diff --git a/.backportrc.json b/.backportrc.json new file mode 100644 index 000000000..94675147c --- /dev/null +++ b/.backportrc.json @@ -0,0 +1,8 @@ +{ + "upstream": "elastic/helm-charts", + "targetBranchChoices": ["6.8", "7.10", "7.11", "7.x"], + "all": true, + "prFilter": "label:need-backport", + "targetPRLabels": ["backport"], + "sourcePRLabels": ["backported"] +} diff --git a/.ci/jobs/defaults.yml b/.ci/jobs.t/defaults.yml similarity index 78% rename from .ci/jobs/defaults.yml rename to .ci/jobs.t/defaults.yml index c7973dd8c..bd44228dd 100644 --- a/.ci/jobs/defaults.yml +++ b/.ci/jobs.t/defaults.yml @@ -12,12 +12,6 @@ logrotate: daysToKeep: 30 numToKeep: 100 - parameters: - - string: - name: branch_specifier - default: master - description: the Git branch specifier to build (<branchName>, <tagName>, - <commitId>, etc.) properties: - github: url: https://github.com/elastic/helm-charts/ @@ -30,7 +24,7 @@ credentials-id: f6c7695a-671e-4f4f-a331-acdce44ff9ba reference-repo: /var/lib/jenkins/.git-references/helm-charts.git branches: - - ${branch_specifier} + - "%BRANCH%" url: git@github.com:elastic/helm-charts.git basedir: '' wipe-workspace: 'True' diff --git a/.ci/jobs/elastic+helm-charts+master+cluster-cleanup.yml b/.ci/jobs.t/elastic+helm-charts+{branch}+cluster-cleanup.yml similarity index 74% rename from .ci/jobs/elastic+helm-charts+master+cluster-cleanup.yml rename to .ci/jobs.t/elastic+helm-charts+{branch}+cluster-cleanup.yml index 37862f81a..ada3ee74d 100644 --- a/.ci/jobs/elastic+helm-charts+master+cluster-cleanup.yml +++ b/.ci/jobs.t/elastic+helm-charts+{branch}+cluster-cleanup.yml @@ -1,8 +1,8 @@ --- - job: - name: elastic+helm-charts+master+cluster-cleanup - display-name: elastic / helm-charts - master - cluster cleanup - description: Master - cluster cleanup + name: elastic+helm-charts+%BRANCH%+cluster-cleanup + display-name: elastic / helm-charts - %BRANCH% - cluster cleanup + description: cluster cleanup scm: - git: wipe-workspace: 'True' @@ -29,7 +29,8 @@ unset VAULT_ROLE_ID VAULT_SECRET_ID set -x - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" + BRANCH_NAME="%BRANCH%" + cluster_name="helm-${KUBERNETES_VERSION//./}-${BRANCH_NAME//./}" cd helpers/terraform/ ./in-docker make destroy KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} diff --git a/.ci/jobs/elastic+helm-charts+master+cluster-creation.yml b/.ci/jobs.t/elastic+helm-charts+{branch}+cluster-creation.yml similarity index 74% rename from .ci/jobs/elastic+helm-charts+master+cluster-creation.yml rename to .ci/jobs.t/elastic+helm-charts+{branch}+cluster-creation.yml index c1698c76d..667e5aa40 100644 --- a/.ci/jobs/elastic+helm-charts+master+cluster-creation.yml +++ b/.ci/jobs.t/elastic+helm-charts+{branch}+cluster-creation.yml @@ -1,8 +1,8 @@ --- - job: - name: elastic+helm-charts+master+cluster-creation - display-name: elastic / helm-charts - master - cluster creation - description: Master - cluster creation + name: elastic+helm-charts+%BRANCH%+cluster-creation + display-name: elastic / helm-charts - %BRANCH% - cluster creation + description: cluster creation scm: - git: wipe-workspace: 'True' @@ -29,7 +29,8 @@ unset VAULT_ROLE_ID VAULT_SECRET_ID set -x - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" + BRANCH_NAME="%BRANCH%" + cluster_name="helm-${KUBERNETES_VERSION//./}-${BRANCH_NAME//./}" cd helpers/terraform/ ./in-docker make up KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} diff --git a/.ci/jobs/elastic+helm-charts+master+integration-apm-server.yml b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-apm-server.yml similarity index 76% rename from .ci/jobs/elastic+helm-charts+master+integration-apm-server.yml rename to .ci/jobs.t/elastic+helm-charts+{branch}+integration-apm-server.yml index 8a6d1b75b..2bd7cb493 100644 --- a/.ci/jobs/elastic+helm-charts+master+integration-apm-server.yml +++ b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-apm-server.yml @@ -1,8 +1,8 @@ --- - job: - name: elastic+helm-charts+master+integration-apm-server - display-name: elastic / helm-charts - master - integration apm-server - description: Master - integration apm-server + name: elastic+helm-charts+%BRANCH%+integration-apm-server + display-name: elastic / helm-charts - %BRANCH% - integration apm-server + description: integration apm-server scm: - git: wipe-workspace: 'True' @@ -33,7 +33,8 @@ unset VAULT_ROLE_ID VAULT_SECRET_ID set -x - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" + BRANCH_NAME="%BRANCH%" + cluster_name="helm-${KUBERNETES_VERSION//./}-${BRANCH_NAME//./}" cd helpers/terraform/ ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${APM_SERVER_SUITE} CHART=apm-server diff --git a/.ci/jobs/elastic+helm-charts+master+integration-elasticsearch.yml b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-elasticsearch.yml similarity index 75% rename from .ci/jobs/elastic+helm-charts+master+integration-elasticsearch.yml rename to .ci/jobs.t/elastic+helm-charts+{branch}+integration-elasticsearch.yml index 7bb9ea7f6..4bfa19e1c 100644 --- a/.ci/jobs/elastic+helm-charts+master+integration-elasticsearch.yml +++ b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-elasticsearch.yml @@ -1,8 +1,8 @@ --- - job: - name: elastic+helm-charts+master+integration-elasticsearch - display-name: elastic / helm-charts - master - integration elasticsearch - description: Master - integration elasticsearch + name: elastic+helm-charts+%BRANCH%+integration-elasticsearch + display-name: elastic / helm-charts - %BRANCH% - integration elasticsearch + description: integration elasticsearch scm: - git: wipe-workspace: 'True' @@ -33,7 +33,8 @@ unset VAULT_ROLE_ID VAULT_SECRET_ID set -x - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" + BRANCH_NAME="%BRANCH%" + cluster_name="helm-${KUBERNETES_VERSION//./}-${BRANCH_NAME//./}" cd helpers/terraform/ ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${ES_SUITE} CHART=elasticsearch diff --git a/.ci/jobs/elastic+helm-charts+master+integration-filebeat.yml b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-filebeat.yml similarity index 76% rename from .ci/jobs/elastic+helm-charts+master+integration-filebeat.yml rename to .ci/jobs.t/elastic+helm-charts+{branch}+integration-filebeat.yml index 661d5e993..0744ae0fc 100644 --- a/.ci/jobs/elastic+helm-charts+master+integration-filebeat.yml +++ b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-filebeat.yml @@ -1,8 +1,8 @@ --- - job: - name: elastic+helm-charts+master+integration-filebeat - display-name: elastic / helm-charts - master - integration filebeat - description: Master - integration filebeat + name: elastic+helm-charts+%BRANCH%+integration-filebeat + display-name: elastic / helm-charts - %BRANCH% - integration filebeat + description: integration filebeat scm: - git: wipe-workspace: 'True' @@ -33,7 +33,8 @@ unset VAULT_ROLE_ID VAULT_SECRET_ID set -x - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" + BRANCH_NAME="%BRANCH%" + cluster_name="helm-${KUBERNETES_VERSION//./}-${BRANCH_NAME//./}" cd helpers/terraform/ ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${FILEBEAT_SUITE} CHART=filebeat diff --git a/.ci/jobs/elastic+helm-charts+master+integration-kibana.yml b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-kibana.yml similarity index 77% rename from .ci/jobs/elastic+helm-charts+master+integration-kibana.yml rename to .ci/jobs.t/elastic+helm-charts+{branch}+integration-kibana.yml index d689e9143..cea631b36 100644 --- a/.ci/jobs/elastic+helm-charts+master+integration-kibana.yml +++ b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-kibana.yml @@ -1,8 +1,8 @@ --- - job: - name: elastic+helm-charts+master+integration-kibana - display-name: elastic / helm-charts - master - integration kibana - description: Master - integration kibana + name: elastic+helm-charts+%BRANCH%+integration-kibana + display-name: elastic / helm-charts - %BRANCH% - integration kibana + description: integration kibana scm: - git: wipe-workspace: 'True' @@ -33,7 +33,8 @@ unset VAULT_ROLE_ID VAULT_SECRET_ID set -x - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" + BRANCH_NAME="%BRANCH%" + cluster_name="helm-${KUBERNETES_VERSION//./}-${BRANCH_NAME//./}" cd helpers/terraform/ ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${KIBANA_SUITE} CHART=kibana diff --git a/.ci/jobs/elastic+helm-charts+master+integration-logstash.yml b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-logstash.yml similarity index 76% rename from .ci/jobs/elastic+helm-charts+master+integration-logstash.yml rename to .ci/jobs.t/elastic+helm-charts+{branch}+integration-logstash.yml index b3f75f4c5..51e3b2ced 100644 --- a/.ci/jobs/elastic+helm-charts+master+integration-logstash.yml +++ b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-logstash.yml @@ -1,8 +1,8 @@ --- - job: - name: elastic+helm-charts+master+integration-logstash - display-name: elastic / helm-charts - master - integration logstash - description: Master - integration logstash + name: elastic+helm-charts+%BRANCH%+integration-logstash + display-name: elastic / helm-charts - %BRANCH% - integration logstash + description: integration logstash scm: - git: wipe-workspace: 'True' @@ -33,7 +33,8 @@ unset VAULT_ROLE_ID VAULT_SECRET_ID set -x - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" + BRANCH_NAME="%BRANCH%" + cluster_name="helm-${KUBERNETES_VERSION//./}-${BRANCH_NAME//./}" cd helpers/terraform/ ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${LOGSTASH_SUITE} CHART=logstash diff --git a/.ci/jobs/elastic+helm-charts+master+integration-metricbeat.yml b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-metricbeat.yml similarity index 76% rename from .ci/jobs/elastic+helm-charts+master+integration-metricbeat.yml rename to .ci/jobs.t/elastic+helm-charts+{branch}+integration-metricbeat.yml index 480b700e2..8a1fb46f3 100644 --- a/.ci/jobs/elastic+helm-charts+master+integration-metricbeat.yml +++ b/.ci/jobs.t/elastic+helm-charts+{branch}+integration-metricbeat.yml @@ -1,8 +1,8 @@ --- - job: - name: elastic+helm-charts+master+integration-metricbeat - display-name: elastic / helm-charts - master - integration metricbeat - description: Master - integration metricbeat + name: elastic+helm-charts+%BRANCH%+integration-metricbeat + display-name: elastic / helm-charts - %BRANCH% - integration metricbeat + description: integration metricbeat scm: - git: wipe-workspace: 'True' @@ -33,7 +33,8 @@ unset VAULT_ROLE_ID VAULT_SECRET_ID set -x - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" + BRANCH_NAME="%BRANCH%" + cluster_name="helm-${KUBERNETES_VERSION//./}-${BRANCH_NAME//./}" cd helpers/terraform/ ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${METRICBEAT_SUITE} CHART=metricbeat diff --git a/.ci/jobs/elastic+helm-charts+master+template-lint-python.yml b/.ci/jobs.t/elastic+helm-charts+{branch}+template-lint-python.yml similarity index 72% rename from .ci/jobs/elastic+helm-charts+master+template-lint-python.yml rename to .ci/jobs.t/elastic+helm-charts+{branch}+template-lint-python.yml index 25048d9e4..84ff14247 100644 --- a/.ci/jobs/elastic+helm-charts+master+template-lint-python.yml +++ b/.ci/jobs.t/elastic+helm-charts+{branch}+template-lint-python.yml @@ -1,8 +1,8 @@ --- - job: - name: elastic+helm-charts+master+lint-python - display-name: elastic / helm-charts - master - lint python - description: Master - lint python + name: elastic+helm-charts+%BRANCH%+lint-python + display-name: elastic / helm-charts - %BRANCH% - lint python + description: lint python scm: - git: wipe-workspace: 'True' diff --git a/.ci/jobs/elastic+helm-charts+master+template-testing.yml b/.ci/jobs.t/elastic+helm-charts+{branch}+template-testing.yml similarity index 69% rename from .ci/jobs/elastic+helm-charts+master+template-testing.yml rename to .ci/jobs.t/elastic+helm-charts+{branch}+template-testing.yml index 5af16c9e9..1f09fea4a 100644 --- a/.ci/jobs/elastic+helm-charts+master+template-testing.yml +++ b/.ci/jobs.t/elastic+helm-charts+{branch}+template-testing.yml @@ -1,8 +1,8 @@ --- - job: - name: elastic+helm-charts+master+template-testing - display-name: elastic / helm-charts - master - template testing - description: Master - template testing + name: elastic+helm-charts+%BRANCH%+template-testing + display-name: elastic / helm-charts - %BRANCH% - template testing + description: template testing scm: - git: wipe-workspace: 'True' diff --git a/.ci/jobs.t/elastic+helm-charts+{branch}.yml b/.ci/jobs.t/elastic+helm-charts+{branch}.yml new file mode 100644 index 000000000..3b02beb85 --- /dev/null +++ b/.ci/jobs.t/elastic+helm-charts+{branch}.yml @@ -0,0 +1,55 @@ +--- +- job: + name: elastic+helm-charts+%BRANCH% + display-name: elastic / helm-charts - %BRANCH% + description: branch testing + project-type: multijob + scm: + - git: + wipe-workspace: 'False' + triggers: + - timed: H H(02-04) * * * + - github + builders: + - multijob: + name: template testing and kubernetes cluster creation + condition: SUCCESSFUL + projects: + - name: elastic+helm-charts+%BRANCH%+template-testing + current-parameters: true + - name: elastic+helm-charts+%BRANCH%+lint-python + current-parameters: true + - name: elastic+helm-charts+%BRANCH%+cluster-creation + current-parameters: true + - multijob: + name: elasticsearch integration testing + condition: ALWAYS + projects: + - name: elastic+helm-charts+%BRANCH%+integration-elasticsearch + current-parameters: true + - multijob: + name: integration testing + condition: ALWAYS + projects: + - name: elastic+helm-charts+%BRANCH%+integration-kibana + current-parameters: true + - name: elastic+helm-charts+%BRANCH%+integration-filebeat + current-parameters: true + - name: elastic+helm-charts+%BRANCH%+integration-metricbeat + current-parameters: true + - name: elastic+helm-charts+%BRANCH%+integration-logstash + current-parameters: true + - name: elastic+helm-charts+%BRANCH%+integration-apm-server + current-parameters: true + publishers: + - trigger-parameterized-builds: + - project: elastic+helm-charts+%BRANCH%+cluster-cleanup + current-parameters: false + trigger-with-no-params: true + - slack: + notify-back-to-normal: True + notify-every-failure: True + room: infra-release-notify + team-domain: elastic + auth-token-id: release-slack-integration-token + auth-token-credential-id: release-slack-integration-token diff --git a/.ci/jobs/elastic+helm-charts+master.yml b/.ci/jobs/elastic+helm-charts+master.yml deleted file mode 100644 index 03f35cc6b..000000000 --- a/.ci/jobs/elastic+helm-charts+master.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- job: - name: elastic+helm-charts+master - display-name: elastic / helm-charts - master - description: Master branch testing - project-type: multijob - scm: - - git: - wipe-workspace: 'False' - triggers: - - timed: H H(02-04) * * * - - github - builders: - - multijob: - name: template testing and kubernetes cluster creation - condition: SUCCESSFUL - projects: - - name: elastic+helm-charts+master+template-testing - current-parameters: true - - name: elastic+helm-charts+master+lint-python - current-parameters: true - - name: elastic+helm-charts+master+cluster-creation - current-parameters: true - - multijob: - name: elasticsearch integration testing - condition: ALWAYS - projects: - - name: elastic+helm-charts+master+integration-elasticsearch - current-parameters: true - - multijob: - name: integration testing - condition: ALWAYS - projects: - - name: elastic+helm-charts+master+integration-kibana - current-parameters: true - - name: elastic+helm-charts+master+integration-filebeat - current-parameters: true - - name: elastic+helm-charts+master+integration-metricbeat - current-parameters: true - - name: elastic+helm-charts+master+integration-logstash - current-parameters: true - - name: elastic+helm-charts+master+integration-apm-server - current-parameters: true - publishers: - - trigger-parameterized-builds: - - project: elastic+helm-charts+master+cluster-cleanup - current-parameters: true - trigger-with-no-params: false diff --git a/.ci/jobs/elastic+helm-charts+pull-request+cluster-cleanup.yml b/.ci/jobs/elastic+helm-charts+pull-request+cluster-cleanup.yml deleted file mode 100644 index cbd0d55eb..000000000 --- a/.ci/jobs/elastic+helm-charts+pull-request+cluster-cleanup.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- job: - name: elastic+helm-charts+pull-request+cluster-cleanup - display-name: elastic / helm-charts - pull-request - cluster cleanup - description: Pull request - cluster cleanup - scm: - - git: - refspec: +refs/pull/*:refs/remotes/origin/pr/* - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" - - cd helpers/terraform/ - ./in-docker make destroy KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} diff --git a/.ci/jobs/elastic+helm-charts+pull-request+cluster-creation.yml b/.ci/jobs/elastic+helm-charts+pull-request+cluster-creation.yml deleted file mode 100644 index d1b491080..000000000 --- a/.ci/jobs/elastic+helm-charts+pull-request+cluster-creation.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- job: - name: elastic+helm-charts+pull-request+cluster-creation - display-name: elastic / helm-charts - pull-request - cluster creation - description: Pull request - cluster creation - scm: - - git: - refspec: +refs/pull/*:refs/remotes/origin/pr/* - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" - - cd helpers/terraform/ - ./in-docker make up KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} diff --git a/.ci/jobs/elastic+helm-charts+pull-request+integration-apm-server.yml b/.ci/jobs/elastic+helm-charts+pull-request+integration-apm-server.yml deleted file mode 100644 index 55b331e9d..000000000 --- a/.ci/jobs/elastic+helm-charts+pull-request+integration-apm-server.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- job: - name: elastic+helm-charts+pull-request+integration-apm-server - display-name: elastic / helm-charts - pull-request - integration apm-server - description: Pull request - integration apm-server - scm: - - git: - refspec: +refs/pull/*:refs/remotes/origin/pr/* - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: APM_SERVER_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" - - cd helpers/terraform/ - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${APM_SERVER_SUITE} CHART=apm-server diff --git a/.ci/jobs/elastic+helm-charts+pull-request+integration-elasticsearch.yml b/.ci/jobs/elastic+helm-charts+pull-request+integration-elasticsearch.yml deleted file mode 100644 index a476a1d85..000000000 --- a/.ci/jobs/elastic+helm-charts+pull-request+integration-elasticsearch.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- job: - name: elastic+helm-charts+pull-request+integration-elasticsearch - display-name: elastic / helm-charts - pull-request - integration elasticsearch - description: Pull request - integration elasticsearch - scm: - - git: - refspec: +refs/pull/*:refs/remotes/origin/pr/* - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: ES_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" - - cd helpers/terraform/ - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${ES_SUITE} CHART=elasticsearch diff --git a/.ci/jobs/elastic+helm-charts+pull-request+integration-filebeat.yml b/.ci/jobs/elastic+helm-charts+pull-request+integration-filebeat.yml deleted file mode 100644 index 3a1621fbb..000000000 --- a/.ci/jobs/elastic+helm-charts+pull-request+integration-filebeat.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- job: - name: elastic+helm-charts+pull-request+integration-filebeat - display-name: elastic / helm-charts - pull-request - integration filebeat - description: Pull request - integration filebeat - scm: - - git: - refspec: +refs/pull/*:refs/remotes/origin/pr/* - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: FILEBEAT_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" - - cd helpers/terraform/ - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${FILEBEAT_SUITE} CHART=filebeat diff --git a/.ci/jobs/elastic+helm-charts+pull-request+integration-kibana.yml b/.ci/jobs/elastic+helm-charts+pull-request+integration-kibana.yml deleted file mode 100644 index ed2e6ec4a..000000000 --- a/.ci/jobs/elastic+helm-charts+pull-request+integration-kibana.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- job: - name: elastic+helm-charts+pull-request+integration-kibana - display-name: elastic / helm-charts - pull-request - integration kibana - description: Pull request - integration kibana - scm: - - git: - refspec: +refs/pull/*:refs/remotes/origin/pr/* - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: KIBANA_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" - - cd helpers/terraform/ - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${KIBANA_SUITE} CHART=kibana diff --git a/.ci/jobs/elastic+helm-charts+pull-request+integration-logstash.yml b/.ci/jobs/elastic+helm-charts+pull-request+integration-logstash.yml deleted file mode 100644 index bf7066426..000000000 --- a/.ci/jobs/elastic+helm-charts+pull-request+integration-logstash.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- job: - name: elastic+helm-charts+pull-request+integration-logstash - display-name: elastic / helm-charts - pull-request - integration logstash - description: Pull request - integration logstash - scm: - - git: - refspec: +refs/pull/*:refs/remotes/origin/pr/* - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: LOGSTASH_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" - - cd helpers/terraform/ - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${LOGSTASH_SUITE} CHART=logstash diff --git a/.ci/jobs/elastic+helm-charts+pull-request+integration-metricbeat.yml b/.ci/jobs/elastic+helm-charts+pull-request+integration-metricbeat.yml deleted file mode 100644 index 34c6ac2fb..000000000 --- a/.ci/jobs/elastic+helm-charts+pull-request+integration-metricbeat.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- job: - name: elastic+helm-charts+pull-request+integration-metricbeat - display-name: elastic / helm-charts - pull-request - integration metricbeat - description: Pull request - integration metricbeat - scm: - - git: - refspec: +refs/pull/*:refs/remotes/origin/pr/* - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: METRICBEAT_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - cluster_name="helm-${KUBERNETES_VERSION//./}-${branch_specifier:0:10}" - - cd helpers/terraform/ - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${METRICBEAT_SUITE} CHART=metricbeat diff --git a/.ci/jobs/elastic+helm-charts+pull-request+lint-python.yml b/.ci/jobs/elastic+helm-charts+pull-request+lint-python.yml deleted file mode 100644 index 5ec00f723..000000000 --- a/.ci/jobs/elastic+helm-charts+pull-request+lint-python.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- job: - name: elastic+helm-charts+pull-request+lint-python - display-name: elastic / helm-charts - pull-request - lint python - description: Pull request - lint python - scm: - - git: - refspec: +refs/pull/*:refs/remotes/origin/pr/* - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual&&ubuntu-18.04 - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - virtualenv -p python3 venv && source venv/bin/activate - pip install -r requirements.txt - make lint-python diff --git a/.ci/jobs/elastic+helm-charts+pull-request+template-testing.yml b/.ci/jobs/elastic+helm-charts+pull-request+template-testing.yml deleted file mode 100644 index 4f0a3ae93..000000000 --- a/.ci/jobs/elastic+helm-charts+pull-request+template-testing.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- job: - name: elastic+helm-charts+pull-request+template-testing - display-name: elastic / helm-charts - pull-request - template testing - description: Pull request - template testing - scm: - - git: - refspec: +refs/pull/*:refs/remotes/origin/pr/* - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: CHART - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - cd ${CHART} - make test diff --git a/.ci/jobs/elastic+helm-charts+pull-request.yml b/.ci/jobs/elastic+helm-charts+pull-request.yml deleted file mode 100644 index 382adf275..000000000 --- a/.ci/jobs/elastic+helm-charts+pull-request.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -- job: - name: elastic+helm-charts+pull-request - display-name: elastic / helm-charts - pull-request - description: Pull request testing - project-type: multijob - concurrent: true - scm: - - git: - branches: - - $ghprbActualCommit - refspec: +refs/pull/*:refs/remotes/origin/pr/* - basedir: elasticsearch - wipe-workspace: 'False' - triggers: - - github-pull-request: - github-hooks: true - org-list: - - elastic - allow-whitelist-orgs-as-admins: true - cancel-builds-on-update: true - status-context: devops-ci - builders: - - multijob: - name: template testing and kubernetes cluster creation - condition: SUCCESSFUL - projects: - - name: elastic+helm-charts+pull-request+template-testing - current-parameters: true - predefined-parameters: branch_specifier=${ghprbActualCommit} - - name: elastic+helm-charts+pull-request+lint-python - current-parameters: true - predefined-parameters: branch_specifier=${ghprbActualCommit} - - name: elastic+helm-charts+pull-request+cluster-creation - current-parameters: true - predefined-parameters: branch_specifier=${ghprbActualCommit} - - multijob: - name: elasticsearch integration testing - condition: ALWAYS - projects: - - name: elastic+helm-charts+pull-request+integration-elasticsearch - current-parameters: true - predefined-parameters: branch_specifier=${ghprbActualCommit} - - multijob: - name: integration testing - condition: ALWAYS - projects: - - name: elastic+helm-charts+pull-request+integration-kibana - current-parameters: true - predefined-parameters: branch_specifier=${ghprbActualCommit} - - name: elastic+helm-charts+pull-request+integration-filebeat - current-parameters: true - predefined-parameters: branch_specifier=${ghprbActualCommit} - - name: elastic+helm-charts+pull-request+integration-metricbeat - current-parameters: true - predefined-parameters: branch_specifier=${ghprbActualCommit} - - name: elastic+helm-charts+pull-request+integration-logstash - current-parameters: true - predefined-parameters: branch_specifier=${ghprbActualCommit} - - name: elastic+helm-charts+pull-request+integration-apm-server - current-parameters: true - predefined-parameters: branch_specifier=${ghprbActualCommit} - publishers: - - trigger-parameterized-builds: - - project: elastic+helm-charts+pull-request+cluster-cleanup - current-parameters: true - trigger-with-no-params: false - predefined-parameters: branch_specifier=${ghprbActualCommit} diff --git a/.ci/jobs/elastic+helm-charts+staging+cluster-cleanup.yml b/.ci/jobs/elastic+helm-charts+staging+cluster-cleanup.yml deleted file mode 100644 index df2daf77d..000000000 --- a/.ci/jobs/elastic+helm-charts+staging+cluster-cleanup.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- job: - name: elastic+helm-charts+staging+cluster-cleanup - display-name: elastic / helm-charts - staging - cluster cleanup - description: staging - cluster cleanup - parameters: - - string: - name: BUILD_ID - description: "The buildId for the staging images. (Example: 7.6.1-abcdabcd)" - scm: - - git: - wipe-workspace: 'True' - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - cluster_name="helm-${KUBERNETES_VERSION//./}-${BUILD_ID//./-}" - - cd helpers/terraform/ - ./in-docker make destroy KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} diff --git a/.ci/jobs/elastic+helm-charts+staging+cluster-creation.yml b/.ci/jobs/elastic+helm-charts+staging+cluster-creation.yml deleted file mode 100644 index 8770a257a..000000000 --- a/.ci/jobs/elastic+helm-charts+staging+cluster-creation.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- job: - name: elastic+helm-charts+staging+cluster-creation - display-name: elastic / helm-charts - staging - cluster creation - description: staging - cluster creation - parameters: - - string: - name: BUILD_ID - description: "The buildId for the staging images. (Example: 7.6.1-abcdabcd)" - scm: - - git: - wipe-workspace: 'True' - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - cluster_name="helm-${KUBERNETES_VERSION//./}-${BUILD_ID//./-}" - - cd helpers/terraform/ - ./in-docker make up KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} - ./in-docker make k8s-staging-registry KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} diff --git a/.ci/jobs/elastic+helm-charts+staging+integration-apm-server.yml b/.ci/jobs/elastic+helm-charts+staging+integration-apm-server.yml deleted file mode 100644 index cba2c4a69..000000000 --- a/.ci/jobs/elastic+helm-charts+staging+integration-apm-server.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- job: - name: elastic+helm-charts+staging+integration-apm-server - display-name: elastic / helm-charts - staging - integration apm-server - description: staging - integration apm-server - parameters: - - string: - name: BUILD_ID - description: "The buildId for the staging images. (Example: 7.6.1-abcdabcd)" - scm: - - git: - wipe-workspace: 'True' - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: APM_SERVER_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - env BUMPER_VERSION_7="$BUILD_ID" BUMPER_USE_STAGING_IMAGES="true" ./helpers/bumper.py - - cluster_name="helm-${KUBERNETES_VERSION//./}-${BUILD_ID//./-}" - - cd helpers/terraform/ - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${APM_SERVER_SUITE} CHART=apm-server diff --git a/.ci/jobs/elastic+helm-charts+staging+integration-elasticsearch.yml b/.ci/jobs/elastic+helm-charts+staging+integration-elasticsearch.yml deleted file mode 100644 index ef499b214..000000000 --- a/.ci/jobs/elastic+helm-charts+staging+integration-elasticsearch.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- job: - name: elastic+helm-charts+staging+integration-elasticsearch - display-name: elastic / helm-charts - staging - integration elasticsearch - description: staging - integration elasticsearch - parameters: - - string: - name: BUILD_ID - description: "The buildId for the staging images. (Example: 7.6.1-abcdabcd)" - scm: - - git: - wipe-workspace: 'True' - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: ES_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - - DOCKER_PASSWORD=$(retry 5 vault read -field password secret/devops-ci/docker.elastic.co/devops-ci) - retry 5 docker login -u devops-ci -p $DOCKER_PASSWORD docker.elastic.co - unset DOCKER_PASSWORD - set -x - - env BUMPER_VERSION_7="$BUILD_ID" BUMPER_USE_STAGING_IMAGES="true" ./helpers/bumper.py - - cluster_name="helm-${KUBERNETES_VERSION//./}-${BUILD_ID//./-}" - - cd helpers/terraform/ - - # pull private images while we have the hosts docker daemon authenticated - make pull-private-images - - # the private images will be used in here - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${ES_SUITE} CHART=elasticsearch diff --git a/.ci/jobs/elastic+helm-charts+staging+integration-filebeat.yml b/.ci/jobs/elastic+helm-charts+staging+integration-filebeat.yml deleted file mode 100644 index f0d227cd3..000000000 --- a/.ci/jobs/elastic+helm-charts+staging+integration-filebeat.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- job: - name: elastic+helm-charts+staging+integration-filebeat - display-name: elastic / helm-charts - staging - integration filebeat - description: staging - integration filebeat - parameters: - - string: - name: BUILD_ID - description: "The buildId for the staging images. (Example: 7.6.1-abcdabcd)" - scm: - - git: - wipe-workspace: 'True' - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: FILEBEAT_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - env BUMPER_VERSION_7="$BUILD_ID" BUMPER_USE_STAGING_IMAGES="true" ./helpers/bumper.py - - cluster_name="helm-${KUBERNETES_VERSION//./}-${BUILD_ID//./-}" - - cd helpers/terraform/ - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${FILEBEAT_SUITE} CHART=filebeat diff --git a/.ci/jobs/elastic+helm-charts+staging+integration-kibana.yml b/.ci/jobs/elastic+helm-charts+staging+integration-kibana.yml deleted file mode 100644 index f4a8e402b..000000000 --- a/.ci/jobs/elastic+helm-charts+staging+integration-kibana.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- job: - name: elastic+helm-charts+staging+integration-kibana - display-name: elastic / helm-charts - staging - integration kibana - description: staging - integration kibana - parameters: - - string: - name: BUILD_ID - description: "The buildId for the staging images. (Example: 7.6.1-abcdabcd)" - scm: - - git: - wipe-workspace: 'True' - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: KIBANA_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - env BUMPER_VERSION_7="$BUILD_ID" BUMPER_USE_STAGING_IMAGES="true" ./helpers/bumper.py - - cluster_name="helm-${KUBERNETES_VERSION//./}-${BUILD_ID//./-}" - - cd helpers/terraform/ - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${KIBANA_SUITE} CHART=kibana diff --git a/.ci/jobs/elastic+helm-charts+staging+integration-logstash.yml b/.ci/jobs/elastic+helm-charts+staging+integration-logstash.yml deleted file mode 100644 index 01fcefe23..000000000 --- a/.ci/jobs/elastic+helm-charts+staging+integration-logstash.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- job: - name: elastic+helm-charts+staging+integration-logstash - display-name: elastic / helm-charts - staging - integration logstash - description: staging - integration logstash - parameters: - - string: - name: BUILD_ID - description: "The buildId for the staging images. (Example: 7.6.1-abcdabcd)" - scm: - - git: - wipe-workspace: 'True' - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: LOGSTASH_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - env BUMPER_VERSION_7="$BUILD_ID" BUMPER_USE_STAGING_IMAGES="true" ./helpers/bumper.py - - cluster_name="helm-${KUBERNETES_VERSION//./}-${BUILD_ID//./-}" - - cd helpers/terraform/ - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${LOGSTASH_SUITE} CHART=logstash diff --git a/.ci/jobs/elastic+helm-charts+staging+integration-metricbeat.yml b/.ci/jobs/elastic+helm-charts+staging+integration-metricbeat.yml deleted file mode 100644 index 940a06e3d..000000000 --- a/.ci/jobs/elastic+helm-charts+staging+integration-metricbeat.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- job: - name: elastic+helm-charts+staging+integration-metricbeat - display-name: elastic / helm-charts - staging - integration metricbeat - description: staging - integration metricbeat - parameters: - - string: - name: BUILD_ID - description: "The buildId for the staging images. (Example: 7.6.1-abcdabcd)" - scm: - - git: - wipe-workspace: 'True' - axes: - - axis: - type: slave - name: label - values: - - docker&&virtual - - axis: - type: yaml - name: METRICBEAT_SUITE - filename: helpers/matrix.yml - - axis: - type: yaml - name: KUBERNETES_VERSION - filename: helpers/matrix.yml - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - source /usr/local/bin/bash_standard_lib.sh - - set +x - VAULT_TOKEN=$(retry 5 vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") - export VAULT_TOKEN - unset VAULT_ROLE_ID VAULT_SECRET_ID - set -x - - env BUMPER_VERSION_7="$BUILD_ID" BUMPER_USE_STAGING_IMAGES="true" ./helpers/bumper.py - - cluster_name="helm-${KUBERNETES_VERSION//./}-${BUILD_ID//./-}" - - cd helpers/terraform/ - ./in-docker make integration KUBERNETES_VERSION=${KUBERNETES_VERSION} CLUSTER_NAME=${cluster_name} SUITE=${METRICBEAT_SUITE} CHART=metricbeat diff --git a/.ci/jobs/elastic+helm-charts+staging.yml b/.ci/jobs/elastic+helm-charts+staging.yml deleted file mode 100644 index 0c0b8efcf..000000000 --- a/.ci/jobs/elastic+helm-charts+staging.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- job: - name: elastic+helm-charts+staging - display-name: elastic / helm-charts - staging - description: Staging image testing - concurrent: true - parameters: - - string: - name: BUILD_ID - description: "The buildId for the staging images. (Example: 7.6.1-abcdabcd)" - project-type: multijob - scm: - - git: - wipe-workspace: 'False' - builders: - - multijob: - name: template testing and kubernetes cluster creation - condition: SUCCESSFUL - projects: - - name: elastic+helm-charts+staging+cluster-creation - current-parameters: true - - multijob: - name: elasticsearch integration testing - condition: ALWAYS - projects: - - name: elastic+helm-charts+staging+integration-elasticsearch - current-parameters: true - - multijob: - name: integration testing - condition: ALWAYS - projects: - - name: elastic+helm-charts+staging+integration-kibana - current-parameters: true - - name: elastic+helm-charts+staging+integration-filebeat - current-parameters: true - - name: elastic+helm-charts+staging+integration-metricbeat - current-parameters: true - - name: elastic+helm-charts+staging+integration-logstash - current-parameters: true - - name: elastic+helm-charts+staging+integration-apm-server - current-parameters: true - publishers: - - trigger-parameterized-builds: - - project: elastic+helm-charts+staging+cluster-cleanup - current-parameters: true - trigger-with-no-params: false diff --git a/.ci/make-branch-config.sh b/.ci/make-branch-config.sh new file mode 100755 index 000000000..ca9554787 --- /dev/null +++ b/.ci/make-branch-config.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +if [ -z "$BRANCH" ] ; then + echo "BRANCH is unset" + exit 1 +fi + +rm -Rf .ci/jobs +cp -r .ci/jobs.t .ci/jobs + +sed -i "s/%BRANCH%/${BRANCH}/g" .ci/jobs/*.yml \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 61de9e089..46fd7c261 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -18,7 +18,7 @@ e.g. `helm get elasticsearch` (replace `elasticsearch` with the name of your hel *Be careful to obfuscate every secrets (credentials, token, public IP, ...) that could be visible in the output before copy-pasting.* -*If you find some secrets in plain text in `helm get release` output you should use [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) to managed them is a secure way (see [Security Example](https://github.com/elastic/helm-charts/blob/master/elasticsearch/examples/security/security.yml#L23-L38)).* +*If you find some secrets in plain text in `helm get release` output you should use [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) to managed them is a secure way (see [Security Example](https://github.com/elastic/helm-charts/blob/master/elasticsearch/examples/security/values.yaml#L23-L38)).*
Output of helm get release diff --git a/.gitignore b/.gitignore index a917d1fa5..15f440687 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ index.yaml *.tgz .idea/ /venv +.vscode/ diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index 39382aa59..000000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,525 +0,0 @@ -# Changelog - -## 7.6.2 - 2020/03/31 - -* 7.6.2 as the default stack version -* 6.8.8 as 6.x tested version -* Helm 2.16.5 support in [#537](https://github.com/elastic/helm-charts/pull/537) [@jmlrt](https://github.com/jmlrt) -* Drop GKE 1.13 tests in [#533](https://github.com/elastic/helm-charts/pull/533) [@jmlrt](https://github.com/jmlrt) -* Few dev environment tweaks in [#521](https://github.com/elastic/helm-charts/pull/521) [@Conky5](https://github.com/Conky5) -* Version bumping script enhancements in [#524](https://github.com/elastic/helm-charts/pull/524) [@Conky5](https://github.com/Conky5) -* Staging image testing in [#532](https://github.com/elastic/helm-charts/pull/532), [#544](https://github.com/elastic/helm-charts/pull/544) & [#545](https://github.com/elastic/helm-charts/pull/545) [@Conky5](https://github.com/Conky5) - -### APM Server - -| PR | Author | Title | -| ------------------------------------------------------ | -------------------------------------- | ------------------------------ | -|[#508](https://github.com/elastic/helm-charts/pull/508) | [@kawat55](https://github.com/kawat55) | Fix `fullnameOverride` setting | -|[#509](https://github.com/elastic/helm-charts/pull/509) | [@qqshfox](https://github.com/qqshfox) | Fix `apiVersion` of HPA | - -### Elasticsearch - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------------------------- | ------------------------------------------------------------- | -|[#485](https://github.com/elastic/helm-charts/pull/485) | [@mschmidt291](https://github.com/mschmidt291) | Add possibility to define custom `readinessProbe` | -|[#517](https://github.com/elastic/helm-charts/pull/517) | [@maksim-m](https://github.com/maksim-m) | Add namespace parameter to the test function to `NOTES.txt` | -|[#539](https://github.com/elastic/helm-charts/pull/539) | [@adulescentulus](https://github.com/adulescentulus) | Add `loadBalancerIP` option to service | - -### Filebeat - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------------- | ----------------------------------------------------------- | -|[#530](https://github.com/elastic/helm-charts/pull/530) | [@flaper87](https://github.com/flaper87) | Accept a string as `extraInitContainers` value for Filebeat | - -### Kibana - -**Warning** -[#540](https://github.com/elastic/helm-charts/pull/540) increase default CPU and memory requests/limits. This may impact the resources (nodes) required in your Kubernetes cluster to deploy Kibana chart. - -If you wish to come back to former values, you need to override CPU and Memory requests/limits as well as `NODE_OPTIONS` `extraEnvs` variable when deploying your Helm Chart. - - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------------- | -------------------------------------------------------------------------------------- | -|[#493](https://github.com/elastic/helm-charts/pull/493) | [@jamoflaw](https://github.com/jamoflaw) | Fix Mismatch Between Service Selector and Pod Labels when using Helm Aliases in Kibana | -|[#540](https://github.com/elastic/helm-charts/pull/540) | [@jmlrt](https://github.com/jmlrt) | Optimize Kibana memory usage | - -### Logstash - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------------------------- | ---------------------------------------------- | -|[#500](https://github.com/elastic/helm-charts/pull/500) | [@zeph](https://github.com/zeph) | Add warn to override Logstash default pipeline | -|[#505](https://github.com/elastic/helm-charts/pull/505) | [@ChiefAlexander](https://github.com/ChiefAlexander) | Update Logstash chart to support custom ports | - -## 7.6.1 - 2020/03/04 - -* 7.6.1 as the default stack version - -### APM Server - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------------- | ----------------- | -|[#479](https://github.com/elastic/helm-charts/pull/479) | [@vhatsura](https://github.com/vhatsura) | Fix template name | - -### Elasticsearch - -| PR | Author | Title | -| ------------------------------------------------------ | -------------------------------------- | --------------------------------------- | -|[#483](https://github.com/elastic/helm-charts/pull/483) | [@ta-ando](https://github.com/ta-ando) | Ad support for loadBalancerSourceRanges | - - -## 7.6.0 - 2020/02/11 - -* 7.6.0 as the default stack version -* Freeze pip dependencies [#463](https://github.com/elastic/helm-charts/pull/463) [@morganchristiansson](https://github.com/morganchristiansson) -* Format python scripts with [Black](https://black.readthedocs.io/en/stable/) [#475](https://github.com/elastic/helm-charts/pull/475) & [#477](https://github.com/elastic/helm-charts/pull/477) [@jmlrt](https://github.com/jmlrt) - -### APM Server - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------------- | ------------------------------------------- | -|[#324](https://github.com/elastic/helm-charts/pull/324) | [@pbecotte](https://github.com/pbecotte) | Add apm-server helm chart | -|[#459](https://github.com/elastic/helm-charts/pull/459) | [@jmlrt](https://github.com/jmlrt) | Add ci tests for apm-server chart | -|[#473](https://github.com/elastic/helm-charts/pull/473) | [@jmlrt](https://github.com/jmlrt) | Add extraContainers and extraInitContainers | - -### Elasticsearch - -| PR | Author | Title | -| ------------------------------------------------------ | -------------------------------------------- | --------------------------- | -|[#455](https://github.com/elastic/helm-charts/pull/455) | [@sachinmsft](https://github.com/sachinmsft) | Fixing typo | -|[#458](https://github.com/elastic/helm-charts/pull/458) | [@jmlrt](https://github.com/jmlrt) | Set cpu request = cpu limit | -|[#473](https://github.com/elastic/helm-charts/pull/473) | [@jmlrt](https://github.com/jmlrt) | Add extraContainers | - -### Filebeat - -| PR | Author | Title | -| ------------------------------------------------------ | ------------------------------------ | ----------------------- | -|[#466](https://github.com/elastic/helm-charts/pull/466) | [@vasrem](https://github.com/vasrem) | Add extraInitContainers | -|[#473](https://github.com/elastic/helm-charts/pull/473) | [@jmlrt](https://github.com/jmlrt) | Add extraContainers | - -### Kibana - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------- | ------------------------------------------- | -|[#473](https://github.com/elastic/helm-charts/pull/473) | [@jmlrt](https://github.com/jmlrt) | Add extraContainers and extraInitContainers | - -### Logstash - -| PR | Author | Title | -| ------------------------------------------------------ | -------------------------------------------------------------- | ------------------------------- | -|[#457](https://github.com/elastic/helm-charts/pull/457) | [@morganchristiansson](https://github.com/morganchristiansson) | Add fullnameOverride setting | -|[#473](https://github.com/elastic/helm-charts/pull/473) | [@jmlrt](https://github.com/jmlrt) | Remove duplicate line in README | - -### Metricbeat - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------- | ------------------------------------------- | -|[#473](https://github.com/elastic/helm-charts/pull/473) | [@jmlrt](https://github.com/jmlrt) | Add extraContainers and extraInitContainers | - - -## 7.5.2 - 2020/01/21 - -* 7.5.2 as the default stack version -* Testing of GKE for 1.12 dropped and 1.15 added [#435](https://github.com/elastic/helm-charts/pull/435) [@jmlrt](https://github.com/jmlrt) -* Add [Probot](https://probot.github.io) config to manage stale issues / PR [#421](https://github.com/elastic/helm-charts/pull/421) [@jmlrt](https://github.com/jmlrt) -* Fix README docs links on [Helm Hub](https://hub.helm.sh) [#438](https://github.com/elastic/helm-charts/pull/438) [@jmlrt](https://github.com/jmlrt) - -### Elasticsearch - -| PR | Author | Title | -| ------------------------------------------------------ | ------------------------------------------------ | --------------------------------------------------------------- | -|[#382](https://github.com/elastic/helm-charts/pull/382) | [@jaumann](https://github.com/jaumann) | Allow for name overrides of resources | -|[#433](https://github.com/elastic/helm-charts/pull/433) | [@jmlrt](https://github.com/jmlrt) | Add example for [Microk8s](https://microk8s.io/) | -|[#428](https://github.com/elastic/helm-charts/pull/428) | [@mmisztal1980](https://github.com/mmisztal1980) | Remove duplicate label | -|[#434](https://github.com/elastic/helm-charts/pull/434) | [@jmlrt](https://github.com/jmlrt) | Add workaround to fix [kind])https://kind.sigs.k8s.io/) example | -|[#444](https://github.com/elastic/helm-charts/pull/444) | [@naseemkullah](https://github.com/naseemkullah) | Add commented out example of a useful post start hook | - -### Filebeat - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------------------- | --------------------------------------------------------------------- | -|[#415](https://github.com/elastic/helm-charts/pull/415) | [@jmlrt](https://github.com/jmlrt) | Add custom labels to pods | -|[#369](https://github.com/elastic/helm-charts/pull/369) | [@jmymy](https://github.com/jmymy) | Add support for `envfrom` | -|[#420](https://github.com/elastic/helm-charts/pull/420) | [@jmlrt](https://github.com/jmlrt) | Override probes commands | -|[#430](https://github.com/elastic/helm-charts/pull/430) | [@krichter722](https://github.com/krichter722) | Fix default value of `extraVolumeMounts` and `extraVolumes` in README | - -### Kibana - -| PR | Author | Title | -| ------------------------------------------------------ | ------------------------------------------------ | ----------------------------------------------- | -|[#415](https://github.com/elastic/helm-charts/pull/415) | [@jmlrt](https://github.com/jmlrt) | Add custom labels to pods | -|[#422](https://github.com/elastic/helm-charts/pull/422) | [@victorsalaun](https://github.com/victorsalaun) | Remove useless `maxUnavailable` in Kibana chart | -|[#408](https://github.com/elastic/helm-charts/pull/408) | [@ichylinux](https://github.com/ichylinux) | Add support for `loadBalancerSourceRanges` | -|[#419](https://github.com/elastic/helm-charts/pull/419) | [@jmlrt](https://github.com/jmlrt) | Add doc for plugin install | - -### Logstash - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------- | ------------------------- | -|[#415](https://github.com/elastic/helm-charts/pull/415) | [@jmlrt](https://github.com/jmlrt) | Add custom labels to pods | - -### Metricbeat - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------------- | ------------------------------------------------------------- | -|[#415](https://github.com/elastic/helm-charts/pull/415) | [@jmlrt](https://github.com/jmlrt) | Add custom labels to pods | -|[#369](https://github.com/elastic/helm-charts/pull/369) | [@jmymy](https://github.com/jmymy) | Add support for `envfrom` | -|[#420](https://github.com/elastic/helm-charts/pull/420) | [@jmlrt](https://github.com/jmlrt) | Override probes commands | -|[#425](https://github.com/elastic/helm-charts/pull/425) | [@pbecotte](https://github.com/pbecotte) | Update `hostfs` to be a CLI option instead of a config option | -|[#436](https://github.com/elastic/helm-charts/pull/436) | [@gadiener](https://github.com/gadiener) | Add `priorityClassName` config | - - -## 7.5.1 - 2019/12/18 - -* 7.5.1 as the default stack version -* 6.8.6 as 6.x tested version -* Add a notice that Helm v3 is not supported in [#400](https://github.com/elastic/helm-charts/pull/400) [@jmlrt](https://github.com/jmlrt) -* Prefixed helper functions with chart name in [#407](https://github.com/elastic/helm-charts/pull/407) [bpdunni](https://github.com/bpdunni) -* Use details tag around code backticks for 'helm get' output in issue template in [#413](https://github.com/elastic/helm-charts/pull/413) [krichter722](https://github.com/krichter722) - -### Filebeat - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------------- | ----------------------------------------------------- | -|[#403](https://github.com/elastic/helm-charts/pull/403) | [@ChrsMark](https://github.com/ChrsMark) | Remove in_cluster config from add_kubernetes_metadata | - -### Kibana - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------------------------- | ------------------------------------ | -|[#411](https://github.com/elastic/helm-charts/pull/411) | [@usamaahmadkhan](https://github.com/usamaahmadkhan) | Enable labels to be added to service | - -### Metricbeat - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------- | ----------------------------------------------------- | -|[#397](https://github.com/elastic/helm-charts/pull/397) | [@jmlrt](https://github.com/jmlrt) | Add a notice about kube-state-metrics breaking change | - - -## 7.5.0 - 2019/12/02 - -* 7.5.0 as the default stack version -* 6.8.5 as 6.x tested version in [#386](https://github.com/elastic/helm-charts/pull/386) [@jmlrt](https://github.com/jmlrt) -* Helm 2.16.1 support in [#366](https://github.com/elastic/helm-charts/pull/366) [@jmlrt](https://github.com/jmlrt) -* Add Beats icons to Helm repository in [#345](https://github.com/elastic/helm-charts/pull/345) [@jmlrt](https://github.com/jmlrt) -* Make helm-tester docker image build less verbose in [#346](https://github.com/elastic/helm-charts/pull/346) [@jmlrt](https://github.com/jmlrt) -* Update install doc in [#364](https://github.com/elastic/helm-charts/pull/364) [@jmlrt](https://github.com/jmlrt) -* Add security notice to github issue template in [#368](https://github.com/elastic/helm-charts/pull/368) [@jmlrt](https://github.com/jmlrt) - -### Elasticsearch - -| PR | Author | Title | -| ------------------------------------------------------- | ---------------------------------------------------- | ---------------------------------------------------------------------------- | -|[#344](https://github.com/elastic/helm-charts/pull/344) | [@usamaahmadkhan](https://github.com/usamaahmadkhan) | Add support for labels on services | -|[#350](https://github.com/elastic/helm-charts/pull/350) | [@crgstar](https://github.com/crgstar) | Use same imagePullPolicy in initContainer | -|[#380](https://github.com/elastic/helm-charts/pull/380) | [@fatmcgav](https://github.com/fatmcgav) | Tweak the 'readinessProbe' command to verify that master nodes are available | -|[#383](https://github.com/elastic/helm-charts/pull/383) | [@tanakapayam](https://github.com/tanakapayam) | Apply labels to all pods | - -### Filebeat - -| PR | Author | Title | -| ------------------------------------------------------ | ------------------------------------------------ | ------------------------------------------------------------------------- | -|[#330](https://github.com/elastic/helm-charts/pull/330) | [@tusciucalecs](https://github.com/tusciucalecs) | Support fullnameOverride | -|[#321](https://github.com/elastic/helm-charts/pull/321) | [@pbecotte](https://github.com/pbecotte) | Use host networking so that the stats have the correct node informations | -|[#322](https://github.com/elastic/helm-charts/pull/322) | [@pbecotte](https://github.com/pbecotte) | Use a list for extra volume mounts to match the comments and other values | - -### Kibana - -| PR | Author | Title | -| ------------------------------------------------------ | -------------------------------------------------| ------------------------ | -|[#330](https://github.com/elastic/helm-charts/pull/330) | [@tusciucalecs](https://github.com/tusciucalecs) | Support fullnameOverride | - -### Logstash - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------- | -------------------------------------------- | -|[#333](https://github.com/elastic/helm-charts/pull/333) | [@jmlrt](https://github.com/jmlrt) | First version of logstash helm chart | -|[#347](https://github.com/elastic/helm-charts/pull/347) | [@jmlrt](https://github.com/jmlrt) | Remove goss port test | -|[#367](https://github.com/elastic/helm-charts/pull/367) | [@jmlrt](https://github.com/jmlrt) | Update default values for memory requirements| - -### Metricbeat - -**Warning** -[#352](https://github.com/elastic/helm-charts/pull/352) is introducing a breaking change, please refer to [Metricbeat Breaking Changes](./metricbeat/README.md#breaking-changes) section for users upgrading from a chart version < 7.5.0. - -| PR | Author | Title | -| ------------------------------------------------------ | ------------------------------------------------ | ----------------------------------------------------------------------------------------- | -|[#352](https://github.com/elastic/helm-charts/pull/352) | [@masterkain](https://github.com/masterkain) | Bump kube-state-metrics to latest chart and app version | -|[#330](https://github.com/elastic/helm-charts/pull/330) | [@tusciucalecs](https://github.com/tusciucalecs) | Support fullnameOverride | -|[#314](https://github.com/elastic/helm-charts/pull/314) | [@pbecotte](https://github.com/pbecotte) | Add a couple extra mounts to pick up all the metrics from the host nodes on Digital Ocean | - - -## 7.4.1 - 2019/10/23 - -* 7.4.1 as the default stack version -* 6.8.4 as 6.x tested version -* Helm 2.15.1 support in [#338](https://github.com/elastic/helm-charts/pull/338) [@jmlrt](https://github.com/jmlrt) - -### Elasticsearch - -| PR | Author | Title | -| ------------------------------------------------------- | ----------------------------------------- | -------------------------------------------- | -|[#313](https://github.com/elastic/helm-charts/pull/313) | [@Crazybus](https://github.com/Crazybus) | Add logging when adding password to keystore | -|[#301](https://github.com/elastic/helm-charts/pull/301) | [@ravishivt](https://github.com/ravishivt) | Fix bug in keystore initContainer | -|[#274](https://github.com/elastic/helm-charts/pull/274) | [@salaboy](https://github.com/salaboy) | Add Example for Kubernetes KIND | -|[#335](https://github.com/elastic/helm-charts/pull/335) | [@jmlrt](https://github.com/jmlrt) | Fix deprecated note | -|[#337](https://github.com/elastic/helm-charts/pull/337) | [@jmlrt](https://github.com/jmlrt) | Remove unused default value | - -### Kibana - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------- | ------------------------------- | -|[#326](https://github.com/elastic/helm-charts/pull/326) | [@jmlrt](https://github.com/jmlrt) | Remove unused antiAffinity keys | - -### Metricbeat - -| PR | Author | Title | -| ------------------------------------------------------ | ---------------------------------- | ------------------------------------------------------ | -|[#339](https://github.com/elastic/helm-charts/pull/339) | [@jmlrt](https://github.com/jmlrt) | Allow adding additional labels to Metricbeat Daemonset | - - -## 7.4.0 - 2019/10/01 - -* 7.4.0 as the default stack version -* Helm-tester Docker image migrated to Python 3 in [#297](https://github.com/elastic/helm-charts/pull/297) [@jmlrt](https://github.com/jmlrt) -* Helm-tester Python dependencies freeze in [#309](https://github.com/elastic/helm-charts/pull/309) [@jmlrt](https://github.com/jmlrt) - -### Elasticsearch - -| PR | Author | Title | -| ------------------------------------------------------- | -------------------------------------------------- | ----------------------------------------------------------------------------------- | -|[#296](https://github.com/elastic/helm-charts/pull/296) | [@jmlrt](https://github.com/jmlrt) | Fix "; \" when there is no additional command in the Makefiles | -|[#298](https://github.com/elastic/helm-charts/pull/298) | [@floretan](https://github.com/floretan) | Make it possible to override the endpoint template. | -|[#263](https://github.com/elastic/helm-charts/pull/263) | [@Crazybus](https://github.com/Crazybus) | Add working examples for running Elasticsearch and Kibana on OpenShift | -|[#301](https://github.com/elastic/helm-charts/pull/301) | [@ravishivt](https://github.com/ravishivt) | Fix bug in keystore initContainer | - -### Kibana - -| PR | Author | Title | -| ------------------------------------------------------- | -------------------------------------------------- | ----------------------------------------------------------------------------------- | -|[#295](https://github.com/elastic/helm-charts/pull/295) | [@karlbohlmark](https://github.com/karlbohlmark) | Allow configuring lifecycle events | -|[#263](https://github.com/elastic/helm-charts/pull/263) | [@Crazybus](https://github.com/Crazybus) | Add working examples for running Elasticsearch and Kibana on OpenShift | -|[#303](https://github.com/elastic/helm-charts/pull/303) | [@code-chris](https://github.com/code-chris) | Add compatibility for k8s 1.16 and change min k8s version due to ingress apiVersion | - - -### Filebeat - -| PR | Author | Title | -| ------------------------------------------------------- | -------------------------------------------------- | ----------------------------------------------------------------------------------- | -|[#304](https://github.com/elastic/helm-charts/pull/304) | [@code-chris](https://github.com/code-chris) | Change min k8s version due to daemonset apiVersion | - -### Metricbeat - -| PR | Author | Title | -| ------------------------------------------------------- | -------------------------------------------------- | ----------------------------------------------------------------------------------- | -| [#310](https://github.com/elastic/helm-charts/pull/310) | [@Crazybus](https://github.com/Crazybus) | Make cluster role rules configurable | -|[#305](https://github.com/elastic/helm-charts/pull/305) | [@code-chris](https://github.com/code-chris) | Change min k8s version due to used apiVersions | - - -## 7.3.2 - 2019/09/19 - -* 7.3.2 as the default stack version -* Testing of GKE for 1.11 dropped and 1.14 added [#287](https://github.com/elastic/helm-charts/pull/287) -* Make helper scripts python3 compatible [#255](https://github.com/elastic/helm-charts/pull/255) [@cclauss](https://github.com/cclauss) - -### Elasticsearch - -| PR | Author | Title | -| ------------------------------------------------------- | -------------------------------------------------- | --------------------------------------------------------------------------- | -| [#238](https://github.com/elastic/helm-charts/pull/238) | [@Crazybus](https://github.com/Crazybus) | Update documentation and defaults for tmpl values | -| [#245](https://github.com/elastic/helm-charts/pull/245) | [@skitle](https://github.com/skitle) | Fixed indent on elasticsearch extraVolumes tpl. Was causing parsing errors. | -| [#250](https://github.com/elastic/helm-charts/pull/250) | [@tanordheim](https://github.com/tanordheim) | Update priorityClassName default values in READMEs | -| [#261](https://github.com/elastic/helm-charts/pull/261) | [@Crazybus](https://github.com/Crazybus) | Bump google terraform provider to the latest | -| [#154](https://github.com/elastic/helm-charts/pull/154) | [@Crazybus](https://github.com/Crazybus) | Keystore integration | -| [#290](https://github.com/elastic/helm-charts/pull/290) | [@Crazybus](https://github.com/Crazybus) | Drop version from chart label in service | -| [#270](https://github.com/elastic/helm-charts/pull/270) | [@GreenKnight15](https://github.com/GreenKnight15) | ES Variable Port Name | -| [#259](https://github.com/elastic/helm-charts/pull/259) | [@Crazybus](https://github.com/Crazybus) | Set default runAsUser for pod security context | -| [#265](https://github.com/elastic/helm-charts/pull/265) | [@maximelenair](https://github.com/maximelenair) | Hardening of the pod permissions. | - -### Kibana - -| PR | Author | Title | -| ------------------------------------------------------- | -------------------------------------------- | -------------------------------------------------- | -| [#250](https://github.com/elastic/helm-charts/pull/250) | [@tanordheim](https://github.com/tanordheim) | Update priorityClassName default values in READMEs | -| [#268](https://github.com/elastic/helm-charts/pull/268) | [@accek](https://github.com/accek) | fixed bogus request of 500 millibytes mem | -| [#272](https://github.com/elastic/helm-charts/pull/272) | [@rccrdpccl](https://github.com/rccrdpccl) | use same env variable as application | -| [#291](https://github.com/elastic/helm-charts/pull/291) | [@Crazybus](https://github.com/Crazybus) | Explicitly test for a 200 for readinessProbe | - -### Filebeat - -| PR | Author | Title | -| ------------------------------------------------------- | -------------------------------------------- | -------------------------------------------------- | -| [#243](https://github.com/elastic/helm-charts/pull/243) | [@Crazybus](https://github.com/Crazybus) | Add configurable nodeSelector and affinity spec | -| [#248](https://github.com/elastic/helm-charts/pull/248) | [@tanordheim](https://github.com/tanordheim) | Add priorityClassName to filebeat chart | -| [#250](https://github.com/elastic/helm-charts/pull/250) | [@tanordheim](https://github.com/tanordheim) | Update priorityClassName default values in READMEs | - -### Metricbeat - -| PR | Author | Title | -| ------------------------------------------------------- | ---------------------------------------- | ---------------------------------------------------- | -| [#243](https://github.com/elastic/helm-charts/pull/243) | [@Crazybus](https://github.com/Crazybus) | Add configurable nodeSelector and affinity spec | -| [#251](https://github.com/elastic/helm-charts/pull/251) | [@Crazybus](https://github.com/Crazybus) | Fix default configuration for kubernetes module | -| [#289](https://github.com/elastic/helm-charts/pull/289) | [@Crazybus](https://github.com/Crazybus) | Remove default kube static metrics host to avoid co… | -| [#254](https://github.com/elastic/helm-charts/pull/254) | [@Azuka](https://github.com/Azuka) | Enable events access to cluster role | - - -## 7.3.0 - 2019/07/31 - -* 7.3.0 as the default stack version - -### Elasticsearch -| PR | Author | Title | -| ------------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------- | -| [#226](https://github.com/elastic/helm-charts/pull/226) | [@MichaelMarieJulie](https://github.com/MichaelMarieJulie) | Add configurable pods labels | -| [#237](https://github.com/elastic/helm-charts/pull/237) | [@MichaelSp](https://github.com/MichaelSp) | Add back `service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"` | - -### Kibana -| PR | Author | Title | -| ------------------------------------------------------- | ------------------------------------------ | ----------------------------------- | -| [#225](https://github.com/elastic/helm-charts/pull/225) | [@plumcraft](https://github.com/plumcraft) | Add configurable pod labels | -| [#230](https://github.com/elastic/helm-charts/pull/230) | [@Crazybus](https://github.com/Crazybus) | Add subPath support to secretMounts | - - -## 7.2.1-0 - 2019/07/18 - -* [#195](https://github.com/elastic/helm-charts/pull/195) - @cclauss - Initial steps started to move all python2 code to python3 -* [#205](https://github.com/elastic/helm-charts/pull/205) - @Crazybus - Fixup and improve security example documentation - - -### Elasticsearch - -* [#171](https://github.com/elastic/helm-charts/pull/171) - @naseemkullah - Run Elasticsearch as a non-root user -* [#197](https://github.com/elastic/helm-charts/pull/197) - @tetianakravchenko - Add option to provide custom start/stop hooks -* [#206](https://github.com/elastic/helm-charts/pull/206) - @Crazybus - Automatically detect esMajorVersion for default images -* [#203](https://github.com/elastic/helm-charts/pull/203) - @Crazybus - Add testing for security context -* [#220](https://github.com/elastic/helm-charts/pull/220) - @JorisAndrade - Add option to disable sysctlInitContainer - -### Kibana - -* [#204](https://github.com/elastic/helm-charts/pull/204) - @Crazybus - Make imagePullPolicy actually do something -* [#210](https://github.com/elastic/helm-charts/pull/210) - @cliedeman - Add Kibana pod annotations -* [#217](https://github.com/elastic/helm-charts/pull/217) - @Crazybus - Update healthCheckPath to mention basePath usage - -### Filebeat - -* [#214](https://github.com/elastic/helm-charts/pull/214) - @dugouchet - Add additional labels - -### Metricbeat - -* [#127](https://github.com/elastic/helm-charts/pull/127) - @Crazybus - Add metricbeat chart -* [#128](https://github.com/elastic/helm-charts/pull/128) - @Crazybus - Add ci jobs for metricbeat - - -## 7.2.0 - 2019/07/01 - -* 7.2.0 as the default stack version -* Updated the beta status messaging and added proper descriptions to each chart [#158](https://github.com/elastic/helm-charts/pull/158) -* Add GKE 1.13 to automated testing suite [#169](https://github.com/elastic/helm-charts/pull/169) and [#181](https://github.com/elastic/helm-charts/pull/181) - -### Elasticsearch - -* [#123](https://github.com/elastic/helm-charts/pull/123) - @kimxogus - Make the service configurable -* [#141](https://github.com/elastic/helm-charts/pull/141) - @satchpx - Add capability to specify alternate scheduler -* [#161](https://github.com/elastic/helm-charts/pull/161) - @Crazybus - Add configurable nodePort to the service spec -* [#170](https://github.com/elastic/helm-charts/pull/170) - @Crazybus - Update security example docs to match reality -* [#182](https://github.com/elastic/helm-charts/pull/182) - @hxquangnhat - Fix secretName field for secretMounts -* [#186](https://github.com/elastic/helm-charts/pull/186) - @Crazybus - Fix pvc annotations with multiple fields -* [#189](https://github.com/elastic/helm-charts/pull/189) - @gnatpat - Add resources to sidecar container - -### Kibana - -* [#160](https://github.com/elastic/helm-charts/pull/160) - @Crazybus - Add configurable nodePort to the service spec -* [#168](https://github.com/elastic/helm-charts/pull/168) - @Crazybus - Always set server.host to the docker default -* [#172](https://github.com/elastic/helm-charts/pull/172) - @naseemkullah - Run Kibana as the non-root kibana user (1000) -* [#182](https://github.com/elastic/helm-charts/pull/182) - @hxquangnhat - Fix secretName field for secretMounts -* [#184](https://github.com/elastic/helm-charts/pull/184) - @diegofernandes - Fix wildcard support for ingress - -### Filebeat - -* [#182](https://github.com/elastic/helm-charts/pull/182) - @hxquangnhat - Fix secretName field for secretMounts -* [#188](https://github.com/elastic/helm-charts/pull/188) - @cclauss - Fix octal literal to work in both Python 2 and Python 3 - - -## 7.1.1 - 2019/06/07 - -* 7.1.1 as the default stack version -* Helm 2.14.0 as the tested version. Helm 2.14.0 has some extra validation built in which caused an issue with an [invalid field in the filebeat chart](https://github.com/elastic/helm-charts/issues/136). - -### Elasticsearch - -* [#146](https://github.com/elastic/helm-charts/pull/146) - @Crazybus - Add instructions for how to enable snapshots - -### Kibana - -* [#151](https://github.com/elastic/helm-charts/pull/151) - @natebwangsut - Added an option to add annotations(s) to service resource - -### Filebeat - -* [#140](https://github.com/elastic/helm-charts/pull/140) - @Crazybus - Remove fsGroup from container level security context - - -## 7.1.0 - 2019/05/21 - -* 7.1.0 as the default stack version -* Promotion from alpha to beta status -* Filebeat chart added - -### Elasticsearch - -* [#119](https://github.com/elastic/helm-charts/pull/119) - @kimxogus - Wait for new master election before stopping the pod to prevent master status being temporarily lost during rolling upgrades #63 -* [#109](https://github.com/elastic/helm-charts/pull/109) - @lancespeelmon - Add support for k8s priorityclass - -### Kibana - -* [#109](https://github.com/elastic/helm-charts/pull/109) - @lancespeelmon - Add support for k8s priorityclass -* [#134](https://github.com/elastic/helm-charts/pull/134) - @Crazybus - Explicitly set the targetPort to the defined http port - -### Filebeat - -* [#117](https://github.com/elastic/helm-charts/pull/117) - @tylerjl - Add initial filebeat chart -* [#122](https://github.com/elastic/helm-charts/pull/122) - @Crazybus - Add ci jobs for filebeat -* [#121](https://github.com/elastic/helm-charts/pull/121) - @Crazybus - Add integration tests and other tweaks -* [#129](https://github.com/elastic/helm-charts/pull/129) - @tylerjl - Add usage notes for filebeat - - -## 7.0.1-alpha1 - 2019/05/01 - -* 7.0.1 as the default stack version -* [Contributing guide](https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md), [release process](https://github.com/elastic/helm-charts/blob/master/helpers/release.md), [changelog](https://github.com/elastic/helm-charts/blob/master/CHANGELOG.md) and [issue templates](https://github.com/elastic/helm-charts/tree/master/.github/ISSUE_TEMPLATE) added in [#111](https://github.com/elastic/helm-charts/pull/111) -* Automated testing for Kubernetes 1.10 dropped because it is no longer available in GKE -* Helm client version bumped to 2.13.1 - -### Elasticsearch - -* [#100](https://github.com/elastic/helm-charts/pull/100) - @kuisathaverat - Remove deprecated zen ping unicast hosts setting -* [#114](https://github.com/elastic/helm-charts/pull/114) - @Crazybus - Make persistent volumes optional -* [#115](https://github.com/elastic/helm-charts/pull/115) - @Crazybus - Added an integration test for upgrading from the previous release and testing rolling upgrades - -### Kibana - -* [#107](https://github.com/elastic/helm-charts/pull/107) - @Crazybus - Make the health check path configurable to support webroots and other customizations. - - -## 7.0.0-alpha1 - 2019/04/17 - -* [#96](https://github.com/elastic/helm-charts/pull/96) - @Crazybus - 7.0.0 as the default stack version - -### Elasticsearch - -* [#94](https://github.com/elastic/helm-charts/pull/94) - @kimxogus - Remove hardcoded storageClassName - -### Notes - -If you were using the default Elasticsearch version from the previous release (6.6.2-alpha1) you will first need to upgrade to Elasticsearch 6.7.1 before being able to upgrade to 7.0.0. You can do this by adding this to your values file: - -``` -esMajorVersion: 6 -imageTag: 6.7.1 -``` - -If you are upgrading an existing cluster that did not override the default `storageClassName` you will now need to specify the `storageClassName`. This only affects existing clusters and was changed in https://github.com/elastic/helm-charts/pull/94. The advantage of this is that now the helm chart will just use the default storageClassName rather than needing to override it for any providers where it is not called `standard`. - -``` -volumeClaimTemplate: - storageClassName: "standard" -``` diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8dd908c8f..d7bc3ec78 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,21 +1,272 @@ -# Contributing to the Elastic helm charts +# Contributing to the Elastic Helm charts + + + + +- [Adding new features](#adding-new-features) +- [Requirements for submiting a pull request](#requirements-for-submiting-a-pull-request) +- [CLA (Contributor License Agreement)](#cla-contributor-license-agreement) +- [How We Use Git and GitHub](#how-we-use-git-and-github) + - [Forking](#forking) + - [Branching](#branching) + - [Commits and Merging](#commits-and-merging) + - [Rebasing and fixing merge conflicts](#rebasing-and-fixing-merge-conflicts) + - [What Goes Into a Pull Request](#what-goes-into-a-pull-request) +- [Submitting a Pull Request](#submitting-a-pull-request) +- [Releases](#releases) +- [Testing](#testing) + - [Templating tests](#templating-tests) + - [Integration tests](#integration-tests) + + + + + + +## Adding new features + +If you aren't 100% sure that this is a feature that makes sense for everyone. +Please open an issue first to discuss with the maintainers before investing a +lot of time into it. + + +## Requirements for submiting a pull request + +Before submitting a pull request make sure you validated the following +requirements: + +* CLA should be signed (see [CLA section][] for more details). + +* Charts version shouldn't be bumped (see [Releases section][] for more +details). + +* Charts `README.md` should be updated if required (especially updating default +values if they have been changed). + +* Templating tests should be added/updated (see [Templating tests section][] for +more details). + +* Integration tests should be added/updated (see [Integration tests section][] +for more details). + ## CLA (Contributor License Agreement) -If you haven't already you will need to sign the [CLA](https://www.elastic.co/contributor-agreement) before your pull request can be reviewed and merged. +Please make sure you have signed our [Contributor License Agreement][]. We are +not asking you to assign copyright to us, but to give us the right to distribute +your code without restriction. We ask this of all contributors in order to +assure our users of the origin and continuing existence of the code. +You only need to sign the CLA once. -## Version bumps -Just like with the rest of the stack, all versions in this helm chart repo are bumped and released at the same time. There is no need to bump the version in your pull request. +## How We Use Git and GitHub -## Testing and documentation +### Forking -When making any changes be sure to also update the following: +We follow the [GitHub forking model][] for collaborating on Helm charts code. +This model assumes that you have a remote called `upstream` which points to the +official Kibana repo, which we'll refer to in later code snippets. -* Charts README.md -* The templating tests which can be found in `${CHART}/tests/*.py`. [Example](/elasticsearch/tests/elasticsearch_test.py) -* The integration tests which can be found in `${CHART}/examples/*/test/goss.yaml`. [Example](/elasticsearch/examples/default/test/goss.yaml) +### Branching + +* All work on the next major release (`8.0.0`) goes into master. +* Past major release branches are named `{majorVersion}.x`. They contain work +that will go into the next minor release. For example, if the next minor release +is `7.8.0`, work for it should go into the `7.x` branch. +* Past minor release branches are named `{majorVersion}.