Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

[metricbeat] using https to connect to elasticsearch #1628

Merged
merged 48 commits into from
Mar 23, 2022
Merged

[metricbeat] using https to connect to elasticsearch #1628

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
3219977
Adding support to Ingress networking.k8s.io/v1
framsouza Oct 11, 2021
ca298fd
Adjusting ES service name
framsouza Oct 11, 2021
1caaa02
Removing ingress typo & adjusting python test
framsouza Oct 11, 2021
4b2b7bf
Adjusting python tests to use the new ingress version
framsouza Oct 11, 2021
2611e28
fixing conflict
framsouza Oct 12, 2021
3843441
fixing conflict
framsouza Oct 12, 2021
1391790
Merge branch 'elastic-master'
framsouza Oct 12, 2021
af7de17
Adding support to kubernetes ingress v1 & ClassName
framsouza Oct 12, 2021
10ee16d
Adding reformatted files
framsouza Oct 12, 2021
6407ff9
Merge branch 'elastic:master' into master
framsouza Oct 12, 2021
aefb05e
fixing conflict
framsouza Oct 12, 2021
eb96b28
Adding ClassName & Pathtype on ingress settings
framsouza Oct 13, 2021
027448f
Merge branch 'elastic:master' into master
framsouza Oct 13, 2021
a6be99c
Performing syntax adjustments and removing comments
framsouza Oct 13, 2021
795095a
Merge branch 'elastic:main' into main
framsouza Oct 14, 2021
851231c
Merge branch 'elastic:main' into main
framsouza Nov 5, 2021
bdd089b
Merge branch 'elastic:main' into main
framsouza Dec 13, 2021
2ec90eb
Merge branch 'elastic:main' into main
framsouza Dec 16, 2021
5134bfa
Merge branch 'elastic:main' into main
framsouza Dec 21, 2021
3178450
Merge branch 'main' of github.com:elastic/helm-charts into main
framsouza Dec 21, 2021
ab7da71
Merge branch 'elastic:main' into main
framsouza Jan 5, 2022
e91e90e
Merge branch 'main' of github.com:elastic/helm-charts into main
framsouza Jan 5, 2022
e3754d0
Merge branch 'elastic:main' into main
framsouza Jan 6, 2022
15cfb6b
Merge branch 'main' of github.com:elastic/helm-charts into main
framsouza Jan 6, 2022
06dcbbd
Merge branch 'elastic:main' into main
framsouza Jan 17, 2022
c6720a5
Merge branch 'main' of github.com:elastic/helm-charts into main
framsouza Jan 17, 2022
bb75c11
Merge branch 'elastic:main' into main
framsouza Feb 8, 2022
2c82de1
Merge branch 'main' of github.com:framsouza/helm-charts into main
framsouza Feb 8, 2022
b129f1f
Merge branch 'elastic:main' into main
framsouza Feb 8, 2022
414d047
Merge branch 'main' of github.com:framsouza/helm-charts into main
framsouza Feb 8, 2022
4cf4a52
Merge branch 'main' of github.com:elastic/helm-charts into main
framsouza Feb 24, 2022
77a2a90
Merge branch 'main' of github.com:elastic/helm-charts into main
framsouza Mar 15, 2022
6a9c7bd
Merge branch 'main' of github.com:elastic/helm-charts into main
framsouza Mar 17, 2022
0235efb
Merge branch 'main' of github.com:elastic/helm-charts into main
framsouza Mar 18, 2022
c8fd65c
Merge branch 'main' of github.com:elastic/helm-charts into main
framsouza Mar 21, 2022
c178fe0
Merge branch 'main' of github.com:elastic/helm-charts into main
framsouza Mar 21, 2022
71eb9ae
Adjusting settings to connect into elasticsearch via https
framsouza Mar 21, 2022
5334221
fixing default and oss tests
framsouza Mar 22, 2022
434c80a
removing body
framsouza Mar 22, 2022
f48f7b9
adjusting metrics tests to use https
framsouza Mar 22, 2022
df87e4b
removing body from metrics test
framsouza Mar 22, 2022
037493f
adjusting upgrade to connect via https
framsouza Mar 22, 2022
002cc91
adjusting secret name
framsouza Mar 23, 2022
563302b
changing secret name
framsouza Mar 23, 2022
9e7893f
fixing upgraded test to use https
framsouza Mar 23, 2022
d0a728f
fix some typo
jmlrt Mar 23, 2022
37aae2e
fix-tests
jmlrt Mar 23, 2022
0475748
some last fixes
jmlrt Mar 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 6 additions & 8 deletions metricbeat/examples/default/test/goss-metrics.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,31 +17,29 @@ user:
gid: 1000

