diff --git a/elasticsearch/README.md b/elasticsearch/README.md
index 77d298d03..bafce262a 100644
--- a/elasticsearch/README.md
+++ b/elasticsearch/README.md
@@ -42,7 +42,7 @@ This chart is tested with the latest supported versions. The currently tested ve
| 5.x | 6.x | 7.x |
| ------ | ----- | ----- |
-| 5.6.16 | 6.7.1 | 7.0.1 |
+| 5.6.16 | 6.7.2 | 7.0.1 |
Examples of installing older major versions can be found in the [examples](./examples) directory.
diff --git a/elasticsearch/examples/6.x/test/goss.yaml b/elasticsearch/examples/6.x/test/goss.yaml
index bb7289fe9..7b8bc7225 100644
--- a/elasticsearch/examples/6.x/test/goss.yaml
+++ b/elasticsearch/examples/6.x/test/goss.yaml
@@ -11,7 +11,7 @@ http:
status: 200
timeout: 2000
body:
- - '"number" : "6.7.1"'
+ - '"number" : "6.7.2"'
- '"cluster_name" : "six"'
- '"name" : "six-master-0"'
- 'You Know, for Search'
diff --git a/elasticsearch/examples/6.x/values.yaml b/elasticsearch/examples/6.x/values.yaml
index 1109970dc..cab3dee21 100644
--- a/elasticsearch/examples/6.x/values.yaml
+++ b/elasticsearch/examples/6.x/values.yaml
@@ -1,5 +1,5 @@
---
clusterName: "six"
-imageTag: "6.7.1"
+imageTag: "6.7.2"
esMajorVersion: 6
diff --git a/elasticsearch/examples/oss/Makefile b/elasticsearch/examples/oss/Makefile
new file mode 100644
index 000000000..869e9158c
--- /dev/null
+++ b/elasticsearch/examples/oss/Makefile
@@ -0,0 +1,12 @@
+default: test
+include ../../../helpers/examples.mk
+
+RELEASE := helm-es-oss
+
+install:
+ helm upgrade --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ ; \
+
+test: install goss
+
+purge:
+ helm del --purge $(RELEASE)
diff --git a/elasticsearch/examples/oss/test/goss.yaml b/elasticsearch/examples/oss/test/goss.yaml
new file mode 100644
index 000000000..e87a97a2c
--- /dev/null
+++ b/elasticsearch/examples/oss/test/goss.yaml
@@ -0,0 +1,17 @@
+http:
+ http://localhost:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ body:
+ - 'green'
+ - '"number_of_nodes":3'
+ - '"number_of_data_nodes":3'
+
+ http://localhost:9200:
+ status: 200
+ timeout: 2000
+ body:
+ - '"number" : "7.0.1"'
+ - '"cluster_name" : "oss"'
+ - '"name" : "oss-master-0"'
+ - 'You Know, for Search'
diff --git a/elasticsearch/examples/oss/values.yaml b/elasticsearch/examples/oss/values.yaml
new file mode 100644
index 000000000..adcb7df3e
--- /dev/null
+++ b/elasticsearch/examples/oss/values.yaml
@@ -0,0 +1,4 @@
+---
+
+clusterName: "oss"
+image: "docker.elastic.co/elasticsearch/elasticsearch-oss"
diff --git a/filebeat/Chart.yaml b/filebeat/Chart.yaml
index 877fb001e..58b80fe37 100755
--- a/filebeat/Chart.yaml
+++ b/filebeat/Chart.yaml
@@ -4,8 +4,8 @@ maintainers:
- email: helm-charts@elastic.co
name: Elastic
name: filebeat
-version: 7.0.0-alpha1
-appVersion: 7.0.0
+version: 7.0.1-alpha1
+appVersion: 7.0.1
sources:
- https://github.com/elastic/beats
icon: https://helm.elastic.co/icons/filebeat.png
diff --git a/filebeat/README.md b/filebeat/README.md
index 78e5a1921..2509ee92a 100644
--- a/filebeat/README.md
+++ b/filebeat/README.md
@@ -17,7 +17,7 @@ This helm chart is a lightweight way to configure and run our official [Filebeat
```
* Install it
```
- helm install --name filebeat elastic/filebeat --version 7.0.0-alpha1
+ helm install --name filebeat elastic/filebeat --version 7.0.1-alpha1
```
## Compatibility
@@ -26,39 +26,40 @@ This chart is tested with the latest supported versions. The currently tested ve
| 5.x | 6.x | 7.x |
| ------ | ----- | ----- |
-| 5.6.16 | 6.7.1 | 7.0.0 |
+| 5.6.16 | 6.7.2 | 7.0.1 |
Examples of installing older major versions can be found in the [examples](./examples) directory.
