From ed1fbf60036c810028f573fd81da6fd7c08c7ecb Mon Sep 17 00:00:00 2001 From: John Torakis Date: Thu, 24 Sep 2020 12:53:55 +0300 Subject: [PATCH 01/10] Support for Deployment Kubernetes resource This commit indtroduces the feature of deploying a Kubernetes deployment instead of a Daemonset using Filebeat, using a `values.yaml` syntax as below: `values.yaml` --- ```yaml [...] deploymentType: [daemonset|deployment] [...] ``` Specifically, this is used for creation of Filebeat instances not bound to each Worker, conducting non-Worker-related work, such as collection of AWS CloudTrail logs as described in [1]. [1]:https://github.com/elastic/helm-charts/issues/821 --- filebeat/README.md | 2 + filebeat/templates/daemonset.yaml | 2 + filebeat/templates/deployment.yaml | 172 +++++++++++++++++++++++++++++ filebeat/values.yaml | 3 + 4 files changed, 179 insertions(+) create mode 100644 filebeat/templates/deployment.yaml diff --git a/filebeat/README.md b/filebeat/README.md index dea1c5b9d..fe9155e1d 100644 --- a/filebeat/README.md +++ b/filebeat/README.md @@ -105,6 +105,8 @@ as a reference. They are also used in the automated testing of this chart. | `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | | `imageTag` | The Filebeat Docker image tag | `8.0.0-SNAPSHOT` | | `image` | The Filebeat Docker image | `docker.elastic.co/beats/filebeat` | +| `deploymentType` | Whether Filebeat will be deployed as `DaemonSet` running on all Worker nodes (default) or `Deployment` | `daemonset` | + | `labels` | Configurable [labels][] applied to all Filebeat pods | `{}` | | `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | | `managedServiceAccount` | Whether the `serviceAccount` should be managed by this Helm chart. Set this to `false` in order to manage your own service account and related roles | `true` | diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml index dbd446748..753943087 100644 --- a/filebeat/templates/daemonset.yaml +++ b/filebeat/templates/daemonset.yaml @@ -1,4 +1,5 @@ --- +{{- if eq (printf "%s" (.Values.deploymentType | lower | default "daemonset")) "daemonset" }} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -169,3 +170,4 @@ spec: {{- if .Values.extraContainers }} {{ tpl .Values.extraContainers . | indent 6 }} {{- end }} +{{- end }} diff --git a/filebeat/templates/deployment.yaml b/filebeat/templates/deployment.yaml new file mode 100644 index 000000000..6439ad0f2 --- /dev/null +++ b/filebeat/templates/deployment.yaml @@ -0,0 +1,172 @@ +--- +{{- if eq (printf "%s" .Values.deploymentType | lower) "deployment" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "filebeat.fullname" . }} + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + selector: + matchLabels: + app: "{{ template "filebeat.fullname" . }}" + release: {{ .Release.Name | quote }} + template: + metadata: + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{/* This forces a restart if the configmap has changed */}} + {{- if .Values.filebeatConfig }} + configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} + {{- end }} + name: "{{ template "filebeat.fullname" . }}" + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- with .Values.tolerations }} + tolerations: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.affinity }} + affinity: {{ toYaml . | nindent 8 -}} + {{- end }} + serviceAccountName: {{ template "filebeat.serviceAccount" . }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- if .Values.hostNetworking }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + {{- end }} + volumes: + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- if .Values.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-config + {{- end }} + - name: data + hostPath: + path: {{ .Values.hostPathRoot }}/{{ template "filebeat.fullname" . }}-{{ .Release.Namespace }}-data + type: DirectoryOrCreate + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + - name: varlog + hostPath: + path: /var/log + - name: varrundockersock + hostPath: + path: /var/run/docker.sock + {{- if .Values.extraVolumes }} +{{ toYaml .Values.extraVolumes | indent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.extraInitContainers }} + initContainers: + # All the other beats accept a string here while + # filebeat accepts a valid yaml array. We're keeping + # this as a backwards compatible change, while adding + # also a way to pass a string as other templates to + # make these implementations consistent. + # https://github.com/elastic/helm-charts/issues/490 + {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} +{{ tpl .Values.extraInitContainers . | indent 8 }} + {{- else }} +{{ toYaml .Values.extraInitContainers | indent 8 }} + {{- end }} + {{- end }} + containers: + - name: "filebeat" + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + args: + - "-e" + - "-E" + - "http.enabled=true" + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.resources | indent 10 }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName +{{- if .Values.extraEnvs }} +{{ toYaml .Values.extraEnvs | indent 8 }} +{{- end }} +{{- if .Values.envFrom }} + envFrom: +{{ toYaml .Values.envFrom | indent 10 }} +{{- end }} +{{- if .Values.podSecurityContext }} + securityContext: +{{ toYaml .Values.podSecurityContext | indent 10 }} +{{- end }} + volumeMounts: + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range $path, $config := .Values.