http:
http://elasticsearch-master:9200/_cat/indices:
https://elasticsearch-master:9200/_cat/indices:
allow-insecure: true
status: 200
timeout: 2000
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"
body:
- "metricbeat-8.1.0"

? "http://elasticsearch-master:9200/_search?q=metricset.name:state_container%20AND%20kubernetes.container.name:metricbeat"
: status: 200
https://elasticsearch-master:9200/_search?q=metricset.name:state_deployment:
status: 200
allow-insecure: true
timeout: 2000
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"
body:
- "metricbeat-8.1.0"

file:
/usr/share/metricbeat/metricbeat.yml:
exists: true
contains:
- "output.elasticsearch"
- "elasticsearch-master:9200"

command:
cd /usr/share/metricbeat && metricbeat test output:
exit-status: 0
stdout:
- "elasticsearch: http://elasticsearch-master:9200"
- "elasticsearch: https://elasticsearch-master:9200"
14 changes: 8 additions & 6 deletions metricbeat/examples/default/test/goss.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,20 +21,22 @@ user:
gid: 1000

http:
http://elasticsearch-master:9200/_cat/indices:
https://elasticsearch-master:9200/_cat/indices:
allow-insecure: true
status: 200
timeout: 2000
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"
body:
- "metricbeat-8.1.0"
? "http://elasticsearch-master:9200/_search?q=metricset.name:container%20AND%20kubernetes.container.name:metricbeat"
: status: 200
https://elasticsearch-master:9200/_search?q=metricset.name:container:
status: 200
timeout: 2000
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"
body:
- "metricbeat-8.1.0"
allow-insecure: true
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"

file:
/usr/share/metricbeat/metricbeat.yml:
Expand All @@ -48,4 +50,4 @@ command:
cd /usr/share/metricbeat && metricbeat test output:
exit-status: 0
stdout:
- "elasticsearch: http://elasticsearch-master:9200"
- "elasticsearch: https://elasticsearch-master:9200"
10 changes: 5 additions & 5 deletions metricbeat/examples/oss/test/goss-metrics.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,20 +17,20 @@ user:
gid: 1000

http:
http://elasticsearch-master:9200/_cat/indices:
https://elasticsearch-master:9200/_cat/indices:
status: 200
allow-insecure: true
timeout: 2000
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"
body:
- "metricbeat-oss-8.1.0"
http://elasticsearch-master:9200/_search?q=metricset.name:state_deployment:
https://elasticsearch-master:9200/_search?q=metricset.name:state_deployment:
allow-insecure: true
status: 200
timeout: 2000
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"
body:
- "metricbeat-oss-8.1.0"

file:
/usr/share/metricbeat/metricbeat.yml:
Expand All @@ -42,4 +42,4 @@ command:
cd /usr/share/metricbeat && metricbeat test output:
exit-status: 0
stdout:
- "elasticsearch: http://elasticsearch-master:9200"
- "elasticsearch: https://elasticsearch-master:9200"
5 changes: 3 additions & 2 deletions metricbeat/examples/oss/test/goss.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,9 @@ user:
gid: 1000