-While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.0.0` of Filebeat it would look like this:
+While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.0.1` of Filebeat it would look like this:
```
-helm install --name filebeat elastic/filebeat --version 7.0.0-alpha1 --set imageTag=7.0.0
+helm install --name filebeat elastic/filebeat --version 7.0.1-alpha1 --set imageTag=7.0.1
```
## Configuration
-| Parameter | Description | Default |
-| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
-| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml`. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` |
-| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` |
-| `extraVolumeMounts` | Any extra volumes mounts to define for the Filebeat container | `[]` |
-| `extraVolumes` | Any extra volumes to define for the pod | `[]` |
-| `hostPathRoot` | Fully-qualified [hostPath](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) that will be used to persist Filebeat registry data | `/var/lib` |
-| `image` | The Filebeat docker image | `docker.elastic.co/beats/filebeat` |
-| `imageTag` | The Filebeat docker image tag | `7.0.0` |
-| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` |
-| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` |
-| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles. | `true` |
-| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Filebeat pods | `{}` |
-| `podSecurityContext` | Configurable [podSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for Filebeat pod execution environment | `fsGroup: 1000`
`runAsUser: 0`
`privileged: false` |
-| `livenessProbe` | Parameters to pass to [liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) checks for values such as timeouts and thresholds. | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` |
-| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the `DaemonSet` | `requests.cpu: 100m`
`requests.memory: 100Mi`
`limits.cpu: 1000m`
`limits.memory: 200Mi` |
-| `serviceAccount` | The [serviceAccount](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) that Filebeat will use during execution | `filebeat` |
-| `secretMounts` | Allows you easily mount a secret as a file inside the `DaemonSet`. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `[]` |
-| `terminationGracePeriod` | Termination period (in seconds) to wait before killing Filebeat pod process on pod shutdown | `30` |
-| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
-| `updateStrategy` | The [updateStrategy](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) for the `DaemonSet`. By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually. | `RollingUpdate` |
+| Parameter | Description | Default |
+| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
+| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml`. See [values.yaml](./values.yaml) for an example of the formatting with the default configuration. | see [values.yaml](./values.yaml) |
+| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` |
+| `extraVolumeMounts` | Any extra volumes mounts to define for the Filebeat container | `[]` |
+| `extraVolumes` | Any extra volumes to define for the pod | `[]` |
+| `hostPathRoot` | Fully-qualified [hostPath](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) that will be used to persist Filebeat registry data | `/var/lib` |
+| `image` | The Filebeat docker image | `docker.elastic.co/beats/filebeat` |
+| `imageTag` | The Filebeat docker image tag | `7.0.1` |
+| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` |
+| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` |
+| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles. | `true` |
+| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Filebeat pods | `{}` |
+| `podSecurityContext` | Configurable [podSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for Filebeat pod execution environment | `fsGroup: 1000`
`runAsUser: 0`
