From 4344045703d9e91d83db73b874d4c11ffd73e6b9 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 28 Jul 2022 08:41:23 -0500 Subject: [PATCH 01/23] Add initial version of ECK-Managed Beats Helm Chart --- deploy/eck-beats/.helmignore | 24 ++++ deploy/eck-beats/Chart.yaml | 10 ++ deploy/eck-beats/templates/NOTES.txt | 6 + deploy/eck-beats/templates/_helpers.tpl | 51 +++++++ deploy/eck-beats/templates/beats.yaml | 26 ++++ .../templates/cluster-role-bindings.yaml | 23 ++++ deploy/eck-beats/templates/cluster-roles.yaml | 19 +++ .../eck-beats/templates/service-accounts.yaml | 19 +++ .../eck-beats/templates/tests/beats_test.yaml | 23 ++++ deploy/eck-beats/values.yaml | 129 ++++++++++++++++++ 10 files changed, 330 insertions(+) create mode 100644 deploy/eck-beats/.helmignore create mode 100644 deploy/eck-beats/Chart.yaml create mode 100644 deploy/eck-beats/templates/NOTES.txt create mode 100644 deploy/eck-beats/templates/_helpers.tpl create mode 100644 deploy/eck-beats/templates/beats.yaml create mode 100644 deploy/eck-beats/templates/cluster-role-bindings.yaml create mode 100644 deploy/eck-beats/templates/cluster-roles.yaml create mode 100644 deploy/eck-beats/templates/service-accounts.yaml create mode 100644 deploy/eck-beats/templates/tests/beats_test.yaml create mode 100644 deploy/eck-beats/values.yaml diff --git a/deploy/eck-beats/.helmignore b/deploy/eck-beats/.helmignore new file mode 100644 index 0000000000..f1568daf25 --- /dev/null +++ b/deploy/eck-beats/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +templates/tests diff --git a/deploy/eck-beats/Chart.yaml b/deploy/eck-beats/Chart.yaml new file mode 100644 index 0000000000..3f9ca0c359 --- /dev/null +++ b/deploy/eck-beats/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: eck-beats +description: A Helm chart to deploy Elastic Beats managed by the ECK Operator. +kubeVersion: ">= 1.20.0-0" +type: application +version: 0.1.0 +sources: + - https://github.com/elastic/cloud-on-k8s + - https://github.com/elastic/beats +icon: https://helm.elastic.co/icons/beats.png diff --git a/deploy/eck-beats/templates/NOTES.txt b/deploy/eck-beats/templates/NOTES.txt new file mode 100644 index 0000000000..22479c6dbf --- /dev/null +++ b/deploy/eck-beats/templates/NOTES.txt @@ -0,0 +1,6 @@ + +1. Check Beat status + $ kubectl get beat {{ include "beat.fullname" . }} -n {{ .Release.Namespace }} + +2. Check Beat pod status + $ kubectl get pods --namespace={{ .Release.Namespace }} -l agent.k8s.elastic.co/name={{ include "beat.fullname" . }} diff --git a/deploy/eck-beats/templates/_helpers.tpl b/deploy/eck-beats/templates/_helpers.tpl new file mode 100644 index 0000000000..031f5506fc --- /dev/null +++ b/deploy/eck-beats/templates/_helpers.tpl @@ -0,0 +1,51 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "beat.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "beat.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "beat.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "beat.labels" -}} +helm.sh/chart: {{ include "beat.chart" . }} +{{ include "beat.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.labels }} +{{ .Values.labels }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "beat.selectorLabels" -}} +app.kubernetes.io/name: {{ include "beat.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/deploy/eck-beats/templates/beats.yaml b/deploy/eck-beats/templates/beats.yaml new file mode 100644 index 0000000000..cd0f9bb33e --- /dev/null +++ b/deploy/eck-beats/templates/beats.yaml @@ -0,0 +1,26 @@ +{{- range $i, $instance := .Values.instances }} +--- +apiVersion: agent.k8s.elastic.co/v1alpha1 +kind: Beat +metadata: + name: {{ $instance.name }} + {{- with $ }} + labels: + {{- include "beat.labels" $ | nindent 4 }} + {{- if $instance.labels }} + {{- toYaml $instance.labels | indent 4 }} + {{- end }} + {{- end }} + annotations: + eck.k8s.elastic.co/license: enterprise + {{- if $instance.annotations }} + {{- toYaml $instance.annotations | indent 4 }} + {{- end }} +spec: + version: {{ required "A Beat version is required" $instance.version }} + type: {{ required "A Beat type is required" $instance.type }} + {{- if and (not (hasKey $instance.spec "daemonSet")) (not (hasKey $instance.spec "deployment")) }} + {{ fail "At least one of daemonSet or deployment is required for a functional Beat" }} + {{- end }} + {{- toYaml $instance.spec | nindent 2 }} +{{- end }} diff --git a/deploy/eck-beats/templates/cluster-role-bindings.yaml b/deploy/eck-beats/templates/cluster-role-bindings.yaml new file mode 100644 index 0000000000..1b6e45d059 --- /dev/null +++ b/deploy/eck-beats/templates/cluster-role-bindings.yaml @@ -0,0 +1,23 @@ +{{- range $i, $crb := .Values.clusterRoleBindings }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $crb.name }} + {{- with $ }} + labels: + {{- include "beat.labels" $ | nindent 4 }} + {{- if $crb.labels }} + {{- toYaml $crb.labels | indent 4 }} + {{- end }} + {{- end }} + {{- if $crb.annotations }} + annotations: + {{- toYaml $crb.annotations | indent 4 }} + {{- end }} +subjects: {{- toYaml $crb.subjects | nindent 2 }} +roleRef: + kind: {{ $crb.roleRef.kind }} + name: {{ $crb.roleRef.name }} + apiGroup: {{ $crb.roleRef.apiGroup }} +{{- end }} diff --git a/deploy/eck-beats/templates/cluster-roles.yaml b/deploy/eck-beats/templates/cluster-roles.yaml new file mode 100644 index 0000000000..374f6cbbac --- /dev/null +++ b/deploy/eck-beats/templates/cluster-roles.yaml @@ -0,0 +1,19 @@ +{{- range $i, $cr := .Values.clusterRoles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $cr.name }} + {{- with $ }} + labels: + {{- include "beat.labels" $ | nindent 4 }} + {{- if $cr.labels }} + {{- toYaml $cr.labels | indent 4 }} + {{- end }} + {{- end }} + {{- if $cr.annotations }} + annotations: + {{- toYaml $cr.annotations | indent 4 }} + {{- end }} +rules: {{- toYaml $cr.rules | nindent 2 }} +{{- end }} diff --git a/deploy/eck-beats/templates/service-accounts.yaml b/deploy/eck-beats/templates/service-accounts.yaml new file mode 100644 index 0000000000..b4457d4de3 --- /dev/null +++ b/deploy/eck-beats/templates/service-accounts.yaml @@ -0,0 +1,19 @@ +{{- range $i, $sa := .Values.serviceAccounts }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $sa.name }} + namespace: {{ $sa.namespace | default $.Release.Namespace | quote }} + {{- with $ }} + labels: + {{- include "elasticagent.labels" $ | nindent 4 }} + {{- if $sa.labels }} + {{- toYaml $sa.labels | indent 4 }} + {{- end }} + {{- end }} + {{- if $sa.annotations }} + annotations: + {{- toYaml $sa.annotations | indent 4 }} + {{- end }} +{{- end }} diff --git a/deploy/eck-beats/templates/tests/beats_test.yaml b/deploy/eck-beats/templates/tests/beats_test.yaml new file mode 100644 index 0000000000..db3c9c7dbb --- /dev/null +++ b/deploy/eck-beats/templates/tests/beats_test.yaml @@ -0,0 +1,23 @@ +suite: test beats +templates: + - templates/beats.yaml +tests: + - it: should render default filebeat properly + release: + name: quickstart + asserts: + - isKind: + of: Agent + - equal: + path: metadata.name + value: quickstart + - equal: + path: spec.version + value: 8.2.3 + - equal: + path: spec.daemonSet.podTemplate.spec.containers[0].name + value: filebeat + - equal: + path: spec.daemonSet.podTemplate.spec.containers[0].securityContext.runAsUser + value: 0 + diff --git a/deploy/eck-beats/values.yaml b/deploy/eck-beats/values.yaml new file mode 100644 index 0000000000..12f9e5f49e --- /dev/null +++ b/deploy/eck-beats/values.yaml @@ -0,0 +1,129 @@ +--- +# Default values for eck-beats. +# This is a YAML-formatted file. +instances: +- # Name of this specific set of Elastic Beats. + # + name: quickstart + + # Version of Elastic Beats. + # + version: 8.2.3 + + # Labels that will be applied to Elastic Beats. + # + labels: {} + + # Annotations that will be applied to Elastic Beats. + # + annotations: {} + + spec: + # Referenced resources are below and depending on the setup, at least elasticsearchRef is required for a functional Beat. + # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-connect-es + # + # Reference to ECK-managed Kibana instance. + # + # kibanaRef: + # name: quickstart + # Optional namespace reference to Kibana instance. + # If not specified, then the namespace of the Beats instance + # will be assumed. + # + # namespace: default + + # Reference to ECK-managed Elasticsearch instance. + # + elasticsearchRef: + name: elasticsearch + # Optional namespace reference to Elasticsearch instance. + # If not specified, then the namespace of the Beats instance + # will be assumed. + # + # namespace: default + + # Daemonset, or Deployment specification for the type of Beat specified. + # At least one is required of [daemonSet, deployment]. + # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-chose-the-deployment-model + # + daemonSet: + podTemplate: + spec: + automountServiceAccountToken: true + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true # Allows to provide richer host metadata + containers: + - name: filebeat + securityContext: + runAsUser: 0 + # If using Red Hat OpenShift uncomment this: + # privileged: true + volumeMounts: + - name: varlogcontainers + mountPath: /var/log/containers + - name: varlogpods + mountPath: /var/log/pods + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + volumes: + - name: varlogcontainers + hostPath: + path: /var/log/containers + - name: varlogpods + hostPath: + path: /var/log/pods + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + + # Configuration of Beat, which is dependent on the `type` of Beat specified. + # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat + # + config: + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_host_metadata: {} + - add_cloud_metadata: {} + +# ServiceAccounts to be used by Elastic Beats. Some Beats features (such as autodiscover or Kubernetes module metricsets) +# require that Beat Pods interact with Kubernetes APIs. This functionality requires specific permissions +# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats +# +serviceAccounts: [] +# - name: elastic-beat-filebeat-quickstart +# namespace: optional-namespace + +# ClusterRoleBindings to be used by Elastic Beats. Similar to ServiceAccounts, this is required in some scenarios. +# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats +# +clusterRoleBindings: [] +# - name: elastic-beat-autodiscover-binding +# subjects: +# - kind: ServiceAccount +# name: elastic-beat-filebeat-quickstart +# namespace: default +# roleRef: +# kind: ClusterRole +# name: elastic-beat-autodiscover +# apiGroup: rbac.authorization.k8s.io + +# ClusterRoles to be used by Elastic Beats. Similar to ServiceAccounts, this is required in some scenarios. +# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats +# +clusterRoles: [] +# - name: elastic-beat-autodiscover +# rules: +# - apiGroups: [""] +# resources: +# - events +# - pods +# - namespaces +# - nodes +# verbs: +# - get +# - watch +# - list From 6c2bd6c384745c6ad071cf7cb247c4feccb933ac Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 28 Jul 2022 08:50:36 -0500 Subject: [PATCH 02/23] don't reference fullname in notes, as each instance is named differently. adjust apiversion in template. adjust beat labels in template. add type of beat to the default values, along with a description. --- deploy/eck-beats/templates/NOTES.txt | 4 ++-- deploy/eck-beats/templates/beats.yaml | 2 +- deploy/eck-beats/templates/service-accounts.yaml | 2 +- deploy/eck-beats/values.yaml | 5 +++++ 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/deploy/eck-beats/templates/NOTES.txt b/deploy/eck-beats/templates/NOTES.txt index 22479c6dbf..83674f20ff 100644 --- a/deploy/eck-beats/templates/NOTES.txt +++ b/deploy/eck-beats/templates/NOTES.txt @@ -1,6 +1,6 @@ 1. Check Beat status - $ kubectl get beat {{ include "beat.fullname" . }} -n {{ .Release.Namespace }} + $ kubectl get beat -n {{ .Release.Namespace }} 2. Check Beat pod status - $ kubectl get pods --namespace={{ .Release.Namespace }} -l agent.k8s.elastic.co/name={{ include "beat.fullname" . }} + $ kubectl get pods --namespace={{ .Release.Namespace }} -l beat.k8s.elastic.co/name={{ include "beat.fullname" . }} diff --git a/deploy/eck-beats/templates/beats.yaml b/deploy/eck-beats/templates/beats.yaml index cd0f9bb33e..fc97b05535 100644 --- a/deploy/eck-beats/templates/beats.yaml +++ b/deploy/eck-beats/templates/beats.yaml @@ -1,6 +1,6 @@ {{- range $i, $instance := .Values.instances }} --- -apiVersion: agent.k8s.elastic.co/v1alpha1 +apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: {{ $instance.name }} diff --git a/deploy/eck-beats/templates/service-accounts.yaml b/deploy/eck-beats/templates/service-accounts.yaml index b4457d4de3..fc8ed0d5c6 100644 --- a/deploy/eck-beats/templates/service-accounts.yaml +++ b/deploy/eck-beats/templates/service-accounts.yaml @@ -7,7 +7,7 @@ metadata: namespace: {{ $sa.namespace | default $.Release.Namespace | quote }} {{- with $ }} labels: - {{- include "elasticagent.labels" $ | nindent 4 }} + {{- include "beat.labels" $ | nindent 4 }} {{- if $sa.labels }} {{- toYaml $sa.labels | indent 4 }} {{- end }} diff --git a/deploy/eck-beats/values.yaml b/deploy/eck-beats/values.yaml index 12f9e5f49e..ba4f0d985c 100644 --- a/deploy/eck-beats/values.yaml +++ b/deploy/eck-beats/values.yaml @@ -9,6 +9,11 @@ instances: # Version of Elastic Beats. # version: 8.2.3 + + # Type of Elastic Beats. Standard types of Beat are [filebeat,metricbeat,heartbeat,auditbeat,packetbeat,journalbeat]. + # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat + # + type: filebeat # Labels that will be applied to Elastic Beats. # From 6eaa51f47c7b0b828e0bb56c586cc7f672beacc2 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 28 Jul 2022 11:05:55 -0500 Subject: [PATCH 03/23] Move beats chart to not use a list of instances. Adjust examples to override the default values for those values. --- deploy/eck-beats/templates/NOTES.txt | 2 +- deploy/eck-beats/templates/beats.yaml | 23 +- .../templates/cluster-role-bindings.yaml | 23 -- deploy/eck-beats/templates/cluster-roles.yaml | 17 +- .../eck-beats/templates/service-accounts.yaml | 16 +- deploy/eck-beats/values.yaml | 232 +++++++++--------- 6 files changed, 137 insertions(+), 176 deletions(-) delete mode 100644 deploy/eck-beats/templates/cluster-role-bindings.yaml diff --git a/deploy/eck-beats/templates/NOTES.txt b/deploy/eck-beats/templates/NOTES.txt index 83674f20ff..10d2dac58c 100644 --- a/deploy/eck-beats/templates/NOTES.txt +++ b/deploy/eck-beats/templates/NOTES.txt @@ -1,6 +1,6 @@ 1. Check Beat status - $ kubectl get beat -n {{ .Release.Namespace }} + $ kubectl get beat {{ include "beat.fullname" . }} -n {{ .Release.Namespace }} 2. Check Beat pod status $ kubectl get pods --namespace={{ .Release.Namespace }} -l beat.k8s.elastic.co/name={{ include "beat.fullname" . }} diff --git a/deploy/eck-beats/templates/beats.yaml b/deploy/eck-beats/templates/beats.yaml index fc97b05535..bb04c74ca3 100644 --- a/deploy/eck-beats/templates/beats.yaml +++ b/deploy/eck-beats/templates/beats.yaml @@ -1,26 +1,19 @@ -{{- range $i, $instance := .Values.instances }} --- apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: - name: {{ $instance.name }} - {{- with $ }} + name: {{ include "beat.fullname" . }} labels: - {{- include "beat.labels" $ | nindent 4 }} - {{- if $instance.labels }} - {{- toYaml $instance.labels | indent 4 }} - {{- end }} - {{- end }} + {{- include "beat.labels" . | nindent 4 }} annotations: eck.k8s.elastic.co/license: enterprise - {{- if $instance.annotations }} - {{- toYaml $instance.annotations | indent 4 }} + {{- if .Values.annotations }} + {{- toYaml .Values.annotations | indent 4 }} {{- end }} spec: - version: {{ required "A Beat version is required" $instance.version }} - type: {{ required "A Beat type is required" $instance.type }} - {{- if and (not (hasKey $instance.spec "daemonSet")) (not (hasKey $instance.spec "deployment")) }} + version: {{ required "A Beat version is required" .Values.version }} + type: {{ required "A Beat type is required" .Values.type }} + {{- if and (not (hasKey .Values.spec "daemonSet")) (not (hasKey .Values.spec "deployment")) }} {{ fail "At least one of daemonSet or deployment is required for a functional Beat" }} {{- end }} - {{- toYaml $instance.spec | nindent 2 }} -{{- end }} + {{- toYaml .Values.spec | nindent 2 }} diff --git a/deploy/eck-beats/templates/cluster-role-bindings.yaml b/deploy/eck-beats/templates/cluster-role-bindings.yaml deleted file mode 100644 index 1b6e45d059..0000000000 --- a/deploy/eck-beats/templates/cluster-role-bindings.