{minorVersion}`. They +contain work that will go into the next patch release. For example, if the next +patch release is `7.8.1`, work for it should go into the `7.8` branch. +* All work is done on feature branches and merged into one of these branches. +* Where appropriate, we'll backport changes into older release branches. + +### Commits and Merging + +* Feel free to make as many commits as you want, while working on a branch. +* Please use your commit messages to include helpful information on your +changes and an explanation of *why* you made the changes that you did. +* Resolve merge conflicts by rebasing the target branch over your feature +branch, and force-pushing (see below for instructions). +* When merging, we'll squash your commits into a single commit. + +#### Rebasing and fixing merge conflicts + +Rebasing can be tricky, and fixing merge conflicts can be even trickier because +it involves force pushing. This is all compounded by the fact that attempting to +push a rebased branch remotely will be rejected by git, and you'll be prompted +to do a `pull`, which is not at all what you should do (this will really mess up +your branch's history). + +Here's how you should rebase master onto your branch, and how to fix merge +conflicts when they arise. + +First, make sure master is up-to-date. + +```shell +git checkout master +git fetch upstream +git rebase upstream/master +``` + +Then, check out your branch and rebase master on top of it, which will apply all +of the new commits on master to your branch, and then apply all of your branch's +new commits after that. + +```shell +git checkout name-of-your-branch +git rebase master +``` + +You want to make sure there are no merge conflicts. If there are merge +conflicts, git will pause the rebase and allow you to fix the conflicts before +continuing. + +You can use `git status` to see which files contain conflicts. They'll be the +ones that aren't staged for commit. Open those files, and look for where git has +marked the conflicts. Resolve the conflicts so that the changes you want to make +to the code have been incorporated in a way that doesn't destroy work that's +been done in master. Refer to master's commit history on GitHub if you need to +gain a better understanding of how code is conflicting and how best to resolve +it. + +Once you've resolved all of the merge conflicts, use `git add -A` to stage them +to be committed, and then use `git rebase --continue` to tell git to continue +the rebase. + +When the rebase has completed, you will need to force push your branch because +the history is now completely different than what's on the remote. **This is +potentially dangerous** because it will completely overwrite what you have on +the remote, so you need to be sure that you haven't lost any work when resolving +merge conflicts. (If there weren't any merge conflicts, then you can force push +without having to worry about this.) + +``` +git push origin name-of-your-branch --force +``` + +This will overwrite the remote branch with what you have locally. You're done! + +**Note that you should not run `git pull`**, for example in response to a push +rejection like this: + +``` +! [rejected] name-of-your-branch -> name-of-your-branch (non-fast-forward) +error: failed to push some refs to 'https://github.com/YourGitHubHandle/kibana.git' +hint: Updates were rejected because the tip of your current branch is behind +hint: its remote counterpart. Integrate the remote changes (e.g. +hint: 'git pull ...') before pushing again. +hint: See the 'Note about fast-forwards' in 'git push --help' for details. +``` + +Assuming you've successfully rebased and you're happy with the code, you should +force push instead. + +### What Goes Into a Pull Request + +* Please include an explanation of your changes in your PR description. +* Links to relevant issues, external resources, or related PRs are very +important and useful. +* Please update any tests that pertain to your code, and add new tests where +appropriate. +* See [Submitting a Pull Request](#submitting-a-pull-request) for more info. + + +## Submitting a Pull Request + +Push your local changes to your forked copy of the repository and submit a Pull +Request. In the Pull Request, describe what your changes do and mention the +number of the issue where discussion has taken place, e.g., “Closes #123″. + +Always submit your pull against `master` unless the bug is only present in an +older version. If the bug affects both master and another branch say so in your +pull. + +Then sit back and wait. There will probably be discussion about the Pull Request +and, if any changes are needed, we'll work with you to get your Pull Request +merged into Kibana. + + +## Releases + +Just like with the rest of the stack, all versions in this helm chart repo are +bumped and released at the same time. There is no need to bump the version in +your pull request. + +Charts are released from version branchs (example `7.7` branch). + +[Elastic Helm repository][] is updated only during releases. + +The current release process is documented in [release.md][]. + + +## Testing + +### Templating tests + +Templating tests which can be found in `${CHART}/tests/*.py` +([Example][templating test example]). + +These charts use [pytest][] to test the templating logic. The dependencies for +testing can be installed from the [requirements.txt][] in the parent directory: + +``` +pip install -r ./requirements.txt +``` + +Tests can then be run from each chart directory using `make pytest` + +You can also use `make template` (equivalent to `helm template` ) to look at the +YAML being generated: + +It is possible to run all of the tests and linting inside of a Docker container +using `make test` + +Note that templating tests are formated using [Black][], you should run +`make lint-python` (equivalent to `black --diff --check .` ) to validate them or +`black .` to apply formatting before submitting a pull request which will modify +them. + +### Integration tests + +Integration tests which can be found in `${CHART}/examples/*/test/goss.yaml` +([Example][integration test example]). + +Integration tests are run using [goss][] which is a [Serverspec][] like tool +written in golang. See [integration test example][] for an example of what the +tests look like. + +The different integration tests are present in each chart's `examples` +directory. + +Each charts contains an `examples/default` integration test which validate the +chart deployment with default values. + +`examples` directory contains also integration tests for other use cases (for +example: using `oss` Docker images, using `6.x` version or using `security` ). + +Every directory which contains some `test` subdirectory is an integration test +(`examples` directory contains also some configuration examples for some +specific scenarios without tests like configuration for specific k8s providers). + +To run the goss tests against the default example: + +``` +cd examples/default +make goss +``` -## Adding new features -If you aren't 100% sure that this is a feature that makes sense for everyone. Please open an issue first to discuss with the maintainers before investing a lot of time into it. +[black]: https://black.readthedocs.io/en/stable/ +[cla section]: #cla-contributor-license-agreement +[contributor license agreement]: https://www.elastic.co/contributor-agreement +[elastic helm repository]: https://helm.elastic.co +[github forking model]: https://help.github.com/articles/fork-a-repo/ +[goss]: https://github.com/aelsabbahy/goss/blob/master/docs/manual.md +[integration test example]: https://github.com/elastic/helm-charts/blob/7.12/elasticsearch/examples/default/test/goss.yaml +[integration tests section]: #integration-tests +[pytest]: https://docs.pytest.org/en/latest/ +[serverspec]: https://serverspec.org +[templating test example]: https://github.com/elastic/helm-charts/blob/7.12/elasticsearch/tests/elasticsearch_test.py +[templating tests section]: #templating-tests +[release.md]: https://github.com/elastic/helm-charts/blob/master/helpers/release.md +[releases section]: #releases +[requirements.txt]: https://github.com/elastic/helm-charts/blob/7.12/requirements.txt diff --git a/README.md b/README.md index 225f342a2..cbbc79a8c 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,115 @@ # Elastic Stack Kubernetes Helm Charts -[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+master.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) +[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+7.12.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+7.12/) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/elastic)](https://artifacthub.io/packages/search?repo=elastic) + + + + + +- [Charts](#charts) +- [Supported Configurations](#supported-configurations) + - [Support Matrix](#support-matrix) + - [Kubernetes Versions](#kubernetes-versions) + - [Helm versions](#helm-versions) +- [ECK](#eck) + + -This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. ## Charts -Please look in the chart directories for the documentation for each chart. These helm charts are designed to be a lightweight way to configure our official docker images. Links to the relevant docker image documentation has also been added below. +These Helm charts are designed to be a lightweight way to configure our official +Docker images. Links to the relevant Docker image documentation has also been +added below. + +We recommend that the Helm chart version is aligned to the version of the product +you want to deploy. This will ensure that you using a chart version that has been +tested against the corresponding production version. +This will also ensure that the documentation and examples for the chart will work +with the version of the product you are installing. + +For example if you want to deploy an Elasticsearch `7.7.1` cluster, use the +corresponding `7.7.1` [tag][elasticsearch-771]. + +The `master` version of these charts are intended to support the latest pre-release +versions of our products, and therefore may or may not work with current released +versions. + +| Chart | Docker documentation | Latest 7 Version | Latest 6 Version | +|--------------------------------------------|---------------------------------------------------------------------------------|-----------------------------|-----------------------------| +| [APM-Server](./apm-server/README.md) | https://www.elastic.co/guide/en/apm/server/current/running-on-docker.html | [`7.11.1`][apm-7] | [`6.8.14`][apm-6] | +| [Elasticsearch](./elasticsearch/README.md) | https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html | [`7.11.1`][elasticsearch-7] | [`6.8.14`][elasticsearch-6] | +| [Filebeat](./filebeat/README.md) | https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html | [`7.11.1`][filebeat-7] | [`6.8.14`][filebeat-6] | +| [Kibana](./kibana/README.md) | https://www.elastic.co/guide/en/kibana/current/docker.html | [`7.11.1`][kibana-7] | [`6.8.14`][kibana-6] | +| [Logstash](./logstash/README.md) | https://www.elastic.co/guide/en/logstash/current/docker.html | [`7.11.1`][logstash-7] | [`6.8.14`][logstash-6] | +| [Metricbeat](./metricbeat/README.md) | https://www.elastic.co/guide/en/beats/metricbeat/current/running-on-docker.html | [`7.11.1`][metricbeat-7] | [`6.8.14`][metricbeat-6] | + +## Supported Configurations + +Starting with the `7.7.0` release, some charts are reaching GA. + +Note that only the released charts coming from [Elastic Helm repo][] or +[GitHub releases][] are supported. + +### Support Matrix + +| | Elasticsearch | Kibana | Logstash | Filebeat | Metricbeat | APM Server | +|------|---------------|--------|----------|----------|------------|------------| +| 6.8 | Beta | Beta | Beta | Beta | Beta | Alpha | +| 7.0 | Alpha | Alpha | / | / | / | / | +| 7.1 | Beta | Beta | / | Beta | / | / | +| 7.2 | Beta | Beta | / | Beta | Beta | / | +| 7.3 | Beta | Beta | / | Beta | Beta | / | +| 7.4 | Beta | Beta | / | Beta | Beta | / | +| 7.5 | Beta | Beta | Beta | Beta | Beta | Alpha | +| 7.6 | Beta | Beta | Beta | Beta | Beta | Alpha | +| 7.7 | GA | GA | Beta | GA | GA | Beta | +| 7.8 | GA | GA | Beta | GA | GA | Beta | +| 7.9 | GA | GA | Beta | GA | GA | Beta | +| 7.10 | GA | GA | Beta | GA | GA | Beta | +| 7.11 | GA | GA | Beta | GA | GA | Beta | + +### Kubernetes Versions + +The charts are [currently tested][] against all GKE versions available. The +exact versions are defined under `KUBERNETES_VERSIONS` in +[helpers/matrix.yml][]. + +### Helm versions + +While we are checking backward compatibility, the charts are only tested with +Helm version mentioned in [helm-tester Dockerfile][] (currently 3.5.2). + -| Chart | Docker documentation | -| ------------------------------------------ | ------------------------------------------------------------------------------- | -| [Elasticsearch](./elasticsearch/README.md) | https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html | -| [Kibana](./kibana/README.md) | https://www.elastic.co/guide/en/kibana/current/docker.html | -| [Logstash](./logstash/README.md) | https://www.elastic.co/guide/en/logstash/current/docker.html | -| [Filebeat](./filebeat/README.md) | https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html | -| [Metricbeat](./metricbeat/README.md) | https://www.elastic.co/guide/en/beats/metricbeat/current/running-on-docker.html | -| [APM-Server](./apm-server/README.md) | https://www.elastic.co/guide/en/apm/server/current/running-on-docker.html | +## ECK -## Kubernetes Versions +In addition of these Helm charts, Elastic also provides +[Elastic Cloud on Kubernetes][] which is based on [Operator pattern][] and is +Elastic recommended way to deploy Elasticsearch, Kibana and APM Server on +Kubernetes. There is a dedicated Helm chart for ECK which can be found +[in ECK repo][eck-chart] ([documentation][eck-chart-doc]). -The charts are [currently tested](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) against all GKE versions available. The exact versions are defined under `KUBERNETES_VERSIONS` in [helpers/matrix.yml](/helpers/matrix.yml) -## Helm versions +[currently tested]: https://devops-ci.elastic.co/job/elastic+helm-charts+7.12/ +[eck-chart]: https://github.com/elastic/cloud-on-k8s/tree/master/deploy +[eck-chart-doc]: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html +[elastic cloud on kubernetes]: https://github.com/elastic/cloud-on-k8s +[elastic helm repo]: https://helm.elastic.co +[github releases]: https://github.com/elastic/helm-charts/releases +[helm-tester Dockerfile]: https://github.com/elastic/helm-charts/blob/7.12/helpers/helm-tester/Dockerfile +[helpers/matrix.yml]: https://github.com/elastic/helm-charts/blob/7.12/helpers/matrix.yml +[operator pattern]: https://kubernetes.io/docs/concepts/extend-kubernetes/operator/ +[elasticsearch-771]: https://github.com/elastic/helm-charts/tree/7.7.1/elasticsearch/ -While we are checking backward compatibility, the charts are only tested with Helm version mentioned in [helm-tester Dockerfile](helpers/helm-tester/Dockerfile) (currently 2.16.5). -Note that we don't support [Helm 3](https://v3.helm.sh/) version. +[apm-7]: https://github.com/elastic/helm-charts/tree/7.11.1/apm-server/README.md +[apm-6]: https://github.com/elastic/helm-charts/tree/6.8.14/apm-server/README.md +[elasticsearch-7]: https://github.com/elastic/helm-charts/tree/7.11.1/elasticsearch/README.md +[elasticsearch-6]: https://github.com/elastic/helm-charts/tree/6.8.14/elasticsearch/README.md +[filebeat-7]: https://github.com/elastic/helm-charts/tree/7.11.1/filebeat/README.md +[filebeat-6]: https://github.com/elastic/helm-charts/tree/6.8.14/filebeat/README.md +[kibana-7]: https://github.com/elastic/helm-charts/tree/7.11.1/kibana/README.md +[kibana-6]: https://github.com/elastic/helm-charts/tree/6.8.14/kibana/README.md +[logstash-7]: https://github.com/elastic/helm-charts/tree/7.11.1/logstash/README.md +[logstash-6]: https://github.com/elastic/helm-charts/tree/6.8.14/logstash/README.md +[metricbeat-7]: https://github.com/elastic/helm-charts/tree/7.11.1/metricbeat/README.md +[metricbeat-6]: https://github.com/elastic/helm-charts/tree/6.8.14/metricbeat/README.md diff --git a/apm-server/Chart.yaml b/apm-server/Chart.yaml index ec49a79da..0a85f33fe 100755 --- a/apm-server/Chart.yaml +++ b/apm-server/Chart.yaml @@ -5,8 +5,8 @@ maintainers: - email: helm-charts@elastic.co name: Elastic name: apm-server -version: 7.6.2 -appVersion: 7.6.2 +version: 7.12.0-SNAPSHOT +appVersion: 7.12.0-SNAPSHOT sources: - https://github.com/elastic/apm icon: https://helm.elastic.co/icons/apm.png diff --git a/apm-server/README.md b/apm-server/README.md index 8e2e9381f..1aee0c2f3 100644 --- a/apm-server/README.md +++ b/apm-server/README.md @@ -1,153 +1,186 @@ # APM Server Helm Chart -This functionality is in alpha and is subject to change. The design and code is -less mature than official GA features and is being provided as-is with no -warranties. Alpha features are not subject to the support SLA of official GA -features. +[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+master.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/elastic)](https://artifacthub.io/packages/search?repo=elastic) + +This Helm chart is a lightweight way to configure and run our official +[APM Server Docker image][]. + +**Warning**: This functionality is in alpha and is subject to change. +The design and code is less mature than official GA features and is being +provided as-is with no warranties. Alpha features are not subject to the support +SLA of official GA features (see [supported configurations][] for more details). + + +**Warning**: This branch is used for development, please use the latest [7.x][] release for released version. + + + + + +- [Requirements](#requirements) +- [Installing](#installing) + - [Install released version using Helm repository](#install-released-version-using-helm-repository) + - [Install development version from a branch](#install-development-version-from-a-branch) +- [Upgrading](#upgrading) +- [Usage notes](#usage-notes) +- [Configuration](#configuration) +- [FAQ](#faq) + - [How to use APM Server with Elasticsearch with security (authentication and TLS) enabled?](#how-to-use-apm-server-with-elasticsearch-with-security-authentication-and-tls-enabled) + - [How to install OSS version of APM Server?](#how-to-install-oss-version-of-apm-server) +- [Contributing](#contributing) + + + + -This helm chart is a lightweight way to configure and run our official -[APM Server docker image](https://www.elastic.co/guide/en/apm/server/current/running-on-docker.html). ## Requirements -* Kubernetes >= 1.9 -* [Helm](https://helm.sh/) >= 2.8.0 +* Kubernetes >= 1.14 +* [Helm][] >= 2.17.0 + +See [supported configurations][] for more details. -## Usage notes and getting started -* The default APM Server configuration file for this chart is configured to use an -Elasticsearch endpoint as configured by the rest of these helm charts. This can -easily be overridden in the config value `apmConfig.apm-server.yml`. -* Automated testing of this chart is currently only run against GKE (Google Kubernetes Engine). ## Installing -* Add the elastic helm charts repo - ``` - helm repo add elastic https://helm.elastic.co - ``` -* Install it - ``` - helm install --name apm-server elastic/apm-server - ``` +This chart is tested with the latest 7.12.0-SNAPSHOT version. -### Using master branch +### Install released version using Helm repository -* Clone the git repo - ``` - git clone git@github.com:elastic/helm-charts.git - ``` -* Install it - ``` - helm install --name apm-server ./helm-charts/apm-server - ``` +* Add the Elastic Helm charts repo: +`helm repo add elastic https://helm.elastic.co` -## Compatibility +* Install it: + - with Helm 3: `helm install apm-server --version elastic/apm-server` + - with Helm 2 (deprecated): `helm install --name apm-server --version elastic/apm-server` -This chart is tested with the latest supported versions. The currently tested versions are: +### Install development version from a branch -| 6.x | 7.x | -| ----- | ----- | -| 6.8.8 | 7.6.2 | +* Clone the git repo: `git clone git@github.com:elastic/helm-charts.git` -Examples of installing older major versions can be found in the -[examples](https://github.com/elastic/helm-charts/tree/master/apm-server/examples) directory. +* Checkout the branch : `git checkout 7.12` -While only the latest releases are tested, it is possible to easily install old -or new releases by overriding the `imageTag`. To install version `7.6.2` of APM -Server it would look like this: +* Install it: + - with Helm 3: `helm install apm-server ./helm-charts/apm-server --set imageTag=7.12.0-SNAPSHOT` + - with Helm 2 (deprecated): `helm install --name apm-server ./helm-charts/apm-server --set imageTag=7.12.0-SNAPSHOT` -``` -helm install --name apm-server elastic/apm-server --set imageTag=7.6.2 -``` + +## Upgrading + +Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before +upgrading to a new chart version. + + +## Usage notes + +* The default APM Server configuration file for this chart is configured to use +an Elasticsearch endpoint as configured by the rest of these Helm charts. This +can easily be overridden in the config value `apmConfig.apm-server.yml`. + +* Automated testing of this chart is currently only run against GKE (Google +Kubernetes Engine). + +* This repo includes a number of [examples][] configurations which can be used +as a reference. They are also used in the automated testing of this chart. ## Configuration -| Parameter | Description | Default | -| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | -| `apmConfig` | Allows you to add any config files in `/usr/share/apm-server/config` such as `apm-server.yml`. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/apm-server/values.yaml) for an example of the formatting with the default configuration. | see [values.yaml](https://github.com/elastic/helm-charts/tree/master/apm-server/values.yaml) | -| `replicas` | Number of APM servers to run | `1` | -| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | -| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | -| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` | -| `extraVolumeMounts` | List of additional volumeMounts | `[]` | -| `extraVolumes` | List of additional volumes | `[]` | -| `image` | The APM Server docker image | `docker.elastic.co/apm/apm-server` | -| `imageTag` | The APM Server docker image tag | `7.6.2` | -| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` | -| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` | -| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles. | `true` | -| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all APM Server pods | `{}` | -| `labels` | Configurable [label](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) applied to all APM server pods | `{}` | -| `podSecurityContext` | Configurable [podSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for APM Server pod execution environment | `runAsUser: 0`
`privileged: false` | -| `livenessProbe` | Parameters to pass to [liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) checks for values such as timeouts and thresholds. | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` | -| `readinessProbe` | Parameters to pass to [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) checks for values such as timeouts and thresholds. | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` | -| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the `Deployment` | `requests.cpu: 100m`
`requests.memory: 100Mi`
`limits.cpu: 1000m`
`limits.memory: 200Mi` | -| `serviceAccount` | Custom [serviceAccount](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) that APM Server will use during execution. By default will use the service account created by this chart. | `""` | -| `secretMounts` | Allows you easily mount a secret as a file inside the `Deployment`. Useful for mounting certificates and other secrets. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/apm-server/values.yaml) for an example | `[]` | -| `terminationGracePeriod` | Termination period (in seconds) to wait before killing APM Server pod process on pod shutdown | `30` | -| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| `nodeSelector` | Configurable [nodeSelector](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) | `{}` | -| `affinity` | Configurable [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | `{}` | -| `priorityClassName` | The [name of the PriorityClass](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). No default is supplied as the PriorityClass must be created first. | `""` | -| `updateStrategy` | Allows you to change the default update [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment) for the deployment. | `RollingUpdate` | -| `autoscaling.enabled` | Enable the pod [horizonatal auto scaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `false` | -| `ingress` | Configurable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose the APM Server service. See [`values.yaml`](https://github.com/elastic/helm-charts/tree/master/apm-server/values.yaml) for an example | `enabled: false` | -| `service` | Configurable [service](https://kubernetes.io/docs/concepts/services-networking/service/) to expose the APM Server service. See [`values.yaml`](https://github.com/elastic/helm-charts/tree/master/apm-server/values.yaml) for an example | `type: ClusterIP`
`port: 8200`
`nodePort:`
`annotations: {}` | -| `lifecycle` | Configurable [livecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | `false` | -| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | -| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to `.Release.Name`-`.Values.nameOverride` or `.Chart.Name` | `""` | - -## Examples - -In [examples/](ahttps://github.com/elastic/helm-charts/tree/master/apm-server/examples) you will find some example configurations. These examples -are used for the automated testing of this helm chart. - -### Default - -* Deploy the [default Elasticsearch helm chart](https://github.com/elastic/helm-charts/tree/master/elasticsearch/README.md#default) -* Deploy APM Server with the default values - ``` - cd examples/default - make - ``` -* You can now setup a port forward for Elasticsearch to observe APM indices - ``` - kubectl port-forward svc/elasticsearch-master 9200 - curl localhost:9200/_cat/indices - ``` - -## Testing - -This chart uses [pytest](https://docs.pytest.org/en/latest/) to test the templating -logic. The dependencies for testing can be installed from the -[`requirements.txt`](https://github.com/elastic/helm-charts/tree/master/requirements.txt) in the parent directory. - -``` -pip install -r ../requirements.txt -make pytest -``` - -You can also use `helm template` to look at the YAML being generated - -``` -make template -``` - -It is possible to run all of the tests and linting inside of a docker container - -``` -make test -``` - -## Integration Testing - -Integration tests are run using -[goss](https://github.com/aelsabbahy/goss/blob/master/docs/manual.md) which is a -serverspec like tool written in golang. See [goss.yaml](https://github.com/elastic/helm-charts/tree/master/apm-server/examples/default/test/goss.yaml) -for an example of what the tests look like. - -To run the goss tests against the default example: -``` -cd examples/default -make goss -``` + +| Parameter | Description | Default | +|-----------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------| +| `affinity` | Configurable [affinity][] | `{}` | +| `apmConfig` | Allows you to add any config files in `/usr/share/apm-server/config` such as `apm-server.yml` | see [values.yaml][] | +| `autoscaling` | Enable the [horizontal pod autoscaler][] | see [values.yaml][] | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | +| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `extraEnvs` | Extra [environment variables][] which will be appended to the `env:` definition for the container | `[]` | +| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `extraVolumeMounts` | List of additional `volumeMounts` | `[]` | +| `extraVolumes` | List of additional `volumes` | `[]` | +| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to `.Release.Name` - `.Values.nameOverride` or `.Chart.Name` | `""` | +| `hostAliases` | Configurable [hostAliases][] | `[]` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The APM Server Docker image tag | `7.12.0-SNAPSHOT` | +| `image` | The APM Server Docker image | `docker.elastic.co/apm/apm-server` | +| `ingress` | Configurable [ingress][] to expose the APM Server service | see [values.yaml][] | +| `labels` | Configurable [labels][] applied to all APM server pods | `{}` | +| `lifecycle` | Configurable [lifecycle hooks][] | `false` | +| `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this Helm chart. Set this to `false` in order to manage your own service account and related roles | `true` | +| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | +| `nodeSelector` | Configurable [nodeSelector][] | `{}` | +| `podAnnotations` | Configurable [annotations][] applied to all APM Server pods | `{}` | +| `podSecurityContext` | Configurable [podSecurityContext][] for APM Server pod execution environment | see [values.yaml][] | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the `PriorityClass` must be created first | `""` | +| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `replicas` | Number of APM servers to run | `1` | +| `resources` | Allows you to set the [resources][] for the `Deployment` | see [values.yaml][] | +| `secretMounts` | Allows you easily mount a secret as a file inside the `Deployment`. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `serviceAccount` | Custom [serviceAccount][] that APM Server will use during execution. By default will use the `serviceAccount` created by this chart | `""` | +| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}` | +| `service` | Configurable [service][] to expose the APM Server service. See [values.yaml][] for an example | see [values.yaml][] | +| `terminationGracePeriod` | Termination period (in seconds) to wait before killing APM Server pod process on pod shutdown | `30` | +| `tolerations` | Configurable [tolerations][] | `[]` | +| `updateStrategy` | Allows you to change the default [updateStrategy][] for the deployment | see [values.yaml][] | + + +## FAQ + +### How to use APM Server with Elasticsearch with security (authentication and TLS) enabled? + +This Helm chart can use existing [Kubernetes secrets][] to setup +credentials or certificates for examples. These secrets should be created +outside of this chart and accessed using [environment variables][] and volumes. + +An example can be found in [examples/security][]. + +### How to install OSS version of APM Server? + +Deploying OSS version of APM Server can be done by setting `image` value to +[APM Server OSS Docker image][] + +An example of APM Server deployment using OSS version can be found in +[examples/oss][]. + + +## Contributing + +Please check [CONTRIBUTING.md][] before any contribution or for any questions +about our development and testing process. + +[7.x]: https://github.com/elastic/helm-charts/releases +[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/master/BREAKING_CHANGES.md +[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/master/CHANGELOG.md +[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +[apm server docker image]: https://www.elastic.co/guide/en/apm/server/7.12/running-on-docker.html +[apm server oss docker image]: https://www.docker.elastic.co/r/apm/apm-server-oss +[default elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/README.md#default +[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config +[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +[examples]: https://github.com/elastic/helm-charts/tree/7.12/apm-server/examples +[examples/oss]: https://github.com/elastic/helm-charts/tree/7.12/apm-server/examples/oss +[examples/security]: https://github.com/elastic/helm-charts/tree/7.12/apm-server/examples/security +[helm]: https://helm.sh +[horizontal pod autoscaler]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +[hostAliases]: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images +[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +[ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ +[kubernetes secrets]: https://kubernetes.io/docs/concepts/configuration/secret/ +[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +[lifecycle hooks]: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ +[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +[podSecurityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ +[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +[service]: https://kubernetes.io/docs/concepts/services-networking/service/ +[serviceAccount]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +[supported configurations]: https://github.com/elastic/helm-charts/tree/7.12/README.md#supported-configurations +[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[updateStrategy]: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment +[values.yaml]: https://github.com/elastic/helm-charts/tree/7.12/apm-server/values.yaml diff --git a/apm-server/examples/6.x/Makefile b/apm-server/examples/6.x/Makefile deleted file mode 100644 index 539cc2548..000000000 --- a/apm-server/examples/6.x/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -default: test -include ../../../helpers/examples.mk - -RELEASE := helm-es-apm-six - -install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ - -restart: - helm upgrade --set terminationGracePeriod=121 --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ - -test: install goss - -purge: - helm del --purge $(RELEASE) diff --git a/apm-server/examples/6.x/values.yaml b/apm-server/examples/6.x/values.yaml deleted file mode 100644 index 172a29f65..000000000 --- a/apm-server/examples/6.x/values.yaml +++ /dev/null @@ -1 +0,0 @@ -imageTag: "6.8.8" diff --git a/apm-server/examples/default/Makefile b/apm-server/examples/default/Makefile index 23a7eedc6..5658ff024 100644 --- a/apm-server/examples/default/Makefile +++ b/apm-server/examples/default/Makefile @@ -5,9 +5,9 @@ include ../../../helpers/examples.mk RELEASE := helm-apm-server-default install: - helm upgrade --wait --timeout=600 --install $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/apm-server/examples/default/README.md b/apm-server/examples/default/README.md new file mode 100644 index 000000000..4057dc17f --- /dev/null +++ b/apm-server/examples/default/README.md @@ -0,0 +1,27 @@ +# Default + +This example deploy APM Server 7.12.0-SNAPSHOT using [default values][]. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy APM Server chart with the default values: `make install` + +* You can now setup a port forward to query APM indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/default/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/apm-server/examples/default/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/7.12/apm-server/values.yaml diff --git a/apm-server/examples/default/test/goss.yaml b/apm-server/examples/default/test/goss.yaml index 6fa5b0792..a417816ba 100644 --- a/apm-server/examples/default/test/goss.yaml +++ b/apm-server/examples/default/test/goss.yaml @@ -3,4 +3,4 @@ http: status: 200 timeout: 2000 body: - - '7.6.2' + - "7.12.0" diff --git a/apm-server/examples/oss/Makefile b/apm-server/examples/oss/Makefile index 175317b98..686864878 100644 --- a/apm-server/examples/oss/Makefile +++ b/apm-server/examples/oss/Makefile @@ -5,9 +5,9 @@ include ../../../helpers/examples.mk RELEASE := helm-apm-server-oss install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values values.yaml ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/apm-server/examples/oss/README.md b/apm-server/examples/oss/README.md new file mode 100644 index 000000000..9cc3afa00 --- /dev/null +++ b/apm-server/examples/oss/README.md @@ -0,0 +1,27 @@ +# OSS + +This example deploy APM Server 7.12.0-SNAPSHOT using [APM Server OSS][] version. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy APM Server chart with the default values: `make install` + +* You can now setup a port forward to query APM indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[apm server oss]: https://www.elastic.co/downloads/apm-oss +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/default/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/apm-server/examples/oss/test/goss.yaml diff --git a/apm-server/examples/oss/test/goss.yaml b/apm-server/examples/oss/test/goss.yaml index 6fa5b0792..a4561dae0 100644 --- a/apm-server/examples/oss/test/goss.yaml +++ b/apm-server/examples/oss/test/goss.yaml @@ -3,4 +3,9 @@ http: status: 200 timeout: 2000 body: - - '7.6.2' + - '7.12.0' + http://elasticsearch-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - 'apm-oss-7.12.0' diff --git a/apm-server/examples/oss/values.yaml b/apm-server/examples/oss/values.yaml index 330c27b69..69dffa2dc 100644 --- a/apm-server/examples/oss/values.yaml +++ b/apm-server/examples/oss/values.yaml @@ -10,12 +10,8 @@ apmConfig: enabled: false output.elasticsearch: - hosts: ["http://oss-master:9200"] - ## If you have security enabled- you'll need to add the credentials - ## as environment variables - # username: "${ELASTICSEARCH_USERNAME}" - # password: "${ELASTICSEARCH_PASSWORD}" - ## If SSL is enabled - # protocol: https - # ssl.certificate_authorities: - # - /usr/share/apm-server/config/certs/elastic-ca.pem + hosts: ["http://elasticsearch-master:9200"] + index: "apm-oss-%{[observer.version]}-%{+yyyy.MM.dd}" + + setup.template.name: "apm-server" + setup.template.pattern: "apm-oss-*" diff --git a/apm-server/examples/security/Makefile b/apm-server/examples/security/Makefile index 2e9be1f86..47cd9dd3b 100644 --- a/apm-server/examples/security/Makefile +++ b/apm-server/examples/security/Makefile @@ -5,9 +5,9 @@ include ../../../helpers/examples.mk RELEASE := helm-apm-server-security install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values values.yaml ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/apm-server/examples/security/README.md b/apm-server/examples/security/README.md new file mode 100644 index 000000000..eb44529bb --- /dev/null +++ b/apm-server/examples/security/README.md @@ -0,0 +1,28 @@ +# Security + +This example deploy APM Server 7.12.0-SNAPSHOT using authentication and TLS to connect to +Elasticsearch (see [values][]). + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy APM Server chart with security: `make install` + +* You can now setup a port forward to query APM indices: + + ``` + kubectl port-forward svc/security-master 9200 + curl -u elastic:changeme https://localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/security/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/apm-server/examples/security/test/goss.yaml +[values]: https://github.com/elastic/helm-charts/tree/7.12/apm-server/examples/security/values.yaml diff --git a/apm-server/examples/security/test/goss.yaml b/apm-server/examples/security/test/goss.yaml index 6fa5b0792..a417816ba 100644 --- a/apm-server/examples/security/test/goss.yaml +++ b/apm-server/examples/security/test/goss.yaml @@ -3,4 +3,4 @@ http: status: 200 timeout: 2000 body: - - '7.6.2' + - "7.12.0" diff --git a/apm-server/examples/upgrade/Makefile b/apm-server/examples/upgrade/Makefile new file mode 100644 index 000000000..fa16a4d48 --- /dev/null +++ b/apm-server/examples/upgrade/Makefile @@ -0,0 +1,16 @@ +default: test + +include ../../../helpers/examples.mk + +CHART := apm-server +RELEASE := helm-apm-server-upgrade +FROM := 7.6.0 # 7.6.0 is the first release for apm-server + +install: + ../../../helpers/upgrade.sh --chart $(CHART) --release $(RELEASE) --from $(FROM) + kubectl rollout status deployment $(RELEASE)-apm-server + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/apm-server/examples/upgrade/README.md b/apm-server/examples/upgrade/README.md new file mode 100644 index 000000000..835b3c7ed --- /dev/null +++ b/apm-server/examples/upgrade/README.md @@ -0,0 +1,21 @@ +# Upgrade + +This example will deploy APM Server chart using an old chart version, +then upgrade it. + + +## Usage + +* Add the Elastic Helm charts repo: `helm repo add elastic https://helm.elastic.co` + +* Deploy [Elasticsearch Helm chart][]: `helm install elasticsearch elastic/elasticsearch` + +* Deploy and upgrade APM Server chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test`. + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/apm-server/examples/upgrade/test/goss.yaml diff --git a/apm-server/examples/6.x/test/goss.yaml b/apm-server/examples/upgrade/test/goss.yaml similarity index 82% rename from apm-server/examples/6.x/test/goss.yaml rename to apm-server/examples/upgrade/test/goss.yaml index 27a58f3b2..a417816ba 100644 --- a/apm-server/examples/6.x/test/goss.yaml +++ b/apm-server/examples/upgrade/test/goss.yaml @@ -3,4 +3,4 @@ http: status: 200 timeout: 2000 body: - - '6.8.8' + - "7.12.0" diff --git a/apm-server/examples/upgrade/values.yaml b/apm-server/examples/upgrade/values.yaml new file mode 100644 index 000000000..4b66615c5 --- /dev/null +++ b/apm-server/examples/upgrade/values.yaml @@ -0,0 +1,12 @@ +--- +apmConfig: + apm-server.yml: | + apm-server: + host: "0.0.0.0:8200" + + queue: {} + output.file: + enabled: false + + output.elasticsearch: + hosts: ["http://upgrade-master:9200"] diff --git a/apm-server/templates/_helpers.tpl b/apm-server/templates/_helpers.tpl index abc1361ea..d36af2029 100755 --- a/apm-server/templates/_helpers.tpl +++ b/apm-server/templates/_helpers.tpl @@ -19,23 +19,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- end -}} -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "apm.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} -{{- define "apm.autoscaling.apiVersion" -}} -{{- if semverCompare "<1.12-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "autoscaling/v2beta1" -}} -{{- else -}} -{{- print "autoscaling/v2beta2" -}} -{{- end -}} -{{- end -}} {{/* Use the fullname if the serviceAccount value is not set */}} diff --git a/apm-server/templates/clusterrole.yaml b/apm-server/templates/clusterrole.yaml index 6e0d2bc98..2d8e1ebf8 100644 --- a/apm-server/templates/clusterrole.yaml +++ b/apm-server/templates/clusterrole.yaml @@ -1,5 +1,5 @@ {{- if .Values.managedServiceAccount }} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ template "apm.serviceAccount" . }}-cluster-role diff --git a/apm-server/templates/clusterrolebinding.yaml b/apm-server/templates/clusterrolebinding.yaml index 3060496bf..c65b2be8d 100644 --- a/apm-server/templates/clusterrolebinding.yaml +++ b/apm-server/templates/clusterrolebinding.yaml @@ -1,5 +1,5 @@ {{- if .Values.managedServiceAccount }} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "apm.serviceAccount" . }}-cluster-role-binding diff --git a/apm-server/templates/deployment.yaml b/apm-server/templates/deployment.yaml index fa740b32c..fa87cfa5a 100644 --- a/apm-server/templates/deployment.yaml +++ b/apm-server/templates/deployment.yaml @@ -30,11 +30,16 @@ spec: configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} {{- end }} spec: +{{- if .Values.podSecurityContext }} + securityContext: +{{ toYaml .Values.podSecurityContext | indent 10 }} +{{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} - {{- if .Values.serviceAccount }} - serviceAccountName: {{ .Values.serviceAccount }} + serviceAccountName: {{ template "apm.serviceAccount" . }} + {{- if .Values.hostAliases }} + hostAliases: {{ toYaml .Values.hostAliases | nindent 6 }} {{- end }} volumes: {{- range .Values.secretMounts }} @@ -79,20 +84,18 @@ spec: env: {{ toYaml . | nindent 10 }} {{- end }} -{{- if .Values.podSecurityContext }} + {{- if .Values.envFrom }} + envFrom: +{{ toYaml .Values.envFrom | indent 10 }} + {{- end }} +{{- if .Values.securityContext }} securityContext: -{{ toYaml .Values.podSecurityContext | indent 10 }} +{{ toYaml .Values.securityContext | indent 10 }} {{- end }} livenessProbe: - httpGet: - path: / - port: http - initialDelaySeconds: 30 +{{ toYaml .Values.livenessProbe | indent 10 }} readinessProbe: - httpGet: - path: / - port: http - initialDelaySeconds: 30 +{{ toYaml .Values.readinessProbe | indent 10 }} ports: - containerPort: {{ .Values.service.port }} name: http @@ -121,4 +124,4 @@ spec: {{- end }} {{- if .Values.extraContainers }} {{ tpl .Values.extraContainers . | indent 6 }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/apm-server/templates/hpa.yaml b/apm-server/templates/hpa.yaml index 928f25789..b78724124 100644 --- a/apm-server/templates/hpa.yaml +++ b/apm-server/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: {{ template "apm.autoscaling.apiVersion" . }} +apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: name: {{ template "apm.fullname" . }} @@ -14,4 +14,13 @@ spec: apiVersion: apps/v1 kind: Deployment name: {{ template "apm.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.averageCpuUtilization }} {{- end }} diff --git a/apm-server/templates/ingress.yaml b/apm-server/templates/ingress.yaml index bfaa0f0e5..64ebcced9 100644 --- a/apm-server/templates/ingress.yaml +++ b/apm-server/templates/ingress.yaml @@ -2,7 +2,7 @@ {{- $fullName := include "apm.fullname" . -}} {{- $servicePort := .Values.service.port -}} {{- $ingressPath := .Values.ingress.path -}} -apiVersion: {{ template "apm.ingress.apiVersion" . }} +apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: {{ template "apm.fullname" . }} diff --git a/apm-server/templates/service.yaml b/apm-server/templates/service.yaml index 09b8d19e0..f569cb19e 100644 --- a/apm-server/templates/service.yaml +++ b/apm-server/templates/service.yaml @@ -13,6 +13,13 @@ metadata: {{- end }} spec: type: {{ .Values.service.type }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} +{{- end }} +{{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml . | indent 4 }} +{{- end }} ports: - port: {{ .Values.service.port }} {{- with .Values.service.nodePort }} diff --git a/apm-server/templates/serviceaccount.yaml b/apm-server/templates/serviceaccount.yaml index 683838131..c03750aa7 100644 --- a/apm-server/templates/serviceaccount.yaml +++ b/apm-server/templates/serviceaccount.yaml @@ -3,6 +3,10 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "apm.serviceAccount" . }} + annotations: + {{- with .Values.serviceAccountAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} labels: app: "{{ template "apm.fullname" . }}" chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" diff --git a/apm-server/tests/apmserver_test.py b/apm-server/tests/apmserver_test.py index 2ed716433..d60007f3e 100644 --- a/apm-server/tests/apmserver_test.py +++ b/apm-server/tests/apmserver_test.py @@ -26,6 +26,11 @@ def test_defaults(): assert c["image"].startswith("docker.elastic.co/apm/apm-server:") assert c["ports"][0]["containerPort"] == 8200 + # Make sure that the default 'loadBalancerIP' string is empty + assert "loadBalancerIP" not in r["service"][name]["spec"] + + assert "hostAliases" not in r["deployment"][name]["spec"]["template"]["spec"] + def test_adding_a_extra_container(): config = """ @@ -72,6 +77,19 @@ def test_adding_envs(): assert {"name": "LOG_LEVEL", "value": "DEBUG"} in envs +def test_adding_env_from(): + config = """ +envFrom: +- secretRef: + name: secret-name +""" + r = helm_template(config) + secretRef = r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "envFrom" + ][0]["secretRef"] + assert secretRef == {"name": "secret-name"} + + def test_adding_image_pull_secrets(): config = """ imagePullSecrets: @@ -131,16 +149,26 @@ def test_self_managing_rbac_resources(): assert "clusterrolebinding" not in r +def test_setting_container_security_context(): + config = """ +securityContext: + runAsUser: 1001 + privileged: true +""" + r = helm_template(config) + c = r["deployment"][name]["spec"]["template"]["spec"]["containers"][0] + assert c["securityContext"]["runAsUser"] == 1001 + assert c["securityContext"]["privileged"] is True + + def test_setting_pod_security_context(): config = """ podSecurityContext: runAsUser: 1001 - privileged: false """ r = helm_template(config) - c = r["deployment"][name]["spec"]["template"]["spec"]["containers"][0] + c = r["deployment"][name]["spec"]["template"]["spec"] assert c["securityContext"]["runAsUser"] == 1001 - assert c["securityContext"]["privileged"] is False def test_adding_in_apm_config(): @@ -245,6 +273,20 @@ def test_adding_pod_labels(): ) +def test_adding_serviceaccount_annotations(): + config = """ +serviceAccountAnnotations: + eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount +""" + r = helm_template(config) + assert ( + r["serviceaccount"][name]["metadata"]["annotations"][ + "eks.amazonaws.com/role-arn" + ] + == "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount" + ) + + def test_adding_a_node_selector(): config = """ nodeSelector: @@ -314,3 +356,37 @@ def test_setting_fullnameOverride(): ] == project ) + + +def test_enabling_horizontal_pod_autoscaler(): + config = """ +autoscaling: + enabled: true +""" + r = helm_template(config) + + assert "horizontalpodautoscaler" in r + + +def test_hostaliases(): + config = """ +hostAliases: +- ip: "127.0.0.1" + hostnames: + - "foo.local" + - "bar.local" +""" + r = helm_template(config) + hostAliases = r["deployment"][name]["spec"]["template"]["spec"]["hostAliases"] + assert {"ip": "127.0.0.1", "hostnames": ["foo.local", "bar.local"]} in hostAliases + + +def test_adding_loadBalancerIP(): + config = """ + service: + loadBalancerIP: 12.5.11.79 + """ + + r = helm_template(config) + + assert r["service"][name]["spec"]["loadBalancerIP"] == "12.5.11.79" diff --git a/apm-server/values.yaml b/apm-server/values.yaml index f1af513ee..bf2967aef 100755 --- a/apm-server/values.yaml +++ b/apm-server/values.yaml @@ -45,6 +45,13 @@ extraEnvs: [] # name: elastic-credentials # key: password +# Allows you to load environment variables from kubernetes secret or config map +envFrom: [] +# - secretRef: +# name: env-secret +# - configMapRef: +# name: config-map + extraVolumeMounts: [] # - name: extras # mountPath: /usr/share/extras @@ -54,8 +61,14 @@ extraVolumes: [] # - name: extras # emptyDir: {} +hostAliases: [] +#- ip: "127.0.0.1" +# hostnames: +# - "foo.local" +# - "bar.local" + image: "docker.elastic.co/apm/apm-server" -imageTag: "7.6.2" +imageTag: "7.12.0-SNAPSHOT" imagePullPolicy: "IfNotPresent" imagePullSecrets: [] @@ -69,18 +82,31 @@ podAnnotations: {} labels: {} podSecurityContext: - runAsUser: 0 + fsGroup: 1000 + runAsUser: 1000 + runAsGroup: 0 + +securityContext: privileged: false + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 0 livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 30 failureThreshold: 3 - initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 30 failureThreshold: 3 - initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 @@ -90,11 +116,15 @@ resources: memory: "100Mi" limits: cpu: "1000m" - memory: "200Mi" + memory: "512Mi" # Custom service account override that the pod will use serviceAccount: "" +# Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set. +serviceAccountAnnotations: {} + # eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount + # A list of secrets and their paths to mount inside the pod secretMounts: [] # - name: elastic-certificate-pem @@ -123,6 +153,9 @@ fullnameOverride: "" autoscaling: enabled: false + minReplicas: 1 + maxReplicas: 3 + averageCpuUtilization: 50 ingress: enabled: false @@ -139,6 +172,7 @@ ingress: service: type: ClusterIP + loadBalancerIP: "" port: 8200 nodePort: "" annotations: {} diff --git a/elasticsearch/Chart.yaml b/elasticsearch/Chart.yaml index ba269ffc9..4ee440e1a 100755 --- a/elasticsearch/Chart.yaml +++ b/elasticsearch/Chart.yaml @@ -5,8 +5,8 @@ maintainers: - email: helm-charts@elastic.co name: Elastic name: elasticsearch -version: 7.6.2 -appVersion: 7.6.2 +version: 7.12.0-SNAPSHOT +appVersion: 7.12.0-SNAPSHOT sources: - https://github.com/elastic/elasticsearch icon: https://helm.elastic.co/icons/elasticsearch.png diff --git a/elasticsearch/README.md b/elasticsearch/README.md index 6b380b57f..f11bf0106 100644 --- a/elasticsearch/README.md +++ b/elasticsearch/README.md @@ -1,202 +1,263 @@ # Elasticsearch Helm Chart -This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. +[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+master.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/elastic)](https://artifacthub.io/packages/search?repo=elastic) + +This Helm chart is a lightweight way to configure and run our official +[Elasticsearch Docker image][]. + + +**Warning**: This branch is used for development, please use the latest [7.x][] release for released version. + + + + + +- [Requirements](#requirements) +- [Installing](#installing) + - [Install released version using Helm repository](#install-released-version-using-helm-repository) + - [Install development version from a branch](#install-development-version-from-a-branch) +- [Upgrading](#upgrading) +- [Usage notes](#usage-notes) +- [Configuration](#configuration) + - [Deprecated](#deprecated) +- [FAQ](#faq) + - [How to deploy this chart on a specific K8S distribution?](#how-to-deploy-this-chart-on-a-specific-k8s-distribution) + - [How to deploy dedicated nodes types?](#how-to-deploy-dedicated-nodes-types) + - [Clustering and Node Discovery](#clustering-and-node-discovery) + - [How to deploy clusters with security (authentication and TLS) enabled?](#how-to-deploy-clusters-with-security-authentication-and-tls-enabled) + - [How to migrate from helm/charts stable chart?](#how-to-migrate-from-helmcharts-stable-chart) + - [How to install plugins?](#how-to-install-plugins) + - [How to use the keystore?](#how-to-use-the-keystore) + - [Basic example](#basic-example) + - [Multiple keys](#multiple-keys) + - [Custom paths and keys](#custom-paths-and-keys) + - [How to enable snapshotting?](#how-to-enable-snapshotting) + - [How to configure templates post-deployment?](#how-to-configure-templates-post-deployment) +- [Contributing](#contributing) + + + + -This helm chart is a lightweight way to configure and run our official [Elasticsearch docker image](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html) - -## Notice - -[7.6.1](https://github.com/elastic/helm-charts/releases/tag/7.6.1) release is introducing a change for Elasticsearch users upgrading from a previous chart version. -Following our recommandations, the change tracked in [#458](https://github.com/elastic/helm-charts/pull/458) is setting CPU request to the same value as CPU limit. - -For users which don't overwrite default values for CPU requests, Elasticsearch pod will now request `1000m` CPU instead of `100m` CPU. This may impact the resources (nodes) required in your Kubernetes cluster to deploy Elasticsearch chart. - -If you wish to come back to former values, you just need to override CPU requests when deploying your Helm Chart. - -- Overriding CPU requests in commandline argument: -``` -helm install --name elasticsearch --set resources.requests.cpu=100m elastic/elasticsearch -``` - -- Overriding CPU requests in your custom `values.yaml` file: -``` -resources: - requests: - cpu: "100m" -``` ## Requirements -* [Helm](https://helm.sh/) >=2.8.0 and <3.0.0 (see parent [README](https://github.com/elastic/helm-charts/tree/master/README.md) for more details) -* Kubernetes >=1.8 -* Minimum cluster requirements include the following to run this chart with default settings. All of these settings are configurable. +* Kubernetes >= 1.14 +* [Helm][] >= 2.17.0 +* Minimum cluster requirements include the following to run this chart with +default settings. All of these settings are configurable. * Three Kubernetes nodes to respect the default "hard" affinity settings * 1GB of RAM for the JVM heap -## Usage notes and getting started - -* This repo includes a number of [example](https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples) configurations which can be used as a reference. They are also used in the automated testing of this chart -* Automated testing of this chart is currently only run against GKE (Google Kubernetes Engine). -* The chart deploys a statefulset and by default will do an automated rolling update of your cluster. It does this by waiting for the cluster health to become green after each instance is updated. If you prefer to update manually you can set [`updateStrategy: OnDelete`](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#on-delete) -* It is important to verify that the JVM heap size in `esJavaOpts` and to set the CPU/Memory `resources` to something suitable for your cluster -* To simplify chart and maintenance each set of node groups is deployed as a separate helm release. Take a look at the [multi](https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/multi) example to get an idea for how this works. Without doing this it isn't possible to resize persistent volumes in a statefulset. By setting it up this way it makes it possible to add more nodes with a new storage size then drain the old ones. It also solves the problem of allowing the user to determine which node groups to update first when doing upgrades or changes. -* We have designed this chart to be very un-opinionated about how to configure Elasticsearch. It exposes ways to set environment variables and mount secrets inside of the container. Doing this makes it much easier for this chart to support multiple versions with minimal changes. - -## Migration from helm/charts stable - -If you currently have a cluster deployed with the [helm/charts stable](https://github.com/helm/charts/tree/master/stable/elasticsearch) chart you can follow the [migration guide](https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/migration/README.md) +See [supported configurations][] for more details. ## Installing -### Using Helm repository - -* Add the elastic helm charts repo - ``` - helm repo add elastic https://helm.elastic.co - ``` -* Install it - ``` - helm install --name elasticsearch elastic/elasticsearch - ``` - -### Using master branch +This chart is tested with the latest 7.12.0-SNAPSHOT version. -* Clone the git repo - ``` - git clone git@github.com:elastic/helm-charts.git - ``` -* Install it - ``` - helm install --name elasticsearch ./helm-charts/elasticsearch - ``` +### Install released version using Helm repository -## Compatibility +* Add the Elastic Helm charts repo: +`helm repo add elastic https://helm.elastic.co` -This chart is tested with the latest supported versions. The currently tested versions are: - -| 6.x | 7.x | -| ----- | ----- | -| 6.8.8 | 7.6.2 | - -Examples of installing older major versions can be found in the [examples](https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples) directory. - -While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.6.2` of Elasticsearch it would look like this: - -``` -helm install --name elasticsearch elastic/elasticsearch --set imageTag=7.6.2 -``` +* Install it: + - with Helm 3: `helm install elasticsearch --version elastic/elasticsearch` + - with Helm 2 (deprecated): `helm install --name elasticsearch --version elastic/elasticsearch` -## Configuration +### Install development version from a branch -| Parameter | Description | Default | -| ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | -| `clusterName` | This will be used as the Elasticsearch [cluster.name](https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster.name.html) and should be unique per cluster in the namespace | `elasticsearch` | -| `nodeGroup` | This is the name that will be used for each group of nodes in the cluster. The name will be `clusterName-nodeGroup-X`, `nameOverride-nodeGroup-X` if a nameOverride is specified, and `fullnameOverride-X` if a fullnameOverride is specified | `master` | -| `masterService` | Optional. The service name used to connect to the masters. You only need to set this if your master `nodeGroup` is set to something other than `master`. See [Clustering and Node Discovery](https://github.com/elastic/helm-charts/tree/master/elasticsearch/README.md#clustering-and-node-discovery) for more information | `` | -| `roles` | A hash map with the [specific roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) for the node group | `master: true`
`data: true`