`privileged: false` |
+| `livenessProbe` | Parameters to pass to [liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) checks for values such as timeouts and thresholds. | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` |
+| `readinessProbe` | Parameters to pass to [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) checks for values such as timeouts and thresholds. | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` |
+| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the `DaemonSet` | `requests.cpu: 100m`
`requests.memory: 100Mi`
`limits.cpu: 1000m`
`limits.memory: 200Mi` |
+| `serviceAccount` | Custom [serviceAccount](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) that Filebeat will use during execution. By default will use the service account created by this chart. | `""` |
+| `secretMounts` | Allows you easily mount a secret as a file inside the `DaemonSet`. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `[]` |
+| `terminationGracePeriod` | Termination period (in seconds) to wait before killing Filebeat pod process on pod shutdown | `30` |
+| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
+| `updateStrategy` | The [updateStrategy](https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy) for the `DaemonSet`. By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually. | `RollingUpdate` |
## Examples
diff --git a/filebeat/examples/6.x/Makefile b/filebeat/examples/6.x/Makefile
new file mode 100644
index 000000000..34bc979b4
--- /dev/null
+++ b/filebeat/examples/6.x/Makefile
@@ -0,0 +1,13 @@
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-filebeat-six
+
+install:
+ helm upgrade --wait --timeout=600 --install $(RELEASE) --values values.yaml ../../
+
+test: install goss
+
+purge:
+ helm del --purge $(RELEASE)
diff --git a/filebeat/examples/6.x/test/goss.yaml b/filebeat/examples/6.x/test/goss.yaml
new file mode 100644
index 000000000..2bb599461
--- /dev/null
+++ b/filebeat/examples/6.x/test/goss.yaml
@@ -0,0 +1,21 @@
+port:
+ tcp:5066:
+ listening: true
+ ip:
+ - '127.0.0.1'
+
+mount:
+ /usr/share/filebeat/data:
+ exists: true
+user:
+ filebeat:
+ exists: true
+ uid: 1000
+ gid: 1000
+
+http:
+ http://six-master:9200/_cat/indices:
+ status: 200
+ timeout: 2000
+ body:
+ - 'filebeat-6.7.2'
diff --git a/filebeat/examples/6.x/values.yaml b/filebeat/examples/6.x/values.yaml
new file mode 100644
index 000000000..cc8084b1e
--- /dev/null
+++ b/filebeat/examples/6.x/values.yaml
@@ -0,0 +1,5 @@
+imageTag: 6.7.2
+
+extraEnvs:
+ - name: ELASTICSEARCH_HOSTS
+ value: six-master:9200
diff --git a/filebeat/examples/default/Makefile b/filebeat/examples/default/Makefile
index fa438f6bc..6cfa6a648 100644
--- a/filebeat/examples/default/Makefile
+++ b/filebeat/examples/default/Makefile
@@ -5,7 +5,7 @@ include ../../../helpers/examples.mk
RELEASE := helm-filebeat-default
install:
- helm upgrade --wait --timeout=600 --values values.yaml --install $(RELEASE) ../../
+ helm upgrade --wait --timeout=600 --install $(RELEASE) ../../
test: install goss
diff --git a/filebeat/examples/default/test/goss.yaml b/filebeat/examples/default/test/goss.yaml
index ec46d4d0e..1db4632b6 100644
--- a/filebeat/examples/default/test/goss.yaml
+++ b/filebeat/examples/default/test/goss.yaml
@@ -7,9 +7,41 @@ port:
mount:
/usr/share/filebeat/data:
exists: true
+ /run/docker.sock:
+ exists: true
+ /var/lib/docker/containers:
+ exists: true
+ opts:
+ - ro
+ /usr/share/filebeat/filebeat.yml:
+ exists: true
+ opts:
+ - ro
user:
filebeat:
exists: true
uid: 1000
gid: 1000
+
+http:
+ http://elasticsearch-master:9200/_cat/indices:
+ status: 200
+ timeout: 2000
+ body:
+ - 'filebeat-7.0.1'
+
+file:
+ /usr/share/filebeat/filebeat.yml:
+ exists: true
+ contains:
+ - 'add_kubernetes_metadata'
+ - 'output.elasticsearch'
+ - 'elasticsearch-master:9200'
+
+command:
+ cd /usr/share/filebeat && filebeat test output:
+ exit-status: 0
+ stdout:
+ - 'elasticsearch: http://elasticsearch-master:9200'
