Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

[logstash] first version of logstash helm chart #333

Merged
merged 27 commits into from
Oct 29, 2019
Merged

[logstash] first version of logstash helm chart #333

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
bbcee73
[logstash] first version of logstash helm chart
jmlrt Oct 15, 2019
bb527a8
[logstash] remove service and ingress resources
jmlrt Oct 16, 2019
50d0281
[logstash] add first default example
jmlrt Oct 16, 2019
0abec32
[logstash] allow using either configmap or env variable for logstash.yml
jmlrt Oct 17, 2019
c26c337
[logstash] add notes
jmlrt Oct 17, 2019
9bd9ac9
[logstash] add logstash to chart list
jmlrt Oct 17, 2019
b7fde8b
[logstash] add first goss test
jmlrt Oct 17, 2019
8cccd76
[logstash] use elasticsearch in logstash example
jmlrt Oct 17, 2019
bd82d68
[logstash] fix deprecated note about default storage class
jmlrt Oct 17, 2019
1abc224
[logstash] cleanup remaining pv(c) after goss test
jmlrt Oct 17, 2019
dfe785b
[logstash] add oss and default examples
jmlrt Oct 17, 2019
50defe8
[logstash] improve pvc purge
jmlrt Oct 18, 2019
1436884
[logstash] remove another deprecated note about storage class
jmlrt Oct 18, 2019
68b9b69
[logstash] stop enforcing node.name as the default value is already t…
jmlrt Oct 18, 2019
2d17d30
[logstash] remove unused default value
jmlrt Oct 18, 2019
d1aef83
[logstash] use a different annotation to handle logstash restart if p…
jmlrt Oct 18, 2019
f8acf30
[logstash] add missing lifecycle
jmlrt Oct 18, 2019
a989d81
[logstash] fix goss test
jmlrt Oct 18, 2019
42f5673
[logstash] add first python tests
jmlrt Oct 18, 2019
af5dc4c
[logstash] add ci jobs
jmlrt Oct 18, 2019
e222ca6
[logstash] cleanup/update values in README and values.yaml
jmlrt Oct 21, 2019
0acbc1e
[logstash] disable persistence by default
jmlrt Oct 21, 2019
2c1bf4f
[logstash] increase probes initial delay
jmlrt Oct 21, 2019
bac794e
[logstash] manage extra containers
jmlrt Oct 21, 2019
fd3f49f
[logstash] manage services for inputs implementing a listener
jmlrt Oct 21, 2019
8c334da
[logstash] use helm 2.15.1
jmlrt Oct 24, 2019
85c657b
[logstash] add 6.x example
jmlrt Oct 24, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
[logstash] remove service and ingress resources 
Logstash HTTP API shouldn't be exposed externally as Logstash doesn't manage any authentication on this API.
Also as Logstash doesn't support clustering, being able to access this API via a service doesn't make sense.
  • Loading branch information
@jmlrt
jmlrt committed Oct 24, 2019
commit bb527a8a8bfa0f01f62652370728e772273ede1b
5 changes: 0 additions & 5 deletions logstash/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ helm install --name logstash elastic/logstash --set imageTag=7.4.0
| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` |
| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` |
| `imageTag` | The Logstash docker image tag | `7.4.0` |
| `ingress` | Configurable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose the Logstash service. See [`values.yaml`](./values.yaml) for an example | `enabled: false` |
| `initResources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the initContainer in the statefulset | {} |
| `extraInitContainers` | Templatable string of additional init containers to be passed to the `tpl` function | `""` |
| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service. | `9600` |
Expand All @@ -78,16 +77,12 @@ helm install --name logstash elastic/logstash --set imageTag=7.4.0
| `podSecurityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000`<br>`runAsUser: 1000` |
| `podSecurityPolicy` | Configuration for create a pod security policy with minimal permissions to run this Helm chart with `create: true`. Also can be used to reference an external pod security policy with `name: "externalPodSecurityPolicy"` | `create: false`<br>`name: ""` |
| `priorityClassName` | The [name of the PriorityClass](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). No default is supplied as the PriorityClass must be created first. | `""` |
| `protocol` | The protocol that will be used for the readinessProbe. | `http` |
| `readinessProbe` | Configuration fields for the [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) | `failureThreshold: 3`<br>`initialDelaySeconds: 10`<br>`periodSeconds: 10`<br>`successThreshold: 3`<br>`timeoutSeconds: 5` |
| `replicas` | Kubernetes replica count for the statefulset (i.e. how many pods) | `1` |
| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the statefulset | `requests.cpu: 100m`<br>`requests.memory: 2Gi`<br>`limits.cpu: 1000m`<br>`limits.memory: 2Gi` |
| `schedulerName` | Name of the [alternate scheduler](https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods) | `""` |
| `secretMounts` | Allows you easily mount a secret as a file inside the statefulset. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `[]` |
| `securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the container | `capabilities.drop:[ALL]`<br>`runAsNonRoot: true`<br>`runAsUser: 1000` |
| `service.annotations` | Annotations that Kubernetes will use for the service. This will configure load balancer if `service.type` is `LoadBalancer` [Annotations](https://kubernetes.io/docs/concepts/services-networking/service/#ssl-support-on-aws) | `{}` |
| `service.nodePort` | Custom [nodePort](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport) port that can be set if you are using `service.type: nodePort`. | `` |
| `service.type` | Type of logstash service. [Service Types](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | `ClusterIP` |
| `sidecarResources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the sidecar containers in the statefulset | {} |
| `terminationGracePeriod` | The [terminationGracePeriod](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) in seconds used when trying to stop the pod | `120` |
| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
Expand Down
11 changes: 0 additions & 11 deletions logstash/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,3 @@ Return the appropriate apiVersion for statefulset.
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}

{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "logstash.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- end -}}
{{- end -}}
33 changes: 0 additions & 33 deletions logstash/templates/ingress.yaml
View file
Open in desktop

This file was deleted.

27 changes: 0 additions & 27 deletions logstash/templates/service.yaml
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion logstash/templates/statefulset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ metadata:
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
serviceName: {{ template "fullname" . }}
selector:
matchLabels:
app: "{{ template "fullname" . }}"
Expand Down
22 changes: 0 additions & 22 deletions logstash/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,15 +133,8 @@ nodeAffinity: {}
# the same time when bootstrapping the cluster
podManagementPolicy: "Parallel"

protocol: http
httpPort: 9600
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't recommend exposing Logstash's http API as it is, to my knowledge, unauthenticated and has an API for mutation of things like log level.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Service and Ingress for Logstash HTTP API where removed in 1768d4b.

Do you think we should also remove port exposition at Pod level?


service:
type: ClusterIP
port: 9600
nodePort:
annotations: {}

updateStrategy: RollingUpdate

# This is the max unavailable setting for the pod disruption budget
Expand Down Expand Up @@ -192,21 +185,6 @@ schedulerName: ""
nodeSelector: {}
tolerations: []

# Enabling this will publically expose your Logstash instance.
# Only enable this if you have security enabled on your cluster
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local

nameOverride: ""
fullnameOverride: ""

Expand Down