`ingest: true` | -| `replicas` | Kubernetes replica count for the statefulset (i.e. how many pods) | `3` | -| `minimumMasterNodes` | The value for [discovery.zen.minimum_master_nodes](https://www.elastic.co/guide/en/elasticsearch/reference/6.7/discovery-settings.html#minimum_master_nodes). Should be set to `(master_eligible_nodes / 2) + 1`. Ignored in Elasticsearch versions >= 7. | `2` | -| `esMajorVersion` | Used to set major version specific configuration. If you are using a custom image and not running the default Elasticsearch version you will need to set this to the version you are running (e.g. `esMajorVersion: 6`) | `""` | -| `esConfig` | Allows you to add any config files in `/usr/share/elasticsearch/config/` such as `elasticsearch.yml` and `log4j2.properties`. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/elasticsearch/values.yaml) for an example of the formatting. | `{}` | -| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` | -| `extraVolumes` | Templatable string of additional volumes to be passed to the `tpl` function | `""` | -| `extraVolumeMounts` | Templatable string of additional volumeMounts to be passed to the `tpl` function | `""` | -| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | -| `extraInitContainers` | Templatable string of additional init containers to be passed to the `tpl` function | `""` | -| `secretMounts` | Allows you easily mount a secret as a file inside the statefulset. Useful for mounting certificates and other secrets. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/elasticsearch/values.yaml) for an example | `[]` | -| `image` | The Elasticsearch docker image | `docker.elastic.co/elasticsearch/elasticsearch` | -| `imageTag` | The Elasticsearch docker image tag | `7.6.2` | -| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` | -| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Elasticsearch pods | `{}` | -| `labels` | Configurable [label](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) applied to all Elasticsearch pods | `{}` | -| `esJavaOpts` | [Java options](https://www.elastic.co/guide/en/elasticsearch/reference/current/jvm-options.html) for Elasticsearch. This is where you should configure the [jvm heap size](https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html) | `-Xmx1g -Xms1g` | -| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the statefulset | `requests.cpu: 1000m`
`requests.memory: 2Gi`
`limits.cpu: 1000m`
`limits.memory: 2Gi` | -| `initResources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the initContainer in the statefulset | {} | -| `sidecarResources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the sidecar containers in the statefulset | {} | -| `networkHost` | Value for the [network.host Elasticsearch setting](https://www.elastic.co/guide/en/elasticsearch/reference/current/network.host.html) | `0.0.0.0` | -| `volumeClaimTemplate` | Configuration for the [volumeClaimTemplate for statefulsets](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-storage). You will want to adjust the storage (default `30Gi`) and the `storageClassName` if you are using a different storage class | `accessModes: [ "ReadWriteOnce" ]`
`resources.requests.storage: 30Gi` | -| `persistence.annotations` | Additional persistence annotations for the `volumeClaimTemplate` | `{}` | -| `persistence.enabled` | Enables a persistent volume for Elasticsearch data. Can be disabled for nodes that only have [roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) which don't require persistent data. | `true` | -| `priorityClassName` | The [name of the PriorityClass](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). No default is supplied as the PriorityClass must be created first. | `""` | -| `antiAffinityTopologyKey` | The [anti-affinity topology key](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). By default this will prevent multiple Elasticsearch nodes from running on the same Kubernetes node | `kubernetes.io/hostname` | -| `antiAffinity` | Setting this to hard enforces the [anti-affinity rules](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). If it is set to soft it will be done "best effort". Other values will be ignored. | `hard` | -| `nodeAffinity` | Value for the [node affinity settings](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature) | `{}` | -| `podManagementPolicy` | By default Kubernetes [deploys statefulsets serially](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies). This deploys them in parallel so that they can discover eachother | `Parallel` | -| `protocol` | The protocol that will be used for the readinessProbe. Change this to `https` if you have `xpack.security.http.ssl.enabled` set | `http` | -| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service. If you change this you will also need to set [http.port](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html#_settings) in `extraEnvs` | `9200` | -| `transportPort` | The transport port that Kubernetes will use for the service. If you change this you will also need to set [transport port configuration](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html#_transport_settings) in `extraEnvs` | `9300` | -| `service.labels` | Labels to be added to non-headless service | `{}` | -| `service.labelsHeadless` | Labels to be added to headless service | `{}` | -| `service.loadBalancerIP` | Some cloud providers allow you to specify the loadBalancerIP. If the loadBalancerIP field is not specified, the IP is dynamically assigned. If you specify a loadBalancerIP but your cloud provider does not support the feature, the loadbalancerIP field is ignored. [LoadBalancer options](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) | `""` | -| `service.type` | Type of elasticsearch service. [Service Types](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | `ClusterIP` | -| `service.nodePort` | Custom [nodePort](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport) port that can be set if you are using `service.type: nodePort`. | `` | -| `service.annotations` | Annotations that Kubernetes will use for the service. This will configure load balancer if `service.type` is `LoadBalancer` [Annotations](https://kubernetes.io/docs/concepts/services-networking/service/#ssl-support-on-aws) | `{}` | -| `service.httpPortName` | The name of the http port within the service | `http` | -| `service.transportPortName` | The name of the transport port within the service | `transport` | -| `service.loadBalancerSourceRanges` | The IP ranges that are allowed to access | `[]` | -| `updateStrategy` | The [updateStrategy](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) for the statefulset. By default Kubernetes will wait for the cluster to be green after upgrading each pod. Setting this to `OnDelete` will allow you to manually delete each pod during upgrades | `RollingUpdate` | -| `maxUnavailable` | The [maxUnavailable](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget) value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` | -| `fsGroup (DEPRECATED)` | The Group ID (GID) for [securityContext.fsGroup](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) so that the Elasticsearch user can read from the persistent volume | `` | -| `podSecurityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000`
`runAsUser: 1000` | -| `securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the container | `capabilities.drop:[ALL]`
`runAsNonRoot: true`
`runAsUser: 1000` | -| `terminationGracePeriod` | The [terminationGracePeriod](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) in seconds used when trying to stop the pod | `120` | -| `sysctlInitContainer.enabled` | Allows you to disable the sysctlInitContainer if you are setting vm.max_map_count with another method | `true` | -| `sysctlVmMaxMapCount` | Sets the [sysctl vm.max_map_count](https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html#vm-max-map-count) needed for Elasticsearch | `262144` | -| `readinessProbe` | Configuration fields for the [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` | -| `clusterHealthCheckParams` | The [Elasticsearch cluster health status params](https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params) that will be used by readinessProbe command | `wait_for_status=green&timeout=1s` | -| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` | -| `nodeSelector` | Configurable [nodeSelector](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) so that you can target specific nodes for your Elasticsearch cluster | `{}` | -| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| `ingress` | Configurable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose the Elasticsearch service. See [`values.yaml`](https://github.com/elastic/helm-charts/tree/master/elasticsearch/values.yaml) for an example | `enabled: false` | -| `schedulerName` | Name of the [alternate scheduler](https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods) | `nil` | -| `masterTerminationFix` | A workaround needed for Elasticsearch < 7.2 to prevent master status being lost during restarts [#63](https://github.com/elastic/helm-charts/issues/63) | `false` | -| `lifecycle` | Allows you to add lifecycle configuration. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/elasticsearch/values.yaml) for an example of the formatting. | `{}` | -| `keystore` | Allows you map Kubernetes secrets into the keystore. See the [config example](https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/config/values.yaml) and [how to use the keystore](https://github.com/elastic/helm-charts/tree/master/elasticsearch/README.md#how-to-use-the-keystore) | `[]` | -| `rbac` | Configuration for creating a role, role binding and service account as part of this helm chart with `create: true`. Also can be used to reference an external service account with `serviceAccountName: "externalServiceAccountName"`. | `create: false`
`serviceAccountName: ""` | -| `podSecurityPolicy` | Configuration for create a pod security policy with minimal permissions to run this Helm chart with `create: true`. Also can be used to reference an external pod security policy with `name: "externalPodSecurityPolicy"` | `create: false`
`name: ""` | -| `nameOverride` | Overrides the clusterName when used in the naming of resources | `""` | -| `fullnameOverride` | Overrides the clusterName and nodeGroup when used in the naming of resources. This should only be used when using a single nodeGroup, otherwise you will have name conflicts | `""` | - -## Try it out - -In [examples/](https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples) you will find some example configurations. These examples are used for the automated testing of this helm chart - -### Default - -To deploy a cluster with all default values and run the integration tests +* Clone the git repo: `git clone git@github.com:elastic/helm-charts.git` -``` -cd examples/default -make -``` +* Checkout the branch : `git checkout 7.12` -### Multi +* Install it: + - with Helm 3: `helm install elasticsearch ./helm-charts/elasticsearch --set imageTag=7.12.0-SNAPSHOT` + - with Helm 2 (deprecated): `helm install --name elasticsearch ./helm-charts/elasticsearch --set imageTag=7.12.0-SNAPSHOT` -A cluster with dedicated node types -``` -cd examples/multi -make -``` +## Upgrading -### Security +Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before +upgrading to a new chart version. -A cluster with node to node security and https enabled. This example uses autogenerated certificates and password, for a production deployment you want to generate SSL certificates following the [official docs](https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html#node-certificates). -* Generate the certificates and install Elasticsearch - ``` - cd examples/security - make +## Usage notes - # Run a curl command to interact with the cluster - kubectl exec -ti security-master-0 -- sh -c 'curl -u $ELASTIC_USERNAME:$ELASTIC_PASSWORD -k https://localhost:9200/_cluster/health?pretty' - ``` +* This repo includes a number of [examples][] configurations which can be used +as a reference. They are also used in the automated testing of this chart. +* Automated testing of this chart is currently only run against GKE (Google +Kubernetes Engine). +* The chart deploys a StatefulSet and by default will do an automated rolling +update of your cluster. It does this by waiting for the cluster health to become +green after each instance is updated. If you prefer to update manually you can +set `OnDelete` [updateStrategy][]. +* It is important to verify that the JVM heap size in `esJavaOpts` and to set +the CPU/Memory `resources` to something suitable for your cluster. +* To simplify chart and maintenance each set of node groups is deployed as a +separate Helm release. Take a look at the [multi][] example to get an idea for +how this works. Without doing this it isn't possible to resize persistent +volumes in a StatefulSet. By setting it up this way it makes it possible to add +more nodes with a new storage size then drain the old ones. It also solves the +problem of allowing the user to determine which node groups to update first when +doing upgrades or changes. +* We have designed this chart to be very un-opinionated about how to configure +Elasticsearch. It exposes ways to set environment variables and mount secrets +inside of the container. Doing this makes it much easier for this chart to +support multiple versions with minimal changes. -### FAQ -#### How to install plugins? +## Configuration -The [recommended](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_c_customized_image) way to install plugins into our docker images is to create a custom docker image. +| Parameter | Description | Default | +|------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------| +| `antiAffinityTopologyKey` | The [anti-affinity][] topology key. By default this will prevent multiple Elasticsearch nodes from running on the same Kubernetes node | `kubernetes.io/hostname` | +| `antiAffinity` | Setting this to hard enforces the [anti-affinity][] rules. If it is set to soft it will be done "best effort". Other values will be ignored | `hard` | +| `clusterHealthCheckParams` | The [Elasticsearch cluster health status params][] that will be used by readiness [probe][] command | `wait_for_status=green&timeout=1s` | +| `clusterName` | This will be used as the Elasticsearch [cluster.name][] and should be unique per cluster in the namespace | `elasticsearch` | +| `enableServiceLinks` | Set to false to disabling service links, which can cause slow pod startup times when there are many services in the current namespace. | `true` | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | +| `esConfig` | Allows you to add any config files in `/usr/share/elasticsearch/config/` such as `elasticsearch.yml` and `log4j2.properties`. See [values.yaml][] for an example of the formatting | `{}` | +| `esJavaOpts` | [Java options][] for Elasticsearch. This is where you should configure the [jvm heap size][] | `-Xmx1g -Xms1g` | +| `esMajorVersion` | Used to set major version specific configuration. If you are using a custom image and not running the default Elasticsearch version you will need to set this to the version you are running (e.g. `esMajorVersion: 6`) | `""` | +| `extraContainers` | Templatable string of additional `containers` to be passed to the `tpl` function | `""` | +| `extraEnvs` | Extra [environment variables][] which will be appended to the `env:` definition for the container | `[]` | +| `extraInitContainers` | Templatable string of additional `initContainers` to be passed to the `tpl` function | `""` | +| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function | `""` | +| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function | `""` | +| `fullnameOverride` | Overrides the `clusterName` and `nodeGroup` when used in the naming of resources. This should only be used when using a single `nodeGroup`, otherwise you will have name conflicts | `""` | +| `hostAliases` | Configurable [hostAliases][] | `[]` | +| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service. If you change this you will also need to set [http.port][] in `extraEnvs` | `9200` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The Elasticsearch Docker image tag | `7.12.0-SNAPSHOT` | +| `image` | The Elasticsearch Docker image | `docker.elastic.co/elasticsearch/elasticsearch` | +| `ingress` | Configurable [ingress][] to expose the Elasticsearch service. See [values.yaml][] for an example | see [values.yaml][] | +| `initResources` | Allows you to set the [resources][] for the `initContainer` in the StatefulSet | `{}` | +| `keystore` | Allows you map Kubernetes secrets into the keystore. See the [config example][] and [how to use the keystore][] | `[]` | +| `labels` | Configurable [labels][] applied to all Elasticsearch pods | `{}` | +| `lifecycle` | Allows you to add [lifecycle hooks][]. See [values.yaml][] for an example of the formatting | `{}` | +| `masterService` | The service name used to connect to the masters. You only need to set this if your master `nodeGroup` is set to something other than `master`. See [Clustering and Node Discovery][] for more information | `""` | +| `masterTerminationFix` | A workaround needed for Elasticsearch < 7.2 to prevent master status being lost during restarts [#63][] | `false` | +| `maxUnavailable` | The [maxUnavailable][] value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` | +| `minimumMasterNodes` | The value for [discovery.zen.minimum_master_nodes][]. Should be set to `(master_eligible_nodes / 2) + 1`. Ignored in Elasticsearch versions >= 7 | `2` | +| `nameOverride` | Overrides the `clusterName` when used in the naming of resources | `""` | +| `networkHost` | Value for the [network.host Elasticsearch setting][] | `0.0.0.0` | +| `networkPolicy` | The [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to set. See [`values.yaml`](./values.yaml) for an example | `{http.enabled: false,transport.enabled: false}`| +| `nodeAffinity` | Value for the [node affinity settings][] | `{}` | +| `nodeGroup` | This is the name that will be used for each group of nodes in the cluster. The name will be `clusterName-nodeGroup-X` , `nameOverride-nodeGroup-X` if a `nameOverride` is specified, and `fullnameOverride-X` if a `fullnameOverride` is specified | `master` | +| `nodeSelector` | Configurable [nodeSelector][] so that you can target specific nodes for your Elasticsearch cluster | `{}` | +| `persistence` | Enables a persistent volume for Elasticsearch data. Can be disabled for nodes that only have [roles][] which don't require persistent data | see [values.yaml][] | +| `podAnnotations` | Configurable [annotations][] applied to all Elasticsearch pods | `{}` | +| `podManagementPolicy` | By default Kubernetes [deploys StatefulSets serially][]. This deploys them in parallel so that they can discover each other | `Parallel` | +| `podSecurityContext` | Allows you to set the [securityContext][] for the pod | see [values.yaml][] | +| `podSecurityPolicy` | Configuration for create a pod security policy with minimal permissions to run this Helm chart with `create: true`. Also can be used to reference an external pod security policy with `name: "externalPodSecurityPolicy"` | see [values.yaml][] | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | +| `protocol` | The protocol that will be used for the readiness [probe][]. Change this to `https` if you have `xpack.security.http.ssl.enabled` set | `http` | +| `rbac` | Configuration for creating a role, role binding and ServiceAccount as part of this Helm chart with `create: true`. Also can be used to reference an external ServiceAccount with `serviceAccountName: "externalServiceAccountName"` | see [values.yaml][] | +| `readinessProbe` | Configuration fields for the readiness [probe][] | see [values.yaml][] | +| `replicas` | Kubernetes replica count for the StatefulSet (i.e. how many pods) | `3` | +| `resources` | Allows you to set the [resources][] for the StatefulSet | see [values.yaml][] | +| `roles` | A hash map with the specific [roles][] for the `nodeGroup` | see [values.yaml][] | +| `schedulerName` | Name of the [alternate scheduler][] | `""` | +| `secretMounts` | Allows you easily mount a secret as a file inside the StatefulSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `securityContext` | Allows you to set the [securityContext][] for the container | see [values.yaml][] | +| `service.annotations` | [LoadBalancer annotations][] that Kubernetes will use for the service. This will configure load balancer if `service.type` is `LoadBalancer` | `{}` | +| `service.externalTrafficPolicy` | Some cloud providers allow you to specify the [LoadBalancer externalTrafficPolicy][]. Kubernetes will use this to preserve the client source IP. This will configure load balancer if `service.type` is `LoadBalancer` | `""` | +| `service.httpPortName` | The name of the http port within the service | `http` | +| `service.labelsHeadless` | Labels to be added to headless service | `{}` | +| `service.labels` | Labels to be added to non-headless service | `{}` | +| `service.loadBalancerIP` | Some cloud providers allow you to specify the [loadBalancer][] IP. If the `loadBalancerIP` field is not specified, the IP is dynamically assigned. If you specify a `loadBalancerIP` but your cloud provider does not support the feature, it is ignored. | `""` | +| `service.loadBalancerSourceRanges` | The IP ranges that are allowed to access | `[]` | +| `service.nodePort` | Custom [nodePort][] port that can be set if you are using `service.type: nodePort` | `""` | +| `service.transportPortName` | The name of the transport port within the service | `transport` | +| `service.type` | Elasticsearch [Service Types][] | `ClusterIP` | +| `sidecarResources` | Allows you to set the [resources][] for the sidecar containers in the StatefulSet | {} | +| `sysctlInitContainer` | Allows you to disable the `sysctlInitContainer` if you are setting [sysctl vm.max_map_count][] with another method | `enabled: true` | +| `sysctlVmMaxMapCount` | Sets the [sysctl vm.max_map_count][] needed for Elasticsearch | `262144` | +| `terminationGracePeriod` | The [terminationGracePeriod][] in seconds used when trying to stop the pod | `120` | +| `tolerations` | Configurable [tolerations][] | `[]` | +| `transportPort` | The transport port that Kubernetes will use for the service. If you change this you will also need to set [transport port configuration][] in `extraEnvs` | `9300` | +| `updateStrategy` | The [updateStrategy][] for the StatefulSet. By default Kubernetes will wait for the cluster to be green after upgrading each pod. Setting this to `OnDelete` will allow you to manually delete each pod during upgrades | `RollingUpdate` | +| `volumeClaimTemplate` | Configuration for the [volumeClaimTemplate for StatefulSets][]. You will want to adjust the storage (default `30Gi` ) and the `storageClassName` if you are using a different storage class | see [values.yaml][] | + +### Deprecated + +| Parameter | Description | Default | +|-----------|---------------------------------------------------------------------------------------------------------------|---------| +| `fsGroup` | The Group ID (GID) for [securityContext][] so that the Elasticsearch user can read from the persistent volume | `""` | + + +## FAQ + +### How to deploy this chart on a specific K8S distribution? + +This chart is designed to run on production scale Kubernetes clusters with +multiple nodes, lots of memory and persistent storage. For that reason it can be +a bit tricky to run them against local Kubernetes environments such as +[Minikube][]. + +This chart is highly tested with [GKE][], but some K8S distribution also +requires specific configurations. + +We provide examples of configuration for the following K8S providers: + +- [Docker for Mac][] +- [KIND][] +- [Minikube][] +- [MicroK8S][] +- [OpenShift][] + +### How to deploy dedicated nodes types? + +All the Elasticsearch pods deployed share the same configuration. If you need to +deploy dedicated [nodes types][] (for example dedicated master and data nodes), +you can deploy multiple releases of this chart with different configurations +while they share the same `clusterName` value. + +For each Helm release, the nodes types can then be defined using `roles` value. + +An example of Elasticsearch cluster using 2 different Helm releases for master +and data nodes can be found in [examples/multi][]. + +#### Clustering and Node Discovery + +This chart facilitates Elasticsearch node discovery and services by creating two +`Service` definitions in Kubernetes, one with the name `$clusterName-$nodeGroup` +and another named `$clusterName-$nodeGroup-headless`. +Only `Ready` pods are a part of the `$clusterName-$nodeGroup` service, while all +pods ( `Ready` or not) are a part of `$clusterName-$nodeGroup-headless`. + +If your group of master nodes has the default `nodeGroup: master` then you can +just add new groups of nodes with a different `nodeGroup` and they will +automatically discover the correct master. If your master nodes have a different +`nodeGroup` name then you will need to set `masterService` to +`$clusterName-$masterNodeGroup`. + +The chart value for `masterService` is used to populate +`discovery.zen.ping.unicast.hosts` , which Elasticsearch nodes will use to +contact master nodes and form a cluster. +Therefore, to add a group of nodes to an existing cluster, setting +`masterService` to the desired `Service` name of the related cluster is +sufficient. + +### How to deploy clusters with security (authentication and TLS) enabled? + +This Helm chart can use existing [Kubernetes secrets][] to setup +credentials or certificates for examples. These secrets should be created +outside of this chart and accessed using [environment variables][] and volumes. + +An example of Elasticsearch cluster using security can be found in +[examples/security][]. + +### How to migrate from helm/charts stable chart? + +If you currently have a cluster deployed with the [helm/charts stable][] chart +you can follow the [migration guide][]. + +### How to install plugins? + +The recommended way to install plugins into our Docker images is to create a +[custom Docker image][]. The Dockerfile would look something like: @@ -211,158 +272,185 @@ And then updating the `image` in values to point to your custom image. There are a couple reasons we recommend this. -1. Tying the availability of Elasticsearch to the download service to install plugins is not a great idea or something that we recommend. Especially in Kubernetes where it is normal and expected for a container to be moved to another host at random times. -2. Mutating the state of a running docker image (by installing plugins) goes against best practices of containers and immutable infrastructure. - -#### How to use the keystore? +1. Tying the availability of Elasticsearch to the download service to install +plugins is not a great idea or something that we recommend. Especially in +Kubernetes where it is normal and expected for a container to be moved to +another host at random times. +2. Mutating the state of a running Docker image (by installing plugins) goes +against best practices of containers and immutable infrastructure. +### How to use the keystore? -##### Basic example +#### Basic example -Create the secret, the key name needs to be the keystore key path. In this example we will create a secret from a file and from a literal string. +Create the secret, the key name needs to be the keystore key path. In this +example we will create a secret from a file and from a literal string. ``` -kubectl create secret generic encryption_key --from-file=xpack.watcher.encryption_key=./watcher_encryption_key -kubectl create secret generic slack_hook --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' +kubectl create secret generic encryption-key --from-file=xpack.watcher.encryption_key=./watcher_encryption_key +kubectl create secret generic slack-hook --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' ``` To add these secrets to the keystore: + ``` keystore: - - secretName: encryption_key - - secretName: slack_hook + - secretName: encryption-key + - secretName: slack-hook ``` -##### Multiple keys +#### Multiple keys -All keys in the secret will be added to the keystore. To create the previous example in one secret you could also do: +All keys in the secret will be added to the keystore. To create the previous +example in one secret you could also do: ``` -kubectl create secret generic keystore_secrets --from-file=xpack.watcher.encryption_key=./watcher_encryption_key --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' +kubectl create secret generic keystore-secrets --from-file=xpack.watcher.encryption_key=./watcher_encryption_key --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' ``` ``` keystore: - - secretName: keystore_secrets + - secretName: keystore-secrets ``` -##### Custom paths and keys +#### Custom paths and keys -If you are using these secrets for other applications (besides the Elasticsearch keystore) then it is also possible to specify the keystore path and which keys you want to add. Everything specified under each `keystore` item will be passed through to the `volumeMounts` section for [mounting the secret](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets). In this example we will only add the `slack_hook` key from a secret that also has other keys. Our secret looks like this: +If you are using these secrets for other applications (besides the Elasticsearch +keystore) then it is also possible to specify the keystore path and which keys +you want to add. Everything specified under each `keystore` item will be passed +through to the `volumeMounts` section for mounting the [secret][]. In this +example we will only add the `slack_hook` key from a secret that also has other +keys. Our secret looks like this: ``` -kubectl create secret generic slack_secrets --from-literal=slack_channel='#general' --from-literal=slack_hook='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' +kubectl create secret generic slack-secrets --from-literal=slack_channel='#general' --from-literal=slack_hook='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' ``` -We only want to add the `slack_hook` key to the keystore at path `xpack.notification.slack.account.monitoring.secure_url`. +We only want to add the `slack_hook` key to the keystore at path +`xpack.notification.slack.account.monitoring.secure_url`: ``` keystore: - - secretName: slack_secrets + - secretName: slack-secrets items: - key: slack_hook path: xpack.notification.slack.account.monitoring.secure_url ``` -You can also take a look at the [config example](https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/config/) which is used as part of the automated testing pipeline. - -#### How to enable snapshotting? - -1. Install your [snapshot plugin](https://www.elastic.co/guide/en/elasticsearch/plugins/current/repository.html) into a custom docker image following the [how to install plugins guide](https://github.com/elastic/helm-charts/tree/master/elasticsearch/README.md#how-to-install-plugins) -2. Add any required secrets or credentials into an Elasticsearch keystore following the [how to use the keystore guide](https://github.com/elastic/helm-charts/tree/master/elasticsearch/README.md#how-to-use-the-keystore) -3. Configure the [snapshot repository](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html) as you normally would. -4. To automate snapshots you can use a tool like [curator](https://www.elastic.co/guide/en/elasticsearch/client/curator/current/snapshot.html). In the future there are plans to have Elasticsearch manage automated snapshots with [Snapshot Lifecycle Management](https://github.com/elastic/elasticsearch/issues/38461). - -### Local development environments - -This chart is designed to run on production scale Kubernetes clusters with multiple nodes, lots of memory and persistent storage. For that reason it can be a bit tricky to run them against local Kubernetes environments such as minikube. Below are some examples of how to get this working locally. - -#### Minikube - -This chart also works successfully on [minikube](https://kubernetes.io/docs/setup/minikube/) in addition to typical hosted Kubernetes environments. -An example `values.yaml` file for minikube is provided under `examples/`. - -In order to properly support the required persistent volume claims for the Elasticsearch `StatefulSet`, the `default-storageclass` and `storage-provisioner` minikube addons must be enabled. - -``` -minikube addons enable default-storageclass -minikube addons enable storage-provisioner -cd examples/minikube -make -``` - -Note that if `helm` or `kubectl` timeouts occur, you may consider creating a minikube VM with more CPU cores or memory allocated. - -#### Docker for Mac - Kubernetes - -It is also possible to run this chart with the built in Kubernetes cluster that comes with [docker-for-mac](https://docs.docker.com/docker-for-mac/kubernetes/). - -``` -cd examples/docker-for-mac -make -``` - -#### KIND - Kubernetes - -It is also possible to run this chart using a Kubernetes [KIND (Kubernetes in Docker)](https://github.com/kubernetes-sigs/kind) cluster: - -``` -cd examples/kubernetes-kind -make -``` - -#### MicroK8S - -It is also possible to run this chart using [MicroK8S](https://microk8s.io): - -``` -microk8s.enable dns -microk8s.enable helm -microk8s.enable storage -cd examples/microk8s -make -``` - -## Clustering and Node Discovery - -This chart facilitates Elasticsearch node discovery and services by creating two `Service` definitions in Kubernetes, one with the name `$clusterName-$nodeGroup` and another named `$clusterName-$nodeGroup-headless`. -Only `Ready` pods are a part of the `$clusterName-$nodeGroup` service, while all pods (`Ready` or not) are a part of `$clusterName-$nodeGroup-headless`. - -If your group of master nodes has the default `nodeGroup: master` then you can just add new groups of nodes with a different `nodeGroup` and they will automatically discover the correct master. If your master nodes have a different `nodeGroup` name then you will need to set `masterService` to `$clusterName-$masterNodeGroup`. - -The chart value for `masterService` is used to populate `discovery.zen.ping.unicast.hosts`, which Elasticsearch nodes will use to contact master nodes and form a cluster. -Therefore, to add a group of nodes to an existing cluster, setting `masterService` to the desired `Service` name of the related cluster is sufficient. - -For an example of deploying both a group master nodes and data nodes using multiple releases of this chart, see the accompanying values files in `examples/multi`. - -## Testing - -This chart uses [pytest](https://docs.pytest.org/en/latest/) to test the templating logic. The dependencies for testing can be installed from the [`requirements.txt`](https://github.com/elastic/helm-charts/tree/master/requirements.txt) in the parent directory. - -``` -pip install -r ../requirements.txt -make pytest -``` - -You can also use `helm template` to look at the YAML being generated - -``` -make template -``` - -It is possible to run all of the tests and linting inside of a docker container - -``` -make test -``` - -## Integration Testing - -Integration tests are run using [goss](https://github.com/aelsabbahy/goss/blob/master/docs/manual.md) which is a serverspec like tool written in golang. See [goss.yaml](https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/default/test/goss.yaml) for an example of what the tests look like. - -To run the goss tests against the default example: - -``` -cd examples/default -make goss -``` +You can also take a look at the [config example][] which is used as part of the +automated testing pipeline. + +### How to enable snapshotting? + +1. Install your [snapshot plugin][] into a custom Docker image following the +[how to install plugins guide][]. +2. Add any required secrets or credentials into an Elasticsearch keystore +following the [how to use the keystore][] guide. +3. Configure the [snapshot repository][] as you normally would. +4. To automate snapshots you can use [Snapshot Lifecycle Management][] or a tool +like [curator][]. + +### How to configure templates post-deployment? + +You can use `postStart` [lifecycle hooks][] to run code triggered after a +container is created. + +Here is an example of `postStart` hook to configure templates: + +```yaml +lifecycle: + postStart: + exec: + command: + - bash + - -c + - | + #!/bin/bash + # Add a template to adjust number of shards/replicas + TEMPLATE_NAME=my_template + INDEX_PATTERN="logstash-*" + SHARD_COUNT=8 + REPLICA_COUNT=1 + ES_URL=http://localhost:9200 + while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done + curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}' +``` + + +## Contributing + +Please check [CONTRIBUTING.md][] before any contribution or for any questions +about our development and testing process. + +[7.x]: https://github.com/elastic/helm-charts/releases +[#63]: https://github.com/elastic/helm-charts/issues/63 +[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/master/BREAKING_CHANGES.md +[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/master/CHANGELOG.md +[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md +[alternate scheduler]: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods +[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +[anti-affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +[cluster.name]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/important-settings.html#cluster-name +[clustering and node discovery]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/README.md#clustering-and-node-discovery +[config example]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/config/values.yaml +[curator]: https://www.elastic.co/guide/en/elasticsearch/client/curator/7.9/snapshot.html +[custom docker image]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/docker.html#_c_customized_image +[deploys statefulsets serially]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies +[discovery.zen.minimum_master_nodes]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/discovery-settings.html#minimum_master_nodes +[docker for mac]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/docker-for-mac +[elasticsearch cluster health status params]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/cluster-health.html#request-params +[elasticsearch docker image]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/docker.html +[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config +[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +[examples]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/ +[examples/multi]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/multi +[examples/security]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/security +[gke]: https://cloud.google.com/kubernetes-engine +[helm]: https://helm.sh +[helm/charts stable]: https://github.com/helm/charts/tree/master/stable/elasticsearch/ +[how to install plugins guide]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/README.md#how-to-install-plugins +[how to use the keystore]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/README.md#how-to-use-the-keystore +[http.port]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/modules-http.html#_settings +[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images +[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +[ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ +[java options]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/jvm-options.html +[jvm heap size]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/heap-size.html +[hostAliases]: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +[kind]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/kubernetes-kind +[kubernetes secrets]: https://kubernetes.io/docs/concepts/configuration/secret/ +[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +[lifecycle hooks]: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ +[loadBalancer annotations]: https://kubernetes.io/docs/concepts/services-networking/service/#ssl-support-on-aws +[loadBalancer externalTrafficPolicy]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip +[loadBalancer]: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer +[maxUnavailable]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget +[migration guide]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/migration/README.md +[minikube]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/minikube +[microk8s]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/microk8s +[multi]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/multi/ +[network.host elasticsearch setting]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/network.host.html +[node affinity settings]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature +[node-certificates]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/configuring-tls.html#node-certificates +[nodePort]: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport +[nodes types]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/modules-node.html +[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +[openshift]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/openshift +[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ +[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +[roles]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/modules-node.html +[secret]: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets +[securityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +[service types]: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types +[snapshot lifecycle management]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/snapshot-lifecycle-management.html +[snapshot plugin]: https://www.elastic.co/guide/en/elasticsearch/plugins/7.12/repository.html +[snapshot repository]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/modules-snapshots.html +[supported configurations]: https://github.com/elastic/helm-charts/tree/7.12/README.md#supported-configurations +[sysctl vm.max_map_count]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/vm-max-map-count.html#vm-max-map-count +[terminationGracePeriod]: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[transport port configuration]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/modules-transport.html#_transport_settings +[updateStrategy]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ +[values.yaml]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/values.yaml +[volumeClaimTemplate for statefulsets]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-storage diff --git a/elasticsearch/examples/6.x/Makefile b/elasticsearch/examples/6.x/Makefile deleted file mode 100644 index 2020d4a04..000000000 --- a/elasticsearch/examples/6.x/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -default: test -include ../../../helpers/examples.mk - -RELEASE := helm-es-six - -install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ - -restart: - helm upgrade --set terminationGracePeriod=121 --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ - -test: install goss - -purge: - helm del --purge $(RELEASE) diff --git a/elasticsearch/examples/6.x/test/goss.yaml b/elasticsearch/examples/6.x/test/goss.yaml deleted file mode 100644 index 7f313f6c0..000000000 --- a/elasticsearch/examples/6.x/test/goss.yaml +++ /dev/null @@ -1,17 +0,0 @@ -http: - http://localhost:9200/_cluster/health: - status: 200 - timeout: 2000 - body: - - 'green' - - '"number_of_nodes":3' - - '"number_of_data_nodes":3' - - http://localhost:9200: - status: 200 - timeout: 2000 - body: - - '"number" : "6.8.8"' - - '"cluster_name" : "six"' - - '"name" : "six-master-0"' - - 'You Know, for Search' diff --git a/elasticsearch/examples/6.x/values.yaml b/elasticsearch/examples/6.x/values.yaml deleted file mode 100644 index 4f41dfb9f..000000000 --- a/elasticsearch/examples/6.x/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -clusterName: "six" -imageTag: "6.8.8" diff --git a/elasticsearch/examples/config/Makefile b/elasticsearch/examples/config/Makefile index a3f96174b..9ae9c3788 100644 --- a/elasticsearch/examples/config/Makefile +++ b/elasticsearch/examples/config/Makefile @@ -1,10 +1,12 @@ default: test + include ../../../helpers/examples.mk RELEASE := helm-es-config +TIMEOUT := 1200s install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ secrets: kubectl delete secret elastic-config-credentials elastic-config-secret elastic-config-slack elastic-config-custom-path || true @@ -16,4 +18,4 @@ secrets: test: secrets install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/elasticsearch/examples/config/README.md b/elasticsearch/examples/config/README.md index d98d836bf..d967fceb0 100644 --- a/elasticsearch/examples/config/README.md +++ b/elasticsearch/examples/config/README.md @@ -1,3 +1,27 @@ # Config -An example testing suite for testing some of the optional features of this chart. +This example deploy a single node Elasticsearch 7.12.0-SNAPSHOT with authentication and +custom [values][]. + + +## Usage + +* Create the required secrets: `make secrets` + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/config-master 9200 + curl -u elastic:changeme http://localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/config/test/goss.yaml +[values]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/config/values.yaml diff --git a/elasticsearch/examples/config/test/goss.yaml b/elasticsearch/examples/config/test/goss.yaml index 848701370..455da3603 100644 --- a/elasticsearch/examples/config/test/goss.yaml +++ b/elasticsearch/examples/config/test/goss.yaml @@ -2,18 +2,21 @@ http: http://localhost:9200/_cluster/health: status: 200 timeout: 2000 + username: "{{ .Env.ELASTIC_USERNAME }}" + password: "{{ .Env.ELASTIC_PASSWORD }}" body: - - 'green' + - "green" - '"number_of_nodes":1' - '"number_of_data_nodes":1' http://localhost:9200: status: 200 timeout: 2000 + username: "{{ .Env.ELASTIC_USERNAME }}" + password: "{{ .Env.ELASTIC_PASSWORD }}" body: - '"cluster_name" : "config"' - - '"name" : "config-master-0"' - - 'You Know, for Search' + - "You Know, for Search" command: "elasticsearch-keystore list": diff --git a/elasticsearch/examples/config/values.yaml b/elasticsearch/examples/config/values.yaml index ebde4f4d9..d417ce84b 100644 --- a/elasticsearch/examples/config/values.yaml +++ b/elasticsearch/examples/config/values.yaml @@ -7,12 +7,12 @@ extraEnvs: - name: ELASTIC_PASSWORD valueFrom: secretKeyRef: - name: elastic-credentials + name: elastic-config-credentials key: password - name: ELASTIC_USERNAME valueFrom: secretKeyRef: - name: elastic-credentials + name: elastic-config-credentials key: username # This is just a dummy file to make sure that @@ -20,6 +20,7 @@ extraEnvs: # as a custom elasticsearch.yml esConfig: elasticsearch.yml: | + xpack.security.enabled: true path.data: /usr/share/elasticsearch/data keystore: diff --git a/elasticsearch/examples/default/Makefile b/elasticsearch/examples/default/Makefile index 5f5215c6b..389bf99e3 100644 --- a/elasticsearch/examples/default/Makefile +++ b/elasticsearch/examples/default/Makefile @@ -3,14 +3,12 @@ default: test include ../../../helpers/examples.mk RELEASE := helm-es-default +TIMEOUT := 1200s install: - helm upgrade --wait --timeout=600 --install $(RELEASE) ../../ - -restart: - helm upgrade --set terminationGracePeriod=121 --wait --timeout=600 --install $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/elasticsearch/examples/default/README.md b/elasticsearch/examples/default/README.md new file mode 100644 index 000000000..cd66772f5 --- /dev/null +++ b/elasticsearch/examples/default/README.md @@ -0,0 +1,25 @@ +# Default + +This example deploy a 3 nodes Elasticsearch 7.12.0-SNAPSHOT cluster using +[default values][]. + + +## Usage + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/default/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/values.yaml diff --git a/elasticsearch/examples/default/test/goss.yaml b/elasticsearch/examples/default/test/goss.yaml index f5342e77a..cea0e1be4 100644 --- a/elasticsearch/examples/default/test/goss.yaml +++ b/elasticsearch/examples/default/test/goss.yaml @@ -1,13 +1,13 @@ kernel-param: vm.max_map_count: - value: '262144' + value: "262144" http: http://elasticsearch-master:9200/_cluster/health: status: 200 timeout: 2000 body: - - 'green' + - "green" - '"number_of_nodes":3' - '"number_of_data_nodes":3' @@ -15,10 +15,9 @@ http: status: 200 timeout: 2000 body: - - '"number" : "7.6.2"' + - '"number" : "7.12.0-SNAPSHOT"' - '"cluster_name" : "elasticsearch"' - - '"name" : "elasticsearch-master-0"' - - 'You Know, for Search' + - "You Know, for Search" file: /usr/share/elasticsearch/data: diff --git a/elasticsearch/examples/docker-for-mac/Makefile b/elasticsearch/examples/docker-for-mac/Makefile index 398545e64..18fd053d8 100644 --- a/elasticsearch/examples/docker-for-mac/Makefile +++ b/elasticsearch/examples/docker-for-mac/Makefile @@ -1,12 +1,13 @@ default: test RELEASE := helm-es-docker-for-mac +TIMEOUT := 1200s install: - helm upgrade --wait --timeout=900 --install --values values.yaml $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: install helm test $(RELEASE) purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/elasticsearch/examples/docker-for-mac/README.md b/elasticsearch/examples/docker-for-mac/README.md new file mode 100644 index 000000000..629633cfb --- /dev/null +++ b/elasticsearch/examples/docker-for-mac/README.md @@ -0,0 +1,23 @@ +# Docker for Mac + +This example deploy a 3 nodes Elasticsearch 7.12.0-SNAPSHOT cluster on [Docker for Mac][] +using [custom values][]. + +Note that this configuration should be used for test only and isn't recommended +for production. + + +## Usage + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +[custom values]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/docker-for-mac/values.yaml +[docker for mac]: https://docs.docker.com/docker-for-mac/kubernetes/ diff --git a/elasticsearch/examples/kubernetes-kind/Makefile b/elasticsearch/examples/kubernetes-kind/Makefile index 9dad380be..9e5602d49 100644 --- a/elasticsearch/examples/kubernetes-kind/Makefile +++ b/elasticsearch/examples/kubernetes-kind/Makefile @@ -1,13 +1,17 @@ default: test RELEASE := helm-es-kind +TIMEOUT := 1200s install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +install-local-path: kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml - helm upgrade --wait --timeout=900 --install --values values.yaml $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values-local-path.yaml $(RELEASE) ../../ test: install helm test $(RELEASE) purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/elasticsearch/examples/kubernetes-kind/README.md b/elasticsearch/examples/kubernetes-kind/README.md index 0f5fced5d..fdb507582 100644 --- a/elasticsearch/examples/kubernetes-kind/README.md +++ b/elasticsearch/examples/kubernetes-kind/README.md @@ -1,21 +1,36 @@ # KIND -An example of configuration for deploying Elasticsearch chart on [Kind][]. - -You can use `make install` to deploy it. +This example deploy a 3 nodes Elasticsearch 7.12.0-SNAPSHOT cluster on [Kind][] +using [custom values][]. Note that this configuration should be used for test only and isn't recommended for production. -## Current issue +Note that Kind < 0.7.0 are affected by a [kind issue][] with mount points +created from PVCs not writable by non-root users. [kubernetes-sigs/kind#1157][] +fix it in Kind 0.7.0. + +The workaround for Kind < 0.7.0 is to install manually +[Rancher Local Path Provisioner][] and use `local-path` storage class for +Elasticsearch volumes (see [Makefile][] instructions). + + +## Usage + +* For Kind >= 0.7.0: Deploy Elasticsearch chart with the default values: `make install` +* For Kind < 0.7.0: Deploy Elasticsearch chart with `local-path` storage class: `make install-local-path` + +* You can now setup a port forward to query Elasticsearch API: -There is currently an [kind issue][] with mount points created from PVCs not writeable by non-root users. -[kubernetes-sigs/kind#1157][] should fix it in a future release. + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` -Meanwhile, the workaround is to install manually [Rancher Local Path Provisioner][] and use `local-path` storage class for Elasticsearch volumes (see [Makefile][] instructions). -[Kind]: https://kind.sigs.k8s.io/ -[Kind issue]: https://github.com/kubernetes-sigs/kind/issues/830 -[Kubernetes-sigs/kind#1157]: https://github.com/kubernetes-sigs/kind/pull/1157 -[Rancher Local Path Provisioner]: https://github.com/rancher/local-path-provisioner -[Makefile]: ./Makefile#L5 \ No newline at end of file +[custom values]: https://github.com/elastic/helm-charts/blob/7.12/elasticsearch/examples/kubernetes-kind/values.yaml +[kind]: https://kind.sigs.k8s.io/ +[kind issue]: https://github.com/kubernetes-sigs/kind/issues/830 +[kubernetes-sigs/kind#1157]: https://github.com/kubernetes-sigs/kind/pull/1157 +[rancher local path provisioner]: https://github.com/rancher/local-path-provisioner +[Makefile]: https://github.com/elastic/helm-charts/blob/7.12/elasticsearch/examples/kubernetes-kind/Makefile#L5 diff --git a/elasticsearch/examples/kubernetes-kind/values-local-path.yaml b/elasticsearch/examples/kubernetes-kind/values-local-path.yaml new file mode 100644 index 000000000..500ad4b14 --- /dev/null +++ b/elasticsearch/examples/kubernetes-kind/values-local-path.yaml @@ -0,0 +1,23 @@ +--- +# Permit co-located instances for solitary minikube virtual machines. +antiAffinity: "soft" + +# Shrink default JVM heap. +esJavaOpts: "-Xmx128m -Xms128m" + +# Allocate smaller chunks of memory per pod. +resources: + requests: + cpu: "100m" + memory: "512M" + limits: + cpu: "1000m" + memory: "512M" + +# Request smaller persistent volumes. +volumeClaimTemplate: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "local-path" + resources: + requests: + storage: 100M diff --git a/elasticsearch/examples/microk8s/Makefile b/elasticsearch/examples/microk8s/Makefile index 2c7d3d394..2d0012d8a 100644 --- a/elasticsearch/examples/microk8s/Makefile +++ b/elasticsearch/examples/microk8s/Makefile @@ -1,12 +1,13 @@ default: test RELEASE := helm-es-microk8s +TIMEOUT := 1200s install: - helm upgrade --wait --timeout=900 --install --values values.yaml $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: install helm test $(RELEASE) purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/elasticsearch/examples/microk8s/README.md b/elasticsearch/examples/microk8s/README.md index 161279cb3..e913e3d84 100644 --- a/elasticsearch/examples/microk8s/README.md +++ b/elasticsearch/examples/microk8s/README.md @@ -1,10 +1,12 @@ # MicroK8S -An example of configuration for deploying Elasticsearch chart on [MicroK8S][]. +This example deploy a 3 nodes Elasticsearch 7.12.0-SNAPSHOT cluster on [MicroK8S][] +using [custom values][]. Note that this configuration should be used for test only and isn't recommended for production. + ## Requirements The following MicroK8S [addons][] need to be enabled: @@ -12,5 +14,19 @@ The following MicroK8S [addons][] need to be enabled: - `helm` - `storage` + +## Usage + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +[addons]: https://microk8s.io/docs/addons +[custom values]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/microk8s/values.yaml [MicroK8S]: https://microk8s.io -[Addons]: https://microk8s.io/docs/addons \ No newline at end of file diff --git a/elasticsearch/examples/migration/Makefile b/elasticsearch/examples/migration/Makefile index 3b1dac105..020906f92 100644 --- a/elasticsearch/examples/migration/Makefile +++ b/elasticsearch/examples/migration/Makefile @@ -1,10 +1,10 @@ PREFIX := helm-es-migration data: - helm upgrade --wait --timeout=600 --install --values ./data.yml $(PREFIX)-data ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values data.yaml $(PREFIX)-data ../../ master: - helm upgrade --wait --timeout=600 --install --values ./master.yml $(PREFIX)-master ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values master.yaml $(PREFIX)-master ../../ client: - helm upgrade --wait --timeout=600 --install --values ./client.yml $(PREFIX)-client ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values client.yaml $(PREFIX)-client ../../ diff --git a/elasticsearch/examples/migration/README.md b/elasticsearch/examples/migration/README.md index e5f4b1a79..613b057e3 100644 --- a/elasticsearch/examples/migration/README.md +++ b/elasticsearch/examples/migration/README.md @@ -1,86 +1,167 @@ # Migration Guide from helm/charts -There are two viable options for migrating from the community Elasticsearch helm chart from the [helm/charts](https://github.com/helm/charts/tree/master/stable/elasticsearch) repo. +There are two viable options for migrating from the community Elasticsearch Helm +chart from the [helm/charts][] repo. 1. Restoring from Snapshot to a fresh cluster 2. Live migration by joining a new cluster to the existing cluster. ## Restoring from Snapshot -This is the recommended and preferred option. The downside is that it will involve a period of write downtime during the migration. If you have a way to temporarily stop writes to your cluster then this is the way to go. This is also a lot simpler as it just involves launching a fresh cluster and restoring a snapshot following the [restoring to a different cluster guide](https://www.elastic.co/guide/en/elasticsearch/reference/6.6/modules-snapshots.html#_restoring_to_a_different_cluster). +This is the recommended and preferred option. The downside is that it will +involve a period of write downtime during the migration. If you have a way to +temporarily stop writes to your cluster then this is the way to go. This is also +a lot simpler as it just involves launching a fresh cluster and restoring a +snapshot following the [restoring to a different cluster guide][]. ## Live migration -If restoring from a snapshot is not possible due to the write downtime then a live migration is also possible. It is very important to first test this in a testing environment to make sure you are comfortable with the process and fully understand what is happening. +If restoring from a snapshot is not possible due to the write downtime then a +live migration is also possible. It is very important to first test this in a +testing environment to make sure you are comfortable with the process and fully +understand what is happening. -This process will involve joining a new set of master, data and client nodes to an existing cluster that has been deployed using the [helm/charts](https://github.com/helm/charts/tree/master/stable/elasticsearch) community chart. Nodes will then be replaced one by one in a controlled fashion to decommission the old cluster. +This process will involve joining a new set of master, data and client nodes to +an existing cluster that has been deployed using the [helm/charts][] community +chart. Nodes will then be replaced one by one in a controlled fashion to +decommission the old cluster. -This example will be using the default values for the existing helm/charts release and for the elastic helm-charts release. If you have changed any of the default values then you will need to first make sure that your values are configured in a compatible way before starting the migration. +This example will be using the default values for the existing helm/charts +release and for the Elastic helm-charts release. If you have changed any of the +default values then you will need to first make sure that your values are +configured in a compatible way before starting the migration. -The process will involve a re-sync and a rolling restart of all of your data nodes. Therefore it is important to disable shard allocation and perform a synced flush like you normally would during any other rolling upgrade. See the [rolling upgrades guide](https://www.elastic.co/guide/en/elasticsearch/reference/6.6/rolling-upgrades.html) for more information. +The process will involve a re-sync and a rolling restart of all of your data +nodes. Therefore it is important to disable shard allocation and perform a synced +flush like you normally would during any other rolling upgrade. See the +[rolling upgrades guide][] for more information. + +* The default image for this chart is +`docker.elastic.co/elasticsearch/elasticsearch` which contains the default +distribution of Elasticsearch with a [basic license][]. Make sure to update the +`image` and `imageTag` values to the correct Docker image and Elasticsearch +version that you currently have deployed. + +* Convert your current helm/charts configuration into something that is +compatible with this chart. + +* Take a fresh snapshot of your cluster. If something goes wrong you want to be +able to restore your data no matter what. + +* Check that your clusters health is green. If not abort and make sure your +cluster is healthy before continuing: -* The default image for this chart is `docker.elastic.co/elasticsearch/elasticsearch` which contains the default distribution of Elasticsearch with a [basic license](https://www.elastic.co/subscriptions). Make sure to update the `image` and `imageTag` values to the correct Docker image and Elasticsearch version that you currently have deployed. -* Convert your current helm/charts configuration into something that is compatible with this chart. -* Take a fresh snapshot of your cluster. If something goes wrong you want to be able to restore your data no matter what. -* Check that your clusters health is green. If not abort and make sure your cluster is healthy before continuing. ``` curl localhost:9200/_cluster/health ``` -* Deploy new data nodes which will join the existing cluster. Take a look at the configuration in [data.yml](./data.yml) + +* Deploy new data nodes which will join the existing cluster. Take a look at the +configuration in [data.yaml][]: + ``` make data ``` -* Check that the new nodes have joined the cluster (run this and any other curl commands from within one of your pods). + +* Check that the new nodes have joined the cluster (run this and any other curl +commands from within one of your pods): + ``` curl localhost:9200/_cat/nodes ``` -* Check that your cluster is still green. If so we can now start to scale down the existing data nodes. Assuming you have the default amount of data nodes (2) we now want to scale it down to 1. + +* Check that your cluster is still green. If so we can now start to scale down +the existing data nodes. Assuming you have the default amount of data nodes (2) +we now want to scale it down to 1: + ``` kubectl scale statefulsets my-release-elasticsearch-data --replicas=1 ``` -* Wait for your cluster to become green again + +* Wait for your cluster to become green again: + ``` watch 'curl -s localhost:9200/_cluster/health' ``` -* Once the cluster is green we can scale down again. + +* Once the cluster is green we can scale down again: + ``` kubectl scale statefulsets my-release-elasticsearch-data --replicas=0 ``` + * Wait for the cluster to be green again. -* OK. We now have all data nodes running in the new cluster. Time to replace the masters by firstly scaling down the masters from 3 to 2. Between each step make sure to wait for the cluster to become green again, and check with `curl localhost:9200/_cat/nodes` that you see the correct amount of master nodes. During this process we will always make sure to keep at least 2 master nodes as to not lose quorum. +* OK. We now have all data nodes running in the new cluster. Time to replace the +masters by firstly scaling down the masters from 3 to 2. Between each step make +sure to wait for the cluster to become green again, and check with +`curl localhost:9200/_cat/nodes` that you see the correct amount of master +nodes. During this process we will always make sure to keep at least 2 master +nodes as to not lose quorum: + ``` kubectl scale statefulsets my-release-elasticsearch-master --replicas=2 ``` -* Now deploy a single new master so that we have 3 masters again. See [master.yml](./master.yml) for the configuration. + +* Now deploy a single new master so that we have 3 masters again. See +[master.yaml][] for the configuration: + ``` make master ``` -* Scale down old masters to 1 + +* Scale down old masters to 1: + ``` kubectl scale statefulsets my-release-elasticsearch-master --replicas=1 ``` -* Edit the masters in [masters.yml](./masters.yml) to 2 and redeploy + +* Edit the masters in [masters.yaml][] to 2 and redeploy: + ``` make master ``` -* Scale down the old masters to 0 + +* Scale down the old masters to 0: + ``` kubectl scale statefulsets my-release-elasticsearch-master --replicas=0 ``` -* Edit the [masters.yml](./masters.yml) to have 3 replicas and remove the `discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then redeploy the masters. This will make sure all 3 masters are running in the new cluster and are pointing at each other for discovery. + +* Edit the [masters.yaml][] to have 3 replicas and remove the +`discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then redeploy the +masters. This will make sure all 3 masters are running in the new cluster and +are pointing at each other for discovery: + ``` make master ``` -* Remove the `discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then redeploy the data nodes to make sure they are pointing at the new masters. + +* Remove the `discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then +redeploy the data nodes to make sure they are pointing at the new masters: + ``` make data ``` -* Deploy the client nodes + +* Deploy the client nodes: + ``` make client ``` -* Update any processes that are talking to the existing client nodes and point them to the new client nodes. Once this is done you can scale down the old client nodes + +* Update any processes that are talking to the existing client nodes and point +them to the new client nodes. Once this is done you can scale down the old +client nodes: + ``` kubectl scale deployment my-release-elasticsearch-client --replicas=0 ``` -* The migration should now be complete. After verifying that everything is working correctly you can cleanup leftover resources from your old cluster. + +* The migration should now be complete. After verifying that everything is +working correctly you can cleanup leftover resources from your old cluster. + +[basic license]: https://www.elastic.co/subscriptions +[data.yaml]: https://github.com/elastic/helm-charts/blob/7.12/elasticsearch/examples/migration/data.yaml +[helm/charts]: https://github.com/helm/charts/tree/7.12/stable/elasticsearch +[master.yaml]: https://github.com/elastic/helm-charts/blob/7.12/elasticsearch/examples/migration/master.yaml +[restoring to a different cluster guide]: https://www.elastic.co/guide/en/elasticsearch/reference/6.8/modules-snapshots.html#_restoring_to_a_different_cluster +[rolling upgrades guide]: https://www.elastic.co/guide/en/elasticsearch/reference/6.8/rolling-upgrades.html diff --git a/elasticsearch/examples/migration/client.yml b/elasticsearch/examples/migration/client.yaml similarity index 100% rename from elasticsearch/examples/migration/client.yml rename to elasticsearch/examples/migration/client.yaml diff --git a/elasticsearch/examples/migration/data.yml b/elasticsearch/examples/migration/data.yaml similarity index 100% rename from elasticsearch/examples/migration/data.yml rename to elasticsearch/examples/migration/data.yaml diff --git a/elasticsearch/examples/migration/master.yml b/elasticsearch/examples/migration/master.yaml similarity index 100% rename from elasticsearch/examples/migration/master.yml rename to elasticsearch/examples/migration/master.yaml diff --git a/elasticsearch/examples/minikube/Makefile b/elasticsearch/examples/minikube/Makefile index 97109ce8c..1021d9867 100644 --- a/elasticsearch/examples/minikube/Makefile +++ b/elasticsearch/examples/minikube/Makefile @@ -1,12 +1,13 @@ default: test RELEASE := helm-es-minikube +TIMEOUT := 1200s install: - helm upgrade --wait --timeout=900 --install --values values.yaml $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: install helm test $(RELEASE) purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/elasticsearch/examples/minikube/README.md b/elasticsearch/examples/minikube/README.md new file mode 100644 index 000000000..5ba943bb3 --- /dev/null +++ b/elasticsearch/examples/minikube/README.md @@ -0,0 +1,38 @@ +# Minikube + +This example deploy a 3 nodes Elasticsearch 7.12.0-SNAPSHOT cluster on [Minikube][] +using [custom values][]. + +If helm or kubectl timeouts occur, you may consider creating a minikube VM with +more CPU cores or memory allocated. + +Note that this configuration should be used for test only and isn't recommended +for production. + + +## Requirements + +In order to properly support the required persistent volume claims for the +Elasticsearch StatefulSet, the `default-storageclass` and `storage-provisioner` +minikube addons must be enabled. + +``` +minikube addons enable default-storageclass +minikube addons enable storage-provisioner +``` + + +## Usage + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +[custom values]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/minikube/values.yaml +[minikube]: https://minikube.sigs.k8s.io/docs/ diff --git a/elasticsearch/examples/multi/Makefile b/elasticsearch/examples/multi/Makefile index 836ec2e0f..243e50435 100644 --- a/elasticsearch/examples/multi/Makefile +++ b/elasticsearch/examples/multi/Makefile @@ -4,13 +4,16 @@ include ../../../helpers/examples.mk PREFIX := helm-es-multi RELEASE := helm-es-multi-master +TIMEOUT := 1200s install: - helm upgrade --wait --timeout=600 --install --values ./master.yml $(PREFIX)-master ../../ - helm upgrade --wait --timeout=600 --install --values ./data.yml $(PREFIX)-data ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values master.yaml $(PREFIX)-master ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values data.yaml $(PREFIX)-data ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values client.yaml $(PREFIX)-client ../../ test: install goss purge: - helm del --purge $(PREFIX)-master - helm del --purge $(PREFIX)-data + helm del $(PREFIX)-master + helm del $(PREFIX)-data + helm del $(PREFIX)-client diff --git a/elasticsearch/examples/multi/README.md b/elasticsearch/examples/multi/README.md new file mode 100644 index 000000000..ca4415004 --- /dev/null +++ b/elasticsearch/examples/multi/README.md @@ -0,0 +1,29 @@ +# Multi + +This example deploy an Elasticsearch 7.12.0-SNAPSHOT cluster composed of 3 different Helm +releases: + +- `helm-es-multi-master` for the 3 master nodes using [master values][] +- `helm-es-multi-data` for the 3 data nodes using [data values][] +- `helm-es-multi-client` for the 3 client nodes using [client values][] + +## Usage + +* Deploy the 3 Elasticsearch releases: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/multi-master 9200 + curl -u elastic:changeme http://localhost:9200/_cat/indices + ``` + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[client values]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/multi/client.yaml +[data values]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/multi/data.yaml +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/multi/test/goss.yaml +[master values]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/multi/master.yaml diff --git a/elasticsearch/examples/multi/client.yaml b/elasticsearch/examples/multi/client.yaml new file mode 100644 index 000000000..dbe5b05aa --- /dev/null +++ b/elasticsearch/examples/multi/client.yaml @@ -0,0 +1,14 @@ +--- + +clusterName: "multi" +nodeGroup: "client" + +roles: + master: "false" + ingest: "false" + data: "false" + ml: "false" + remote_cluster_client: "false" + +persistence: + enabled: false diff --git a/elasticsearch/examples/multi/data.yml b/elasticsearch/examples/multi/data.yaml similarity index 68% rename from elasticsearch/examples/multi/data.yml rename to elasticsearch/examples/multi/data.yaml index ecc689337..2e3a90935 100644 --- a/elasticsearch/examples/multi/data.yml +++ b/elasticsearch/examples/multi/data.yaml @@ -7,3 +7,5 @@ roles: master: "false" ingest: "true" data: "true" + ml: "false" + remote_cluster_client: "false" diff --git a/elasticsearch/examples/multi/master.yml b/elasticsearch/examples/multi/master.yaml similarity index 69% rename from elasticsearch/examples/multi/master.yml rename to elasticsearch/examples/multi/master.yaml index 2ca4cca8e..6b8c08293 100644 --- a/elasticsearch/examples/multi/master.yml +++ b/elasticsearch/examples/multi/master.yaml @@ -7,3 +7,5 @@ roles: master: "true" ingest: "false" data: "false" + ml: "false" + remote_cluster_client: "false" diff --git a/elasticsearch/examples/multi/test/goss.yaml b/elasticsearch/examples/multi/test/goss.yaml index 18cb25063..794416b8f 100644 --- a/elasticsearch/examples/multi/test/goss.yaml +++ b/elasticsearch/examples/multi/test/goss.yaml @@ -5,5 +5,5 @@ http: body: - 'green' - '"cluster_name":"multi"' - - '"number_of_nodes":6' + - '"number_of_nodes":9' - '"number_of_data_nodes":3' diff --git a/elasticsearch/examples/networkpolicy/Makefile b/elasticsearch/examples/networkpolicy/Makefile new file mode 100644 index 000000000..38dd40d3d --- /dev/null +++ b/elasticsearch/examples/networkpolicy/Makefile @@ -0,0 +1,13 @@ +default: test +include ../../../helpers/examples.mk + +RELEASE := helm-es-networkpolicy + +install: + helm upgrade --wait --timeout=600s --install $(RELEASE) --values ./values.yaml ../../ ; \ + +restart: + helm upgrade --set terminationGracePeriod=121 --wait --timeout=600s --install $(RELEASE) --values ./values.yaml ../../ ; \ + +purge: + helm del --purge $(RELEASE) diff --git a/elasticsearch/examples/networkpolicy/values.yml b/elasticsearch/examples/networkpolicy/values.yml new file mode 100644 index 000000000..2f8178529 --- /dev/null +++ b/elasticsearch/examples/networkpolicy/values.yml @@ -0,0 +1,37 @@ +networkPolicy: + http: + enabled: true + explicitNamespacesSelector: + # Accept from namespaces with all those different rules (from whitelisted Pods) + matchLabels: + role: frontend + matchExpressions: + - {key: role, operator: In, values: [frontend]} + additionalRules: + - podSelector: + matchLabels: + role: frontend + - podSelector: + matchExpressions: + - key: role + operator: In + values: + - frontend + transport: + enabled: true + allowExternal: true + explicitNamespacesSelector: + matchLabels: + role: frontend + matchExpressions: + - {key: role, operator: In, values: [frontend]} + additionalRules: + - podSelector: + matchLabels: + role: frontend + - podSelector: + matchExpressions: + - key: role + operator: In + values: + - frontend diff --git a/elasticsearch/examples/openshift/Makefile b/elasticsearch/examples/openshift/Makefile index 6e495916d..078c33c9d 100644 --- a/elasticsearch/examples/openshift/Makefile +++ b/elasticsearch/examples/openshift/Makefile @@ -1,15 +1,13 @@ default: test + include ../../../helpers/examples.mk RELEASE := elasticsearch -template: - helm template --values ./values.yaml ../../ - install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/elasticsearch/examples/openshift/README.md b/elasticsearch/examples/openshift/README.md new file mode 100644 index 000000000..c73bd22ff --- /dev/null +++ b/elasticsearch/examples/openshift/README.md @@ -0,0 +1,24 @@ +# OpenShift + +This example deploy a 3 nodes Elasticsearch 7.12.0-SNAPSHOT cluster on [OpenShift][] +using [custom values][]. + +## Usage + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[custom values]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/openshift/values.yaml +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/openshift/test/goss.yaml +[openshift]: https://www.openshift.com/ diff --git a/elasticsearch/examples/openshift/test/goss.yaml b/elasticsearch/examples/openshift/test/goss.yaml index 6cb0d4ec4..dd5d8350f 100644 --- a/elasticsearch/examples/openshift/test/goss.yaml +++ b/elasticsearch/examples/openshift/test/goss.yaml @@ -3,7 +3,7 @@ http: status: 200 timeout: 2000 body: - - 'green' + - "green" - '"number_of_nodes":3' - '"number_of_data_nodes":3' @@ -11,7 +11,6 @@ http: status: 200 timeout: 2000 body: - - '"number" : "7.6.2"' + - '"number" : "7.12.0"' - '"cluster_name" : "elasticsearch"' - - '"name" : "elasticsearch-master-0"' - - 'You Know, for Search' + - "You Know, for Search" diff --git a/elasticsearch/examples/openshift/values.yaml b/elasticsearch/examples/openshift/values.yaml index 7f5cd8494..8a211268b 100644 --- a/elasticsearch/examples/openshift/values.yaml +++ b/elasticsearch/examples/openshift/values.yaml @@ -5,6 +5,7 @@ securityContext: podSecurityContext: fsGroup: null + runAsUser: null sysctlInitContainer: enabled: false diff --git a/elasticsearch/examples/oss/Makefile b/elasticsearch/examples/oss/Makefile deleted file mode 100644 index e274659c6..000000000 --- a/elasticsearch/examples/oss/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -default: test -include ../../../helpers/examples.mk - -RELEASE := helm-es-oss - -install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ - -test: install goss - -purge: - helm del --purge $(RELEASE) diff --git a/elasticsearch/examples/oss/test/goss.yaml b/elasticsearch/examples/oss/test/goss.yaml deleted file mode 100644 index 2bdb34ad1..000000000 --- a/elasticsearch/examples/oss/test/goss.yaml +++ /dev/null @@ -1,17 +0,0 @@ -http: - http://localhost:9200/_cluster/health: - status: 200 - timeout: 2000 - body: - - 'green' - - '"number_of_nodes":3' - - '"number_of_data_nodes":3' - - http://localhost:9200: - status: 200 - timeout: 2000 - body: - - '"number" : "7.6.2"' - - '"cluster_name" : "oss"' - - '"name" : "oss-master-0"' - - 'You Know, for Search' diff --git a/elasticsearch/examples/oss/values.yaml b/elasticsearch/examples/oss/values.yaml deleted file mode 100644 index adcb7df3e..000000000 --- a/elasticsearch/examples/oss/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -clusterName: "oss" -image: "docker.elastic.co/elasticsearch/elasticsearch-oss" diff --git a/elasticsearch/examples/security/Makefile b/elasticsearch/examples/security/Makefile index 3d10b0b81..beddbefd5 100644 --- a/elasticsearch/examples/security/Makefile +++ b/elasticsearch/examples/security/Makefile @@ -4,23 +4,24 @@ include ../../../helpers/examples.mk RELEASE := helm-es-security ELASTICSEARCH_IMAGE := docker.elastic.co/elasticsearch/elasticsearch:$(STACK_VERSION) +TIMEOUT := 1200s install: - helm upgrade --wait --timeout=600 --install --values ./security.yml $(RELEASE) ../../ - -purge: - kubectl delete secrets elastic-credentials elastic-certificates elastic-certificate-pem || true - helm del --purge $(RELEASE) + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: secrets install goss +purge: + kubectl delete secrets elastic-credentials elastic-certificates elastic-certificate-pem elastic-certificate-crt|| true + helm del $(RELEASE) + pull-elasticsearch-image: docker pull $(ELASTICSEARCH_IMAGE) secrets: docker rm -f elastic-helm-charts-certs || true - rm -f elastic-certificates.p12 elastic-certificate.pem elastic-stack-ca.p12 || true - password=$$([ ! -z "$$ELASTIC_PASSWORD" ] && echo $$ELASTIC_PASSWORD || echo $$(docker run --rm $(ELASTICSEARCH_IMAGE) /bin/sh -c "< /dev/urandom tr -cd '[:alnum:]' | head -c20")) && \ + rm -f elastic-certificates.p12 elastic-certificate.pem elastic-certificate.crt elastic-stack-ca.p12 || true + password=$$([ ! -z "$$ELASTIC_PASSWORD" ] && echo $$ELASTIC_PASSWORD || echo $$(docker run --rm busybox:1.31.1 /bin/sh -c "< /dev/urandom tr -cd '[:alnum:]' | head -c20")) && \ docker run --name elastic-helm-charts-certs -i -w /app \ $(ELASTICSEARCH_IMAGE) \ /bin/sh -c " \ @@ -29,7 +30,9 @@ secrets: docker cp elastic-helm-charts-certs:/app/elastic-certificates.p12 ./ && \ docker rm -f elastic-helm-charts-certs && \ openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem && \ + openssl x509 -outform der -in elastic-certificate.pem -out elastic-certificate.crt && \ kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 && \ kubectl create secret generic elastic-certificate-pem --from-file=elastic-certificate.pem && \ - kubectl create secret generic elastic-credentials --from-literal=password=$$password --from-literal=username=elastic && \ - rm -f elastic-certificates.p12 elastic-certificate.pem elastic-stack-ca.p12 + kubectl create secret generic elastic-certificate-crt --from-file=elastic-certificate.crt && \ + kubectl create secret generic elastic-credentials --from-literal=password=$$password --from-literal=username=elastic && \ + rm -f elastic-certificates.p12 elastic-certificate.pem elastic-certificate.crt elastic-stack-ca.p12 diff --git a/elasticsearch/examples/security/README.md b/elasticsearch/examples/security/README.md new file mode 100644 index 000000000..52b1b7489 --- /dev/null +++ b/elasticsearch/examples/security/README.md @@ -0,0 +1,29 @@ +# Security + +This example deploy a 3 nodes Elasticsearch 7.12.0-SNAPSHOT with authentication and +autogenerated certificates for TLS (see [values][]). + +Note that this configuration should be used for test only. For a production +deployment you should generate SSL certificates following the [official docs][]. + +## Usage + +* Create the required secrets: `make secrets` + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/security-master 9200 + curl -u elastic:changeme https://localhost:9200/_cat/indices + ``` + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/security/test/goss.yaml +[official docs]: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/configuring-tls.html#node-certificates +[values]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/security/values.yaml diff --git a/elasticsearch/examples/security/test/goss.yaml b/elasticsearch/examples/security/test/goss.yaml index c6d4b987b..6bb224324 100644 --- a/elasticsearch/examples/security/test/goss.yaml +++ b/elasticsearch/examples/security/test/goss.yaml @@ -3,10 +3,10 @@ http: status: 200 timeout: 2000 allow-insecure: true - username: '{{ .Env.ELASTIC_USERNAME }}' - password: '{{ .Env.ELASTIC_PASSWORD }}' + username: "{{ .Env.ELASTIC_USERNAME }}" + password: "{{ .Env.ELASTIC_PASSWORD }}" body: - - 'green' + - "green" - '"number_of_nodes":3' - '"number_of_data_nodes":3' @@ -14,32 +14,31 @@ http: status: 200 timeout: 2000 allow-insecure: true - username: '{{ .Env.ELASTIC_USERNAME }}' - password: '{{ .Env.ELASTIC_PASSWORD }}' + username: "{{ .Env.ELASTIC_USERNAME }}" + password: "{{ .Env.ELASTIC_PASSWORD }}" body: - '"cluster_name" : "security"' - - '"name" : "security-master-0"' - - 'You Know, for Search' + - "You Know, for Search" https://localhost:9200/_xpack/license: status: 200 timeout: 2000 allow-insecure: true - username: '{{ .Env.ELASTIC_USERNAME }}' - password: '{{ .Env.ELASTIC_PASSWORD }}' + username: "{{ .Env.ELASTIC_USERNAME }}" + password: "{{ .Env.ELASTIC_PASSWORD }}" body: - - 'active' - - 'basic' + - "active" + - "basic" file: /usr/share/elasticsearch/config/elasticsearch.yml: exists: true contains: - - 'xpack.security.enabled: true' - - 'xpack.security.transport.ssl.enabled: true' - - 'xpack.security.transport.ssl.verification_mode: certificate' - - 'xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12' - - 'xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12' - - 'xpack.security.http.ssl.enabled: true' - - 'xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12' - - 'xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12' + - "xpack.security.enabled: true" + - "xpack.security.transport.ssl.enabled: true" + - "xpack.security.transport.ssl.verification_mode: certificate" + - "xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12" + - "xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12" + - "xpack.security.http.ssl.enabled: true" + - "xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12" + - "xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12" diff --git a/elasticsearch/examples/security/security.yml b/elasticsearch/examples/security/values.yaml similarity index 100% rename from elasticsearch/examples/security/security.yml rename to elasticsearch/examples/security/values.yaml diff --git a/elasticsearch/examples/upgrade/Makefile b/elasticsearch/examples/upgrade/Makefile index 9e1e6fd5e..813e050e1 100644 --- a/elasticsearch/examples/upgrade/Makefile +++ b/elasticsearch/examples/upgrade/Makefile @@ -2,24 +2,15 @@ default: test include ../../../helpers/examples.mk +CHART := elasticsearch RELEASE := helm-es-upgrade +FROM := 7.4.0 # versions before 7.4.O aren't compatible with Kubernetes >= 1.16.0 -# Right now the version is hardcoded because helm install will ignore -# anything with an alpha tag when trying to install the latest release -# This hardcoding can be removed once we drop the alpha tag -# The "--set terminationGracePeriod=121" always makes sure that a rolling -# upgrade is forced for this test install: - helm repo add elastic https://helm.elastic.co && \ - helm upgrade --wait --timeout=600 --install $(RELEASE) elastic/elasticsearch --version 7.0.0-alpha1 --set clusterName=upgrade ; \ - kubectl rollout status sts/upgrade-master --timeout=600s - helm upgrade --wait --timeout=600 --set terminationGracePeriod=121 --install $(RELEASE) ../../ --set clusterName=upgrade ; \ - kubectl rollout status sts/upgrade-master --timeout=600s + ../../../helpers/upgrade.sh --chart $(CHART) --release $(RELEASE) --from $(FROM) + kubectl rollout status statefulset elasticsearch-master -init: - helm init --client-only - -test: init install goss +test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/elasticsearch/examples/upgrade/README.md b/elasticsearch/examples/upgrade/README.md new file mode 100644 index 000000000..85977f52e --- /dev/null +++ b/elasticsearch/examples/upgrade/README.md @@ -0,0 +1,17 @@ +# Upgrade + +This example will deploy a 3 node Elasticsearch cluster chart using an old chart +version, then upgrade it. + + +## Usage + +* Deploy and upgrade Elasticsearch chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test`. + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/upgrade/test/goss.yaml diff --git a/elasticsearch/examples/upgrade/scripts/upgrade.sh b/elasticsearch/examples/upgrade/scripts/upgrade.sh new file mode 100755 index 000000000..59853e094 --- /dev/null +++ b/elasticsearch/examples/upgrade/scripts/upgrade.sh @@ -0,0 +1,76 @@ +#!/usr/bin/env bash + +set -euo pipefail + +usage() { + cat <<-EOF + USAGE: + $0 [--release ] [--from ] + $0 --help + + OPTIONS: + --release + Name of the Helm release to install + --from + Elasticsearch version to use for first install + EOF + exit 1 +} + +RELEASE="helm-es-upgrade" +FROM="" + +while [[ $# -gt 0 ]] +do + key="$1" + + case $key in + --help) + usage + ;; + --release) + RELEASE="$2" + shift 2 + ;; + --from) + FROM="$2" + shift 2 + ;; + *) + log "Unrecognized argument: '$key'" + usage + ;; + esac +done + +if ! command -v jq > /dev/null +then + echo 'jq is required to use this script' + echo 'please check https://stedolan.github.io/jq/download/ to install it' + exit 1 +fi + +# Elasticsearch chart < 7.4.0 are not compatible with K8S >= 1.16) +if [[ -z $FROM ]] +then + KUBE_MINOR_VERSION=$(kubectl version -o json | jq --raw-output --exit-status '.serverVersion.minor' | sed 's/[^0-9]*//g') + + if [ "$KUBE_MINOR_VERSION" -lt 16 ] + then + FROM="7.0.0-alpha1" + else + FROM="7.4.0" + fi +fi + +helm repo add elastic https://helm.elastic.co + +# Initial install +printf "Installing Elasticsearch chart %s\n" "$FROM" +helm upgrade --wait --timeout=600s --install "$RELEASE" elastic/elasticsearch --version "$FROM" --set clusterName=upgrade +kubectl rollout status sts/upgrade-master --timeout=600s + +# Upgrade +printf "Upgrading Elasticsearch chart\n" +helm upgrade --wait --timeout=600s --set terminationGracePeriod=121 --install "$RELEASE" ../../ --set clusterName=upgrade +kubectl rollout status sts/upgrade-master --timeout=600s diff --git a/elasticsearch/examples/upgrade/test/goss.yaml b/elasticsearch/examples/upgrade/test/goss.yaml index b6eb31e16..e68971dd4 100644 --- a/elasticsearch/examples/upgrade/test/goss.yaml +++ b/elasticsearch/examples/upgrade/test/goss.yaml @@ -3,7 +3,7 @@ http: status: 200 timeout: 2000 body: - - 'green' + - "green" - '"number_of_nodes":3' - '"number_of_data_nodes":3' @@ -11,7 +11,6 @@ http: status: 200 timeout: 2000 body: - - '"number" : "7.6.2"' + - '"number" : "7.12.0-SNAPSHOT"' - '"cluster_name" : "upgrade"' - - '"name" : "upgrade-master-0"' - - 'You Know, for Search' + - "You Know, for Search" diff --git a/elasticsearch/examples/upgrade/values.yaml b/elasticsearch/examples/upgrade/values.yaml new file mode 100644 index 000000000..de0283af4 --- /dev/null +++ b/elasticsearch/examples/upgrade/values.yaml @@ -0,0 +1,2 @@ +--- +clusterName: upgrade diff --git a/elasticsearch/templates/NOTES.txt b/elasticsearch/templates/NOTES.txt index 825696886..73edf425a 100755 --- a/elasticsearch/templates/NOTES.txt +++ b/elasticsearch/templates/NOTES.txt @@ -1,4 +1,4 @@ 1. Watch all cluster members come up. $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "elasticsearch.uname" . }} -w 2. Test cluster health using Helm test. - $ helm test {{ .Release.Name }} --namespace={{ .Release.Namespace }} + $ helm test {{ .Release.Name }} diff --git a/elasticsearch/templates/_helpers.tpl b/elasticsearch/templates/_helpers.tpl index f7f212893..d373f2a84 100755 --- a/elasticsearch/templates/_helpers.tpl +++ b/elasticsearch/templates/_helpers.tpl @@ -45,7 +45,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- define "elasticsearch.endpoints" -}} {{- $replicas := int (toString (.Values.replicas)) }} -{{- $uname := printf "%s-%s" .Values.clusterName .Values.nodeGroup }} +{{- $uname := (include "elasticsearch.uname" .) }} {{- range $i, $e := untilStep 0 $replicas 1 -}} {{ $uname }}-{{ $i }}, {{- end -}} @@ -63,25 +63,3 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- end -}} {{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "elasticsearch.statefulset.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "elasticsearch.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/elasticsearch/templates/ingress.yaml b/elasticsearch/templates/ingress.yaml index b863ff400..bcb2befa6 100644 --- a/elasticsearch/templates/ingress.yaml +++ b/elasticsearch/templates/ingress.yaml @@ -1,8 +1,8 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "elasticsearch.uname" . -}} -{{- $servicePort := .Values.httpPort -}} +{{- $httpPort := .Values.httpPort -}} {{- $ingressPath := .Values.ingress.path -}} -apiVersion: {{ template "elasticsearch.ingress.apiVersion" . }} +apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: {{ $fullName }} @@ -17,22 +17,38 @@ metadata: spec: {{- if .Values.ingress.tls }} tls: + {{- if .ingressPath }} {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - {{ . }} {{- end }} secretName: {{ .secretName }} + {{- end }} + {{- else }} +{{ toYaml .Values.ingress.tls | indent 4 }} {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} + {{- if $ingressPath }} - host: {{ . }} http: paths: - path: {{ $ingressPath }} backend: serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} + servicePort: {{ $httpPort }} + {{- else }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ .servicePort | default $httpPort }} + {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/elasticsearch/templates/networkpolicy.yaml b/elasticsearch/templates/networkpolicy.yaml new file mode 100644 index 000000000..80c0c9ed4 --- /dev/null +++ b/elasticsearch/templates/networkpolicy.yaml @@ -0,0 +1,61 @@ +{{- if (or .Values.networkPolicy.http.enabled .Values.networkPolicy.transport.enabled) }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "elasticsearch.uname" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" +spec: + podSelector: + matchLabels: + app: "{{ template "elasticsearch.uname" . }}" + ingress: # Allow inbound connections + +{{- if .Values.networkPolicy.http.enabled }} + # For HTTP access + - ports: + - port: {{ .Values.httpPort }} + from: + # From authorized Pods (having the correct label) + - podSelector: + matchLabels: + {{ template "elasticsearch.uname" . }}-http-client: "true" +{{- with .Values.networkPolicy.http.explicitNamespacesSelector }} + # From authorized namespaces + namespaceSelector: +{{ toYaml . | indent 12 }} +{{- end }} +{{- with .Values.networkPolicy.transport.additionalRules }} + # Or from custom additional rules +{{ toYaml . | indent 8 }} +{{- end }} +{{- end }} + +{{- if .Values.networkPolicy.transport.enabled }} + # For transport access + - ports: + - port: {{ .Values.transportPort }} + from: + # From authorized Pods (having the correct label) + - podSelector: + matchLabels: + {{ template "elasticsearch.uname" . }}-transport-client: "true" +{{- with .Values.networkPolicy.transport.explicitNamespacesSelector }} + # From authorized namespaces + namespaceSelector: +{{ toYaml . | indent 12 }} +{{- end }} +{{- with .Values.networkPolicy.transport.additionalRules }} + # Or from custom additional rules +{{ toYaml . | indent 8 }} +{{- end }} + # Or from other ElasticSearch Pods + - podSelector: + matchLabels: + app: "{{ template "elasticsearch.uname" . }}" +{{- end }} + +{{- end }} diff --git a/elasticsearch/templates/service.yaml b/elasticsearch/templates/service.yaml index 4572af078..ee7ba5c9c 100644 --- a/elasticsearch/templates/service.yaml +++ b/elasticsearch/templates/service.yaml @@ -20,7 +20,6 @@ metadata: spec: type: {{ .Values.service.type }} selector: - heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} chart: "{{ .Chart.Name }}" app: "{{ template "elasticsearch.uname" . }}" @@ -41,6 +40,9 @@ spec: loadBalancerSourceRanges: {{ toYaml . | indent 4 }} {{- end }} +{{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} +{{- end }} --- kind: Service apiVersion: v1 diff --git a/elasticsearch/templates/serviceaccount.yaml b/elasticsearch/templates/serviceaccount.yaml index c85e37554..801d1cf90 100644 --- a/elasticsearch/templates/serviceaccount.yaml +++ b/elasticsearch/templates/serviceaccount.yaml @@ -8,6 +8,10 @@ metadata: {{- else }} name: {{ .Values.rbac.serviceAccountName | quote }} {{- end }} + annotations: + {{- with .Values.rbac.serviceAccountAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} labels: heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} diff --git a/elasticsearch/templates/statefulset.yaml b/elasticsearch/templates/statefulset.yaml index 31a6cec02..e44a01624 100644 --- a/elasticsearch/templates/statefulset.yaml +++ b/elasticsearch/templates/statefulset.yaml @@ -1,5 +1,5 @@ --- -apiVersion: {{ template "elasticsearch.statefulset.apiVersion" . }} +apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "elasticsearch.uname" . }} @@ -26,6 +26,15 @@ spec: volumeClaimTemplates: - metadata: name: {{ template "elasticsearch.uname" . }} + {{- if .Values.persistence.labels.enabled }} + labels: + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} {{- with .Values.persistence.annotations }} annotations: {{ toYaml . | indent 8 }} @@ -37,7 +46,6 @@ spec: metadata: name: "{{ template "elasticsearch.uname" . }}" labels: - heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} chart: "{{ .Chart.Name }}" app: "{{ template "elasticsearch.uname" . }}" @@ -113,6 +121,9 @@ spec: - name: {{ .name }} secret: secretName: {{ .secretName }} + {{- if .defaultMode }} + defaultMode: {{ .defaultMode }} + {{- end }} {{- end }} {{- if .Values.esConfig }} - name: esconfig @@ -128,12 +139,24 @@ spec: {{- end }} {{ end }} {{- if .Values.extraVolumes }} + # Currently some extra blocks accept strings + # to continue with backwards compatibility this is being kept + # whilst also allowing for yaml to be specified too. + {{- if eq "string" (printf "%T" .Values.extraVolumes) }} {{ tpl .Values.extraVolumes . | indent 8 }} + {{- else }} +{{ toYaml .Values.extraVolumes | indent 8 }} + {{- end }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} + enableServiceLinks: {{ .Values.enableServiceLinks }} + {{- if .Values.hostAliases }} + hostAliases: {{ toYaml .Values.hostAliases | nindent 8 }} + {{- end }} + {{- if or (.Values.extraInitContainers) (.Values.sysctlInitContainer.enabled) (.Values.keystore) }} initContainers: {{- if .Values.sysctlInitContainer.enabled }} - name: configure-sysctl @@ -173,6 +196,7 @@ spec: cp -a /usr/share/elasticsearch/config/elasticsearch.keystore /tmp/keystore/ env: {{ toYaml .Values.extraEnvs | nindent 10 }} + envFrom: {{ toYaml .Values.envFrom | nindent 10 }} resources: {{ toYaml .Values.initResources | nindent 10 }} volumeMounts: - name: keystore @@ -183,7 +207,15 @@ spec: {{- end }} {{ end }} {{- if .Values.extraInitContainers }} + # Currently some extra blocks accept strings + # to continue with backwards compatibility this is being kept + # whilst also allowing for yaml to be specified too. + {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} {{ tpl .Values.extraInitContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraInitContainers | indent 6 }} + {{- end }} + {{- end }} {{- end }} containers: - name: "{{ template "elasticsearch.name" . }}" @@ -198,32 +230,57 @@ spec: - -c - | #!/usr/bin/env bash -e - # If the node is starting up wait for the cluster to be ready (request params: '{{ .Values.clusterHealthCheckParams }}' ) + # If the node is starting up wait for the cluster to be ready (request params: "{{ .Values.clusterHealthCheckParams }}" ) # Once it has started only check that the node itself is responding START_FILE=/tmp/.es_start_file + # Disable nss cache to avoid filling dentry cache when calling curl + # This is required with Elasticsearch Docker using nss < 3.52 + export NSS_SDB_USE_CACHE=no + http () { - local path="${1}" - if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then - BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}" - else - BASIC_AUTH='' - fi - curl -XGET -s -k --fail ${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}${path} + local path="${1}" + local args="${2}" + set -- -XGET -s + + if [ "$args" != "" ]; then + set -- "$@" $args + fi + + if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then + set -- "$@" -u "${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}" + fi + + curl --output /dev/null -k "$@" "{{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}${path}" } if [ -f "${START_FILE}" ]; then - echo 'Elasticsearch is already running, lets check the node is healthy and there are master nodes available' - http "/_cluster/health?timeout=0s" + echo 'Elasticsearch is already running, lets check the node is healthy' + HTTP_CODE=$(http "/" "-w %{http_code}") + RC=$? + if [[ ${RC} -ne 0 ]]; then + echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}/ failed with RC ${RC}" + exit ${RC} + fi + # ready if HTTP code 200, 503 is tolerable if ES version is 6.x + if [[ ${HTTP_CODE} == "200" ]]; then + exit 0 + elif [[ ${HTTP_CODE} == "503" && "{{ include "elasticsearch.esMajorVersion" . }}" == "6" ]]; then + exit 0 + else + echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}/ failed with HTTP code ${HTTP_CODE}" + exit 1 + fi + else - echo 'Waiting for elasticsearch cluster to become ready (request params: "{{ .Values.clusterHealthCheckParams }}" )' - if http "/_cluster/health?{{ .Values.clusterHealthCheckParams }}" ; then - touch ${START_FILE} - exit 0 - else - echo 'Cluster is not yet ready (request params: "{{ .Values.clusterHealthCheckParams }}" )' - exit 1 - fi + echo 'Waiting for elasticsearch cluster to become ready (request params: "{{ .Values.clusterHealthCheckParams }}" )' + if http "/_cluster/health?{{ .Values.clusterHealthCheckParams }}" "--fail" ; then + touch ${START_FILE} + exit 0 + else + echo 'Cluster is not yet ready (request params: "{{ .Values.clusterHealthCheckParams }}" )' + exit 1 + fi fi {{ toYaml .Values.readinessProbe | indent 10 }} ports: @@ -266,6 +323,10 @@ spec: {{- end }} {{- if .Values.extraEnvs }} {{ toYaml .Values.extraEnvs | indent 10 }} +{{- end }} +{{- if .Values.envFrom }} + envFrom: +{{ toYaml .Values.envFrom | indent 10 }} {{- end }} volumeMounts: {{- if .Values.persistence.enabled }} @@ -290,7 +351,14 @@ spec: subPath: {{ $path }} {{- end -}} {{- if .Values.extraVolumeMounts }} + # Currently some extra blocks accept strings + # to continue with backwards compatibility this is being kept + # whilst also allowing for yaml to be specified too. + {{- if eq "string" (printf "%T" .Values.extraVolumeMounts) }} {{ tpl .Values.extraVolumeMounts . | indent 10 }} + {{- else }} +{{ toYaml .Values.extraVolumeMounts | indent 10 }} + {{- end }} {{- end }} {{- if .Values.masterTerminationFix }} {{- if eq .Values.roles.master "true" }} @@ -344,6 +412,10 @@ spec: {{- if .Values.extraEnvs }} {{ toYaml .Values.extraEnvs | indent 10 }} {{- end }} + {{- if .Values.envFrom }} + envFrom: +{{ toYaml .Values.envFrom | indent 10 }} + {{- end }} {{- end }} {{- end }} {{- if .Values.lifecycle }} @@ -351,5 +423,12 @@ spec: {{ toYaml .Values.lifecycle | indent 10 }} {{- end }} {{- if .Values.extraContainers }} + # Currently some extra blocks accept strings + # to continue with backwards compatibility this is being kept + # whilst also allowing for yaml to be specified too. + {{- if eq "string" (printf "%T" .Values.extraContainers) }} {{ tpl .Values.extraContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraContainers | indent 6 }} + {{- end }} {{- end }} diff --git a/elasticsearch/templates/test/test-elasticsearch-health.yaml b/elasticsearch/templates/test/test-elasticsearch-health.yaml index 8570eb1d9..dd5eaa043 100644 --- a/elasticsearch/templates/test/test-elasticsearch-health.yaml +++ b/elasticsearch/templates/test/test-elasticsearch-health.yaml @@ -4,15 +4,23 @@ kind: Pod metadata: name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test" annotations: - "helm.sh/hook": test-success + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded spec: + securityContext: +{{ toYaml .Values.podSecurityContext | indent 4 }} containers: - name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test" image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" command: - "sh" - "-c" - | #!/usr/bin/env bash -e curl -XGET --fail '{{ template "elasticsearch.uname" . }}:{{ .Values.httpPort }}/_cluster/health?{{ .Values.clusterHealthCheckParams }}' + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 4 }} + {{- end }} restartPolicy: Never diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py index 16d05c79f..2c2bb06bd 100755 --- a/elasticsearch/tests/elasticsearch_test.py +++ b/elasticsearch/tests/elasticsearch_test.py @@ -73,7 +73,6 @@ def test_defaults(): assert "curl" in c["readinessProbe"]["exec"]["command"][-1] assert "http://127.0.0.1:9200" in c["readinessProbe"]["exec"]["command"][-1] - assert "/_cluster/health?timeout=0s" in c["readinessProbe"]["exec"]["command"][-1] # Resources assert c["resources"] == { @@ -85,8 +84,10 @@ def test_defaults(): assert c["volumeMounts"][0]["mountPath"] == "/usr/share/elasticsearch/data" assert c["volumeMounts"][0]["name"] == uname + # volumeClaimTemplates v = r["statefulset"][uname]["spec"]["volumeClaimTemplates"][0] assert v["metadata"]["name"] == uname + assert "labels" not in v["metadata"] assert v["spec"]["accessModes"] == ["ReadWriteOnce"] assert v["spec"]["resources"]["requests"]["storage"] == "30Gi" @@ -140,6 +141,7 @@ def test_defaults(): assert "tolerations" not in r["statefulset"][uname]["spec"]["template"]["spec"] assert "nodeSelector" not in r["statefulset"][uname]["spec"]["template"]["spec"] assert "ingress" not in r + assert "hostAliases" not in r["statefulset"][uname]["spec"]["template"]["spec"] def test_increasing_the_replicas(): @@ -284,6 +286,19 @@ def test_adding_extra_env_vars(): assert {"name": "hello", "value": "world"} in env +def test_adding_env_from(): + config = """ +envFrom: +- secretRef: + name: secret-name +""" + r = helm_template(config) + secretRef = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0][ + "envFrom" + ][0]["secretRef"] + assert secretRef == {"name": "secret-name"} + + def test_adding_a_extra_volume_with_volume_mount(): config = """ extraVolumes: | @@ -307,6 +322,29 @@ def test_adding_a_extra_volume_with_volume_mount(): } in extraVolumeMounts +def test_adding_a_extra_volume_with_volume_mount_as_yaml(): + config = """ +extraVolumes: + - name: extras + emptyDir: {} +extraVolumeMounts: + - name: extras + mountPath: /usr/share/extras + readOnly: true +""" + r = helm_template(config) + extraVolume = r["statefulset"][uname]["spec"]["template"]["spec"]["volumes"] + assert {"name": "extras", "emptyDir": {}} in extraVolume + extraVolumeMounts = r["statefulset"][uname]["spec"]["template"]["spec"][ + "containers" + ][0]["volumeMounts"] + assert { + "name": "extras", + "mountPath": "/usr/share/extras", + "readOnly": True, + } in extraVolumeMounts + + def test_adding_a_extra_container(): config = """ extraContainers: | @@ -323,6 +361,22 @@ def test_adding_a_extra_container(): } in extraContainer +def test_adding_a_extra_container_as_yaml(): + config = """ +extraContainers: + - name: do-something + image: busybox + command: ['do', 'something'] +""" + r = helm_template(config) + extraContainer = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"] + assert { + "name": "do-something", + "image": "busybox", + "command": ["do", "something"], + } in extraContainer + + def test_adding_a_extra_init_container(): config = """ extraInitContainers: | @@ -341,16 +395,31 @@ def test_adding_a_extra_init_container(): } in extraInitContainer +def test_adding_a_extra_init_container_as_yaml(): + config = """ +extraInitContainers: + - name: do-something + image: busybox + command: ['do', 'something'] +""" + r = helm_template(config) + extraInitContainer = r["statefulset"][uname]["spec"]["template"]["spec"][ + "initContainers" + ] + assert { + "name": "do-something", + "image": "busybox", + "command": ["do", "something"], + } in extraInitContainer + + def test_sysctl_init_container_disabled(): config = """ sysctlInitContainer: enabled: false """ r = helm_template(config) - initContainers = r["statefulset"][uname]["spec"]["template"]["spec"][ - "initContainers" - ] - assert initContainers is None + assert "initContainers" not in r["statefulset"][uname]["spec"]["template"]["spec"] def test_sysctl_init_container_enabled(): @@ -410,6 +479,23 @@ def test_adding_multiple_persistence_annotations(): assert annotations["world"] == "hello" +def test_enabling_persistence_label_in_volumeclaimtemplate(): + config = """ +persistence: + labels: + enabled: true +""" + r = helm_template(config) + volume_claim_template_labels = r["statefulset"][uname]["spec"][ + "volumeClaimTemplates" + ][0]["metadata"]["labels"] + statefulset_labels = r["statefulset"][uname]["metadata"]["labels"] + expected_labels = statefulset_labels + # heritage label shouldn't be present in volumeClaimTemplates labels + expected_labels.pop("heritage") + assert volume_claim_template_labels == expected_labels + + def test_adding_a_secret_mount(): config = """ secretMounts: @@ -445,6 +531,24 @@ def test_adding_a_secret_mount_with_subpath(): } +def test_adding_a_secret_mount_with_default_mode(): + config = """ +secretMounts: + - name: elastic-certificates + secretName: elastic-certs + path: /usr/share/elasticsearch/config/certs + subPath: cert.crt + defaultMode: 0755 +""" + r = helm_template(config) + s = r["statefulset"][uname]["spec"]["template"]["spec"] + assert s["containers"][0]["volumeMounts"][-1] == { + "mountPath": "/usr/share/elasticsearch/config/certs", + "subPath": "cert.crt", + "name": "elastic-certificates", + } + + def test_adding_image_pull_secrets(): config = """ imagePullSecrets: @@ -489,6 +593,22 @@ def test_adding_pod_annotations(): ) +def test_adding_serviceaccount_annotations(): + config = """ +rbac: + create: true + serviceAccountAnnotations: + eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount +""" + r = helm_template(config) + assert ( + r["serviceaccount"][uname]["metadata"]["annotations"][ + "eks.amazonaws.com/role-arn" + ] + == "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount" + ) + + def test_adding_a_node_selector(): config = """ nodeSelector: @@ -571,6 +691,54 @@ def test_adding_a_node_affinity(): def test_adding_an_ingress_rule(): config = """ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + hosts: + - host: elasticsearch.elastic.co + paths: + - path: / + - host: '' + paths: + - path: / + - path: /mypath + servicePort: 8888 + - host: elasticsearch.hello.there + paths: + - path: / + servicePort: 9999 + tls: + - secretName: elastic-co-wildcard + hosts: + - elasticsearch.elastic.co +""" + + r = helm_template(config) + assert uname in r["ingress"] + i = r["ingress"][uname]["spec"] + assert i["tls"][0]["hosts"][0] == "elasticsearch.elastic.co" + assert i["tls"][0]["secretName"] == "elastic-co-wildcard" + + assert i["rules"][0]["host"] == "elasticsearch.elastic.co" + assert i["rules"][0]["http"]["paths"][0]["path"] == "/" + assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == uname + assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 9200 + assert i["rules"][1]["host"] == None + assert i["rules"][1]["http"]["paths"][0]["path"] == "/" + assert i["rules"][1]["http"]["paths"][0]["backend"]["serviceName"] == uname + assert i["rules"][1]["http"]["paths"][0]["backend"]["servicePort"] == 9200 + assert i["rules"][1]["http"]["paths"][1]["path"] == "/mypath" + assert i["rules"][1]["http"]["paths"][1]["backend"]["serviceName"] == uname + assert i["rules"][1]["http"]["paths"][1]["backend"]["servicePort"] == 8888 + assert i["rules"][2]["host"] == "elasticsearch.hello.there" + assert i["rules"][2]["http"]["paths"][0]["path"] == "/" + assert i["rules"][2]["http"]["paths"][0]["backend"]["serviceName"] == uname + assert i["rules"][2]["http"]["paths"][0]["backend"]["servicePort"] == 9999 + + +def test_adding_a_deprecated_ingress_rule(): + config = """ ingress: enabled: true annotations: @@ -743,6 +911,23 @@ def test_adding_a_loadBalancerIP(): assert r["service"][uname]["spec"]["loadBalancerIP"] == "12.4.19.81" +def test_adding_an_externalTrafficPolicy(): + config = "" + + r = helm_template(config) + + assert "externalTrafficPolicy" not in r["service"][uname]["spec"] + + config = """ + service: + externalTrafficPolicy: Local + """ + + r = helm_template(config) + + assert r["service"][uname]["spec"]["externalTrafficPolicy"] == "Local" + + def test_adding_a_label_on_non_headless_service(): config = "" @@ -880,16 +1065,6 @@ def test_esMajorVersion_always_wins(): assert r["statefulset"][uname]["metadata"]["annotations"]["esMajorVersion"] == "7" -def test_esMajorVersion_parse_image_tag_for_oss_image(): - config = """ - image: docker.elastic.co/elasticsearch/elasticsearch-oss - imageTag: 6.3.2 - """ - - r = helm_template(config) - assert r["statefulset"][uname]["metadata"]["annotations"]["esMajorVersion"] == "6" - - def test_set_pod_security_context(): config = "" r = helm_template(config) @@ -1211,3 +1386,124 @@ def test_full_name_override(): assert "customfullName" in r["statefulset"] assert "customfullName" in r["service"] + + +def test_initial_master_nodes_when_using_full_name_override(): + config = """ +fullnameOverride: "customfullName" +""" + r = helm_template(config) + env = r["statefulset"]["customfullName"]["spec"]["template"]["spec"]["containers"][ + 0 + ]["env"] + assert { + "name": "cluster.initial_master_nodes", + "value": "customfullName-0," + "customfullName-1," + "customfullName-2,", + } in env + + +def test_hostaliases(): + config = """ +hostAliases: +- ip: "127.0.0.1" + hostnames: + - "foo.local" + - "bar.local" +""" + r = helm_template(config) + hostAliases = r["statefulset"][uname]["spec"]["template"]["spec"]["hostAliases"] + assert {"ip": "127.0.0.1", "hostnames": ["foo.local", "bar.local"]} in hostAliases + + +def test_network_policy(): + config = """ +networkPolicy: + http: + enabled: true + explicitNamespacesSelector: + # Accept from namespaces with all those different rules (from whitelisted Pods) + matchLabels: + role: frontend + matchExpressions: + - {key: role, operator: In, values: [frontend]} + additionalRules: + - podSelector: + matchLabels: + role: frontend + - podSelector: + matchExpressions: + - key: role + operator: In + values: + - frontend + transport: + enabled: true + allowExternal: true + explicitNamespacesSelector: + matchLabels: + role: frontend + matchExpressions: + - {key: role, operator: In, values: [frontend]} + additionalRules: + - podSelector: + matchLabels: + role: frontend + - podSelector: + matchExpressions: + - key: role + operator: In + values: + - frontend + +""" + r = helm_template(config) + ingress = r["networkpolicy"][uname]["spec"]["ingress"] + pod_selector = r["networkpolicy"][uname]["spec"]["podSelector"] + http = ingress[0] + transport = ingress[1] + assert http["from"] == [ + { + "podSelector": { + "matchLabels": {"elasticsearch-master-http-client": "true"} + }, + "namespaceSelector": { + "matchExpressions": [ + {"key": "role", "operator": "In", "values": ["frontend"]} + ], + "matchLabels": {"role": "frontend"}, + }, + }, + {"podSelector": {"matchLabels": {"role": "frontend"}}}, + { + "podSelector": { + "matchExpressions": [ + {"key": "role", "operator": "In", "values": ["frontend"]} + ] + } + }, + ] + assert http["ports"][0]["port"] == 9200 + assert transport["from"] == [ + { + "podSelector": { + "matchLabels": {"elasticsearch-master-transport-client": "true"} + }, + "namespaceSelector": { + "matchExpressions": [ + {"key": "role", "operator": "In", "values": ["frontend"]} + ], + "matchLabels": {"role": "frontend"}, + }, + }, + {"podSelector": {"matchLabels": {"role": "frontend"}}}, + { + "podSelector": { + "matchExpressions": [ + {"key": "role", "operator": "In", "values": ["frontend"]} + ] + } + }, + {"podSelector": {"matchLabels": {"app": "elasticsearch-master"}}}, + ] + assert transport["ports"][0]["port"] == 9300 + assert pod_selector == {"matchLabels": {"app": "elasticsearch-master",}} diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 4486d53c2..dad4a2e99 100755 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -12,6 +12,8 @@ roles: master: "true" ingest: "true" data: "true" + remote_cluster_client: "true" + ml: "true" replicas: 3 minimumMasterNodes: 2 @@ -34,6 +36,13 @@ extraEnvs: [] # - name: MY_ENVIRONMENT_VAR # value: the_value_goes_here +# Allows you to load environment variables from kubernetes secret or config map +envFrom: [] +# - secretRef: +# name: env-secret +# - configMapRef: +# name: config-map + # A list of secrets and their paths to mount inside the pod # This is useful for mounting certificates for security and for mounting # the X-Pack license @@ -41,9 +50,16 @@ secretMounts: [] # - name: elastic-certificates # secretName: elastic-certificates # path: /usr/share/elasticsearch/config/certs +# defaultMode: 0755 + +hostAliases: [] +#- ip: "127.0.0.1" +# hostnames: +# - "foo.local" +# - "bar.local" image: "docker.elastic.co/elasticsearch/elasticsearch" -imageTag: "7.6.2" +imageTag: "7.12.0-SNAPSHOT" imagePullPolicy: "IfNotPresent" podAnnotations: {} @@ -88,6 +104,7 @@ volumeClaimTemplate: rbac: create: false + serviceAccountAnnotations: {} serviceAccountName: "" podSecurityPolicy: @@ -107,26 +124,30 @@ podSecurityPolicy: - secret - configMap - persistentVolumeClaim + - emptyDir persistence: enabled: true + labels: + # Add default labels for the volumeClaimTemplate of the StatefulSet + enabled: false annotations: {} -extraVolumes: "" +extraVolumes: [] # - name: extras # emptyDir: {} -extraVolumeMounts: "" +extraVolumeMounts: [] # - name: extras # mountPath: /usr/share/extras # readOnly: true -extraContainers: "" +extraContainers: [] # - name: do-something # image: busybox # command: ['do', 'something'] -extraInitContainers: "" +extraInitContainers: [] # - name: do-something # image: busybox # command: ['do', 'something'] @@ -151,6 +172,11 @@ nodeAffinity: {} # the same time when bootstrapping the cluster podManagementPolicy: "Parallel" +# The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when +# there are many services in the current namespace. +# If you experience slow pod startups you probably want to set this to `false`. +enableServiceLinks: true + protocol: http httpPort: 9200 transportPort: 9300 @@ -165,6 +191,7 @@ service: transportPortName: transport loadBalancerIP: "" loadBalancerSourceRanges: [] + externalTrafficPolicy: "" updateStrategy: RollingUpdate @@ -177,10 +204,6 @@ podSecurityContext: fsGroup: 1000 runAsUser: 1000 -# The following value is deprecated, -# please use the above podSecurityContext.fsGroup instead -fsGroup: "" - securityContext: capabilities: drop: @@ -201,7 +224,7 @@ readinessProbe: successThreshold: 3 timeoutSeconds: 5 -# https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params wait_for_status +# https://www.elastic.co/guide/en/elasticsearch/reference/7.12/cluster-health.html#request-params wait_for_status clusterHealthCheckParams: "wait_for_status=green&timeout=1s" ## Use an alternate scheduler. @@ -220,9 +243,10 @@ ingress: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - path: / hosts: - - chart-example.local + - host: chart-example.local + paths: + - path: / tls: [] # - secretName: chart-example-tls # hosts: @@ -258,3 +282,62 @@ sysctlInitContainer: enabled: true keystore: [] + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## In order for a Pod to access Elasticsearch, it needs to have the following label: + ## {{ template "uname" . }}-client: "true" + ## Example for default configuration to access HTTP port: + ## elasticsearch-master-http-client: "true" + ## Example for default configuration to access transport port: + ## elasticsearch-master-transport-client: "true" + + http: + enabled: false + ## if explicitNamespacesSelector is not set or set to {}, only client Pods being in the networkPolicy's namespace + ## and matching all criteria can reach the DB. + ## But sometimes, we want the Pods to be accessible to clients from other namespaces, in this case, we can use this + ## parameter to select these namespaces + ## + # explicitNamespacesSelector: + # # Accept from namespaces with all those different rules (only from whitelisted Pods) + # matchLabels: + # role: frontend + # matchExpressions: + # - {key: role, operator: In, values: [frontend]} + + ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. + ## + # additionalRules: + # - podSelector: + # matchLabels: + # role: frontend + # - podSelector: + # matchExpressions: + # - key: role + # operator: In + # values: + # - frontend + + transport: + ## Note that all Elasticsearch Pods can talks to themselves using transport port even if enabled. + enabled: false + # explicitNamespacesSelector: + # matchLabels: + # role: frontend + # matchExpressions: + # - {key: role, operator: In, values: [frontend]} + # additionalRules: + # - podSelector: + # matchLabels: + # role: frontend + # - podSelector: + # matchExpressions: + # - key: role + # operator: In + # values: + # - frontend + +# Deprecated +# please use the above podSecurityContext.fsGroup instead +fsGroup: "" diff --git a/filebeat/Chart.yaml b/filebeat/Chart.yaml index 1e810b5a5..ddf938120 100755 --- a/filebeat/Chart.yaml +++ b/filebeat/Chart.yaml @@ -5,8 +5,8 @@ maintainers: - email: helm-charts@elastic.co name: Elastic name: filebeat -version: 7.6.2 -appVersion: 7.6.2 +version: 7.12.0-SNAPSHOT +appVersion: 7.12.0-SNAPSHOT sources: - https://github.com/elastic/beats icon: https://helm.elastic.co/icons/beats.png diff --git a/filebeat/README.md b/filebeat/README.md index 388c09b68..10b76472c 100644 --- a/filebeat/README.md +++ b/filebeat/README.md @@ -1,138 +1,272 @@ # Filebeat Helm Chart -This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. +[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+master.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/elastic)](https://artifacthub.io/packages/search?repo=elastic) + +This Helm chart is a lightweight way to configure and run our official +[Filebeat Docker image][]. + + +**Warning**: This branch is used for development, please use the latest [7.x][] release for released version. + + + + + +- [Requirements](#requirements) +- [Installing](#installing) + - [Install released version using Helm repository](#install-released-version-using-helm-repository) + - [Install development version from a branch](#install-development-version-from-a-branch) +- [Upgrading](#upgrading) +- [Usage notes](#usage-notes) +- [Configuration](#configuration) + - [Deprecated](#deprecated) +- [FAQ](#faq) + - [How to use Filebeat with Elasticsearch with security (authentication and TLS) enabled?](#how-to-use-filebeat-with-elasticsearch-with-security-authentication-and-tls-enabled) + - [How to install OSS version of Filebeat?](#how-to-install-oss-version-of-filebeat) + - [Why is Filebeat host.name field set to Kubernetes pod name?](#why-is-filebeat-hostname-field-set-to-kubernetes-pod-name) + - [How do I get multiple beats agents working with hostNetworking enabled?](#how-do-i-get-multiple-beats-agents-working-with-hostnetworking-enabled) + - [How to change readinessProbe for outputs which don't support testing](#how-to-change-readinessprobe-for-outputs-which-dont-support-testing) +- [Contributing](#contributing) + + + + -This helm chart is a lightweight way to configure and run our official [Filebeat docker image](https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html). ## Requirements -* [Helm](https://helm.sh/) >=2.8.0 and <3.0.0 (see parent [README](https://github.com/elastic/helm-charts/tree/master/README.md) for more details) -* Kubernetes >=1.9 +* Kubernetes >= 1.14 +* [Helm][] >= 2.17.0 + +See [supported configurations][] for more details. -## Usage notes and getting started -* The default Filebeat configuration file for this chart is configured to use an Elasticsearch endpoint. Without any additional changes, Filebeat will send documents to the service URL that the Elasticsearch helm chart sets up by default. You may either set the `ELASTICSEARCH_HOSTS` environment variable in `extraEnvs` to override this endpoint or modify the default `filebeatConfig` to change this behavior. -* The default Filebeat configuration file is also configured to capture container logs and enrich them with Kubernetes metadata by default. This will capture all container logs in the cluster. -* This chart disables the [HostNetwork](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces) setting by default for compatibility reasons with the majority of kubernetes providers and scenarios. Some kubernetes providers may not allow enabling `hostNetwork` and deploying multiple Filebeat pods on the same node isn't possible with `hostNetwork`. However Filebeat does recommend activating it. If your kubernetes provider is compatible with `hostNetwork` and you don't need to run multiple Filebeat daemonsets, you can activate it by setting `hostNetworking: true` in [values.yaml](https://github.com/elastic/helm-charts/tree/master/filebeat/values.yaml). ## Installing -### Using Helm repository +This chart is tested with the latest 7.12.0-SNAPSHOT version. -* Add the elastic helm charts repo - ``` - helm repo add elastic https://helm.elastic.co - ``` -* Install it - ``` - helm install --name filebeat elastic/filebeat - ``` +### Install released version using Helm repository -### Using master branch +* Add the Elastic Helm charts repo: +`helm repo add elastic https://helm.elastic.co` -* Clone the git repo - ``` - git clone git@github.com:elastic/helm-charts.git - ``` -* Install it - ``` - helm install --name filebeat ./helm-charts/filebeat - ``` +* Install it: + - with Helm 3: `helm install filebeat --version elastic/filebeat` + - with Helm 2 (deprecated): `helm install --name filebeat --version elastic/filebeat` -## Compatibility +### Install development version from a branch -This chart is tested with the latest supported versions. The currently tested versions are: +* Clone the git repo: `git clone git@github.com:elastic/helm-charts.git` -| 6.x | 7.x | -| ----- | ----- | -| 6.8.8 | 7.6.2 | +* Checkout the branch : `git checkout 7.12` +* Install it: + - with Helm 3: `helm install filebeat ./helm-charts/filebeat --set imageTag=7.12.0-SNAPSHOT` + - with Helm 2 (deprecated): `helm install --name filebeat ./helm-charts/filebeat --set imageTag=7.12.0-SNAPSHOT` -Examples of installing older major versions can be found in the [examples](https://github.com/elastic/helm-charts/tree/master/filebeat/examples) directory. -While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.6.2` of Filebeat it would look like this: +## Upgrading -``` -helm install --name filebeat elastic/filebeat --set imageTag=7.6.2 -``` +Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before +upgrading to a new chart version. -## Configuration -| Parameter | Description | Default | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------- | -| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml`. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/filebeat/values.yaml) for an example of the formatting with the default configuration. | see [values.yaml](https://github.com/elastic/helm-charts/tree/master/filebeat/values.yaml) | -| `extraContainers` | List of additional init containers to be added at the Daemonset | `""` | -| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` | -| `extraInitContainers` | List of additional init containers to be added at the Daemonset. It also accepts a templatable string of additional containers to be passed to the `tpl` function | `[]` | -| `extraVolumeMounts` | List of additional volumeMounts to be mounted on the Daemonset | `[]` | -| `extraVolumes` | List of additional volumes to be mounted on the Daemonset | `[]` | -| `envFrom` | Templatable string of envFrom to be passed to the [environment from variables](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables) which will be appended to the `envFrom:` definition for the container | `[]` | -| `hostPathRoot` | Fully-qualified [hostPath](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) that will be used to persist Filebeat registry data | `/var/lib` | -| `hostNetworking` | Use host networking in the daemonset so that hostname is reported correctly | `false` | -| `image` | The Filebeat docker image | `docker.elastic.co/beats/filebeat` | -| `imageTag` | The Filebeat docker image tag | `7.6.2` | -| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` | -| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` | -| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles. | `true` | -| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Filebeat pods | `{}` | -| `labels` | Configurable [label](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) applied to all Filebeat pods | `{}` | -| `podSecurityContext` | Configurable [podSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for Filebeat pod execution environment | `runAsUser: 0`
`privileged: false` | -| `livenessProbe` | Parameters to pass to [liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) checks for values such as timeouts and thresholds. | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` | -| `readinessProbe` | Parameters to pass to [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) checks for values such as timeouts and thresholds. | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` | -| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the `DaemonSet` | `requests.cpu: 100m`
`requests.memory: 100Mi`
`limits.cpu: 1000m`
`limits.memory: 200Mi` | -| `serviceAccount` | Custom [serviceAccount](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) that Filebeat will use during execution. By default will use the service account created by this chart. | `""` | -| `secretMounts` | Allows you easily mount a secret as a file inside the `DaemonSet`. Useful for mounting certificates and other secrets. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/filebeat/values.yaml) for an example | `[]` | -| `terminationGracePeriod` | Termination period (in seconds) to wait before killing Filebeat pod process on pod shutdown | `30` | -| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| `nodeSelector` | Configurable [nodeSelector](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) | `{}` | -| `affinity` | Configurable [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | `{}` | -| `priorityClassName` | The [name of the PriorityClass](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). No default is supplied as the PriorityClass must be created first. | `""` | -| `updateStrategy` | The [updateStrategy](https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy) for the `DaemonSet`. By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually. | `RollingUpdate` | -| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to "`.Release.Name`-`.Values.nameOverride or .Chart.Name`" | `""` | - -## Examples - -In [examples/](https://github.com/elastic/helm-charts/tree/master/filebeat/examples) you will find some example configurations. These examples are used for the automated testing of this helm chart. - -### Default - -* Deploy the [default Elasticsearch helm chart](https://github.com/elastic/helm-charts/tree/master/elasticsearch/README.md#default) -* Deploy Filebeat with the default values - ``` - cd examples/default - make - ``` -* You can now setup a port forward for Elasticsearch to observe Filebeat indices - ``` - kubectl port-forward svc/elasticsearch-master 9200 - curl localhost:9200/_cat/indices - ``` - -## Testing - -This chart uses [pytest](https://docs.pytest.org/en/latest/) to test the templating logic. The dependencies for testing can be installed from the [`requirements.txt`](https://github.com/elastic/helm-charts/tree/master/requirements.txt) in the parent directory. +## Usage notes -``` -pip install -r ../requirements.txt -make pytest -``` +* The default Filebeat configuration file for this chart is configured to use an +Elasticsearch endpoint. Without any additional changes, Filebeat will send +documents to the service URL that the Elasticsearch Helm chart sets up by +default. You may either set the `ELASTICSEARCH_HOSTS` environment variable in +`extraEnvs` to override this endpoint or modify the default `filebeatConfig` to +change this behavior. +* The default Filebeat configuration file is also configured to capture +container logs and enrich them with Kubernetes metadata by default. This will +capture all container logs in the cluster. +* This chart disables the [HostNetwork][] setting by default for compatibility +reasons with the majority of kubernetes providers and scenarios. Some kubernetes +providers may not allow enabling `hostNetwork` and deploying multiple Filebeat +pods on the same node isn't possible with `hostNetwork` However Filebeat does +recommend activating it. If your kubernetes provider is compatible with +`hostNetwork` and you don't need to run multiple Filebeat DaemonSets, you can +activate it by setting `hostNetworking: true` in [values.yaml][]. +* This repo includes a number of [examples][] configurations which can be used +as a reference. They are also used in the automated testing of this chart. -You can also use `helm template` to look at the YAML being generated -``` -make template -``` +## Configuration -It is possible to run all of the tests and linting inside of a docker container +| Parameter | Description | Default | +|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------| +| `clusterRoleRules` | Configurable [cluster role rules][] that Filebeat uses to access Kubernetes resources | see [values.yaml][] | +| `daemonset.annotations` | Configurable [annotations][] for filebeat daemonset | `{}` | +| `daemonset.labels` | Configurable [labels][] applied to all filebeat DaemonSet pods | `{}` | +| `daemonset.affinity` | Configurable [affinity][] for filebeat daemonset | `{}` | +| `daemonset.enabled` | If true, enable daemonset | `true` | +| `daemonset.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for DaemonSet | `[]` | +| `daemonset.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for DaemonSet | `[]` | +| `daemonset.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for DaemonSet | `[]` | +| `daemonset.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for DaemonSet | `[]` | +| `daemonset.hostAliases` | Configurable [hostAliases][] for filebeat DaemonSet | `[]` | +| `daemonset.hostNetworking` | Enable filebeat DaemonSet to use `hostNetwork` | `false` | +| `daemonset.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat DaemonSet | see [values.yaml][] | +| `daemonset.maxUnavailable` | The [maxUnavailable][] value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` | +| `daemonset.nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` | +| `daemonset.secretMounts` | Allows you easily mount a secret as a file inside the DaemonSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `daemonset.podSecurityContext` | Configurable [podSecurityContext][] for filebeat DaemonSet pod execution environment | see [values.yaml][] | +| `daemonset.resources` | Allows you to set the [resources][] for filebeat DaemonSet | see [values.yaml][] | +| `daemonset.tolerations` | Configurable [tolerations][] for filebeat DaemonSet | `[]` | +| `deployment.annotations` | Configurable [annotations][] for filebeat Deployment | `{}` | +| `deployment.labels` | Configurable [labels][] applied to all filebeat Deployment pods | `{}` | +| `deployment.affinity` | Configurable [affinity][] for filebeat Deployment | `{}` | +| `deployment.enabled` | If true, enable deployment | `false` | +| `deployment.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for Deployment | `[]` | +| `deployment.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for Deployment | `[]` | +| `deployment.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for DaemonSet | `[]` | +| `deployment.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for Deployment | `[]` | +| `daemonset.hostAliases` | Configurable [hostAliases][] for filebeat Deployment | `[]` | +| `deployment.