barkbay · January 27, 2023 09:14
diff --git a/monitored.yaml b/monitored.yaml
 ### Requires to run the follwing command for Filebeat:
 ### oc adm policy add-scc-to-user privileged -z filebeat -n monitored
 apiVersion: beat.k8s.elastic.co/v1beta1
 kind: Beat
 metadata:
  name: filebeat
  namespace: monitored
 spec:
  type: filebeat
  version: 8.4.2
  monitoring:
    metrics:
      elasticsearchRefs:
      - name: elasticsearch-sample
        namespace: monitoring
  elasticsearchRef:
    name: elasticsearch
    namespace: monitored
  kibanaRef:
    name: kibana
  config:
    filebeat:
      autodiscover:
        providers:
        - type: kubernetes
          node: ${NODE_NAME}
          hints:
            enabled: true
            default_config:
              type: container
              paths:
              - /var/log/containers/*${data.kubernetes.container.id}.log
    processors:
    - add_cloud_metadata: {}
    - add_host_metadata: {}
  daemonSet:
    podTemplate:
      spec:
        tolerations:
        - effect: NoSchedule
          key: node-role.kubernetes.io/master
          operator: Exists
        serviceAccountName: filebeat
        automountServiceAccountToken: true
        terminationGracePeriodSeconds: 30
        dnsPolicy: ClusterFirstWithHostNet
        hostNetwork: true # Allows to provide richer host metadata
        containers:
        - name: filebeat
          securityContext:
            runAsUser: 0
            # If using Red Hat OpenShift uncomment this:
            privileged: true
          volumeMounts:
          - name: varlogcontainers
            mountPath: /var/log/containers
          - name: varlogpods
            mountPath: /var/log/pods
          - name: varlibdockercontainers
            mountPath: /var/lib/docker/containers
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
        volumes:
        - name: varlogcontainers
          hostPath:
            path: /var/log/containers
        - name: varlogpods
          hostPath:
            path: /var/log/pods
        - name: varlibdockercontainers
          hostPath:
            path: /var/lib/docker/containers
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: filebeat
 rules:
 - apiGroups: [""] # "" indicates the core API group
  resources:
  - namespaces
  - pods
  - nodes
  verbs:
  - get
  - watch
  - list
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: filebeat
  namespace: monitored
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: filebeat
 subjects:
 - kind: ServiceAccount
  name: filebeat
  namespace: monitored
 roleRef:
  kind: ClusterRole
  name: filebeat
  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
  name: elasticsearch
  namespace: monitored
 spec:
  monitoring:
    metrics:
      elasticsearchRefs:
      - name: elasticsearch-sample
        namespace: monitoring
  version: 8.4.2
  nodeSets:
  - name: default
    count: 3
    volumeClaimTemplates:
     - metadata:
         name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path.
       spec:
         accessModes:
         - ReadWriteOnce
         resources:
           requests:
             storage: 100Gi
         storageClassName: standard
    config:
      node.store.allow_mmap: false
 ---
 apiVersion: kibana.k8s.elastic.co/v1
 kind: Kibana
 metadata:
  name: kibana
  namespace: monitored
 spec:
  monitoring:
    metrics:
      elasticsearchRefs:
      - name: elasticsearch-sample
        namespace: monitoring
  version: 8.4.2
  count: 1
  elasticsearchRef:
    name: elasticsearch
 ...
diff --git a/monitoring.yaml b/monitoring.yaml
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
  name: elasticsearch-sample
  namespace: monitoring
 spec:
  version: 8.4.2
  nodeSets:
  - name: default
    count: 3
    config:
      node.store.allow_mmap: false
    volumeClaimTemplates:
     - metadata:
         name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path.
