diff --git a/logstash/.helmignore b/logstash/.helmignore
new file mode 100644
index 000000000..e12c0b4b9
--- /dev/null
+++ b/logstash/.helmignore
@@ -0,0 +1,2 @@
+tests/
+.pytest_cache/
diff --git a/logstash/Chart.yaml b/logstash/Chart.yaml
new file mode 100755
index 000000000..44b5bc656
--- /dev/null
+++ b/logstash/Chart.yaml
@@ -0,0 +1,11 @@
+description: Official Elastic helm chart for Logstash
+home: https://github.com/elastic/helm-charts
+maintainers:
+- email: helm-charts@elastic.co
+ name: Elastic
+name: logstash
+version: 7.4.0
+appVersion: 7.4.0
+sources:
+ - https://github.com/elastic/logstash
+icon: https://helm.elastic.co/icons/logstash.png
diff --git a/logstash/Makefile b/logstash/Makefile
new file mode 100644
index 000000000..22218a1f6
--- /dev/null
+++ b/logstash/Makefile
@@ -0,0 +1 @@
+include ../helpers/common.mk
diff --git a/logstash/README.md b/logstash/README.md
new file mode 100644
index 000000000..51e6d2178
--- /dev/null
+++ b/logstash/README.md
@@ -0,0 +1,124 @@
+# Logstash Helm Chart
+
+This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
+
+This helm chart is a lightweight way to configure and run our official [Logstash docker image](https://www.elastic.co/guide/en/logstash/current/docker.html)
+
+## Requirements
+
+* [Helm](https://helm.sh/) >= 2.8.0
+* Kubernetes >= 1.8
+
+## Usage notes and getting started
+
+* This repo includes a number of [example](./examples) configurations which can be used as a reference. They are also used in the automated testing of this chart
+* Automated testing of this chart is currently only run against GKE (Google Kubernetes Engine). If you are using a different Kubernetes provider you will likely need to adjust the `storageClassName` in the `volumeClaimTemplate`
+* The default storage class for GKE is `standard` which by default will give you `pd-ssd` type persistent volumes. This is network attached storage and will not perform as well as local storage. If you are using Kubernetes version 1.10 or greater you can use [Local PersistentVolumes](https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/local-ssd) for increased performance
+* The chart deploys a statefulset and by default will do an automated rolling update of your cluster. It does this by waiting for the cluster health to become green after each instance is updated. If you prefer to update manually you can set [`updateStrategy: OnDelete`](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#on-delete)
+* It is important to verify that the JVM heap size in `logstashJavaOpts` and to set the CPU/Memory `resources` to something suitable for your cluster
+* We have designed this chart to be very un-opinionated about how to configure Logstash. It exposes ways to set environment variables and mount secrets inside of the container. Doing this makes it much easier for this chart to support multiple versions with minimal changes.
+
+## Installing
+
+* Add the elastic helm charts repo
+ ```
+ helm repo add elastic https://helm.elastic.co
+ ```
+* Install it
+ ```
+ helm install --name logstash elastic/logstash
+ ```
+
+## Compatibility
+
+This chart is tested with the latest supported versions. The currently tested versions are:
+
+| 6.x | 7.x |
+| ----- | ----- |
+| 6.8.3 | 7.4.0 |
+
+Examples of installing older major versions can be found in the [examples](./examples) directory.