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat Deployment | see [values.yaml][] | +| `deployment.nodeSelector` | Configurable [nodeSelector][] for filebeat Deployment | `{}` | +| `deployment.secretMounts` | Allows you easily mount a secret as a file inside the Deployment Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `deployment.resources` | Allows you to set the [resources][] for filebeat Deployment | see [values.yaml][] | +| `deployment.securityContext` | Configurable [securityContext][] for filebeat Deployment pod execution environment | see [values.yaml][] | +| `deployment.tolerations` | Configurable [tolerations][] for filebeat Deployment | `[]` | +| `replicas` | The replica count for the Filebeat deployment | `1` | +| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` | +| `hostPathRoot` | Fully-qualified [hostPath][] that will be used to persist filebeat registry data | `/var/lib` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The filebeat Docker image tag | `7.12.0-SNAPSHOT` | +| `image` | The filebeat Docker image | `docker.elastic.co/beats/filebeat` | +| `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles | `true` | +| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | +| `podAnnotations` | Configurable [annotations][] applied to all filebeat pods | `{}` | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | +| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `serviceAccount` | Custom [serviceAccount][] that filebeat will use during execution. By default will use the service account created by this chart | `""` | +| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}` | +| `terminationGracePeriod` | Termination period (in seconds) to wait before killing filebeat pod process on pod shutdown | `30` | +| `updateStrategy` | The [updateStrategy][] for the DaemonSet By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` | + +### Deprecated + +| Parameter | Description | Default | +|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|---------| +| `affinity` | Configurable [affinity][] for filebeat DaemonSet | `{}` | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` | +| `extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` | +| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for both filebeat DaemonSet and Deployment | `{}` | +| `hostAliases` | Configurable [hostAliases][] | `[]` | +| `nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` | +| `podSecurityContext` | Configurable [securityContext][] for filebeat DaemonSet and Deployment pod execution environment | `{}` | +| `resources` | Allows you to set the [resources][] for both filebeat DaemonSet and Deployment | `{}` | +| `secretMounts` | Allows you easily mount a secret as a file inside DaemonSet and Deployment Useful for mounting certificates and other secrets | `[]` | +| `tolerations` | Configurable [tolerations][] for both filebeat DaemonSet and Deployment | `[]` | +| `labels` | Configurable [labels][] applied to all filebeat pods | `{}` | + +## FAQ + +### How to use Filebeat with Elasticsearch with security (authentication and TLS) enabled? + +This Helm chart can use existing [Kubernetes secrets][] to setup +credentials or certificates for examples. These secrets should be created +outside of this chart and accessed using [environment variables][] and volumes. + +An example can be found in [examples/security][]. + +### How to install OSS version of Filebeat? + +Deploying OSS version of Filebeat can be done by setting `image` value to +[Filebeat OSS Docker image][] + +An example of Filebeat deployment using OSS version can be found in +[examples/oss][]. + +### Why is Filebeat host.name field set to Kubernetes pod name? + +The default Filebeat configuration is using Filebeat pod name for +`agent.hostname` and `host.name` fields. The `hostname` of the Kubernetes nodes +can be find in `kubernetes.node.name` field. If you would like to have +`agent.hostname` and `host.name` fields set to the hostname of the nodes, you'll +need to set `hostNetworking` value to true. + +Note that enabling [hostNetwork][] make Filebeat pod use the host network +namespace which gives it access to the host loopback device, services listening +on localhost, could be used to snoop on network activity of other pods on the +same node. + +### How do I get multiple beats agents working with hostNetworking enabled? + +The default http port for multiple beats agents may be on the same port, for +example, Filebeats and Metricbeats both default to 5066. When `hostNetworking` +is enabled this will cause collisions when standing up the http server. The work +around for this is to set `http.port` in the config file for one of the beats agent +to use a different port. + +### How to change readinessProbe for outputs which don't support testing + +Some [Filebeat outputs][] like [Kafka output][] don't support testing using +`filebeat test output` command which is used by Filebeat chart readiness probe. + +This makes Filebeat pods crash before being ready with the following message: +`Readiness probe failed: kafka output doesn't support testing`. + +The workaround when using this kind of output is to override the readiness probe +command to check Filebeat API instead (same as existing liveness probe). ``` -make test +readinessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + curl --fail 127.0.0.1:5066 ``` -## Integration Testing - -Integration tests are run using [goss](https://github.com/aelsabbahy/goss/blob/master/docs/manual.md) which is a serverspec like tool written in golang. See [goss.yaml](https://github.com/elastic/helm-charts/tree/master/filebeat/examples/default/test/goss.yaml) for an example of what the tests look like. -To run the goss tests against the default example: -``` -cd examples/default -make goss -``` +## Contributing + +Please check [CONTRIBUTING.md][] before any contribution or for any questions +about our development and testing process. + +[7.x]: https://github.com/elastic/helm-charts/releases +[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/master/BREAKING_CHANGES.md +[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/master/CHANGELOG.md +[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +[cluster role rules]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole +[dnsConfig]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config +[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +[examples]: https://github.com/elastic/helm-charts/tree/7.12/filebeat/examples +[examples/oss]: https://github.com/elastic/helm-charts/tree/7.12/filebeat/examples/oss +[examples/security]: https://github.com/elastic/helm-charts/tree/7.12/filebeat/examples/security +[filebeat docker image]: https://www.elastic.co/guide/en/beats/filebeat/7.12/running-on-docker.html +[filebeat oss docker image]: https://www.docker.elastic.co/r/beats/filebeat-oss +[filebeat outputs]: https://www.elastic.co/guide/en/beats/filebeat/7.12/configuring-output.html +[helm]: https://helm.sh +[hostAliases]: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +[hostNetwork]: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces +[hostPath]: https://kubernetes.io/docs/concepts/storage/volumes/#hostpath +[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images +[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +[kafka output]: https://www.elastic.co/guide/en/beats/filebeat/7.12/kafka-output.html +[kubernetes secrets]: https://kubernetes.io/docs/concepts/configuration/secret/ +[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +[maxUnavailable]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget +[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +[podSecurityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ +[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +[supported configurations]: https://github.com/elastic/helm-charts/tree/7.12/README.md#supported-configurations +[serviceAccount]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[updateStrategy]: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy +[values.yaml]: https://github.com/elastic/helm-charts/tree/7.12/filebeat/values.yaml diff --git a/filebeat/examples/6.x/Makefile b/filebeat/examples/6.x/Makefile deleted file mode 100644 index 34bc979b4..000000000 --- a/filebeat/examples/6.x/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -default: test - -include ../../../helpers/examples.mk - -RELEASE := helm-filebeat-six - -install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values values.yaml ../../ - -test: install goss - -purge: - helm del --purge $(RELEASE) diff --git a/filebeat/examples/6.x/test/goss.yaml b/filebeat/examples/6.x/test/goss.yaml deleted file mode 100644 index 1d43bc0d4..000000000 --- a/filebeat/examples/6.x/test/goss.yaml +++ /dev/null @@ -1,21 +0,0 @@ -port: - tcp:5066: - listening: true - ip: - - '127.0.0.1' - -mount: - /usr/share/filebeat/data: - exists: true -user: - filebeat: - exists: true - uid: 1000 - gid: 1000 - -http: - http://six-master:9200/_cat/indices: - status: 200 - timeout: 2000 - body: - - 'filebeat-6.8.8' diff --git a/filebeat/examples/6.x/values.yaml b/filebeat/examples/6.x/values.yaml deleted file mode 100644 index 96987de4d..000000000 --- a/filebeat/examples/6.x/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -imageTag: 6.8.8 - -extraEnvs: - - name: ELASTICSEARCH_HOSTS - value: six-master:9200 diff --git a/filebeat/examples/default/Makefile b/filebeat/examples/default/Makefile index 6cfa6a648..b39ece967 100644 --- a/filebeat/examples/default/Makefile +++ b/filebeat/examples/default/Makefile @@ -5,9 +5,9 @@ include ../../../helpers/examples.mk RELEASE := helm-filebeat-default install: - helm upgrade --wait --timeout=600 --install $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/filebeat/examples/default/README.md b/filebeat/examples/default/README.md new file mode 100644 index 000000000..0a2670239 --- /dev/null +++ b/filebeat/examples/default/README.md @@ -0,0 +1,27 @@ +# Default + +This example deploy Filebeat 7.12.0-SNAPSHOT using [default values][]. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Filebeat chart with the default values: `make install` + +* You can now setup a port forward to query Filebeat indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/default/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/filebeat/examples/default/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/7.12/filebeat/values.yaml diff --git a/filebeat/examples/default/test/goss.yaml b/filebeat/examples/default/test/goss.yaml index cdcd95c55..65320f0c5 100644 --- a/filebeat/examples/default/test/goss.yaml +++ b/filebeat/examples/default/test/goss.yaml @@ -29,7 +29,7 @@ http: status: 200 timeout: 2000 body: - - 'filebeat-7.6.2' + - 'filebeat-7.12.0' file: /usr/share/filebeat/filebeat.yml: @@ -44,4 +44,4 @@ command: exit-status: 0 stdout: - 'elasticsearch: http://elasticsearch-master:9200' - - 'version: 7.6.2' + - 'version: 7.12.0' diff --git a/filebeat/examples/deployment/Makefile b/filebeat/examples/deployment/Makefile new file mode 100644 index 000000000..0bc285379 --- /dev/null +++ b/filebeat/examples/deployment/Makefile @@ -0,0 +1,13 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-filebeat-deployment + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/filebeat/examples/deployment/README.md b/filebeat/examples/deployment/README.md new file mode 100644 index 000000000..0dd03896b --- /dev/null +++ b/filebeat/examples/deployment/README.md @@ -0,0 +1,27 @@ +# Default + +This example deploy Filebeat 7.12.0-SNAPSHOT using [default values][] as a Kubernetes Deployment. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Filebeat chart with the default values: `make install` + +* You can now setup a port forward to query Filebeat indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/default/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/filebeat/examples/deployment/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/master/filebeat/values.yaml diff --git a/filebeat/examples/deployment/test/goss.yaml b/filebeat/examples/deployment/test/goss.yaml new file mode 100644 index 000000000..1ff96cce8 --- /dev/null +++ b/filebeat/examples/deployment/test/goss.yaml @@ -0,0 +1,6 @@ +http: + http://elasticsearch-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - 'filebeat-7.12.0' diff --git a/filebeat/examples/deployment/values.yaml b/filebeat/examples/deployment/values.yaml new file mode 100644 index 000000000..bf1cf06c1 --- /dev/null +++ b/filebeat/examples/deployment/values.yaml @@ -0,0 +1,16 @@ +deployment: + enabled: true + +daemonset: + enabled: false + +filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: log + paths: + - /usr/share/filebeat/logs/filebeat + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' \ No newline at end of file diff --git a/filebeat/examples/oss/Makefile b/filebeat/examples/oss/Makefile index e6b665412..3caa17af1 100644 --- a/filebeat/examples/oss/Makefile +++ b/filebeat/examples/oss/Makefile @@ -5,9 +5,9 @@ include ../../../helpers/examples.mk RELEASE := helm-filebeat-oss install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values values.yaml ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/filebeat/examples/oss/README.md b/filebeat/examples/oss/README.md new file mode 100644 index 000000000..fd69456e6 --- /dev/null +++ b/filebeat/examples/oss/README.md @@ -0,0 +1,27 @@ +# OSS + +This example deploy Filebeat 7.12.0-SNAPSHOT using [Filebeat OSS][] version. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Filebeat chart with the default values: `make install` + +* You can now setup a port forward to query Filebeat indices: + + ``` + kubectl port-forward svc/oss-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[filebeat oss]: https://www.elastic.co/downloads/beats/filebeat-oss +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/oss/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/filebeat/examples/oss/test/goss.yaml diff --git a/filebeat/examples/oss/test/goss.yaml b/filebeat/examples/oss/test/goss.yaml index eb677e9f4..ed6cb82cc 100644 --- a/filebeat/examples/oss/test/goss.yaml +++ b/filebeat/examples/oss/test/goss.yaml @@ -15,8 +15,8 @@ user: gid: 1000 http: - http://oss-master:9200/_cat/indices: + http://elasticsearch-master:9200/_cat/indices: status: 200 timeout: 2000 body: - - 'filebeat-7.6.2' + - "filebeat-oss-7.12.0" diff --git a/filebeat/examples/oss/values.yaml b/filebeat/examples/oss/values.yaml index 0b9a414f7..7f713fede 100644 --- a/filebeat/examples/oss/values.yaml +++ b/filebeat/examples/oss/values.yaml @@ -1,5 +1,22 @@ image: docker.elastic.co/beats/filebeat-oss -extraEnvs: - - name: ELASTICSEARCH_HOSTS - value: oss-master:9200 +daemonset: + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + output.elasticsearch: + host: '${NODE_NAME}' + hosts: "elasticsearch-master:9200" + index: "filebeat-oss-%{[agent.version]}-%{+yyyy.MM.dd}" + setup.ilm.enabled: false + setup.template.name: "filebeat" + setup.template.pattern: "filebeat-oss-*" diff --git a/filebeat/examples/security/Makefile b/filebeat/examples/security/Makefile index 6d79d4231..7bec9abec 100644 --- a/filebeat/examples/security/Makefile +++ b/filebeat/examples/security/Makefile @@ -5,9 +5,9 @@ include ../../../helpers/examples.mk RELEASE := helm-filebeat-security install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values values.yaml ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/filebeat/examples/security/README.md b/filebeat/examples/security/README.md new file mode 100644 index 000000000..2897baf97 --- /dev/null +++ b/filebeat/examples/security/README.md @@ -0,0 +1,28 @@ +# Security + +This example deploy Filebeat 7.12.0-SNAPSHOT using authentication and TLS to connect to +Elasticsearch (see [values][]). + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Filebeat chart with security: `make install` + +* You can now setup a port forward to query Filebeat indices: + + ``` + kubectl port-forward svc/security-master 9200 + curl -u elastic:changeme https://localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/security/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/filebeat/examples/security/test/goss.yaml +[values]: https://github.com/elastic/helm-charts/tree/7.12/filebeat/examples/security/values.yaml diff --git a/filebeat/examples/security/test/goss.yaml b/filebeat/examples/security/test/goss.yaml index 8aa202587..145ae2be0 100644 --- a/filebeat/examples/security/test/goss.yaml +++ b/filebeat/examples/security/test/goss.yaml @@ -3,7 +3,7 @@ http: status: 200 timeout: 2000 body: - - 'filebeat-7.6.2' + - "filebeat-7.12.0" allow-insecure: true username: '{{ .Env.ELASTICSEARCH_USERNAME }}' password: '{{ .Env.ELASTICSEARCH_PASSWORD }}' diff --git a/filebeat/examples/security/values.yaml b/filebeat/examples/security/values.yaml index bedb79643..606961fa8 100644 --- a/filebeat/examples/security/values.yaml +++ b/filebeat/examples/security/values.yaml @@ -1,12 +1,15 @@ filebeatConfig: filebeat.yml: | filebeat.inputs: - - type: docker - containers.ids: - - '*' + - type: container + paths: + - /var/log/containers/*.log processors: - - add_kubernetes_metadata: - in_cluster: true + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" output.elasticsearch: username: '${ELASTICSEARCH_USERNAME}' diff --git a/filebeat/examples/upgrade/Makefile b/filebeat/examples/upgrade/Makefile new file mode 100644 index 000000000..054b53c23 --- /dev/null +++ b/filebeat/examples/upgrade/Makefile @@ -0,0 +1,16 @@ +default: test + +include ../../../helpers/examples.mk + +CHART := filebeat +RELEASE := helm-filebeat-upgrade +FROM := 7.9.0 # registry file version 1 not supported error with previous version + +install: + ../../../helpers/upgrade.sh --chart $(CHART) --release $(RELEASE) --from $(FROM) + kubectl rollout status daemonset $(RELEASE)-filebeat + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/filebeat/examples/upgrade/README.md b/filebeat/examples/upgrade/README.md new file mode 100644 index 000000000..fa3ee3b85 --- /dev/null +++ b/filebeat/examples/upgrade/README.md @@ -0,0 +1,21 @@ +# Upgrade + +This example will deploy Filebeat chart using an old chart version, +then upgrade it. + + +## Usage + +* Add the Elastic Helm charts repo: `helm repo add elastic https://helm.elastic.co` + +* Deploy [Elasticsearch Helm chart][]: `helm install elasticsearch elastic/elasticsearch` + +* Deploy and upgrade Filebeat chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test`. + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/filebeat/examples/upgrade/test/goss.yaml diff --git a/filebeat/examples/upgrade/test/goss.yaml b/filebeat/examples/upgrade/test/goss.yaml new file mode 100644 index 000000000..85b6ceb53 --- /dev/null +++ b/filebeat/examples/upgrade/test/goss.yaml @@ -0,0 +1,45 @@ +port: + tcp:5066: + listening: true + ip: + - "127.0.0.1" + +mount: + /usr/share/filebeat/data: + exists: true + /run/docker.sock: + exists: true + /var/lib/docker/containers: + exists: true + opts: + - ro + /usr/share/filebeat/filebeat.yml: + exists: true + opts: + - ro + +user: + filebeat: + exists: true + uid: 1000 + gid: 1000 + +http: + http://upgrade-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - "filebeat-7.12.0" + +file: + /usr/share/filebeat/filebeat.yml: + exists: true + contains: + - "add_kubernetes_metadata" + - "output.elasticsearch" + +command: + cd /usr/share/filebeat && filebeat test output: + exit-status: 0 + stdout: + - "elasticsearch: http://upgrade-master:9200" diff --git a/filebeat/examples/upgrade/values.yaml b/filebeat/examples/upgrade/values.yaml new file mode 100644 index 000000000..8b230601e --- /dev/null +++ b/filebeat/examples/upgrade/values.yaml @@ -0,0 +1,4 @@ +--- +extraEnvs: + - name: ELASTICSEARCH_HOSTS + value: upgrade-master:9200 diff --git a/filebeat/templates/clusterrole.yaml b/filebeat/templates/clusterrole.yaml index 8bec82cd1..754dfd578 100644 --- a/filebeat/templates/clusterrole.yaml +++ b/filebeat/templates/clusterrole.yaml @@ -1,5 +1,5 @@ {{- if .Values.managedServiceAccount }} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ template "filebeat.serviceAccount" . }}-cluster-role @@ -8,14 +8,5 @@ metadata: chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} -rules: -- apiGroups: - - "" - resources: - - namespaces - - pods - verbs: - - get - - list - - watch +rules: {{ toYaml .Values.clusterRoleRules | nindent 2 -}} {{- end -}} diff --git a/filebeat/templates/clusterrolebinding.yaml b/filebeat/templates/clusterrolebinding.yaml index 45436b76b..887775c2c 100644 --- a/filebeat/templates/clusterrolebinding.yaml +++ b/filebeat/templates/clusterrolebinding.yaml @@ -1,5 +1,5 @@ {{- if .Values.managedServiceAccount }} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "filebeat.serviceAccount" . }}-cluster-role-binding diff --git a/filebeat/templates/configmap.yaml b/filebeat/templates/configmap.yaml index 32df8d87c..559abe1ed 100644 --- a/filebeat/templates/configmap.yaml +++ b/filebeat/templates/configmap.yaml @@ -15,3 +15,39 @@ data: {{ $config | indent 4 -}} {{- end -}} {{- end -}} + +{{- if and .Values.daemonset.enabled .Values.daemonset.filebeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "filebeat.fullname" . }}-daemonset-config + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.daemonset.filebeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} + +{{- if and .Values.deployment.enabled .Values.deployment.filebeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "filebeat.fullname" . }}-deployment-config + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.deployment.filebeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml index 5c0063f67..4ced62407 100644 --- a/filebeat/templates/daemonset.yaml +++ b/filebeat/templates/daemonset.yaml @@ -1,3 +1,4 @@ +{{- if .Values.daemonset.enabled }} --- apiVersion: apps/v1 kind: DaemonSet @@ -8,15 +9,31 @@ metadata: chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} + {{- if .Values.daemonset.labels }} + {{- range $key, $value := .Values.daemonset.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} {{- range $key, $value := .Values.labels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- end }} + {{- if .Values.daemonset.annotations }} + annotations: + {{- range $key, $value := .Values.daemonset.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: selector: matchLabels: app: "{{ template "filebeat.fullname" . }}" release: {{ .Release.Name | quote }} updateStrategy: + {{- if eq .Values.updateStrategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.daemonset.maxUnavailable }} + {{- end }} type: {{ .Values.updateStrategy }} template: metadata: @@ -25,7 +42,7 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} {{/* This forces a restart if the configmap has changed */}} - {{- if .Values.filebeatConfig }} + {{- if or .Values.filebeatConfig .Values.daemonset.filebeatConfig }} configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} {{- end }} name: "{{ template "filebeat.fullname" . }}" @@ -34,30 +51,36 @@ spec: chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} + {{- if .Values.daemonset.labels }} + {{- range $key, $value := .Values.daemonset.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} {{- range $key, $value := .Values.labels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- end }} spec: - {{- with .Values.tolerations }} - tolerations: {{ toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} + tolerations: {{ toYaml ( .Values.tolerations | default .Values.daemonset.tolerations ) | nindent 8 }} + nodeSelector: {{ toYaml ( .Values.nodeSelector | default .Values.daemonset.nodeSelector ) | nindent 8 }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} - {{- with .Values.affinity }} - affinity: {{ toYaml . | nindent 8 -}} - {{- end }} + affinity: {{ toYaml ( .Values.affinity | default .Values.daemonset.affinity ) | nindent 8 }} serviceAccountName: {{ template "filebeat.serviceAccount" . }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- if .Values.hostNetworking }} + {{- if .Values.daemonset.hostNetworking }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: {{ toYaml .Values.dnsConfig | nindent 8 }} + {{- end }} + {{- if .Values.hostAliases | default .Values.daemonset.hostAliases }} + hostAliases: {{ toYaml ( .Values.hostAliases | default .Values.daemonset.hostAliases ) | nindent 8 }} + {{- end }} volumes: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} - name: {{ .name }} secret: secretName: {{ .secretName }} @@ -67,6 +90,11 @@ spec: configMap: defaultMode: 0600 name: {{ template "filebeat.fullname" . }}-config + {{- else if .Values.daemonset.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-daemonset-config {{- end }} - name: data hostPath: @@ -75,11 +103,14 @@ spec: - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers + - name: varlog + hostPath: + path: /var/log - name: varrundockersock hostPath: path: /var/run/docker.sock - {{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6 }} + {{- if .Values.extraVolumes | default .Values.daemonset.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.daemonset.extraVolumes ) | indent 6 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -112,7 +143,7 @@ spec: readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} resources: -{{ toYaml .Values.resources | indent 10 }} +{{ toYaml ( .Values.resources | default .Values.daemonset.resources ) | indent 10 }} env: - name: POD_NAMESPACE valueFrom: @@ -122,19 +153,13 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName -{{- if .Values.extraEnvs }} -{{ toYaml .Values.extraEnvs | indent 8 }} -{{- end }} -{{- if .Values.envFrom }} - envFrom: -{{ toYaml .Values.envFrom | indent 10 }} -{{- end }} -{{- if .Values.podSecurityContext }} - securityContext: -{{ toYaml .Values.podSecurityContext | indent 10 }} +{{- if .Values.extraEnvs | default .Values.daemonset.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.daemonset.extraEnvs ) | indent 8 }} {{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.daemonset.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.daemonset.securityContext ) | nindent 10 }} volumeMounts: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} - name: {{ .name }} mountPath: {{ .path }} {{- if .subPath }} @@ -142,24 +167,35 @@ spec: {{- end }} {{- end }} {{- range $path, $config := .Values.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{ else }} + {{- range $path, $config := .Values.daemonset.filebeatConfig }} - name: filebeat-config mountPath: /usr/share/filebeat/{{ $path }} readOnly: true subPath: {{ $path }} {{- end }} + {{- end }} - name: data mountPath: /usr/share/filebeat/data - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true + - name: varlog + mountPath: /var/log + readOnly: true # Necessary when using autodiscovery; avoid mounting it otherwise - # See: https://www.elastic.co/guide/en/beats/filebeat/master/configuration-autodiscover.html + # See: https://www.elastic.co/guide/en/beats/filebeat/7.12/configuration-autodiscover.html - name: varrundockersock mountPath: /var/run/docker.sock readOnly: true - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} + {{- if .Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts }} +{{ toYaml (.Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts ) | indent 8 }} {{- end }} {{- if .Values.extraContainers }} {{ tpl .Values.extraContainers . | indent 6 }} {{- end }} +{{- end }} diff --git a/filebeat/templates/deployment.yaml b/filebeat/templates/deployment.yaml new file mode 100644 index 000000000..a8fd82649 --- /dev/null +++ b/filebeat/templates/deployment.yaml @@ -0,0 +1,157 @@ +# Deploy singleton instance in the whole cluster for some unique data sources, like aws input +{{- if .Values.deployment.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "filebeat.fullname" . }} + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: '{{ .Release.Service }}' + release: {{ .Release.Name }} + {{- if .Values.deployment.labels }} + {{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .Values.deployment.annotations }} + annotations: + {{- range $key, $value := .Values.deployment.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: "{{ template "filebeat.fullname" . }}" + release: {{ .Release.Name | quote }} + template: + metadata: + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{/* This forces a restart if the configmap has changed */}} + {{- if or .Values.filebeatConfig .Values.deployment.filebeatConfig }} + configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} + {{- end }} + labels: + app: '{{ template "filebeat.fullname" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version }}' + release: '{{ .Release.Name }}' + {{- if .Values.deployment.labels }} + {{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }} + nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} + tolerations: {{ toYaml ( .Values.tolerations | default .Values.deployment.tolerations ) | nindent 8 }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + serviceAccountName: {{ template "filebeat.serviceAccount" . }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- if .Values.deployment.hostAliases }} + hostAliases: {{ toYaml .Values.deployment.hostAliases | nindent 8 }} + {{- end }} + volumes: + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- if .Values.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-config + {{- else if .Values.deployment.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-deployment-config + {{- end }} + {{- if .Values.extraVolumes | default .Values.deployment.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.deployment.extraVolumes ) | indent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.extraInitContainers }} + initContainers: + # All the other beats accept a string here while + # filebeat accepts a valid yaml array. We're keeping + # this as a backwards compatible change, while adding + # also a way to pass a string as other templates to + # make these implementations consistent. + # https://github.com/elastic/helm-charts/issues/490 + {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} +{{ tpl .Values.extraInitContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraInitContainers | indent 6 }} + {{- end }} + {{- end }} + containers: + - name: "filebeat" + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + args: + - "-e" + - "-E" + - "http.enabled=true" + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + resources: {{ toYaml ( .Values.resources | default .Values.deployment.resources ) | nindent 10 }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- if .Values.extraEnvs | default .Values.deployment.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.deployment.extraEnvs ) | indent 8 }} +{{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.deployment.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.deployment.securityContext ) | nindent 10 }} + volumeMounts: + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range $path, $config := .Values.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{ else }} + {{- range $path, $config := .Values.deployment.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{- end }} + {{- end }} + {{- if .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts }} +{{ toYaml ( .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts ) | indent 8 }} + {{- end }} + {{- if .Values.extraContainers }} +{{ tpl .Values.extraContainers . | indent 6 }} + {{- end }} +{{- end }} diff --git a/filebeat/templates/serviceaccount.yaml b/filebeat/templates/serviceaccount.yaml index f398a58a9..8c0fcc60c 100644 --- a/filebeat/templates/serviceaccount.yaml +++ b/filebeat/templates/serviceaccount.yaml @@ -3,6 +3,10 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "filebeat.serviceAccount" . }} + annotations: + {{- with .Values.serviceAccountAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} labels: app: "{{ template "filebeat.fullname" . }}" chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" diff --git a/filebeat/tests/filebeat_test.py b/filebeat/tests/filebeat_test.py index a3eaff7c4..0a1c100dc 100644 --- a/filebeat/tests/filebeat_test.py +++ b/filebeat/tests/filebeat_test.py @@ -15,6 +15,7 @@ def test_defaults(): r = helm_template(config) assert name in r["daemonset"] + assert "deployment" not in r c = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0] assert c["name"] == project @@ -27,87 +28,297 @@ def test_defaults(): assert "filebeat test output" in c["readinessProbe"]["exec"]["command"][-1] + assert r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"] == [] + + assert "hostNetwork" not in r["daemonset"][name]["spec"]["template"]["spec"] + assert "dnsPolicy" not in r["daemonset"][name]["spec"]["template"]["spec"] + + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 0 + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + # Empty customizable defaults assert "imagePullSecrets" not in r["daemonset"][name]["spec"]["template"]["spec"] - assert "tolerations" not in r["daemonset"][name]["spec"]["template"]["spec"] assert r["daemonset"][name]["spec"]["updateStrategy"]["type"] == "RollingUpdate" + assert ( + r["daemonset"][name]["spec"]["updateStrategy"]["rollingUpdate"][ + "maxUnavailable" + ] + == 1 + ) + assert ( r["daemonset"][name]["spec"]["template"]["spec"]["serviceAccountName"] == name ) - volumes = r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + cfg = r["configmap"] + + assert name + "-config" not in cfg + assert name + "-daemonset-config" in cfg + + assert "filebeat.yml" in cfg[name + "-daemonset-config"]["data"] + + daemonset = r["daemonset"][name]["spec"]["template"]["spec"] + + assert { + "configMap": {"name": name + "-config", "defaultMode": 0o600}, + "name": project + "-config", + } not in daemonset["volumes"] + assert { + "configMap": {"name": name + "-daemonset-config", "defaultMode": 0o600}, + "name": project + "-config", + } in daemonset["volumes"] + assert { "name": "data", "hostPath": { "path": "/var/lib/" + name + "-default-data", "type": "DirectoryOrCreate", }, - } in volumes + } in daemonset["volumes"] + assert { + "mountPath": "/usr/share/filebeat/filebeat.yml", + "name": project + "-config", + "subPath": "filebeat.yml", + "readOnly": True, + } in daemonset["containers"][0]["volumeMounts"] -def test_adding_envs(): + assert daemonset["containers"][0]["resources"] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } + + +def test_enable_deployment(): config = """ -extraEnvs: -- name: LOG_LEVEL - value: DEBUG -""" +deployment: + enabled: true + """ + r = helm_template(config) - envs = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["env"] - assert {"name": "LOG_LEVEL", "value": "DEBUG"} in envs + + assert name in r["deployment"] + + c = r["deployment"][name]["spec"]["template"]["spec"]["containers"][0] + assert c["name"] == project + assert c["image"].startswith("docker.elastic.co/beats/" + project + ":") + + assert c["env"][0]["name"] == "POD_NAMESPACE" + assert c["env"][0]["valueFrom"]["fieldRef"]["fieldPath"] == "metadata.namespace" + + assert "curl --fail 127.0.0.1:5066" in c["livenessProbe"]["exec"]["command"][-1] + + assert "filebeat test output" in c["readinessProbe"]["exec"]["command"][-1] + + assert r["deployment"][name]["spec"]["template"]["spec"]["tolerations"] == [] + + assert "hostNetwork" not in r["deployment"][name]["spec"]["template"]["spec"] + assert "dnsPolicy" not in r["deployment"][name]["spec"]["template"]["spec"] + + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 0 + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + + # Empty customizable defaults + assert "imagePullSecrets" not in r["deployment"][name]["spec"]["template"]["spec"] + + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["serviceAccountName"] == name + ) + + cfg = r["configmap"] + + assert name + "-config" not in cfg + assert name + "-deployment-config" in cfg + + assert "filebeat.yml" in cfg[name + "-deployment-config"]["data"] + + deployment = r["deployment"][name]["spec"]["template"]["spec"] + + assert { + "configMap": {"name": name + "-config", "defaultMode": 0o600}, + "name": project + "-config", + } not in deployment["volumes"] + assert { + "configMap": {"name": name + "-deployment-config", "defaultMode": 0o600}, + "name": project + "-config", + } in deployment["volumes"] + + assert { + "mountPath": "/usr/share/filebeat/filebeat.yml", + "name": project + "-config", + "subPath": "filebeat.yml", + "readOnly": True, + } in deployment["containers"][0]["volumeMounts"] + + assert deployment["containers"][0]["resources"] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } def test_adding_a_extra_container(): config = """ +deployment: + enabled: true extraContainers: | - name: do-something image: busybox command: ['do', 'something'] """ r = helm_template(config) - extraContainer = r["daemonset"][name]["spec"]["template"]["spec"]["containers"] + extraContainerDaemonset = r["daemonset"][name]["spec"]["template"]["spec"][ + "containers" + ] assert { "name": "do-something", "image": "busybox", "command": ["do", "something"], - } in extraContainer + } in extraContainerDaemonset + deployment_name = name + extraContainerDeployment = r["deployment"][deployment_name]["spec"]["template"][ + "spec" + ]["containers"] + assert { + "name": "do-something", + "image": "busybox", + "command": ["do", "something"], + } in extraContainerDeployment def test_adding_init_containers_as_yaml(): config = """ +deployment: + enabled: true extraInitContainers: - name: dummy-init image: busybox command: ['echo', 'hey'] """ r = helm_template(config) - initContainers = r["daemonset"][name]["spec"]["template"]["spec"]["initContainers"] + initContainersDaemonset = r["daemonset"][name]["spec"]["template"]["spec"][ + "initContainers" + ] assert { "name": "dummy-init", "image": "busybox", "command": ["echo", "hey"], - } in initContainers + } in initContainersDaemonset + deployment_name = name + initContainersDeployment = r["deployment"][deployment_name]["spec"]["template"][ + "spec" + ]["initContainers"] + assert { + "name": "dummy-init", + "image": "busybox", + "command": ["echo", "hey"], + } in initContainersDeployment -def test_adding_init_containers(): +def test_adding_a_extra_init_container(): config = """ +deployment: + enabled: true extraInitContainers: | - - name: dummy-init + - name: do-something image: busybox - command: ['echo', 'hey'] + command: ['do', 'something'] """ r = helm_template(config) - initContainers = r["daemonset"][name]["spec"]["template"]["spec"]["initContainers"] + extraInitContainerDaemonset = r["daemonset"][name]["spec"]["template"]["spec"][ + "initContainers" + ] assert { - "name": "dummy-init", + "name": "do-something", "image": "busybox", - "command": ["echo", "hey"], - } in initContainers + "command": ["do", "something"], + } in extraInitContainerDaemonset + deployment_name = name + extraInitContainerDeployment = r["deployment"][deployment_name]["spec"]["template"][ + "spec" + ]["initContainers"] + assert { + "name": "do-something", + "image": "busybox", + "command": ["do", "something"], + } in extraInitContainerDeployment + + +def test_adding_envs(): + config = """ +deployment: + enabled: true +daemonset: + extraEnvs: + - name: LOG_LEVEL + value: DEBUG +""" + r = helm_template(config) + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + assert {"name": "LOG_LEVEL", "value": "DEBUG"} not in r["deployment"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + + config = """ +deployment: + enabled: true + extraEnvs: + - name: LOG_LEVEL + value: DEBUG +""" + r = helm_template(config) + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["deployment"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + assert {"name": "LOG_LEVEL", "value": "DEBUG"} not in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + + +def test_adding_deprecated_envs(): + config = """ +deployment: + enabled: true +extraEnvs: +- name: LOG_LEVEL + value: DEBUG +""" + r = helm_template(config) + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["deployment"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] def test_adding_image_pull_secrets(): config = """ +deployment: + enabled: true imagePullSecrets: - name: test-registry """ @@ -116,10 +327,70 @@ def test_adding_image_pull_secrets(): r["daemonset"][name]["spec"]["template"]["spec"]["imagePullSecrets"][0]["name"] == "test-registry" ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["imagePullSecrets"][0]["name"] + == "test-registry" + ) + + +def test_adding_host_networking(): + config = """ +deployment: + enabled: true +daemonset: + hostNetworking: true +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["hostNetwork"] is True + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["dnsPolicy"] + == "ClusterFirstWithHostNet" + ) + assert "hostNetwork" not in r["deployment"][name]["spec"]["template"]["spec"] + assert "dnsPolicy" not in r["deployment"][name]["spec"]["template"]["spec"] def test_adding_tolerations(): config = """ +deployment: + enabled: true +daemonset: + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoExecute" + tolerationSeconds: 3600 +""" + r = helm_template(config) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"][0]["key"] + == "key1" + ) + assert r["deployment"][name]["spec"]["template"]["spec"]["tolerations"] == [] + + config = """ +deployment: + enabled: true + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoExecute" + tolerationSeconds: 3600 +""" + r = helm_template(config) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["tolerations"][0]["key"] + == "key1" + ) + assert r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"] == [] + + +def test_adding_deprecated_tolerations(): + config = """ +deployment: + enabled: true tolerations: - key: "key1" operator: "Equal" @@ -132,32 +403,39 @@ def test_adding_tolerations(): r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"][0]["key"] == "key1" ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["tolerations"][0]["key"] + == "key1" + ) def test_override_the_default_update_strategy(): config = """ -updateStrategy: OnDelete + daemonset: + maxUnavailable: 2 """ r = helm_template(config) - assert r["daemonset"][name]["spec"]["updateStrategy"]["type"] == "OnDelete" - + assert r["daemonset"][name]["spec"]["updateStrategy"]["type"] == "RollingUpdate" + assert ( + r["daemonset"][name]["spec"]["updateStrategy"]["rollingUpdate"][ + "maxUnavailable" + ] + == 2 + ) -def test_host_networking(): - config = """ -hostNetworking: true -""" - r = helm_template(config) - assert r["daemonset"][name]["spec"]["template"]["spec"]["hostNetwork"] is True config = """ -hostNetworking: false + updateStrategy: OnDelete """ + r = helm_template(config) - assert "hostNetwork" not in r["daemonset"][name]["spec"]["template"]["spec"] + assert r["daemonset"][name]["spec"]["updateStrategy"]["type"] == "OnDelete" def test_setting_a_custom_service_account(): config = """ +deployment: + enabled: true serviceAccount: notdefault """ r = helm_template(config) @@ -165,6 +443,10 @@ def test_setting_a_custom_service_account(): r["daemonset"][name]["spec"]["template"]["spec"]["serviceAccountName"] == "notdefault" ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["serviceAccountName"] + == "notdefault" + ) def test_self_managing_rbac_resources(): @@ -179,84 +461,395 @@ def test_self_managing_rbac_resources(): def test_setting_pod_security_context(): config = """ +deployment: + enabled: true +daemonset: + securityContext: + runAsUser: 1001 + privileged: false +""" + r = helm_template(config) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 0 + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + + config = """ +deployment: + enabled: true + securityContext: + runAsUser: 1001 + privileged: false +""" + r = helm_template(config) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 0 + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + + +def test_setting_deprecated_pod_security_context(): + config = """ +deployment: + enabled: true podSecurityContext: runAsUser: 1001 privileged: false """ r = helm_template(config) - c = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0] - assert c["securityContext"]["runAsUser"] == 1001 - assert c["securityContext"]["privileged"] == False + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) def test_adding_in_filebeat_config(): config = """ +daemonset: + filebeatConfig: + filebeat.yml: | + key: daemonset + daemonset-config.yml: | + hello = daemonset + +deployment: + enabled: true + filebeatConfig: + filebeat.yml: | + key: deployment + deployment-config.yml: | + hello = deployment +""" + r = helm_template(config) + cfg = r["configmap"] + + assert "filebeat.yml" in cfg[name + "-daemonset-config"]["data"] + assert "daemonset-config.yml" in cfg[name + "-daemonset-config"]["data"] + assert "deployment-config.yml" not in cfg[name + "-daemonset-config"]["data"] + assert "filebeat.yml" in cfg[name + "-deployment-config"]["data"] + assert "deployment-config.yml" in cfg[name + "-deployment-config"]["data"] + assert "daemonset-config.yml" not in cfg[name + "-deployment-config"]["data"] + + assert "key: daemonset" in cfg[name + "-daemonset-config"]["data"]["filebeat.yml"] + assert "key: deployment" in cfg[name + "-deployment-config"]["data"]["filebeat.yml"] + + assert ( + "hello = daemonset" + in cfg[name + "-daemonset-config"]["data"]["daemonset-config.yml"] + ) + assert ( + "hello = deployment" + in cfg[name + "-deployment-config"]["data"]["deployment-config.yml"] + ) + + daemonset = r["daemonset"][name]["spec"]["template"]["spec"] + assert { + "mountPath": "/usr/share/filebeat/daemonset-config.yml", + "name": project + "-config", + "subPath": "daemonset-config.yml", + "readOnly": True, + } in daemonset["containers"][0]["volumeMounts"] + + deployment = r["deployment"][name]["spec"]["template"]["spec"] + assert { + "mountPath": "/usr/share/filebeat/deployment-config.yml", + "name": project + "-config", + "subPath": "deployment-config.yml", + "readOnly": True, + } in deployment["containers"][0]["volumeMounts"] + + +def test_adding_in_deprecated_filebeat_config(): + config = """ +deployment: + enabled: true filebeatConfig: filebeat.yml: | key: nestedkey: value dot.notation: test - - other-config.yml: | - hello = world """ r = helm_template(config) c = r["configmap"][name + "-config"]["data"] assert "filebeat.yml" in c - assert "other-config.yml" in c assert "nestedkey: value" in c["filebeat.yml"] assert "dot.notation: test" in c["filebeat.yml"] - assert "hello = world" in c["other-config.yml"] - - d = r["daemonset"][name]["spec"]["template"]["spec"] + daemonset = r["daemonset"][name]["spec"]["template"]["spec"] assert { "configMap": {"name": name + "-config", "defaultMode": 0o600}, "name": project + "-config", - } in d["volumes"] + } in daemonset["volumes"] assert { "mountPath": "/usr/share/filebeat/filebeat.yml", "name": project + "-config", "subPath": "filebeat.yml", "readOnly": True, - } in d["containers"][0]["volumeMounts"] + } in daemonset["containers"][0]["volumeMounts"] + + assert ( + "configChecksum" + in r["daemonset"][name]["spec"]["template"]["metadata"]["annotations"] + ) + + deployment = r["deployment"][name]["spec"]["template"]["spec"] + + assert { + "configMap": {"name": name + "-config", "defaultMode": 0o600}, + "name": project + "-config", + } in deployment["volumes"] assert { - "mountPath": "/usr/share/filebeat/other-config.yml", + "mountPath": "/usr/share/filebeat/filebeat.yml", "name": project + "-config", - "subPath": "other-config.yml", + "subPath": "filebeat.yml", "readOnly": True, - } in d["containers"][0]["volumeMounts"] + } in deployment["containers"][0]["volumeMounts"] assert ( "configChecksum" - in r["daemonset"][name]["spec"]["template"]["metadata"]["annotations"] + in r["deployment"][name]["spec"]["template"]["metadata"]["annotations"] ) def test_adding_a_secret_mount(): config = """ +deployment: + enabled: true +daemonset: + secretMounts: + - name: elastic-certificates + secretName: elastic-certificates-name + path: /usr/share/filebeat/config/certs +""" + r = helm_template(config) + assert ( + { + "mountPath": "/usr/share/filebeat/config/certs", + "name": "elastic-certificates", + } + in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + + assert ( + { + "mountPath": "/usr/share/filebeat/config/certs", + "name": "elastic-certificates", + } + not in r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } not in r["deployment"][name]["spec"]["template"]["spec"]["volumes"] + + config = """ +deployment: + enabled: true + secretMounts: + - name: elastic-certificates + secretName: elastic-certificates-name + path: /usr/share/filebeat/config/certs +""" + r = helm_template(config) + assert ( + { + "mountPath": "/usr/share/filebeat/config/certs", + "name": "elastic-certificates", + } + in r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } in r["deployment"][name]["spec"]["template"]["spec"]["volumes"] + + assert ( + { + "mountPath": "/usr/share/filebeat/config/certs", + "name": "elastic-certificates", + } + not in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } not in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + + +def test_adding_a_deprecated_secret_mount(): + config = """ +deployment: + enabled: true secretMounts: - name: elastic-certificates - secretName: elastic-certs + secretName: elastic-certificates-name path: /usr/share/filebeat/config/certs """ r = helm_template(config) - s = r["daemonset"][name]["spec"]["template"]["spec"] - assert s["containers"][0]["volumeMounts"][0] == { + assert ( + { + "mountPath": "/usr/share/filebeat/config/certs", + "name": "elastic-certificates", + } + in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ][0] == { "mountPath": "/usr/share/filebeat/config/certs", "name": "elastic-certificates", } - assert s["volumes"][0] == { + assert r["deployment"][name]["spec"]["template"]["spec"]["volumes"][0] == { "name": "elastic-certificates", - "secret": {"secretName": "elastic-certs"}, + "secret": {"secretName": "elastic-certificates-name"}, } def test_adding_a_extra_volume_with_volume_mount(): config = """ +deployment: + enabled: true +daemonset: + extraVolumes: + - name: extras + emptyDir: {} + extraVolumeMounts: + - name: extras + mountPath: /usr/share/extras + readOnly: true +""" + r = helm_template(config) + assert {"name": "extras", "emptyDir": {}} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "daemonset" + ][name]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] + assert {"name": "extras", "emptyDir": {}} not in r["deployment"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert ( + {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} + not in r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + + config = """ +deployment: + enabled: true + extraVolumes: + - name: extras + emptyDir: {} + extraVolumeMounts: + - name: extras + mountPath: /usr/share/extras + readOnly: true +""" + r = helm_template(config) + assert {"name": "extras", "emptyDir": {}} in r["deployment"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "deployment" + ][name]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] + assert {"name": "extras", "emptyDir": {}} not in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert ( + {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} + not in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + + +def test_adding_a_deprecated_extra_volume_with_volume_mount(): + config = """ +deployment: + enabled: true extraVolumes: - name: extras emptyDir: {} @@ -266,38 +859,53 @@ def test_adding_a_extra_volume_with_volume_mount(): readOnly: true """ r = helm_template(config) - extraVolume = r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] - assert {"name": "extras", "emptyDir": {}} in extraVolume - extraVolumeMounts = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][ - 0 - ]["volumeMounts"] - assert { - "name": "extras", - "mountPath": "/usr/share/extras", - "readOnly": True, - } in extraVolumeMounts + assert {"name": "extras", "emptyDir": {}} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "daemonset" + ][name]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] + assert {"name": "extras", "emptyDir": {}} in r["deployment"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "deployment" + ][name]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] -def test_adding_pod_labels(): +def test_adding_a_node_selector(): config = """ -labels: - app.kubernetes.io/name: filebeat +deployment: + enabled: true +daemonset: + nodeSelector: + disktype: ssd """ r = helm_template(config) assert ( - r["daemonset"][name]["metadata"]["labels"]["app.kubernetes.io/name"] - == "filebeat" + r["daemonset"][name]["spec"]["template"]["spec"]["nodeSelector"]["disktype"] + == "ssd" ) + assert r["deployment"][name]["spec"]["template"]["spec"]["nodeSelector"] == {} + + config = """ +deployment: + enabled: true + nodeSelector: + disktype: ssd +""" + r = helm_template(config) assert ( - r["daemonset"][name]["spec"]["template"]["metadata"]["labels"][ - "app.kubernetes.io/name" - ] - == "filebeat" + r["deployment"][name]["spec"]["template"]["spec"]["nodeSelector"]["disktype"] + == "ssd" ) + assert r["daemonset"][name]["spec"]["template"]["spec"]["nodeSelector"] == {} -def test_adding_a_node_selector(): +def test_adding_deprecated_node_selector(): config = """ +deployment: + enabled: true nodeSelector: disktype: ssd """ @@ -306,10 +914,73 @@ def test_adding_a_node_selector(): r["daemonset"][name]["spec"]["template"]["spec"]["nodeSelector"]["disktype"] == "ssd" ) + assert ( + "disktype" + not in r["deployment"][name]["spec"]["template"]["spec"]["nodeSelector"] + ) def test_adding_an_affinity_rule(): config = """ +deployment: + enabled: true +daemonset: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - filebeat + topologyKey: kubernetes.io/hostname +""" + + r = helm_template(config) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["affinity"]["podAntiAffinity"][ + "requiredDuringSchedulingIgnoredDuringExecution" + ][0]["topologyKey"] + == "kubernetes.io/hostname" + ) + assert ( + "podAntiAffinity" + not in r["deployment"][name]["spec"]["template"]["spec"]["affinity"] + ) + + config = """ +deployment: + enabled: true + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - filebeat + topologyKey: kubernetes.io/hostname +""" + + r = helm_template(config) + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["affinity"][ + "podAntiAffinity" + ]["requiredDuringSchedulingIgnoredDuringExecution"][0]["topologyKey"] + == "kubernetes.io/hostname" + ) + assert ( + "podAntiAffinity" + not in r["daemonset"][name]["spec"]["template"]["spec"]["affinity"] + ) + + +def test_adding_deprecated_affinity_rule(): + config = """ +deployment: + enabled: true affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -329,41 +1000,273 @@ def test_adding_an_affinity_rule(): ][0]["topologyKey"] == "kubernetes.io/hostname" ) + assert r["deployment"][name]["spec"]["template"]["spec"]["affinity"] == {} def test_priority_class_name(): config = """ +deployment: + enabled: true priorityClassName: "" """ r = helm_template(config) - spec = r["daemonset"][name]["spec"]["template"]["spec"] - assert "priorityClassName" not in spec + daemonset_spec = r["daemonset"][name]["spec"]["template"]["spec"] + deployment_spec = r["deployment"][name]["spec"]["template"]["spec"] + assert "priorityClassName" not in daemonset_spec + assert "priorityClassName" not in deployment_spec config = """ +deployment: + enabled: true priorityClassName: "highest" """ r = helm_template(config) - priority_class_name = r["daemonset"][name]["spec"]["template"]["spec"][ + daemonset_priority_class_name = r["daemonset"][name]["spec"]["template"]["spec"][ + "priorityClassName" + ] + deployment_priority_class_name = r["deployment"][name]["spec"]["template"]["spec"][ "priorityClassName" ] - assert priority_class_name == "highest" + assert daemonset_priority_class_name == "highest" + assert deployment_priority_class_name == "highest" + + +def test_adding_deprecated_labels(): + config = """ +deployment: + enabled: true +labels: + app-test: filebeat +""" + r = helm_template(config) + assert r["daemonset"][name]["metadata"]["labels"]["app-test"] == "filebeat" + assert r["deployment"][name]["metadata"]["labels"]["app-test"] == "filebeat" + assert ( + r["daemonset"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "filebeat" + ) + assert ( + r["deployment"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "filebeat" + ) + + +def test_adding_daemonset_labels(): + config = """ +daemonset: + labels: + app-test: filebeat +""" + r = helm_template(config) + assert r["daemonset"][name]["metadata"]["labels"]["app-test"] == "filebeat" + assert ( + r["daemonset"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "filebeat" + ) + + +def test_adding_daemonset_labels_surpasses_root_labels(): + config = """ +labels: + app-test: root-filebeat +daemonset: + labels: + app-test: daemonset-filebeat +""" + r = helm_template(config) + assert ( + r["daemonset"][name]["metadata"]["labels"]["app-test"] == "daemonset-filebeat" + ) + assert ( + r["daemonset"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "daemonset-filebeat" + ) + + +def test_adding_deployment_labels(): + config = """ +deployment: + enabled: true + labels: + app-test: filebeat +""" + r = helm_template(config) + assert r["deployment"][name]["metadata"]["labels"]["app-test"] == "filebeat" + assert ( + r["deployment"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "filebeat" + ) + + +def test_adding_deployment_labels_surpasses_root_labels(): + config = """ +labels: + app-test: root-filebeat +deployment: + enabled: true + labels: + app-test: deployment-filebeat +""" + r = helm_template(config) + assert ( + r["deployment"][name]["metadata"]["labels"]["app-test"] == "deployment-filebeat" + ) + assert ( + r["deployment"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "deployment-filebeat" + ) + + +def test_adding_serviceaccount_annotations(): + config = """ +serviceAccountAnnotations: + eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount +""" + r = helm_template(config) + assert ( + r["serviceaccount"][name]["metadata"]["annotations"][ + "eks.amazonaws.com/role-arn" + ] + == "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount" + ) def test_adding_env_from(): config = """ +deployment: + enabled: true +daemonset: + envFrom: + - configMapRef: + name: configmap-name +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["envFrom"][ + 0 + ]["configMapRef"] == {"name": "configmap-name"} + assert ( + r["deployment"][name]["spec"]["template"]["spec"]["containers"][0]["envFrom"] + == [] + ) + + config = """ +deployment: + enabled: true + envFrom: + - configMapRef: + name: configmap-name +""" + r = helm_template(config) + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "envFrom" + ][0]["configMapRef"] == {"name": "configmap-name"} + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["envFrom"] + == [] + ) + + +def test_adding_deprecated_env_from(): + config = """ +deployment: + enabled: true envFrom: - configMapRef: name: configmap-name """ r = helm_template(config) - configMapRef = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["envFrom"][ + 0 + ]["configMapRef"] == {"name": "configmap-name"} + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ "envFrom" - ][0]["configMapRef"] - assert configMapRef == {"name": "configmap-name"} + ][0]["configMapRef"] == {"name": "configmap-name"} + + +def test_overriding_resources(): + config = """ +deployment: + enabled: true +daemonset: + resources: + limits: + cpu: "25m" + memory: "128Mi" + requests: + cpu: "25m" + memory: "128Mi" +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } + + config = """ +deployment: + enabled: true + resources: + limits: + cpu: "25m" + memory: "128Mi" + requests: + cpu: "25m" + memory: "128Mi" +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } + + +def test_adding_deprecated_resources(): + config = """ +deployment: + enabled: true +resources: + limits: + cpu: "25m" + memory: "128Mi" + requests: + cpu: "25m" + memory: "128Mi" +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } + assert r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } def test_setting_fullnameOverride(): config = """ +deployment: + enabled: true fullnameOverride: 'filebeat-custom' """ r = helm_template(config) @@ -386,3 +1289,84 @@ def test_setting_fullnameOverride(): "type": "DirectoryOrCreate", }, } in volumes + assert custom_name in r["deployment"] + assert ( + r["deployment"][custom_name]["spec"]["template"]["spec"]["containers"][0][ + "name" + ] + == project + ) + assert ( + r["deployment"][custom_name]["spec"]["template"]["spec"]["serviceAccountName"] + == name + ) + + +def test_adding_annotations(): + config = """ +deployment: + enabled: true +daemonset: + annotations: + foo: "bar" +""" + r = helm_template(config) + assert "foo" in r["daemonset"][name]["metadata"]["annotations"] + assert r["daemonset"][name]["metadata"]["annotations"]["foo"] == "bar" + assert "annotations" not in r["deployment"][name]["metadata"] + config = """ +deployment: + enabled: true + annotations: + grault: "waldo" +""" + r = helm_template(config) + assert "grault" in r["deployment"][name]["metadata"]["annotations"] + assert r["deployment"][name]["metadata"]["annotations"]["grault"] == "waldo" + assert "annotations" not in r["daemonset"][name]["metadata"] + + +def test_disable_daemonset(): + config = """ +deployment: + enabled: true +daemonset: + enabled: false +""" + r = helm_template(config) + cfg = r["configmap"] + + assert name not in r.get("daemonset", {}) + assert name + "-daemonset-config" not in cfg + assert name + "-deployment-config" in cfg + + +def test_hostaliases(): + config = """ +deployment: + enabled: true +daemonset: + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "foo.local" + - "bar.local" +""" + r = helm_template(config) + assert "hostAliases" not in r["deployment"][name]["spec"]["template"]["spec"] + hostAliases = r["daemonset"][name]["spec"]["template"]["spec"]["hostAliases"] + assert {"ip": "127.0.0.1", "hostnames": ["foo.local", "bar.local"]} in hostAliases + + config = """ +deployment: + enabled: true + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "foo.local" + - "bar.local" +""" + r = helm_template(config) + assert "hostAliases" not in r["daemonset"][name]["spec"]["template"]["spec"] + hostAliases = r["deployment"][name]["spec"]["template"]["spec"]["hostAliases"] + assert {"ip": "127.0.0.1", "hostnames": ["foo.local", "bar.local"]} in hostAliases diff --git a/filebeat/values.yaml b/filebeat/values.yaml index 6405b2c9c..bf266c581 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -1,34 +1,129 @@ --- -# Allows you to add any config files in /usr/share/filebeat -# such as filebeat.yml -filebeatConfig: - filebeat.yml: | - filebeat.inputs: - - type: docker - containers.ids: - - '*' - processors: - - add_kubernetes_metadata: ~ - - output.elasticsearch: - host: '${NODE_NAME}' - hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' - -# Extra environment variables to append to the DaemonSet pod spec. -# This will be appended to the current 'env:' key. You can use any of the kubernetes env -# syntax here -extraEnvs: [] -# - name: MY_ENVIRONMENT_VAR -# value: the_value_goes_here - -extraVolumeMounts: [] +daemonset: + # Annotations to apply to the daemonset + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the daemonset + enabled: true + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + hostNetworking: false + # Allows you to add any config files in /usr/share/filebeat + # such as filebeat.yml for daemonset + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + # Only used when updateStrategy is set to "RollingUpdate" + maxUnavailable: 1 + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + # Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly. + # + # - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. + # - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] + +deployment: + # Annotations to apply to the deployment + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the deployment + enabled: false + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + # Allows you to add any config files in /usr/share/filebeat + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] # - name: extras # mountPath: /usr/share/extras # readOnly: true - -extraVolumes: [] - # - name: extras - # emptyDir: {} + # such as filebeat.yml for deployment + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: tcp + max_message_size: 10MiB + host: "localhost:9000" + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + # + # - User that the container will execute as. + # Not necessary to run as root (0) as the Filebeat Deployment use cases do not need access to Kubernetes Node internals + # - Typically not necessarily unless running within environments such as OpenShift. + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] + +# Replicas being used for the filebeat deployment +replicas: 1 extraContainers: "" # - name: dummy-init @@ -37,18 +132,21 @@ extraContainers: "" extraInitContainers: [] # - name: dummy-init -# image: busybox -# command: ['echo', 'hey'] - -envFrom: [] -# - configMapRef: -# name: configmap-name # Root directory where Filebeat will write data to in order to persist registry data across pod restarts (file position and other metadata). hostPathRoot: /var/lib -hostNetworking: false + +dnsConfig: {} +# options: +# - name: ndots +# value: "2" +hostAliases: [] +#- ip: "127.0.0.1" +# hostnames: +# - "foo.local" +# - "bar.local" image: "docker.elastic.co/beats/filebeat" -imageTag: "7.6.2" +imageTag: "7.12.0-SNAPSHOT" imagePullPolicy: "IfNotPresent" imagePullSecrets: [] @@ -81,47 +179,31 @@ readinessProbe: # Whether this chart should self-manage its service account, role, and associated role binding. managedServiceAccount: true -# additionals labels -labels: {} +clusterRoleRules: +- apiGroups: + - "" + resources: + - namespaces + - nodes + - pods + verbs: + - get + - list + - watch podAnnotations: {} # iam.amazonaws.com/role: es-cluster -# Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly. -# -# - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. -# - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. -podSecurityContext: - runAsUser: 0 - privileged: false - -resources: - requests: - cpu: "100m" - memory: "100Mi" - limits: - cpu: "1000m" - memory: "200Mi" - # Custom service account override that the pod will use serviceAccount: "" -# A list of secrets and their paths to mount inside the pod -# This is useful for mounting certificates for security other sensitive values -secretMounts: [] -# - name: filebeat-certificates -# secretName: filebeat-certificates -# path: /usr/share/filebeat/certs +# Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set. +serviceAccountAnnotations: {} + + # eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount # How long to wait for Filebeat pods to stop gracefully terminationGracePeriod: 30 - -tolerations: [] - -nodeSelector: {} - -affinity: {} - # This is the PriorityClass settings as defined in # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" @@ -132,3 +214,19 @@ updateStrategy: RollingUpdate # Only edit these if you know what you're doing nameOverride: "" fullnameOverride: "" + +# DEPRECATED +affinity: {} +envFrom: [] +extraEnvs: [] +extraVolumes: [] +extraVolumeMounts: [] +# Allows you to add any config files in /usr/share/filebeat +# such as filebeat.yml for both daemonset and deployment +filebeatConfig: {} +nodeSelector: {} +podSecurityContext: {} +resources: {} +secretMounts: [] +tolerations: [] +labels: {} diff --git a/helpers/bumper.py b/helpers/bumper.py index bd30fc613..455da6517 100755 --- a/helpers/bumper.py +++ b/helpers/bumper.py @@ -20,14 +20,14 @@ os.chdir(os.path.join(os.path.dirname(__file__), "..")) versions = { - 6: os.environ.get("BUMPER_VERSION_6", "6.8.8"), - 7: os.environ.get("BUMPER_VERSION_7", "7.6.2"), + 7: os.environ.get("BUMPER_VERSION_7", "7.12.0-SNAPSHOT"), } chart_version = versions[7] file_patterns = [ "*/examples/*/*.y*ml", + "*/examples/*/README.md", "helpers/examples.mk", "*/README.md", "*/values.y*ml", @@ -39,12 +39,14 @@ # Anything matching this regex won't have version bumps changed # This was happening because strings like 127.0.0.1 match for 7.0.0 -blacklist = re.compile(r".*127.0.0.1.*") +# "7.0.0-alpha1" is also used in elasticsearch upgrade test and so shouldn't +# been bump +blacklist = re.compile(r".*127.0.0.1.*|.*7.0.0-alpha1.*") print("Updating versions...") for major, version in versions.iteritems(): - r = re.compile(r"{0}\.[0-9]*\.[0-9]*-?[0-9]?".format(major)) + r = re.compile(r"{0}\.[0-9]*\.[0-9]*-?(SNAPSHOT)?".format(major)) for pattern in file_patterns: for f in glob.glob(pattern): print(f) diff --git a/helpers/common.mk b/helpers/common.mk index d98b0c61f..f7debead3 100644 --- a/helpers/common.mk +++ b/helpers/common.mk @@ -13,18 +13,10 @@ build: ## Build helm-tester docker image .PHONY: deps deps: ## Update helm charts dependencies - sed --in-place '/charts\//d' ./.helmignore helm dependency update -.PHONY: helm -helm: ## Deploy helm on k8s cluster - kubectl get cs - kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default || true - helm init --wait --upgrade - .PHONY: lint lint: ## Lint helm templates - grep 'charts/' ./.helmignore || echo 'charts/' >> ./.helmignore helm lint --strict ./ .PHONY: lint-python @@ -44,4 +36,4 @@ test: build ## Run all tests in a docker container docker run --rm -i --user "$$(id -u):$$(id -g)" -v $$(pwd)/../:/app -w /app/$$(basename $$(pwd)) helm-tester make test-all .PHONY: test-all ## Run all tests -test-all: lint deps template pytest +test-all: deps lint template pytest diff --git a/helpers/examples.mk b/helpers/examples.mk index ce46f31ab..03b0e0ede 100644 --- a/helpers/examples.mk +++ b/helpers/examples.mk @@ -1,7 +1,8 @@ GOSS_VERSION := v0.3.6 GOSS_FILE ?= goss.yaml GOSS_SELECTOR ?= release=$(RELEASE) -STACK_VERSION := 7.6.2 +STACK_VERSION := 7.12.0-SNAPSHOT +TIMEOUT := 900s .PHONY: help help: ## Display this help @@ -9,8 +10,7 @@ help: ## Display this help .PHONY: goss goss: ## Run goss tests - GOSS_CONTAINER=$$(kubectl get --no-headers=true pods -l $(GOSS_SELECTOR) -o custom-columns=:metadata.name | sed -n 1p ) && \ + GOSS_CONTAINER=$$(kubectl get --no-headers=true pods -l $(GOSS_SELECTOR) -o custom-columns=:metadata.name --field-selector=status.phase=Running --sort-by=.metadata.creationTimestamp | tail -1 ) && \ echo Testing with pod: $$GOSS_CONTAINER && \ kubectl cp test/$(GOSS_FILE) $$GOSS_CONTAINER:/tmp/$(GOSS_FILE) && \ kubectl exec $$GOSS_CONTAINER -- sh -c "cd /tmp/ && curl -s -L https://github.com/aelsabbahy/goss/releases/download/$(GOSS_VERSION)/goss-linux-amd64 -o goss && chmod +rx ./goss && ./goss --gossfile $(GOSS_FILE) validate --retry-timeout 300s --sleep 5s --color --format documentation" - diff --git a/helpers/helm-tester/Dockerfile b/helpers/helm-tester/Dockerfile index d2e1b8e63..75c5fedba 100644 --- a/helpers/helm-tester/Dockerfile +++ b/helpers/helm-tester/Dockerfile @@ -1,13 +1,13 @@ FROM python:3.7 -ENV HELM_VERSION=2.16.5 +ENV HELM_VERSION=3.5.2 -RUN wget --no-verbose https://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz && \ +RUN wget --no-verbose https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz && \ tar xfv helm-v${HELM_VERSION}-linux-amd64.tar.gz && \ mv linux-amd64/helm /usr/local/bin/ && \ - rm -rf linux-amd64 && \ - HOME=/ helm init --client-only && \ - chmod 777 -R /.helm + mkdir --parents --mode=777 /.config/helm && \ + HOME=/ helm repo add stable https://charts.helm.sh/stable && \ + rm -rf helm-v${HELM_VERSION}-linux-amd64.tar.gz linux-amd64 COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt diff --git a/helpers/helpers.py b/helpers/helpers.py index 19349b1f9..4cc96756e 100644 --- a/helpers/helpers.py +++ b/helpers/helpers.py @@ -9,7 +9,7 @@ def helm_template(config): with tempfile.NamedTemporaryFile() as temp: with open(temp.name, "w") as values: values.write(config) - helm_cmd = "helm template -f {0} ./".format(temp.name) + helm_cmd = "helm template release-name -f {0} ./".format(temp.name) result = yaml.load_all(check_output(helm_cmd.split())) results = {} diff --git a/helpers/matrix.yml b/helpers/matrix.yml index 9adef0ddc..b1c44fab0 100644 --- a/helpers/matrix.yml +++ b/helpers/matrix.yml @@ -4,39 +4,40 @@ CHART: - filebeat - metricbeat - logstash + - apm-server ES_SUITE: - default - config - multi - - oss - security - upgrade - - 6.x KIBANA_SUITE: - default - - oss - security - - 6.x + - upgrade FILEBEAT_SUITE: - default + - deployment - oss - security - - 6.x + - upgrade METRICBEAT_SUITE: - default - oss - security - - 6.x + - upgrade LOGSTASH_SUITE: - default - oss - elasticsearch - - 6.x + - security + - upgrade APM_SERVER_SUITE: - default - oss - security - - 6.x + - upgrade KUBERNETES_VERSION: - - '1.14' - - '1.15' + - "1.15" + - "1.16" + - "1.17" diff --git a/helpers/terraform/Dockerfile b/helpers/terraform/Dockerfile index c415c5edc..2ae9670b8 100644 --- a/helpers/terraform/Dockerfile +++ b/helpers/terraform/Dockerfile @@ -2,9 +2,10 @@ FROM centos:7 ENV VAULT_VERSION 0.9.3 ENV TERRAFORM_VERSION=0.11.7 -ENV KUBECTL_VERSION=1.15.4 -ENV HELM_VERSION=2.16.5 +ENV KUBECTL_VERSION=1.16.10 +ENV HELM_VERSION=3.5.2 ENV DOCKER_VERSION=18.09.7 +ENV JQ_VERSION=1.6 RUN yum -y install \ make \ @@ -21,6 +22,7 @@ RUN yum -y install \ RUN curl -O https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip && \ unzip vault_${VAULT_VERSION}_linux_amd64.zip -d /usr/local/bin/ && \ chmod +x /usr/local/bin/vault && \ + rm -f vault_${VAULT_VERSION}_linux_amd64.zip && \ vault version RUN curl -O https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ @@ -33,14 +35,19 @@ RUN curl -O https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL chmod a+x /usr/local/bin/kubectl && \ kubectl version --client -RUN curl -O https://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz && \ +RUN curl -O https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz && \ tar xfv helm-v${HELM_VERSION}-linux-amd64.tar.gz && \ mv linux-amd64/helm /usr/local/bin/ && \ - rm -rf linux-amd64 && \ + rm -rf helm-v${HELM_VERSION}-linux-amd64.tar.gz linux-amd64 && \ helm version --client RUN curl -O https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz && \ tar xfv docker* && \ mv docker/docker /usr/local/bin && \ - rm -rf docker/ && \ - docker + rm -rf docker-${DOCKER_VERSION}.tgz docker/ && \ + docker -v + +RUN curl -O -L https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 && \ + mv jq-linux64 /usr/local/bin/jq && \ + chmod a+x /usr/local/bin/jq && \ + jq --version diff --git a/helpers/terraform/Makefile b/helpers/terraform/Makefile index a6dcff24b..25e516db0 100644 --- a/helpers/terraform/Makefile +++ b/helpers/terraform/Makefile @@ -65,8 +65,8 @@ creds: credentials.json ## Get gke credentials kubectl create namespace $(NAMESPACE) || true kubectl config set-context $$(kubectl config current-context) --namespace=$(NAMESPACE) -.PHONY: k8s -k8s: apply creds ## Configure gke cluster +.PHONY: up +up: apply creds ## Configure gke cluster kubectl get cs .PHONY: k8s-staging-registry @@ -77,16 +77,9 @@ k8s-staging-registry: creds ## Create the staging registry auth secret in k8s --docker-username="devops-ci" \ --docker-password="$$DOCKER_PASSWORD" -.PHONY: up -up: k8s ## Install helm on gke cluster - kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default || true - for i in 1 2 3 4 5; do helm init --wait --upgrade && break || sleep 5; done - .PHONY: integration integration: creds ## Deploy helm chart and run integration tests cd ../../$(CHART)/ && \ - helm init --client-only && \ - helm dependency update && \ cd ./examples/$(SUITE) && \ make @@ -98,4 +91,3 @@ build: ## Build helm-charts docker image pull-private-images: ## Pull private images used in testing cd ../../elasticsearch/examples/security/ && \ make pull-elasticsearch-image - diff --git a/helpers/terraform/main.tf b/helpers/terraform/main.tf index 292c881fa..0d1ece129 100644 --- a/helpers/terraform/main.tf +++ b/helpers/terraform/main.tf @@ -16,6 +16,8 @@ resource "google_container_cluster" "cluster" { additional_zones = "${var.additional_zones}" min_master_version = "${var.kubernetes_version}" node_version = "${var.kubernetes_version}" + logging_service = "none" + monitoring_service = "none" network = "${var.network}" subnetwork = "${var.subnetwork}" diff --git a/helpers/upgrade.sh b/helpers/upgrade.sh new file mode 100755 index 000000000..269b64d8a --- /dev/null +++ b/helpers/upgrade.sh @@ -0,0 +1,73 @@ +#!/usr/bin/env bash +# +# upgrade.sh deploy some Helm chart to a specific released version, +# then upgrade it. +# +# An optional version can be specified for Docker image tag to use for upgrade. +# This is required for master branch because upgrade from Elasticsearch 7.X +# to 8.0.0-SNAPSHOT doesn't work. +# +set -euo pipefail + +TO="" + +usage() { + cat <<-EOF + USAGE: + $0 --chart --release --from [--to ] + $0 --help + + OPTIONS: + --chart + Name of the Elastic Helm chart to install (ie: elasticsearch) + --release + Name of the Helm release to install (ie: helm-upgrade-elasticsearch) + --from + Version to use for first install (ie: 7.7.0) + --to + Version of the Docker images to use for upgrade (ie: 7.10.0) + EOF + exit 1 +} + +while [[ $# -gt 0 ]] +do + key="$1" + + case $key in + --help) + usage + ;; + --chart) + CHART="$2" + shift 2 + ;; + --release) + RELEASE="$2" + shift 2 + ;; + --from) + FROM="$2" + shift 2 + ;; + --to) + TO="--set imageTag=$2" + shift 2 + ;; + *) + log "Unrecognized argument: '$key'" + usage + ;; + esac +done + +helm repo add elastic https://helm.elastic.co + +# Initial install +printf "Installing %s %s\n" "$RELEASE" "$FROM" +helm upgrade --wait --timeout=1200s --install --version "$FROM" --values values.yaml "$RELEASE" elastic/"$CHART" + +# Upgrade +printf "Upgrading %s\n" "$RELEASE" +# shellcheck disable=SC2086 +helm upgrade --wait --timeout=1200s --install --set terminationGracePeriod=121 $TO --values values.yaml "$RELEASE" ../../ diff --git a/kibana/Chart.yaml b/kibana/Chart.yaml index 9d2f3a611..1b7f4dea4 100755 --- a/kibana/Chart.yaml +++ b/kibana/Chart.yaml @@ -5,8 +5,8 @@ maintainers: - email: helm-charts@elastic.co name: Elastic name: kibana -version: 7.6.2 -appVersion: 7.6.2 +version: 7.12.0-SNAPSHOT +appVersion: 7.12.0-SNAPSHOT sources: - https://github.com/elastic/kibana icon: https://helm.elastic.co/icons/kibana.png diff --git a/kibana/README.md b/kibana/README.md index 0fd5aac95..979cd9cd4 100644 --- a/kibana/README.md +++ b/kibana/README.md @@ -1,170 +1,234 @@ # Kibana Helm Chart -This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. +[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+master.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/elastic)](https://artifacthub.io/packages/search?repo=elastic) + +This Helm chart is a lightweight way to configure and run our official +[Kibana Docker image][]. + + +**Warning**: This branch is used for development, please use the latest [7.x][] release for released version. + + + + +- [Requirements](#requirements) +- [Installing](#installing) + - [Install released version using Helm repository](#install-released-version-using-helm-repository) + - [Install development version from a branch](#install-development-version-from-a-branch) +- [Upgrading](#upgrading) +- [Usage notes](#usage-notes) +- [Configuration](#configuration) + - [Deprecated](#deprecated) +- [FAQ](#faq) + - [How to deploy this chart on a specific K8S distribution?](#how-to-deploy-this-chart-on-a-specific-k8s-distribution) + - [How to use Kibana with security (authentication and TLS) enabled?](#how-to-use-kibana-with-security-authentication-and-tls-enabled) + - [How to install plugins?](#how-to-install-plugins) + - [How to import objects post-deployment?](#how-to-import-objects-post-deployment) +- [Contributing](#contributing) + + + + -This helm chart is a lightweight way to configure and run our official [Kibana docker image](https://www.elastic.co/guide/en/kibana/current/docker.html) ## Requirements -* [Helm](https://helm.sh/) >=2.8.0 and <3.0.0 (see parent [README](https://github.com/elastic/helm-charts/tree/master/README.md) for more details) -* Kubernetes >=1.9 +* Kubernetes >= 1.14 +* [Helm][] >= 2.17.0 + +See [supported configurations][] for more details. ## Installing -### Using Helm repository +This chart is tested with the latest 7.12.0-SNAPSHOT version. -* Add the elastic helm charts repo - ``` - helm repo add elastic https://helm.elastic.co - ``` -* Install it - ``` - helm install --name kibana elastic/kibana - ``` +### Install released version using Helm repository -### Using master branch +* Add the Elastic Helm charts repo: +`helm repo add elastic https://helm.elastic.co` -* Clone the git repo - ``` - git clone git@github.com:elastic/helm-charts.git - ``` -* Install it - ``` - helm install --name kibana ./helm-charts/kibana - ``` +* Install it: + - with Helm 3: `helm install kibana --version elastic/kibana` + - with Helm 2 (deprecated): `helm install --name kibana --version elastic/kibana` -## Compatibility +### Install development version from a branch -This chart is tested with the latest supported versions. The currently tested versions are: +* Clone the git repo: `git clone git@github.com:elastic/helm-charts.git` -| 6.x | 7.x | -| ----- | ----- | -| 6.8.8 | 7.6.2 | +* Checkout the branch : `git checkout 7.12` -Examples of installing older major versions can be found in the [examples](https://github.com/elastic/helm-charts/tree/master/kibana/examples) directory. +* Install it: + - with Helm 3: `helm install kibana ./helm-charts/kibana --set imageTag=7.12.0-SNAPSHOT` + - with Helm 2 (deprecated): `helm install --name kibana ./helm-charts/kibana --set imageTag=7.12.0-SNAPSHOT` -While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.6.2` of Kibana it would look like this: -``` -helm install --name kibana elastic/kibana --set imageTag=7.6.2 -``` +## Upgrading + +Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before +upgrading to a new chart version. + + +## Usage notes + +* Automated testing of this chart is currently only run against GKE (Google +Kubernetes Engine). + +* This repo includes a number of [examples][] configurations which can be used +as a reference. They are also used in the automated testing of this chart. + ## Configuration -| Parameter | Description | Default | -| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | -| `elasticsearchHosts` | The URLs used to connect to Elasticsearch. | `http://elasticsearch-master:9200` | -| `elasticsearchURL` | The URL used to connect to Elasticsearch. Deprecated, needs to be used for Kibana versions < 6.6 | | -| `replicas` | Kubernetes replica count for the deployment (i.e. how many pods) | `1` | -| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `name: NODE_OPTIONS`