http:
http://elasticsearch-master:9200/_cat/indices:
https://elasticsearch-master:9200/_cat/indices:
status: 200
allow-insecure: true
timeout: 2000
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"
Expand All @@ -40,4 +41,4 @@ command:
cd /usr/share/metricbeat && metricbeat test output:
exit-status: 0
stdout:
- "elasticsearch: http://elasticsearch-master:9200"
- "elasticsearch: https://elasticsearch-master:9200"
14 changes: 14 additions & 0 deletions metricbeat/examples/oss/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,16 @@ daemonset:
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
index: "metricbeat-oss-%{[agent.version]}-%{+yyyy.MM.dd}"
protocol: https
ssl.certificate_authorities:
- /usr/share/metricbeat/config/certs/ca.crt
setup.ilm.enabled: false
setup.template.name: "metricbeat"
setup.template.pattern: "metricbeat-oss-*"
secretMounts:
- name: elasticsearch-master-certs
secretName: elasticsearch-master-certs
path: /usr/share/metricbeat/config/certs

deployment:
metricbeatConfig:
Expand All @@ -75,6 +82,13 @@ deployment:
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
index: "metricbeat-oss-%{[agent.version]}-%{+yyyy.MM.dd}"
protocol: https
ssl.certificate_authorities:
- /usr/share/metricbeat/config/certs/ca.crt
setup.ilm.enabled: false
setup.template.name: "metricbeat"
setup.template.pattern: "metricbeat-oss-*"
secretMounts:
- name: elasticsearch-master-certs
secretName: elasticsearch-master-certs
path: /usr/share/metricbeat/config/certs
19 changes: 11 additions & 8 deletions metricbeat/examples/upgrade/test/goss-metrics.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,20 @@ user:
gid: 1000

http:
http://upgrade-master:9200/_cat/indices:
https://upgrade-master:9200/_cat/indices:
allow-insecure: true
status: 200
timeout: 2000
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"
body:
- "metricbeat-7.10.0"

? "http://upgrade-master:9200/_search?q=metricset.name:state_container%20AND%20kubernetes.container.name:metricbeat"
: status: 200
- "metricbeat-8.1.0"
https://upgrade-master:9200/_search?q=metricset.name:state_container%20AND%20kubernetes.container.name:metricbeat:
status: 200
timeout: 2000
body:
- "metricbeat-7.10.0"
allow-insecure: true
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"

file:
/usr/share/metricbeat/metricbeat.yml:
Expand All @@ -39,4 +42,4 @@ command:
cd /usr/share/metricbeat && metricbeat test output:
exit-status: 0
stdout:
- "elasticsearch: http://upgrade-master:9200"
- "elasticsearch: https://upgrade-master:9200"
16 changes: 10 additions & 6 deletions metricbeat/examples/upgrade/test/goss.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,20 @@ user:
gid: 1000

http:
http://upgrade-master:9200/_cat/indices:
https://upgrade-master:9200/_cat/indices:
allow-insecure: true
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"
status: 200
timeout: 2000
body:
- "metricbeat-8.1.0"
? "http://upgrade-master:9200/_search?q=metricset.name:container%20AND%20kubernetes.container.name:metricbeat"
: status: 200
https://upgrade-master:9200/_search?q=metricset.name:container%20AND%20kubernetes.container.name:metricbeat:
allow-insecure: true
username: "{{ .Env.ELASTICSEARCH_USERNAME }}"
password: "{{ .Env.ELASTICSEARCH_PASSWORD }}"
status: 200
timeout: 2000
body:
- "metricbeat-8.1.0"

