forked from kubearmor/kubearmor-dashboards
-
Notifications
You must be signed in to change notification settings - Fork 0
/
logstash.yaml
80 lines (80 loc) · 1.93 KB
/
logstash.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
apiVersion: v1
kind: ConfigMap
metadata:
name: kubearmor-logstash-configmap
namespace: kubearmor
data:
logstash.conf: |
input {
kafka {
bootstrap_servers => "kubearmor-kafka-cluster-kafka-bootstrap.kubearmor.svc:9092"
topics => [ "kubearmor-messages", "kubearmor-alerts", "kubearmor-syslogs" ]
enable_auto_commit => "true"
auto_offset_reset => "latest"
consumer_threads => 4
codec => "json"
}
}
output {
elasticsearch {
hosts => "kubearmor-elasticsearch.kubearmor.svc:9200"
user => "admin"
password => "password"
index => "kubearmor-%{+YYYYMMDD}"
}
}
---
apiVersion: v1
kind: Service
metadata:
name: kubearmor-logstash
namespace: kubearmor
spec:
selector:
kubearmor-app: kubearmor-logstash
ports:
- name: ls-5000
port: 5000
targetPort: 5000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubearmor-logstash
namespace: kubearmor
spec:
replicas: 1
selector:
matchLabels:
kubearmor-app: kubearmor-logstash
template:
metadata:
labels:
kubearmor-app: kubearmor-logstash
annotations:
kubearmor-policy: audited
spec:
containers:
- name: kubearmor-logstash
image: docker.elastic.co/logstash/logstash:5.6.0
ports:
- containerPort: 5000
env:
- name: PATH_CONFIG
value: "/usr/share/logstash/pipeline"
- name: HTTP_HOST
value: "0.0.0.0"
- name: XPACK_MONITORING_ENABLED
value: "false"
- name: LS_JAVA_OPTS
value: -Xmx256m -Xms256m
volumeMounts:
- name: kubearmor-logstash-pipeline-volume
mountPath: /usr/share/logstash/pipeline
volumes:
- name: kubearmor-logstash-pipeline-volume
configMap:
name: kubearmor-logstash-configmap
items:
- key: logstash.conf
path: logstash.conf