       spec:
         accessModes:
         - ReadWriteOnce
         resources:
           requests:
             storage: 100Gi
         storageClassName: standard
 ---
 apiVersion: kibana.k8s.elastic.co/v1
 kind: Kibana
 metadata:
  name: kibana-sample
  namespace: monitoring
 spec:
  version: 8.4.2
  count: 1
  elasticsearchRef:
    name: "elasticsearch-sample"
    namespace: monitoring
  podTemplate:
    metadata:
      labels:
        foo: bar
    spec:
      containers:
      - name: kibana
        resources:
          limits:
            memory: 1Gi
            cpu: 1
	### Requires to run the follwing command for Filebeat:
	### oc adm policy add-scc-to-user privileged -z filebeat -n monitored
	apiVersion: beat.k8s.elastic.co/v1beta1
	kind: Beat
	metadata:
	name: filebeat
	namespace: monitored
	spec:
	type: filebeat
	version: 8.4.2
	monitoring:
	metrics:
	elasticsearchRefs:
	- name: elasticsearch-sample
	namespace: monitoring
	elasticsearchRef:
	name: elasticsearch
	namespace: monitored
	kibanaRef:
	name: kibana
	config:
	filebeat:
	autodiscover:
	providers:
	- type: kubernetes
	node: ${NODE_NAME}
	hints:
	enabled: true
	default_config:
	type: container
	paths:
	- /var/log/containers/*${data.kubernetes.container.id}.log
	processors:
	- add_cloud_metadata: {}
	- add_host_metadata: {}
	daemonSet:
	podTemplate:
	spec:
	tolerations:
	- effect: NoSchedule
	key: node-role.kubernetes.io/master
	operator: Exists
	serviceAccountName: filebeat
	automountServiceAccountToken: true
	terminationGracePeriodSeconds: 30
	dnsPolicy: ClusterFirstWithHostNet
	hostNetwork: true # Allows to provide richer host metadata
	containers:
	- name: filebeat
	securityContext:
	runAsUser: 0
	# If using Red Hat OpenShift uncomment this:
	privileged: true
	volumeMounts:
	- name: varlogcontainers
	mountPath: /var/log/containers
	- name: varlogpods
	mountPath: /var/log/pods
	- name: varlibdockercontainers
	mountPath: /var/lib/docker/containers
	env:
	- name: NODE_NAME
	valueFrom:
	fieldRef:
	fieldPath: spec.nodeName
	volumes:
	- name: varlogcontainers
	hostPath:
	path: /var/log/containers
	- name: varlogpods
	hostPath:
	path: /var/log/pods
	- name: varlibdockercontainers
	hostPath:
	path: /var/lib/docker/containers
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: filebeat
	rules:
	- apiGroups: [""] # "" indicates the core API group
	resources:
	- namespaces
	- pods
	- nodes
	verbs:
	- get
	- watch
	- list
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: filebeat
	namespace: monitored
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: filebeat
	subjects:
	- kind: ServiceAccount
	name: filebeat
	namespace: monitored
	roleRef:
	kind: ClusterRole
	name: filebeat
	apiGroup: rbac.authorization.k8s.io
	---
	apiVersion: elasticsearch.k8s.elastic.co/v1
	kind: Elasticsearch
	metadata:
	name: elasticsearch
	namespace: monitored
	spec:
	monitoring:
	metrics:
	elasticsearchRefs:
	- name: elasticsearch-sample
	namespace: monitoring
	version: 8.4.2
	nodeSets:
	- name: default
	count: 3
	volumeClaimTemplates:
	- metadata:
	name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path.
	spec:
	accessModes:
	- ReadWriteOnce
	resources:
	requests:
	storage: 100Gi
	storageClassName: standard
	config:
	node.store.allow_mmap: false
	---
	apiVersion: kibana.k8s.elastic.co/v1
	kind: Kibana
	metadata:
	name: kibana
	namespace: monitored
	spec:
	monitoring:
	metrics:
	elasticsearchRefs:
	- name: elasticsearch-sample
	namespace: monitoring
	version: 8.4.2
	count: 1
	elasticsearchRef:
	name: elasticsearch
	...