`value: "--max-old-space-size=1800"` | -| `secretMounts` | Allows you easily mount a secret as a file inside the deployment. Useful for mounting certificates and other secrets. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/kibana/values.yaml) for an example | `[]` | -| `image` | The Kibana docker image | `docker.elastic.co/kibana/kibana` | -| `imageTag` | The Kibana docker image tag | `7.6.2` | -| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` | -| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Kibana pods | `{}` | -| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the statefulset | `requests.cpu: 1000m`
`requests.memory: 2Gi`
`limits.cpu: 1000m`
`limits.memory: 2Gi` | -| `protocol` | The protocol that will be used for the readinessProbe. Change this to `https` if you have `server.ssl.enabled: true` set | `http` | -| `serverHost` | The [`server.host`](https://www.elastic.co/guide/en/kibana/current/settings.html) Kibana setting. This is set explicitly so that the default always matches what comes with the docker image. | `0.0.0.0` | -| `healthCheckPath` | The path used for the readinessProbe to check that Kibana is ready. If you are setting `server.basePath` you will also need to update this to `/${basePath}/app/kibana` | `/app/kibana` | -| `kibanaConfig` | Allows you to add any config files in `/usr/share/kibana/config/` such as `kibana.yml`. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/kibana/values.yaml) for an example of the formatting. | `{}` | -| `podSecurityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000` | -| `securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the container | `capabilities.drop:[ALL]`
`runAsNonRoot: true`
`runAsUser: 1000` | -| `serviceAccount` | Allows you to overwrite the "default" [serviceAccount](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) for the pod | `[]` | -| `priorityClassName` | The [name of the PriorityClass](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). No default is supplied as the PriorityClass must be created first. | `""` | -| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service. | `5601` | -| `updateStrategy` | Allows you to change the default update [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment) for the deployment. A [standard upgrade](https://www.elastic.co/guide/en/kibana/current/upgrade-standard.html) of Kibana requires a full stop and start which is why the default strategy is set to `Recreate` | `Recreate` | -| `readinessProbe` | Configuration for the [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` | -| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` | -| `nodeSelector` | Configurable [nodeSelector](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) so that you can target specific nodes for your Kibana instances | `{}` | -| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| `ingress` | Configurable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose the Kibana service. See [`values.yaml`](https://github.com/elastic/helm-charts/tree/master/kibana/values.yaml) for an example | `enabled: false` | -| `service` | Configurable [service](https://kubernetes.io/docs/concepts/services-networking/service/) to expose the Kibana service. See [`values.yaml`](https://github.com/elastic/helm-charts/tree/master/kibana/values.yaml) for an example | `type: ClusterIP`
`port: 5601`
`nodePort:`
`annotations: {}`
`loadBalancerSourceRanges: {}` | -| `labels` | Configurable [label](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) applied to all Kibana pods | `{}` | -| `lifecycle` | Allows you to add lifecycle configuration. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/kibana/values.yaml) for an example of the formatting. | `{}` | -| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to "`.Release.Name`-`.Values.nameOverride or .Chart.Name`" | `""` | -| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | -| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | - -## Examples - -In [examples/](https://github.com/elastic/helm-charts/tree/master/kibana/examples) you will find some example configurations. These examples are used for the automated testing of this helm chart - -### Default - -* Deploy the [default Elasticsearch helm chart](https://github.com/elastic/helm-charts/tree/master/elasticsearch/README.md#default) -* Deploy Kibana with the default values - ``` - cd examples/default - make - ``` -* You can now setup a port forward and access Kibana at http://localhost:5601 - ``` - kubectl port-forward deployment/helm-kibana-default-kibana 5601 - ``` - -### Security - -* Deploy a [security enabled Elasticsearch cluster](https://github.com/elastic/helm-charts/tree/master/elasticsearch/README.md#security) -* Deploy Kibana with the security example - ``` - cd examples/security - make - ``` -* Setup a port forward and access Kibana at https://localhost:5601 - ``` - # Setup the port forward - kubectl port-forward deployment/helm-kibana-security-kibana 5601 - - # Run this in a seperate terminal - # Get the auto generated password - password=$(kubectl get secret elastic-credentials -o jsonpath='{.data.password}' | base64 --decode) - echo $password - - # Test Kibana is working with curl or access it with your browser at https://localhost:5601 - # The example certificate is self signed so you may see a warning about the certificate - curl -I -k -u elastic:$password https://localhost:5601/app/kibana - ``` +| Parameter | Description | Default | +|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------| +| `affinity` | Configurable [affinity][] | `{}` | +| `elasticsearchHosts` | The URLs used to connect to Elasticsearch | `http://elasticsearch-master:9200` | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | +| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `extraEnvs` | Extra [environment variables][] which will be appended to the `env:` definition for the container | see [values.yaml][] | +| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride orChart.Name` " | `""` | +| `healthCheckPath` | The path used for the readinessProbe to check that Kibana is ready. If you are setting `server.basePath` you will also need to update this to `/${basePath}/app/kibana` | `/app/kibana` | +| `hostAliases` | Configurable [hostAliases][] | `[]` | +| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service | `5601` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][]value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The Kibana Docker image tag | `7.12.0-SNAPSHOT` | +| `image` | The Kibana Docker image | `docker.elastic.co/kibana/kibana` | +| `ingress` | Configurable [ingress][] to expose the Kibana service. | see [values.yaml][] | +| `kibanaConfig` | Allows you to add any config files in `/usr/share/kibana/config/` such as `kibana.yml` See [values.yaml][] for an example of the formatting | `{}` | +| `labels` | Configurable [labels][] applied to all Kibana pods | `{}` | +| `lifecycle` | Allows you to add [lifecycle hooks][]. See [values.yaml][] for an example of the formatting | `{}` | +| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | +| `nodeSelector` | Configurable [nodeSelector][] so that you can target specific nodes for your Kibana instances | `{}` | +| `podAnnotations` | Configurable [annotations][] applied to all Kibana pods | `{}` | +| `podSecurityContext` | Allows you to set the [securityContext][] for the pod | see [values.yaml][] | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | +| `protocol` | The protocol that will be used for the readinessProbe. Change this to `https` if you have `server.ssl.enabled: true` set | `http` | +| `readinessProbe` | Configuration for the readiness [probe][] | see [values.yaml][] | +| `replicas` | Kubernetes replica count for the Deployment (i.e. how many pods) | `1` | +| `resources` | Allows you to set the [resources][] for the Deployment | see [values.yaml][] | +| `secretMounts` | Allows you easily mount a secret as a file inside the Deployment. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `securityContext` | Allows you to set the [securityContext][] for the container | see [values.yaml][] | +| `serverHost` | The [server.host][] Kibana setting. This is set explicitly so that the default always matches what comes with the Docker image | `0.0.0.0` | +| `serviceAccount` | Allows you to overwrite the "default" [serviceAccount][] for the pod | `[]` | +| `service` | Configurable [service][] to expose the Kibana service. | see [values.yaml][] | +| `tolerations` | Configurable [tolerations][]) | `[]` | +| `updateStrategy` | Allows you to change the default [updateStrategy][] for the Deployment. A [standard upgrade][] of Kibana requires a full stop and start which is why the default strategy is set to `Recreate` | `type: Recreate` | + +### Deprecated + +| Parameter | Description | Default | +|--------------------|--------------------------------------------------------------------------------------|---------| +| `elasticsearchURL` | The URL used to connect to Elasticsearch. needs to be used for Kibana versions < 6.6 | `""` | + ## FAQ -### How to install plugins? +### How to deploy this chart on a specific K8S distribution? -The recommended way to install plugins into our docker images is to create a custom docker image. +This chart is highly tested with [GKE][], but some K8S distribution also +requires specific configurations. -The Dockerfile would look something like: +We provide examples of configuration for the following K8S providers: -``` -ARG kibana_version -FROM docker.elastic.co/kibana/kibana:${kibana_version} +- [OpenShift][] -RUN bin/kibana-plugin install -``` +### How to use Kibana with security (authentication and TLS) enabled? -And then updating the `image` in values to point to your custom image. +This Helm chart can use existing [Kubernetes secrets][] to setup +credentials or certificates for examples. These secrets should be created +outside of this chart and accessed using [environment variables][] and volumes. -There are a couple reasons we recommend this. +An example can be found in [examples/security][]. -1. Tying the availability of Kibana to the download service to install plugins is not a great idea or something that we recommend. Especially in Kubernetes where it is normal and expected for a container to be moved to another host at random times. -2. Mutating the state of a running docker image (by installing plugins) goes against best practices of containers and immutable infrastructure. +### How to install plugins? -## Testing +The recommended way to install plugins into our Docker images is to create a +custom Docker image. -This chart uses [pytest](https://docs.pytest.org/en/latest/) to test the templating logic. The dependencies for testing can be installed from the [`requirements.txt`](https://github.com/elastic/helm-charts/tree/master/requirements.txt) in the parent directory. +The Dockerfile would look something like: ``` -pip install -r ../requirements.txt -make test -``` +ARG kibana_version +FROM docker.elastic.co/kibana/kibana:${kibana_version} +RUN bin/kibana-plugin install +``` -You can also use `helm template` to look at the YAML being generated +And then updating the `image` in values to point to your custom image. -``` -make template +There are a couple reasons we recommend this: + +1. Tying the availability of Kibana to the download service to install plugins +is not a great idea or something that we recommend. Especially in Kubernetes +where it is normal and expected for a container to be moved to another host at +random times. +2. Mutating the state of a running Docker image (by installing plugins) goes +against best practices of containers and immutable infrastructure. + +### How to import objects post-deployment? + +You can use `postStart` [lifecycle hooks][] to run code triggered after a +container is created. + +Here is an example of `postStart` hook to import an index-pattern and a +dashboard: + +```yaml +lifecycle: + postStart: + exec: + command: + - bash + - -c + - | + #!/bin/bash + # Import a dashboard + KB_URL=http://localhost:5601 + while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' -L $KB_URL)" != "200" ]]; do sleep 1; done + curl -XPOST "$KB_URL/api/kibana/dashboards/import" -H "Content-Type: application/json" -H 'kbn-xsrf: true' -d'{"objects":[{"type":"index-pattern","id":"my-pattern","attributes":{"title":"my-pattern-*"}},{"type":"dashboard","id":"my-dashboard","attributes":{"title":"Look at my dashboard"}}]}' ``` -It is possible to run all of the tests and linting inside of a docker container -``` -make test -``` +## Contributing + +Please check [CONTRIBUTING.md][] before any contribution or for any questions +about our development and testing process. + +[7.x]: https://github.com/elastic/helm-charts/releases +[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/master/BREAKING_CHANGES.md +[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/master/CHANGELOG.md +[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +[default elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/README.md#default +[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config +[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +[examples]: https://github.com/elastic/helm-charts/tree/7.12/kibana/examples +[examples/security]: https://github.com/elastic/helm-charts/tree/7.12/kibana/examples/security +[gke]: https://cloud.google.com/kubernetes-engine +[helm]: https://helm.sh +[hostAliases]: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images +[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +[ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ +[kibana docker image]: https://www.elastic.co/guide/en/kibana/7.12/docker.html +[kubernetes secrets]: https://kubernetes.io/docs/concepts/configuration/secret/ +[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +[lifecycle hooks]: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ +[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +[openshift]: https://github.com/elastic/helm-charts/tree/7.12/kibana/examples/openshift +[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ +[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +[security enabled elasticsearch cluster]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/README.md#security +[securityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +[server.host]: https://www.elastic.co/guide/en/kibana/7.12/settings.html +[service]: https://kubernetes.io/docs/concepts/services-networking/service/ +[serviceAccount]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +[standard upgrade]: https://www.elastic.co/guide/en/kibana/7.12/upgrade-standard.html +[supported configurations]: https://github.com/elastic/helm-charts/tree/7.12/README.md#supported-configurations +[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[updateStrategy]: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment +[values.yaml]: https://github.com/elastic/helm-charts/tree/7.12/kibana/values.yaml diff --git a/kibana/examples/6.x/Makefile b/kibana/examples/6.x/Makefile deleted file mode 100644 index 468e2b84a..000000000 --- a/kibana/examples/6.x/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -default: test -include ../../../helpers/examples.mk - -RELEASE := helm-kibana-six - -install: - helm upgrade --wait --timeout=600 --install --values ./values.yml $(RELEASE) ../../ - -purge: - helm del --purge $(RELEASE) - -test: install goss diff --git a/kibana/examples/6.x/values.yml b/kibana/examples/6.x/values.yml deleted file mode 100644 index 474e0eb39..000000000 --- a/kibana/examples/6.x/values.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -imageTag: 6.8.8 -elasticsearchHosts: "http://six-master:9200" diff --git a/kibana/examples/default/Makefile b/kibana/examples/default/Makefile index 39caa3072..d181571fa 100644 --- a/kibana/examples/default/Makefile +++ b/kibana/examples/default/Makefile @@ -1,13 +1,13 @@ default: test + include ../../../helpers/examples.mk RELEASE := helm-kibana-default install: - echo "Goss container: $(GOSS_CONTAINER)" - helm upgrade --wait --timeout=600 --install $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/kibana/examples/default/README.md b/kibana/examples/default/README.md new file mode 100644 index 000000000..0be7c043e --- /dev/null +++ b/kibana/examples/default/README.md @@ -0,0 +1,27 @@ +# Default + +This example deploy Kibana 7.12.0-SNAPSHOT using [default values][]. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Kibana chart with the default values: `make install` + +* You can now setup a port forward to query Kibana indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/default/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/kibana/examples/default/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/7.12/kibana/values.yaml diff --git a/kibana/examples/default/test/goss.yaml b/kibana/examples/default/test/goss.yaml index a4ffec234..3b34e09c9 100644 --- a/kibana/examples/default/test/goss.yaml +++ b/kibana/examples/default/test/goss.yaml @@ -3,7 +3,7 @@ http: status: 200 timeout: 2000 body: - - '"number":"7.6.2"' + - '"number":"7.12.0"' http://localhost:5601/app/kibana: status: 200 diff --git a/kibana/examples/openshift/Makefile b/kibana/examples/openshift/Makefile index 9dccc65ed..35b66d02b 100644 --- a/kibana/examples/openshift/Makefile +++ b/kibana/examples/openshift/Makefile @@ -4,12 +4,12 @@ include ../../../helpers/examples.mk RELEASE := kibana template: - helm template --values ./values.yml ../../ + helm template --values values.yaml ../../ -install: - helm upgrade --wait --timeout=600 --install --values ./values.yml $(RELEASE) ../../ +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: install goss - + purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/kibana/examples/openshift/README.md b/kibana/examples/openshift/README.md new file mode 100644 index 000000000..402fe6a65 --- /dev/null +++ b/kibana/examples/openshift/README.md @@ -0,0 +1,26 @@ +# OpenShift + +This example deploy Kibana 7.12.0-SNAPSHOT on [OpenShift][] using [custom values][]. + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Kibana chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[custom values]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/openshift/values.yaml +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/openshift/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/openshift/test/goss.yaml +[openshift]: https://www.openshift.com/ diff --git a/kibana/examples/oss/Makefile b/kibana/examples/oss/Makefile deleted file mode 100644 index 77c6412db..000000000 --- a/kibana/examples/oss/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -default: test -include ../../../helpers/examples.mk - -RELEASE := helm-kibana-oss - -install: - helm upgrade --wait --timeout=600 --install --values ./values.yml $(RELEASE) ../../ - -test: install goss - -purge: - helm del --purge $(RELEASE) diff --git a/kibana/examples/oss/test/goss.yaml b/kibana/examples/oss/test/goss.yaml deleted file mode 100644 index 35aee7dd4..000000000 --- a/kibana/examples/oss/test/goss.yaml +++ /dev/null @@ -1,4 +0,0 @@ -http: - http://localhost:5601/app/kibana: - status: 200 - timeout: 2000 diff --git a/kibana/examples/oss/values.yml b/kibana/examples/oss/values.yml deleted file mode 100644 index eb0203c75..000000000 --- a/kibana/examples/oss/values.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -image: "docker.elastic.co/kibana/kibana-oss" -elasticsearchHosts: "http://oss-master:9200" diff --git a/kibana/examples/security/Makefile b/kibana/examples/security/Makefile index a54769d95..034c8c5cc 100644 --- a/kibana/examples/security/Makefile +++ b/kibana/examples/security/Makefile @@ -1,17 +1,18 @@ default: test + include ../../../helpers/examples.mk RELEASE := helm-kibana-security install: - helm upgrade --wait --timeout=600 --install --values ./security.yml $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: secrets install goss purge: kubectl delete secret kibana || true - helm del --purge $(RELEASE) + helm del $(RELEASE) secrets: - encryptionkey=$$(echo $$(docker run --rm docker.elastic.co/elasticsearch/elasticsearch:$(STACK_VERSION) /bin/sh -c "< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c50")) && \ + encryptionkey=$$(docker run --rm busybox:1.31.1 /bin/sh -c "< /dev/urandom tr -dc _A-Za-z0-9 | head -c50") && \ kubectl create secret generic kibana --from-literal=encryptionkey=$$encryptionkey diff --git a/kibana/examples/security/README.md b/kibana/examples/security/README.md new file mode 100644 index 000000000..cd4037e02 --- /dev/null +++ b/kibana/examples/security/README.md @@ -0,0 +1,28 @@ +# Security + +This example deploy Kibana 7.12.0-SNAPSHOT using authentication and TLS to connect to +Elasticsearch (see [values][]). + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Kibana chart with security: `make install` + +* You can now setup a port forward to query Kibana indices: + + ``` + kubectl port-forward svc/security-master 9200 + curl -u elastic:changeme https://localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/security/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/kibana/examples/security/test/goss.yaml +[values]: https://github.com/elastic/helm-charts/tree/7.12/kibana/examples/security/values.yaml diff --git a/kibana/examples/security/security.yml b/kibana/examples/security/values.yaml similarity index 100% rename from kibana/examples/security/security.yml rename to kibana/examples/security/values.yaml diff --git a/kibana/examples/upgrade/Makefile b/kibana/examples/upgrade/Makefile new file mode 100644 index 000000000..b01368a95 --- /dev/null +++ b/kibana/examples/upgrade/Makefile @@ -0,0 +1,16 @@ +default: test + +include ../../../helpers/examples.mk + +CHART := kibana +RELEASE := helm-kibana-upgrade +FROM := 7.4.0 # versions before 7.4.O aren't compatible with Kubernetes >= 1.16.0 + +install: + ../../../helpers/upgrade.sh --chart $(CHART) --release $(RELEASE) --from $(FROM) + kubectl rollout status deployment $(RELEASE)-kibana + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/kibana/examples/upgrade/README.md b/kibana/examples/upgrade/README.md new file mode 100644 index 000000000..ad28f65c6 --- /dev/null +++ b/kibana/examples/upgrade/README.md @@ -0,0 +1,21 @@ +# Upgrade + +This example will deploy Kibana chart using an old chart version, +then upgrade it. + + +## Usage + +* Add the Elastic Helm charts repo: `helm repo add elastic https://helm.elastic.co` + +* Deploy [Elasticsearch Helm chart][]: `helm install elasticsearch elastic/elasticsearch` + +* Deploy and upgrade Kibana chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test`. + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/kibana/examples/upgrade/test/goss.yaml diff --git a/kibana/examples/6.x/test/goss.yaml b/kibana/examples/upgrade/test/goss.yaml similarity index 57% rename from kibana/examples/6.x/test/goss.yaml rename to kibana/examples/upgrade/test/goss.yaml index aea90054d..53a1a3292 100644 --- a/kibana/examples/6.x/test/goss.yaml +++ b/kibana/examples/upgrade/test/goss.yaml @@ -3,8 +3,12 @@ http: status: 200 timeout: 2000 body: - - '"number":"6.8.8"' + - '"number":"7.12.0"' http://localhost:5601/app/kibana: status: 200 timeout: 2000 + + http://helm-kibana-upgrade-kibana:5601/app/kibana: + status: 200 + timeout: 2000 diff --git a/kibana/examples/upgrade/values.yaml b/kibana/examples/upgrade/values.yaml new file mode 100644 index 000000000..01d99c838 --- /dev/null +++ b/kibana/examples/upgrade/values.yaml @@ -0,0 +1,2 @@ +--- +elasticsearchHosts: "http://upgrade-master:9200" diff --git a/kibana/templates/_helpers.tpl b/kibana/templates/_helpers.tpl index 2fe259ebd..407e29680 100755 --- a/kibana/templates/_helpers.tpl +++ b/kibana/templates/_helpers.tpl @@ -20,12 +20,13 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{/* -Return the appropriate apiVersion for ingress. +Common labels */}} -{{- define "kibana.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} +{{- define "kibana.labels" -}} +app: {{ .Chart.Name }} +release: {{ .Release.Name | quote }} +heritage: {{ .Release.Service }} +{{- if .Values.labels }} +{{ toYaml .Values.labels }} +{{- end }} {{- end -}} diff --git a/kibana/templates/configmap.yaml b/kibana/templates/configmap.yaml index 88927597a..98977a840 100644 --- a/kibana/templates/configmap.yaml +++ b/kibana/templates/configmap.yaml @@ -4,12 +4,10 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "kibana.fullname" . }}-config - labels: - app: {{ .Chart.Name }} - release: {{ .Release.Name | quote }} + labels: {{ include "kibana.labels" . | nindent 4 }} data: {{- range $path, $config := .Values.kibanaConfig }} {{ $path }}: | -{{ $config | indent 4 -}} +{{ tpl $config $ | indent 4 -}} {{- end -}} {{- end -}} diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml index b7a97758e..ba4400b78 100644 --- a/kibana/templates/deployment.yaml +++ b/kibana/templates/deployment.yaml @@ -2,12 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "kibana.fullname" . }} - labels: - app: {{ .Chart.Name }} - release: {{ .Release.Name | quote }} - {{- range $key, $value := .Values.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} + labels: {{ include "kibana.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicas }} strategy: @@ -41,6 +36,9 @@ spec: {{- if .Values.serviceAccount }} serviceAccount: {{ .Values.serviceAccount }} {{- end }} + {{- if .Values.hostAliases }} + hostAliases: {{ toYaml .Values.hostAliases | nindent 6 }} + {{- end }} volumes: {{- range .Values.secretMounts }} - name: {{ .name }} @@ -69,8 +67,15 @@ spec: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} {{- if .Values.extraInitContainers }} + # Currently some extra blocks accept strings + # to continue with backwards compatibility this is being kept + # whilst also allowing for yaml to be specified too. initContainers: + {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} {{ tpl .Values.extraInitContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraInitContainers | indent 6 }} + {{- end }} {{- end }} containers: - name: kibana @@ -90,6 +95,10 @@ spec: value: "{{ .Values.serverHost }}" {{- if .Values.extraEnvs }} {{ toYaml .Values.extraEnvs | indent 10 }} +{{- end }} +{{- if .Values.envFrom }} + envFrom: +{{ toYaml .Values.envFrom | indent 10 }} {{- end }} readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} @@ -99,6 +108,11 @@ spec: - -c - | #!/usr/bin/env bash -e + + # Disable nss cache to avoid filling dentry cache when calling curl + # This is required with Kibana Docker using nss < 3.52 + export NSS_SDB_USE_CACHE=no + http () { local path="${1}" set -- -XGET -s --fail -L @@ -139,5 +153,12 @@ spec: subPath: {{ $path }} {{- end -}} {{- if .Values.extraContainers }} + # Currently some extra blocks accept strings + # to continue with backwards compatibility this is being kept + # whilst also allowing for yaml to be specified too. + {{- if eq "string" (printf "%T" .Values.extraContainers) }} {{ tpl .Values.extraContainers . | indent 6 }} - {{- end }} \ No newline at end of file + {{- else }} +{{ toYaml .Values.extraContainers | indent 6 }} + {{- end }} + {{- end }} diff --git a/kibana/templates/ingress.yaml b/kibana/templates/ingress.yaml index e9aafcb65..f79255f30 100644 --- a/kibana/templates/ingress.yaml +++ b/kibana/templates/ingress.yaml @@ -1,15 +1,12 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "kibana.fullname" . -}} -{{- $servicePort := .Values.service.port -}} +{{- $httpPort := .Values.httpPort -}} {{- $ingressPath := .Values.ingress.path -}} -apiVersion: {{ template "kibana.ingress.apiVersion" . }} +apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: {{ $fullName }} - labels: - app: {{ .Chart.Name }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + labels: {{ include "kibana.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{ toYaml . | indent 4 }} @@ -17,16 +14,38 @@ metadata: spec: {{- if .Values.ingress.tls }} tls: + {{- if .ingressPath }} + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- else }} {{ toYaml .Values.ingress.tls | indent 4 }} + {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} + {{- if $ingressPath }} - host: {{ . }} http: paths: - path: {{ $ingressPath }} backend: serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} + servicePort: {{ $httpPort }} + {{- else }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ .servicePort | default $httpPort }} + {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/kibana/templates/service.yaml b/kibana/templates/service.yaml index 5734580bf..fbced7344 100644 --- a/kibana/templates/service.yaml +++ b/kibana/templates/service.yaml @@ -3,10 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "kibana.fullname" . }} - labels: - app: {{ .Chart.Name }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service }} + labels: {{ include "kibana.labels" . | nindent 4 }} {{- if .Values.service.labels }} {{ toYaml .Values.service.labels | indent 4}} {{- end }} @@ -16,6 +13,9 @@ metadata: {{- end }} spec: type: {{ .Values.service.type }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} +{{- end }} {{- with .Values.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml . | indent 4 }} @@ -26,7 +26,7 @@ spec: nodePort: {{ .Values.service.nodePort }} {{- end }} protocol: TCP - name: http + name: {{ .Values.service.httpPortName | default "http" }} targetPort: {{ .Values.httpPort }} selector: app: {{ .Chart.Name }} diff --git a/kibana/tests/kibana_test.py b/kibana/tests/kibana_test.py index 4b864f2f0..5a3f30b34 100644 --- a/kibana/tests/kibana_test.py +++ b/kibana/tests/kibana_test.py @@ -51,6 +51,11 @@ def test_defaults(): # Make sure that the default 'loadBalancerSourceRanges' list is empty assert "loadBalancerSourceRanges" not in r["service"][name]["spec"] + # Make sure that the default 'loadBalancerIP' string is empty + assert "loadBalancerIP" not in r["service"][name]["spec"] + + assert "hostAliases" not in r["deployment"][name]["spec"]["template"]["spec"] + def test_overriding_the_elasticsearch_hosts(): config = """ @@ -89,6 +94,19 @@ def test_overriding_the_port(): assert r["service"][name]["spec"]["ports"][0]["targetPort"] == 5602 +def test_adding_env_from(): + config = """ +envFrom: +- secretRef: + name: secret-name +""" + r = helm_template(config) + secretRef = r["deployment"][name]["spec"]["template"]["spec"]["containers"][0][ + "envFrom" + ][0]["secretRef"] + assert secretRef == {"name": "secret-name"} + + def test_adding_image_pull_secrets(): config = """ imagePullSecrets: @@ -188,6 +206,54 @@ def test_adding_a_extra_init_container(): def test_adding_an_ingress_rule(): config = """ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + hosts: + - host: kibana.elastic.co + paths: + - path: / + - path: /testpath + servicePort: 8888 + - host: '' + paths: + - path: / + - host: kibana.hello.there + paths: + - path: /mypath + servicePort: 9999 + tls: + - secretName: elastic-co-wildcard + hosts: + - kibana.elastic.co +""" + + r = helm_template(config) + assert name in r["ingress"] + i = r["ingress"][name]["spec"] + assert i["tls"][0]["hosts"][0] == "kibana.elastic.co" + assert i["tls"][0]["secretName"] == "elastic-co-wildcard" + + assert i["rules"][0]["host"] == "kibana.elastic.co" + assert i["rules"][0]["http"]["paths"][0]["path"] == "/" + assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + assert i["rules"][0]["http"]["paths"][1]["path"] == "/testpath" + assert i["rules"][0]["http"]["paths"][1]["backend"]["serviceName"] == name + assert i["rules"][0]["http"]["paths"][1]["backend"]["servicePort"] == 8888 + assert i["rules"][1]["host"] == None + assert i["rules"][1]["http"]["paths"][0]["path"] == "/" + assert i["rules"][1]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][1]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + assert i["rules"][2]["host"] == "kibana.hello.there" + assert i["rules"][2]["http"]["paths"][0]["path"] == "/mypath" + assert i["rules"][2]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][2]["http"]["paths"][0]["backend"]["servicePort"] == 9999 + + +def test_adding_a_deprecated_ingress_rule(): + config = """ ingress: enabled: true annotations: @@ -215,6 +281,34 @@ def test_adding_an_ingress_rule(): def test_adding_an_ingress_rule_wildcard(): config = """ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + hosts: + - host: kibana.elastic.co + paths: + - path: / + tls: + - secretName: elastic-co-wildcard + hosts: + - "*.elastic.co" +""" + + r = helm_template(config) + assert name in r["ingress"] + i = r["ingress"][name]["spec"] + assert i["tls"][0]["hosts"][0] == "*.elastic.co" + assert i["tls"][0]["secretName"] == "elastic-co-wildcard" + + assert i["rules"][0]["host"] == "kibana.elastic.co" + assert i["rules"][0]["http"]["paths"][0]["path"] == "/" + assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + + +def test_adding_a_deprecated_ingress_rule_wildcard(): + config = """ ingress: enabled: true annotations: @@ -602,3 +696,40 @@ def test_setting_fullnameOverride(): ] == "kibana" ) + + +def test_adding_loadBalancerIP(): + config = """ + service: + loadBalancerIP: 12.5.11.79 + """ + + r = helm_template(config) + + assert r["service"][name]["spec"]["loadBalancerIP"] == "12.5.11.79" + + +def test_service_port_name(): + r = helm_template("") + + config = """ + service: + httpPortName: istio + """ + + r = helm_template(config) + + assert r["service"][name]["spec"]["ports"][0]["name"] == "istio" + + +def test_hostaliases(): + config = """ +hostAliases: +- ip: "127.0.0.1" + hostnames: + - "foo.local" + - "bar.local" +""" + r = helm_template(config) + hostAliases = r["deployment"][name]["spec"]["template"]["spec"]["hostAliases"] + assert {"ip": "127.0.0.1", "hostnames": ["foo.local", "bar.local"]} in hostAliases diff --git a/kibana/values.yaml b/kibana/values.yaml index 468a98533..a248ee0c3 100755 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -1,6 +1,4 @@ --- - -elasticsearchURL: "" # "http://elasticsearch-master:9200" elasticsearchHosts: "http://elasticsearch-master:9200" replicas: 1 @@ -14,6 +12,13 @@ extraEnvs: # - name: MY_ENVIRONMENT_VAR # value: the_value_goes_here +# Allows you to load environment variables from kubernetes secret or config map +envFrom: [] +# - secretRef: +# name: env-secret +# - configMapRef: +# name: config-map + # A list of secrets and their paths to mount inside the pod # This is useful for mounting certificates for security and for mounting # the X-Pack license @@ -23,8 +28,14 @@ secretMounts: [] # path: /usr/share/kibana/data/kibana.keystore # subPath: kibana.keystore # optional +hostAliases: [] +#- ip: "127.0.0.1" +# hostnames: +# - "foo.local" +# - "bar.local" + image: "docker.elastic.co/kibana/kibana" -imageTag: "7.6.2" +imageTag: "7.12.0-SNAPSHOT" imagePullPolicy: "IfNotPresent" # additionals labels @@ -90,6 +101,7 @@ updateStrategy: service: type: ClusterIP + loadBalancerIP: "" port: 5601 nodePort: "" labels: {} @@ -101,15 +113,17 @@ service: # service.beta.kubernetes.io/cce-load-balancer-internal-vpc: "true" loadBalancerSourceRanges: [] # 0.0.0.0/0 + httpPortName: http ingress: enabled: false annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - path: / hosts: - - chart-example.local + - host: chart-example.local + paths: + - path: / tls: [] # - secretName: chart-example-tls # hosts: @@ -137,3 +151,6 @@ lifecycle: {} # postStart: # exec: # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] + +# Deprecated - use only with versions < 6.6 +elasticsearchURL: "" # "http://elasticsearch-master:9200" diff --git a/logstash/Chart.yaml b/logstash/Chart.yaml index 3512dde75..304bcb5a7 100755 --- a/logstash/Chart.yaml +++ b/logstash/Chart.yaml @@ -5,8 +5,8 @@ maintainers: - email: helm-charts@elastic.co name: Elastic name: logstash -version: 7.6.2 -appVersion: 7.6.2 +version: 7.12.0-SNAPSHOT +appVersion: 7.12.0-SNAPSHOT sources: - https://github.com/elastic/logstash icon: https://helm.elastic.co/icons/logstash.png diff --git a/logstash/README.md b/logstash/README.md index c2db20a32..5145b8095 100644 --- a/logstash/README.md +++ b/logstash/README.md @@ -1,171 +1,236 @@ # Logstash Helm Chart -This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. +[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+master.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/elastic)](https://artifacthub.io/packages/search?repo=elastic) -This helm chart is a lightweight way to configure and run our official [Logstash docker image](https://www.elastic.co/guide/en/logstash/current/docker.html) +This Helm chart is a lightweight way to configure and run our official +[Logstash Docker image][]. -## Requirements +**Warning**: This functionality is in beta and is subject to change. +The design and code is less mature than official GA features and is being +provided as-is with no warranties. Alpha features are not subject to the support +SLA of official GA features (see [supported configurations][] for more details). -* [Helm](https://helm.sh/) >=2.8.0 and <3.0.0 (see parent [README](https://github.com/elastic/helm-charts/tree/master/README.md) for more details) -* Kubernetes >=1.8 + +**Warning**: This branch is used for development, please use the latest [7.x][] release for released version. -## Usage notes and getting started + + -* This repo includes a number of [example](https://github.com/elastic/helm-charts/tree/master/logstash/examples) configurations which can be used as a reference. They are also used in the automated testing of this chart -* Automated testing of this chart is currently only run against GKE (Google Kubernetes Engine). -* The chart deploys a statefulset and by default will do an automated rolling update of your cluster. It does this by waiting for the cluster health to become green after each instance is updated. If you prefer to update manually you can set [`updateStrategy: OnDelete`](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#on-delete) -* It is important to verify that the JVM heap size in `logstashJavaOpts` and to set the CPU/Memory `resources` to something suitable for your cluster -* We have designed this chart to be very un-opinionated about how to configure Logstash. It exposes ways to set environment variables and mount secrets inside of the container. Doing this makes it much easier for this chart to support multiple versions with minimal changes. -* `logstash.yml` configuration files can be set either by a ConfigMap using `logstashConfig` in `values.yml` or by environment variables using `extraEnvs` in `values.yml`, however Logstash Docker image can't mix both methods as defining settings with environment variables causes `logstash.yml` to be modified in place while using ConfigMap bind-mount the same file (more details in this [Note](https://www.elastic.co/guide/en/logstash/6.7/docker-config.html#docker-env-config)). -## Installing +- [Requirements](#requirements) +- [Installing](#installing) + - [Install released version using Helm repository](#install-released-version-using-helm-repository) + - [Install development version from a branch](#install-development-version-from-a-branch) +- [Upgrading](#upgrading) +- [Usage notes](#usage-notes) +- [Configuration](#configuration) +- [FAQ](#faq) + - [How to install OSS version of Logstash?](#how-to-install-oss-version-of-logstash) + - [How to install plugins?](#how-to-install-plugins) +- [Contributing](#contributing) -### Using Helm repository + + + -* Add the elastic helm charts repo - ``` - helm repo add elastic https://helm.elastic.co - ``` -* Install it - ``` - helm install --name logstash elastic/logstash -### Using master branch +## Requirements -* Clone the git repo - ``` - git clone git@github.com:elastic/helm-charts.git - ``` -* Install it - ``` - helm install --name logstash ./helm-charts/logstash - ``` +* Kubernetes >= 1.14 +* [Helm][] >= 2.17.0 -## Compatibility +See [supported configurations][] for more details. -This chart is tested with the latest supported versions. The currently tested versions are: -| 6.x | 7.x | -| ----- | ----- | -| 6.8.8 | 7.6.2 | +## Installing -Examples of installing older major versions can be found in the [examples](https://github.com/elastic/helm-charts/tree/master/logstash/examples) directory. +This chart is tested with the latest 7.12.0-SNAPSHOT version. -While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.6.2` of Logstash it would look like this: +### Install released version using Helm repository -``` -helm install --name logstash elastic/logstash --set imageTag=7.6.2 -``` +* Add the Elastic Helm charts repo: +`helm repo add elastic https://helm.elastic.co` -## Configuration +* Install it: + - with Helm 3: `helm install logstash --version elastic/logstash` + - with Helm 2 (deprecated): `helm install --name logstash --version elastic/logstash` -| Parameter | Description | Default | -| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -| `antiAffinity` | Setting this to hard enforces the [anti-affinity rules](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). If it is set to soft it will be done "best effort". Other values will be ignored. | `hard` | -| `antiAffinityTopologyKey` | The [anti-affinity topology key](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). By default this will prevent multiple Logstash nodes from running on the same Kubernetes node | `kubernetes.io/hostname` | -| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | -| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` | -| `extraInitContainers` | Templatable string of additional init containers to be passed to the `tpl` function | `""` | -| `extraVolumes` | Templatable string of additional volumes to be passed to the `tpl` function | `""` | -| `extraVolumeMounts` | Templatable string of additional volumeMounts to be passed to the `tpl` function | `""` | -| `image` | The Logstash docker image | `docker.elastic.co/logstash/logstash` | -| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` | -| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` | -| `imageTag` | The Logstash docker image tag | `7.6.2` | -| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service. | `9600` | -| `extraPorts` | An array of extra ports to open on the pod | `[]` | -| `labels` | Configurable [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) applied to all Logstash pods | `{}` | -| `lifecycle` | Allows you to add lifecycle configuration. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/logstash/values.yaml) for an example of the formatting. | `{}` | -| `livenessProbe` | Configuration fields for the [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) | `failureThreshold: 3`
`initialDelaySeconds: 300`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` | -| `logstashConfig` | Allows you to add any config files in `/usr/share/logstash/config/` such as `logstash.yml` and `log4j2.properties`. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/logstash/values.yaml) for an example of the formatting. | `{}` | -| `logstashJavaOpts` | Java options for Logstash. This is where you should configure the jvm heap size | `-Xmx1g -Xms1g` | -| `logstashPipeline` | Allows you to add any pipeline files in `/usr/share/logstash/pipeline/`. | `{}` | -| `maxUnavailable` | The [maxUnavailable](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget) value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` | -| `nodeAffinity` | Value for the [node affinity settings](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature) | `{}` | -| `nodeSelector` | Configurable [nodeSelector](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) so that you can target specific nodes for your Logstash cluster | `{}` | -| `persistence.annotations` | Additional persistence annotations for the `volumeClaimTemplate` | `{}` | -| `persistence.enabled` | Enables a persistent volume for Logstash data | `false` | -| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Logstash pods | `{}` | -| `podManagementPolicy` | By default Kubernetes [deploys statefulsets serially](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies). This deploys them in parallel so that they can discover each other | `Parallel` | -| `podSecurityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000`
`runAsUser: 1000` | -| `podSecurityPolicy` | Configuration for create a pod security policy with minimal permissions to run this Helm chart with `create: true`. Also can be used to reference an external pod security policy with `name: "externalPodSecurityPolicy"` | `create: false`
`name: ""` | -| `priorityClassName` | The [name of the PriorityClass](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). No default is supplied as the PriorityClass must be created first. | `""` | -| `readinessProbe` | Configuration fields for the [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) | `failureThreshold: 3`
`initialDelaySeconds: 60`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` | -| `replicas` | Kubernetes replica count for the statefulset (i.e. how many pods) | `1` | -| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the statefulset | `requests.cpu: 100m`
`requests.memory: 1536Mi`
`limits.cpu: 1000m`
`limits.memory: 1536Mi` | -| `schedulerName` | Name of the [alternate scheduler](https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods) | `""` | -| `secretMounts` | Allows you easily mount a secret as a file inside the statefulset. Useful for mounting certificates and other secrets. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/logstash/values.yaml) for an example | `[]` | -| `securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the container | `capabilities.drop:[ALL]`
`runAsNonRoot: true`
`runAsUser: 1000` | -| `terminationGracePeriod` | The [terminationGracePeriod](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) in seconds used when trying to stop the pod | `120` | -| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| `updateStrategy` | The [updateStrategy](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) for the statefulset. By default Kubernetes will wait for the cluster to be green after upgrading each pod. Setting this to `OnDelete` will allow you to manually delete each pod during upgrades | `RollingUpdate` | -| `volumeClaimTemplate` | Configuration for the [volumeClaimTemplate for statefulsets](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-storage). You will want to adjust the storage (default `30Gi`) and the `storageClassName` if you are using a different storage class | `accessModes: [ "ReadWriteOnce" ]`
`resources.requests.storage: 1Gi` | -| `rbac` | Configuration for creating a role, role binding and service account as part of this helm chart with `create: true`. Also can be used to reference an external service account with `serviceAccountName: "externalServiceAccountName"`. | `create: false`
`serviceAccountName: ""` | -| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to "`.Release.Name`-`.Values.nameOverride or .Chart.Name`" | `""` | - -## Try it out - -In [examples/](https://github.com/elastic/helm-charts/tree/master/logstash/examples) you will find some example configurations. These examples are used for the automated testing of this helm chart - -### Default - -To deploy a cluster with all default values and run the integration tests +### Install development version from a branch -``` -cd examples/default -make -``` +* Clone the git repo: `git clone git@github.com:elastic/helm-charts.git` -### FAQ +* Checkout the branch : `git checkout 7.12` -#### How to install plugins? +* Install it: + - with Helm 3: `helm install logstash ./helm-charts/logstash --set imageTag=7.12.0-SNAPSHOT` + - with Helm 2 (deprecated): `helm install --name logstash ./helm-charts/logstash --set imageTag=7.12.0-SNAPSHOT` -The [recommended](https://www.elastic.co/guide/en/logstash/current/docker-config.html#_custom_images) way to install plugins into our docker images is to create a custom docker image. -The Dockerfile would look something like: - -``` -ARG logstash_version -FROM docker.elastic.co/logstash/logstash:${logstash_version} +## Upgrading -RUN bin/logstash-plugin install logstash-output-kafka -``` +Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before +upgrading to a new chart version. -And then updating the `image` in values to point to your custom image. -There are a couple reasons we recommend this. +## Usage notes -1. Tying the availability of Logstash to the download service to install plugins is not a great idea or something that we recommend. Especially in Kubernetes where it is normal and expected for a container to be moved to another host at random times. -2. Mutating the state of a running docker image (by installing plugins) goes against best practices of containers and immutable infrastructure. +* This repo includes a number of [examples][] configurations which can be used +as a reference. They are also used in the automated testing of this chart +* Automated testing of this chart is currently only run against GKE (Google +Kubernetes Engine). +* The chart deploys a StatefulSet and by default will do an automated rolling +update of your cluster. It does this by waiting for the cluster health to become +green after each instance is updated. If you prefer to update manually you can +set `OnDelete` [updateStrategy][]. +* It is important to verify that the JVM heap size in `logstashJavaOpts` and to +set the CPU/Memory `resources` to something suitable for your cluster. +* We have designed this chart to be very un-opinionated about how to configure +Logstash. It exposes ways to set environment variables and mount secrets inside +of the container. Doing this makes it much easier for this chart to support +multiple versions with minimal changes. +* `logstash.yml` configuration files can be set either by a ConfigMap using +`logstashConfig` in `values.yml` or by environment variables using `extraEnvs` +in `values.yml` , however Logstash Docker image can't mix both methods as +defining settings with environment variables causes `logstash.yml` to be +modified in place while using ConfigMap bind-mount the same file (more details +in this [note][]). +* When overriding `logstash.yml`, `http.host: 0.0.0.0` should always be included +to make default probes work. If restricting HTTP API to 127.0.0.1 is required by +using `http.host: 127.0.0.1`, default probes should be disabled or overrided +(see [values.yaml][] for the good syntax). +* An ingress is provided that can be used to expose the HTTP port. This can be +useful for the [http input plugin][], for instance. -## Testing -This chart uses [pytest](https://docs.pytest.org/en/latest/) to test the templating logic. The dependencies for testing can be installed from the [`requirements.txt`](https://github.com/elastic/helm-charts/tree/master/requirements.txt) in the parent directory. - -``` -pip install -r ../requirements.txt -make pytest -``` - -You can also use `helm template` to look at the YAML being generated +## Configuration -``` -make template -``` +| Parameter | Description | Default | +|---------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------| +| `antiAffinityTopologyKey` | The [anti-affinity][] topology key]. By default this will prevent multiple Logstash nodes from running on the same Kubernetes node | `kubernetes.io/hostname` | +| `antiAffinity` | Setting this to hard enforces the [anti-affinity][] rules. If it is set to soft it will be done "best effort". Other values will be ignored | `hard` | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | +| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `extraEnvs` | Extra [environment variables][] which will be appended to the `env:` definition for the container | `[]` | +| `extraInitContainers` | Templatable string of additional `initContainers` to be passed to the `tpl` function | `""` | +| `extraPorts` | An array of extra ports to open on the pod | `[]` | +| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function | `""` | +| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function | `""` | +| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` | +| `hostAliases` | Configurable [hostAliases][] | `[]` | +| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service | `9600` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The Logstash Docker image tag | `7.12.0-SNAPSHOT` | +| `image` | The Logstash Docker image | `docker.elastic.co/logstash/logstash` | +| `labels` | Configurable [labels][] applied to all Logstash pods | `{}` | +| `ingress` | Configurable [ingress][] for external access to Logstash HTTP port. | see [values.yaml][] | +| `lifecycle` | Allows you to add lifecycle configuration. See [values.yaml][] for an example of the formatting | `{}` | +| `livenessProbe` | Configuration fields for the liveness [probe][] | see [values.yaml][] | +| `logstashConfig` | Allows you to add any config files in `/usr/share/logstash/config/` such as `logstash.yml` and `log4j2.properties` See [values.yaml][] for an example of the formatting | `{}` | +| `logstashJavaOpts` | Java options for Logstash. This is where you should configure the JVM heap size | `-Xmx1g -Xms1g` | +| `logstashPipeline` | Allows you to add any pipeline files in `/usr/share/logstash/pipeline/` | `{}` | +| `logstashPatternDir` | Allows you to define a custom directory to store patten files | `/usr/share/logstash/patterns/` | +| `logstashPattern` | Allows you to add any pattern files in `logstashPatternDir` | `{}` | +| `maxUnavailable` | The [maxUnavailable][] value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` | +| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | +| `nodeAffinity` | Value for the [node affinity settings][] | `{}` | +| `nodeSelector` | Configurable [nodeSelector][] so that you can target specific nodes for your Logstash cluster | `{}` | +| `persistence` | Enables a persistent volume for Logstash data | see [values.yaml][] | +| `podAnnotations` | Configurable [annotations][] applied to all Logstash pods | `{}` | +| `podManagementPolicy` | By default Kubernetes [deploys StatefulSets serially][]. This deploys them in parallel so that they can discover each other | `Parallel` | +| `podSecurityContext` | Allows you to set the [securityContext][] for the pod | see [values.yaml][] | +| `podSecurityPolicy` | Configuration for create a pod security policy with minimal permissions to run this Helm chart with `create: true` Also can be used to reference an external pod security policy with `name: "externalPodSecurityPolicy"` | see [values.yaml][] | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | +| `rbac` | Configuration for creating a role, role binding and service account as part of this Helm chart with `create: true` Also can be used to reference an external service account with `serviceAccountName: "externalServiceAccountName"` | see [values.yaml][] | +| `readinessProbe` | Configuration fields for the readiness [probe][] | see [values.yaml][] | +| `replicas` | Kubernetes replica count for the StatefulSet (i.e. how many pods) | `1` | +| `resources` | Allows you to set the [resources][] for the StatefulSet | see [values.yaml][] | +| `schedulerName` | Name of the [alternate scheduler][] | `""` | +| `secrets` | Allows you easily create a secret from as variables or file. For add secrets from file, add suffix `.filepath` to the key of secret key. The value will be encoded to base64. Useful for store certificates and other secrets. | See [values.yaml][] | +| `secretMounts` | Allows you easily mount a secret as a file inside the StatefulSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `securityContext` | Allows you to set the [securityContext][] for the container | see [values.yaml][] | +| `service` | Configurable [service][] to expose the Logstash service. | see [values.yaml][] | +| `terminationGracePeriod` | The [terminationGracePeriod][] in seconds used when trying to stop the pod | `120` | +| `tolerations` | Configurable [tolerations][] | `[]` | +| `updateStrategy` | The [updateStrategy][] for the StatefulSet. By default Kubernetes will wait for the cluster to be green after upgrading each pod. Setting this to `OnDelete` will allow you to manually delete each pod during upgrades | `RollingUpdate` | +| `volumeClaimTemplate` | Configuration for the [volumeClaimTemplate for StatefulSets][]. You will want to adjust the storage (default `30Gi` ) and the `storageClassName` if you are using a different storage class | see [values.yaml][] | + + +## FAQ + +### How to install OSS version of Logstash? + +Deploying OSS version of Logstash can be done by setting `image` value to +[Logstash OSS Docker image][] + +An example of Logstash deployment using OSS version can be found in +[examples/oss][]. + +### How to install plugins? + +The recommended way to install plugins into our Docker images is to create a +[custom Docker image][]. -It is possible to run all of the tests and linting inside of a docker container +The Dockerfile would look something like: ``` -make test +ARG logstash_version +FROM docker.elastic.co/logstash/logstash:${logstash_version} +RUN bin/logstash-plugin install logstash-output-kafka ``` -## Integration Testing - -Integration tests are run using [goss](https://github.com/aelsabbahy/goss/blob/master/docs/manual.md) which is a serverspec like tool written in golang. See [goss.yaml](https://github.com/elastic/helm-charts/tree/master/logstash/examples/default/test/goss.yaml) for an example of what the tests look like. - -To run the goss tests against the default example: +And then updating the `image` in values to point to your custom image. -``` -cd examples/default -make goss -``` +There are a couple reasons we recommend this: + +1. Tying the availability of Logstash to the download service to install plugins +is not a great idea or something that we recommend. Especially in Kubernetes +where it is normal and expected for a container to be moved to another host at +random times. +2. Mutating the state of a running Docker image (by installing plugins) goes +against best practices of containers and immutable infrastructure. + + +## Contributing + +Please check [CONTRIBUTING.md][] before any contribution or for any questions +about our development and testing process. + +[7.x]: https://github.com/elastic/helm-charts/releases +[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/master/BREAKING_CHANGES.md +[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/master/CHANGELOG.md +[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md +[alternate scheduler]: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods +[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +[anti-affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +[deploys statefulsets serially]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies +[custom docker image]: https://www.elastic.co/guide/en/logstash/7.12/docker-config.html#_custom_images +[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config +[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +[examples]: https://github.com/elastic/helm-charts/tree/7.12/logstash/examples +[examples/oss]: https://github.com/elastic/helm-charts/tree/7.12/logstash/examples/oss +[helm]: https://helm.sh +[hostAliases]: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +[http input plugin]: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html +[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images +[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +[ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ +[kubernetes secrets]: https://kubernetes.io/docs/concepts/configuration/secret/ +[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +[logstash docker image]: https://www.elastic.co/guide/en/logstash/7.12/docker.html +[logstash oss docker image]: https://www.docker.elastic.co/r/logstash/logstash-oss +[maxUnavailable]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget +[node affinity settings]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature +[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +[note]: https://www.elastic.co/guide/en/logstash/7.12/docker-config.html#docker-env-config +[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ +[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +[updateStrategy]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ +[securityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +[service]: https://kubernetes.io/docs/concepts/services-networking/service/ +[supported configurations]: https://github.com/elastic/helm-charts/tree/7.12/README.md#supported-configurations +[terminationGracePeriod]: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[values.yaml]: https://github.com/elastic/helm-charts/tree/7.12/logstash/values.yaml +[volumeClaimTemplate for statefulsets]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-storage diff --git a/logstash/examples/6.x/Makefile b/logstash/examples/6.x/Makefile deleted file mode 100644 index b44d6b24d..000000000 --- a/logstash/examples/6.x/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -default: test - -include ../../../helpers/examples.mk - -RELEASE := helm-logstash-six - -install: - helm upgrade --wait --timeout=900 --install $(RELEASE) --values ./values.yaml ../../ - -restart: - helm upgrade --set terminationGracePeriod=121 --wait --timeout=900 --install $(RELEASE) --values ./values.yaml ../../ - -test: install goss - -purge: - helm del --purge $(RELEASE) diff --git a/logstash/examples/6.x/values.yaml b/logstash/examples/6.x/values.yaml deleted file mode 100644 index e5484ced7..000000000 --- a/logstash/examples/6.x/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -imageTag: "6.8.8" diff --git a/logstash/examples/default/Makefile b/logstash/examples/default/Makefile index 03d9592f1..03d77f816 100644 --- a/logstash/examples/default/Makefile +++ b/logstash/examples/default/Makefile @@ -3,14 +3,12 @@ default: test include ../../../helpers/examples.mk RELEASE := helm-logstash-default +TIMEOUT := 1200s install: - helm upgrade --wait --timeout=900 --install $(RELEASE) ../../ - -restart: - helm upgrade --set terminationGracePeriod=121 --wait --timeout=900 --install $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/logstash/examples/default/README.md b/logstash/examples/default/README.md new file mode 100644 index 000000000..c8821d378 --- /dev/null +++ b/logstash/examples/default/README.md @@ -0,0 +1,17 @@ +# Default + +This example deploy Logstash 7.12.0-SNAPSHOT using [default values][]. + + +## Usage + +* Deploy Logstash chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/logstash/examples/default/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/7.12/logstash/values.yaml diff --git a/logstash/examples/default/test/goss.yaml b/logstash/examples/default/test/goss.yaml index cca0e6378..dbe2fa2b9 100644 --- a/logstash/examples/default/test/goss.yaml +++ b/logstash/examples/default/test/goss.yaml @@ -9,10 +9,8 @@ http: status: 200 timeout: 2000 body: - - '"host" : "helm-logstash-default-logstash-0"' - - '"version" : "7.6.2"' + - '"version" : "7.12.0"' - '"http_address" : "0.0.0.0:9600"' - - '"name" : "helm-logstash-default-logstash-0"' - '"status" : "green"' - '"workers" : 1' - '"batch_size" : 125' @@ -35,9 +33,9 @@ file: group: root filetype: file contains: - - 'input {' - - 'beats {' - - 'port => 5044' - - 'output {' - - 'stdout {' - - 'codec => rubydebug' + - "input {" + - "beats {" + - "port => 5044" + - "output {" + - "stdout {" + - "codec => rubydebug" diff --git a/logstash/examples/elasticsearch/Makefile b/logstash/examples/elasticsearch/Makefile index f78c42f4e..6b914df90 100644 --- a/logstash/examples/elasticsearch/Makefile +++ b/logstash/examples/elasticsearch/Makefile @@ -3,15 +3,13 @@ default: test include ../../../helpers/examples.mk RELEASE := helm-logstash-elasticsearch +TIMEOUT := 1200s install: - helm upgrade --wait --timeout=900 --install $(RELEASE) --values ./values.yaml ../../ - -restart: - helm upgrade --set terminationGracePeriod=121 --wait --timeout=900 --install $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) kubectl delete $$(kubectl get pvc -l release=$(RELEASE) -o name) diff --git a/logstash/examples/elasticsearch/README.md b/logstash/examples/elasticsearch/README.md new file mode 100644 index 000000000..4b201e1a3 --- /dev/null +++ b/logstash/examples/elasticsearch/README.md @@ -0,0 +1,28 @@ +# Elasticsearch + +This example deploy Logstash 7.12.0-SNAPSHOT which connects to Elasticsearch (see +[values][]). + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Logstash chart: `make install` + +* You can now setup a port forward to query Logstash indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/default/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/logstash/examples/elasticsearch/test/goss.yaml +[values]: https://github.com/elastic/helm-charts/tree/7.12/logstash/examples/elasticsearch/values.yaml diff --git a/logstash/examples/elasticsearch/test/goss.yaml b/logstash/examples/elasticsearch/test/goss.yaml index 22954f6b0..5fa73dede 100644 --- a/logstash/examples/elasticsearch/test/goss.yaml +++ b/logstash/examples/elasticsearch/test/goss.yaml @@ -21,10 +21,8 @@ http: status: 200 timeout: 2000 body: - - '"host" : "helm-logstash-elasticsearch-logstash-0"' - - '"version" : "7.6.2"' + - '"version" : "7.12.0"' - '"http_address" : "0.0.0.0:9600"' - - '"name" : "helm-logstash-elasticsearch-logstash-0"' - '"status" : "green"' - '"workers" : 1' - '"batch_size" : 125' @@ -33,7 +31,7 @@ http: status: 200 timeout: 2000 body: - - 'logstash' + - "logstash" file: /usr/share/logstash/config/logstash.yml: @@ -43,8 +41,8 @@ file: group: logstash filetype: file contains: - - 'http.host: 0.0.0.0' - - 'xpack.monitoring.enabled: false' + - "http.host: 0.0.0.0" + - "xpack.monitoring.enabled: false" /usr/share/logstash/pipeline/uptime.conf: exists: true mode: "0644" diff --git a/logstash/examples/oss/Makefile b/logstash/examples/oss/Makefile index 856234431..8f96d8286 100644 --- a/logstash/examples/oss/Makefile +++ b/logstash/examples/oss/Makefile @@ -3,14 +3,12 @@ default: test include ../../../helpers/examples.mk RELEASE := helm-logstash-oss +TIMEOUT := 1200s install: - helm upgrade --wait --timeout=900 --install $(RELEASE) --values ./values.yaml ../../ - -restart: - helm upgrade --set terminationGracePeriod=121 --wait --timeout=900 --install $(RELEASE) ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test: install goss purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/logstash/examples/oss/README.md b/logstash/examples/oss/README.md new file mode 100644 index 000000000..257b1bacf --- /dev/null +++ b/logstash/examples/oss/README.md @@ -0,0 +1,17 @@ +# OSS + +This example deploy Logstash 7.12.0-SNAPSHOT using [Logstash OSS][] version. + + +## Usage + +* Deploy Logstash chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[logstash oss]: https://www.elastic.co/downloads/logstash-oss +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/logstash/examples/oss/test/goss.yaml diff --git a/logstash/examples/oss/test/goss.yaml b/logstash/examples/oss/test/goss.yaml index e3c26c2a7..cf00a7bea 100644 --- a/logstash/examples/oss/test/goss.yaml +++ b/logstash/examples/oss/test/goss.yaml @@ -9,10 +9,8 @@ http: status: 200 timeout: 2000 body: - - '"host" : "helm-logstash-oss-logstash-0"' - - '"version" : "7.6.2"' + - '"version" : "7.12.0"' - '"http_address" : "0.0.0.0:9600"' - - '"name" : "helm-logstash-oss-logstash-0"' - '"status" : "green"' - '"workers" : 1' - '"batch_size" : 125' diff --git a/logstash/examples/security/Makefile b/logstash/examples/security/Makefile new file mode 100644 index 000000000..d5bfcb2f8 --- /dev/null +++ b/logstash/examples/security/Makefile @@ -0,0 +1,15 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-logstash-security +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) + kubectl delete $$(kubectl get pvc -l release=$(RELEASE) -o name) diff --git a/logstash/examples/security/README.md b/logstash/examples/security/README.md new file mode 100644 index 000000000..0f9af83dd --- /dev/null +++ b/logstash/examples/security/README.md @@ -0,0 +1,28 @@ +# Security + +This example deploy Logstash 7.7.1 which connects to Elasticsearch using TLS +(see [values][]). + + +## Usage + +* Deploy [Elasticsearch Helm chart with security][]. + +* Deploy Logstash chart: `make install` + +* You can now setup a port forward to query Logstash indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart with security]: https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/security/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/logstash/examples/security/test/goss.yaml +[values]: https://github.com/elastic/helm-charts/tree/master/logstash/examples/security/values.yaml diff --git a/logstash/examples/security/test/goss.yaml b/logstash/examples/security/test/goss.yaml new file mode 100644 index 000000000..a3d1611ee --- /dev/null +++ b/logstash/examples/security/test/goss.yaml @@ -0,0 +1,62 @@ +mount: + /usr/share/logstash/data: + exists: true + /usr/share/logstash/config/logstash.yml: + exists: true + opts: + - ro + /usr/share/logstash/pipeline/uptime.conf: + exists: true + opts: + - ro + +user: + logstash: + exists: true + uid: 1000 + gid: 1000 + +http: + http://localhost:9600?pretty: + status: 200 + timeout: 2000 + body: + - '"version" : "7.12.0"' + - '"http_address" : "0.0.0.0:9600"' + - '"status" : "green"' + - '"workers" : 1' + - '"batch_size" : 125' + - '"batch_delay" : 50' + https://security-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - "logstash" + allow-insecure: true + username: "{{ .Env.ELASTICSEARCH_USERNAME }}" + password: "{{ .Env.ELASTICSEARCH_PASSWORD }}" + +file: + /usr/share/logstash/config/logstash.yml: + exists: true + mode: "0644" + owner: root + group: logstash + filetype: file + contains: + - "http.host: 0.0.0.0" + - "xpack.monitoring.enabled: true" + - 'xpack.monitoring.elasticsearch.hosts: ["https://security-master:9200"]' + - "xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certs/elastic-certificate.crt" + /usr/share/logstash/pipeline/uptime.conf: + exists: true + mode: "0644" + owner: root + group: logstash + filetype: file + contains: + - 'input { exec { command => "uptime" interval => 30 } }' + - "output { elasticsearch {" + - 'hosts => ["https://security-master:9200"]' + - 'cacert => "/usr/share/logstash/config/certs/elastic-certificate.crt"' + - 'index => "logstash"' diff --git a/logstash/examples/security/values.yaml b/logstash/examples/security/values.yaml new file mode 100644 index 000000000..1457d7865 --- /dev/null +++ b/logstash/examples/security/values.yaml @@ -0,0 +1,40 @@ +persistence: + enabled: true + +logstashConfig: + logstash.yml: | + http.host: 0.0.0.0 + xpack.monitoring.enabled: true + xpack.monitoring.elasticsearch.username: '${ELASTICSEARCH_USERNAME}' + xpack.monitoring.elasticsearch.password: '${ELASTICSEARCH_PASSWORD}' + xpack.monitoring.elasticsearch.hosts: ["https://security-master:9200"] + xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certs/elastic-certificate.crt + +logstashPipeline: + uptime.conf: | + input { exec { command => "uptime" interval => 30 } } + output { elasticsearch { + hosts => ["https://security-master:9200"] + cacert => "/usr/share/logstash/config/certs/elastic-certificate.crt" + user => '${ELASTICSEARCH_USERNAME}' + password => '${ELASTICSEARCH_PASSWORD}' + index => "logstash" + } + } + +secretMounts: + - name: elastic-certificate-crt + secretName: elastic-certificate-crt + path: /usr/share/logstash/config/certs + +extraEnvs: + - name: 'ELASTICSEARCH_USERNAME' + valueFrom: + secretKeyRef: + name: elastic-credentials + key: username + - name: 'ELASTICSEARCH_PASSWORD' + valueFrom: + secretKeyRef: + name: elastic-credentials + key: password diff --git a/logstash/examples/upgrade/Makefile b/logstash/examples/upgrade/Makefile new file mode 100644 index 000000000..e5ee63671 --- /dev/null +++ b/logstash/examples/upgrade/Makefile @@ -0,0 +1,16 @@ +default: test + +include ../../../helpers/examples.mk + +CHART := logstash +RELEASE := helm-logstash-upgrade +FROM := 7.9.0 # upgrade from version < 7.9.0 is failing due to headless service breaking change + +install: + ../../../helpers/upgrade.sh --chart $(CHART) --release $(RELEASE) --from $(FROM) + kubectl rollout status statefulset $(RELEASE)-logstash + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/logstash/examples/upgrade/README.md b/logstash/examples/upgrade/README.md new file mode 100644 index 000000000..c8986a070 --- /dev/null +++ b/logstash/examples/upgrade/README.md @@ -0,0 +1,19 @@ +# Upgrade + +This example will deploy Logstash chart using an old chart version, +then upgrade it. + + +## Usage + +* Add the Elastic Helm charts repo: `helm repo add elastic https://helm.elastic.co` + +* Deploy and upgrade Logstash chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test`. + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/logstash/examples/upgrade/test/goss.yaml diff --git a/logstash/examples/6.x/test/goss.yaml b/logstash/examples/upgrade/test/goss.yaml similarity index 59% rename from logstash/examples/6.x/test/goss.yaml rename to logstash/examples/upgrade/test/goss.yaml index 3bbfa1f59..dbe2fa2b9 100644 --- a/logstash/examples/6.x/test/goss.yaml +++ b/logstash/examples/upgrade/test/goss.yaml @@ -9,10 +9,12 @@ http: status: 200 timeout: 2000 body: - - '"host" : "helm-logstash-six-logstash-0"' - - '"version" : "6.8.8"' + - '"version" : "7.12.0"' - '"http_address" : "0.0.0.0:9600"' - - '"name" : "helm-logstash-six-logstash-0"' + - '"status" : "green"' + - '"workers" : 1' + - '"batch_size" : 125' + - '"batch_delay" : 50' file: /usr/share/logstash/config/logstash.yml: @@ -23,6 +25,7 @@ file: filetype: file contains: - 'http.host: "0.0.0.0"' + - 'xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]' /usr/share/logstash/pipeline/logstash.conf: exists: true mode: "0644" @@ -30,9 +33,9 @@ file: group: root filetype: file contains: - - 'input {' - - 'beats {' - - 'port => 5044' - - 'output {' - - 'stdout {' - - 'codec => rubydebug' + - "input {" + - "beats {" + - "port => 5044" + - "output {" + - "stdout {" + - "codec => rubydebug" diff --git a/logstash/examples/upgrade/values.yaml b/logstash/examples/upgrade/values.yaml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/logstash/examples/upgrade/values.yaml @@ -0,0 +1 @@ +--- diff --git a/logstash/templates/_helpers.tpl b/logstash/templates/_helpers.tpl index 162a3ee08..82aad6075 100755 --- a/logstash/templates/_helpers.tpl +++ b/logstash/templates/_helpers.tpl @@ -18,14 +18,3 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "logstash.statefulset.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} diff --git a/logstash/templates/configmap-config.yaml b/logstash/templates/configmap-config.yaml index e69d524d0..638038435 100644 --- a/logstash/templates/configmap-config.yaml +++ b/logstash/templates/configmap-config.yaml @@ -12,6 +12,6 @@ metadata: data: {{- range $path, $config := .Values.logstashConfig }} {{ $path }}: | -{{ $config | indent 4 -}} +{{ tpl $config $ | indent 4 -}} {{- end -}} {{- end -}} diff --git a/logstash/templates/configmap-pattern.yaml b/logstash/templates/configmap-pattern.yaml new file mode 100644 index 000000000..0eb58593d --- /dev/null +++ b/logstash/templates/configmap-pattern.yaml @@ -0,0 +1,17 @@ +{{- if .Values.logstashPattern }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "logstash.fullname" . }}-pattern + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.logstashPattern }} + {{ $path }}: | +{{ tpl $config $ | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/logstash/templates/configmap-pipeline.yaml b/logstash/templates/configmap-pipeline.yaml index 5ce180ff7..2a92bd4a1 100644 --- a/logstash/templates/configmap-pipeline.yaml +++ b/logstash/templates/configmap-pipeline.yaml @@ -12,6 +12,6 @@ metadata: data: {{- range $path, $config := .Values.logstashPipeline }} {{ $path }}: | -{{ $config | indent 4 -}} +{{ tpl $config $ | indent 4 -}} {{- end -}} {{- end -}} diff --git a/logstash/templates/ingress.yaml b/logstash/templates/ingress.yaml new file mode 100644 index 000000000..a4aeb145e --- /dev/null +++ b/logstash/templates/ingress.yaml @@ -0,0 +1,33 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "logstash.fullname" . -}} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ $fullName | quote}} + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} +{{- end }} + rules: + {{- range $.Values.ingress.hosts }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ .servicePort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/logstash/templates/secret.yaml b/logstash/templates/secret.yaml new file mode 100644 index 000000000..0abf78650 --- /dev/null +++ b/logstash/templates/secret.yaml @@ -0,0 +1,27 @@ +{{- if .Values.secrets }} +{{- $fullName := include "logstash.fullname" . -}} +{{- range .Values.secrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-%s" $fullName .name | quote }} + labels: + app: {{ $fullName | quote }} + chart: {{ $.Chart.Name | quote }} + heritage: {{ $.Release.Service | quote }} + release: {{ $.Release.Name | quote }} + {{- range $key, $value := $.Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +data: +{{- range $key, $val := .value }} + {{- if hasSuffix "filepath" $key }} + {{ $key | replace ".filepath" "" }}: {{ $.Files.Get $val | b64enc | quote }} + {{ else }} + {{ $key }}: {{ $val | b64enc | quote }} + {{- end }} +{{- end }} +type: Opaque +{{- end }} +{{- end }} \ No newline at end of file diff --git a/logstash/templates/service-headless.yaml b/logstash/templates/service-headless.yaml new file mode 100644 index 000000000..47148dfb0 --- /dev/null +++ b/logstash/templates/service-headless.yaml @@ -0,0 +1,20 @@ +--- +kind: Service +apiVersion: v1 +metadata: + name: "{{ template "logstash.fullname" . }}-headless" + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: + clusterIP: None + selector: + app: "{{ template "logstash.fullname" . }}" + ports: + - name: http + port: {{ .Values.httpPort }} diff --git a/logstash/templates/service.yaml b/logstash/templates/service.yaml index 6cbca1ee4..6540c8c61 100644 --- a/logstash/templates/service.yaml +++ b/logstash/templates/service.yaml @@ -16,7 +16,6 @@ spec: selector: app: "{{ template "logstash.fullname" . }}" chart: "{{ .Chart.Name }}" - heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} ports: {{ toYaml .Values.service.ports | indent 4 }} diff --git a/logstash/templates/serviceaccount.yaml b/logstash/templates/serviceaccount.yaml index 8302d1403..bb72735b6 100644 --- a/logstash/templates/serviceaccount.yaml +++ b/logstash/templates/serviceaccount.yaml @@ -8,9 +8,19 @@ metadata: {{- else }} name: {{ .Values.rbac.serviceAccountName | quote }} {{- end }} + annotations: + {{- with .Values.rbac.serviceAccountAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} labels: app: "{{ template "logstash.fullname" . }}" chart: "{{ .Chart.Name }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} + {{- if .Values.rbac.annotations }} + annotations: + {{- range $key, $value := .Values.rbac.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} {{- end -}} diff --git a/logstash/templates/statefulset.yaml b/logstash/templates/statefulset.yaml index 6c9838d3a..de511c03f 100644 --- a/logstash/templates/statefulset.yaml +++ b/logstash/templates/statefulset.yaml @@ -1,5 +1,5 @@ --- -apiVersion: {{ template "logstash.statefulset.apiVersion" . }} +apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "logstash.fullname" . }} @@ -12,9 +12,7 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{- if .Values.service }} - serviceName: {{ template "logstash.fullname" . }} - {{- end }} + serviceName: {{ template "logstash.fullname" . }}-headless selector: matchLabels: app: "{{ template "logstash.fullname" . }}" @@ -49,14 +47,20 @@ spec: {{- range $key, $value := .Values.podAnnotations }} {{ $key }}: {{ $value | quote }} {{- end }} - {{/* This forces a restart if the configmap has changed */}} + {{- /* This forces a restart if the configmap has changed */}} {{- if .Values.logstashConfig }} configchecksum: {{ include (print .Template.BasePath "/configmap-config.yaml") . | sha256sum | trunc 63 }} {{- end }} - {{/* This forces a restart if the configmap has changed */}} + {{- /* This forces a restart if the configmap has changed */}} {{- if .Values.logstashPipeline }} pipelinechecksum: {{ include (print .Template.BasePath "/configmap-pipeline.yaml") . | sha256sum | trunc 63 }} {{- end }} + {{- if .Values.logstashPattern }} + patternchecksum: {{ include (print .Template.BasePath "/configmap-pattern.yaml") . | sha256sum | trunc 63 }} + {{- end }} + {{- if .Values.secrets }} + secretschecksum: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum | trunc 63 }} + {{- end }} spec: {{- if .Values.schedulerName }} schedulerName: "{{ .Values.schedulerName }}" @@ -126,12 +130,20 @@ spec: configMap: name: {{ template "logstash.fullname" . }}-pipeline {{- end }} + {{- if .Values.logstashPattern }} + - name: logstashpattern + configMap: + name: {{ template "logstash.fullname" . }}-pattern + {{- end }} {{- if .Values.extraVolumes }} {{ tpl .Values.extraVolumes . | indent 8 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end}} + {{- if .Values.hostAliases }} + hostAliases: {{ toYaml .Values.hostAliases | nindent 6 }} {{- end }} {{- if .Values.extraInitContainers }} initContainers: @@ -151,7 +163,7 @@ spec: - name: http containerPort: {{ .Values.httpPort }} {{- if .Values.extraPorts }} - {{- toYaml .Values.extraPorts | nindent 8 }} + {{- toYaml .Values.extraPorts | nindent 8 }} {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} @@ -160,6 +172,10 @@ spec: value: "{{ .Values.logstashJavaOpts }}" {{- if .Values.extraEnvs }} {{ toYaml .Values.extraEnvs | indent 10 }} +{{- end }} +{{- if .Values.envFrom }} + envFrom: +{{ toYaml .Values.envFrom | indent 10 }} {{- end }} volumeMounts: {{- if .Values.persistence.enabled }} @@ -183,6 +199,14 @@ spec: mountPath: /usr/share/logstash/pipeline/{{ $path }} subPath: {{ $path }} {{- end -}} + {{- if .Values.logstashPattern }} + {{- $logstashPatternDir := .Values.logstashPatternDir -}} + {{- range $path, $config := .Values.logstashPattern }} + - name: logstashpattern + mountPath: {{ $logstashPatternDir }}{{ $path }} + subPath: {{ $path }} + {{- end -}} + {{- end -}} {{- if .Values.extraVolumeMounts }} {{ tpl .Values.extraVolumeMounts . | indent 10 }} {{- end }} diff --git a/logstash/tests/logstash_test.py b/logstash/tests/logstash_test.py index ed798a496..6c76501cb 100755 --- a/logstash/tests/logstash_test.py +++ b/logstash/tests/logstash_test.py @@ -1,10 +1,9 @@ +import base64 import os import sys sys.path.insert(1, os.path.join(sys.path[0], "../../helpers")) from helpers import helm_template -import yaml - name = "release-name-logstash" @@ -78,8 +77,9 @@ def test_defaults(): ) # Service - assert "serviceName" not in r["statefulset"][name]["spec"] - assert "service" not in r + assert r["statefulset"][name]["spec"]["serviceName"] == name + "-headless" + assert name + "-headless" in r["service"] + assert r["service"][name + "-headless"]["spec"]["ports"][0]["port"] == 9600 # Other assert r["statefulset"][name]["spec"]["template"]["spec"]["securityContext"] == { @@ -100,6 +100,7 @@ def test_defaults(): assert "imagePullSecrets" not in r["statefulset"][name]["spec"]["template"]["spec"] assert "tolerations" not in r["statefulset"][name]["spec"]["template"]["spec"] assert "nodeSelector" not in r["statefulset"][name]["spec"]["template"]["spec"] + assert "hostAliases" not in r["statefulset"][name]["spec"]["template"]["spec"] def test_increasing_the_replicas(): @@ -141,6 +142,19 @@ def test_adding_extra_env_vars(): assert {"name": "hello", "value": "world"} in env +def test_adding_env_from(): + config = """ +envFrom: +- secretRef: + name: secret-name +""" + r = helm_template(config) + secretRef = r["statefulset"][name]["spec"]["template"]["spec"]["containers"][0][ + "envFrom" + ][0]["secretRef"] + assert secretRef == {"name": "secret-name"} + + def test_adding_a_extra_volume_with_volume_mount(): config = """ extraVolumes: | @@ -221,7 +235,7 @@ def test_adding_persistence(): assert c["volumeMounts"][0]["mountPath"] == "/usr/share/logstash/data" assert c["volumeMounts"][0]["name"] == name - v = r["statefulset"]["release-name-logstash"]["spec"]["volumeClaimTemplates"][0] + v = r["statefulset"][name]["spec"]["volumeClaimTemplates"][0] assert v["metadata"]["name"] == name assert v["spec"]["accessModes"] == ["ReadWriteOnce"] assert v["spec"]["resources"]["requests"]["storage"] == "1Gi" @@ -293,6 +307,155 @@ def test_adding_a_secret_mount_with_subpath(): } +def test_adding_a_secret(): + content = "LS1CRUdJTiBgUFJJVkFURSB" + config = """ +secrets: + - name: "env" + value: + ELASTICSEARCH_PASSWORD: {elk_pass} +""".format( + elk_pass=content + ) + content_b64 = base64.b64encode(content.encode("ascii")).decode("ascii") + + r = helm_template(config) + secret_name = name + "-env" + s = r["secret"][secret_name] + assert s["metadata"]["labels"]["app"] == name + assert len(r["secret"]) == 1 + assert len(s["data"]) == 1 + assert s["data"] == {"ELASTICSEARCH_PASSWORD": content_b64} + assert ( + "secretschecksum" + in r["statefulset"][name]["spec"]["template"]["metadata"]["annotations"] + ) + + +def test_adding_secret_from_file(): + content = """ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEApCt3ychnqZHsS +DylPFZn55xDaDcWco1oNFdBGzFjw+ +zkuMFMOv7ab+yOFwHeEeAAEkEgy1u +Da1vIscBs1K0kbEFRSqySLuNHWiJp +wK2cI/gJc+S9Qd9Qsn0XGjmjQ6P2p +ot2hvCOtnei998OmDSYORKBq2jiv/ +-----END RSA PRIVATE KEY----- +""" + config = """ +secrets: + - name: "tls" + value: + cert.key.filepath: "secrets/private.key" +""" + content_b64 = base64.b64encode(content.encode("ascii")).decode("ascii") + work_dir = os.path.join(os.path.abspath(os.getcwd()), "secrets") + filename = os.path.join(work_dir, "private.key") + os.makedirs(os.path.dirname(filename), exist_ok=True) + with open(filename, "w") as f: + f.write(content) + + with open(filename, "r") as f: + data = f.read() + assert data == content + + r = helm_template(config) + secret_name = name + "-tls" + s = r["secret"][secret_name] + assert s["metadata"]["labels"]["app"] == name + assert len(r["secret"]) == 1 + assert len(s["data"]) == 1 + assert s["data"] == { + "cert.key": content_b64, + } + + os.remove(filename) + os.rmdir(work_dir) + + +def test_adding_multiple_data_secret(): + content = { + "elk_pass": "LS1CRUdJTiBgUFJJVkFURSB", + "api_key": "ui2CsdUadTiBasRJRkl9tvNnw", + } + config = """ +secrets: + - name: "env" + value: + ELASTICSEARCH_PASSWORD: {elk_pass} + api_key: {api_key} +""".format( + elk_pass=content["elk_pass"], api_key=content["api_key"] + ) + content_b64 = { + "elk_pass": base64.b64encode(content["elk_pass"].encode("ascii")).decode( + "ascii" + ), + "api_key": base64.b64encode(content["api_key"].encode("ascii")).decode("ascii"), + } + + r = helm_template(config) + secret_name = name + "-env" + s = r["secret"][secret_name] + assert s["metadata"]["labels"]["app"] == name + assert len(r["secret"]) == 1 + assert len(s["data"]) == 2 + assert s["data"] == { + "ELASTICSEARCH_PASSWORD": content_b64["elk_pass"], + "api_key": content_b64["api_key"], + } + + +def test_adding_multiple_secrets(): + content = { + "elk_pass": "LS1CRUdJTiBgUFJJVkFURSB", + "cert_crt": "LS0tLS1CRUdJTiBlRJRALKJDDQVRFLS0tLS0K", + "cert_key": "LS0tLS1CRUdJTiBgUFJJVkFURSBLRVktLS0tLQo", + } + config = """ +secrets: + - name: "env" + value: + ELASTICSEARCH_PASSWORD: {elk_pass} + - name: "tls" + value: + cert.crt: {cert_crt} + cert.key: {cert_key} + +""".format( + elk_pass=content["elk_pass"], + cert_crt=content["cert_crt"], + cert_key=content["cert_key"], + ) + content_b64 = { + "elk_pass": base64.b64encode(content["elk_pass"].encode("ascii")).decode( + "ascii" + ), + "cert_crt": base64.b64encode(content["cert_crt"].encode("ascii")).decode( + "ascii" + ), + "cert_key": base64.b64encode(content["cert_key"].encode("ascii")).decode( + "ascii" + ), + } + + r = helm_template(config) + secret_names = {"env": name + "-env", "tls": name + "-tls"} + s_env = r["secret"][secret_names["env"]] + s_tls = r["secret"][secret_names["tls"]] + assert len(r["secret"]) == 2 + assert len(s_env["data"]) == 1 + assert s_env["data"] == { + "ELASTICSEARCH_PASSWORD": content_b64["elk_pass"], + } + assert len(s_tls["data"]) == 2 + assert s_tls["data"] == { + "cert.crt": content_b64["cert_crt"], + "cert.key": content_b64["cert_key"], + } + + def test_adding_image_pull_secrets(): config = """ imagePullSecrets: @@ -337,6 +500,22 @@ def test_adding_pod_annotations(): ) +def test_adding_serviceaccount_annotations(): + config = """ +rbac: + create: true + serviceAccountAnnotations: + eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount +""" + r = helm_template(config) + assert ( + r["serviceaccount"][name]["metadata"]["annotations"][ + "eks.amazonaws.com/role-arn" + ] + == "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount" + ) + + def test_adding_a_node_selector(): config = """ nodeSelector: @@ -362,9 +541,9 @@ def test_adding_a_node_affinity(): - myvalue """ r = helm_template(config) - assert r["statefulset"]["release-name-logstash"]["spec"]["template"]["spec"][ - "affinity" - ]["nodeAffinity"] == { + assert r["statefulset"][name]["spec"]["template"]["spec"]["affinity"][ + "nodeAffinity" + ] == { "preferredDuringSchedulingIgnoredDuringExecution": [ { "weight": 100, @@ -402,10 +581,9 @@ def test_adding_in_logstash_config(): s = r["statefulset"][name]["spec"]["template"]["spec"] - assert { - "configMap": {"name": "release-name-logstash-config"}, - "name": "logstashconfig", - } in s["volumes"] + assert {"configMap": {"name": name + "-config"}, "name": "logstashconfig",} in s[ + "volumes" + ] assert { "mountPath": "/usr/share/logstash/config/logstash.yml", "name": "logstashconfig", @@ -444,6 +622,25 @@ def test_adding_in_pipeline(): ) +def test_adding_in_pattern(): + config = """ +logstashPattern: + pattern.conf: | + DPKG_VERSION [-+~<>\.0-9a-zA-Z]+ +""" + r = helm_template(config) + c = r["configmap"][name + "-pattern"]["data"] + + assert "pattern.conf" in c + + assert "DPKG_VERSION [-+~<>\.0-9a-zA-Z]+" in c["pattern.conf"] + + assert ( + "patternchecksum" + in r["statefulset"][name]["spec"]["template"]["metadata"]["annotations"] + ) + + def test_priority_class_name(): config = """ priorityClassName: "" @@ -583,6 +780,8 @@ def test_pod_security_policy(): rbac: create: true serviceAccountName: "" + annotations: + "eks.amazonaws.com/role-arn": "test-rbac-annotations" podSecurityPolicy: create: true @@ -609,7 +808,7 @@ def test_pod_security_policy(): r["statefulset"][name]["spec"]["template"]["spec"]["serviceAccountName"] == name ) psp_spec = r["podsecuritypolicy"][name]["spec"] - assert psp_spec["privileged"] is True + assert psp_spec["privileged"] is False def test_external_pod_security_policy(): @@ -698,3 +897,41 @@ def test_setting_fullnameOverride(): ] == "logstash" ) + + +def test_adding_an_ingress(): + config = """ +ingress: + enabled: true + annotations: {} + hosts: + - host: logstash.local + paths: + - path: /logs + servicePort: 8080 +""" + r = helm_template(config) + s = r["ingress"][name] + assert s["metadata"]["name"] == name + assert len(s["spec"]["rules"]) == 1 + assert s["spec"]["rules"][0] == { + "host": "logstash.local", + "http": { + "paths": [ + {"path": "/logs", "backend": {"serviceName": name, "servicePort": 8080}} + ] + }, + } + + +def test_hostaliases(): + config = """ +hostAliases: +- ip: "127.0.0.1" + hostnames: + - "foo.local" + - "bar.local" +""" + r = helm_template(config) + hostAliases = r["statefulset"][name]["spec"]["template"]["spec"]["hostAliases"] + assert {"ip": "127.0.0.1", "hostnames": ["foo.local", "bar.local"]} in hostAliases diff --git a/logstash/values.yaml b/logstash/values.yaml index 412252510..b2028be6c 100755 --- a/logstash/values.yaml +++ b/logstash/values.yaml @@ -3,6 +3,9 @@ replicas: 1 # Allows you to add any config files in /usr/share/logstash/config/ # such as logstash.yml and log4j2.properties +# +# Note that when overriding logstash.yml, `http.host: 0.0.0.0` should always be included +# to make default probes work. logstashConfig: {} # logstash.yml: | # key: @@ -22,6 +25,12 @@ logstashPipeline: {} # } # output { stdout { } } +# Allows you to add any pattern files in your custom pattern dir +logstashPatternDir: "/usr/share/logstash/patterns/" +logstashPattern: {} +# pattern.conf: | +# DPKG_VERSION [-+~<>\.0-9a-zA-Z]+ + # Extra environment variables to append to this nodeGroup # This will be appended to the current 'env:' key. You can use any of the kubernetes env # syntax here @@ -29,11 +38,41 @@ extraEnvs: [] # - name: MY_ENVIRONMENT_VAR # value: the_value_goes_here +# Allows you to load environment variables from kubernetes secret or config map +envFrom: [] +# - secretRef: +# name: env-secret +# - configMapRef: +# name: config-map + +# Add sensitive data to k8s secrets +secrets: [] +# - name: "env" +# value: +# ELASTICSEARCH_PASSWORD: "LS1CRUdJTiBgUFJJVkFURSB" +# api_key: ui2CsdUadTiBasRJRkl9tvNnw +# - name: "tls" +# value: +# ca.crt: | +# LS0tLS1CRUdJT0K +# LS0tLS1CRUdJT0K +# LS0tLS1CRUdJT0K +# LS0tLS1CRUdJT0K +# cert.crt: "LS0tLS1CRUdJTiBlRJRklDQVRFLS0tLS0K" +# cert.key.filepath: "secrets.crt" # The path to file should be relative to the `values.yaml` file. + + # A list of secrets and their paths to mount inside the pod secretMounts: [] +hostAliases: [] +#- ip: "127.0.0.1" +# hostnames: +# - "foo.local" +# - "bar.local" + image: "docker.elastic.co/logstash/logstash" -imageTag: "7.6.2" +imageTag: "7.12.0-SNAPSHOT" imagePullPolicy: "IfNotPresent" imagePullSecrets: [] @@ -60,13 +99,18 @@ volumeClaimTemplate: rbac: create: false + serviceAccountAnnotations: {} serviceAccountName: "" + annotations: {} + #annotation1: "value1" + #annotation2: "value2" + #annotation3: "value3" podSecurityPolicy: create: false name: "" spec: - privileged: true + privileged: false fsGroup: rule: RunAsAny runAsUser: @@ -152,6 +196,21 @@ securityContext: # How long to wait for logstash to stop gracefully terminationGracePeriod: 120 +# Probes +# Default probes are using `httpGet` which requires that `http.host: 0.0.0.0` is part of +# `logstash.yml`. If needed probes can be disabled or overrided using the following syntaxes: +# +# disable livenessProbe +# livenessProbe: null +# +# replace httpGet default readinessProbe by some exec probe +# readinessProbe: +# httpGet: null +# exec: +# command: +# - curl +# - localhost:9600 + livenessProbe: httpGet: path: / @@ -203,3 +262,13 @@ service: {} # port: 8080 # protocol: TCP # targetPort: 8080 + +ingress: + enabled: false +# annotations: {} +# hosts: +# - host: logstash.local +# paths: +# - path: /logs +# servicePort: 8080 +# tls: [] diff --git a/metricbeat/Chart.yaml b/metricbeat/Chart.yaml index b564a48c1..2bfa23c68 100755 --- a/metricbeat/Chart.yaml +++ b/metricbeat/Chart.yaml @@ -5,8 +5,8 @@ maintainers: - email: helm-charts@elastic.co name: Elastic name: metricbeat -version: 7.6.2 -appVersion: 7.6.2 +version: 7.12.0-SNAPSHOT +appVersion: 7.12.0-SNAPSHOT sources: - https://github.com/elastic/beats icon: https://helm.elastic.co/icons/beats.png diff --git a/metricbeat/README.md b/metricbeat/README.md index bf804138f..57de823e4 100644 --- a/metricbeat/README.md +++ b/metricbeat/README.md @@ -1,148 +1,260 @@ # Metricbeat Helm Chart -This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. +[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+master.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/elastic)](https://artifacthub.io/packages/search?repo=elastic) -This helm chart is a lightweight way to configure and run our official [Metricbeat docker image](https://www.elastic.co/guide/en/beats/metricbeat/current/running-on-docker.html). +This Helm chart is a lightweight way to configure and run our official +[Metricbeat Docker image][]. -## Breaking Changes + +**Warning**: This branch is used for development, please use the latest [7.x][] release for released version. -[7.5.1](https://github.com/elastic/helm-charts/releases/tag/7.5.1) release is introducing a breaking change for Metricbeat users upgrading from a previous chart version. -The breaking change tracked in [#395](https://github.com/elastic/helm-charts/issues/395) is failing `helm upgrade` command with the following error: -``` -UPGRADE FAILED -Error: Deployment.apps "metricbeat-kube-state-metrics" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/name":"kube-state-metrics"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable && Deployment.apps "metricbeat-metricbeat-metrics" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app":"metricbeat-metricbeat-metrics", "chart":"metricbeat-7.5.1", "heritage":"Tiller", "release":"metricbeat"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable -Error: UPGRADE FAILED: Deployment.apps "metricbeat-kube-state-metrics" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/name":"kube-state-metrics"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable && Deployment.apps "metricbeat-metricbeat-metrics" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app":"metricbeat-metricbeat-metrics", "chart":"metricbeat-7.5.1", "heritage":"Tiller", "release":"metricbeat"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable -``` + + -This is caused by the update of [kube-state-metrics](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) chart dependency which is renaming some labels in [helm/charts#15261](https://github.com/helm/charts/pull/15261). -The workaround is to use `--force` argument for `helm upgrade` command which will force Metricbeat resources update through delete/recreate. +- [Requirements](#requirements) +- [Installing](#installing) + - [Install released version using Helm repository](#install-released-version-using-helm-repository) + - [Install development version from a branch](#install-development-version-from-a-branch) +- [Upgrading](#upgrading) +- [Usage notes](#usage-notes) +- [Configuration](#configuration) + - [Deprecated](#deprecated) +- [FAQ](#faq) + - [How to use Metricbeat with Elasticsearch with security (authentication and TLS) enabled?](#how-to-use-metricbeat-with-elasticsearch-with-security-authentication-and-tls-enabled) + - [How to install OSS version of Metricbeat?](#how-to-install-oss-version-of-metricbeat) + - [How to use Kubelet read-only port instead of secure port?](#how-to-use-kubelet-read-only-port-instead-of-secure-port) + - [Why is Metricbeat host.name field set to Kubernetes pod name?](#why-is-metricbeat-hostname-field-set-to-kubernetes-pod-name) +- [Contributing](#contributing) + + + + + ## Requirements -* [Helm](https://helm.sh/) >=2.8.0 and <3.0.0 (see parent [README](https://github.com/elastic/helm-charts/tree/master/README.md) for more details) -* Kubernetes >=1.9 +* Kubernetes >= 1.14 +* [Helm][] >= 2.17.0 + +See [supported configurations][] for more details. ## Installing -### Using Helm repository +This chart is tested with the latest 7.12.0-SNAPSHOT version. + +### Install released version using Helm repository -* Add the elastic helm charts repo - ``` - helm repo add elastic https://helm.elastic.co - ``` -* Install it - ``` - helm install --name metricbeat elastic/metricbeat - ``` +* Add the Elastic Helm charts repo: +`helm repo add elastic https://helm.elastic.co` -### Using master branch +* Install it: + - Add the Elastic Helm charts repo (required for kube-state-metrics chart dependency): `helm repo add stable https://charts.helm.sh/stable` + - with Helm 3: `helm install metricbeat --version elastic/metricbeat` + - with Helm 2 (deprecated): `helm install --name metricbeat --version elastic/metricbeat` -* Clone the git repo - ``` - git clone git@github.com:elastic/helm-charts.git - ``` -* Install it - ``` - helm install --name metricbeat ./helm-charts/metricbeat - ``` +### Install development version from a branch -## Compatibility +* Clone the git repo: `git clone git@github.com:elastic/helm-charts.git` -This chart is tested with the latest supported versions. The currently tested versions are: +* Checkout the branch : `git checkout 7.12` -| 6.x | 7.x | -| ----- | ----- | -| 6.8.8 | 7.6.2 | +* Install it: + - with Helm 3: `helm install metricbeat ./helm-charts/metricbeat --set imageTag=7.12.0-SNAPSHOT` + - with Helm 2 (deprecated): `helm install --name metricbeat ./helm-charts/metricbeat --set imageTag=7.12.0-SNAPSHOT` -Examples of installing older major versions can be found in the [examples](https://github.com/elastic/helm-charts/tree/master/metricbeat/examples) directory. -While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.6.2` of metricbeat it would look like this: +## Upgrading -``` -helm install --name metricbeat elastic/metricbeat --set imageTag=7.6.2 -``` +Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before +upgrading to a new chart version. + + +## Usage notes + +* The default Metricbeat configuration file for this chart is configured to use +an Elasticsearch endpoint. Without any additional changes, Metricbeat will send +documents to the service URL that the Elasticsearch Helm chart sets up by +default. You may either set the `ELASTICSEARCH_HOSTS` environment variable in +`extraEnvs` to override this endpoint or modify the default `metricbeatConfig` +to change this behavior. +* This chart disables the [HostNetwork][] setting by default for compatibility +reasons with the majority of kubernetes providers and scenarios. Some kubernetes +providers may not allow enabling `hostNetwork` and deploying multiple Metricbeat +pods on the same node isn't possible with `hostNetwork` However Metricbeat does +recommend activating it. If your kubernetes provider is compatible with +`hostNetwork` and you don't need to run multiple Metricbeat DaemonSets, you can +activate it by setting `hostNetworking: true` in [values.yaml][]. +* This repo includes a number of [examples][] configurations which can be used +as a reference. They are also used in the automated testing of this chart. ## Configuration -| Parameter | Description | Default | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------- | -| `metricbeatConfig` | Allows you to add any config files in `/usr/share/metricbeat` such as `metricbeat.yml`. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/metricbeat/values.yaml) for an example of the formatting with the default configuration. | see [values.yaml](https://github.com/elastic/helm-charts/tree/master/metricbeat/values.yaml) | -| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | -| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | -| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` | -| `extraVolumeMounts` | Templatable string of additional volumeMounts to be passed to the `tpl` function | `""` | -| `extraVolumes` | Templatable string of additional volumes to be passed to the `tpl` function | `""` | -| `envFrom` | Templatable string of envFrom to be passed to the [environment from variables](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables) which will be appended to the `envFrom:` definition for the container | `[]` | -| `hostPathRoot` | Fully-qualified [hostPath](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) that will be used to persist Metricbeat registry data | `/var/lib` | -| `image` | The Metricbeat docker image | `docker.elastic.co/beats/metricbeat` | -| `imageTag` | The Metricbeat docker image tag | `7.6.2` | -| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` | -| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` | -| `labels` | Configurable [label](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) applied to all Metricbeat pods | `{}` | -| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles. | `true` | -| `clusterRoleRules` | Configurable [cluster role rules](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) that Metricbeat uses to access Kubernetes resources. | see [values.yaml](https://github.com/elastic/helm-charts/tree/master/metricbeat/values.yaml) | -| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Metricbeat pods | `{}` | -| `podSecurityContext` | Configurable [podSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for Metricbeat pod execution environment | `runAsUser: 0`
`privileged: false` | -| `livenessProbe` | Parameters to pass to [liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) checks for values such as timeouts and thresholds. | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` | -| `readinessProbe` | Parameters to pass to [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) checks for values such as timeouts and thresholds. | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` | -| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the `DaemonSet` | `requests.cpu: 100m`
`requests.memory: 100Mi`
`limits.cpu: 1000m`
`limits.memory: 200Mi` | -| `serviceAccount` | Custom [serviceAccount](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) that Metricbeat will use during execution. By default will use the service account created by this chart. | `""` | -| `secretMounts` | Allows you easily mount a secret as a file inside the `DaemonSet`. Useful for mounting certificates and other secrets. See [values.yaml](https://github.com/elastic/helm-charts/tree/master/metricbeat/values.yaml) for an example | `[]` | -| `terminationGracePeriod` | Termination period (in seconds) to wait before killing Metricbeat pod process on pod shutdown | `30` | -| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| `nodeSelector` | Configurable [nodeSelector](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) | `{}` | -| `affinity` | Configurable [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | `{}` | -| `updateStrategy` | The [updateStrategy](https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy) for the `DaemonSet`. By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually. | `RollingUpdate` | -| `priorityClassName` | The [name of the PriorityClass](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). No default is supplied as the PriorityClass must be created first. | `""` | -| `replicas` | The replica count for the metricbeat deployment talking to kube-state-metrics | `1` | -| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to "`.Release.Name`-`.Values.nameOverride or .Chart.Name`" | `""` | - -## Examples - -In [examples/](https://github.com/elastic/helm-charts/tree/master/metricbeat/examples) you will find some example configurations. These examples are used for the automated testing of this helm chart. - -### Default - -* Deploy the [default Elasticsearch helm chart](https://github.com/elastic/helm-charts/tree/master/elasticsearch/README.md#default) -* Deploy Metricbeat with the default values - ``` - cd examples/default - make - ``` -* You can now setup a port forward for Elasticsearch to observe Metricbeat indices - ``` - kubectl port-forward svc/elasticsearch-master 9200 - curl localhost:9200/_cat/indices - ``` - -## Testing - -This chart uses [pytest](https://docs.pytest.org/en/latest/) to test the templating logic. The dependencies for testing can be installed from the [`requirements.txt`](https://github.com/elastic/helm-charts/tree/master/requirements.txt) in the parent directory. - -``` -pip install -r ../requirements.txt -make pytest -``` - -You can also use `helm template` to look at the YAML being generated - -``` -make template -``` - -It is possible to run all of the tests and linting inside of a docker container - -``` -make test -``` - -## Integration Testing - -Integration tests are run using [goss](https://github.com/aelsabbahy/goss/blob/master/docs/manual.md) which is a serverspec like tool written in golang. See [goss.yaml](https://github.com/elastic/helm-charts/tree/master/metricbeat/examples/default/test/goss.yaml) for an example of what the tests look like. - -To run the goss tests against the default example: -``` -cd examples/default -make goss -``` + +| Parameter | Description | Default | +|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------| +| `clusterRoleRules` | Configurable [cluster role rules][] that Metricbeat uses to access Kubernetes resources | see [values.yaml][] | +| `daemonset.annotations` | Configurable [annotations][] for Metricbeat daemonset | `{}` | +| `daemonset.labels` | Configurable [labels][] applied to all Metricbeat DaemonSet pods | `{}` | +| `daemonset.affinity` | Configurable [affinity][] for Metricbeat daemonset | `{}` | +| `daemonset.enabled` | If true, enable daemonset | `true` | +| `daemonset.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to Metricbeat container for DaemonSet | `[]` | +| `daemonset.extraEnvs` | Extra [environment variables][] which will be appended to Metricbeat container for DaemonSet | `[]` | +| `daemonset.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function or DaemonSet | `[]` | +| `daemonset.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function or DaemonSet | `[]` | +| `daemonset.hostAliases` | Configurable [hostAliases][] for Metricbeat DaemonSet | `[]` | +| `daemonset.hostNetworking` | Enable Metricbeat DaemonSet to use `hostNetwork` | `false` | +| `daemonset.metricbeatConfig` | Allows you to add any config files in `/usr/share/metricbeat` such as `metricbeat.yml` for Metricbeat DaemonSet | see [values.yaml][] | +| `daemonset.nodeSelector` | Configurable [nodeSelector][] for Metricbeat DaemonSet | `{}` | +| `daemonset.resources` | Allows you to set the [resources][] for Metricbeat DaemonSet | see [values.yaml][] | +| `daemonset.secretMounts` | Allows you easily mount a secret as a file inside the DaemonSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `daemonset.securityContext` | Configurable [securityContext][] for Metricbeat DaemonSet pod execution environment | see [values.yaml][] | +| `daemonset.tolerations` | Configurable [tolerations][] for Metricbeat DaemonSet | `[]` | +| `deployment.annotations` | Configurable [annotations][] for Metricbeat Deployment | `{}` | +| `deployment.labels` | Configurable [labels][] applied to all Metricbeat Deployment pods | `{}` | +| `deployment.affinity` | Configurable [affinity][] for Metricbeat Deployment | `{}` | +| `deployment.enabled` | If true, enable deployment | `true` | +| `deployment.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to Metricbeat container for Deployment | `[]` | +| `deployment.extraEnvs` | Extra [environment variables][] which will be appended to Metricbeat container for Deployment | `[]` | +| `deployment.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function or DaemonSet | `[]` | +| `deployment.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function or Deployment | `[]` | +| `deployment.hostAliases` | Configurable [hostAliases][] for Metricbeat Deployment | `[]` | +| `deployment.metricbeatConfig` | Allows you to add any config files in `/usr/share/metricbeat` such as `metricbeat.yml` for Metricbeat Deployment | see [values.yaml][] | +| `deployment.nodeSelector` | Configurable [nodeSelector][] for Metricbeat Deployment | `{}` | +| `deployment.resources` | Allows you to set the [resources][] for Metricbeat Deployment | see [values.yaml][] | +| `deployment.secretMounts` | Allows you easily mount a secret as a file inside the Deployment Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `deployment.securityContext` | Configurable [securityContext][] for Metricbeat Deployment pod execution environment | see [values.yaml][] | +| `deployment.tolerations` | Configurable [tolerations][] for Metricbeat Deployment | `[]` | +| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` | +| `hostPathRoot` | Fully-qualified [hostPath][] that will be used to persist Metricbeat registry data | `/var/lib` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The Metricbeat Docker image tag | `7.12.0-SNAPSHOT` | +| `image` | The Metricbeat Docker image | `docker.elastic.co/beats/metricbeat` | +| `kube_state_metrics.enabled` | Install [kube-state-metrics](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) as a dependency | `true` | +| `kube_state_metrics.host` | Define kube-state-metrics endpoint for an existing deployment. Works only if `kube_state_metrics.enabled: false` | `""` | +| `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles | `true` | +| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | +| `podAnnotations` | Configurable [annotations][] applied to all Metricbeat pods | `{}` | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | +| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `replicas` | The replica count for the Metricbeat deployment talking to kube-state-metrics | `1` | +| `secrets` | Allows creating a secret from variables or a file. To add secrets from file, add suffix `.filepath` to the key of the secret key. The value will be encoded to base64. | See [values.yaml][] | +| `serviceAccount` | Custom [serviceAccount][] that Metricbeat will use during execution. By default will use the service account created by this chart | `""` | +| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}` | +| `terminationGracePeriod` | Termination period (in seconds) to wait before killing Metricbeat pod process on pod shutdown | `30` | +| `updateStrategy` | The [updateStrategy][] for the DaemonSet By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` | + +### Deprecated + +| Parameter | Description | Default | +|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|---------| +| `affinity` | Configurable [affinity][] for Metricbeat DaemonSet | `{}` | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to Metricbeat container for both DaemonSet and Deployment | `[]` | +| `extraEnvs` | Extra [environment variables][] which will be appended to Metricbeat container for both DaemonSet and Deployment | `[]` | +| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `metricbeatConfig` | Allows you to add any config files in `/usr/share/metricbeat` such as `metricbeat.yml` for both Metricbeat DaemonSet and Deployment | `{}` | +| `nodeSelector` | Configurable [nodeSelector][] for Metricbeat DaemonSet | `{}` | +| `podSecurityContext` | Configurable [securityContext][] for Metricbeat DaemonSet and Deployment pod execution environment | `{}` | +| `resources` | Allows you to set the [resources][] for both Metricbeat DaemonSet and Deployment | `{}` | +| `secretMounts` | Allows you easily mount a secret as a file inside DaemonSet and Deployment Useful for mounting certificates and other secrets | `[]` | +| `tolerations` | Configurable [tolerations][] for both Metricbeat DaemonSet and Deployment | `[]` | +| `labels` | Configurable [labels][] applied to all Metricbeat pods | `[]` | + + +## FAQ + +### How to use Metricbeat with Elasticsearch with security (authentication and TLS) enabled? + +This Helm chart can use existing [Kubernetes secrets][] to setup +credentials or certificates for examples. These secrets should be created +outside of this chart and accessed using [environment variables][] and volumes. + +An example can be found in [examples/security][]. + +### How to install OSS version of Metricbeat? + +Deploying OSS version of Metricbeat can be done by setting `image` value to +[Metricbeat OSS Docker image][] + +An example of Metricbeat deployment using OSS version can be found in +[examples/oss][]. + +### How to use Kubelet read-only port instead of secure port? + +Default Metricbeat configuration has been switched to Kubelet secure port +(10250/TCP) instead of read-only port (10255/TCP) in [#471][] because read-only +port usage is now discouraged and not enabled by default in most Kubernetes +configurations. + +However, if you need to use read-only port, you can replace +`hosts: ["https://${NODE_NAME}:10250"]` by `hosts: ["${NODE_NAME}:10255"]` and +comment `bearer_token_file` and `ssl.verification_mode` in +`daemonset.metricbeatConfig` in [values.yaml][]. + +### Why is Metricbeat host.name field set to Kubernetes pod name? + +The default Metricbeat configuration is using Metricbeat pod name for +`agent.hostname` and `host.name` fields. The `hostname` of the Kubernetes nodes +can be find in `kubernetes.node.name` field. If you would like to have +`agent.hostname` and `host.name` fields set to the hostname of the nodes, you'll +need to set `daemonset.hostNetworking` value to true. + +Note that enabling [hostNetwork][] make Metricbeat pod use the host network +namespace which gives it access to the host loopback device, services listening +on localhost, could be used to snoop on network activity of other pods on the +same node. + +### How do I get multiple beats agents working with hostNetworking enabled? + +The default http port for multiple beats agents may be on the same port, for +example, Filebeats and Metricbeats both default to 5066. When `hostNetworking` +is enabled this will cause collisions when standing up the http server. The work +around for this is to set `http.port` in the config file for one of the beats agent +to use a different port. + + +## Contributing + +Please check [CONTRIBUTING.md][] before any contribution or for any questions +about our development and testing process. + +[7.x]: https://github.com/elastic/helm-charts/releases +[#471]: https://github.com/elastic/helm-charts/pull/471 +[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/master/BREAKING_CHANGES.md +[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/master/CHANGELOG.md +[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +[default elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/README.md#default +[cluster role rules]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole +[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config +[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +[examples]: https://github.com/elastic/helm-charts/tree/7.12/metricbeat/examples +[examples/oss]: https://github.com/elastic/helm-charts/tree/7.12/metricbeat/examples/oss +[examples/security]: https://github.com/elastic/helm-charts/tree/7.12/metricbeat/examples/security +[helm]: https://helm.sh +[hostAliases]: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +[hostPath]: https://kubernetes.io/docs/concepts/storage/volumes/#hostpath +[hostNetwork]: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces +[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images +[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +[kube-state-metrics]: https://github.com/helm/charts/tree/7.12/stable/kube-state-metrics +[kubernetes secrets]: https://kubernetes.io/docs/concepts/configuration/secret/ +[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +[metricbeat docker image]: https://www.elastic.co/guide/en/beats/metricbeat/7.12/running-on-docker.html +[metricbeat oss docker image]: https://www.docker.elastic.co/r/beats/metricbeat-oss +[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes +[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +[securityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +[serviceAccount]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +[supported configurations]: https://github.com/elastic/helm-charts/tree/7.12/README.md#supported-configurations +[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[updateStrategy]: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy +[values.yaml]: https://github.com/elastic/helm-charts/tree/7.12/metricbeat/values.yaml diff --git a/metricbeat/examples/6.x/Makefile b/metricbeat/examples/6.x/Makefile deleted file mode 100644 index 05a66d2bc..000000000 --- a/metricbeat/examples/6.x/Makefile +++ /dev/null @@ -1,17 +0,0 @@ -default: test - -include ../../../helpers/examples.mk - -RELEASE := helm-metricbeat-six -GOSS_SELECTOR = release=$(RELEASE),app=helm-metricbeat-six-metricbeat - -install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values values.yaml ../../ - -purge: - helm del --purge $(RELEASE) - -test-metrics: - GOSS_FILE=goss-metrics.yaml make goss GOSS_SELECTOR=release=$(RELEASE),app=helm-metricbeat-six-metricbeat-metrics - -test: install goss test-metrics diff --git a/metricbeat/examples/6.x/values.yaml b/metricbeat/examples/6.x/values.yaml deleted file mode 100644 index 96987de4d..000000000 --- a/metricbeat/examples/6.x/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -imageTag: 6.8.8 - -extraEnvs: - - name: ELASTICSEARCH_HOSTS - value: six-master:9200 diff --git a/metricbeat/examples/default/Makefile b/metricbeat/examples/default/Makefile index 833f62973..ab8e6aacf 100644 --- a/metricbeat/examples/default/Makefile +++ b/metricbeat/examples/default/Makefile @@ -6,7 +6,9 @@ RELEASE = helm-metricbeat-default GOSS_SELECTOR = release=$(RELEASE),app=helm-metricbeat-default-metricbeat install: - helm upgrade --wait --timeout=600 --install $(RELEASE) ../../ + helm repo add stable https://charts.helm.sh/stable + helm dependency update ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../ test-metrics: GOSS_FILE=goss-metrics.yaml make goss GOSS_SELECTOR=release=$(RELEASE),app=helm-metricbeat-default-metricbeat-metrics @@ -14,4 +16,4 @@ test-metrics: test: install goss test-metrics purge: - helm del --purge $(RELEASE) + helm del $(RELEASE) diff --git a/metricbeat/examples/default/README.md b/metricbeat/examples/default/README.md new file mode 100644 index 000000000..5b762deec --- /dev/null +++ b/metricbeat/examples/default/README.md @@ -0,0 +1,27 @@ +# Default + +This example deploy Metricbeat 7.12.0-SNAPSHOT using [default values][]. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Metricbeat chart with the default values: `make install` + +* You can now setup a port forward to query Metricbeat indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/default/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/metricbeat/examples/default/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/7.12/metricbeat/values.yaml diff --git a/metricbeat/examples/default/test/goss-metrics.yaml b/metricbeat/examples/default/test/goss-metrics.yaml index e079450d6..7ed9e54fb 100644 --- a/metricbeat/examples/default/test/goss-metrics.yaml +++ b/metricbeat/examples/default/test/goss-metrics.yaml @@ -5,7 +5,7 @@ port: - '127.0.0.1' mount: - /usr/share/metricbeat/kube-state-metrics-metricbeat.yml: + /usr/share/metricbeat/metricbeat.yml: exists: true opts: - ro @@ -21,19 +21,18 @@ http: status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' + - "metricbeat-7.12.0" 'http://elasticsearch-master:9200/_search?q=metricset.name:state_container%20AND%20kubernetes.container.name:metricbeat': status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' + - "metricbeat-7.12.0" file: /usr/share/metricbeat/metricbeat.yml: exists: true contains: - - 'add_kubernetes_metadata' - 'output.elasticsearch' - 'elasticsearch-master:9200' @@ -42,4 +41,4 @@ command: exit-status: 0 stdout: - 'elasticsearch: http://elasticsearch-master:9200' - - 'version: 7.6.2' + - 'version: 7.12.0' diff --git a/metricbeat/examples/default/test/goss.yaml b/metricbeat/examples/default/test/goss.yaml index 267b9f7be..d87116b95 100644 --- a/metricbeat/examples/default/test/goss.yaml +++ b/metricbeat/examples/default/test/goss.yaml @@ -9,10 +9,6 @@ mount: exists: true /run/docker.sock: exists: true - /var/lib/docker/containers: - exists: true - opts: - - ro /usr/share/metricbeat/metricbeat.yml: exists: true opts: @@ -29,12 +25,12 @@ http: status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' + - 'metricbeat-7.12.0' 'http://elasticsearch-master:9200/_search?q=metricset.name:container%20AND%20kubernetes.container.name:metricbeat': status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' + - 'metricbeat-7.12.0' file: /usr/share/metricbeat/metricbeat.yml: @@ -49,4 +45,4 @@ command: exit-status: 0 stdout: - 'elasticsearch: http://elasticsearch-master:9200' - - 'version: 7.6.2' + - 'version: 7.12.0' diff --git a/metricbeat/examples/oss/Makefile b/metricbeat/examples/oss/Makefile index 0e4828ed0..81334c998 100644 --- a/metricbeat/examples/oss/Makefile +++ b/metricbeat/examples/oss/Makefile @@ -6,12 +6,14 @@ RELEASE := helm-metricbeat-oss GOSS_SELECTOR = release=$(RELEASE),app=helm-metricbeat-oss-metricbeat install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values values.yaml ../../ - -purge: - helm del --purge $(RELEASE) + helm repo add stable https://charts.helm.sh/stable + helm dependency update ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test-metrics: GOSS_FILE=goss-metrics.yaml make goss GOSS_SELECTOR=release=$(RELEASE),app=helm-metricbeat-oss-metricbeat-metrics test: install goss test-metrics + +purge: + helm del $(RELEASE) diff --git a/metricbeat/examples/oss/README.md b/metricbeat/examples/oss/README.md new file mode 100644 index 000000000..f5031ed20 --- /dev/null +++ b/metricbeat/examples/oss/README.md @@ -0,0 +1,27 @@ +# OSS + +This example deploy Metricbeat 7.12.0-SNAPSHOT using [Metricbeat OSS][] version. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Metricbeat chart with the default values: `make install` + +* You can now setup a port forward to query Metricbeat indices: + + ``` + kubectl port-forward svc/oss-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[metricbeat oss]: https://www.elastic.co/downloads/beats/metricbeat-oss +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/oss/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/metricbeat/examples/oss/test/goss.yaml diff --git a/metricbeat/examples/oss/test/goss-metrics.yaml b/metricbeat/examples/oss/test/goss-metrics.yaml index 251165a9a..51f868106 100644 --- a/metricbeat/examples/oss/test/goss-metrics.yaml +++ b/metricbeat/examples/oss/test/goss-metrics.yaml @@ -5,7 +5,7 @@ port: - '127.0.0.1' mount: - /usr/share/metricbeat/kube-state-metrics-metricbeat.yml: + /usr/share/metricbeat/metricbeat.yml: exists: true opts: - ro @@ -17,27 +17,25 @@ user: gid: 1000 http: - http://oss-master:9200/_cat/indices: + http://elasticsearch-master:9200/_cat/indices: status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' - http://oss-master:9200/_search?q=metricset.name:state_deployment: + - 'metricbeat-oss-7.12.0' + http://elasticsearch-master:9200/_search?q=metricset.name:state_deployment: status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' + - 'metricbeat-oss-7.12.0' file: /usr/share/metricbeat/metricbeat.yml: exists: true contains: - - 'add_kubernetes_metadata' - 'output.elasticsearch' command: cd /usr/share/metricbeat && metricbeat test output: exit-status: 0 stdout: - - 'elasticsearch: http://oss-master:9200' - - 'version: 7.6.2' + - 'elasticsearch: http://elasticsearch-master:9200' diff --git a/metricbeat/examples/oss/test/goss.yaml b/metricbeat/examples/oss/test/goss.yaml index 392daeee2..890f0bd95 100644 --- a/metricbeat/examples/oss/test/goss.yaml +++ b/metricbeat/examples/oss/test/goss.yaml @@ -9,10 +9,6 @@ mount: exists: true /run/docker.sock: exists: true - /var/lib/docker/containers: - exists: true - opts: - - ro /usr/share/metricbeat/metricbeat.yml: exists: true opts: @@ -25,16 +21,16 @@ user: gid: 1000 http: - http://oss-master:9200/_cat/indices: + http://elasticsearch-master:9200/_cat/indices: status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' - http://oss-master:9200/_search?q=metricset.name:container: + - 'metricbeat-oss-7.12.0' + http://elasticsearch-master:9200/_search?q=metricset.name:container: status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' + - 'metricbeat-oss-7.12.0' file: /usr/share/metricbeat/metricbeat.yml: @@ -47,5 +43,4 @@ command: cd /usr/share/metricbeat && metricbeat test output: exit-status: 0 stdout: - - 'elasticsearch: http://oss-master:9200' - - 'version: 7.6.2' + - 'elasticsearch: http://elasticsearch-master:9200' diff --git a/metricbeat/examples/oss/values.yaml b/metricbeat/examples/oss/values.yaml index 89f2d453c..26b3b61cb 100644 --- a/metricbeat/examples/oss/values.yaml +++ b/metricbeat/examples/oss/values.yaml @@ -1,5 +1,76 @@ image: docker.elastic.co/beats/metricbeat-oss -extraEnvs: - - name: ELASTICSEARCH_HOSTS - value: oss-master:9200 +daemonset: + metricbeatConfig: + metricbeat.yml: | + metricbeat.modules: + - module: kubernetes + metricsets: + - container + - node + - pod + - system + - volume + period: 10s + host: "${NODE_NAME}" + hosts: ["https://${NODE_NAME}:10250"] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl.verification_mode: "none" + # If using Red Hat OpenShift remove ssl.verification_mode entry and + # uncomment these settings: + #ssl.certificate_authorities: + #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + processors: + - add_kubernetes_metadata: ~ + - module: kubernetes + enabled: true + metricsets: + - event + - module: system + period: 10s + metricsets: + - cpu + - load + - memory + - network + - process + - process_summary + processes: ['.