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{- end }} + - name: data + mountPath: /usr/share/filebeat/data + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + - name: varlog + mountPath: /var/log + readOnly: true + # Necessary when using autodiscovery; avoid mounting it otherwise + # See: https://www.elastic.co/guide/en/beats/filebeat/master/configuration-autodiscover.html + - name: varrundockersock + mountPath: /var/run/docker.sock + readOnly: true + {{- if .Values.extraVolumeMounts }} +{{ toYaml .Values.extraVolumeMounts | indent 8 }} + {{- end }} + {{- if .Values.extraContainers }} +{{ tpl .Values.extraContainers . | indent 6 }} + {{- end }} + +{{- end }} diff --git a/filebeat/values.yaml b/filebeat/values.yaml index e8c4ce22d..d7c5c3b4d 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -56,6 +56,9 @@ imageTag: "8.0.0-SNAPSHOT" imagePullPolicy: "IfNotPresent" imagePullSecrets: [] +# Choice between DaemonSet (default) and Deployment +deploymentType: daemonset + livenessProbe: exec: command: From 2e1a6d62d4a648ddf8fea62774ce02e1695ae7bf Mon Sep 17 00:00:00 2001 From: John Torakis Date: Thu, 24 Sep 2020 13:18:24 +0300 Subject: [PATCH 02/10] Tests on 'deploymentType' YAML directive This commit adds a default value test for `deploymentType`. Additionally, * `test_deployment_type_deployment` Checks if a `Deployment` is created but NOT a `DaemonSet` * `test_deployment_type_daemonset` Checks if a `DaemonSet` is created but NOT a `Deployment` * `test_deployment_type_case_insensitive` Checks if `deploymentType` value is accepted in a case-insensitive way. --- filebeat/tests/filebeat_test.py | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/filebeat/tests/filebeat_test.py b/filebeat/tests/filebeat_test.py index 7c8dc0ad0..1c798430f 100644 --- a/filebeat/tests/filebeat_test.py +++ b/filebeat/tests/filebeat_test.py @@ -20,6 +20,8 @@ def test_defaults(): assert c["name"] == project assert c["image"].startswith("docker.elastic.co/beats/" + project + ":") + assert c["deploymentType"] == "daemonset" + assert c["env"][0]["name"] == "POD_NAMESPACE" assert c["env"][0]["valueFrom"]["fieldRef"]["fieldPath"] == "metadata.namespace" @@ -400,3 +402,33 @@ def test_setting_fullnameOverride(): "type": "DirectoryOrCreate", }, } in volumes + + +def test_deployment_type_deployment(): + config = """ +deploymentType: 'deployment' +""" + r = helm_template(config) + + assert "daemonset" not in r + assert r["deployment"] + + +def test_deployment_type_daemonset(): + config = """ +deploymentType: 'daemonset' +""" + r = helm_template(config) + + assert "deployment" not in r + assert r["daemonset"] + + +def test_deployment_type_case_insensitive(): + config = """ +deploymentType: 'DePloYmEnT' +""" + r = helm_template(config) + + assert "daemonset" not in r + assert r["deployment"] From 959abbffe8308b00df5f82820e2b82a3b164f81b Mon Sep 17 00:00:00 2001 From: John Torakis Date: Wed, 21 Oct 2020 13:51:59 +0300 Subject: [PATCH 03/10] Similar to Metricbeat Templating This commit uses the MetricBeat Helm chart to create a Daemonset/Deployment Helm chart for Filebeat. Uses the ```yaml daemonset: [...] deployment: [...] ``` structure falling back to root key defaults. --- filebeat/templates/configmap.yaml | 36 ++++++ filebeat/templates/daemonset.yaml | 47 +++---- filebeat/templates/deployment.yaml | 132 +++++++------------ filebeat/tests/filebeat_test.py | 32 ----- filebeat/values.yaml | 201 +++++++++++++++++++---------- 5 files changed, 238 insertions(+), 210 deletions(-) diff --git a/filebeat/templates/configmap.yaml b/filebeat/templates/configmap.yaml index 32df8d87c..008de825b 100644 --- a/filebeat/templates/configmap.yaml +++ b/filebeat/templates/configmap.yaml @@ -15,3 +15,39 @@ data: {{ $config | indent 4 -}} {{- end -}} {{- end -}} + +{{- if .Values.daemonset.filebeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "filebeat.fullname" . }}-daemonset-config + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.daemonset.filebeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} + +{{- if .Values.deployment.filebeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "filebeat.fullname" . }}-deployment-config + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.deployment.filebeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml index 753943087..05cd57c51 100644 --- a/filebeat/templates/daemonset.yaml +++ b/filebeat/templates/daemonset.yaml @@ -1,5 +1,5 @@ +{{- if .Values.daemonset.enabled }} --- -{{- if eq (printf "%s" (.Values.deploymentType | lower | default "daemonset")) "daemonset" }} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -39,18 +39,14 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{- with .Values.tolerations }} - tolerations: {{ toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} + {{- with ( .Values.tolerations | default .Values.daemonset.tolerations ) }} + tolerations: {{ toYaml . | nindent 8 }} {{- end }} + nodeSelector: {{ toYaml ( .Values.nodeSelector | default .Values.daemonset.nodeSelector ) | nindent 8 }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} - {{- with .Values.affinity }} - affinity: {{ toYaml . | nindent 8 -}} - {{- end }} + affinity: {{ toYaml ( .Values.affinity | default .Values.daemonset.affinity ) | nindent 8 }} serviceAccountName: {{ template "filebeat.serviceAccount" . }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} {{- if .Values.hostNetworking }} @@ -58,7 +54,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet {{- end }} volumes: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} - name: {{ .name }} secret: secretName: {{ .secretName }} @@ -68,6 +64,11 @@ spec: configMap: defaultMode: 0600 name: {{ template "filebeat.fullname" . }}-config + {{- else if .Values.daemonset.