+
+While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.4.0` of Logstash it would look like this:
+
+```
+helm install --name logstash elastic/logstash --set imageTag=7.4.0
+```
+
+## Configuration
+
+| Parameter | Description | Default |
+| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
+| `antiAffinity` | Setting this to hard enforces the [anti-affinity rules](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). If it is set to soft it will be done "best effort". Other values will be ignored. | `hard` |
+| `antiAffinityTopologyKey` | The [anti-affinity topology key](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). By default this will prevent multiple Logstash nodes from running on the same Kubernetes node | `kubernetes.io/hostname` |
+| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` |
+| `extraVolumes` | Templatable string of additional volumes to be passed to the `tpl` function | `""` |
+| `extraVolumeMounts` | Templatable string of additional volumeMounts to be passed to the `tpl` function | `""` |
+| `image` | The Logstash docker image | `docker.elastic.co/logstash/logstash` |
+| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` |
+| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` |
+| `imageTag` | The Logstash docker image tag | `7.4.0` |
+| `ingress` | Configurable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose the Logstash service. See [`values.yaml`](./values.yaml) for an example | `enabled: false` |
+| `initResources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the initContainer in the statefulset | {} |
+| `extraInitContainers` | Templatable string of additional init containers to be passed to the `tpl` function | `""` |
+| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service. | `9600` |
+| `labels` | Configurable [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) applied to all Logstash pods | `{}` |
+| `lifecycle` | Allows you to add lifecycle configuration. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` |
+| `livenessProbe` | Configuration fields for the [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` |
+| `logstashConfig` | Allows you to add any config files in `/usr/share/logstash/config/` such as `logstash.yml` and `log4j2.properties`. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` |
+| `logstashJavaOpts` | Java options for Logstash. This is where you should configure the jvm heap size | `-Xmx1g -Xms1g` |
+| `logstashPipeline` | Allows you to add any pipeline files in `/usr/share/logstash/pipeline/`. | `{}` |
+| `maxUnavailable` | The [maxUnavailable](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget) value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` |
+| `nodeAffinity` | Value for the [node affinity settings](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature) | `{}` |
+| `nodeSelector` | Configurable [nodeSelector](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) so that you can target specific nodes for your Logstash cluster | `{}` |
+| `persistence.annotations` | Additional persistence annotations for the `volumeClaimTemplate` | `{}` |
+| `persistence.enabled` | Enables a persistent volume for Logstash data. Can be disabled for nodes that only have [roles](https://www.elastic.co/guide/en/logstash/reference/current/modules-node.html) which don't require persistent data. | `true` |
+| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Logstash pods | `{}` |
+| `podManagementPolicy` | By default Kubernetes [deploys statefulsets serially](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies). This deploys them in parallel so that they can discover each other | `Parallel` |
+| `podSecurityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000`
`runAsUser: 1000` |
+| `podSecurityPolicy` | Configuration for create a pod security policy with minimal permissions to run this Helm chart with `create: true`. Also can be used to reference an external pod security policy with `name: "externalPodSecurityPolicy"` | `create: false`
`name: ""` |
+| `priorityClassName` | The [name of the PriorityClass](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). No default is supplied as the PriorityClass must be created first. | `""` |
+| `protocol` | The protocol that will be used for the readinessProbe. | `http` |
+| `readinessProbe` | Configuration fields for the [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` |
+| `replicas` | Kubernetes replica count for the statefulset (i.e. how many pods) | `1` |
+| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the statefulset | `requests.cpu: 100m`
`requests.memory: 2Gi`
`limits.cpu: 1000m`
`limits.memory: 2Gi` |
+| `schedulerName` | Name of the [alternate scheduler](https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods) | `""` |
+| `secretMounts` | Allows you easily mount a secret as a file inside the statefulset. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `[]` |
+| `securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the container | `capabilities.drop:[ALL]`
`runAsNonRoot: true`
`runAsUser: 1000` |
+| `service.annotations` | Annotations that Kubernetes will use for the service. This will configure load balancer if `service.type` is `LoadBalancer` [Annotations](https://kubernetes.io/docs/concepts/services-networking/service/#ssl-support-on-aws) | `{}` |
+| `service.nodePort` | Custom [nodePort](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport) port that can be set if you are using `service.type: nodePort`. | `` |
+| `service.type` | Type of logstash service. [Service Types](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | `ClusterIP` |
+| `sidecarResources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the sidecar containers in the statefulset | {} |
+| `terminationGracePeriod` | The [terminationGracePeriod](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) in seconds used when trying to stop the pod | `120` |
+| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
+| `updateStrategy` | The [updateStrategy](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) for the statefulset. By default Kubernetes will wait for the cluster to be green after upgrading each pod. Setting this to `OnDelete` will allow you to manually delete each pod during upgrades | `RollingUpdate` |
+| `volumeClaimTemplate` | Configuration for the [volumeClaimTemplate for statefulsets](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-storage). You will want to adjust the storage (default `30Gi`) and the `storageClassName` if you are using a different storage class | `accessModes: [ "ReadWriteOnce" ]`
`resources.requests.storage: 1Gi` |
+| `rbac` | Configuration for creating a role, role binding and service account as part of this helm chart with `create: true`. Also can be used to reference an external service account with `serviceAccountName: "externalServiceAccountName"`. | `create: false`
`serviceAccountName: ""` |
+
+## Try it out
+
+In [examples/](./examples) you will find some example configurations. These examples are used for the automated testing of this helm chart
+
+### Default
+
+To deploy a cluster with all default values and run the integration tests
+
+```
+cd examples/default
+make
+```
+
+### FAQ
+
+### Local development environments
+
+This chart is designed to run on production scale Kubernetes clusters with multiple nodes, lots of memory and persistent storage. For that reason it can be a bit tricky to run them against local Kubernetes environments such as minikube. Below are some examples of how to get this working locally.
