blob: 21352dd35e21977f04237213c3a1b77877b484ba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# Default values for elastic-stack.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
elasticsearch:
enabled: true
# prefix elasticsearch resources with the name of the releases
# looks like we can't use {{ .Release.Name }}-elasticsearch
# https://github.com/helm/helm/issues/2133
clusterName: "elastic-stack-elasticsearch"
filebeat:
enabled: true
filebeatConfig:
filebeat.yml: |
output.file.enabled: false
output.elasticsearch:
hosts: ["http://elastic-stack-elasticsearch-master:9200"]
filebeat.inputs:
- type: container
paths:
- '/var/lib/docker/containers/*/*.log'
json.keys_under_root: true
json.ignore_decoding_error: true
processors:
- add_id:
target_field: tie_breaker_id
- add_cloud_metadata: ~
- add_kubernetes_metadata: ~
- decode_json_fields:
fields: ["message"]
when:
equals:
kubernetes.container.namespace: "gitlab-managed-apps"
kubernetes.container.name: "modsecurity-log"
kibana:
enabled: false
elasticsearchHosts: "http://elastic-stack-elasticsearch-master:9200"
elasticsearch-curator:
enabled: true
configMaps:
config_yml: |-
---
client:
hosts:
- elastic-stack-elasticsearch-master
port: 9200
action_file_yml: |-
---
actions:
1:
action: delete_indices
description: >-
Delete indices older than 30 days (based on index name), for filebeat-
prefixed indices. Ignore the error if the filter does not result in an
actionable list of indices (ignore_empty_list) and exit cleanly.
options:
ignore_empty_list: True
allow_ilm_indices: True
filters:
- filtertype: pattern
kind: prefix
value: filebeat-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 30
|