+ - 'version: 7.0.1'
diff --git a/filebeat/examples/default/values.yaml b/filebeat/examples/default/values.yaml
deleted file mode 100644
index 14cc6ea95..000000000
--- a/filebeat/examples/default/values.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-filebeatConfig:
- filebeat.yml: |
- filebeat.inputs:
- - type: docker
- containers.ids:
- - '*'
- processors:
- - add_kubernetes_metadata:
- in_cluster: true
-
- output.elasticsearch:
- hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'
-
-extraEnvs:
-- name: ELASTICSEARCH_HOSTS
- value: elasticsearch-master:9200
diff --git a/filebeat/examples/oss/Makefile b/filebeat/examples/oss/Makefile
new file mode 100644
index 000000000..e6b665412
--- /dev/null
+++ b/filebeat/examples/oss/Makefile
@@ -0,0 +1,13 @@
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-filebeat-oss
+
+install:
+ helm upgrade --wait --timeout=600 --install $(RELEASE) --values values.yaml ../../
+
+test: install goss
+
+purge:
+ helm del --purge $(RELEASE)
diff --git a/filebeat/examples/oss/test/goss.yaml b/filebeat/examples/oss/test/goss.yaml
new file mode 100644
index 000000000..ca06f4b57
--- /dev/null
+++ b/filebeat/examples/oss/test/goss.yaml
@@ -0,0 +1,22 @@
+port:
+ tcp:5066:
+ listening: true
+ ip:
+ - '127.0.0.1'
+
+mount:
+ /usr/share/filebeat/data:
+ exists: true
+
+user:
+ filebeat:
+ exists: true
+ uid: 1000
+ gid: 1000
+
+http:
+ http://oss-master:9200/_cat/indices:
+ status: 200
+ timeout: 2000
+ body:
+ - 'filebeat-7.0.1'
diff --git a/filebeat/examples/oss/values.yaml b/filebeat/examples/oss/values.yaml
new file mode 100644
index 000000000..0b9a414f7
--- /dev/null
+++ b/filebeat/examples/oss/values.yaml
@@ -0,0 +1,5 @@
+image: docker.elastic.co/beats/filebeat-oss
+
+extraEnvs:
+ - name: ELASTICSEARCH_HOSTS
+ value: oss-master:9200
diff --git a/filebeat/examples/security/Makefile b/filebeat/examples/security/Makefile
new file mode 100644
index 000000000..6d79d4231
--- /dev/null
+++ b/filebeat/examples/security/Makefile
@@ -0,0 +1,13 @@
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-filebeat-security
+
+install:
+ helm upgrade --wait --timeout=600 --install $(RELEASE) --values values.yaml ../../
+
+test: install goss
+
+purge:
+ helm del --purge $(RELEASE)
diff --git a/filebeat/examples/security/test/goss.yaml b/filebeat/examples/security/test/goss.yaml
new file mode 100644
index 000000000..2c7ce2c11
--- /dev/null
+++ b/filebeat/examples/security/test/goss.yaml
@@ -0,0 +1,9 @@
+http:
+ https://security-master:9200/_cat/indices:
+ status: 200
+ timeout: 2000
+ body:
+ - 'filebeat-7.0.1'
+ allow-insecure: true
+ username: '{{ .Env.ELASTICSEARCH_USERNAME }}'
+ password: '{{ .Env.ELASTICSEARCH_PASSWORD }}'
diff --git a/filebeat/examples/security/values.yaml b/filebeat/examples/security/values.yaml
new file mode 100644
index 000000000..bedb79643
--- /dev/null
+++ b/filebeat/examples/security/values.yaml
@@ -0,0 +1,34 @@
+filebeatConfig:
+ filebeat.yml: |
+ filebeat.inputs:
+ - type: docker
+ containers.ids:
+ - '*'
+ processors:
+ - add_kubernetes_metadata:
+ in_cluster: true
+
+ output.elasticsearch:
+ username: '${ELASTICSEARCH_USERNAME}'
+ password: '${ELASTICSEARCH_PASSWORD}'
+ protocol: https
+ hosts: ["security-master:9200"]
+ ssl.certificate_authorities:
+ - /usr/share/filebeat/config/certs/elastic-certificate.pem
+
+secretMounts:
+ - name: elastic-certificate-pem
+ secretName: elastic-certificate-pem
+ path: /usr/share/filebeat/config/certs
+
+extraEnvs:
+ - name: 'ELASTICSEARCH_USERNAME'
+ valueFrom:
+ secretKeyRef:
+ name: elastic-credentials
+ key: username
+ - name: 'ELASTICSEARCH_PASSWORD'
+ valueFrom:
+ secretKeyRef:
+ name: elastic-credentials
+ key: password
diff --git a/filebeat/templates/NOTES.txt b/filebeat/templates/NOTES.txt
index 083d9885b..24cdde2e5 100755
--- a/filebeat/templates/NOTES.txt
+++ b/filebeat/templates/NOTES.txt
@@ -1,4 +1,2 @@
-1. Watch all cluster members come up.