+
+#### Docker for Mac - Kubernetes
+
+It is also possible to run this chart with the built in Kubernetes cluster that comes with [docker-for-mac](https://docs.docker.com/docker-for-mac/kubernetes/).
+
+```
+cd examples/docker-for-mac
+make
+```
diff --git a/logstash/templates/_helpers.tpl b/logstash/templates/_helpers.tpl
new file mode 100755
index 000000000..2d16dfd1b
--- /dev/null
+++ b/logstash/templates/_helpers.tpl
@@ -0,0 +1,38 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for statefulset.
+*/}}
+{{- define "logstash.statefulset.apiVersion" -}}
+{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "apps/v1beta2" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for ingress.
+*/}}
+{{- define "logstash.ingress.apiVersion" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- end -}}
+{{- end -}}
diff --git a/logstash/templates/configmap-config.yaml b/logstash/templates/configmap-config.yaml
new file mode 100644
index 000000000..cca71034c
--- /dev/null
+++ b/logstash/templates/configmap-config.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.logstashConfig }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "fullname" . }}-config
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+data:
+{{- range $path, $config := .Values.logstashConfig }}
+ {{ $path }}: |
+{{ $config | indent 4 -}}
+{{- end -}}
+{{- end -}}
diff --git a/logstash/templates/configmap-pipeline.yaml b/logstash/templates/configmap-pipeline.yaml
new file mode 100644
index 000000000..2db1084b3
--- /dev/null
+++ b/logstash/templates/configmap-pipeline.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.logstashPipeline }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "fullname" . }}-pipeline
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+data:
+{{- range $path, $config := .Values.logstashPipeline }}
+ {{ $path }}: |
+{{ $config | indent 4 -}}
+{{- end -}}
+{{- end -}}
diff --git a/logstash/templates/ingress.yaml b/logstash/templates/ingress.yaml
new file mode 100644
index 000000000..6833a61a5
--- /dev/null
+++ b/logstash/templates/ingress.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: {{ template "logstash.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+{{- with .Values.ingress.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+ tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+{{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ - path: {{ $ingressPath }}
+ backend:
+ serviceName: {{ $fullName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+{{- end }}
diff --git a/logstash/templates/poddisruptionbudget.yaml b/logstash/templates/poddisruptionbudget.yaml
new file mode 100644
index 000000000..dfa8b0a39
--- /dev/null
+++ b/logstash/templates/poddisruptionbudget.yaml
@@ -0,0 +1,17 @@
+---
+{{- if .Values.maxUnavailable }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: "{{ template "fullname" . }}-pdb"
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+spec:
+ maxUnavailable: {{ .Values.maxUnavailable }}
+ selector:
+ matchLabels:
+ app: "{{ template "fullname" . }}"
+{{- end }}
diff --git a/logstash/templates/podsecuritypolicy.yaml b/logstash/templates/podsecuritypolicy.yaml
new file mode 100644
index 000000000..a05301afc
--- /dev/null
+++ b/logstash/templates/podsecuritypolicy.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.podSecurityPolicy.create -}}
+{{- $fullName := include "fullname" . -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ default $fullName .Values.podSecurityPolicy.name | quote }}
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+spec:
+{{ toYaml .Values.podSecurityPolicy.spec | indent 2 }}
+{{- end -}}
diff --git a/logstash/templates/role.yaml b/logstash/templates/role.yaml
new file mode 100644
index 000000000..f63da0424
--- /dev/null
+++ b/logstash/templates/role.yaml
@@ -0,0 +1,25 @@
+{{- if .Values.rbac.create -}}
+{{- $fullName := include "fullname" . -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ $fullName | quote }}