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-daemonset-config {{- end }} - name: data hostPath: @@ -82,8 +83,8 @@ spec: - name: varrundockersock hostPath: path: /var/run/docker.sock - {{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6 }} + {{- if .Values.extraVolumes | default .Values.daemonset.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.daemonset.extraVolumes ) | indent 6 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -116,7 +117,7 @@ spec: readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} resources: -{{ toYaml .Values.resources | indent 10 }} +{{ toYaml ( .Values.resources | default .Values.daemonset.resources ) | indent 10 }} env: - name: POD_NAMESPACE valueFrom: @@ -126,19 +127,13 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName -{{- if .Values.extraEnvs }} -{{ toYaml .Values.extraEnvs | indent 8 }} -{{- end }} -{{- if .Values.envFrom }} - envFrom: -{{ toYaml .Values.envFrom | indent 10 }} -{{- end }} -{{- if .Values.podSecurityContext }} - securityContext: -{{ toYaml .Values.podSecurityContext | indent 10 }} +{{- if .Values.extraEnvs | default .Values.daemonset.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.daemonset.extraEnvs ) | indent 8 }} {{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.daemonset.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.daemonset.securityContext ) | nindent 10 }} volumeMounts: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} - name: {{ .name }} mountPath: {{ .path }} {{- if .subPath }} @@ -164,8 +159,8 @@ spec: - name: varrundockersock mountPath: /var/run/docker.sock readOnly: true - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} + {{- if .Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts }} +{{ toYaml (.Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts ) | indent 8 }} {{- end }} {{- if .Values.extraContainers }} {{ tpl .Values.extraContainers . | indent 6 }} diff --git a/filebeat/templates/deployment.yaml b/filebeat/templates/deployment.yaml index 6439ad0f2..08c218250 100644 --- a/filebeat/templates/deployment.yaml +++ b/filebeat/templates/deployment.yaml @@ -1,22 +1,28 @@ +# Deploy singleton instance in the whole cluster for some unique data sources, like aws input +{{- if .Values.deployment.enabled }} --- -{{- if eq (printf "%s" .Values.deploymentType | lower) "deployment" }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "filebeat.fullname" . }} + name: '{{ template "filebeat.fullname" . }}' labels: - app: "{{ template "filebeat.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - {{- range $key, $value := .Values.labels }} + app: '{{ template "filebeat.fullname" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version }}' + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + {{- if .Values.deployment.annotations}} + annotations: + {{- range $key, $value := .Values.deployment.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- end }} spec: + replicas: {{ .Values.replicas }} selector: matchLabels: - app: "{{ template "filebeat.fullname" . }}" - release: {{ .Release.Name | quote }} + app: '{{ template "filebeat.fullname" . }}' + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' template: metadata: annotations: @@ -24,39 +30,28 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} {{/* This forces a restart if the configmap has changed */}} - {{- if .Values.filebeatConfig }} + {{- if or .Values.filebeatConfig .Values.deployment.filebeatConfig }} configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} {{- end }} - name: "{{ template "filebeat.fullname" . }}" labels: - app: "{{ template "filebeat.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} + app: '{{ template "filebeat.fullname" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version }}' + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' {{- range $key, $value := .Values.labels }} {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{- with .Values.tolerations }} - tolerations: {{ toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} + affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }} + nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} + tolerations: {{ toYaml ( .Values.tolerations | default .Values.deployment.tolerations ) | nindent 8 }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} - {{- with .Values.affinity }} - affinity: {{ toYaml . | nindent 8 -}} - {{- end }} serviceAccountName: {{ template "filebeat.serviceAccount" . }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - {{- if .Values.hostNetworking }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - {{- end }} volumes: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} - name: {{ .name }} secret: secretName: {{ .secretName }} @@ -66,22 +61,14 @@ spec: configMap: defaultMode: 0600 name: {{ template "filebeat.fullname" . }}-config + {{- else if .Values.deployment.