*'] + process.include_top_n: + by_cpu: 5 + by_memory: 5 + - module: system + period: 1m + metricsets: + - filesystem + - fsstat + processors: + - drop_event.when.regexp: + system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)' + output.elasticsearch: + hosts: "elasticsearch-master:9200" + index: "metricbeat-oss-%{[agent.version]}-%{+yyyy.MM.dd}" + setup.ilm.enabled: false + setup.template.name: "metricbeat" + setup.template.pattern: "metricbeat-oss-*" + +deployment: + metricbeatConfig: + metricbeat.yml: | + metricbeat.modules: + - module: kubernetes + enabled: true + metricsets: + - state_node + - state_deployment + - state_replicaset + - state_pod + - state_container + period: 10s + hosts: ["${KUBE_STATE_METRICS_HOSTS}"] + output.elasticsearch: + hosts: "elasticsearch-master:9200" + index: "metricbeat-oss-%{[agent.version]}-%{+yyyy.MM.dd}" + setup.ilm.enabled: false + setup.template.name: "metricbeat" + setup.template.pattern: "metricbeat-oss-*" diff --git a/metricbeat/examples/security/Makefile b/metricbeat/examples/security/Makefile index 3f92e7fe2..81049b709 100644 --- a/metricbeat/examples/security/Makefile +++ b/metricbeat/examples/security/Makefile @@ -6,12 +6,14 @@ RELEASE := helm-metricbeat-security GOSS_SELECTOR = release=$(RELEASE),app=helm-metricbeat-security-metricbeat install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values values.yaml ../../ - -purge: - helm del --purge $(RELEASE) + helm repo add stable https://charts.helm.sh/stable + helm dependency update ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ test-metrics: GOSS_FILE=goss-metrics.yaml make goss GOSS_SELECTOR=release=$(RELEASE),app=helm-metricbeat-security-metricbeat-metrics test: install goss test-metrics + +purge: + helm del $(RELEASE) diff --git a/metricbeat/examples/security/README.md b/metricbeat/examples/security/README.md new file mode 100644 index 000000000..5905eeb63 --- /dev/null +++ b/metricbeat/examples/security/README.md @@ -0,0 +1,28 @@ +# Security + +This example deploy Metricbeat 7.12.0-SNAPSHOT using authentication and TLS to connect to +Elasticsearch (see [values][]). + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Metricbeat chart with security: `make install` + +* You can now setup a port forward to query Metricbeat indices: + + ``` + kubectl port-forward svc/security-master 9200 + curl -u elastic:changeme https://localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.12/elasticsearch/examples/security/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.12/metricbeat/examples/security/test/goss.yaml +[values]: https://github.com/elastic/helm-charts/tree/7.12/metricbeat/examples/security/values.yaml diff --git a/metricbeat/examples/security/test/goss-metrics.yaml b/metricbeat/examples/security/test/goss-metrics.yaml index 1b8e35c69..6982d8be8 100644 --- a/metricbeat/examples/security/test/goss-metrics.yaml +++ b/metricbeat/examples/security/test/goss-metrics.yaml @@ -5,7 +5,7 @@ port: - '127.0.0.1' mount: - /usr/share/metricbeat/kube-state-metrics-metricbeat.yml: + /usr/share/metricbeat/metricbeat.yml: exists: true opts: - ro @@ -21,7 +21,7 @@ http: status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' + - 'metricbeat-7.12.0' allow-insecure: true username: '{{ .Env.ELASTICSEARCH_USERNAME }}' password: '{{ .Env.ELASTICSEARCH_PASSWORD }}' @@ -29,7 +29,7 @@ http: status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' + - 'metricbeat-7.12.0' allow-insecure: true username: '{{ .Env.ELASTICSEARCH_USERNAME }}' password: '{{ .Env.ELASTICSEARCH_PASSWORD }}' @@ -38,7 +38,6 @@ file: /usr/share/metricbeat/metricbeat.yml: exists: true contains: - - 'add_kubernetes_metadata' - 'output.elasticsearch' command: @@ -46,4 +45,4 @@ command: exit-status: 0 stdout: - 'elasticsearch: https://security-master:9200' - - 'version: 7.6.2' + - 'version: 7.12.0' diff --git a/metricbeat/examples/security/test/goss.yaml b/metricbeat/examples/security/test/goss.yaml index b693e5969..5ace7dc76 100644 --- a/metricbeat/examples/security/test/goss.yaml +++ b/metricbeat/examples/security/test/goss.yaml @@ -9,10 +9,6 @@ mount: exists: true /run/docker.sock: exists: true - /var/lib/docker/containers: - exists: true - opts: - - ro /usr/share/metricbeat/metricbeat.yml: exists: true opts: @@ -29,7 +25,7 @@ http: status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' + - 'metricbeat-7.12.0' allow-insecure: true username: '{{ .Env.ELASTICSEARCH_USERNAME }}' password: '{{ .Env.ELASTICSEARCH_PASSWORD }}' @@ -37,7 +33,7 @@ http: status: 200 timeout: 2000 body: - - 'metricbeat-7.6.2' + - 'metricbeat-7.12.0' allow-insecure: true username: '{{ .Env.ELASTICSEARCH_USERNAME }}' password: '{{ .Env.ELASTICSEARCH_PASSWORD }}' @@ -54,4 +50,4 @@ command: exit-status: 0 stdout: - 'elasticsearch: https://security-master:9200' - - 'version: 7.6.2' + - 'version: 7.12.0' diff --git a/metricbeat/examples/security/values.yaml b/metricbeat/examples/security/values.yaml index 95dbb687f..2939d1c20 100644 --- a/metricbeat/examples/security/values.yaml +++ b/metricbeat/examples/security/values.yaml @@ -1,86 +1,110 @@ -metricbeatConfig: - metricbeat.yml: | - metricbeat.modules: - - module: kubernetes - metricsets: - - container - - node - - pod - - system - - volume - period: 10s - host: "${NODE_NAME}" - hosts: ["${NODE_NAME}:10255"] - processors: - - add_kubernetes_metadata: - in_cluster: true - - module: kubernetes - enabled: true - metricsets: - - event - - module: system - period: 10s - metricsets: - - cpu - - load - - memory - - network - - process - - process_summary - processes: ['.*'] - process.include_top_n: - by_cpu: 5 - by_memory: 5 - - module: system - period: 1m - metricsets: - - filesystem - - fsstat - processors: - - drop_event.when.regexp: - system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)' - - output.elasticsearch: - username: '${ELASTICSEARCH_USERNAME}' - password: '${ELASTICSEARCH_PASSWORD}' - protocol: https - hosts: ["security-master:9200"] - ssl.certificate_authorities: - - /usr/share/metricbeat/config/certs/elastic-certificate.pem - - kube-state-metrics-metricbeat.yml: | - metricbeat.modules: - - module: kubernetes - enabled: true - metricsets: - - state_node - - state_deployment - - state_replicaset - - state_pod - - state_container - period: 10s - hosts: ["${KUBE_STATE_METRICS_HOSTS}"] - output.elasticsearch: - username: '${ELASTICSEARCH_USERNAME}' - password: '${ELASTICSEARCH_PASSWORD}' - protocol: https - hosts: ["security-master:9200"] - ssl.certificate_authorities: - - /usr/share/metricbeat/config/certs/elastic-certificate.pem - -secretMounts: +daemonset: + extraEnvs: + - name: 'ELASTICSEARCH_USERNAME' + valueFrom: + secretKeyRef: + name: elastic-credentials + key: username + - name: 'ELASTICSEARCH_PASSWORD' + valueFrom: + secretKeyRef: + name: elastic-credentials + key: password + # Allows you to add any config files in /usr/share/metricbeat + # such as metricbeat.yml for daemonset + metricbeatConfig: + metricbeat.yml: | + metricbeat.modules: + - module: kubernetes + metricsets: + - container + - node + - pod + - system + - volume + period: 10s + host: "${NODE_NAME}" + hosts: ["https://${NODE_NAME}:10250"] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl.verification_mode: "none" + # If using Red Hat OpenShift remove ssl.verification_mode entry and + # uncomment these settings: + #ssl.certificate_authorities: + #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + processors: + - add_kubernetes_metadata: ~ + - module: kubernetes + enabled: true + metricsets: + - event + - module: system + period: 10s + metricsets: + - cpu + - load + - memory + - network + - process + - process_summary + processes: ['.*'] + process.include_top_n: + by_cpu: 5 + by_memory: 5 + - module: system + period: 1m + metricsets: + - filesystem + - fsstat + processors: + - drop_event.when.regexp: + system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)' + output.elasticsearch: + username: '${ELASTICSEARCH_USERNAME}' + password: '${ELASTICSEARCH_PASSWORD}' + protocol: https + hosts: ["security-master:9200"] + ssl.certificate_authorities: + - /usr/share/metricbeat/config/certs/elastic-certificate.pem + secretMounts: - name: elastic-certificate-pem secretName: elastic-certificate-pem path: /usr/share/metricbeat/config/certs -extraEnvs: - - name: 'ELASTICSEARCH_USERNAME' - valueFrom: - secretKeyRef: - name: elastic-credentials - key: username - - name: 'ELASTICSEARCH_PASSWORD' - valueFrom: - secretKeyRef: - name: elastic-credentials - key: password +deployment: + extraEnvs: + - name: 'ELASTICSEARCH_USERNAME' + valueFrom: + secretKeyRef: + name: elastic-credentials + key: username + - name: 'ELASTICSEARCH_PASSWORD' + valueFrom: + secretKeyRef: + name: elastic-credentials + key: password + # Allows you to add any config files in /usr/share/metricbeat + # such as metricbeat.yml for deployment + metricbeatConfig: + metricbeat.yml: | + metricbeat.modules: + - module: kubernetes + enabled: true + metricsets: + - state_node + - state_deployment + - state_replicaset + - state_pod + - state_container + period: 10s + hosts: ["${KUBE_STATE_METRICS_HOSTS}"] + output.elasticsearch: + username: '${ELASTICSEARCH_USERNAME}' + password: '${ELASTICSEARCH_PASSWORD}' + protocol: https + hosts: ["security-master:9200"] + ssl.certificate_authorities: + - /usr/share/metricbeat/config/certs/elastic-certificate.pem + secretMounts: + - name: elastic-certificate-pem + secretName: elastic-certificate-pem + path: /usr/share/metricbeat/config/certs diff --git a/metricbeat/examples/upgrade/Makefile b/metricbeat/examples/upgrade/Makefile new file mode 100644 index 000000000..e18cb8435 --- /dev/null +++ b/metricbeat/examples/upgrade/Makefile @@ -0,0 +1,21 @@ +default: test + +include ../../../helpers/examples.mk + +CHART := metricbeat +RELEASE := helm-metricbeat-upgrade +FROM := 7.10.0 # upgrade from version < 7.10.0 is failing due to selector + # breaking change in https://github.com/elastic/helm-charts/pull/516 + +install: + helm repo add stable https://charts.helm.sh/stable + helm dependency update ../../ + ../../../helpers/upgrade.sh --chart $(CHART) --release $(RELEASE) --from $(FROM) + kubectl rollout status daemonset $(RELEASE)-metricbeat + kubectl rollout status deployment $(RELEASE)-metricbeat-metrics + kubectl rollout status deployment $(RELEASE)-kube-state-metrics + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/metricbeat/examples/upgrade/README.md b/metricbeat/examples/upgrade/README.md new file mode 100644 index 000000000..4c1821b1f --- /dev/null +++ b/metricbeat/examples/upgrade/README.md @@ -0,0 +1,21 @@ +# Upgrade + +This example will deploy Metricbeat chart using an old chart version, +then upgrade it. + + +## Usage + +* Add the Elastic Helm charts repo: `helm repo add elastic https://helm.elastic.co` + +* Deploy [Elasticsearch Helm chart][]: `helm install elasticsearch elastic/elasticsearch` + +* Deploy and upgrade Metricbeat chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test`. + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/metricbeat/examples/upgrade/test/goss.yaml diff --git a/metricbeat/examples/6.x/test/goss-metrics.yaml b/metricbeat/examples/upgrade/test/goss-metrics.yaml similarity index 51% rename from metricbeat/examples/6.x/test/goss-metrics.yaml rename to metricbeat/examples/upgrade/test/goss-metrics.yaml index 8f60496c0..bd510e19d 100644 --- a/metricbeat/examples/6.x/test/goss-metrics.yaml +++ b/metricbeat/examples/upgrade/test/goss-metrics.yaml @@ -2,10 +2,10 @@ port: tcp:5066: listening: true ip: - - '127.0.0.1' + - "127.0.0.1" mount: - /usr/share/metricbeat/kube-state-metrics-metricbeat.yml: + /usr/share/metricbeat/metricbeat.yml: exists: true opts: - ro @@ -17,27 +17,26 @@ user: gid: 1000 http: - http://six-master:9200/_cat/indices: + http://upgrade-master:9200/_cat/indices: status: 200 timeout: 2000 body: - - 'metricbeat-6.8.8' - http://six-master:9200/_search?q=metricset.name:state_deployment: - status: 200 + - "metricbeat-7.12.0" + + ? "http://upgrade-master:9200/_search?q=metricset.name:state_container%20AND%20kubernetes.container.name:metricbeat" + : status: 200 timeout: 2000 body: - - 'metricbeat-6.8.8' + - "metricbeat-7.12.0" file: /usr/share/metricbeat/metricbeat.yml: exists: true contains: - - 'add_kubernetes_metadata' - - 'output.elasticsearch' + - "output.elasticsearch" command: cd /usr/share/metricbeat && metricbeat test output: exit-status: 0 stdout: - - 'elasticsearch: http://six-master:9200' - - 'version: 6.8.8' + - "elasticsearch: http://upgrade-master:9200" diff --git a/metricbeat/examples/6.x/test/goss.yaml b/metricbeat/examples/upgrade/test/goss.yaml similarity index 57% rename from metricbeat/examples/6.x/test/goss.yaml rename to metricbeat/examples/upgrade/test/goss.yaml index 262bc5843..67461fe5d 100644 --- a/metricbeat/examples/6.x/test/goss.yaml +++ b/metricbeat/examples/upgrade/test/goss.yaml @@ -2,17 +2,13 @@ port: tcp:5066: listening: true ip: - - '127.0.0.1' + - "127.0.0.1" mount: /usr/share/metricbeat/data: exists: true /run/docker.sock: exists: true - /var/lib/docker/containers: - exists: true - opts: - - ro /usr/share/metricbeat/metricbeat.yml: exists: true opts: @@ -25,27 +21,26 @@ user: gid: 1000 http: - http://six-master:9200/_cat/indices: + http://upgrade-master:9200/_cat/indices: status: 200 timeout: 2000 body: - - 'metricbeat-6.8.8' - http://six-master:9200/_search?q=metricset.name:container: - status: 200 + - "metricbeat-7.12.0" + ? "http://upgrade-master:9200/_search?q=metricset.name:container%20AND%20kubernetes.container.name:metricbeat" + : status: 200 timeout: 2000 body: - - 'metricbeat-6.8.8' + - "metricbeat-7.12.0" file: /usr/share/metricbeat/metricbeat.yml: exists: true contains: - - 'add_kubernetes_metadata' - - 'output.elasticsearch' + - "add_kubernetes_metadata" + - "output.elasticsearch" command: cd /usr/share/metricbeat && metricbeat test output: exit-status: 0 stdout: - - 'elasticsearch: http://six-master:9200' - - 'version: 6.8.8' + - "elasticsearch: http://upgrade-master:9200" diff --git a/metricbeat/examples/upgrade/values.yaml b/metricbeat/examples/upgrade/values.yaml new file mode 100644 index 000000000..8b230601e --- /dev/null +++ b/metricbeat/examples/upgrade/values.yaml @@ -0,0 +1,4 @@ +--- +extraEnvs: + - name: ELASTICSEARCH_HOSTS + value: upgrade-master:9200 diff --git a/metricbeat/requirements.lock b/metricbeat/requirements.lock index 9b027f8cc..3cbe95eaf 100644 --- a/metricbeat/requirements.lock +++ b/metricbeat/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: kube-state-metrics - repository: https://kubernetes-charts.storage.googleapis.com + repository: https://charts.helm.sh/stable version: 2.4.1 -digest: sha256:89fdea6b5f048652fc2d562ff59338a8cbf25f9053dc28976a1271b4387692b1 -generated: "2019-11-01T10:31:40.002896+01:00" +digest: sha256:948dca129bc7c16b138ed8bcbdf666c324d812e43af59d475b8bb74a53e99778 +generated: "2020-10-30T18:58:57.381827+01:00" diff --git a/metricbeat/requirements.yaml b/metricbeat/requirements.yaml index 0f8c03d9c..2d78b382a 100644 --- a/metricbeat/requirements.yaml +++ b/metricbeat/requirements.yaml @@ -2,3 +2,4 @@ dependencies: - name: 'kube-state-metrics' version: '2.4.1' repository: '@stable' + condition: kube_state_metrics.enabled diff --git a/metricbeat/templates/clusterrole.yaml b/metricbeat/templates/clusterrole.yaml index bbc209db7..851153f8e 100644 --- a/metricbeat/templates/clusterrole.yaml +++ b/metricbeat/templates/clusterrole.yaml @@ -1,5 +1,5 @@ {{- if .Values.managedServiceAccount }} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ template "metricbeat.serviceAccount" . }}-cluster-role diff --git a/metricbeat/templates/clusterrolebinding.yaml b/metricbeat/templates/clusterrolebinding.yaml index dc785b2e0..e95a98db8 100644 --- a/metricbeat/templates/clusterrolebinding.yaml +++ b/metricbeat/templates/clusterrolebinding.yaml @@ -1,5 +1,5 @@ {{- if .Values.managedServiceAccount }} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "metricbeat.serviceAccount" . }}-cluster-role-binding diff --git a/metricbeat/templates/configmap.yaml b/metricbeat/templates/configmap.yaml index 09e381ce7..1272402b5 100644 --- a/metricbeat/templates/configmap.yaml +++ b/metricbeat/templates/configmap.yaml @@ -15,3 +15,39 @@ data: {{ $config | indent 4 -}} {{- end -}} {{- end -}} + +{{- if and .Values.daemonset.enabled .Values.daemonset.metricbeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "metricbeat.fullname" . }}-daemonset-config + labels: + app: "{{ template "metricbeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.daemonset.metricbeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} + +{{- if and .Values.deployment.enabled .Values.deployment.metricbeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "metricbeat.fullname" . }}-deployment-config + labels: + app: "{{ template "metricbeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.deployment.metricbeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/metricbeat/templates/daemonset.yaml b/metricbeat/templates/daemonset.yaml index 392b7cf84..387ac9a77 100644 --- a/metricbeat/templates/daemonset.yaml +++ b/metricbeat/templates/daemonset.yaml @@ -1,3 +1,4 @@ +{{- if .Values.daemonset.enabled }} --- apiVersion: apps/v1 kind: DaemonSet @@ -8,9 +9,21 @@ metadata: chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} + {{- if .Values.daemonset.labels }} + {{- range $key, $value := .Values.daemonset.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} {{- range $key, $value := .Values.labels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- end }} + {{- if .Values.daemonset.annotations}} + annotations: + {{- range $key, $value := .Values.daemonset.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: selector: matchLabels: @@ -25,7 +38,7 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} {{/* This forces a restart if the configmap has changed */}} - {{- if .Values.metricbeatConfig }} + {{- if or .Values.metricbeatConfig .Values.daemonset.metricbeatConfig }} configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} {{- end }} name: "{{ template "metricbeat.fullname" . }}" @@ -34,26 +47,33 @@ spec: chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} + {{- if .Values.daemonset.labels }} + {{- range $key, $value := .Values.daemonset.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} {{- range $key, $value := .Values.labels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- end }} spec: - {{- with .Values.tolerations }} - tolerations: {{ toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} + affinity: {{ toYaml ( .Values.affinity | default .Values.daemonset.affinity ) | nindent 8 }} + nodeSelector: {{ toYaml ( .Values.nodeSelector | default .Values.daemonset.nodeSelector ) | nindent 8 }} + tolerations: {{ toYaml ( .Values.tolerations | default .Values.daemonset.tolerations ) | nindent 8 }} + {{- if .Values.daemonset.hostNetworking }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} - {{- with .Values.affinity }} - affinity: {{ toYaml . | nindent 8 -}} - {{- end }} serviceAccountName: {{ template "metricbeat.serviceAccount" . }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- if .Values.daemonset.hostAliases }} + hostAliases: {{ toYaml .Values.daemonset.hostAliases | nindent 6 }} + {{- end }} volumes: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} - name: {{ .name }} secret: secretName: {{ .secretName }} @@ -63,14 +83,16 @@ spec: configMap: defaultMode: 0600 name: {{ template "metricbeat.fullname" . }}-config + {{- else if .Values.daemonset.metricbeatConfig }} + - name: metricbeat-config + configMap: + defaultMode: 0600 + name: {{ template "metricbeat.fullname" . }}-daemonset-config {{- end }} - name: data hostPath: path: {{ .Values.hostPathRoot }}/{{ template "metricbeat.fullname" . }}-{{ .Release.Namespace }}-data type: DirectoryOrCreate - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - name: varrundockersock hostPath: path: /var/run/docker.sock @@ -80,8 +102,8 @@ spec: - name: cgroup hostPath: path: /sys/fs/cgroup - {{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6 }} + {{- if .Values.extraVolumes | default .Values.daemonset.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.daemonset.extraVolumes ) | indent 6 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -104,8 +126,7 @@ spec: {{ toYaml .Values.livenessProbe | indent 10 }} readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.resources | indent 10 }} + resources: {{ toYaml ( .Values.resources | default .Values.daemonset.resources ) | nindent 10 }} env: - name: POD_NAMESPACE valueFrom: @@ -115,19 +136,13 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName -{{- if .Values.extraEnvs }} -{{ toYaml .Values.extraEnvs | indent 8 }} -{{- end }} -{{- if .Values.envFrom }} - envFrom: -{{ toYaml .Values.envFrom | indent 10 }} -{{- end }} -{{- if .Values.podSecurityContext }} - securityContext: -{{ toYaml .Values.podSecurityContext | indent 10 }} +{{- if .Values.extraEnvs | default .Values.daemonset.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.daemonset.extraEnvs ) | indent 8 }} {{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.daemonset.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.daemonset.securityContext ) | nindent 10 }} volumeMounts: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} - name: {{ .name }} mountPath: {{ .path }} {{- if .subPath }} @@ -139,14 +154,18 @@ spec: mountPath: /usr/share/metricbeat/{{ $path }} readOnly: true subPath: {{ $path }} + {{ else }} + {{- range $path, $config := .Values.daemonset.metricbeatConfig }} + - name: metricbeat-config + mountPath: /usr/share/metricbeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{- end }} {{- end }} - name: data mountPath: /usr/share/metricbeat/data - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true # Necessary when using autodiscovery; avoid mounting it otherwise - # See: https://www.elastic.co/guide/en/beats/metricbeat/master/configuration-autodiscover.html + # See: https://www.elastic.co/guide/en/beats/metricbeat/7.12/configuration-autodiscover.html - name: varrundockersock mountPath: /var/run/docker.sock readOnly: true @@ -156,9 +175,10 @@ spec: - name: cgroup mountPath: /hostfs/sys/fs/cgroup readOnly: true - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} + {{- if .Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts }} +{{ toYaml ( .Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts ) | indent 8 }} {{- end }} {{- if .Values.extraContainers }} {{ tpl .Values.extraContainers . | indent 6 }} - {{- end }} \ No newline at end of file + {{- end }} +{{- end }} diff --git a/metricbeat/templates/deployment.yaml b/metricbeat/templates/deployment.yaml index 225160b47..740c1b7b1 100644 --- a/metricbeat/templates/deployment.yaml +++ b/metricbeat/templates/deployment.yaml @@ -1,3 +1,5 @@ +# Deploy singleton instance in the whole cluster for some unique data sources, like kube-state-metrics +{{- if .Values.deployment.enabled }} --- apiVersion: apps/v1 kind: Deployment @@ -8,13 +10,26 @@ metadata: chart: '{{ .Chart.Name }}-{{ .Chart.Version }}' heritage: '{{ .Release.Service }}' release: '{{ .Release.Name }}' + {{- if .Values.deployment.labels }} + {{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .Values.deployment.annotations}} + annotations: + {{- range $key, $value := .Values.deployment.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: replicas: {{ .Values.replicas }} selector: matchLabels: app: '{{ template "metricbeat.fullname" . }}-metrics' - chart: '{{ .Chart.Name }}-{{ .Chart.Version }}' - heritage: '{{ .Release.Service }}' release: '{{ .Release.Name }}' template: metadata: @@ -23,26 +38,36 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} {{/* This forces a restart if the configmap has changed */}} - {{- if .Values.metricbeatConfig }} + {{- if or .Values.metricbeatConfig .Values.deployment.metricbeatConfig }} configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} {{- end }} labels: app: '{{ template "metricbeat.fullname" . }}-metrics' chart: '{{ .Chart.Name }}-{{ .Chart.Version }}' - heritage: '{{ .Release.Service }}' release: '{{ .Release.Name }}' + {{- if .Values.deployment.labels }} + {{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 6 }} - {{- end }} + affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }} + nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} + tolerations: {{ toYaml ( .Values.tolerations | default .Values.deployment.tolerations ) | nindent 8 }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} serviceAccountName: {{ template "metricbeat.serviceAccount" . }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- if .Values.deployment.hostAliases }} + hostAliases: {{ toYaml .Values.deployment.hostAliases | nindent 6 }} + {{- end }} volumes: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} - name: {{ .name }} secret: secretName: {{ .secretName }} @@ -52,9 +77,14 @@ spec: configMap: defaultMode: 0600 name: {{ template "metricbeat.fullname" . }}-config + {{- else if .Values.deployment.metricbeatConfig }} + - name: metricbeat-config + configMap: + defaultMode: 0600 + name: {{ template "metricbeat.fullname" . }}-deployment-config {{- end }} - {{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6 }} + {{- if .Values.extraVolumes | default .Values.deployment.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.deployment.extraVolumes ) | indent 6 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -69,8 +99,10 @@ spec: image: "{{ .Values.image }}:{{ .Values.imageTag }}" imagePullPolicy: "{{ .Values.imagePullPolicy }}" args: + {{- if index .Values "metricbeatConfig" "kube-state-metrics-metricbeat.yml" }} - "-c" - "/usr/share/metricbeat/kube-state-metrics-metricbeat.yml" + {{- end }} - "-e" - "-E" - "http.enabled=true" @@ -78,28 +110,25 @@ spec: {{ toYaml .Values.livenessProbe | indent 10 }} readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.resources | indent 10 }} + resources: {{ toYaml ( .Values.resources | default .Values.deployment.resources ) | nindent 10 }} env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: KUBE_STATE_METRICS_HOSTS + {{- if .Values.kube_state_metrics.enabled }} value: "$({{ .Release.Name | replace "-" "_" | upper }}_KUBE_STATE_METRICS_SERVICE_HOST):$({{ .Release.Name | replace "-" "_" | upper }}_KUBE_STATE_METRICS_SERVICE_PORT_HTTP)" -{{- if .Values.extraEnvs }} -{{ toYaml .Values.extraEnvs | indent 8 }} -{{- end }} -{{- if .Values.envFrom }} - envFrom: -{{ toYaml .Values.envFrom | indent 10 }} -{{- end }} -{{- if .Values.podSecurityContext }} - securityContext: -{{ toYaml .Values.podSecurityContext | indent 10 }} + {{- else }} + value: {{ .Values.kube_state_metrics.host | default "kube-state-metrics:8080"}} + {{- end }} +{{- if .Values.extraEnvs | default .Values.deployment.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.deployment.extraEnvs ) | indent 8 }} {{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.deployment.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.deployment.securityContext ) | nindent 10 }} volumeMounts: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} - name: {{ .name }} mountPath: {{ .path }} {{- if .subPath }} @@ -111,10 +140,18 @@ spec: mountPath: /usr/share/metricbeat/{{ $path }} readOnly: true subPath: {{ $path }} + {{ else }} + {{- range $path, $config := .Values.deployment.metricbeatConfig }} + - name: metricbeat-config + mountPath: /usr/share/metricbeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{- end }} {{- end }} - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} + {{- if .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts }} +{{ toYaml ( .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts ) | indent 8 }} {{- end }} {{- if .Values.extraContainers }} {{ tpl .Values.extraContainers . | indent 6 }} - {{- end }} \ No newline at end of file + {{- end }} +{{- end }} diff --git a/metricbeat/templates/secret.yaml b/metricbeat/templates/secret.yaml new file mode 100644 index 000000000..115034f8c --- /dev/null +++ b/metricbeat/templates/secret.yaml @@ -0,0 +1,27 @@ +{{- if .Values.secrets }} +{{- $fullName := include "metricbeat.fullname" . -}} +{{- range .Values.secrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-%s" $fullName .name | quote }} + labels: + app: {{ $fullName | quote }} + chart: {{ $.Chart.Name | quote }} + heritage: {{ $.Release.Service | quote }} + release: {{ $.Release.Name | quote }} + {{- range $key, $value := $.Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +data: +{{- range $key, $val := .value }} + {{- if hasSuffix "filepath" $key }} + {{ $key | replace ".filepath" "" }}: {{ $.Files.Get $val | b64enc | quote }} + {{ else }} + {{ $key }}: {{ $val | b64enc | quote }} + {{- end }} +{{- end }} +type: Opaque +{{- end }} +{{- end }} diff --git a/metricbeat/templates/serviceaccount.yaml b/metricbeat/templates/serviceaccount.yaml index 233064669..227534fa2 100644 --- a/metricbeat/templates/serviceaccount.yaml +++ b/metricbeat/templates/serviceaccount.yaml @@ -3,6 +3,10 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "metricbeat.serviceAccount" . }} + annotations: + {{- with .Values.serviceAccountAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} labels: app: "{{ template "metricbeat.fullname" . }}" chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" diff --git a/metricbeat/tests/metricbeat_test.py b/metricbeat/tests/metricbeat_test.py index c20fe252c..bcfcb5d8a 100644 --- a/metricbeat/tests/metricbeat_test.py +++ b/metricbeat/tests/metricbeat_test.py @@ -1,11 +1,13 @@ import os import sys +import base64 sys.path.insert(1, os.path.join(sys.path[0], "../../helpers")) from helpers import helm_template project = "metricbeat" name = "release-name-" + project +kube_state_metric_name = "release-name-kube-state-metrics" def test_defaults(): @@ -15,6 +17,15 @@ def test_defaults(): r = helm_template(config) assert name in r["daemonset"] + assert name + "-metrics" in r["deployment"] + + assert kube_state_metric_name in r["deployment"] + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "env" + ][1]["value"] + == "$(RELEASE_NAME_KUBE_STATE_METRICS_SERVICE_HOST):$(RELEASE_NAME_KUBE_STATE_METRICS_SERVICE_PORT_HTTP)" + ) c = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0] assert c["name"] == project @@ -27,9 +38,51 @@ def test_defaults(): assert "metricbeat test output" in c["readinessProbe"]["exec"]["command"][-1] + assert r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"] == [] + + assert "hostNetwork" not in r["daemonset"][name]["spec"]["template"]["spec"] + assert "dnsPolicy" not in r["daemonset"][name]["spec"]["template"]["spec"] + assert ( + "hostNetwork" + not in r["deployment"][name + "-metrics"]["spec"]["template"]["spec"] + ) + assert ( + "dnsPolicy" + not in r["deployment"][name + "-metrics"]["spec"]["template"]["spec"] + ) + + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["tolerations"] + == [] + ) + + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 0 + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 0 + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + # Empty customizable defaults assert "imagePullSecrets" not in r["daemonset"][name]["spec"]["template"]["spec"] - assert "tolerations" not in r["daemonset"][name]["spec"]["template"]["spec"] assert r["daemonset"][name]["spec"]["updateStrategy"]["type"] == "RollingUpdate" @@ -37,14 +90,81 @@ def test_defaults(): r["daemonset"][name]["spec"]["template"]["spec"]["serviceAccountName"] == name ) - volumes = r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + cfg = r["configmap"] + + assert name + "-config" not in cfg + assert name + "-daemonset-config" in cfg + assert name + "-deployment-config" in cfg + + assert "metricbeat.yml" in cfg[name + "-daemonset-config"]["data"] + assert "metricbeat.yml" in cfg[name + "-deployment-config"]["data"] + + assert "module: system" in cfg[name + "-daemonset-config"]["data"]["metricbeat.yml"] + assert ( + "module: system" + not in cfg[name + "-deployment-config"]["data"]["metricbeat.yml"] + ) + assert "state_pod" not in cfg[name + "-daemonset-config"]["data"]["metricbeat.yml"] + assert "state_pod" in cfg[name + "-deployment-config"]["data"]["metricbeat.yml"] + + daemonset = r["daemonset"][name]["spec"]["template"]["spec"] + + assert { + "configMap": {"name": name + "-config", "defaultMode": 0o600}, + "name": project + "-config", + } not in daemonset["volumes"] + assert { + "configMap": {"name": name + "-daemonset-config", "defaultMode": 0o600}, + "name": project + "-config", + } in daemonset["volumes"] + assert { "name": "data", "hostPath": { "path": "/var/lib/" + name + "-default-data", "type": "DirectoryOrCreate", }, - } in volumes + } in daemonset["volumes"] + + assert { + "mountPath": "/usr/share/metricbeat/metricbeat.yml", + "name": project + "-config", + "subPath": "metricbeat.yml", + "readOnly": True, + } in daemonset["containers"][0]["volumeMounts"] + + deployment = r["deployment"][name + "-metrics"]["spec"]["template"]["spec"] + + assert { + "configMap": {"name": name + "-config", "defaultMode": 0o600}, + "name": project + "-config", + } not in deployment["volumes"] + assert { + "configMap": {"name": name + "-deployment-config", "defaultMode": 0o600}, + "name": project + "-config", + } in deployment["volumes"] + + assert { + "mountPath": "/usr/share/metricbeat/metricbeat.yml", + "name": project + "-config", + "subPath": "metricbeat.yml", + "readOnly": True, + } in deployment["containers"][0]["volumeMounts"] + + assert daemonset["containers"][0]["resources"] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } + assert deployment["containers"][0]["resources"] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } + + assert "hostAliases" not in r["daemonset"][name]["spec"]["template"]["spec"] + assert ( + "hostAliases" + not in r["deployment"][name + "-metrics"]["spec"]["template"]["spec"] + ) def test_adding_a_extra_container(): @@ -103,13 +223,47 @@ def test_adding_a_extra_init_container(): def test_adding_envs(): config = """ +daemonset: + extraEnvs: + - name: LOG_LEVEL + value: DEBUG +""" + r = helm_template(config) + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + assert {"name": "LOG_LEVEL", "value": "DEBUG"} not in r["deployment"][ + name + "-metrics" + ]["spec"]["template"]["spec"]["containers"][0]["env"] + + config = """ +deployment: + extraEnvs: + - name: LOG_LEVEL + value: DEBUG +""" + r = helm_template(config) + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["deployment"][ + name + "-metrics" + ]["spec"]["template"]["spec"]["containers"][0]["env"] + assert {"name": "LOG_LEVEL", "value": "DEBUG"} not in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + + +def test_adding_deprecated_envs(): + config = """ extraEnvs: - name: LOG_LEVEL value: DEBUG """ r = helm_template(config) - envs = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["env"] - assert {"name": "LOG_LEVEL", "value": "DEBUG"} in envs + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["containers"][0]["env"] + assert {"name": "LOG_LEVEL", "value": "DEBUG"} in r["deployment"][ + name + "-metrics" + ]["spec"]["template"]["spec"]["containers"][0]["env"] def test_adding_image_pull_secrets(): @@ -124,8 +278,68 @@ def test_adding_image_pull_secrets(): ) +def test_adding_host_networking(): + config = """ +daemonset: + hostNetworking: true +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["hostNetwork"] is True + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["dnsPolicy"] + == "ClusterFirstWithHostNet" + ) + assert ( + "hostNetwork" + not in r["deployment"][name + "-metrics"]["spec"]["template"]["spec"] + ) + assert ( + "dnsPolicy" + not in r["deployment"][name + "-metrics"]["spec"]["template"]["spec"] + ) + + def test_adding_tolerations(): config = """ +daemonset: + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoExecute" + tolerationSeconds: 3600 +""" + r = helm_template(config) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"][0]["key"] + == "key1" + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["tolerations"] + == [] + ) + + config = """ +deployment: + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoExecute" + tolerationSeconds: 3600 +""" + r = helm_template(config) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["tolerations"][ + 0 + ]["key"] + == "key1" + ) + assert r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"] == [] + + +def test_adding_deprecated_tolerations(): + config = """ tolerations: - key: "key1" operator: "Equal" @@ -138,6 +352,12 @@ def test_adding_tolerations(): r["daemonset"][name]["spec"]["template"]["spec"]["tolerations"][0]["key"] == "key1" ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["tolerations"][ + 0 + ]["key"] + == "key1" + ) def test_override_the_default_update_strategy(): @@ -172,77 +392,341 @@ def test_self_managing_rbac_resources(): def test_setting_pod_security_context(): config = """ +daemonset: + securityContext: + runAsUser: 1001 + privileged: false +""" + r = helm_template(config) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 0 + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + + config = """ +deployment: + securityContext: + runAsUser: 1001 + privileged: false +""" + r = helm_template(config) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == False + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + + +def test_setting_deprecated_pod_security_context(): + config = """ podSecurityContext: runAsUser: 1001 privileged: false """ r = helm_template(config) - c = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0] - assert c["securityContext"]["runAsUser"] == 1001 - assert c["securityContext"]["privileged"] == False + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["runAsUser"] + == 1001 + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "securityContext" + ]["privileged"] + == False + ) def test_adding_in_metricbeat_config(): config = """ +daemonset: + metricbeatConfig: + metricbeat.yml: | + key: daemonset + daemonset-config.yml: | + hello = daemonset + +deployment: + metricbeatConfig: + metricbeat.yml: | + key: deployment + deployment-config.yml: | + hello = deployment +""" + r = helm_template(config) + cfg = r["configmap"] + + assert "metricbeat.yml" in cfg[name + "-daemonset-config"]["data"] + assert "daemonset-config.yml" in cfg[name + "-daemonset-config"]["data"] + assert "deployment-config.yml" not in cfg[name + "-daemonset-config"]["data"] + assert "metricbeat.yml" in cfg[name + "-deployment-config"]["data"] + assert "deployment-config.yml" in cfg[name + "-deployment-config"]["data"] + assert "daemonset-config.yml" not in cfg[name + "-deployment-config"]["data"] + + assert "key: daemonset" in cfg[name + "-daemonset-config"]["data"]["metricbeat.yml"] + assert ( + "key: deployment" in cfg[name + "-deployment-config"]["data"]["metricbeat.yml"] + ) + + assert ( + "hello = daemonset" + in cfg[name + "-daemonset-config"]["data"]["daemonset-config.yml"] + ) + assert ( + "hello = deployment" + in cfg[name + "-deployment-config"]["data"]["deployment-config.yml"] + ) + + daemonset = r["daemonset"][name]["spec"]["template"]["spec"] + assert { + "mountPath": "/usr/share/metricbeat/daemonset-config.yml", + "name": project + "-config", + "subPath": "daemonset-config.yml", + "readOnly": True, + } in daemonset["containers"][0]["volumeMounts"] + + deployment = r["deployment"][name + "-metrics"]["spec"]["template"]["spec"] + assert { + "mountPath": "/usr/share/metricbeat/deployment-config.yml", + "name": project + "-config", + "subPath": "deployment-config.yml", + "readOnly": True, + } in deployment["containers"][0]["volumeMounts"] + + +def test_adding_in_deprecated_metricbeat_config(): + config = """ metricbeatConfig: metricbeat.yml: | key: nestedkey: value dot.notation: test - other-config.yml: | + kube-state-metrics-metricbeat.yml: | hello = world """ r = helm_template(config) c = r["configmap"][name + "-config"]["data"] assert "metricbeat.yml" in c - assert "other-config.yml" in c + assert "kube-state-metrics-metricbeat.yml" in c assert "nestedkey: value" in c["metricbeat.yml"] assert "dot.notation: test" in c["metricbeat.yml"] - assert "hello = world" in c["other-config.yml"] + assert "hello = world" in c["kube-state-metrics-metricbeat.yml"] - d = r["daemonset"][name]["spec"]["template"]["spec"] + daemonset = r["daemonset"][name]["spec"]["template"]["spec"] assert { "configMap": {"name": name + "-config", "defaultMode": 0o600}, "name": project + "-config", - } in d["volumes"] + } in daemonset["volumes"] assert { "mountPath": "/usr/share/metricbeat/metricbeat.yml", "name": project + "-config", "subPath": "metricbeat.yml", "readOnly": True, - } in d["containers"][0]["volumeMounts"] + } in daemonset["containers"][0]["volumeMounts"] assert { - "mountPath": "/usr/share/metricbeat/other-config.yml", + "mountPath": "/usr/share/metricbeat/kube-state-metrics-metricbeat.yml", "name": project + "-config", - "subPath": "other-config.yml", + "subPath": "kube-state-metrics-metricbeat.yml", "readOnly": True, - } in d["containers"][0]["volumeMounts"] + } in daemonset["containers"][0]["volumeMounts"] assert ( "configChecksum" in r["daemonset"][name]["spec"]["template"]["metadata"]["annotations"] ) + deployment = r["deployment"][name + "-metrics"]["spec"]["template"]["spec"] + + assert { + "configMap": {"name": name + "-config", "defaultMode": 0o600}, + "name": project + "-config", + } in deployment["volumes"] + assert { + "mountPath": "/usr/share/metricbeat/metricbeat.yml", + "name": project + "-config", + "subPath": "metricbeat.yml", + "readOnly": True, + } in deployment["containers"][0]["volumeMounts"] + assert { + "mountPath": "/usr/share/metricbeat/kube-state-metrics-metricbeat.yml", + "name": project + "-config", + "subPath": "kube-state-metrics-metricbeat.yml", + "readOnly": True, + } in deployment["containers"][0]["volumeMounts"] + assert ("/usr/share/metricbeat/kube-state-metrics-metricbeat.yml") in deployment[ + "containers" + ][0]["args"] + + assert ( + "configChecksum" + in r["deployment"][name + "-metrics"]["spec"]["template"]["metadata"][ + "annotations" + ] + ) + def test_adding_a_secret_mount(): config = """ +daemonset: + secretMounts: + - name: elastic-certificates + secretName: elastic-certificates-name + path: /usr/share/metricbeat/config/certs +""" + r = helm_template(config) + assert ( + { + "mountPath": "/usr/share/metricbeat/config/certs", + "name": "elastic-certificates", + } + in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + + assert ( + { + "mountPath": "/usr/share/metricbeat/config/certs", + "name": "elastic-certificates", + } + not in r["deployment"][name + "-metrics"]["spec"]["template"]["spec"][ + "containers" + ][0]["volumeMounts"] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } not in r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["volumes"] + + config = """ +deployment: + secretMounts: + - name: elastic-certificates + secretName: elastic-certificates-name + path: /usr/share/metricbeat/config/certs +""" + r = helm_template(config) + assert ( + { + "mountPath": "/usr/share/metricbeat/config/certs", + "name": "elastic-certificates", + } + in r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][ + 0 + ]["volumeMounts"] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } in r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["volumes"] + + assert ( + { + "mountPath": "/usr/share/metricbeat/config/certs", + "name": "elastic-certificates", + } + not in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } not in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + + +def test_adding_a_deprecated_secret_mount(): + config = """ secretMounts: - name: elastic-certificates secretName: elastic-certificates-name path: /usr/share/metricbeat/config/certs """ r = helm_template(config) - s = r["daemonset"][name]["spec"]["template"]["spec"] - assert s["containers"][0]["volumeMounts"][0] == { + assert ( + { + "mountPath": "/usr/share/metricbeat/config/certs", + "name": "elastic-certificates", + } + in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certificates-name"}, + } in r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] + + assert r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][ + 0 + ]["volumeMounts"][0] == { "mountPath": "/usr/share/metricbeat/config/certs", "name": "elastic-certificates", } - assert s["volumes"][0] == { + assert r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["volumes"][ + 0 + ] == { "name": "elastic-certificates", "secret": {"secretName": "elastic-certificates-name"}, } @@ -250,6 +734,62 @@ def test_adding_a_secret_mount(): def test_adding_a_extra_volume_with_volume_mount(): config = """ +daemonset: + extraVolumes: + - name: extras + emptyDir: {} + extraVolumeMounts: + - name: extras + mountPath: /usr/share/extras + readOnly: true +""" + r = helm_template(config) + assert {"name": "extras", "emptyDir": {}} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "daemonset" + ][name]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] + assert {"name": "extras", "emptyDir": {}} not in r["deployment"][name + "-metrics"][ + "spec" + ]["template"]["spec"]["volumes"] + assert ( + {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} + not in r["deployment"][name + "-metrics"]["spec"]["template"]["spec"][ + "containers" + ][0]["volumeMounts"] + ) + + config = """ +deployment: + extraVolumes: + - name: extras + emptyDir: {} + extraVolumeMounts: + - name: extras + mountPath: /usr/share/extras + readOnly: true +""" + r = helm_template(config) + assert {"name": "extras", "emptyDir": {}} in r["deployment"][name + "-metrics"][ + "spec" + ]["template"]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "deployment" + ][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] + assert {"name": "extras", "emptyDir": {}} not in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert ( + {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} + not in r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + ) + + +def test_adding_a_deprecated_extra_volume_with_volume_mount(): + config = """ extraVolumes: - name: extras emptyDir: {} @@ -259,20 +799,53 @@ def test_adding_a_extra_volume_with_volume_mount(): readOnly: true """ r = helm_template(config) - extraVolume = r["daemonset"][name]["spec"]["template"]["spec"]["volumes"] - assert {"name": "extras", "emptyDir": {}} in extraVolume - extraVolumeMounts = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][ - 0 - ]["volumeMounts"] - assert { - "name": "extras", - "mountPath": "/usr/share/extras", - "readOnly": True, - } in extraVolumeMounts + assert {"name": "extras", "emptyDir": {}} in r["daemonset"][name]["spec"][ + "template" + ]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "daemonset" + ][name]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] + assert {"name": "extras", "emptyDir": {}} in r["deployment"][name + "-metrics"][ + "spec" + ]["template"]["spec"]["volumes"] + assert {"name": "extras", "mountPath": "/usr/share/extras", "readOnly": True,} in r[ + "deployment" + ][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"] def test_adding_a_node_selector(): config = """ +daemonset: + nodeSelector: + disktype: ssd +""" + r = helm_template(config) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["nodeSelector"]["disktype"] + == "ssd" + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["nodeSelector"] + == {} + ) + + config = """ +deployment: + nodeSelector: + disktype: ssd +""" + r = helm_template(config) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["nodeSelector"][ + "disktype" + ] + == "ssd" + ) + assert r["daemonset"][name]["spec"]["template"]["spec"]["nodeSelector"] == {} + + +def test_adding_deprecated_node_selector(): + config = """ nodeSelector: disktype: ssd """ @@ -304,6 +877,53 @@ def test_adding_an_affinity_rule(): ][0]["topologyKey"] == "kubernetes.io/hostname" ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["affinity"] == {} + ) + + config = """ +daemonset: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - metricbeat + topologyKey: kubernetes.io/hostname +""" + + r = helm_template(config) + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["affinity"]["podAntiAffinity"][ + "requiredDuringSchedulingIgnoredDuringExecution" + ][0]["topologyKey"] + == "kubernetes.io/hostname" + ) + + config = """ +deployment: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - metricbeat + topologyKey: kubernetes.io/hostname +""" + + r = helm_template(config) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["affinity"][ + "podAntiAffinity" + ]["requiredDuringSchedulingIgnoredDuringExecution"][0]["topologyKey"] + == "kubernetes.io/hostname" + ) def test_priority_class_name(): @@ -334,9 +954,9 @@ def test_cluster_role_rules(): config = "" r = helm_template(config) rules = r["clusterrole"]["release-name-metricbeat-cluster-role"]["rules"][0] - assert rules["apiGroups"][0] == "extensions" + assert rules["apiGroups"][0] == "" assert rules["verbs"][0] == "get" - assert rules["resources"][0] == "namespaces" + assert rules["resources"][0] == "nodes" config = """ clusterRoleRules: @@ -354,35 +974,237 @@ def test_cluster_role_rules(): assert rules["resources"][0] == "something" -def test_adding_pod_labels(): +def test_adding_deprecated_labels(): + config = """ +labels: + app-test: metricbeat +""" + r = helm_template(config) + assert r["daemonset"][name]["metadata"]["labels"]["app-test"] == "metricbeat" + assert ( + r["deployment"][name + "-metrics"]["metadata"]["labels"]["app-test"] + == "metricbeat" + ) + assert ( + r["daemonset"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "metricbeat" + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["metadata"]["labels"][ + "app-test" + ] + == "metricbeat" + ) + + +def test_adding_daemonset_labels(): + config = """ +daemonset: + labels: + app-test: metricbeat +""" + r = helm_template(config) + assert r["daemonset"][name]["metadata"]["labels"]["app-test"] == "metricbeat" + assert ( + r["daemonset"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "metricbeat" + ) + + +def test_adding_daemonset_labels_surpasses_root_labels(): config = """ labels: - app.kubernetes.io/name: metricbeat + app-test: root-metricbeat +daemonset: + labels: + app-test: daemonset-metricbeat +""" + r = helm_template(config) + assert ( + r["daemonset"][name]["metadata"]["labels"]["app-test"] == "daemonset-metricbeat" + ) + assert ( + r["daemonset"][name]["spec"]["template"]["metadata"]["labels"]["app-test"] + == "daemonset-metricbeat" + ) + + +def test_adding_deployment_labels(): + config = """ +deployment: + labels: + app-test: metricbeat """ r = helm_template(config) assert ( - r["daemonset"][name]["metadata"]["labels"]["app.kubernetes.io/name"] + r["deployment"][name + "-metrics"]["metadata"]["labels"]["app-test"] == "metricbeat" ) assert ( - r["daemonset"][name]["spec"]["template"]["metadata"]["labels"][ - "app.kubernetes.io/name" + r["deployment"][name + "-metrics"]["spec"]["template"]["metadata"]["labels"][ + "app-test" ] == "metricbeat" ) +def test_adding_deployment_labels_surpasses_root_labels(): + config = """ +labels: + app-test: root-metricbeat +deployment: + labels: + app-test: deployment-metricbeat +""" + r = helm_template(config) + assert ( + r["deployment"][name + "-metrics"]["metadata"]["labels"]["app-test"] + == "deployment-metricbeat" + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["metadata"]["labels"][ + "app-test" + ] + == "deployment-metricbeat" + ) + + +def test_adding_serviceaccount_annotations(): + config = """ +serviceAccountAnnotations: + eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount +""" + r = helm_template(config) + assert ( + r["serviceaccount"][name]["metadata"]["annotations"][ + "eks.amazonaws.com/role-arn" + ] + == "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount" + ) + + def test_adding_env_from(): config = """ +daemonset: + envFrom: + - configMapRef: + name: configmap-name +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["envFrom"][ + 0 + ]["configMapRef"] == {"name": "configmap-name"} + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "envFrom" + ] + == [] + ) + + config = """ +deployment: + envFrom: + - configMapRef: + name: configmap-name +""" + r = helm_template(config) + assert r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][ + 0 + ]["envFrom"][0]["configMapRef"] == {"name": "configmap-name"} + assert ( + r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["envFrom"] + == [] + ) + + +def test_adding_deprecated_env_from(): + config = """ envFrom: - configMapRef: name: configmap-name """ r = helm_template(config) - configMapRef = r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ - "envFrom" - ][0]["configMapRef"] - assert configMapRef == {"name": "configmap-name"} + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0]["envFrom"][ + 0 + ]["configMapRef"] == {"name": "configmap-name"} + assert r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][ + 0 + ]["envFrom"][0]["configMapRef"] == {"name": "configmap-name"} + + +def test_overriding_resources(): + config = """ +daemonset: + resources: + limits: + cpu: "25m" + memory: "128Mi" + requests: + cpu: "25m" + memory: "128Mi" +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } + assert r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][ + 0 + ]["resources"] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } + + config = """ +deployment: + resources: + limits: + cpu: "25m" + memory: "128Mi" + requests: + cpu: "25m" + memory: "128Mi" +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "100m", "memory": "100Mi"}, + "limits": {"cpu": "1000m", "memory": "200Mi"}, + } + assert r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][ + 0 + ]["resources"] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } + + +def test_adding_deprecated_resources(): + config = """ +resources: + limits: + cpu: "25m" + memory: "128Mi" + requests: + cpu: "25m" + memory: "128Mi" +""" + r = helm_template(config) + assert r["daemonset"][name]["spec"]["template"]["spec"]["containers"][0][ + "resources" + ] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } + assert r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][ + 0 + ]["resources"] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } def test_setting_fullnameOverride(): @@ -409,3 +1231,269 @@ def test_setting_fullnameOverride(): "type": "DirectoryOrCreate", }, } in volumes + + +def test_adding_annotations(): + config = """ +daemonset: + annotations: + foo: "bar" +""" + r = helm_template(config) + assert "foo" in r["daemonset"][name]["metadata"]["annotations"] + assert r["daemonset"][name]["metadata"]["annotations"]["foo"] == "bar" + assert "annotations" not in r["deployment"][name + "-metrics"]["metadata"] + config = """ +deployment: + annotations: + grault: "waldo" +""" + r = helm_template(config) + assert "grault" in r["deployment"][name + "-metrics"]["metadata"]["annotations"] + assert ( + r["deployment"][name + "-metrics"]["metadata"]["annotations"]["grault"] + == "waldo" + ) + assert "annotations" not in r["daemonset"][name]["metadata"] + + +def test_disable_daemonset(): + config = """ +daemonset: + enabled: false +""" + r = helm_template(config) + cfg = r["configmap"] + + assert name not in r.get("daemonset", {}) + assert name + "-daemonset-config" not in cfg + assert name + "-deployment-config" in cfg + + +def test_disable_deployment(): + config = """ +deployment: + enabled: false +""" + r = helm_template(config) + cfg = r["configmap"] + + assert name + "-metrics" not in r.get("deployment", {}) + assert name + "-daemonset-config" in cfg + assert name + "-deployment-config" not in cfg + + +def test_do_not_install_kube_stat_metrics(): + config = """ +kube_state_metrics: + enabled: false +""" + r = helm_template(config) + + assert kube_state_metric_name not in r["deployment"] + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "env" + ][1]["name"] + == "KUBE_STATE_METRICS_HOSTS" + ) + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "env" + ][1]["value"] + == "kube-state-metrics:8080" + ) + + +def test_custom_kube_stat_metrics_host(): + config = """ +kube_state_metrics: + enabled: false + host: "kube-state-metrics.kube-system:9999" +""" + r = helm_template(config) + + assert ( + r["deployment"][name + "-metrics"]["spec"]["template"]["spec"]["containers"][0][ + "env" + ][1]["value"] + == "kube-state-metrics.kube-system:9999" + ) + + +def test_adding_a_secret(): + content = "LS1CRUdJTiBgUFJJVkFURSB" + config = """ +secrets: + - name: "env" + value: + ELASTICSEARCH_PASSWORD: {elk_pass} +""".format( + elk_pass=content + ) + content_b64 = base64.b64encode(content.encode("ascii")).decode("ascii") + + r = helm_template(config) + secret_name = name + "-env" + s = r["secret"][secret_name] + assert s["metadata"]["labels"]["app"] == name + assert len(r["secret"]) == 1 + assert len(s["data"]) == 1 + assert s["data"] == {"ELASTICSEARCH_PASSWORD": content_b64} + + +def test_adding_secret_from_file(): + content = """ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEApCt3ychnqZHsS +DylPFZn55xDaDcWco1oNFdBGzFjw+ +zkuMFMOv7ab+yOFwHeEeAAEkEgy1u +Da1vIscBs1K0kbEFRSqySLuNHWiJp +wK2cI/gJc+S9Qd9Qsn0XGjmjQ6P2p +ot2hvCOtnei998OmDSYORKBq2jiv/ +-----END RSA PRIVATE KEY----- +""" + config = """ +secrets: + - name: "tls" + value: + cert.key.filepath: "secrets/private.key" +""" + content_b64 = base64.b64encode(content.encode("ascii")).decode("ascii") + work_dir = os.path.join(os.path.abspath(os.getcwd()), "secrets") + filename = os.path.join(work_dir, "private.key") + os.makedirs(os.path.dirname(filename), exist_ok=True) + with open(filename, "w") as f: + f.write(content) + + with open(filename, "r") as f: + data = f.read() + assert data == content + + r = helm_template(config) + secret_name = name + "-tls" + s = r["secret"][secret_name] + assert s["metadata"]["labels"]["app"] == name + assert len(r["secret"]) == 1 + assert len(s["data"]) == 1 + assert s["data"] == { + "cert.key": content_b64, + } + + os.remove(filename) + os.rmdir(work_dir) + + +def test_adding_multiple_data_secret(): + content = { + "elk_pass": "LS1CRUdJTiBgUFJJVkFURSB", + "api_key": "ui2CsdUadTiBasRJRkl9tvNnw", + } + config = """ +secrets: + - name: "env" + value: + ELASTICSEARCH_PASSWORD: {elk_pass} + api_key: {api_key} +""".format( + elk_pass=content["elk_pass"], api_key=content["api_key"] + ) + content_b64 = { + "elk_pass": base64.b64encode(content["elk_pass"].encode("ascii")).decode( + "ascii" + ), + "api_key": base64.b64encode(content["api_key"].encode("ascii")).decode("ascii"), + } + + r = helm_template(config) + secret_name = name + "-env" + s = r["secret"][secret_name] + assert s["metadata"]["labels"]["app"] == name + assert len(r["secret"]) == 1 + assert len(s["data"]) == 2 + assert s["data"] == { + "ELASTICSEARCH_PASSWORD": content_b64["elk_pass"], + "api_key": content_b64["api_key"], + } + + +def test_adding_multiple_secrets(): + content = { + "elk_pass": "LS1CRUdJTiBgUFJJVkFURSB", + "cert_crt": "LS0tLS1CRUdJTiBlRJRALKJDDQVRFLS0tLS0K", + "cert_key": "LS0tLS1CRUdJTiBgUFJJVkFURSBLRVktLS0tLQo", + } + config = """ +secrets: + - name: "env" + value: + ELASTICSEARCH_PASSWORD: {elk_pass} + - name: "tls" + value: + cert.crt: {cert_crt} + cert.key: {cert_key} + +""".format( + elk_pass=content["elk_pass"], + cert_crt=content["cert_crt"], + cert_key=content["cert_key"], + ) + content_b64 = { + "elk_pass": base64.b64encode(content["elk_pass"].encode("ascii")).decode( + "ascii" + ), + "cert_crt": base64.b64encode(content["cert_crt"].encode("ascii")).decode( + "ascii" + ), + "cert_key": base64.b64encode(content["cert_key"].encode("ascii")).decode( + "ascii" + ), + } + + r = helm_template(config) + secret_names = {"env": name + "-env", "tls": name + "-tls"} + s_env = r["secret"][secret_names["env"]] + s_tls = r["secret"][secret_names["tls"]] + assert len(r["secret"]) == 2 + assert len(s_env["data"]) == 1 + assert s_env["data"] == { + "ELASTICSEARCH_PASSWORD": content_b64["elk_pass"], + } + assert len(s_tls["data"]) == 2 + assert s_tls["data"] == { + "cert.crt": content_b64["cert_crt"], + "cert.key": content_b64["cert_key"], + } + + +def test_hostaliases(): + config = """ +daemonset: + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "foo.local" + - "bar.local" +""" + r = helm_template(config) + assert ( + "hostAliases" + not in r["deployment"][name + "-metrics"]["spec"]["template"]["spec"] + ) + hostAliases = r["daemonset"][name]["spec"]["template"]["spec"]["hostAliases"] + assert {"ip": "127.0.0.1", "hostnames": ["foo.local", "bar.local"]} in hostAliases + + config = """ +deployment: + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "foo.local" + - "bar.local" +""" + r = helm_template(config) + assert "hostAliases" not in r["daemonset"][name]["spec"]["template"]["spec"] + hostAliases = r["deployment"][name + "-metrics"]["spec"]["template"]["spec"][ + "hostAliases" + ] + assert {"ip": "127.0.0.1", "hostnames": ["foo.local", "bar.local"]} in hostAliases diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml index 141b02c33..830fbe386 100755 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -1,67 +1,170 @@ --- -# Allows you to add any config files in /usr/share/metricbeat -# such as metricbeat.yml -metricbeatConfig: - metricbeat.yml: | - metricbeat.modules: - - module: kubernetes - metricsets: - - container - - node - - pod - - system - - volume - period: 10s - host: "${NODE_NAME}" - hosts: ["${NODE_NAME}:10255"] - processors: - - add_kubernetes_metadata: - in_cluster: true - - module: kubernetes - enabled: true - metricsets: - - event - - module: system - period: 10s - metricsets: - - cpu - - load - - memory - - network - - process - - process_summary - processes: ['.*'] - process.include_top_n: - by_cpu: 5 - by_memory: 5 - - module: system - period: 1m - metricsets: - - filesystem - - fsstat - processors: - - drop_event.when.regexp: - system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)' - output.elasticsearch: - hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' - - kube-state-metrics-metricbeat.yml: | - metricbeat.modules: - - module: kubernetes - enabled: true - metricsets: - - state_node - - state_deployment - - state_replicaset - - state_pod - - state_container - period: 10s - hosts: ["${KUBE_STATE_METRICS_HOSTS}"] - output.elasticsearch: - hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' -# Replicas being used for the kube-state-metrics metricbeat deployment +daemonset: + # Annotations to apply to the daemonset + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the daemonset + enabled: true + # Extra environment variables for Metricbeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + hostAliases: [] + #- ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + hostNetworking: false + # Allows you to add any config files in /usr/share/metricbeat + # such as metricbeat.yml for daemonset + metricbeatConfig: + metricbeat.yml: | + metricbeat.modules: + - module: kubernetes + metricsets: + - container + - node + - pod + - system + - volume + period: 10s + host: "${NODE_NAME}" + hosts: ["https://${NODE_NAME}:10250"] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl.verification_mode: "none" + # If using Red Hat OpenShift remove ssl.verification_mode entry and + # uncomment these settings: + #ssl.certificate_authorities: + #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + processors: + - add_kubernetes_metadata: ~ + - module: kubernetes + enabled: true + metricsets: + - event + - module: system + period: 10s + metricsets: + - cpu + - load + - memory + - network + - process + - process_summary + processes: ['.*'] + process.include_top_n: + by_cpu: 5 + by_memory: 5 + - module: system + period: 1m + metricsets: + - filesystem + - fsstat + processors: + - drop_event.when.regexp: + system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)' + output.elasticsearch: + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: metricbeat-certificates + # secretName: metricbeat-certificates + # path: /usr/share/metricbeat/certs + # Various pod security context settings. Bear in mind that many of these have an impact on metricbeat functioning properly. + # - Filesystem group for the metricbeat user. The official elastic docker images always have an id of 1000. + # - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. + # - Whether to execute the metricbeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] + +deployment: + # Annotations to apply to the deployment + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the deployment + enabled: true + # Extra environment variables for Metricbeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + # Allows you to add any config files in /usr/share/metricbeat + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + # such as metricbeat.yml for deployment + hostAliases: [] + #- ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + metricbeatConfig: + metricbeat.yml: | + metricbeat.modules: + - module: kubernetes + enabled: true + metricsets: + - state_node + - state_deployment + - state_replicaset + - state_pod + - state_container + period: 10s + hosts: ["${KUBE_STATE_METRICS_HOSTS}"] + output.elasticsearch: + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: metricbeat-certificates + # secretName: metricbeat-certificates + # path: /usr/share/metricbeat/certs + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] +# Replicas being used for the kube-state-metrics metricbeat deployment replicas: 1 extraContainers: "" @@ -74,31 +177,11 @@ extraInitContainers: "" # image: busybox # command: ['echo', 'hey'] -# Extra environment variables to append to the DaemonSet pod spec. -# This will be appended to the current 'env:' key. You can use any of the kubernetes env -# syntax here -extraEnvs: [] -# - name: MY_ENVIRONMENT_VAR -# value: the_value_goes_here - -extraVolumeMounts: [] - # - name: extras - # mountPath: /usr/share/extras - # readOnly: true - -extraVolumes: [] - # - name: extras - # emptyDir: {} - -envFrom: [] - # - configMapRef: - # name: config-secret - # Root directory where metricbeat will write data to in order to persist registry data across pod restarts (file position and other metadata). hostPathRoot: /var/lib image: "docker.elastic.co/beats/metricbeat" -imageTag: "7.6.2" +imageTag: "7.12.0-SNAPSHOT" imagePullPolicy: "IfNotPresent" imagePullSecrets: [] @@ -128,68 +211,45 @@ readinessProbe: periodSeconds: 10 timeoutSeconds: 5 -# additionals labels -labels: {} - # Whether this chart should self-manage its service account, role, and associated role binding. managedServiceAccount: true clusterRoleRules: - - apiGroups: - - "extensions" - - "apps" - - "" - resources: - - namespaces - - pods - - events - - deployments - - nodes - - replicasets - verbs: - - get - - list - - watch +- apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + verbs: ["get", "list", "watch"] +- apiGroups: ["extensions"] + resources: + - replicasets + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: + - statefulsets + - deployments + - replicasets + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: + - nodes/stats + verbs: ["get"] podAnnotations: {} # iam.amazonaws.com/role: es-cluster -# Various pod security context settings. Bear in mind that many of these have an impact on metricbeat functioning properly. -# -# - Filesystem group for the metricbeat user. The official elastic docker images always have an id of 1000. -# - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. -# - Whether to execute the metricbeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. -podSecurityContext: - runAsUser: 0 - privileged: false - -resources: - requests: - cpu: "100m" - memory: "100Mi" - limits: - cpu: "1000m" - memory: "200Mi" - # Custom service account override that the pod will use serviceAccount: "" -# A list of secrets and their paths to mount inside the pod -# This is useful for mounting certificates for security other sensitive values -secretMounts: [] -# - name: metricbeat-certificates -# secretName: metricbeat-certificates -# path: /usr/share/metricbeat/certs +# Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set. +serviceAccountAnnotations: {} + # eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount # How long to wait for metricbeat pods to stop gracefully terminationGracePeriod: 30 -tolerations: [] - -nodeSelector: {} - -affinity: {} - # This is the PriorityClass settings as defined in # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" @@ -200,3 +260,40 @@ updateStrategy: RollingUpdate # Only edit these if you know what you're doing nameOverride: "" fullnameOverride: "" + +kube_state_metrics: + enabled: true + # host is used only when kube_state_metrics.enabled: false + host: "" + +# Add sensitive data to k8s secrets +secrets: [] +# - name: "env" +# value: +# ELASTICSEARCH_PASSWORD: "LS1CRUdJTiBgUFJJVkFURSB" +# api_key: ui2CsdUadTiBasRJRkl9tvNnw +# - name: "tls" +# value: +# ca.crt: | +# LS0tLS1CRUdJT0K +# LS0tLS1CRUdJT0K +# LS0tLS1CRUdJT0K +# LS0tLS1CRUdJT0K +# cert.crt: "LS0tLS1CRUdJTiBlRJRklDQVRFLS0tLS0K" +# cert.key.filepath: "secrets.crt" # The path to file should be relative to the `values.yaml` file. + +# DEPRECATED +affinity: {} +envFrom: [] +extraEnvs: [] +extraVolumes: [] +extraVolumeMounts: [] +# Allows you to add any config files in /usr/share/metricbeat +# such as metricbeat.yml for both daemonset and deployment +metricbeatConfig: {} +nodeSelector: {} +podSecurityContext: {} +resources: {} +secretMounts: [] +tolerations: [] +labels: {}