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+rules:
+ - apiGroups:
+ - extensions
+ resources:
+ - podsecuritypolicies
+ resourceNames:
+ {{- if eq .Values.podSecurityPolicy.name "" }}
+ - {{ $fullName | quote }}
+ {{- else }}
+ - {{ .Values.podSecurityPolicy.name | quote }}
+ {{- end }}
+ verbs:
+ - use
+{{- end -}}
diff --git a/logstash/templates/rolebinding.yaml b/logstash/templates/rolebinding.yaml
new file mode 100644
index 000000000..33e1fdaee
--- /dev/null
+++ b/logstash/templates/rolebinding.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.rbac.create -}}
+{{- $fullName := include "fullname" . -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ $fullName | quote }}
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+subjects:
+ - kind: ServiceAccount
+ {{- if eq .Values.rbac.serviceAccountName "" }}
+ name: {{ $fullName | quote }}
+ {{- else }}
+ name: {{ .Values.rbac.serviceAccountName | quote }}
+ {{- end }}
+ namespace: {{ .Release.Namespace | quote }}
+roleRef:
+ kind: Role
+ name: {{ $fullName | quote }}
+ apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/logstash/templates/service.yaml b/logstash/templates/service.yaml
new file mode 100644
index 000000000..4e70b4242
--- /dev/null
+++ b/logstash/templates/service.yaml
@@ -0,0 +1,27 @@
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: {{ template "fullname" . }}
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ selector:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ release: {{ .Release.Name | quote }}
+ heritage: {{ .Release.Service | quote }}
+ ports:
+ - name: http
+ port: {{ .Values.service.port }}
+ protocol: TCP
+ targetPort: {{ .Values.httpPort }}
+{{- if .Values.service.nodePort }}
+ nodePort: {{ .Values.service.nodePort }}
+{{- end }}
diff --git a/logstash/templates/serviceaccount.yaml b/logstash/templates/serviceaccount.yaml
new file mode 100644
index 000000000..0da5cd505
--- /dev/null
+++ b/logstash/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.rbac.create -}}
+{{- $fullName := include "fullname" . -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ {{- if eq .Values.rbac.serviceAccountName "" }}
+ name: {{ $fullName | quote }}
+ {{- else }}
+ name: {{ .Values.rbac.serviceAccountName | quote }}
+ {{- end }}
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+{{- end -}}
diff --git a/logstash/templates/statefulset.yaml b/logstash/templates/statefulset.yaml
new file mode 100644
index 000000000..b9cec71be
--- /dev/null
+++ b/logstash/templates/statefulset.yaml
@@ -0,0 +1,183 @@
+---
+apiVersion: {{ template "logstash.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+ name: {{ template "fullname" . }}
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ {{- range $key, $value := .Values.labels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+spec:
+ serviceName: {{ template "fullname" . }}
+ selector:
+ matchLabels:
+ app: "{{ template "fullname" . }}"
+ replicas: {{ default .Values.replicas }}
+ podManagementPolicy: {{ .Values.podManagementPolicy }}
+ updateStrategy:
+ type: {{ .Values.updateStrategy }}
+ {{- if .Values.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ template "fullname" . }}
+ {{- with .Values.persistence.annotations }}
+ annotations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ spec:
+{{ toYaml .Values.volumeClaimTemplate | indent 6 }}
+ {{- end }}
+ template:
+ metadata:
+ name: "{{ template "fullname" . }}"
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ annotations:
+ {{- range $key, $value := .Values.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{/* This forces a restart if the configmap has changed */}}
+ {{- if .Values.logstashConfig }}
+ configchecksum: {{ include (print .Template.BasePath "/configmap-config.yaml") . | sha256sum | trunc 63 }}
+ {{- end }}
+ {{/* This forces a restart if the configmap has changed */}}
+ {{- if .Values.logstashPipeline }}