+1. Watch all containers come up.
$ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "fullname" . }} -w
-2. Test cluster health using Helm test.
- $ helm test {{ .Release.Name }}
diff --git a/filebeat/templates/_helpers.tpl b/filebeat/templates/_helpers.tpl
index f0d83d2ed..769546335 100755
--- a/filebeat/templates/_helpers.tpl
+++ b/filebeat/templates/_helpers.tpl
@@ -14,3 +14,15 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+
+{{/*
+Use the fullname if the serviceAccount value is not set
+*/}}
+{{- define "serviceAccount" -}}
+{{- if .Values.serviceAccount }}
+{{- .Values.serviceAccount -}}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
diff --git a/filebeat/templates/clusterrole.yaml b/filebeat/templates/clusterrole.yaml
index 6eed081bd..52d7e5e98 100644
--- a/filebeat/templates/clusterrole.yaml
+++ b/filebeat/templates/clusterrole.yaml
@@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
- name: {{ .Values.serviceAccount }}-cluster-role
+ name: {{ template "serviceAccount" . }}-cluster-role
labels:
app: "{{ template "fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
diff --git a/filebeat/templates/clusterrolebinding.yaml b/filebeat/templates/clusterrolebinding.yaml
index d6d820477..b901e2387 100644
--- a/filebeat/templates/clusterrolebinding.yaml
+++ b/filebeat/templates/clusterrolebinding.yaml
@@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
- name: {{ .Values.serviceAccount }}-cluster-role-binding
+ name: {{ template "serviceAccount" . }}-cluster-role-binding
labels:
app: "{{ template "fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
@@ -10,10 +10,10 @@ metadata:
release: {{ .Release.Name | quote }}
roleRef:
kind: ClusterRole
- name: {{ .Values.serviceAccount }}-cluster-role
+ name: {{ template "serviceAccount" . }}-cluster-role
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
- name: {{ .Values.serviceAccount }}
+ name: {{ template "serviceAccount" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}
diff --git a/filebeat/templates/configmap.yaml b/filebeat/templates/configmap.yaml
index 17022984d..cc5fe6c78 100644
--- a/filebeat/templates/configmap.yaml
+++ b/filebeat/templates/configmap.yaml
@@ -3,9 +3,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ template "name" . }}-config
+ name: {{ template "fullname" . }}-config
labels:
- app: "{{ template "name" . }}"
+ app: "{{ template "fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml
index 938b941ae..bc53b51ba 100644
--- a/filebeat/templates/daemonset.yaml
+++ b/filebeat/templates/daemonset.yaml
@@ -36,7 +36,7 @@ spec:
tolerations:
{{ toYaml . | indent 6 }}
{{- end }}
- serviceAccountName: {{ .Values.serviceAccount }}
+ serviceAccountName: {{ template "serviceAccount" . }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }}
volumes:
{{- range .Values.secretMounts }}
@@ -48,11 +48,11 @@ spec:
- name: filebeat-config
configMap:
defaultMode: 0600
- name: {{ template "name" . }}-config
+ name: {{ template "fullname" . }}-config
{{- end }}
- name: data
hostPath:
- path: {{ .Values.hostPathRoot }}/{{ template "fullname" . }}-data
+ path: {{ .Values.hostPathRoot }}/{{ template "fullname" . }}-{{ .Release.Namespace }}-data
type: DirectoryOrCreate
- name: varlibdockercontainers
hostPath:
@@ -68,7 +68,7 @@ spec:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
containers:
- - name: "{{ template "name" . }}"
+ - name: "filebeat"
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
imagePullPolicy: "{{ .Values.imagePullPolicy }}"
args:
@@ -76,12 +76,23 @@ spec:
- "-E"
- "http.enabled=true"
livenessProbe:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash -e
+ curl --fail 127.0.0.1:5066
{{ toYaml .Values.livenessProbe | indent 10 }}
- httpGet:
- port: monitor
- ports:
- - name: monitor
- containerPort: 5066
+ readinessProbe:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash -e
+ filebeat test output
+{{ toYaml .Values.readinessProbe | indent 10 }}
resources:
{{ toYaml .Values.resources | indent 10 }}
env:
diff --git a/filebeat/templates/serviceaccount.yaml b/filebeat/templates/serviceaccount.yaml
index 64e6f9f1b..70a7a049b 100644
--- a/filebeat/templates/serviceaccount.yaml
+++ b/filebeat/templates/serviceaccount.yaml
@@ -2,7 +2,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
- name: {{ .Values.serviceAccount }}
+ name: {{ template "serviceAccount" . }}
labels:
app: "{{ template "fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
diff --git a/filebeat/tests/filebeat_test.py b/filebeat/tests/filebeat_test.py
index 889f6587e..4ed6be8c0 100644
--- a/filebeat/tests/filebeat_test.py
+++ b/filebeat/tests/filebeat_test.py
@@ -5,7 +5,7 @@
import yaml
project = 'filebeat'
-name = 'RELEASE-NAME-' + project
+name = 'release-name-' + project
def test_defaults():
@@ -19,12 +19,13 @@ def test_defaults():
c = r['daemonset'][name]['spec']['template']['spec']['containers'][0]
assert c['name'] == project
assert c['image'].startswith('docker.elastic.co/beats/' + project + ':')
- assert c['ports'][0]['containerPort'] == 5066 # internal filebeat monitoring REST API
assert c['env'][0]['name'] == 'POD_NAMESPACE'
assert c['env'][0]['valueFrom']['fieldRef']['fieldPath'] == 'metadata.namespace'
- assert c['livenessProbe']['httpGet']['port'] == 'monitor'
+ assert 'curl --fail 127.0.0.1:5066' in c['livenessProbe']['exec']['command'][-1]
+
+ assert 'filebeat test output' in c['readinessProbe']['exec']['command'][-1]
# Empty customizable defaults
assert 'imagePullSecrets' not in r['daemonset'][name]['spec']['template']['spec']
@@ -32,6 +33,17 @@ def test_defaults():
assert r['daemonset'][name]['spec']['updateStrategy']['type'] == 'RollingUpdate'
+ assert r['daemonset'][name]['spec']['template']['spec']['serviceAccountName'] == name
+
+ volumes = r['daemonset'][name]['spec']['template']['spec']['volumes']
+ assert {
+ 'name': 'data',
+ 'hostPath': {
+ 'path': '/var/lib/release-name-filebeat-default-data',
+ 'type': 'DirectoryOrCreate'
+ }
+ } in volumes
+
def test_adding_envs():
config = '''
@@ -115,7 +127,7 @@ def test_adding_in_filebeat_config():
hello = world