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-deployment-config {{- end }} - - name: data - hostPath: - path: {{ .Values.hostPathRoot }}/{{ template "filebeat.fullname" . }}-{{ .Release.Namespace }}-data - type: DirectoryOrCreate - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: varlog - hostPath: - path: /var/log - - name: varrundockersock - hostPath: - path: /var/run/docker.sock - {{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6 }} + {{- if .Values.extraVolumes | default .Values.deployment.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.deployment.extraVolumes ) | indent 6 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -96,9 +83,9 @@ spec: # make these implementations consistent. # https://github.com/elastic/helm-charts/issues/490 {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} -{{ tpl .Values.extraInitContainers . | indent 8 }} +{{ tpl .Values.extraInitContainers . | indent 6 }} {{- else }} -{{ toYaml .Values.extraInitContainers | indent 8 }} +{{ toYaml .Values.extraInitContainers | indent 6 }} {{- end }} {{- end }} containers: @@ -106,37 +93,25 @@ spec: image: "{{ .Values.image }}:{{ .Values.imageTag }}" imagePullPolicy: "{{ .Values.imagePullPolicy }}" args: - - "-e" - - "-E" - - "http.enabled=true" + - "-e" + - "-E" livenessProbe: {{ toYaml .Values.livenessProbe | indent 10 }} readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} - resources: -{{ toYaml .Values.resources | indent 10 }} + resources: {{ toYaml ( .Values.resources | default .Values.deployment.resources ) | nindent 10 }} env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName -{{- if .Values.extraEnvs }} -{{ toYaml .Values.extraEnvs | indent 8 }} -{{- end }} -{{- if .Values.envFrom }} - envFrom: -{{ toYaml .Values.envFrom | indent 10 }} -{{- end }} -{{- if .Values.podSecurityContext }} - securityContext: -{{ toYaml .Values.podSecurityContext | indent 10 }} +{{- if .Values.extraEnvs | default .Values.deployment.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.deployment.extraEnvs ) | indent 8 }} {{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.deployment.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.deployment.securityContext ) | nindent 10 }} volumeMounts: - {{- range .Values.secretMounts }} + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} - name: {{ .name }} mountPath: {{ .path }} {{- if .subPath }} @@ -148,25 +123,18 @@ spec: mountPath: /usr/share/filebeat/{{ $path }} readOnly: true subPath: {{ $path }} - {{- end }} - - name: data - mountPath: /usr/share/filebeat/data - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - - name: varlog - mountPath: /var/log - readOnly: true - # Necessary when using autodiscovery; avoid mounting it otherwise - # See: https://www.elastic.co/guide/en/beats/filebeat/master/configuration-autodiscover.html - - name: varrundockersock - mountPath: /var/run/docker.sock + {{ else }} + {{- range $path, $config := .Values.deployment.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} readOnly: true - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} + subPath: {{ $path }} + {{- end }} + {{- end }} + {{- if .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts }} +{{ toYaml ( .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts ) | indent 8 }} {{- end }} {{- if .Values.extraContainers }} {{ tpl .Values.extraContainers . | indent 6 }} {{- end }} - {{- end }} diff --git a/filebeat/tests/filebeat_test.py b/filebeat/tests/filebeat_test.py index 1c798430f..7c8dc0ad0 100644 --- a/filebeat/tests/filebeat_test.py +++ b/filebeat/tests/filebeat_test.py @@ -20,8 +20,6 @@ def test_defaults(): assert c["name"] == project assert c["image"].startswith("docker.elastic.co/beats/" + project + ":") - assert c["deploymentType"] == "daemonset" - assert c["env"][0]["name"] == "POD_NAMESPACE" assert c["env"][0]["valueFrom"]["fieldRef"]["fieldPath"] == "metadata.namespace" @@ -402,33 +400,3 @@ def test_setting_fullnameOverride(): "type": "DirectoryOrCreate", }, } in volumes - - -def test_deployment_type_deployment(): - config = """ -deploymentType: 'deployment' -""" - r = helm_template(config) - - assert "daemonset" not in r - assert r["deployment"] - - -def test_deployment_type_daemonset(): - config = """ -deploymentType: 'daemonset' -""" - r = helm_template(config) - - assert "deployment" not in r - assert r["daemonset"] - - -def test_deployment_type_case_insensitive(): - config = """ -deploymentType: 'DePloYmEnT' -""" - r = helm_template(config) - - assert "daemonset" not in r - assert r["deployment"] diff --git a/filebeat/values.yaml b/filebeat/values.yaml index d7c5c3b4d..e6cd2f277 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -1,38 +1,121 @@ --- -# Allows you to add any config files in /usr/share/filebeat -# such as filebeat.yml -filebeatConfig: - filebeat.yml: | - filebeat.inputs: - - type: container - paths: - - /var/log/containers/*.log - processors: - - add_kubernetes_metadata: - host: ${NODE_NAME} - matchers: - - logs_path: - logs_path: "/var/log/containers/" - - output.elasticsearch: - host: '${NODE_NAME}' - hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' - -# Extra environment variables to append to the DaemonSet pod spec. -# This will be appended to the current 'env:' key. You can use any of the kubernetes env -# syntax here -extraEnvs: [] -# - name: MY_ENVIRONMENT_VAR -# value: the_value_goes_here - -extraVolumeMounts: [] +daemonset: + # Annotations to apply to the daemonset + annotations: {} + affinity: {} + # Include the daemonset + enabled: true + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + hostNetworking: false + # Allows you to add any config files in /usr/share/filebeat + # such as filebeat.yml for daemonset + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + # Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly. + # + # - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. + # - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. + podSecurityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + +deployment: + # Annotations to apply to the deployment + annotations: {} + affinity: {} + # Include the deployment + enabled: true + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + # Allows you to add any config files in /usr/share/filebeat + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] # - name: extras # mountPath: /usr/share/extras # readOnly: true - -extraVolumes: [] - # - name: extras - # emptyDir: {} + # such as filebeat.yml for deployment + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] extraContainers: "" # - name: dummy-init @@ -41,24 +124,15 @@ extraContainers: "" extraInitContainers: [] # - name: dummy-init -# image: busybox -# command: ['echo', 'hey'] - -envFrom: [] -# - configMapRef: -# name: configmap-name # Root directory where Filebeat will write data to in order to persist registry data across pod restarts (file position and other metadata). hostPathRoot: /var/lib -hostNetworking: false + image: "docker.elastic.co/beats/filebeat" imageTag: "8.0.0-SNAPSHOT" imagePullPolicy: "IfNotPresent" imagePullSecrets: [] -# Choice between DaemonSet (default) and Deployment -deploymentType: daemonset - livenessProbe: exec: command: @@ -85,59 +159,46 @@ readinessProbe: periodSeconds: 10 timeoutSeconds: 5 -# Whether this chart should self-manage its service account, role, and associated role binding. -managedServiceAccount: true - # additionals labels labels: {} +# Whether this chart should self-manage its service account, role, and associated role binding. +managedServiceAccount: true + podAnnotations: {} # iam.amazonaws.com/role: es-cluster -# Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly. -# -# - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. -# - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. -podSecurityContext: - runAsUser: 0 - privileged: false - -resources: - requests: - cpu: "100m" - memory: "100Mi" - limits: - cpu: "1000m" - memory: "200Mi" +# Custom service account override that the pod will use +serviceAccount: "" # Custom service account override that the pod will use serviceAccount: "" # Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set. serviceAccountAnnotations: {} + # eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount -# A list of secrets and their paths to mount inside the pod -# This is useful for mounting certificates for security other sensitive values -secretMounts: [] -# - name: filebeat-certificates -# secretName: filebeat-certificates -# path: /usr/share/filebeat/certs # How long to wait for Filebeat pods to stop gracefully terminationGracePeriod: 30 +# This is the PriorityClass settings as defined in +# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +priorityClassName: "" + +updateStrategy: RollingUpdate + +# Override various naming aspects of this chart +# Only edit these if you know what you're doing +nameOverride: "" +fullnameOverride: "" tolerations: [] -nodeSelector: {} affinity: {} -# This is the PriorityClass settings as defined in -# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -priorityClassName: "" -updateStrategy: RollingUpdate # Override various naming aspects of this chart # Only edit these if you know what you're doing From 481104eef7273f026708738d2f80451a7e74b87a Mon Sep 17 00:00:00 2001 From: John Torakis Date: Mon, 2 Nov 2020 12:29:57 +0200 Subject: [PATCH 04/10] Fix double value in `filebeat/values.yaml` The value: ```yaml serviceAccount: "" ``` was existing twice in the `filebeat/values.yaml` file. --- filebeat/values.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/filebeat/values.yaml b/filebeat/values.yaml index e6cd2f277..4c41a0296 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -171,15 +171,11 @@ podAnnotations: {} # Custom service account override that the pod will use serviceAccount: "" -# Custom service account override that the pod will use -serviceAccount: "" - # Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set. serviceAccountAnnotations: {} # eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount - # How long to wait for Filebeat pods to stop gracefully terminationGracePeriod: 30 # This is the PriorityClass settings as defined in @@ -198,8 +194,6 @@ tolerations: [] affinity: {} - - # Override various naming aspects of this chart # Only edit these if you know what you're doing nameOverride: "" From eaa12c66c6b805d8ff57b4832e890d08c39462da Mon Sep 17 00:00:00 2001 From: John Torakis Date: Mon, 2 Nov 2020 12:31:49 +0200 Subject: [PATCH 05/10] Fix missing parameter in Filebeat Deployment template --- filebeat/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/filebeat/templates/deployment.yaml b/filebeat/templates/deployment.yaml index 08c218250..cb0141fd7 100644 --- a/filebeat/templates/deployment.yaml +++ b/filebeat/templates/deployment.yaml @@ -95,6 +95,7 @@ spec: args: - "-e" - "-E" + - "http.enabled=true" livenessProbe: {{ toYaml .Values.livenessProbe | indent 10 }} readinessProbe: From fe60db0a9434323d053d06592386a5a940a5a490 Mon Sep 17 00:00:00 2001 From: John Torakis Date: Thu, 19 Nov 2020 14:49:54 +0000 Subject: [PATCH 06/10] Update filebeat/templates/configmap.yaml Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- filebeat/templates/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/templates/configmap.yaml b/filebeat/templates/configmap.yaml index 008de825b..6d7f34092 100644 --- a/filebeat/templates/configmap.yaml +++ b/filebeat/templates/configmap.yaml @@ -16,7 +16,7 @@ data: {{- end -}} {{- end -}} -{{- if .Values.daemonset.filebeatConfig }} +{{- if and .Values.daemonset.enabled .Values.daemonset.filebeatConfig }} --- apiVersion: v1 kind: ConfigMap From f4f07347647457c53c037c8e9990fb75bcafbf0c Mon Sep 17 00:00:00 2001 From: John Torakis Date: Thu, 19 Nov 2020 14:50:17 +0000 Subject: [PATCH 07/10] Update filebeat/templates/configmap.yaml Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- filebeat/templates/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/templates/configmap.yaml b/filebeat/templates/configmap.yaml index 6d7f34092..559abe1ed 100644 --- a/filebeat/templates/configmap.yaml +++ b/filebeat/templates/configmap.yaml @@ -34,7 +34,7 @@ data: {{- end -}} {{- end -}} -{{- if .Values.deployment.filebeatConfig }} +{{- if and .Values.deployment.enabled .Values.deployment.filebeatConfig }} --- apiVersion: v1 kind: ConfigMap From 8e3a2a530a94963033b2c9a98632ce3ef27653cb Mon Sep 17 00:00:00 2001 From: John Torakis Date: Tue, 24 Nov 2020 08:51:14 +0000 Subject: [PATCH 08/10] Update filebeat/templates/daemonset.yaml Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- filebeat/templates/daemonset.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml index bd1b58432..4c4fd9efc 100644 --- a/filebeat/templates/daemonset.yaml +++ b/filebeat/templates/daemonset.yaml @@ -39,9 +39,7 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} spec: - {{- with ( .Values.tolerations | default .Values.daemonset.tolerations ) }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} + tolerations: {{ toYaml ( .Values.tolerations | default .Values.daemonset.tolerations ) | nindent 8 }} nodeSelector: {{ toYaml ( .Values.nodeSelector | default .Values.daemonset.nodeSelector ) | nindent 8 }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} From 717cbe5c2909c03e1f9938ee47100c71e6fba058 Mon Sep 17 00:00:00 2001 From: John Torakis Date: Thu, 26 Nov 2020 17:04:37 +0200 Subject: [PATCH 09/10] Resolving comments for 8e3a2a530a94963033b2c9a98632ce3ef27653cb --- filebeat/templates/daemonset.yaml | 8 +++++- filebeat/templates/deployment.yaml | 18 ++++++------ filebeat/values.yaml | 46 ++++++++++++++---------------- 3 files changed, 38 insertions(+), 34 deletions(-) diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml index 4c4fd9efc..9396a3c8a 100644 --- a/filebeat/templates/daemonset.yaml +++ b/filebeat/templates/daemonset.yaml @@ -12,6 +12,12 @@ metadata: {{- range $key, $value := .Values.labels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if .Values.deployment.annotations }} + annotations: # comment 2 + {{- range $key, $value := .Values.deployment.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: selector: matchLabels: @@ -26,7 +32,7 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} {{/* This forces a restart if the configmap has changed */}} - {{- if .Values.filebeatConfig }} + {{- if or .Values.filebeatConfig .Values.daemonset.filebeatConfig }} configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} {{- end }} name: "{{ template "filebeat.fullname" . }}" diff --git a/filebeat/templates/deployment.yaml b/filebeat/templates/deployment.yaml index cb0141fd7..c02e030b7 100644 --- a/filebeat/templates/deployment.yaml +++ b/filebeat/templates/deployment.yaml @@ -4,13 +4,15 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: '{{ template "filebeat.fullname" . }}' + name: {{ template "filebeat.fullname" . }} labels: - app: '{{ template "filebeat.fullname" . }}' - chart: '{{ .Chart.Name }}-{{ .Chart.Version }}' - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - {{- if .Values.deployment.annotations}} + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} + {{- range $key, $value := .Values.labels }} # Comment 3 + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- if .Values.deployment.annotations }} annotations: {{- range $key, $value := .Values.deployment.annotations }} {{ $key }}: {{ $value | quote }} @@ -20,9 +22,9 @@ spec: replicas: {{ .Values.replicas }} selector: matchLabels: - app: '{{ template "filebeat.fullname" . }}' + app: "{{ template "filebeat.fullname" . }}" heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' + release: {{ .Release.Name | quote }} template: metadata: annotations: diff --git a/filebeat/values.yaml b/filebeat/values.yaml index e434fe89a..3ca8962c3 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -2,6 +2,8 @@ daemonset: # Annotations to apply to the daemonset annotations: {} + # additionals labels + labels: {} affinity: {} # Include the daemonset enabled: true @@ -19,7 +21,7 @@ daemonset: # - name: extras # mountPath: /usr/share/extras # readOnly: true - + hostNetworking: false # Allows you to add any config files in /usr/share/filebeat # such as filebeat.yml for daemonset filebeatConfig: @@ -59,13 +61,16 @@ daemonset: limits: cpu: "1000m" memory: "200Mi" + tolerations: [] deployment: # Annotations