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- range $i, $crb := .Values.clusterRoleBindings }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ $crb.name }} - {{- with $ }} - labels: - {{- include "beat.labels" $ | nindent 4 }} - {{- if $crb.labels }} - {{- toYaml $crb.labels | indent 4 }} - {{- end }} - {{- end }} - {{- if $crb.annotations }} - annotations: - {{- toYaml $crb.annotations | indent 4 }} - {{- end }} -subjects: {{- toYaml $crb.subjects | nindent 2 }} -roleRef: - kind: {{ $crb.roleRef.kind }} - name: {{ $crb.roleRef.name }} - apiGroup: {{ $crb.roleRef.apiGroup }} -{{- end }} diff --git a/deploy/eck-beats/templates/cluster-roles.yaml b/deploy/eck-beats/templates/cluster-roles.yaml index 374f6cbbac..e94623902b 100644 --- a/deploy/eck-beats/templates/cluster-roles.yaml +++ b/deploy/eck-beats/templates/cluster-roles.yaml @@ -1,19 +1,10 @@ -{{- range $i, $cr := .Values.clusterRoles }} +{{- if .Values.clusterRole }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ $cr.name }} - {{- with $ }} + name: {{ .Values.clusterRole.name }} labels: - {{- include "beat.labels" $ | nindent 4 }} - {{- if $cr.labels }} - {{- toYaml $cr.labels | indent 4 }} - {{- end }} - {{- end }} - {{- if $cr.annotations }} - annotations: - {{- toYaml $cr.annotations | indent 4 }} - {{- end }} -rules: {{- toYaml $cr.rules | nindent 2 }} + {{- include "beat.labels" . | nindent 4 }} +rules: {{- toYaml .Values.clusterRole.rules | nindent 2 }} {{- end }} diff --git a/deploy/eck-beats/templates/service-accounts.yaml b/deploy/eck-beats/templates/service-accounts.yaml index fc8ed0d5c6..6277733e73 100644 --- a/deploy/eck-beats/templates/service-accounts.yaml +++ b/deploy/eck-beats/templates/service-accounts.yaml @@ -1,19 +1,9 @@ -{{- range $i, $sa := .Values.serviceAccounts }} +{{- if .Values.serviceAccount }} --- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ $sa.name }} - namespace: {{ $sa.namespace | default $.Release.Namespace | quote }} - {{- with $ }} + name: {{ .Values.serviceAccount.name }} labels: - {{- include "beat.labels" $ | nindent 4 }} - {{- if $sa.labels }} - {{- toYaml $sa.labels | indent 4 }} - {{- end }} - {{- end }} - {{- if $sa.annotations }} - annotations: - {{- toYaml $sa.annotations | indent 4 }} - {{- end }} + {{- include "beat.labels" . | nindent 4 }} {{- end }} diff --git a/deploy/eck-beats/values.yaml b/deploy/eck-beats/values.yaml index ba4f0d985c..2e38f42383 100644 --- a/deploy/eck-beats/values.yaml +++ b/deploy/eck-beats/values.yaml @@ -1,134 +1,144 @@ --- # Default values for eck-beats. # This is a YAML-formatted file. -instances: -- # Name of this specific set of Elastic Beats. - # - name: quickstart - # Version of Elastic Beats. - # - version: 8.2.3 +# Overridable names of the Beats resource. +# By default, this is the Release name set for the chart, +# followed by 'eck-beats'. +# +# nameOverride will override the name of the Chart with the name set here, +# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart' +# +# nameOverride: "quickstart" +# +# fullnameOverride will override both the release name, and the chart name, +# and will name the Beats resource exactly as specified. +# +# fullnameOverride: "quickstart" - # Type of Elastic Beats. Standard types of Beat are [filebeat,metricbeat,heartbeat,auditbeat,packetbeat,journalbeat]. - # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat - # - type: filebeat - - # Labels that will be applied to Elastic Beats. +# Version of Elastic Beats. +# +version: 8.2.3 + +# Type of Elastic Beats. Standard types of Beat are [filebeat,metricbeat,heartbeat,auditbeat,packetbeat,journalbeat]. +# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat +# +type: filebeat + +# Labels that will be applied to Elastic Beats. +# +labels: {} + +# Annotations that will be applied to Elastic Beats. +# +annotations: {} + +spec: + # Referenced resources are below and depending on the setup, at least elasticsearchRef is required for a functional Beat. + # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-connect-es # - labels: {} - - # Annotations that will be applied to Elastic Beats. + # Reference to ECK-managed Kibana instance. # - annotations: {} - - spec: - # Referenced resources are below and depending on the setup, at least elasticsearchRef is required for a functional Beat. - # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-connect-es + # kibanaRef: + # name: quickstart + # Optional namespace reference to Kibana instance. + # If not specified, then the namespace of the Beats instance + # will be assumed. # - # Reference to ECK-managed Kibana instance. - # - # kibanaRef: - # name: quickstart - # Optional namespace reference to Kibana instance. - # If not specified, then the namespace of the Beats instance - # will be assumed. - # - # namespace: default + # namespace: default - # Reference to ECK-managed Elasticsearch instance. - # - elasticsearchRef: - name: elasticsearch - # Optional namespace reference to Elasticsearch instance. - # If not specified, then the namespace of the Beats instance - # will be assumed. - # - # namespace: default - - # Daemonset, or Deployment specification for the type of Beat specified. - # At least one is required of [daemonSet, deployment]. - # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-chose-the-deployment-model + # Reference to ECK-managed Elasticsearch instance. + # + elasticsearchRef: + name: elasticsearch + # Optional namespace reference to Elasticsearch instance. + # If not specified, then the namespace of the Beats instance + # will be assumed. # - daemonSet: - podTemplate: - spec: - automountServiceAccountToken: true - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true # Allows to provide richer host metadata - containers: - - name: filebeat - securityContext: - runAsUser: 0 - # If using Red Hat OpenShift uncomment this: - # privileged: true - volumeMounts: - - name: varlogcontainers - mountPath: /var/log/containers - - name: varlogpods - mountPath: /var/log/pods - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - volumes: + # namespace: default + + # Daemonset, or Deployment specification for the type of Beat specified. + # At least one is required of [daemonSet, deployment]. + # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-chose-the-deployment-model + # + daemonSet: + podTemplate: + spec: + automountServiceAccountToken: true + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true # Allows to provide richer host metadata + containers: + - name: filebeat + securityContext: + runAsUser: 0 + # If using Red Hat OpenShift uncomment this: + # privileged: true + volumeMounts: - name: varlogcontainers - hostPath: - path: /var/log/containers + mountPath: /var/log/containers - name: varlogpods - hostPath: - path: /var/log/pods + mountPath: /var/log/pods - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - # Configuration of Beat, which is dependent on the `type` of Beat specified. - # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat - # - config: - filebeat.inputs: - - type: container - paths: - - /var/log/containers/*.log - processors: - - add_host_metadata: {} - - add_cloud_metadata: {} + mountPath: /var/lib/docker/containers + volumes: + - name: varlogcontainers + hostPath: + path: /var/log/containers + - name: varlogpods + hostPath: + path: /var/log/pods + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + + # Configuration of Beat, which is dependent on the `type` of Beat specified. + # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat + # + config: + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_host_metadata: {} + - add_cloud_metadata: {} -# ServiceAccounts to be used by Elastic Beats. Some Beats features (such as autodiscover or Kubernetes module metricsets) +# ServiceAccount to be used by Elastic Beats. Some Beats features (such as autodiscover or Kubernetes module metricsets) # require that Beat Pods interact with Kubernetes APIs. This functionality requires specific permissions # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats # -serviceAccounts: [] -# - name: elastic-beat-filebeat-quickstart -# namespace: optional-namespace +serviceAccount: {} +# name: elastic-beat-filebeat-quickstart +# namespace: optional-namespace -# ClusterRoleBindings to be used by Elastic Beats. Similar to ServiceAccounts, this is required in some scenarios. +# ClusterRoleBinding to be used by Elastic Beats. Similar to ServiceAccount, this is required in some scenarios. # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats # -clusterRoleBindings: [] -# - name: elastic-beat-autodiscover-binding -# subjects: -# - kind: ServiceAccount -# name: elastic-beat-filebeat-quickstart -# namespace: default -# roleRef: -# kind: ClusterRole -# name: elastic-beat-autodiscover -# apiGroup: rbac.authorization.k8s.io +clusterRoleBinding: {} +# name: elastic-beat-autodiscover-binding +# subjects: +# - kind: ServiceAccount +# name: elastic-beat-filebeat-quickstart +# namespace: default +# roleRef: +# kind: ClusterRole +# name: elastic-beat-autodiscover +# apiGroup: rbac.authorization.k8s.io -# ClusterRoles to be used by Elastic Beats. Similar to ServiceAccounts, this is required in some scenarios. +# ClusterRole to be used by Elastic Beats. Similar to ServiceAccount, this is required in some scenarios. # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats # -clusterRoles: [] -# - name: elastic-beat-autodiscover -# rules: -# - apiGroups: [""] -# resources: -# - events -# - pods -# - namespaces -# - nodes -# verbs: -# - get -# - watch -# - list +clusterRole: {} +# name: elastic-beat-autodiscover +# rules: +# - apiGroups: [""] +# resources: +# - events +# - pods +# - namespaces +# - nodes +# verbs: +# - get +# - watch +# - list From 8009bac589d82022c1d9ad45ef5c7ac2d203f630 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 28 Jul 2022 11:38:50 -0500 Subject: [PATCH 04/23] adding additional beats examples. renaming beats templates, as they're singular now. adding beats helm unit tests to eck-stack chart. adding beats to eck-stack values file. adding beats to eck-stack chart.yaml --- .../eck-beats/examples/auditbeat_hosts.yaml | 113 +++++++++ .../examples/heartbeat_es_kb_health.yaml | 30 +++ .../eck-beats/examples/metricbeat_hosts.yaml | 162 +++++++++++++ .../examples/packetbeat_dns_http.yaml | 40 ++++ .../templates/cluster-role-binding.yaml | 14 ++ .../{cluster-roles.yaml => cluster-role.yaml} | 0 ...ice-accounts.yaml => service-account.yaml} | 0 .../eck-beats/templates/tests/beats_test.yaml | 4 +- deploy/eck-stack/Chart.lock | 2 +- deploy/eck-stack/Chart.yaml | 7 + .../eck-stack/examples/metricbeat_hosts.yaml | 220 ++++++++++++++++++ .../eck-stack/templates/tests/beats_test.yaml | 50 ++++ deploy/eck-stack/values.yaml | 3 + 13 files changed, 642 insertions(+), 3 deletions(-) create mode 100644 deploy/eck-beats/examples/auditbeat_hosts.yaml create mode 100644 deploy/eck-beats/examples/heartbeat_es_kb_health.yaml create mode 100644 deploy/eck-beats/examples/metricbeat_hosts.yaml create mode 100644 deploy/eck-beats/examples/packetbeat_dns_http.yaml create mode 100644 deploy/eck-beats/templates/cluster-role-binding.yaml rename deploy/eck-beats/templates/{cluster-roles.yaml => cluster-role.yaml} (100%) rename deploy/eck-beats/templates/{service-accounts.yaml => service-account.yaml} (100%) create mode 100644 deploy/eck-stack/examples/metricbeat_hosts.yaml create mode 100644 deploy/eck-stack/templates/tests/beats_test.yaml diff --git a/deploy/eck-beats/examples/auditbeat_hosts.yaml b/deploy/eck-beats/examples/auditbeat_hosts.yaml new file mode 100644 index 0000000000..6431a95102 --- /dev/null +++ b/deploy/eck-beats/examples/auditbeat_hosts.yaml @@ -0,0 +1,113 @@ +name: auditbeat +type: auditbeat +version: 8.2.3 +spec: + elasticsearchRef: + name: elasticsearch + kibanaRef: + name: kibana + config: + # Since filebeat is used in the default values, this needs to be removed with an empty list. + filebeat.inputs: [] + auditbeat.modules: + - module: file_integrity + paths: + - /hostfs/bin + - /hostfs/usr/bin + - /hostfs/sbin + - /hostfs/usr/sbin + - /hostfs/etc + exclude_files: + - '(?i)\.sw[nop]$' + - '~$' + - '/\.git($|/)' + scan_at_start: true + scan_rate_per_sec: 50 MiB + max_file_size: 100 MiB + hash_types: [sha1] + recursive: true + - module: auditd + audit_rules: | + # Executions + -a always,exit -F arch=b64 -S execve,execveat -k exec + + # Unauthorized access attempts (amd64 only) + -a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -k access + -a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access + + processors: + - add_cloud_metadata: {} + - add_host_metadata: {} + - add_process_metadata: + match_pids: ['process.pid'] + daemonSet: + podTemplate: + spec: + hostPID: true # Required by auditd module + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true # Allows to provide richer host metadata + automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context + securityContext: + runAsUser: 0 + volumes: + - name: bin + hostPath: + path: /bin + - name: usrbin + hostPath: + path: /usr/bin + - name: sbin + hostPath: + path: /sbin + - name: usrsbin + hostPath: + path: /usr/sbin + - name: etc + hostPath: + path: /etc + - name: run-containerd + hostPath: + path: /run/containerd + type: DirectoryOrCreate + # Uncomment the below when running on GKE. See https://github.com/elastic/beats/issues/8523 for more context. + #- name: run + # hostPath: + # path: /run + #initContainers: + #- name: cos-init + # image: docker.elastic.co/beats/auditbeat:8.3.1 + # volumeMounts: + # - name: run + # mountPath: /run + # command: ['sh', '-c', 'export SYSTEMD_IGNORE_CHROOT=1 && systemctl stop systemd-journald-audit.socket && systemctl mask systemd-journald-audit.socket && systemctl restart systemd-journald'] + containers: + - name: auditbeat + securityContext: + capabilities: + add: + # Capabilities needed for auditd module + - 'AUDIT_READ' + - 'AUDIT_WRITE' + - 'AUDIT_CONTROL' + volumeMounts: + - name: bin + mountPath: /hostfs/bin + readOnly: true + - name: sbin + mountPath: /hostfs/sbin + readOnly: true + - name: usrbin + mountPath: /hostfs/usr/bin + readOnly: true + - name: usrsbin + mountPath: /hostfs/usr/sbin + readOnly: true + - name: etc + mountPath: /hostfs/etc + readOnly: true + # Directory with root filesystems of containers executed with containerd, this can be + # different with other runtimes. This volume is needed to monitor the file integrity + # of files in containers. + - name: run-containerd + mountPath: /run/containerd + readOnly: true diff --git a/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml b/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml new file mode 100644 index 0000000000..3bdfdb2f98 --- /dev/null +++ b/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml @@ -0,0 +1,30 @@ +name: heartbeat +type: heartbeat +version: 8.2.3 +spec: + elasticsearchRef: + name: elasticsearch + config: + # Since filebeat is used in the default values, this needs to be removed with an empty list. + filebeat.inputs: [] + # Since rpcoessors is used in the default values, this needs to be removed with an empty list. + processors: [] + heartbeat.monitors: + - type: tcp + schedule: '@every 5s' + # This should directly match the name of the Elasticsearch instance + # with "-es-http" appended to the name. + hosts: ["elasticsearch-es-http.default.svc:9200"] + - type: tcp + schedule: '@every 5s' + # This should directly match the names of the Kibana instance + # with "-kb-http" appended to the name. + hosts: ["eck-kibana-kb-http.default.svc:5601"] + deployment: + replicas: 1 + podTemplate: + spec: + securityContext: + runAsUser: 0 + # Since there is an existing daemonSet in the default values, it must be moved by using 'null'. + daemonSet: null diff --git a/deploy/eck-beats/examples/metricbeat_hosts.yaml b/deploy/eck-beats/examples/metricbeat_hosts.yaml new file mode 100644 index 0000000000..4e6f2711d8 --- /dev/null +++ b/deploy/eck-beats/examples/metricbeat_hosts.yaml @@ -0,0 +1,162 @@ +name: metricbeat +spec: + type: metricbeat + version: 8.2.3 + elasticsearchRef: + name: elasticsearch + kibanaRef: + name: kibana + config: + # Since filebeat is used in the default values, this needs to be removed with an empty list. + filebeat.inputs: [] + metricbeat: + autodiscover: + providers: + - hints: + default_config: {} + enabled: "true" + node: ${NODE_NAME} + type: kubernetes + modules: + - module: system + period: 10s + metricsets: + - cpu + - load + - memory + - network + - process + - process_summary + process: + include_top_n: + by_cpu: 5 + by_memory: 5 + processes: + - .