "filebeat" + ) + + +def test_adding_daemonset_labels_surpasses_root_labels(): + config = """ +labels: + app-test: root-filebeat +daemonset: + labels: + app-test: daemonset-filebeat +""" + r = helm_template(config) + assert ( + r["daemonset"][name]["metadata"]["labels"]["app-test"] == "daemonset-filebeat" + ) + assert ( + r["daemonset"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "daemonset-filebeat" + ) + + +def test_adding_deployment_labels(): + config = """ +deployment: + enabled: true + labels: + app-test: filebeat +""" + r = helm_template(config) + assert r["deployment"][name]["metadata"]["labels"]["app-test"] == "filebeat" + assert ( + r["deployment"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "filebeat" + ) + + +def test_adding_deployment_labels_surpasses_root_labels(): + config = """ +labels: + app-test: root-filebeat +deployment: + enabled: true + labels: + app-test: deployment-filebeat +""" + r = helm_template(config) + assert ( + r["deployment"][name]["metadata"]["labels"]["app-test"] == "deployment-filebeat" + ) + assert ( + r["deployment"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "deployment-filebeat" + ) + + +def test_adding_serviceaccount_annotations(): + config = """ +serviceAccountAnnotations: + eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount +""" + r = helm_template(config) + assert ( + r["serviceaccount"][name]["metadata"]["annotations"][ + "eks.amazonaws.com/role-arn" + ] + == "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount" + ) def test_adding_env_from(): config = """ +deployment: + enabled: true +daemonset: + envFrom: + - configMapRef: + name: configmap-name +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["envFrom"][ + 0 + ]["configMapRef"] == {"name": "configmap-name"} + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0]["envFrom"] + == [] + ) + + config = """ +deployment: + enabled: true + envFrom: + - configMapRef: + name: configmap-name +""" + r = helm_template(config) + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "envFrom" + ][0]["configMapRef"] == {"name": "configmap-name"} + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["envFrom"] + == [] + ) + + +def test_adding_deprecated_env_from(): + config = """ +deployment: + enabled: true envFrom: - configMapRef: name: configmap-name """ r = helm_template(config) - configMapRef = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["envFrom"][ + 0 + ]["configMapRef"] == {"name": "configmap-name"} + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ "envFrom" - ][0]["configMapRef"] - assert configMapRef == {"name": "configmap-name"} + ][0]["configMapRef"] == {"name": "configmap-name"} + + +def test_overriding_resources(): + config = """ +deployment: + enabled: true +daemonset: + resources: + limits: + cpu: "25m" + memory: "128Mi" + requests: + cpu: "25m" + memory: "128Mi" +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } + + config = """ +deployment: + enabled: true + resources: + limits: + cpu: "25m" + memory: "128Mi" + requests: + cpu: "25m" + memory: "128Mi" +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } + + +def test_adding_deprecated_resources(): + config = """ +deployment: + enabled: true +resources: + limits: + cpu: "25m" + memory: "128Mi" + requests: + cpu: "25m" + memory: "128Mi" +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } def test_setting_fullnameOverride(): config = """ +deployment: + enabled: true fullnameOverride: 'filebeat-custom' """ r = helm_template(config) @@ -401,16 +1268,84 @@ def test_setting_fullnameOverride(): "type": "DirectoryOrCreate", }, } in volumes + assert custom_name in r["deployment"] + assert ( + r["deployment"][custom_name]["spec"]["template"]["spec"]["containers"][0][ + "name" + ] + == project + ) + assert ( + r["deployment"][custom_name]["spec"]["template"]["spec"]["serviceAccountName"] + == name + ) + + +def test_adding_annotations(): + config = """ +deployment: + enabled: true +daemonset: + annotations: + foo: "bar" +""" + r = helm_template(config) + assert "foo" in r["daemonset"][name]["metadata"]["annotations"] + assert r["daemonset"][name]["metadata"]["annotations"]["foo"] == "bar" + assert "annotations" not in r["deployment"][name]["metadata"] + config = """ +deployment: + enabled: true + annotations: + grault: "waldo" +""" + r = helm_template(config) + assert "grault" in r["deployment"][name]["metadata"]["annotations"] + assert r["deployment"][name]["metadata"]["annotations"]["grault"] == "waldo" + assert "annotations" not in r["daemonset"][name]["metadata"] + + +def test_disable_daemonset(): + config = """ +deployment: + enabled: true +daemonset: + enabled: false +""" + r = helm_template(config) + cfg = r["configmap"] + + assert name not in r.get("daemonset", {}) + assert name + "-daemonset-config" not in cfg + assert name + "-deployment-config" in cfg def test_hostaliases(): config = """ -hostAliases: -- ip: "127.0.0.1" - hostnames: - - "foo.local" - - "bar.local" +deployment: + enabled: true +daemonset: + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "foo.local" + - "bar.local" """ r = helm_template(config) + assert "hostAliases" not in r["deployment"][name]["spec"]["template"]["spec"] hostAliases = r["daemonset"][name]["spec"]["template"]["spec"]["hostAliases"] assert {"ip": "127.0.0.1", "hostnames": ["foo.local", "bar.local"]} in hostAliases + + config = """ +deployment: + enabled: true + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "foo.local" + - "bar.local" +""" + r = helm_template(config) + assert "hostAliases" not in r["daemonset"][name]["spec"]["template"]["spec"] + hostAliases = r["deployment"][name]["spec"]["template"]["spec"]["hostAliases"] + assert {"ip": "127.0.0.1", "hostnames": ["foo.local", "bar.local"]} in hostAliases diff --git a/filebeat/values.yaml b/filebeat/values.yaml index 83e283943..333270de3 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -1,34 +1,123 @@ --- -# Allows you to add any config files in /usr/share/filebeat -# such as filebeat.yml -filebeatConfig: - filebeat.yml: | - filebeat.inputs: - - type: docker - containers.ids: - - '*' - processors: - - add_kubernetes_metadata: - in_cluster: true - output.elasticsearch: - host: '${NODE_NAME}' - hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' - -# Extra environment variables to append to the DaemonSet pod spec. -# This will be appended to the current 'env:' key. You can use any of the kubernetes env -# syntax here -extraEnvs: [] -# - name: MY_ENVIRONMENT_VAR -# value: the_value_goes_here - -extraVolumeMounts: [] +daemonset: + # Annotations to apply to the daemonset + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the daemonset + enabled: true + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + hostNetworking: false + # Allows you to add any config files in /usr/share/filebeat + # such as filebeat.yml for daemonset + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: docker + containers.ids: + - '*' + processors: + - add_kubernetes_metadata: + in_cluster: true + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + # Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly. + # + # - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. + # - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] + +deployment: + # Annotations to apply to the deployment + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the deployment + enabled: false + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + # Allows you to add any config files in /usr/share/filebeat + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] # - name: extras # mountPath: /usr/share/extras # readOnly: true - -extraVolumes: [] - # - name: extras - # emptyDir: {} + # such as filebeat.yml for deployment + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: tcp + max_message_size: 10MiB + host: "localhost:9000" + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + # + # - User that the container will execute as. + # Not necessary to run as root (0) as the Filebeat Deployment use cases do not need access to Kubernetes Node internals + # - Typically not necessarily unless running within environments such as OpenShift. + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] + +# Replicas being used for the filebeat deployment +replicas: 1 extraContainers: "" # - name: dummy-init @@ -37,16 +126,10 @@ extraContainers: "" extraInitContainers: [] # - name: dummy-init -# image: busybox -# command: ['echo', 'hey'] - -envFrom: [] -# - configMapRef: -# name: configmap-name # Root directory where Filebeat will write data to in order to persist registry data across pod restarts (file position and other metadata). hostPathRoot: /var/lib -hostNetworking: false + dnsConfig: {} # options: # - name: ndots @@ -90,51 +173,19 @@ readinessProbe: # Whether this chart should self-manage its service account, role, and associated role binding. managedServiceAccount: true -# additionals labels -labels: {} - podAnnotations: {} # iam.amazonaws.com/role: es-cluster -# Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly. -# -# - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. -# - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. -podSecurityContext: - runAsUser: 0 - privileged: false - -resources: - requests: - cpu: "100m" - memory: "100Mi" - limits: - cpu: "1000m" - memory: "200Mi" - # Custom service account override that the pod will use serviceAccount: "" # Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set. serviceAccountAnnotations: {} - # eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount -# A list of secrets and their paths to mount inside the pod -# This is useful for mounting certificates for security other sensitive values -secretMounts: [] -# - name: filebeat-certificates -# secretName: filebeat-certificates -# path: /usr/share/filebeat/certs + # eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount # How long to wait for Filebeat pods to stop gracefully terminationGracePeriod: 30 - -tolerations: [] - -nodeSelector: {} - -affinity: {} - # This is the PriorityClass settings as defined in # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" @@ -145,3 +196,19 @@ updateStrategy: RollingUpdate # Only edit these if you know what you're doing nameOverride: "" fullnameOverride: "" + +# DEPRECATED +affinity: {} +envFrom: [] +extraEnvs: [] +extraVolumes: [] +extraVolumeMounts: [] +# Allows you to add any config files in /usr/share/filebeat +# such as filebeat.yml for both daemonset and deployment +filebeatConfig: {} +nodeSelector: {} +podSecurityContext: {} +resources: {} +secretMounts: [] +tolerations: [] +labels: {} diff --git a/helpers/matrix.yml b/helpers/matrix.yml index 71363def2..0652a930e 100644 --- a/helpers/matrix.yml +++ b/helpers/matrix.yml @@ -19,6 +19,7 @@ KIBANA_SUITE: - upgrade FILEBEAT_SUITE: - default + - deployment - oss - security #- upgrade TODO: uncomment after 6.8.14 release