to apply to the deployment annotations: {} + # additionals labels + labels: {} affinity: {} # Include the deployment - enabled: true + enabled: false # Extra environment variables for Filebeat container. envFrom: [] # - configMapRef: @@ -84,17 +89,6 @@ deployment: # such as filebeat.yml for deployment filebeatConfig: filebeat.yml: | - filebeat.inputs: - - type: container - paths: - - /var/log/containers/*.log - processors: - - add_kubernetes_metadata: - host: ${NODE_NAME} - matchers: - - logs_path: - logs_path: "/var/log/containers/" - output.elasticsearch: host: '${NODE_NAME}' hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' @@ -128,7 +122,6 @@ extraInitContainers: [] # Root directory where Filebeat will write data to in order to persist registry data across pod restarts (file position and other metadata). hostPathRoot: /var/lib -hostNetworking: false dnsConfig: {} # options: # - name: ndots @@ -164,9 +157,6 @@ readinessProbe: periodSeconds: 10 timeoutSeconds: 5 -# additionals labels -labels: {} - # Whether this chart should self-manage its service account, role, and associated role binding. managedServiceAccount: true @@ -194,12 +184,18 @@ updateStrategy: RollingUpdate nameOverride: "" fullnameOverride: "" -tolerations: [] - - +# DEPRECATED affinity: {} - -# Override various naming aspects of this chart -# Only edit these if you know what you're doing -nameOverride: "" -fullnameOverride: "" +envFrom: [] +extraEnvs: [] +extraVolumes: [] +extraVolumeMounts: [] +# Allows you to add any config files in /usr/share/filebeat +# such as filebeat.yml for both daemonset and deployment +filebeatConfig: {} +nodeSelector: {} +podSecurityContext: {} +resources: {} +secretMounts: [] +tolerations: [] +labels: {} From dca397405de231e21f3eb96aa99947394869850f Mon Sep 17 00:00:00 2001 From: John Torakis Date: Thu, 26 Nov 2020 19:53:59 +0200 Subject: [PATCH 10/10] Add explanation for deployment/daemonset values scheme --- filebeat/README.md | 105 ++++++++++++++++++++++++++++----------------- 1 file changed, 66 insertions(+), 39 deletions(-) diff --git a/filebeat/README.md b/filebeat/README.md index b6251b34e..97832778a 100644 --- a/filebeat/README.md +++ b/filebeat/README.md @@ -84,45 +84,72 @@ activate it by setting `hostNetworking: true` in [values.yaml][]. as a reference. They are also used in the automated testing of this chart. -## Configuration - -| Parameter | Description | Default | -|--------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------| -| `affinity` | Configurable [affinity][] | `{}` | -| `envFrom` | Templatable string of envFrom to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | -| `extraContainers` | List of additional init containers to be added at the DaemonSet | `""` | -| `extraEnvs` | Extra [environment variables][] which will be appended to the `env:` definition for the container | `[]` | -| `extraInitContainers` | List of additional init containers to be added at the DaemonSet. It also accepts a templatable string of additional containers to be passed to the `tpl` function | `[]` | -| `extraVolumeMounts` | List of additional volumeMounts to be mounted on the DaemonSet | `[]` | -| `extraVolumes` | List of additional volumes to be mounted on the DaemonSet | `[]` | -| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` | see [values.yaml][] | -| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` | -| `hostNetworking` | Use host networking in the DaemonSet so that hostname is reported correctly | `false` | -| `dnsConfig` | Configurable [dnsConfig][] | `{}` | -| `hostPathRoot` | Fully-qualified [hostPath][] that will be used to persist Filebeat registry data | `/var/lib` | -| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | -| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | -| `imageTag` | The Filebeat Docker image tag | `8.0.0-SNAPSHOT` | -| `image` | The Filebeat Docker image | `docker.elastic.co/beats/filebeat` | -| `deploymentType` | Whether Filebeat will be deployed as `DaemonSet` running on all Worker nodes (default) or `Deployment` | `daemonset` | - -| `labels` | Configurable [labels][] applied to all Filebeat pods | `{}` | -| `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | -| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this Helm chart. Set this to `false` in order to manage your own service account and related roles | `true` | -| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | -| `nodeSelector` | Configurable [nodeSelector][] | `{}` | -| `podAnnotations` | Configurable [annotations][] applied to all Filebeat pods | `{}` | -| `podSecurityContext` | Configurable [podSecurityContext][] for Filebeat pod execution environment | see [values.yaml][] | -| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | -| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | -| `resources` | Allows you to set the [resources][] for the `DaemonSet` | see [values.yaml][] | -| `secretMounts` | Allows you easily mount a secret as a file inside the `DaemonSet`. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | -| `serviceAccount` | Custom [serviceAccount][] that Filebeat will use during execution. By default will use the service account created by this chart | `""` | -| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}` -| `terminationGracePeriod` | Termination period (in seconds) to wait before killing Filebeat pod process on pod shutdown | `30` | -| `tolerations` | Configurable [tolerations][] | `[]` | -| `updateStrategy` | The [updateStrategy][] for the `DaemonSet`. By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` | - +| Parameter | Description | Default | +|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------| +| `daemonset.annotations` | Configurable [annotations][] for filebeat daemonset | `{}` | +| `daemonset.labels` | Configurable [labels][] applied to all filebeat DaemonSet pods | `{}` | +| `daemonset.affinity` | Configurable [affinity][] for filebeat daemonset | `{}` | +| `daemonset.enabled` | If true, enable daemonset | `true` | +| `daemonset.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for DaemonSet | `[]` | +| `daemonset.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for DaemonSet | `[]` | +| `daemonset.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function or DaemonSet | `[]` | +| `daemonset.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function or DaemonSet | `[]` | +| `daemonset.hostNetworking` | Enable filebeat DaemonSet to use `hostNetwork` | `false` | +| `daemonset.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat DaemonSet | see [values.yaml][] | +| `daemonset.nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` | +| `daemonset.secretMounts` | Allows you easily mount a secret as a file inside the DaemonSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `daemonset.podSecurityContext` | Configurable [podSecurityContext][] for filebeat DaemonSet pod execution environment | see [values.yaml][] | +| `daemonset.resources` | Allows you to set the [resources][] for filebeat DaemonSet | see [values.yaml][] | +| `daemonset.tolerations` | Configurable [tolerations][] for filebeat DaemonSet | `[]` | +| `deployment.annotations` | Configurable [annotations][] for filebeat Deployment | `{}` | +| `deployment.labels` | Configurable [labels][] applied to all filebeat Deployment pods | `{}` | +| `deployment.affinity` | Configurable [affinity][] for filebeat Deployment | `{}` | +| `deployment.enabled` | If true, enable deployment | `false` | +| `deployment.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for Deployment | `[]` | +| `deployment.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for Deployment | `[]` | +| `deployment.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function or DaemonSet | `[]` | +| `deployment.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function or Deployment | `[]` | +| `deployment.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat Deployment | see [values.yaml][] | +| `deployment.nodeSelector` | Configurable [nodeSelector][] for filebeat Deployment | `{}` | +| `deployment.secretMounts` | Allows you easily mount a secret as a file inside the Deployment Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `deployment.resources` | Allows you to set the [resources][] for filebeat Deployment | see [values.yaml][] | +| `deployment.securityContext` | Configurable [securityContext][] for filebeat Deployment pod execution environment | see [values.yaml][] | +| `deployment.tolerations` | Configurable [tolerations][] for filebeat Deployment | `[]` | +| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` | +| `hostPathRoot` | Fully-qualified [hostPath][] that will be used to persist filebeat registry data | `/var/lib` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The filebeat Docker image tag | `8.0.0-SNAPSHOT` | +| `image` | The filebeat Docker image | `docker.elastic.co/beats/filebeat` | +| `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles | `true` | +| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | +| `podAnnotations` | Configurable [annotations][] applied to all filebeat pods | `{}` | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | +| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `serviceAccount` | Custom [serviceAccount][] that filebeat will use during execution. By default will use the service account created by this chart | `""` | +| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}` | +| `terminationGracePeriod` | Termination period (in seconds) to wait before killing filebeat pod process on pod shutdown | `30` | +| `updateStrategy` | The [updateStrategy][] for the DaemonSet By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` | + +### Deprecated + +| Parameter | Description | Default | +|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|---------| +| `affinity` | Configurable [affinity][] for filebeat DaemonSet | `{}` | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` | +| `extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` | +| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for both filebeat DaemonSet and Deployment | `{}` | +| `nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` | +| `podSecurityContext` | Configurable [securityContext][] for filebeat DaemonSet and Deployment pod execution environment | `{}` | +| `resources` | Allows you to set the [resources][] for both filebeat DaemonSet and Deployment | `{}` | +| `secretMounts` | Allows you easily mount a secret as a file inside DaemonSet and Deployment Useful for mounting certificates and other secrets | `[]` | +| `tolerations` | Configurable [tolerations][] for both filebeat DaemonSet and Deployment | `[]` | +| `labels` | Configurable [labels][] applied to all filebeat pods ## FAQ