* + - module: system + period: 1m + metricsets: + - filesystem + - fsstat + processors: + - drop_event: + when: + regexp: + system: + filesystem: + mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib)($|/) + - module: kubernetes + period: 10s + node: ${NODE_NAME} + hosts: + - https://${NODE_NAME}:10250 + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl: + verification_mode: none + metricsets: + - node + - system + - pod + - container + - volume + processors: + - add_cloud_metadata: {} + - add_host_metadata: {} + daemonSet: + podTemplate: + spec: + serviceAccountName: metricbeat + automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context + containers: + - args: + - -e + - -c + - /etc/beat.yml + - -system.hostfs=/hostfs + name: metricbeat + volumeMounts: + - mountPath: /hostfs/sys/fs/cgroup + name: cgroup + - mountPath: /var/run/docker.sock + name: dockersock + - mountPath: /hostfs/proc + name: proc + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true # Allows to provide richer host metadata + securityContext: + runAsUser: 0 + terminationGracePeriodSeconds: 30 + volumes: + - hostPath: + path: /sys/fs/cgroup + name: cgroup + - hostPath: + path: /var/run/docker.sock + name: dockersock + - hostPath: + path: /proc + name: proc + +clusterRole: + # permissions needed for metricbeat + # source: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-kubernetes.html + name: metricbeat + rules: + - apiGroups: + - "" + resources: + - nodes + - namespaces + - events + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + resources: + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - deployments + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + - nonResourceURLs: + - /metrics + verbs: + - get + +serviceAccount: + name: metricbeat + +clusterRoleBinding: + name: metricbeat + subjects: + - kind: ServiceAccount + name: metricbeat + namespace: default + roleRef: + kind: ClusterRole + name: metricbeat + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/eck-beats/examples/packetbeat_dns_http.yaml b/deploy/eck-beats/examples/packetbeat_dns_http.yaml new file mode 100644 index 0000000000..1af4f0283a --- /dev/null +++ b/deploy/eck-beats/examples/packetbeat_dns_http.yaml @@ -0,0 +1,40 @@ +name: packetbeat +spec: + type: packetbeat + version: 8.2.3 + elasticsearchRef: + name: elasticsearch + kibanaRef: + name: kibana + config: + # Since filebeat is used in the default values, this needs to be removed with an empty list. + filebeat.inputs: [] + packetbeat.interfaces.device: any + packetbeat.protocols: + - type: dns + ports: [53] + include_authorities: true + include_additionals: true + - type: http + ports: [80, 8000, 8080, 9200] + packetbeat.flows: + timeout: 30s + period: 10s + processors: + - add_cloud_metadata: {} + - add_host_metadata: {} + daemonSet: + podTemplate: + spec: + terminationGracePeriodSeconds: 30 + hostNetwork: true + automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: packetbeat + securityContext: + runAsUser: 0 + capabilities: + add: + - NET_ADMIN + volumes: [] diff --git a/deploy/eck-beats/templates/cluster-role-binding.yaml b/deploy/eck-beats/templates/cluster-role-binding.yaml new file mode 100644 index 0000000000..f17f07f87d --- /dev/null +++ b/deploy/eck-beats/templates/cluster-role-binding.yaml @@ -0,0 +1,14 @@ +{{- if .Values.clusterRoleBinding }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Values.clusterRoleBinding.name }} + labels: + {{- include "beat.labels" . | nindent 4 }} +subjects: {{- toYaml .Values.clusterRoleBinding.subjects | nindent 2 }} +roleRef: + kind: {{ .Values.clusterRoleBinding.roleRef.kind }} + name: {{ .Values.clusterRoleBinding.roleRef.name }} + apiGroup: {{ .Values.clusterRoleBinding.roleRef.apiGroup }} +{{- end }} diff --git a/deploy/eck-beats/templates/cluster-roles.yaml b/deploy/eck-beats/templates/cluster-role.yaml similarity index 100% rename from deploy/eck-beats/templates/cluster-roles.yaml rename to deploy/eck-beats/templates/cluster-role.yaml diff --git a/deploy/eck-beats/templates/service-accounts.yaml b/deploy/eck-beats/templates/service-account.yaml similarity index 100% rename from deploy/eck-beats/templates/service-accounts.yaml rename to deploy/eck-beats/templates/service-account.yaml diff --git a/deploy/eck-beats/templates/tests/beats_test.yaml b/deploy/eck-beats/templates/tests/beats_test.yaml index db3c9c7dbb..1d39085f53 100644 --- a/deploy/eck-beats/templates/tests/beats_test.yaml +++ b/deploy/eck-beats/templates/tests/beats_test.yaml @@ -7,10 +7,10 @@ tests: name: quickstart asserts: - isKind: - of: Agent + of: Beat - equal: path: metadata.name - value: quickstart + value: quickstart-eck-beats - equal: path: spec.version value: 8.2.3 diff --git a/deploy/eck-stack/Chart.lock b/deploy/eck-stack/Chart.lock index e78185e4ef..e909b1abb7 100644 --- a/deploy/eck-stack/Chart.lock +++ b/deploy/eck-stack/Chart.lock @@ -6,4 +6,4 @@ dependencies: repository: file://../eck-kibana version: 0.1.0 digest: sha256:5d22239d6c40d5b35b4242db0af9c37ff6c59f3ed2afdd2ab2956ce0992e4320 -generated: "2022-07-19T08:58:27.453007-05:00" +generated: "2022-07-28T11:36:16.010023-05:00" diff --git a/deploy/eck-stack/Chart.yaml b/deploy/eck-stack/Chart.yaml index 2ea45da000..c978721d9d 100644 --- a/deploy/eck-stack/Chart.yaml +++ b/deploy/eck-stack/Chart.yaml @@ -24,3 +24,10 @@ dependencies: # the helm.elastic.co repository. # repository: "file://../eck-kibana" repository: "https://helm.elastic.co" + - name: eck-beats + condition: eck-beats.enabled + version: "0.1.0" + # uncomment for local testing, and comment + # the helm.elastic.co repository. + # repository: "file://../eck-beats" + repository: "https://helm.elastic.co" diff --git a/deploy/eck-stack/examples/metricbeat_hosts.yaml b/deploy/eck-stack/examples/metricbeat_hosts.yaml new file mode 100644 index 0000000000..b1969243b4 --- /dev/null +++ b/deploy/eck-stack/examples/metricbeat_hosts.yaml @@ -0,0 +1,220 @@ +eck-elasticsearch: + enabled: true + + # Name of the Elasticsearch resource. + # + fullnameOverride: quickstart + + # Version of Elasticsearch. + # + version: 8.2.3 + + nodeSets: + - name: default + count: 3 + config: + # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive. + # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144 + # and leave node.store.allow_mmap unset. + # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html + # + node.store.allow_mmap: false + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + # Adjust to your storage class name + # + # storageClassName: local-storage + +eck-kibana: + enabled: true + + # Name of the Kibana resource. + # + fullnameOverride: quickstart + + # Version of Kibana. + # + version: 8.2.3 + + spec: + # Count of Kibana replicas to create. + # + count: 1 + + # Reference to ECK-managed Elasticsearch resource, ideally from {{ "elasticsearch.fullname" }} + # + elasticsearchRef: + name: quickstart + +eck-beats: + enabled: true + name: metricbeat + spec: + type: metricbeat + version: 8.2.3 + elasticsearchRef: + name: quickstart + kibanaRef: + name: quickstart + config: + # Since filebeat is used in the default values, this needs to be removed with an empty list. + filebeat.inputs: [] + metricbeat: + autodiscover: + providers: + - hints: + default_config: {} + enabled: "true" + node: ${NODE_NAME} + type: kubernetes + modules: + - module: system + period: 10s + metricsets: + - cpu + - load + - memory + - network + - process + - process_summary + process: + include_top_n: + by_cpu: 5 + by_memory: 5 + processes: + - .* + - module: system + period: 1m + metricsets: + - filesystem + - fsstat + processors: + - drop_event: + when: + regexp: + system: + filesystem: + mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib)($|/) + - module: kubernetes + period: 10s + node: ${NODE_NAME} + hosts: + - https://${NODE_NAME}:10250 + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl: + verification_mode: none + metricsets: + - node + - system + - pod + - container + - volume + processors: + - add_cloud_metadata: {} + - add_host_metadata: {} + daemonSet: + podTemplate: + spec: + serviceAccountName: metricbeat + automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context + containers: + - args: + - -e + - -c + - /etc/beat.yml + - -system.hostfs=/hostfs + name: metricbeat + volumeMounts: + - mountPath: /hostfs/sys/fs/cgroup + name: cgroup + - mountPath: /var/run/docker.sock + name: dockersock + - mountPath: /hostfs/proc + name: proc + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true # Allows to provide richer host metadata + securityContext: + runAsUser: 0 + terminationGracePeriodSeconds: 30 + volumes: + - hostPath: + path: /sys/fs/cgroup + name: cgroup + - hostPath: + path: /var/run/docker.sock + name: dockersock + - hostPath: + path: /proc + name: proc + + clusterRole: + # permissions needed for metricbeat + # source: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-kubernetes.html + name: metricbeat + rules: + - apiGroups: + - "" + resources: + - nodes + - namespaces + - events + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + resources: + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - deployments + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + - nonResourceURLs: + - /metrics + verbs: + - get + + serviceAccount: + name: metricbeat + + clusterRoleBinding: + name: metricbeat + subjects: + - kind: ServiceAccount + name: metricbeat + namespace: default + roleRef: + kind: ClusterRole + name: metricbeat + apiGroup: rbac.authorization.k8s.io + \ No newline at end of file diff --git a/deploy/eck-stack/templates/tests/beats_test.yaml b/deploy/eck-stack/templates/tests/beats_test.yaml new file mode 100644 index 0000000000..e67e5d162a --- /dev/null +++ b/deploy/eck-stack/templates/tests/beats_test.yaml @@ -0,0 +1,50 @@ +suite: test elastic-agent +templates: + - charts/eck-beats/templates/beats.yaml +tests: + - it: should render filebeat quickstart properly + set: + eck-beats.enabled: true + release: + name: quickstart + asserts: + - isKind: + of: Beat + - equal: + path: metadata.name + value: quickstart-eck-beats + - equal: + path: spec.version + value: 8.2.3 + - it: should render custom metricbeat example properly + values: + - ../../examples/metricbeat_hosts.yaml + release: + name: quickstart + asserts: + - isKind: + of: Beat + - equal: + path: metadata.name + value: quickstart-eck-beats + - equal: + path: spec.version + value: 8.2.3 + - equal: + path: spec.kibanaRef.name + value: quickstart + - equal: + path: spec.elasticsearchRef.name + value: quickstart + - equal: + path: spec.type + value: metricbeat + - equal: + path: spec.daemonSet.podTemplate.spec.securityContext.runAsUser + value: 0 + - equal: + path: spec.daemonSet.podTemplate.spec.serviceAccountName + value: metricbeat + - equal: + path: spec.daemonSet.podTemplate.spec.hostNetwork + value: true \ No newline at end of file diff --git a/deploy/eck-stack/values.yaml b/deploy/eck-stack/values.yaml index e24b479755..b388401063 100644 --- a/deploy/eck-stack/values.yaml +++ b/deploy/eck-stack/values.yaml @@ -19,3 +19,6 @@ eck-kibana: # both the eck-elasticsearch and the eck-kibana chart work together by default in the eck-stack chart. elasticsearchRef: name: elasticsearch + +eck-beats: + enabled: false \ No newline at end of file From f623f153d5126f6ebaa9b1b7c96593410f6ca43b Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 28 Jul 2022 11:40:58 -0500 Subject: [PATCH 05/23] rename test suite name for beats. --- deploy/eck-stack/Chart.lock | 7 +++++-- deploy/eck-stack/templates/tests/beats_test.yaml | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/deploy/eck-stack/Chart.lock b/deploy/eck-stack/Chart.lock index e909b1abb7..9632acce62 100644 --- a/deploy/eck-stack/Chart.lock +++ b/deploy/eck-stack/Chart.lock @@ -5,5 +5,8 @@ dependencies: - name: eck-kibana repository: file://../eck-kibana version: 0.1.0 -digest: sha256:5d22239d6c40d5b35b4242db0af9c37ff6c59f3ed2afdd2ab2956ce0992e4320 -generated: "2022-07-28T11:36:16.010023-05:00" +- name: eck-beats + repository: file://../eck-beats + version: 0.1.0 +digest: sha256:b5b2965f1b44a198a2357589c6734eb14dea8f0f97714d1c3173e53d56f2f2fe +generated: "2022-07-28T11:40:18.252758-05:00" diff --git a/deploy/eck-stack/templates/tests/beats_test.yaml b/deploy/eck-stack/templates/tests/beats_test.yaml index e67e5d162a..ab9b8e70ae 100644 --- a/deploy/eck-stack/templates/tests/beats_test.yaml +++ b/deploy/eck-stack/templates/tests/beats_test.yaml @@ -1,4 +1,4 @@ -suite: test elastic-agent +suite: test beats templates: - charts/eck-beats/templates/beats.yaml tests: From 52bf7ac4d8cd2181f0d8b5444bdd18ed1fc42155 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 28 Jul 2022 11:42:22 -0500 Subject: [PATCH 06/23] Adding missing newlines in files, and removing an errant space. --- deploy/eck-stack/examples/metricbeat_hosts.yaml | 1 - deploy/eck-stack/templates/tests/beats_test.yaml | 2 +- deploy/eck-stack/values.yaml | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/deploy/eck-stack/examples/metricbeat_hosts.yaml b/deploy/eck-stack/examples/metricbeat_hosts.yaml index b1969243b4..773fe5f004 100644 --- a/deploy/eck-stack/examples/metricbeat_hosts.yaml +++ b/deploy/eck-stack/examples/metricbeat_hosts.yaml @@ -217,4 +217,3 @@ eck-beats: kind: ClusterRole name: metricbeat apiGroup: rbac.authorization.k8s.io - \ No newline at end of file diff --git a/deploy/eck-stack/templates/tests/beats_test.yaml b/deploy/eck-stack/templates/tests/beats_test.yaml index ab9b8e70ae..fb23fb5d03 100644 --- a/deploy/eck-stack/templates/tests/beats_test.yaml +++ b/deploy/eck-stack/templates/tests/beats_test.yaml @@ -47,4 +47,4 @@ tests: value: metricbeat - equal: path: spec.daemonSet.podTemplate.spec.hostNetwork - value: true \ No newline at end of file + value: true diff --git a/deploy/eck-stack/values.yaml b/deploy/eck-stack/values.yaml index b388401063..c06a80da1a 100644 --- a/deploy/eck-stack/values.yaml +++ b/deploy/eck-stack/values.yaml @@ -21,4 +21,4 @@ eck-kibana: name: elasticsearch eck-beats: - enabled: false \ No newline at end of file + enabled: false From b84235e516a397c84e2a406b29f0ac7a41f98a7a Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 28 Jul 2022 11:45:46 -0500 Subject: [PATCH 07/23] Update eck-stack chart readme --- deploy/eck-stack/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/eck-stack/README.md b/deploy/eck-stack/README.md index 2a0dba9aef..84b9e73ff9 100644 --- a/deploy/eck-stack/README.md +++ b/deploy/eck-stack/README.md @@ -9,6 +9,7 @@ The following Elastic Stack resources are currently supported. - Elasticsearch - Kibana +- Beats Additional resources will be supported in future releases of this Helm Chart. From ac019e88d0326889e5d5c3f63782f80b88159239 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Tue, 23 Aug 2022 10:48:44 -0500 Subject: [PATCH 08/23] Add documentation for helm unit tests. Update update-stack-version.sh to support updating helm chart stack versions as well Add notes about where the k8s version requirement comes from. --- deploy/README.md | 31 +++++++++++++++++++ deploy/eck-beats/Chart.yaml | 1 + .../eck-beats/examples/auditbeat_hosts.yaml | 4 +-- .../examples/heartbeat_es_kb_health.yaml | 4 +-- .../eck-beats/examples/metricbeat_hosts.yaml | 2 +- .../examples/packetbeat_dns_http.yaml | 2 +- .../eck-beats/templates/tests/beats_test.yaml | 2 +- deploy/eck-beats/values.yaml | 2 +- hack/update-stack-version.sh | 2 +- 9 files changed, 41 insertions(+), 9 deletions(-) diff --git a/deploy/README.md b/deploy/README.md index b8a81135b2..d33abaa6fb 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -44,4 +44,35 @@ To see all resources installed by the helm chart ```sh kubectl get elastic -l "app.kubernetes.io/instance"=es-kb-quickstart -n elastic-stack +``` + +## ECK Helm Chart Development + +### ECK Helm Chart test suite + +[Helm UnitTest Plugin](https://github.com/quintush/helm-unittest) is used to ensure Helm Charts render properly. + +#### Installation + +``` +helm plugin install https://github.com/quintush/helm-unittest --version 0.2.8 +``` + +#### Running Test Suite + +The test suite can be run from the Makefile in the root of the project with the following command: + +``` +make helm-test +``` + +*Note* that the Makefile target runs the script in `{root}/hack/helm/test.sh` + +#### Manually invoking the Helm Unit Tests for a particular Chart + +The Helm unit tests can be manually invoked for any of the charts with the following command: + +``` +cd deploy/eck-stack +helm unittest -3 -f 'templates/tests/*.yaml' . ``` \ No newline at end of file diff --git a/deploy/eck-beats/Chart.yaml b/deploy/eck-beats/Chart.yaml index 3f9ca0c359..a70c15f458 100644 --- a/deploy/eck-beats/Chart.yaml +++ b/deploy/eck-beats/Chart.yaml @@ -1,6 +1,7 @@ apiVersion: v2 name: eck-beats description: A Helm chart to deploy Elastic Beats managed by the ECK Operator. +# Requirement comes from minimum version supported for eck-operator (https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_supported_versions.html) kubeVersion: ">= 1.20.0-0" type: application version: 0.1.0 diff --git a/deploy/eck-beats/examples/auditbeat_hosts.yaml b/deploy/eck-beats/examples/auditbeat_hosts.yaml index 6431a95102..264d48a166 100644 --- a/deploy/eck-beats/examples/auditbeat_hosts.yaml +++ b/deploy/eck-beats/examples/auditbeat_hosts.yaml @@ -1,6 +1,6 @@ name: auditbeat type: auditbeat -version: 8.2.3 +version: 8.3.3 spec: elasticsearchRef: name: elasticsearch @@ -75,7 +75,7 @@ spec: # path: /run #initContainers: #- name: cos-init - # image: docker.elastic.co/beats/auditbeat:8.3.1 + # image: docker.elastic.co/beats/auditbeat:8.3.3 # volumeMounts: # - name: run # mountPath: /run diff --git a/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml b/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml index 3bdfdb2f98..76e887aacd 100644 --- a/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml +++ b/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml @@ -1,13 +1,13 @@ name: heartbeat type: heartbeat -version: 8.2.3 +version: 8.3.3 spec: elasticsearchRef: name: elasticsearch config: # Since filebeat is used in the default values, this needs to be removed with an empty list. filebeat.inputs: [] - # Since rpcoessors is used in the default values, this needs to be removed with an empty list. + # Since processors is used in the default values, this needs to be removed with an empty list. processors: [] heartbeat.monitors: - type: tcp diff --git a/deploy/eck-beats/examples/metricbeat_hosts.yaml b/deploy/eck-beats/examples/metricbeat_hosts.yaml index 4e6f2711d8..7cd4e51fd7 100644 --- a/deploy/eck-beats/examples/metricbeat_hosts.yaml +++ b/deploy/eck-beats/examples/metricbeat_hosts.yaml @@ -1,7 +1,7 @@ name: metricbeat spec: type: metricbeat - version: 8.2.3 + version: 8.3.3 elasticsearchRef: name: elasticsearch kibanaRef: diff --git a/deploy/eck-beats/examples/packetbeat_dns_http.yaml b/deploy/eck-beats/examples/packetbeat_dns_http.yaml index 1af4f0283a..6c1c28d30c 100644 --- a/deploy/eck-beats/examples/packetbeat_dns_http.yaml +++ b/deploy/eck-beats/examples/packetbeat_dns_http.yaml @@ -1,7 +1,7 @@ name: packetbeat spec: type: packetbeat - version: 8.2.3 + version: 8.3.3 elasticsearchRef: name: elasticsearch kibanaRef: diff --git a/deploy/eck-beats/templates/tests/beats_test.yaml b/deploy/eck-beats/templates/tests/beats_test.yaml index 1d39085f53..90544978c6 100644 --- a/deploy/eck-beats/templates/tests/beats_test.yaml +++ b/deploy/eck-beats/templates/tests/beats_test.yaml @@ -13,7 +13,7 @@ tests: value: quickstart-eck-beats - equal: path: spec.version - value: 8.2.3 + value: 8.3.3 - equal: path: spec.daemonSet.podTemplate.spec.containers[0].name value: filebeat diff --git a/deploy/eck-beats/values.yaml b/deploy/eck-beats/values.yaml index 2e38f42383..1e64c810a6 100644 --- a/deploy/eck-beats/values.yaml +++ b/deploy/eck-beats/values.yaml @@ -18,7 +18,7 @@ # Version of Elastic Beats. # -version: 8.2.3 +version: 8.3.3 # Type of Elastic Beats. Standard types of Beat are [filebeat,metricbeat,heartbeat,auditbeat,packetbeat,journalbeat]. # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat diff --git a/hack/update-stack-version.sh b/hack/update-stack-version.sh index 253a0ff600..ea5188c9a8 100755 --- a/hack/update-stack-version.sh +++ b/hack/update-stack-version.sh @@ -34,7 +34,7 @@ for_all_yaml_do() { local function="$1" # Directories containing Yaml files with version references to replace # Note: hack/operatorhub/config.yaml will need to be updated manually - local dirs=(config/samples config/recipes config/e2e test/e2e) + local dirs=(config/samples config/recipes config/e2e test/e2e deploy/eck-stack deploy/eck-beats deploy/eck-kibana deploy/eck-elasticsearch) LC_CTYPE=C LANG=C find "${dirs[@]}" -type f -iname \*.yaml \ | while read -r file; do "$function" "$file"; done } From 26bbd2192f696b5318d70efaa95536d2f3646d2a Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 8 Sep 2022 20:37:25 -0500 Subject: [PATCH 09/23] Add license file to beat helm chart --- deploy/eck-beats/LICENSE | 93 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 deploy/eck-beats/LICENSE diff --git a/deploy/eck-beats/LICENSE b/deploy/eck-beats/LICENSE new file mode 100644 index 0000000000..92503a7217 --- /dev/null +++ b/deploy/eck-beats/LICENSE @@ -0,0 +1,93 @@ +Elastic License 2.0 + +URL: https://www.elastic.co/licensing/elastic-license + +## Acceptance + +By using the software, you agree to all of the terms and conditions below. + +## Copyright License + +The licensor grants you a non-exclusive, royalty-free, worldwide, +non-sublicensable, non-transferable license to use, copy, distribute, make +available, and prepare derivative works of the software, in each case subject to +the limitations and conditions below. + +## Limitations + +You may not provide the software to third parties as a hosted or managed +service, where the service provides users with access to any substantial set of +the features or functionality of the software. + +You may not move, change, disable, or circumvent the license key functionality +in the software, and you may not remove or obscure any functionality in the +software that is protected by the license key. + +You may not alter, remove, or obscure any licensing, copyright, or other notices +of the licensor in the software. Any use of the licensor’s trademarks is subject +to applicable law. + +## Patents + +The licensor grants you a license, under any patent claims the licensor can +license, or becomes able to license, to make, have made, use, sell, offer for +sale, import and have imported the software, in each case subject to the +limitations and conditions in this license. This license does not cover any +patent claims that you cause to be infringed by modifications or additions to +the software. If you or your company make any written claim that the software +infringes or contributes to infringement of any patent, your patent license for +the software granted under these terms ends immediately. If your company makes +such a claim, your patent license ends immediately for work on behalf of your +company. + +## Notices + +You must ensure that anyone who gets a copy of any part of the software from you +also gets a copy of these terms. + +If you modify the software, you must include in any modified copies of the +software prominent notices stating that you have modified the software. + +## No Other Rights + +These terms do not imply any licenses other than those expressly granted in +these terms. + +## Termination + +If you use the software in violation of these terms, such use is not licensed, +and your licenses will automatically terminate. If the licensor provides you +with a notice of your violation, and you cease all violation of this license no +later than 30 days after you receive that notice, your licenses will be +reinstated retroactively. However, if you violate these terms after such +reinstatement, any additional violation of these terms will cause your licenses +to terminate automatically and permanently. + +## No Liability + +*As far as the law allows, the software comes as is, without any warranty or +condition, and the licensor will not be liable to you for any damages arising +out of these terms or the use or nature of the software, under any kind of +legal claim.* + +## Definitions + +The **licensor** is the entity offering these terms, and the **software** is the +software the licensor makes available under these terms, including any portion +of it. + +**you** refers to the individual or entity agreeing to these terms. + +**your company** is any legal entity, sole proprietorship, or other kind of +organization that you work for, plus all organizations that have control over, +are under the control of, or are under common control with that +organization. **control** means ownership of substantially all the assets of an +entity, or the power to direct its management and policies by vote, contract, or +otherwise. Control can be direct or indirect. + +**your licenses** are all the licenses granted to you for the software under +these terms. + +**use** means anything you do with the software requiring one of your licenses. + +**trademark** means trademarks, service marks, and similar rights. \ No newline at end of file From f4f56f623415233b8dc2f109635d97a2a10e6b87 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Tue, 20 Sep 2022 10:17:16 -0500 Subject: [PATCH 10/23] Update to use nindent, not indent for beat annotations --- deploy/eck-beats/templates/beats.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/eck-beats/templates/beats.yaml b/deploy/eck-beats/templates/beats.yaml index bb04c74ca3..720a74ee7b 100644 --- a/deploy/eck-beats/templates/beats.yaml +++ b/deploy/eck-beats/templates/beats.yaml @@ -8,7 +8,7 @@ metadata: annotations: eck.k8s.elastic.co/license: enterprise {{- if .Values.annotations }} - {{- toYaml .Values.annotations | indent 4 }} + {{- toYaml .Values.annotations | nindent 4 }} {{- end }} spec: version: {{ required "A Beat version is required" .Values.version }} From a98b3c0a56c96160f913215936fd8cb8c3d8fac3 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Tue, 20 Sep 2022 11:01:11 -0500 Subject: [PATCH 11/23] Making svc/clusterRole/ClusterRoleBinding consistent across Charts. --- .../templates/cluster-role-binding.yaml | 21 ++++++++++++++++++- deploy/eck-beats/templates/cluster-role.yaml | 14 ++++++++++++- .../eck-beats/templates/service-account.yaml | 16 +++++++++++++- 3 files changed, 48 insertions(+), 3 deletions(-) diff --git a/deploy/eck-beats/templates/cluster-role-binding.yaml b/deploy/eck-beats/templates/cluster-role-binding.yaml index f17f07f87d..b53b5a0382 100644 --- a/deploy/eck-beats/templates/cluster-role-binding.yaml +++ b/deploy/eck-beats/templates/cluster-role-binding.yaml @@ -6,7 +6,26 @@ metadata: name: {{ .Values.clusterRoleBinding.name }} labels: {{- include "beat.labels" . | nindent 4 }} -subjects: {{- toYaml .Values.clusterRoleBinding.subjects | nindent 2 }} + {{- if .Values.clusterRoleBinding.labels }} + {{- toYaml .Values.clusterRoleBinding.labels | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.clusterRoleBinding.annotations }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.clusterRoleBinding.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- if .Values.clusterRoleBinding.subjects }} +subjects: +{{- range .Values.clusterRoleBinding.subjects }} + - kind: {{ .kind }} + name: {{ .name }} + namespace: {{ .namespace | default $.Release.Namespace | quote }} +{{- end }} +{{- end }} roleRef: kind: {{ .Values.clusterRoleBinding.roleRef.kind }} name: {{ .Values.clusterRoleBinding.roleRef.name }} diff --git a/deploy/eck-beats/templates/cluster-role.yaml b/deploy/eck-beats/templates/cluster-role.yaml index e94623902b..88f7dc77fc 100644 --- a/deploy/eck-beats/templates/cluster-role.yaml +++ b/deploy/eck-beats/templates/cluster-role.yaml @@ -6,5 +6,17 @@ metadata: name: {{ .Values.clusterRole.name }} labels: {{- include "beat.labels" . | nindent 4 }} + {{- if .Values.clusterRole.labels }} + {{- toYaml .Values.clusterRole.labels | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.clusterRole.annotations }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.clusterRole.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} rules: {{- toYaml .Values.clusterRole.rules | nindent 2 }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/deploy/eck-beats/templates/service-account.yaml b/deploy/eck-beats/templates/service-account.yaml index 6277733e73..9959ffe495 100644 --- a/deploy/eck-beats/templates/service-account.yaml +++ b/deploy/eck-beats/templates/service-account.yaml @@ -1,9 +1,23 @@ + {{- if .Values.serviceAccount }} --- apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccount.name }} + namespace: {{ .Values.serviceAccount.namespace | default $.Release.Namespace | quote }} labels: {{- include "beat.labels" . | nindent 4 }} -{{- end }} + {{- if .Values.serviceAccount.labels }} + {{- toYaml .Values.serviceAccount.labels | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.serviceAccount.annotations }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file From 8cbdcad759c2829075c8685e7093c0bbcd51e4ac Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Tue, 20 Sep 2022 13:59:41 -0500 Subject: [PATCH 12/23] Use toYaml properly in helper. ensure cluster role binding ref exists before templating. Tests for clusterrolebinding/clusterrole/serviceaccount --- deploy/eck-beats/templates/_helpers.tpl | 2 +- .../templates/cluster-role-binding.yaml | 2 + .../beats-cluster-role-binding_test.yaml | 62 +++++++++++++++ .../tests/beats-cluster-role_test.yaml | 76 +++++++++++++++++++ .../tests/beats-service-account_test.yaml | 47 ++++++++++++ 5 files changed, 188 insertions(+), 1 deletion(-) create mode 100644 deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml create mode 100644 deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml create mode 100644 deploy/eck-beats/templates/tests/beats-service-account_test.yaml diff --git a/deploy/eck-beats/templates/_helpers.tpl b/deploy/eck-beats/templates/_helpers.tpl index 031f5506fc..5e20af14a1 100644 --- a/deploy/eck-beats/templates/_helpers.tpl +++ b/deploy/eck-beats/templates/_helpers.tpl @@ -38,7 +38,7 @@ helm.sh/chart: {{ include "beat.chart" . }} {{ include "beat.selectorLabels" . }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- if .Values.labels }} -{{ .Values.labels }} +{{ toYaml .Values.labels }} {{- end }} {{- end }} diff --git a/deploy/eck-beats/templates/cluster-role-binding.yaml b/deploy/eck-beats/templates/cluster-role-binding.yaml index b53b5a0382..1c697e96af 100644 --- a/deploy/eck-beats/templates/cluster-role-binding.yaml +++ b/deploy/eck-beats/templates/cluster-role-binding.yaml @@ -26,8 +26,10 @@ subjects: namespace: {{ .namespace | default $.Release.Namespace | quote }} {{- end }} {{- end }} +{{- if .Values.clusterRoleBinding.roleRef }} roleRef: kind: {{ .Values.clusterRoleBinding.roleRef.kind }} name: {{ .Values.clusterRoleBinding.roleRef.name }} apiGroup: {{ .Values.clusterRoleBinding.roleRef.apiGroup }} {{- end }} +{{- end }} diff --git a/deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml b/deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml new file mode 100644 index 0000000000..8d741269bb --- /dev/null +++ b/deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml @@ -0,0 +1,62 @@ +suite: test beat cluster role binding +templates: + - templates/cluster-role-binding.yaml +tests: + - it: should render cluster role binding in metricbeat example properly + values: + - ../../examples/metricbeat_hosts.yaml + release: + name: quickstart + asserts: + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.name + value: metricbeat + - equal: + path: subjects[0].kind + value: ServiceAccount + - equal: + path: subjects[0].name + value: metricbeat + - equal: + path: roleRef.kind + value: ClusterRole + - equal: + path: roleRef.name + value: metricbeat + - equal: + path: roleRef.apiGroup + value: rbac.authorization.k8s.io + - it: should render custom labels and annotations properly. + values: + - ../../examples/metricbeat_hosts.yaml + set: + labels: + test: label + annotations: + test: annotation + clusterRoleBinding: + annotations: + clusterRoleBinding: annotation + labels: + clusterRoleBinding: label + release: + name: quickstart + asserts: + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: quickstart + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: eck-beats + clusterRoleBinding: label + helm.sh/chart: eck-beats-0.1.0 + test: label + - equal: + path: metadata.annotations + value: + clusterRoleBinding: annotation + test: annotation \ No newline at end of file diff --git a/deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml b/deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml new file mode 100644 index 0000000000..3c9ef6f3fc --- /dev/null +++ b/deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml @@ -0,0 +1,76 @@ +suite: test beats cluster role +templates: + - templates/cluster-role.yaml +tests: + - it: should render cluster role in metricbeat example properly + values: + - ../../examples/metricbeat_hosts.yaml + release: + name: quickstart + asserts: + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: metricbeat + - equal: + path: rules[0].apiGroups[0] + value: "" + - equal: + path: rules[0].resources + value: + - nodes + - namespaces + - events + - pods + - equal: + path: rules[0].verbs + value: + - get + - list + - watch + - equal: + path: rules[1].apiGroups[0] + value: extensions + - equal: + path: rules[1].resources + value: + - replicasets + - equal: + path: rules[1].verbs + value: + - get + - list + - watch + - it: should render custom labels and annotations properly. + values: + - ../../examples/metricbeat_hosts.yaml + set: + labels: + test: label + annotations: + test: annotation + clusterRole: + annotations: + clusterRole: annotation + labels: + clusterRole: label + release: + name: quickstart + asserts: + - isKind: + of: ClusterRole + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: quickstart + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: eck-beats + clusterRole: label + helm.sh/chart: eck-beats-0.1.0 + test: label + - equal: + path: metadata.annotations + value: + clusterRole: annotation + test: annotation \ No newline at end of file diff --git a/deploy/eck-beats/templates/tests/beats-service-account_test.yaml b/deploy/eck-beats/templates/tests/beats-service-account_test.yaml new file mode 100644 index 0000000000..acae977396 --- /dev/null +++ b/deploy/eck-beats/templates/tests/beats-service-account_test.yaml @@ -0,0 +1,47 @@ +suite: test beats service account +templates: + - templates/service-account.yaml +tests: + - it: should render service account in metricbeat example properly + values: + - ../../examples/metricbeat_hosts.yaml + release: + name: quickstart + asserts: + - isKind: + of: ServiceAccount + - equal: + path: metadata.name + value: metricbeat + - it: should render custom labels and annotations properly. + values: + - ../../examples/metricbeat_hosts.yaml + set: + labels: + test: label + annotations: + test: annotation + serviceAccount: + annotations: + serviceAccount: annotation + labels: + serviceAccount: label + release: + name: quickstart + asserts: + - isKind: + of: ServiceAccount + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: quickstart + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: eck-beats + serviceAccount: label + helm.sh/chart: eck-beats-0.1.0 + test: label + - equal: + path: metadata.annotations + value: + serviceAccount: annotation + test: annotation \ No newline at end of file From c8116eb4210fbd5c8a0b4fc03f9a38764af5ea7d Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Tue, 20 Sep 2022 14:00:53 -0500 Subject: [PATCH 13/23] Adding/removing newlines --- .../templates/tests/beats-cluster-role-binding_test.yaml | 2 +- deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml | 2 +- .../eck-beats/templates/tests/beats-service-account_test.yaml | 2 +- deploy/eck-beats/templates/tests/beats_test.yaml | 1 - 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml b/deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml index 8d741269bb..1e7f6684eb 100644 --- a/deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml +++ b/deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml @@ -59,4 +59,4 @@ tests: path: metadata.annotations value: clusterRoleBinding: annotation - test: annotation \ No newline at end of file + test: annotation diff --git a/deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml b/deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml index 3c9ef6f3fc..81c1c26d77 100644 --- a/deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml +++ b/deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml @@ -73,4 +73,4 @@ tests: path: metadata.annotations value: clusterRole: annotation - test: annotation \ No newline at end of file + test: annotation diff --git a/deploy/eck-beats/templates/tests/beats-service-account_test.yaml b/deploy/eck-beats/templates/tests/beats-service-account_test.yaml index acae977396..fdc4d036aa 100644 --- a/deploy/eck-beats/templates/tests/beats-service-account_test.yaml +++ b/deploy/eck-beats/templates/tests/beats-service-account_test.yaml @@ -44,4 +44,4 @@ tests: path: metadata.annotations value: serviceAccount: annotation - test: annotation \ No newline at end of file + test: annotation diff --git a/deploy/eck-beats/templates/tests/beats_test.yaml b/deploy/eck-beats/templates/tests/beats_test.yaml index 90544978c6..509ac08869 100644 --- a/deploy/eck-beats/templates/tests/beats_test.yaml +++ b/deploy/eck-beats/templates/tests/beats_test.yaml @@ -20,4 +20,3 @@ tests: - equal: path: spec.daemonSet.podTemplate.spec.containers[0].securityContext.runAsUser value: 0 - From aad783ca3843426b25944a6222984138b253d8f7 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 31 Oct 2022 08:13:09 -0500 Subject: [PATCH 14/23] wip --- .../eck-beats/templates/tests/beats_test.yaml | 10 ++--- deploy/eck-beats/values.yaml | 45 +++---------------- 2 files changed, 9 insertions(+), 46 deletions(-) diff --git a/deploy/eck-beats/templates/tests/beats_test.yaml b/deploy/eck-beats/templates/tests/beats_test.yaml index 509ac08869..fe000145b0 100644 --- a/deploy/eck-beats/templates/tests/beats_test.yaml +++ b/deploy/eck-beats/templates/tests/beats_test.yaml @@ -2,9 +2,11 @@ suite: test beats templates: - templates/beats.yaml tests: - - it: should render default filebeat properly + - it: should render filebeat properly, when type is set release: name: quickstart + set: + type: "filebeat" asserts: - isKind: of: Beat @@ -14,9 +16,3 @@ tests: - equal: path: spec.version value: 8.3.3 - - equal: - path: spec.daemonSet.podTemplate.spec.containers[0].name - value: filebeat - - equal: - path: spec.daemonSet.podTemplate.spec.containers[0].securityContext.runAsUser - value: 0 diff --git a/deploy/eck-beats/values.yaml b/deploy/eck-beats/values.yaml index 1e64c810a6..901e9ee86a 100644 --- a/deploy/eck-beats/values.yaml +++ b/deploy/eck-beats/values.yaml @@ -23,7 +23,9 @@ version: 8.3.3 # Type of Elastic Beats. Standard types of Beat are [filebeat,metricbeat,heartbeat,auditbeat,packetbeat,journalbeat]. # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat # -type: filebeat +# Note: This is required to be set, or the release install will fail. +# +type: "" # Labels that will be applied to Elastic Beats. # @@ -61,48 +63,13 @@ spec: # At least one is required of [daemonSet, deployment]. # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-chose-the-deployment-model # - daemonSet: - podTemplate: - spec: - automountServiceAccountToken: true - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true # Allows to provide richer host metadata - containers: - - name: filebeat - securityContext: - runAsUser: 0 - # If using Red Hat OpenShift uncomment this: - # privileged: true - volumeMounts: - - name: varlogcontainers - mountPath: /var/log/containers - - name: varlogpods - mountPath: /var/log/pods - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - volumes: - - name: varlogcontainers - hostPath: - path: /var/log/containers - - name: varlogpods - hostPath: - path: /var/log/pods - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers + daemonSet: {} + # deployment: {} # Configuration of Beat, which is dependent on the `type` of Beat specified. # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat # - config: - filebeat.inputs: - - type: container - paths: - - /var/log/containers/*.log - processors: - - add_host_metadata: {} - - add_cloud_metadata: {} + config: {} # ServiceAccount to be used by Elastic Beats. Some Beats features (such as autodiscover or Kubernetes module metricsets) # require that Beat Pods interact with Kubernetes APIs. This functionality requires specific permissions From 02df23aa3b3b500bef72cc02f8b81d7c805b1178 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 31 Oct 2022 09:45:59 -0500 Subject: [PATCH 15/23] Add examples and tests for all supported beat types. --- .../eck-beats/examples/auditbeat_hosts.yaml | 4 +- .../examples/filebeat_no_autodiscover.yaml | 49 ++++ .../examples/heartbeat_es_kb_health.yaml | 8 +- .../eck-beats/examples/metricbeat_hosts.yaml | 2 - .../examples/packetbeat_dns_http.yaml | 2 - deploy/eck-beats/templates/beats.yaml | 2 +- .../tests/beats-auditbeat-example_test.yaml | 59 +++++ .../beats-cluster-role-binding_test.yaml | 62 ----- .../tests/beats-cluster-role_test.yaml | 76 ------ .../tests/beats-filebeat-example_test.yaml | 40 +++ .../tests/beats-heartbeat-example_test.yaml | 41 +++ .../tests/beats-metricbeat-example_test.yaml | 242 ++++++++++++++++++ .../tests/beats-packetbeat-example_test.yaml | 55 ++++ .../tests/beats-service-account_test.yaml | 47 ---- .../eck-beats/templates/tests/beats_test.yaml | 5 +- deploy/eck-beats/values.yaml | 14 +- 16 files changed, 500 insertions(+), 208 deletions(-) create mode 100644 deploy/eck-beats/examples/filebeat_no_autodiscover.yaml create mode 100644 deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml delete mode 100644 deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml delete mode 100644 deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml create mode 100644 deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml create mode 100644 deploy/eck-beats/templates/tests/beats-heartbeat-example_test.yaml create mode 100644 deploy/eck-beats/templates/tests/beats-metricbeat-example_test.yaml create mode 100644 deploy/eck-beats/templates/tests/beats-packetbeat-example_test.yaml delete mode 100644 deploy/eck-beats/templates/tests/beats-service-account_test.yaml diff --git a/deploy/eck-beats/examples/auditbeat_hosts.yaml b/deploy/eck-beats/examples/auditbeat_hosts.yaml index 264d48a166..2ef1a97065 100644 --- a/deploy/eck-beats/examples/auditbeat_hosts.yaml +++ b/deploy/eck-beats/examples/auditbeat_hosts.yaml @@ -1,14 +1,12 @@ name: auditbeat -type: auditbeat version: 8.3.3 spec: + type: auditbeat elasticsearchRef: name: elasticsearch kibanaRef: name: kibana config: - # Since filebeat is used in the default values, this needs to be removed with an empty list. - filebeat.inputs: [] auditbeat.modules: - module: file_integrity paths: diff --git a/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml b/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml new file mode 100644 index 0000000000..1c2aaf0a61 --- /dev/null +++ b/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml @@ -0,0 +1,49 @@ +apiVersion: beat.k8s.elastic.co/v1beta1 +kind: Beat +metadata: + name: filebeat +spec: + type: filebeat + version: 8.4.2 + elasticsearchRef: + name: elasticsearch + kibanaRef: + name: kibana + config: + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_host_metadata: {} + - add_cloud_metadata: {} + daemonSet: + podTemplate: + spec: + automountServiceAccountToken: true + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true # Allows to provide richer host metadata + containers: + - name: filebeat + securityContext: + runAsUser: 0 + # If using Red Hat OpenShift uncomment this: + #privileged: true + volumeMounts: + - name: varlogcontainers + mountPath: /var/log/containers + - name: varlogpods + mountPath: /var/log/pods + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + volumes: + - name: varlogcontainers + hostPath: + path: /var/log/containers + - name: varlogpods + hostPath: + path: /var/log/pods + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers diff --git a/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml b/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml index 76e887aacd..54260a9228 100644 --- a/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml +++ b/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml @@ -1,14 +1,10 @@ name: heartbeat -type: heartbeat version: 8.3.3 spec: + type: heartbeat elasticsearchRef: name: elasticsearch config: - # Since filebeat is used in the default values, this needs to be removed with an empty list. - filebeat.inputs: [] - # Since processors is used in the default values, this needs to be removed with an empty list. - processors: [] heartbeat.monitors: - type: tcp schedule: '@every 5s' @@ -26,5 +22,3 @@ spec: spec: securityContext: runAsUser: 0 - # Since there is an existing daemonSet in the default values, it must be moved by using 'null'. - daemonSet: null diff --git a/deploy/eck-beats/examples/metricbeat_hosts.yaml b/deploy/eck-beats/examples/metricbeat_hosts.yaml index 7cd4e51fd7..535eebb9b2 100644 --- a/deploy/eck-beats/examples/metricbeat_hosts.yaml +++ b/deploy/eck-beats/examples/metricbeat_hosts.yaml @@ -7,8 +7,6 @@ spec: kibanaRef: name: kibana config: - # Since filebeat is used in the default values, this needs to be removed with an empty list. - filebeat.inputs: [] metricbeat: autodiscover: providers: diff --git a/deploy/eck-beats/examples/packetbeat_dns_http.yaml b/deploy/eck-beats/examples/packetbeat_dns_http.yaml index 6c1c28d30c..e7efe20a5c 100644 --- a/deploy/eck-beats/examples/packetbeat_dns_http.yaml +++ b/deploy/eck-beats/examples/packetbeat_dns_http.yaml @@ -7,8 +7,6 @@ spec: kibanaRef: name: kibana config: - # Since filebeat is used in the default values, this needs to be removed with an empty list. - filebeat.inputs: [] packetbeat.interfaces.device: any packetbeat.protocols: - type: dns diff --git a/deploy/eck-beats/templates/beats.yaml b/deploy/eck-beats/templates/beats.yaml index 720a74ee7b..b3ef838042 100644 --- a/deploy/eck-beats/templates/beats.yaml +++ b/deploy/eck-beats/templates/beats.yaml @@ -12,7 +12,7 @@ metadata: {{- end }} spec: version: {{ required "A Beat version is required" .Values.version }} - type: {{ required "A Beat type is required" .Values.type }} + type: {{ required "A Beat type is required" .Values.spec.type }} {{- if and (not (hasKey .Values.spec "daemonSet")) (not (hasKey .Values.spec "deployment")) }} {{ fail "At least one of daemonSet or deployment is required for a functional Beat" }} {{- end }} diff --git a/deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml new file mode 100644 index 0000000000..0744bd980b --- /dev/null +++ b/deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml @@ -0,0 +1,59 @@ +suite: test auditbeats +templates: + - templates/beats.yaml +tests: + - it: should render audibeat configuration properly. + values: + - ../../examples/auditbeat_hosts.yaml + release: + name: quickstart + asserts: + - isKind: + of: Beat + - equal: + path: spec.elasticsearchRef.name + value: elasticsearch + - equal: + path: spec.kibanaRef.name + value: kibana + - equal: + path: spec.config.[auditbeat.modules][0].module + value: file_integrity + - equal: + path: spec.config.[auditbeat.modules][0].paths + value: + - /hostfs/bin + - /hostfs/usr/bin + - /hostfs/sbin + - /hostfs/usr/sbin + - /hostfs/etc + - equal: + path: spec.config.[auditbeat.modules][0].scan_at_start + value: true + - equal: + path: spec.config.[auditbeat.modules][0].recursive + value: true + - equal: + path: spec.config.