'''
r = helm_template(config)
- c = r['configmap'][project + '-config']['data']
+ c = r['configmap'][name + '-config']['data']
assert 'filebeat.yml' in c
assert 'other-config.yml' in c
@@ -127,8 +139,46 @@ def test_adding_in_filebeat_config():
d = r['daemonset'][name]['spec']['template']['spec']
- assert {'configMap': {'name': project + '-config', 'defaultMode': 0600}, 'name': project + '-config'} in d['volumes']
+ assert {'configMap': {'name': name + '-config', 'defaultMode': 0600}, 'name': project + '-config'} in d['volumes']
assert {'mountPath': '/usr/share/filebeat/filebeat.yml', 'name': project + '-config', 'subPath': 'filebeat.yml', 'readOnly': True} in d['containers'][0]['volumeMounts']
assert {'mountPath': '/usr/share/filebeat/other-config.yml', 'name': project + '-config', 'subPath': 'other-config.yml', 'readOnly': True} in d['containers'][0]['volumeMounts']
assert 'configChecksum' in r['daemonset'][name]['spec']['template']['metadata']['annotations']
+
+
+def test_adding_a_secret_mount():
+ config = '''
+secretMounts:
+ - name: elastic-certificates
+ secretName: elastic-certificates
+ path: /usr/share/filebeat/config/certs
+'''
+ r = helm_template(config)
+ s = r['daemonset'][name]['spec']['template']['spec']
+ assert s['containers'][0]['volumeMounts'][0] == {
+ 'mountPath': '/usr/share/filebeat/config/certs',
+ 'name': 'elastic-certificates'
+ }
+ assert s['volumes'][0] == {
+ 'name': 'elastic-certificates',
+ 'secret': {
+ 'secretName': 'elastic-certificates'
+ }
+ }
+
+
+def test_adding_a_extra_volume_with_volume_mount():
+ config = '''
+extraVolumes: |
+ - name: extras
+ emptyDir: {}
+extraVolumeMounts: |
+ - name: extras
+ mountPath: /usr/share/extras
+ readOnly: true
+'''
+ r = helm_template(config)
+ extraVolume = r['daemonset'][name]['spec']['template']['spec']['volumes']
+ assert {'name': 'extras', 'emptyDir': {}} in extraVolume
+ extraVolumeMounts = r['daemonset'][name]['spec']['template']['spec']['containers'][0]['volumeMounts']
+ assert {'name': 'extras', 'mountPath': '/usr/share/extras', 'readOnly': True} in extraVolumeMounts
diff --git a/filebeat/values.yaml b/filebeat/values.yaml
index 6fbe44937..0d105179b 100755
--- a/filebeat/values.yaml
+++ b/filebeat/values.yaml
@@ -1,10 +1,18 @@
---
# Allows you to add any config files in /usr/share/filebeat
# such as filebeat.yml
-filebeatConfig: {}
-# filebeat.yml: |
-# key:
-# nestedkey: value
+filebeatConfig:
+ filebeat.yml: |
+ filebeat.inputs:
+ - type: docker
+ containers.ids:
+ - '*'
+ processors:
+ - add_kubernetes_metadata:
+ in_cluster: true
+
+ output.elasticsearch:
+ hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}'
# Extra environment variables to append to the DaemonSet pod spec.
# This will be appended to the current 'env:' key. You can use any of the kubernetes env
@@ -26,7 +34,7 @@ extraVolumes: []
hostPathRoot: /var/lib
image: "docker.elastic.co/beats/filebeat"
-imageTag: "7.0.0"
+imageTag: "7.0.1"
imagePullPolicy: "IfNotPresent"
imagePullSecrets: []
@@ -36,6 +44,12 @@ livenessProbe:
periodSeconds: 10
timeoutSeconds: 5
+readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 5
+
# Whether this chart should self-manage its service account, role, and associated role binding.
managedServiceAccount: true
@@ -60,8 +74,8 @@ resources:
cpu: "1000m"
memory: "200Mi"
-# Service account that the pod will use
-serviceAccount: filebeat
+# Custom service account override that the pod will use
+serviceAccount: ""
# A list of secrets and their paths to mount inside the pod
# This is useful for mounting certificates for security other sensitive values
diff --git a/helpers/bumper.py b/helpers/bumper.py
index 7bfe9303f..36d35c748 100755
--- a/helpers/bumper.py
+++ b/helpers/bumper.py
@@ -9,7 +9,7 @@
versions = {
5: '5.6.16',
- 6: '6.7.1',
+ 6: '6.7.2',
7: '7.0.1',
}
@@ -21,10 +21,17 @@
'*/Chart.y*ml',
]
+# Anything matching this regex won't have version bumps changed
+# This was happening because strings like 127.0.0.1 match for 7.0.0
+blacklist = re.compile(r".*127.0.0.1.*")
+
for major, version in versions.iteritems():
r = re.compile(r"{0}\.[0-9]*\.[0-9]*".format(major))
for pattern in file_patterns:
for f in glob.glob(pattern):
print(f)
for line in fileinput.input([f], inplace=True):
- print r.sub(version, line.rstrip())
+ if re.match(blacklist, line):
+ print(line.rstrip())
+ else:
+ print(r.sub(version, line.rstrip()))
diff --git a/helpers/matrix.yml b/helpers/matrix.yml
index 4dfff19a1..2e43ca6ad 100644
--- a/helpers/matrix.yml
+++ b/helpers/matrix.yml
@@ -1,18 +1,26 @@
CHART:
- elasticsearch
- kibana
+ - filebeat
ES_SUITE:
- default
- multi
+ - oss
- security
- upgrade
- 5.x
- 6.x
KIBANA_SUITE:
- default
+ - oss
- security
- 5.x
- 6.x
+FILEBEAT_SUITE:
+ - default
+ - oss
+ - security
+ - 6.x
KUBERNETES_VERSION:
- '1.11'
- '1.12'
diff --git a/kibana/README.md b/kibana/README.md
index 8d1cc6d9f..1030c519f 100644
--- a/kibana/README.md
+++ b/kibana/README.md
@@ -26,7 +26,7 @@ This chart is tested with the latest supported versions. The currently tested ve
| 5.x | 6.x | 7.x |
| ------ | ----- | ----- |
-| 5.6.16 | 6.7.1 | 7.0.1 |
+| 5.6.16 | 6.7.2 | 7.0.1 |
Examples of installing older major versions can be found in the [examples](./examples) directory.
diff --git a/kibana/examples/6.x/test/goss.yaml b/kibana/examples/6.x/test/goss.yaml
index 1143d1f68..9d928df66 100644
--- a/kibana/examples/6.x/test/goss.yaml
+++ b/kibana/examples/6.x/test/goss.yaml
@@ -3,7 +3,7 @@ http:
status: 200
timeout: 2000
body:
- - '"number":"6.7.1"'
+ - '"number":"6.7.2"'
http://localhost:5601/app/kibana:
status: 200
diff --git a/kibana/examples/6.x/values.yml b/kibana/examples/6.x/values.yml
index afe36e91a..8548e9a81 100644
--- a/kibana/examples/6.x/values.yml
+++ b/kibana/examples/6.x/values.yml
@@ -1,4 +1,4 @@
---
-imageTag: 6.7.1
+imageTag: 6.7.2
elasticsearchHosts: "http://six-master:9200"
diff --git a/kibana/examples/oss/Makefile b/kibana/examples/oss/Makefile
new file mode 100644
index 000000000..55232cd7f
--- /dev/null
+++ b/kibana/examples/oss/Makefile
@@ -0,0 +1,12 @@
+default: test
+include ../../../helpers/examples.mk
+
+RELEASE := helm-kibana-oss
+
+install:
+ helm upgrade --wait --timeout=600 --install --values ./values.yml $(RELEASE) ../../ ; \
+
+test: install goss
+
+purge:
+ helm del --purge $(RELEASE)
diff --git a/kibana/examples/oss/test/goss.yaml b/kibana/examples/oss/test/goss.yaml
new file mode 100644
index 000000000..35aee7dd4
--- /dev/null
+++ b/kibana/examples/oss/test/goss.yaml
@@ -0,0 +1,4 @@
+http:
+ http://localhost:5601/app/kibana:
+ status: 200
+ timeout: 2000
diff --git a/kibana/examples/oss/values.yml b/kibana/examples/oss/values.yml
new file mode 100644
index 000000000..eb0203c75
--- /dev/null
+++ b/kibana/examples/oss/values.yml
@@ -0,0 +1,4 @@
+---
+
+image: "docker.elastic.co/kibana/kibana-oss"
+elasticsearchHosts: "http://oss-master:9200"