file:
/usr/share/metricbeat/metricbeat.yml:
Expand All @@ -43,4 +47,4 @@ command:
cd /usr/share/metricbeat && metricbeat test output:
exit-status: 0
stdout:
- "elasticsearch: http://upgrade-master:9200"
- "elasticsearch: https://upgrade-master:9200"
120 changes: 106 additions & 14 deletions metricbeat/examples/upgrade/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,106 @@
---
extraEnvs:
- name: ELASTICSEARCH_HOSTS
value: upgrade-master:9200
- name: "ELASTICSEARCH_USERNAME"
valueFrom:
secretKeyRef:
name: upgrade-master-credentials
key: username
- name: "ELASTICSEARCH_PASSWORD"
valueFrom:
secretKeyRef:
name: upgrade-master-credentials
key: password
daemonset:
extraEnvs:
- name: "ELASTICSEARCH_USERNAME"
valueFrom:
secretKeyRef:
name: upgrade-master-credentials
key: username
- name: "ELASTICSEARCH_PASSWORD"
valueFrom:
secretKeyRef:
name: upgrade-master-credentials
key: password
metricbeatConfig:
metricbeat.yml: |
metricbeat.modules:
- module: kubernetes
metricsets:
- container
- node
- pod
- system
- volume
period: 10s
host: "${NODE_NAME}"
hosts: ["https://${NODE_NAME}:10250"]
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
ssl.verification_mode: "none"
# If using Red Hat OpenShift remove ssl.verification_mode entry and
# uncomment these settings:
#ssl.certificate_authorities:
#- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
processors:
- add_kubernetes_metadata: ~
- module: kubernetes
enabled: true
metricsets:
- event
- module: system
period: 10s
metricsets:
- cpu
- load
- memory
- network
- process
- process_summary
processes: ['.*']
process.include_top_n:
by_cpu: 5
by_memory: 5
- module: system
period: 1m
metricsets:
- filesystem
- fsstat
processors:
- drop_event.when.regexp:
system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'
output.elasticsearch:
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
protocol: https
hosts: ["https://upgrade-master:9200"]
ssl.certificate_authorities:
- /usr/share/metricbeat/certs/ca.crt
secretMounts:
- name: upgrade-master-certs
secretName: upgrade-master-certs
path: /usr/share/metricbeat/certs

deployment:
extraEnvs:
- name: "ELASTICSEARCH_USERNAME"
valueFrom:
secretKeyRef:
name: upgrade-master-credentials
key: username
- name: "ELASTICSEARCH_PASSWORD"
valueFrom:
secretKeyRef:
name: upgrade-master-credentials
key: password
metricbeatConfig:
metricbeat.yml: |
metricbeat.modules:
- module: kubernetes
enabled: true
metricsets:
- state_node
- state_deployment
- state_replicaset
- state_pod
- state_container
period: 10s
hosts: ["${KUBE_STATE_METRICS_HOSTS}"]
output.elasticsearch:
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
protocol: https
hosts: ["https://upgrade-master:9200"]
ssl.certificate_authorities:
- /usr/share/metricbeat/certs/ca.crt
secretMounts:
- name: upgrade-master-certs
secretName: upgrade-master-certs
path: /usr/share/metricbeat/certs
18 changes: 14 additions & 4 deletions metricbeat/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,13 +86,18 @@ daemonset:
- drop_event.when.regexp:
system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'
output.elasticsearch:
hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}'
hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]'
ssl.enabled: true
ssl.certificate_authorities: ["/usr/share/metricbeat/certs/ca.crt"]
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
nodeSelector: {}
# A list of secrets and their paths to mount inside the pod
# This is useful for mounting certificates for security other sensitive values
secretMounts: []
secretMounts:
- name: elasticsearch-master-certs
secretName: elasticsearch-master-certs
path: /usr/share/metricbeat/certs/
# - name: metricbeat-certificates
# secretName: metricbeat-certificates
# path: /usr/share/metricbeat/certs
Expand Down Expand Up @@ -165,13 +170,18 @@ deployment:
period: 10s
hosts: ["${KUBE_STATE_METRICS_HOSTS}"]
output.elasticsearch:
hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}'
hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]'
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
ssl.enabled: true
ssl.certificate_authorities: ["/usr/share/metricbeat/certs/ca.crt"]
nodeSelector: {}
# A list of secrets and their paths to mount inside the pod
# This is useful for mounting certificates for security other sensitive values
secretMounts: []
secretMounts:
- name: elasticsearch-master-certs
secretName: elasticsearch-master-certs
path: /usr/share/metricbeat/certs/
# - name: metricbeat-certificates
# secretName: metricbeat-certificates
# path: /usr/share/metricbeat/certs
Expand Down