[auditbeat.modules][1].module + value: auditd + - equal: + path: spec.daemonSet.podTemplate.spec.hostPID + value: true + - equal: + path: spec.daemonSet.podTemplate.spec.dnsPolicy + value: ClusterFirstWithHostNet + - equal: + path: spec.daemonSet.podTemplate.spec.hostNetwork + value: true + - equal: + path: spec.daemonSet.podTemplate.spec.securityContext.runAsUser + value: 0 + - equal: + path: spec.daemonSet.podTemplate.spec.containers[0].name + value: auditbeat + - equal: + path: spec.daemonSet.podTemplate.spec.containers[0].securityContext.capabilities.add + value: + - 'AUDIT_READ' + - 'AUDIT_WRITE' + - 'AUDIT_CONTROL' \ No newline at end of file diff --git a/deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml b/deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml deleted file mode 100644 index 1e7f6684eb..0000000000 --- a/deploy/eck-beats/templates/tests/beats-cluster-role-binding_test.yaml +++ /dev/null @@ -1,62 +0,0 @@ -suite: test beat cluster role binding -templates: - - templates/cluster-role-binding.yaml -tests: - - it: should render cluster role binding in metricbeat example properly - values: - - ../../examples/metricbeat_hosts.yaml - release: - name: quickstart - asserts: - - isKind: - of: ClusterRoleBinding - - equal: - path: metadata.name - value: metricbeat - - equal: - path: subjects[0].kind - value: ServiceAccount - - equal: - path: subjects[0].name - value: metricbeat - - equal: - path: roleRef.kind - value: ClusterRole - - equal: - path: roleRef.name - value: metricbeat - - equal: - path: roleRef.apiGroup - value: rbac.authorization.k8s.io - - it: should render custom labels and annotations properly. - values: - - ../../examples/metricbeat_hosts.yaml - set: - labels: - test: label - annotations: - test: annotation - clusterRoleBinding: - annotations: - clusterRoleBinding: annotation - labels: - clusterRoleBinding: label - release: - name: quickstart - asserts: - - isKind: - of: ClusterRoleBinding - - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: quickstart - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: eck-beats - clusterRoleBinding: label - helm.sh/chart: eck-beats-0.1.0 - test: label - - equal: - path: metadata.annotations - value: - clusterRoleBinding: annotation - test: annotation diff --git a/deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml b/deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml deleted file mode 100644 index 81c1c26d77..0000000000 --- a/deploy/eck-beats/templates/tests/beats-cluster-role_test.yaml +++ /dev/null @@ -1,76 +0,0 @@ -suite: test beats cluster role -templates: - - templates/cluster-role.yaml -tests: - - it: should render cluster role in metricbeat example properly - values: - - ../../examples/metricbeat_hosts.yaml - release: - name: quickstart - asserts: - - isKind: - of: ClusterRole - - equal: - path: metadata.name - value: metricbeat - - equal: - path: rules[0].apiGroups[0] - value: "" - - equal: - path: rules[0].resources - value: - - nodes - - namespaces - - events - - pods - - equal: - path: rules[0].verbs - value: - - get - - list - - watch - - equal: - path: rules[1].apiGroups[0] - value: extensions - - equal: - path: rules[1].resources - value: - - replicasets - - equal: - path: rules[1].verbs - value: - - get - - list - - watch - - it: should render custom labels and annotations properly. - values: - - ../../examples/metricbeat_hosts.yaml - set: - labels: - test: label - annotations: - test: annotation - clusterRole: - annotations: - clusterRole: annotation - labels: - clusterRole: label - release: - name: quickstart - asserts: - - isKind: - of: ClusterRole - - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: quickstart - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: eck-beats - clusterRole: label - helm.sh/chart: eck-beats-0.1.0 - test: label - - equal: - path: metadata.annotations - value: - clusterRole: annotation - test: annotation diff --git a/deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml new file mode 100644 index 0000000000..1a40dd3937 --- /dev/null +++ b/deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml @@ -0,0 +1,40 @@ +suite: test filebeats +templates: + - templates/beats.yaml +tests: + - it: should render filebeat configuration properly. + values: + - ../../examples/filebeat_no_autodiscover.yaml + release: + name: quickstart + asserts: + - isKind: + of: Beat + - equal: + path: spec.elasticsearchRef.name + value: elasticsearch + - equal: + path: spec.kibanaRef.name + value: kibana + - equal: + path: spec.config.[filebeat.inputs][0].type + value: container + - equal: + path: spec.config.[filebeat.inputs][0].paths + value: + - /var/log/containers/*.log + - equal: + path: spec.daemonSet.podTemplate.spec.automountServiceAccountToken + value: true + - equal: + path: spec.daemonSet.podTemplate.spec.dnsPolicy + value: ClusterFirstWithHostNet + - equal: + path: spec.daemonSet.podTemplate.spec.hostNetwork + value: true + - equal: + path: spec.daemonSet.podTemplate.spec.containers[0].name + value: filebeat + - equal: + path: spec.daemonSet.podTemplate.spec.containers[0].securityContext.runAsUser + value: 0 diff --git a/deploy/eck-beats/templates/tests/beats-heartbeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-heartbeat-example_test.yaml new file mode 100644 index 0000000000..281e4ec57e --- /dev/null +++ b/deploy/eck-beats/templates/tests/beats-heartbeat-example_test.yaml @@ -0,0 +1,41 @@ +suite: test heartbeat +templates: + - templates/beats.yaml +tests: + - it: should render heartbeat configuration properly. + values: + - ../../examples/heartbeat_es_kb_health.yaml + release: + name: quickstart + asserts: + - isKind: + of: Beat + - equal: + path: spec.elasticsearchRef.name + value: elasticsearch + - equal: + path: spec.config.[heartbeat.monitors][0].type + value: tcp + - equal: + path: spec.config.[heartbeat.monitors][0].schedule + value: '@every 5s' + - equal: + path: spec.config.[heartbeat.monitors][0].hosts + value: + - "elasticsearch-es-http.default.svc:9200" + - equal: + path: spec.config.[heartbeat.monitors][1].type + value: tcp + - equal: + path: spec.config.[heartbeat.monitors][1].schedule + value: '@every 5s' + - equal: + path: spec.config.[heartbeat.monitors][1].hosts + value: + - "eck-kibana-kb-http.default.svc:5601" + - equal: + path: spec.deployment.replicas + value: 1 + - equal: + path: spec.deployment.podTemplate.spec.securityContext.runAsUser + value: 0 diff --git a/deploy/eck-beats/templates/tests/beats-metricbeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-metricbeat-example_test.yaml new file mode 100644 index 0000000000..710f6259bd --- /dev/null +++ b/deploy/eck-beats/templates/tests/beats-metricbeat-example_test.yaml @@ -0,0 +1,242 @@ +suite: test metricbeats +templates: + - templates/beats.yaml +tests: + - it: should render metricbeat configuration properly. + values: + - ../../examples/metricbeat_hosts.yaml + release: + name: quickstart + asserts: + - isKind: + of: Beat + - equal: + path: spec.config.metricbeat.autodiscover.providers[0].hints.enabled + value: "true" + - equal: + path: spec.config.metricbeat.autodiscover.providers[0].type + value: kubernetes + - equal: + path: spec.config.metricbeat.modules[0].module + value: system + - equal: + path: spec.config.metricbeat.modules[0].period + value: 10s + - equal: + path: spec.config.metricbeat.modules[0].metricsets + value: + - cpu + - load + - memory + - network + - process + - process_summary + - equal: + path: spec.config.metricbeat.modules[1].metricsets + value: + - filesystem + - fsstat + - equal: + path: spec.config.metricbeat.modules[2].module + value: kubernetes + - equal: + path: spec.config.metricbeat.modules[2].hosts + value: + - https://${NODE_NAME}:10250 + - equal: + path: spec.config.metricbeat.modules[2].bearer_token_file + value: /var/run/secrets/kubernetes.io/serviceaccount/token + - equal: + path: spec.daemonSet.podTemplate.spec.serviceAccountName + value: metricbeat + - equal: + path: spec.daemonSet.podTemplate.spec.hostNetwork + value: true +--- +suite: test beats cluster role +templates: + - templates/cluster-role.yaml +tests: + - it: should render cluster role in metricbeat example properly + values: + - ../../examples/metricbeat_hosts.yaml + release: + name: quickstart + asserts: + - isKind: + of: ClusterRole + - equal: + path: metadata.name + value: metricbeat + - equal: + path: rules[0].apiGroups[0] + value: "" + - equal: + path: rules[0].resources + value: + - nodes + - namespaces + - events + - pods + - equal: + path: rules[0].verbs + value: + - get + - list + - watch + - equal: + path: rules[1].apiGroups[0] + value: extensions + - equal: + path: rules[1].resources + value: + - replicasets + - equal: + path: rules[1].verbs + value: + - get + - list + - watch + - it: should render custom labels and annotations properly. + values: + - ../../examples/metricbeat_hosts.yaml + set: + labels: + test: label + annotations: + test: annotation + clusterRole: + annotations: + clusterRole: annotation + labels: + clusterRole: label + release: + name: quickstart + asserts: + - isKind: + of: ClusterRole + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: quickstart + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: eck-beats + clusterRole: label + helm.sh/chart: eck-beats-0.1.0 + test: label + - equal: + path: metadata.annotations + value: + clusterRole: annotation + test: annotation +--- +suite: test beat cluster role binding +templates: + - templates/cluster-role-binding.yaml +tests: + - it: should render cluster role binding in metricbeat example properly + values: + - ../../examples/metricbeat_hosts.yaml + release: + name: quickstart + asserts: + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.name + value: metricbeat + - equal: + path: subjects[0].kind + value: ServiceAccount + - equal: + path: subjects[0].name + value: metricbeat + - equal: + path: roleRef.kind + value: ClusterRole + - equal: + path: roleRef.name + value: metricbeat + - equal: + path: roleRef.apiGroup + value: rbac.authorization.k8s.io + - it: should render custom labels and annotations properly. + values: + - ../../examples/metricbeat_hosts.yaml + set: + labels: + test: label + annotations: + test: annotation + clusterRoleBinding: + annotations: + clusterRoleBinding: annotation + labels: + clusterRoleBinding: label + release: + name: quickstart + asserts: + - isKind: + of: ClusterRoleBinding + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: quickstart + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: eck-beats + clusterRoleBinding: label + helm.sh/chart: eck-beats-0.1.0 + test: label + - equal: + path: metadata.annotations + value: + clusterRoleBinding: annotation + test: annotation +--- +suite: test beats service account +templates: + - templates/service-account.yaml +tests: + - it: should render service account in metricbeat example properly + values: + - ../../examples/metricbeat_hosts.yaml + release: + name: quickstart + asserts: + - isKind: + of: ServiceAccount + - equal: + path: metadata.name + value: metricbeat + - it: should render custom labels and annotations properly. + values: + - ../../examples/metricbeat_hosts.yaml + set: + labels: + test: label + annotations: + test: annotation + serviceAccount: + annotations: + serviceAccount: annotation + labels: + serviceAccount: label + release: + name: quickstart + asserts: + - isKind: + of: ServiceAccount + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: quickstart + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: eck-beats + serviceAccount: label + helm.sh/chart: eck-beats-0.1.0 + test: label + - equal: + path: metadata.annotations + value: + serviceAccount: annotation + test: annotation diff --git a/deploy/eck-beats/templates/tests/beats-packetbeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-packetbeat-example_test.yaml new file mode 100644 index 0000000000..1fc8a9720a --- /dev/null +++ b/deploy/eck-beats/templates/tests/beats-packetbeat-example_test.yaml @@ -0,0 +1,55 @@ +suite: test packetbeat +templates: + - templates/beats.yaml +tests: + - it: should render packetbeat configuration properly. + values: + - ../../examples/packetbeat_dns_http.yaml + release: + name: quickstart + asserts: + - isKind: + of: Beat + - equal: + path: spec.elasticsearchRef.name + value: elasticsearch + - equal: + path: spec.kibanaRef.name + value: kibana + - equal: + path: spec.config.[packetbeat.interfaces.device] + value: any + - equal: + path: spec.config.[packetbeat.protocols] + value: + - type: dns + ports: + - 53 + include_authorities: true + include_additionals: true + - type: http + ports: + - 80 + - 8000 + - 8080 + - 9200 + - equal: + path: spec.config.[packetbeat.flows] + value: + timeout: 30s + period: 10s + - equal: + path: spec.daemonSet.podTemplate.spec + value: + terminationGracePeriodSeconds: 30 + hostNetwork: true + automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: packetbeat + securityContext: + runAsUser: 0 + capabilities: + add: + - NET_ADMIN + volumes: [] diff --git a/deploy/eck-beats/templates/tests/beats-service-account_test.yaml b/deploy/eck-beats/templates/tests/beats-service-account_test.yaml deleted file mode 100644 index fdc4d036aa..0000000000 --- a/deploy/eck-beats/templates/tests/beats-service-account_test.yaml +++ /dev/null @@ -1,47 +0,0 @@ -suite: test beats service account -templates: - - templates/service-account.yaml -tests: - - it: should render service account in metricbeat example properly - values: - - ../../examples/metricbeat_hosts.yaml - release: - name: quickstart - asserts: - - isKind: - of: ServiceAccount - - equal: - path: metadata.name - value: metricbeat - - it: should render custom labels and annotations properly. - values: - - ../../examples/metricbeat_hosts.yaml - set: - labels: - test: label - annotations: - test: annotation - serviceAccount: - annotations: - serviceAccount: annotation - labels: - serviceAccount: label - release: - name: quickstart - asserts: - - isKind: - of: ServiceAccount - - equal: - path: metadata.labels - value: - app.kubernetes.io/instance: quickstart - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: eck-beats - serviceAccount: label - helm.sh/chart: eck-beats-0.1.0 - test: label - - equal: - path: metadata.annotations - value: - serviceAccount: annotation - test: annotation diff --git a/deploy/eck-beats/templates/tests/beats_test.yaml b/deploy/eck-beats/templates/tests/beats_test.yaml index fe000145b0..c41a316c2e 100644 --- a/deploy/eck-beats/templates/tests/beats_test.yaml +++ b/deploy/eck-beats/templates/tests/beats_test.yaml @@ -6,7 +6,7 @@ tests: release: name: quickstart set: - type: "filebeat" + spec.type: "filebeat" asserts: - isKind: of: Beat @@ -16,3 +16,6 @@ tests: - equal: path: spec.version value: 8.3.3 + - equal: + path: spec.type + value: filebeat diff --git a/deploy/eck-beats/values.yaml b/deploy/eck-beats/values.yaml index 901e9ee86a..1f16e326a8 100644 --- a/deploy/eck-beats/values.yaml +++ b/deploy/eck-beats/values.yaml @@ -20,13 +20,6 @@ # version: 8.3.3 -# Type of Elastic Beats. Standard types of Beat are [filebeat,metricbeat,heartbeat,auditbeat,packetbeat,journalbeat]. -# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat -# -# Note: This is required to be set, or the release install will fail. -# -type: "" - # Labels that will be applied to Elastic Beats. # labels: {} @@ -36,6 +29,13 @@ labels: {} annotations: {} spec: + # Type of Elastic Beats. Standard types of Beat are [filebeat,metricbeat,heartbeat,auditbeat,packetbeat,journalbeat]. + # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat + # + # Note: This is required to be set, or the release install will fail. + # + type: "" + # Referenced resources are below and depending on the setup, at least elasticsearchRef is required for a functional Beat. # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-connect-es # From 2f93c12a2dfc84ee90cabbdea72d8d24312cc509 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 31 Oct 2022 09:54:05 -0500 Subject: [PATCH 16/23] Consistent versions newlines at end of all files remove plural from all beat names --- deploy/eck-beats/examples/filebeat_no_autodiscover.yaml | 2 +- deploy/eck-beats/templates/cluster-role.yaml | 2 +- deploy/eck-beats/templates/service-account.yaml | 2 +- .../templates/tests/beats-auditbeat-example_test.yaml | 4 ++-- .../templates/tests/beats-filebeat-example_test.yaml | 2 +- .../templates/tests/beats-metricbeat-example_test.yaml | 6 +++--- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml b/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml index 1c2aaf0a61..2b588b5f36 100644 --- a/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml +++ b/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml @@ -4,7 +4,7 @@ metadata: name: filebeat spec: type: filebeat - version: 8.4.2 + version: 8.3.3 elasticsearchRef: name: elasticsearch kibanaRef: diff --git a/deploy/eck-beats/templates/cluster-role.yaml b/deploy/eck-beats/templates/cluster-role.yaml index 88f7dc77fc..9aa578337c 100644 --- a/deploy/eck-beats/templates/cluster-role.yaml +++ b/deploy/eck-beats/templates/cluster-role.yaml @@ -19,4 +19,4 @@ metadata: {{- end }} {{- end }} rules: {{- toYaml .Values.clusterRole.rules | nindent 