Skip to content

Commit

Permalink
Add filebeat for mip containers
Browse files Browse the repository at this point in the history 
Filebeat currently is consuming logs only from portal-backend.
  • Loading branch information
@ThanKarab
ThanKarab committed Jan 9, 2025
1 parent 50d2975 commit 730138a
Show file tree
Hide file tree
Showing 2 changed files with 226 additions and 2 deletions.
219 changes: 219 additions & 0 deletions kubernetes/templates/filebeat.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,219 @@
{{ if .Values.elk.enabled }}

apiVersion: v1
kind: ServiceAccount
metadata:
name: filebeat
namespace: {{ .Values.namespace }}
labels:
k8s-app: filebeat
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: filebeat
labels:
k8s-app: filebeat
rules:
- apiGroups: [""] # "" indicates the core API group
resources:
- namespaces
- pods
- nodes
verbs:
- get
- watch
- list
- apiGroups: ["apps"]
resources:
- replicasets
verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
resources:
- jobs
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: filebeat
# should be the namespace where filebeat is running
namespace: {{ .Values.namespace }}
labels:
k8s-app: filebeat
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs: ["get", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: filebeat-kubeadm-config
namespace: {{ .Values.namespace }}
labels:
k8s-app: filebeat
rules:
- apiGroups: [""]
resources:
- configmaps
resourceNames:
- kubeadm-config
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: filebeat
subjects:
- kind: ServiceAccount
name: filebeat
namespace: {{ .Values.namespace }}
roleRef:
kind: ClusterRole
name: filebeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: filebeat
namespace: {{ .Values.namespace }}
subjects:
- kind: ServiceAccount
name: filebeat
namespace: {{ .Values.namespace }}
roleRef:
kind: Role
name: filebeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: filebeat-kubeadm-config
namespace: {{ .Values.namespace }}
subjects:
- kind: ServiceAccount
name: filebeat
namespace: {{ .Values.namespace }}
roleRef:
kind: Role
name: filebeat-kubeadm-config
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: {{ .Values.namespace }}
labels:
k8s-app: filebeat
data:
filebeat.yml: |-
filebeat.autodiscover:
providers:
- type: kubernetes
node: ${NODE_NAME}
hints.enabled: true
hints.default_config:
enabled: true
type: container
paths:
- /var/log/containers/*-${data.container.id}.log
processors:
- add_kubernetes_metadata:
in_cluster: true
- drop_event:
when:
not:
or:
- equals:
kubernetes.container.name: "portalbackend"
multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3} - '
multiline.negate: true
multiline.match: after
output.logstash:
hosts: ["${LOGSTASH_HOST}:${LOGSTASH_PORT}"]
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: filebeat
namespace: {{ .Values.namespace }}
labels:
k8s-app: filebeat
spec:
selector:
matchLabels:
k8s-app: filebeat
template:
metadata:
labels:
k8s-app: filebeat
spec:
serviceAccountName: filebeat
terminationGracePeriodSeconds: 30
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: filebeat
image: docker.elastic.co/beats/filebeat-wolfi:8.16.0
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
env:
- name: LOGSTASH_HOST
value: "{{ .Values.elk.logstash_host }}"
- name: LOGSTASH_PORT
value: "{{ .Values.elk.logstash_port }}"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
runAsUser: 0
# If using Red Hat OpenShift uncomment this:
#privileged: true
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: config
mountPath: /etc/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: data
mountPath: /usr/share/filebeat/data
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: varlog
mountPath: /var/log
readOnly: true
volumes:
- name: config
configMap:
defaultMode: 0640
name: filebeat-config
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: varlog
hostPath:
path: /var/log
# data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
- name: data
hostPath:
# When filebeat runs as non-root user, this directory needs to be writable by group (g+w).
path: /var/lib/filebeat-data
type: DirectoryOrCreate

{{ end }}
9 changes: 7 additions & 2 deletions kubernetes/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ engines:
exareme2:
URL: ""
image:
version: 0.21.2
version: 0.23.1

mip:
version: 8.0.0
Expand Down Expand Up @@ -41,7 +41,7 @@ portalbackend:
ALGORITHM_UPDATE_INTERVAL: 60 # seconds
image:
name: hbpmip/portal-backend
version: 8.0.6
version: 8.1.1
storage:
storage0:
data_path: /opt/mip-deployment/config
Expand Down Expand Up @@ -118,3 +118,8 @@ keycloak:
storage1:
data_path: /opt/mip-deployment/config/keycloak/HBPTheme
data_size: 100Mi

elk:
enabled: false
logstash_host: 127.0.0.1
logstash_port: 30510

0 comments on commit 730138a

Please sign in to comment.