+ configchecksum: {{ include (print .Template.BasePath "/configmap-pipeline.yaml") . | sha256sum | trunc 63 }}
+ {{- end }}
+ spec:
+ {{- if .Values.schedulerName }}
+ schedulerName: "{{ .Values.schedulerName }}"
+ {{- end }}
+ securityContext:
+{{ toYaml .Values.podSecurityContext | indent 8 }}
+ {{- if .Values.rbac.create }}
+ serviceAccountName: "{{ template "fullname" . }}"
+ {{- else if not (eq .Values.rbac.serviceAccountName "") }}
+ serviceAccountName: {{ .Values.rbac.serviceAccountName | quote }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 6 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- if or (eq .Values.antiAffinity "hard") (eq .Values.antiAffinity "soft") .Values.nodeAffinity }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName }}
+ {{- end }}
+ affinity:
+ {{- end }}
+ {{- if eq .Values.antiAffinity "hard" }}
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - "{{ template "fullname" .}}"
+ topologyKey: {{ .Values.antiAffinityTopologyKey }}
+ {{- else if eq .Values.antiAffinity "soft" }}
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: {{ .Values.antiAffinityTopologyKey }}
+ labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - "{{ template "fullname" . }}"
+ {{- end }}
+ {{- with .Values.nodeAffinity }}
+ nodeAffinity:
+{{ toYaml . | indent 10 }}
+ {{- end }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }}
+ volumes:
+ {{- range .Values.secretMounts }}
+ - name: {{ .name }}
+ secret:
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- if .Values.logstashConfig }}
+ - name: logstashconfig
+ configMap:
+ name: {{ template "fullname" . }}-config
+ {{- end }}
+ {{- if .Values.logstashPipeline }}
+ - name: logstashpipeline
+ configMap:
+ name: {{ template "fullname" . }}-pipeline
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+{{ tpl .Values.extraVolumes . | indent 8 }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ {{- if .Values.extraInitContainers }}
+ initContainers:
+{{ tpl .Values.extraInitContainers . | indent 6 }}
+ {{- end }}
+ containers:
+ - name: "{{ template "name" . }}"
+ securityContext:
+{{ toYaml .Values.securityContext | indent 10 }}
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+ livenessProbe:
+{{ toYaml .Values.livenessProbe | indent 10 }}
+ readinessProbe:
+{{ toYaml .Values.readinessProbe | indent 10 }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.httpPort }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ env:
+ - name: node.name
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: LS_JAVA_OPTS
+ value: "{{ .Values.logstashJavaOpts }}"
+{{- if .Values.extraEnvs }}
+{{ toYaml .Values.extraEnvs | indent 10 }}
+{{- end }}
+ volumeMounts:
+ {{- if .Values.persistence.enabled }}
+ - name: "{{ template "fullname" . }}"
+ mountPath: /usr/share/logstash/data
+ {{- end }}
+ {{- range .Values.secretMounts }}
+ - name: {{ .name }}
+ mountPath: {{ .path }}
+ {{- if .subPath }}
+ subPath: {{ .subPath }}
+ {{- end }}
+ {{- end }}
+ {{- range $path, $config := .Values.logstashConfig }}
+ - name: logstashconfig
+ mountPath: /usr/share/logstash/config/{{ $path }}
+ subPath: {{ $path }}
+ {{- end -}}
+ {{- range $path, $config := .Values.logstashPipeline }}
+ - name: logstashpipeline
+ mountPath: /usr/share/logstash/pipeline/{{ $path }}
+ subPath: {{ $path }}
+ {{- end -}}
+ {{- if .Values.extraVolumeMounts }}
+{{ tpl .Values.extraVolumeMounts . | indent 10 }}
+ {{- end }}
diff --git a/logstash/values.yaml b/logstash/values.yaml
new file mode 100755
index 000000000..c71c84a51
--- /dev/null
+++ b/logstash/values.yaml
@@ -0,0 +1,219 @@
+---
+replicas: 1
+
+# Allows you to add any config files in /usr/share/logstash/config/
+# such as logstash.yml and log4j2.properties
+logstashConfig: {}
+# logstash.yml: |
+# key:
+# nestedkey: value
+# log4j2.properties: |
+# key = value
+
+# Allows you to add any pipeline files in /usr/share/logstash/pipeline/
+logstashPipeline: {}
+# ls.conf: |
+# input {
+# exec {
+# command => "uptime"