2 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/deploy/eck-beats/templates/service-account.yaml b/deploy/eck-beats/templates/service-account.yaml index 9959ffe495..77e3b5e205 100644 --- a/deploy/eck-beats/templates/service-account.yaml +++ b/deploy/eck-beats/templates/service-account.yaml @@ -20,4 +20,4 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml index 0744bd980b..923aa2b4c6 100644 --- a/deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml +++ b/deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml @@ -1,4 +1,4 @@ -suite: test auditbeats +suite: test auditbeat templates: - templates/beats.yaml tests: @@ -56,4 +56,4 @@ tests: value: - 'AUDIT_READ' - 'AUDIT_WRITE' - - 'AUDIT_CONTROL' \ No newline at end of file + - 'AUDIT_CONTROL' diff --git a/deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml index 1a40dd3937..044f0d6410 100644 --- a/deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml +++ b/deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml @@ -1,4 +1,4 @@ -suite: test filebeats +suite: test filebeat templates: - templates/beats.yaml tests: diff --git a/deploy/eck-beats/templates/tests/beats-metricbeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-metricbeat-example_test.yaml index 710f6259bd..c9947dd162 100644 --- a/deploy/eck-beats/templates/tests/beats-metricbeat-example_test.yaml +++ b/deploy/eck-beats/templates/tests/beats-metricbeat-example_test.yaml @@ -1,4 +1,4 @@ -suite: test metricbeats +suite: test metricbeat templates: - templates/beats.yaml tests: @@ -53,7 +53,7 @@ tests: path: spec.daemonSet.podTemplate.spec.hostNetwork value: true --- -suite: test beats cluster role +suite: test beat cluster role templates: - templates/cluster-role.yaml tests: @@ -193,7 +193,7 @@ tests: clusterRoleBinding: annotation test: annotation --- -suite: test beats service account +suite: test beat service account templates: - templates/service-account.yaml tests: From 5762226cf811ed0b2b9f2585589aeb33f0aab018 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Sun, 20 Nov 2022 20:54:00 -0600 Subject: [PATCH 17/23] Review comments. --- deploy/eck-beats/examples/auditbeat_hosts.yaml | 2 +- .../eck-beats/examples/filebeat_no_autodiscover.yaml | 11 ++++------- deploy/eck-beats/examples/heartbeat_es_kb_health.yaml | 2 +- deploy/eck-beats/examples/metricbeat_hosts.yaml | 3 +-- deploy/eck-beats/examples/packetbeat_dns_http.yaml | 2 +- deploy/eck-beats/values.yaml | 2 +- 6 files changed, 9 insertions(+), 13 deletions(-) diff --git a/deploy/eck-beats/examples/auditbeat_hosts.yaml b/deploy/eck-beats/examples/auditbeat_hosts.yaml index 2ef1a97065..2958543300 100644 --- a/deploy/eck-beats/examples/auditbeat_hosts.yaml +++ b/deploy/eck-beats/examples/auditbeat_hosts.yaml @@ -1,5 +1,5 @@ name: auditbeat -version: 8.3.3 +version: 8.5.0 spec: type: auditbeat elasticsearchRef: diff --git a/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml b/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml index 2b588b5f36..a3ea06dba3 100644 --- a/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml +++ b/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml @@ -1,14 +1,11 @@ -apiVersion: beat.k8s.elastic.co/v1beta1 -kind: Beat -metadata: - name: filebeat +name: filebeat +version: 8.5.0 spec: type: filebeat - version: 8.3.3 elasticsearchRef: - name: elasticsearch + name: quickstart-eck-elasticsearch kibanaRef: - name: kibana + name: quickstart-eck-kibana config: filebeat.inputs: - type: container diff --git a/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml b/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml index 54260a9228..e8a35f7ebf 100644 --- a/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml +++ b/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml @@ -1,5 +1,5 @@ name: heartbeat -version: 8.3.3 +version: 8.5.0 spec: type: heartbeat elasticsearchRef: diff --git a/deploy/eck-beats/examples/metricbeat_hosts.yaml b/deploy/eck-beats/examples/metricbeat_hosts.yaml index 535eebb9b2..b6c0fc9e9d 100644 --- a/deploy/eck-beats/examples/metricbeat_hosts.yaml +++ b/deploy/eck-beats/examples/metricbeat_hosts.yaml @@ -1,7 +1,7 @@ name: metricbeat spec: type: metricbeat - version: 8.3.3 + version: 8.5.0 elasticsearchRef: name: elasticsearch kibanaRef: @@ -153,7 +153,6 @@ clusterRoleBinding: subjects: - kind: ServiceAccount name: metricbeat - namespace: default roleRef: kind: ClusterRole name: metricbeat diff --git a/deploy/eck-beats/examples/packetbeat_dns_http.yaml b/deploy/eck-beats/examples/packetbeat_dns_http.yaml index e7efe20a5c..8f78713010 100644 --- a/deploy/eck-beats/examples/packetbeat_dns_http.yaml +++ b/deploy/eck-beats/examples/packetbeat_dns_http.yaml @@ -1,7 +1,7 @@ name: packetbeat spec: type: packetbeat - version: 8.3.3 + version: 8.5.0 elasticsearchRef: name: elasticsearch kibanaRef: diff --git a/deploy/eck-beats/values.yaml b/deploy/eck-beats/values.yaml index 1f16e326a8..ae51600f64 100644 --- a/deploy/eck-beats/values.yaml +++ b/deploy/eck-beats/values.yaml @@ -18,7 +18,7 @@ # Version of Elastic Beats. # -version: 8.3.3 +version: 8.5.0 # Labels that will be applied to Elastic Beats. # From 690bf122f78e5c9468609fda1c2da07d5d7567ed Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 21 Nov 2022 07:47:09 -0600 Subject: [PATCH 18/23] Update examples/values to be consistent on naming of es/kibana/*refs. Increment eck-stack chart version --- deploy/eck-agent/examples/fleet-agents.yaml | 2 +- deploy/eck-agent/examples/system-integration.yaml | 2 +- deploy/eck-agent/values.yaml | 4 ++-- deploy/eck-beats/examples/auditbeat_hosts.yaml | 4 ++-- deploy/eck-beats/examples/filebeat_no_autodiscover.yaml | 4 ++-- deploy/eck-beats/examples/heartbeat_es_kb_health.yaml | 2 +- deploy/eck-beats/examples/metricbeat_hosts.yaml | 4 ++-- deploy/eck-beats/examples/packetbeat_dns_http.yaml | 4 ++-- deploy/eck-fleet-server/values.yaml | 4 ++-- deploy/eck-stack/Chart.yaml | 2 +- 10 files changed, 16 insertions(+), 16 deletions(-) diff --git a/deploy/eck-agent/examples/fleet-agents.yaml b/deploy/eck-agent/examples/fleet-agents.yaml index f6238bf0db..07f6645cb7 100644 --- a/deploy/eck-agent/examples/fleet-agents.yaml +++ b/deploy/eck-agent/examples/fleet-agents.yaml @@ -6,7 +6,7 @@ version: 8.2.3 spec: # This must match the name of the fleet server installed from eck-fleet-server chart. fleetServerRef: - name: fleet-server + name: eck-fleet-server kibanaRef: name: eck-kibana mode: fleet diff --git a/deploy/eck-agent/examples/system-integration.yaml b/deploy/eck-agent/examples/system-integration.yaml index 1a92565da3..c9ce5dbb62 100644 --- a/deploy/eck-agent/examples/system-integration.yaml +++ b/deploy/eck-agent/examples/system-integration.yaml @@ -4,7 +4,7 @@ version: 8.2.3 spec: elasticsearchRefs: - - name: elasticsearch + - name: eck-elasticsearch daemonSet: podTemplate: spec: diff --git a/deploy/eck-agent/values.yaml b/deploy/eck-agent/values.yaml index 96dde79ba7..a7abdc3396 100644 --- a/deploy/eck-agent/values.yaml +++ b/deploy/eck-agent/values.yaml @@ -45,7 +45,7 @@ spec: # Reference to ECK-managed Elasticsearch instance. # elasticsearchRefs: - - name: elasticsearch + - name: eck-elasticsearch # Optional namespace reference to Elasticsearch instance. # If not specified, then the namespace of the Agent instance # will be assumed. @@ -55,7 +55,7 @@ spec: # Reference to ECK-managed Fleet Server instance. # # fleetServerRef: - # name: fleet-server + # name: eck-fleet-server # Optional namespace reference to Fleet Server instance. # If not specified, then the namespace of the Agent instance # will be assumed. diff --git a/deploy/eck-beats/examples/auditbeat_hosts.yaml b/deploy/eck-beats/examples/auditbeat_hosts.yaml index 2958543300..11a68300cf 100644 --- a/deploy/eck-beats/examples/auditbeat_hosts.yaml +++ b/deploy/eck-beats/examples/auditbeat_hosts.yaml @@ -3,9 +3,9 @@ version: 8.5.0 spec: type: auditbeat elasticsearchRef: - name: elasticsearch + name: eck-elasticsearch kibanaRef: - name: kibana + name: eck-kibana config: auditbeat.modules: - module: file_integrity diff --git a/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml b/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml index a3ea06dba3..d4fdbff5e9 100644 --- a/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml +++ b/deploy/eck-beats/examples/filebeat_no_autodiscover.yaml @@ -3,9 +3,9 @@ version: 8.5.0 spec: type: filebeat elasticsearchRef: - name: quickstart-eck-elasticsearch + name: eck-elasticsearch kibanaRef: - name: quickstart-eck-kibana + name: eck-kibana config: filebeat.inputs: - type: container diff --git a/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml b/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml index e8a35f7ebf..b1703d5d6d 100644 --- a/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml +++ b/deploy/eck-beats/examples/heartbeat_es_kb_health.yaml @@ -3,7 +3,7 @@ version: 8.5.0 spec: type: heartbeat elasticsearchRef: - name: elasticsearch + name: eck-elasticsearch config: heartbeat.monitors: - type: tcp diff --git a/deploy/eck-beats/examples/metricbeat_hosts.yaml b/deploy/eck-beats/examples/metricbeat_hosts.yaml index b6c0fc9e9d..e95813e166 100644 --- a/deploy/eck-beats/examples/metricbeat_hosts.yaml +++ b/deploy/eck-beats/examples/metricbeat_hosts.yaml @@ -3,9 +3,9 @@ spec: type: metricbeat version: 8.5.0 elasticsearchRef: - name: elasticsearch + name: eck-elasticsearch kibanaRef: - name: kibana + name: eck-kibana config: metricbeat: autodiscover: diff --git a/deploy/eck-beats/examples/packetbeat_dns_http.yaml b/deploy/eck-beats/examples/packetbeat_dns_http.yaml index 8f78713010..0a6d03682f 100644 --- a/deploy/eck-beats/examples/packetbeat_dns_http.yaml +++ b/deploy/eck-beats/examples/packetbeat_dns_http.yaml @@ -3,9 +3,9 @@ spec: type: packetbeat version: 8.5.0 elasticsearchRef: - name: elasticsearch + name: eck-elasticsearch kibanaRef: - name: kibana + name: eck-kibana config: packetbeat.interfaces.device: any packetbeat.protocols: diff --git a/deploy/eck-fleet-server/values.yaml b/deploy/eck-fleet-server/values.yaml index bb13bfb12e..02cfb3e458 100644 --- a/deploy/eck-fleet-server/values.yaml +++ b/deploy/eck-fleet-server/values.yaml @@ -35,7 +35,7 @@ spec: # Reference to ECK-managed Kibana resource. # kibanaRef: - name: quickstart + name: eck-kibana # Optional namespace reference to Kibana resource. # If not specified, then the namespace of the Fleet Server resource # will be assumed. @@ -46,7 +46,7 @@ spec: # This is required for fleet server. # elasticsearchRefs: - - name: quickstart + - name: eck-elasticsearch # Optional namespace reference to Elasticsearch resource. # If not specified, then the namespace of the Fleet Server resource # will be assumed. diff --git a/deploy/eck-stack/Chart.yaml b/deploy/eck-stack/Chart.yaml index b50b8e2d27..1ce045bdc7 100644 --- a/deploy/eck-stack/Chart.yaml +++ b/deploy/eck-stack/Chart.yaml @@ -9,7 +9,7 @@ description: | * Fleet Server kubeVersion: ">= 1.21.0-0" type: application -version: 0.2.0 +version: 0.3.0 dependencies: - name: eck-elasticsearch From b49311692f3dd3540f57e7aad81c8439791a6da4 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 21 Nov 2022 07:48:49 -0600 Subject: [PATCH 19/23] Update one final example --- deploy/eck-kibana/examples/http-configuration.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/eck-kibana/examples/http-configuration.yaml b/deploy/eck-kibana/examples/http-configuration.yaml index 0f75f6c39b..0138837764 100644 --- a/deploy/eck-kibana/examples/http-configuration.yaml +++ b/deploy/eck-kibana/examples/http-configuration.yaml @@ -21,7 +21,7 @@ spec: # Reference to ECK-managed Elasticsearch resource, ideally from {{ "elasticsearch.fullname" }} # elasticsearchRef: - name: quickstart-eck-elasticsearch + name: eck-elasticsearch # namespace: default http: service: From 6c14b305821ce3fb70d7b2a8598bc381b0a39bd1 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 21 Nov 2022 08:24:45 -0600 Subject: [PATCH 20/23] Update all versions to latest stack 8.5.0 Update tests for new stack vesrion, and consistent naming changes. --- deploy/eck-agent/examples/fleet-agents.yaml | 2 +- deploy/eck-agent/examples/system-integration.yaml | 4 ++-- deploy/eck-agent/templates/tests/elastic-agent_test.yaml | 2 +- deploy/eck-agent/values.yaml | 2 +- .../templates/tests/beats-auditbeat-example_test.yaml | 4 ++-- .../templates/tests/beats-filebeat-example_test.yaml | 4 ++-- .../templates/tests/beats-heartbeat-example_test.yaml | 2 +- .../templates/tests/beats-packetbeat-example_test.yaml | 4 ++-- deploy/eck-beats/templates/tests/beats_test.yaml | 2 +- .../templates/tests/fleet-server_test.yaml | 4 ++-- deploy/eck-fleet-server/values.yaml | 2 +- deploy/eck-kibana/examples/http-configuration.yaml | 2 +- deploy/eck-kibana/templates/tests/kibana_test.yaml | 6 +++--- .../eck-stack/examples/custom-elasticsearch-kibana.yaml | 4 ++-- deploy/eck-stack/examples/fleet-agents.yaml | 6 +++--- deploy/eck-stack/examples/metricbeat_hosts.yaml | 6 +++--- deploy/eck-stack/templates/tests/beats_test.yaml | 7 ++++--- deploy/eck-stack/templates/tests/elastic-agent_test.yaml | 8 ++++---- deploy/eck-stack/templates/tests/kibana_test.yaml | 4 ++-- 19 files changed, 38 insertions(+), 37 deletions(-) diff --git a/deploy/eck-agent/examples/fleet-agents.yaml b/deploy/eck-agent/examples/fleet-agents.yaml index 07f6645cb7..4dbc982b6d 100644 --- a/deploy/eck-agent/examples/fleet-agents.yaml +++ b/deploy/eck-agent/examples/fleet-agents.yaml @@ -1,7 +1,7 @@ # The following example should only be used in conjunction with the 'eck-fleet-server' Helm Chart, # and shows how the Agents can be deployed as a daemonset, and controlled by Fleet Server. # -version: 8.2.3 +version: 8.5.0 spec: # This must match the name of the fleet server installed from eck-fleet-server chart. diff --git a/deploy/eck-agent/examples/system-integration.yaml b/deploy/eck-agent/examples/system-integration.yaml index c9ce5dbb62..513429ee89 100644 --- a/deploy/eck-agent/examples/system-integration.yaml +++ b/deploy/eck-agent/examples/system-integration.yaml @@ -1,7 +1,7 @@ # The following example should only be used in Agent "standalone" mode, # and should not be used when Agent is used with Fleet Server. # -version: 8.2.3 +version: 8.5.0 spec: elasticsearchRefs: - name: eck-elasticsearch @@ -33,7 +33,7 @@ spec: meta: package: name: system - version: 8.2.3 + version: 8.5.0 data_stream: namespace: default streams: diff --git a/deploy/eck-agent/templates/tests/elastic-agent_test.yaml b/deploy/eck-agent/templates/tests/elastic-agent_test.yaml index 7b16d8a2d9..c1459e6b7f 100644 --- a/deploy/eck-agent/templates/tests/elastic-agent_test.yaml +++ b/deploy/eck-agent/templates/tests/elastic-agent_test.yaml @@ -13,7 +13,7 @@ tests: value: quickstart-eck-agent - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - equal: path: spec.config value: null diff --git a/deploy/eck-agent/values.yaml b/deploy/eck-agent/values.yaml index a7abdc3396..ea2b0c6973 100644 --- a/deploy/eck-agent/values.yaml +++ b/deploy/eck-agent/values.yaml @@ -18,7 +18,7 @@ # Version of Elastic Agent. # -version: 8.2.3 +version: 8.5.0 # Labels that will be applied to Elastic Agent. # diff --git a/deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml index 923aa2b4c6..9bd0e26358 100644 --- a/deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml +++ b/deploy/eck-beats/templates/tests/beats-auditbeat-example_test.yaml @@ -12,10 +12,10 @@ tests: of: Beat - equal: path: spec.elasticsearchRef.name - value: elasticsearch + value: eck-elasticsearch - equal: path: spec.kibanaRef.name - value: kibana + value: eck-kibana - equal: path: spec.config.[auditbeat.modules][0].module value: file_integrity diff --git a/deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml index 044f0d6410..91423f484b 100644 --- a/deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml +++ b/deploy/eck-beats/templates/tests/beats-filebeat-example_test.yaml @@ -12,10 +12,10 @@ tests: of: Beat - equal: path: spec.elasticsearchRef.name - value: elasticsearch + value: eck-elasticsearch - equal: path: spec.kibanaRef.name - value: kibana + value: eck-kibana - equal: path: spec.config.