[logstash] add security example

elastic · jmlrt · Jun 18, 2020 · Nov 13, 2019 · Jun 17, 2020 · Jun 18, 2020
commit 90fc04300b438dba89596db7965ac4b9186f4b27
diff --git a/logstash/examples/security/Makefile b/logstash/examples/security/Makefile
@@ -0,0 +1,13 @@
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-logstash-security
+
+install:
+	helm upgrade --wait --timeout=900 --install $(RELEASE) --values values.yaml ../../
+
+test: install goss
+
+purge:
+	helm del --purge $(RELEASE)
diff --git a/logstash/examples/security/test/goss.yaml b/logstash/examples/security/test/goss.yaml
@@ -0,0 +1,43 @@
+user:
+  logstash:
+    exists: true
+    uid: 1000
+    gid: 1000
+
+http:
+  http://localhost:9600?pretty:
+    status: 200
+    timeout: 2000
+    body:
+      - '"host" : "helm-logstash-default-logstash-0"'
+      - '"version" : "7.4.1"'
+      - '"http_address" : "0.0.0.0:9600"'
+      - '"name" : "helm-logstash-default-logstash-0"'
+      - '"status" : "green"'
+      - '"workers" : 1'
+      - '"batch_size" : 125'
+      - '"batch_delay" : 50'
+
+file:
+  /usr/share/logstash/config/logstash.yml:
+    exists: true
+    mode: "0644"
+    owner: logstash
+    group: root
+    filetype: file
+    contains:
+      - 'http.host: "0.0.0.0"'
+      - 'xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]'
+  /usr/share/logstash/pipeline/logstash.conf:
+    exists: true
+    mode: "0644"
+    owner: logstash
+    group: root
+    filetype: file
+    contains:
+      - 'input {'
+      - 'beats {'
+      - 'port => 5044'
+      - 'output {'
+      - 'stdout {'
+      - 'codec => rubydebug'
diff --git a/logstash/examples/security/values.yaml b/logstash/examples/security/values.yaml
@@ -0,0 +1,37 @@
+logstashConfig:
+  logstash.yml: |
+    http.host: 0.0.0.0
+    xpack.monitoring.enabled: true
+    xpack.monitoring.elasticsearch.username: '${ELASTICSEARCH_USERNAME}'
+    xpack.monitoring.elasticsearch.password: '${ELASTICSEARCH_PASSWORD}'
+    xpack.monitoring.elasticsearch.hosts: ["https://security-master:9200"]
+    xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certs/elastic-certificate.pem
+
+logstashPipeline:
+  uptime.conf: |
+    input { exec { command => "uptime" interval => 30 } }
+    output { elasticsearch {
+      hosts => ["https://security-master:9200"]
+      cacert => "/usr/share/logstash/config/certs/elastic-certificate.pem"
+      user => '${ELASTICSEARCH_USERNAME}'
+      password => '${ELASTICSEARCH_PASSWORD}'
+      index => "logstash"
+      }
+    }
+
+secretMounts:
+  - name: elastic-certificate-pem
+    secretName: elastic-certificate-pem
+    path: /usr/share/logstash/config/certs
+
+extraEnvs:
+  - name: 'ELASTICSEARCH_USERNAME'
+    valueFrom:
+      secretKeyRef:
+        name: elastic-credentials
+        key: username
+  - name: 'ELASTICSEARCH_PASSWORD'
+    valueFrom:
+      secretKeyRef:
+        name: elastic-credentials
+        key: password