+# interval => 30
+# }
+# }
+# output { stdout { } }
+
+# Extra environment variables to append to this nodeGroup
+# This will be appended to the current 'env:' key. You can use any of the kubernetes env
+# syntax here
+extraEnvs: []
+# - name: MY_ENVIRONMENT_VAR
+# value: the_value_goes_here
+
+# A list of secrets and their paths to mount inside the pod
+secretMounts: []
+
+image: "docker.elastic.co/logstash/logstash"
+imageTag: "7.4.0"
+imagePullPolicy: "IfNotPresent"
+imagePullSecrets: []
+
+podAnnotations: {}
+
+# additionals labels
+labels: {}
+
+logstashJavaOpts: "-Xmx1g -Xms1g"
+
+resources:
+ requests:
+ cpu: "100m"
+ memory: "2Gi"
+ limits:
+ cpu: "1000m"
+ memory: "2Gi"
+
+initResources: {}
+ # limits:
+ # cpu: "25m"
+ # # memory: "128Mi"
+ # requests:
+ # cpu: "25m"
+ # memory: "128Mi"
+
+sidecarResources: {}
+ # limits:
+ # cpu: "25m"
+ # # memory: "128Mi"
+ # requests:
+ # cpu: "25m"
+ # memory: "128Mi"
+
+volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ resources:
+ requests:
+ storage: 1Gi
+
+rbac:
+ create: false
+ serviceAccountName: ""
+
+podSecurityPolicy:
+ create: false
+ name: ""
+ spec:
+ privileged: true
+ fsGroup:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ volumes:
+ - secret
+ - configMap
+ - persistentVolumeClaim
+
+persistence:
+ enabled: true
+ annotations: {}
+
+extraVolumes: ""
+ # - name: extras
+ # emptyDir: {}
+
+extraVolumeMounts: ""
+ # - name: extras
+ # mountPath: /usr/share/extras
+ # readOnly: true
+
+extraInitContainers: ""
+ # - name: do-something
+ # image: busybox
+ # command: ['do', 'something']
+
+# This is the PriorityClass settings as defined in
+# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
+priorityClassName: ""
+
+# By default this will make sure two pods don't end up on the same node
+# Changing this to a region would allow you to spread pods across regions
+antiAffinityTopologyKey: "kubernetes.io/hostname"
+
+# Hard means that by default pods will only be scheduled if there are enough nodes for them
+# and that they will never end up on the same node. Setting this to soft will do this "best effort"
+antiAffinity: "hard"
+
+# This is the node affinity settings as defined in
+# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
+nodeAffinity: {}
+
+# The default is to deploy all pods serially. By setting this to parallel all pods are started at
+# the same time when bootstrapping the cluster
+podManagementPolicy: "Parallel"
+
+protocol: http
+httpPort: 9600
+
+service:
+ type: ClusterIP
+ port: 9600
+ nodePort:
+ annotations: {}
+
+updateStrategy: RollingUpdate
+
+# This is the max unavailable setting for the pod disruption budget
+# The default value of 1 will make sure that kubernetes won't allow more than 1
+# of your pods to be unavailable during maintenance
+maxUnavailable: 1
+
+podSecurityContext:
+ fsGroup: 1000
+ runAsUser: 1000
+
+securityContext:
+ capabilities:
+ drop:
+ - ALL
+ # readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+
+# How long to wait for logstash to stop gracefully
+terminationGracePeriod: 120
+
+livenessProbe:
+ httpGet:
+ path: /
+ port: http
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 3
+ successThreshold: 1
+
+readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 3
+ successThreshold: 3
+
+## Use an alternate scheduler.
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+schedulerName: ""
+
+nodeSelector: {}
+tolerations: []
+
+# Enabling this will publically expose your Logstash instance.
+# Only enable this if you have security enabled on your cluster
+ingress:
+ enabled: false
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ path: /
+ hosts:
+ - chart-example.local
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+nameOverride: ""
+fullnameOverride: ""
+
+lifecycle: {}
+ # preStop:
+ # exec:
+ # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
+ # postStart:
+ # exec:
+ # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]