[filebeat.inputs][0].type value: container diff --git a/deploy/eck-beats/templates/tests/beats-heartbeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-heartbeat-example_test.yaml index 281e4ec57e..aac6879027 100644 --- a/deploy/eck-beats/templates/tests/beats-heartbeat-example_test.yaml +++ b/deploy/eck-beats/templates/tests/beats-heartbeat-example_test.yaml @@ -12,7 +12,7 @@ tests: of: Beat - equal: path: spec.elasticsearchRef.name - value: elasticsearch + value: eck-elasticsearch - equal: path: spec.config.[heartbeat.monitors][0].type value: tcp diff --git a/deploy/eck-beats/templates/tests/beats-packetbeat-example_test.yaml b/deploy/eck-beats/templates/tests/beats-packetbeat-example_test.yaml index 1fc8a9720a..21c76a4f67 100644 --- a/deploy/eck-beats/templates/tests/beats-packetbeat-example_test.yaml +++ b/deploy/eck-beats/templates/tests/beats-packetbeat-example_test.yaml @@ -12,10 +12,10 @@ tests: of: Beat - equal: path: spec.elasticsearchRef.name - value: elasticsearch + value: eck-elasticsearch - equal: path: spec.kibanaRef.name - value: kibana + value: eck-kibana - equal: path: spec.config.[packetbeat.interfaces.device] value: any diff --git a/deploy/eck-beats/templates/tests/beats_test.yaml b/deploy/eck-beats/templates/tests/beats_test.yaml index c41a316c2e..95e80f224f 100644 --- a/deploy/eck-beats/templates/tests/beats_test.yaml +++ b/deploy/eck-beats/templates/tests/beats_test.yaml @@ -15,7 +15,7 @@ tests: value: quickstart-eck-beats - equal: path: spec.version - value: 8.3.3 + value: 8.5.0 - equal: path: spec.type value: filebeat diff --git a/deploy/eck-fleet-server/templates/tests/fleet-server_test.yaml b/deploy/eck-fleet-server/templates/tests/fleet-server_test.yaml index fda541c811..4d37921c07 100644 --- a/deploy/eck-fleet-server/templates/tests/fleet-server_test.yaml +++ b/deploy/eck-fleet-server/templates/tests/fleet-server_test.yaml @@ -13,10 +13,10 @@ tests: value: quickstart-eck-fleet-server - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - equal: path: spec.kibanaRef.name - value: quickstart + value: eck-kibana - equal: path: spec.deployment.replicas value: 1 diff --git a/deploy/eck-fleet-server/values.yaml b/deploy/eck-fleet-server/values.yaml index 02cfb3e458..f4ea960f52 100644 --- a/deploy/eck-fleet-server/values.yaml +++ b/deploy/eck-fleet-server/values.yaml @@ -18,7 +18,7 @@ # Version of Elastic Fleet Server. # -version: 8.2.3 +version: 8.5.0 # Labels that will be applied to Elastic Fleet Server. # diff --git a/deploy/eck-kibana/examples/http-configuration.yaml b/deploy/eck-kibana/examples/http-configuration.yaml index 0138837764..f82470ad7d 100644 --- a/deploy/eck-kibana/examples/http-configuration.yaml +++ b/deploy/eck-kibana/examples/http-configuration.yaml @@ -1,7 +1,7 @@ --- # Version of Kibana. # -version: 8.2.3 +version: 8.5.0 # Labels that will be applied to Kibana. # diff --git a/deploy/eck-kibana/templates/tests/kibana_test.yaml b/deploy/eck-kibana/templates/tests/kibana_test.yaml index b85e4c77ce..77e88e0b50 100644 --- a/deploy/eck-kibana/templates/tests/kibana_test.yaml +++ b/deploy/eck-kibana/templates/tests/kibana_test.yaml @@ -13,7 +13,7 @@ tests: value: quickstart-eck-kibana - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - it: name override should work properly set: nameOverride: override @@ -75,13 +75,13 @@ tests: value: quickstart-eck-kibana - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - equal: path: spec.count value: 1 - equal: path: spec.elasticsearchRef.name - value: quickstart-eck-elasticsearch + value: eck-elasticsearch - equal: path: spec.elasticsearchRef.namespace value: default diff --git a/deploy/eck-stack/examples/custom-elasticsearch-kibana.yaml b/deploy/eck-stack/examples/custom-elasticsearch-kibana.yaml index 4c63921dd5..45f3475b70 100644 --- a/deploy/eck-stack/examples/custom-elasticsearch-kibana.yaml +++ b/deploy/eck-stack/examples/custom-elasticsearch-kibana.yaml @@ -6,7 +6,7 @@ eck-elasticsearch: # Version of Elasticsearch. # - version: 8.2.3 + version: 8.5.0 nodeSets: - name: default @@ -38,7 +38,7 @@ eck-kibana: # Version of Kibana. # - version: 8.2.3 + version: 8.5.0 spec: # Count of Kibana replicas to create. diff --git a/deploy/eck-stack/examples/fleet-agents.yaml b/deploy/eck-stack/examples/fleet-agents.yaml index d38288773c..e7813fb642 100644 --- a/deploy/eck-stack/examples/fleet-agents.yaml +++ b/deploy/eck-stack/examples/fleet-agents.yaml @@ -8,7 +8,7 @@ eck-elasticsearch: # Version of Elasticsearch. # - version: 8.2.3 + version: 8.5.0 nodeSets: - name: default @@ -30,7 +30,7 @@ eck-kibana: # Version of Kibana. # - version: 8.2.3 + version: 8.5.0 spec: # Count of Kibana instances to create. @@ -91,7 +91,7 @@ eck-agent: # Version of Elastic Agent. # - version: 8.2.3 + version: 8.5.0 spec: # Reference to ECK-managed Kibana instance. diff --git a/deploy/eck-stack/examples/metricbeat_hosts.yaml b/deploy/eck-stack/examples/metricbeat_hosts.yaml index 773fe5f004..8830142c35 100644 --- a/deploy/eck-stack/examples/metricbeat_hosts.yaml +++ b/deploy/eck-stack/examples/metricbeat_hosts.yaml @@ -7,7 +7,7 @@ eck-elasticsearch: # Version of Elasticsearch. # - version: 8.2.3 + version: 8.5.0 nodeSets: - name: default @@ -41,7 +41,7 @@ eck-kibana: # Version of Kibana. # - version: 8.2.3 + version: 8.5.0 spec: # Count of Kibana replicas to create. @@ -58,7 +58,7 @@ eck-beats: name: metricbeat spec: type: metricbeat - version: 8.2.3 + version: 8.5.0 elasticsearchRef: name: quickstart kibanaRef: diff --git a/deploy/eck-stack/templates/tests/beats_test.yaml b/deploy/eck-stack/templates/tests/beats_test.yaml index fb23fb5d03..c1a91eb296 100644 --- a/deploy/eck-stack/templates/tests/beats_test.yaml +++ b/deploy/eck-stack/templates/tests/beats_test.yaml @@ -2,9 +2,10 @@ suite: test beats templates: - charts/eck-beats/templates/beats.yaml tests: - - it: should render filebeat quickstart properly + - it: should render specified beat properly set: eck-beats.enabled: true + eck-beats.spec.type: metricbeat release: name: quickstart asserts: @@ -15,7 +16,7 @@ tests: value: quickstart-eck-beats - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - it: should render custom metricbeat example properly values: - ../../examples/metricbeat_hosts.yaml @@ -29,7 +30,7 @@ tests: value: quickstart-eck-beats - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - equal: path: spec.kibanaRef.name value: quickstart diff --git a/deploy/eck-stack/templates/tests/elastic-agent_test.yaml b/deploy/eck-stack/templates/tests/elastic-agent_test.yaml index f51a6df45d..9d2c185131 100644 --- a/deploy/eck-stack/templates/tests/elastic-agent_test.yaml +++ b/deploy/eck-stack/templates/tests/elastic-agent_test.yaml @@ -15,7 +15,7 @@ tests: value: quickstart-eck-agent - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - it: should render agent in custom fleet example properly values: - ../../examples/fleet-agents.yaml @@ -29,7 +29,7 @@ tests: value: quickstart-eck-agent - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - equal: path: spec.kibanaRef.name value: kibana @@ -72,7 +72,7 @@ tests: value: quickstart-eck-fleet-server - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - it: should render fleet server in custom fleet example properly values: - ../../examples/fleet-agents.yaml @@ -86,7 +86,7 @@ tests: value: fleet-server - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - equal: path: spec.kibanaRef.name value: kibana diff --git a/deploy/eck-stack/templates/tests/kibana_test.yaml b/deploy/eck-stack/templates/tests/kibana_test.yaml index cdff3e7b53..0e4b51a0e6 100644 --- a/deploy/eck-stack/templates/tests/kibana_test.yaml +++ b/deploy/eck-stack/templates/tests/kibana_test.yaml @@ -13,7 +13,7 @@ tests: value: quickstart-eck-kibana - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - it: name override should work properly set: eck-kibana.nameOverride: override @@ -51,7 +51,7 @@ tests: value: quickstart - equal: path: spec.version - value: 8.2.3 + value: 8.5.0 - equal: path: spec.count value: 1 From 1c53785531c4135c2b7ffe365417bce104d0b817 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 21 Nov 2022 08:27:29 -0600 Subject: [PATCH 21/23] Bumping agent/elasticsearch/fleet-server/kibana chart versions because of stack version change. --- deploy/eck-agent/Chart.yaml | 2 +- deploy/eck-elasticsearch/Chart.yaml | 2 +- deploy/eck-fleet-server/Chart.yaml | 2 +- deploy/eck-kibana/Chart.yaml | 2 +- deploy/eck-stack/Chart.yaml | 8 ++++---- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/deploy/eck-agent/Chart.yaml b/deploy/eck-agent/Chart.yaml index 73463ecf9c..8eedeb61c6 100644 --- a/deploy/eck-agent/Chart.yaml +++ b/deploy/eck-agent/Chart.yaml @@ -3,7 +3,7 @@ name: eck-agent description: A Helm chart to deploy Elastic Agent managed by the ECK Operator. kubeVersion: ">= 1.21.0-0" type: application -version: 0.1.0 +version: 0.1.1 sources: - https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/elastic-agent diff --git a/deploy/eck-elasticsearch/Chart.yaml b/deploy/eck-elasticsearch/Chart.yaml index 3b045be079..352bd7d22b 100644 --- a/deploy/eck-elasticsearch/Chart.yaml +++ b/deploy/eck-elasticsearch/Chart.yaml @@ -3,7 +3,7 @@ name: eck-elasticsearch description: A Helm chart to deploy Elasticsearch managed by the ECK Operator. kubeVersion: ">= 1.21.0-0" type: application -version: 0.1.1 +version: 0.1.2 sources: - https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/elasticsearch/ diff --git a/deploy/eck-fleet-server/Chart.yaml b/deploy/eck-fleet-server/Chart.yaml index 722c2094c3..30653ff7a6 100644 --- a/deploy/eck-fleet-server/Chart.yaml +++ b/deploy/eck-fleet-server/Chart.yaml @@ -3,7 +3,7 @@ name: eck-fleet-server description: A Helm chart to deploy Elastic Fleet Server as an Agent managed by the ECK Operator. kubeVersion: ">= 1.21.0-0" type: application -version: 0.1.0 +version: 0.1.1 sources: - https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/elastic-agent diff --git a/deploy/eck-kibana/Chart.yaml b/deploy/eck-kibana/Chart.yaml index d4231af20a..73f4f205a7 100644 --- a/deploy/eck-kibana/Chart.yaml +++ b/deploy/eck-kibana/Chart.yaml @@ -3,7 +3,7 @@ name: eck-kibana description: A Helm chart to deploy Kibana managed by the ECK Operator. kubeVersion: ">= 1.21.0-0" type: application -version: 0.1.1 +version: 0.1.2 sources: - https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/kibana diff --git a/deploy/eck-stack/Chart.yaml b/deploy/eck-stack/Chart.yaml index 1ce045bdc7..42c488f1d7 100644 --- a/deploy/eck-stack/Chart.yaml +++ b/deploy/eck-stack/Chart.yaml @@ -14,28 +14,28 @@ version: 0.3.0 dependencies: - name: eck-elasticsearch condition: eck-elasticsearch.enabled - version: "0.1.1" + version: "0.1.2" # uncomment for local testing, and comment # the helm.elastic.co repository. # repository: "file://../eck-elasticsearch" repository: "https://helm.elastic.co" - name: eck-kibana condition: eck-kibana.enabled - version: "0.1.1" + version: "0.1.2" # uncomment for local testing, and comment # the helm.elastic.co repository. # repository: "file://../eck-kibana" repository: "https://helm.elastic.co" - name: eck-agent condition: eck-agent.enabled - version: "0.1.0" + version: "0.1.1" # uncomment for local testing, and comment # the helm.elastic.co repository. # repository: "file://../eck-agent" repository: "https://helm.elastic.co" - name: eck-fleet-server condition: eck-fleet-server.enabled - version: "0.1.0" + version: "0.1.1" # uncomment for local testing, and comment # the helm.elastic.co repository. # repository: "file://../eck-fleet-server" From b5fc323c5092820feed7b2fecb9109e8e463654a Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 21 Nov 2022 09:46:39 -0600 Subject: [PATCH 22/23] Increment Minor version to be more clear about potential breaking default values change update the stack version update script to include agent/fleet-server-agent --- deploy/eck-agent/Chart.yaml | 2 +- deploy/eck-elasticsearch/Chart.yaml | 2 +- deploy/eck-fleet-server/Chart.yaml | 2 +- deploy/eck-kibana/Chart.yaml | 2 +- deploy/eck-stack/Chart.yaml | 8 ++++---- hack/update-stack-version.sh | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/eck-agent/Chart.yaml b/deploy/eck-agent/Chart.yaml index 8eedeb61c6..97d76ee4bd 100644 --- a/deploy/eck-agent/Chart.yaml +++ b/deploy/eck-agent/Chart.yaml @@ -3,7 +3,7 @@ name: eck-agent description: A Helm chart to deploy Elastic Agent managed by the ECK Operator. kubeVersion: ">= 1.21.0-0" type: application -version: 0.1.1 +version: 0.2.0 sources: - https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/elastic-agent diff --git a/deploy/eck-elasticsearch/Chart.yaml b/deploy/eck-elasticsearch/Chart.yaml index 352bd7d22b..3f84511043 100644 --- a/deploy/eck-elasticsearch/Chart.yaml +++ b/deploy/eck-elasticsearch/Chart.yaml @@ -3,7 +3,7 @@ name: eck-elasticsearch description: A Helm chart to deploy Elasticsearch managed by the ECK Operator. kubeVersion: ">= 1.21.0-0" type: application -version: 0.1.2 +version: 0.2.0 sources: - https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/elasticsearch/ diff --git a/deploy/eck-fleet-server/Chart.yaml b/deploy/eck-fleet-server/Chart.yaml index 30653ff7a6..7a33748181 100644 --- a/deploy/eck-fleet-server/Chart.yaml +++ b/deploy/eck-fleet-server/Chart.yaml @@ -3,7 +3,7 @@ name: eck-fleet-server description: A Helm chart to deploy Elastic Fleet Server as an Agent managed by the ECK Operator. kubeVersion: ">= 1.21.0-0" type: application -version: 0.1.1 +version: 0.2.0 sources: - https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/elastic-agent diff --git a/deploy/eck-kibana/Chart.yaml b/deploy/eck-kibana/Chart.yaml index 73f4f205a7..840620fe91 100644 --- a/deploy/eck-kibana/Chart.yaml +++ b/deploy/eck-kibana/Chart.yaml @@ -3,7 +3,7 @@ name: eck-kibana description: A Helm chart to deploy Kibana managed by the ECK Operator. kubeVersion: ">= 1.21.0-0" type: application -version: 0.1.2 +version: 0.2.0 sources: - https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/kibana diff --git a/deploy/eck-stack/Chart.yaml b/deploy/eck-stack/Chart.yaml index 42c488f1d7..2ef9458c69 100644 --- a/deploy/eck-stack/Chart.yaml +++ b/deploy/eck-stack/Chart.yaml @@ -14,28 +14,28 @@ version: 0.3.0 dependencies: - name: eck-elasticsearch condition: eck-elasticsearch.enabled - version: "0.1.2" + version: "0.2.0" # uncomment for local testing, and comment # the helm.elastic.co repository. # repository: "file://../eck-elasticsearch" repository: "https://helm.elastic.co" - name: eck-kibana condition: eck-kibana.enabled - version: "0.1.2" + version: "0.2.0" # uncomment for local testing, and comment # the helm.elastic.co repository. # repository: "file://../eck-kibana" repository: "https://helm.elastic.co" - name: eck-agent condition: eck-agent.enabled - version: "0.1.1" + version: "0.2.0" # uncomment for local testing, and comment # the helm.elastic.co repository. # repository: "file://../eck-agent" repository: "https://helm.elastic.co" - name: eck-fleet-server condition: eck-fleet-server.enabled - version: "0.1.1" + version: "0.2.0" # uncomment for local testing, and comment # the helm.elastic.co repository. # repository: "file://../eck-fleet-server" diff --git a/hack/update-stack-version.sh b/hack/update-stack-version.sh index 5e6c27d952..d9041f735b 100755 --- a/hack/update-stack-version.sh +++ b/hack/update-stack-version.sh @@ -34,7 +34,7 @@ for_all_yaml_do() { local function="$1" # Directories containing Yaml files with version references to replace # Note: hack/operatorhub/config.yaml will need to be updated manually - local dirs=(config/samples config/recipes config/e2e test/e2e deploy/eck-stack deploy/eck-beats deploy/eck-kibana deploy/eck-elasticsearch) + local dirs=(config/samples config/recipes config/e2e test/e2e deploy/eck-stack deploy/eck-beats deploy/eck-kibana deploy/eck-elasticsearch deploy/eck-agent deploy/eck-fleet-server) LC_CTYPE=C LANG=C find "${dirs[@]}" -type f -iname \*.yaml \ | while read -r file; do "$function" "$file"; done } From e50c6b3e8ef4ec7a2d71bf177a3820b611473ad2 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 21 Nov 2022 09:55:11 -0600 Subject: [PATCH 23/23] remove from eck-stack example as well. --- deploy/eck-stack/examples/metricbeat_hosts.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/eck-stack/examples/metricbeat_hosts.yaml b/deploy/eck-stack/examples/metricbeat_hosts.yaml index 8830142c35..1c32d5c56e 100644 --- a/deploy/eck-stack/examples/metricbeat_hosts.yaml +++ b/deploy/eck-stack/examples/metricbeat_hosts.yaml @@ -212,7 +212,6 @@ eck-beats: subjects: - kind: ServiceAccount name: metricbeat - namespace: default roleRef: kind: ClusterRole name: metricbeat