summaryrefslogtreecommitdiff
path: root/vendor/elastic_stack/values.yaml
blob: a6c9fdd39a4b493d1939e2f8c9ad8b619385e551 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# Default values for elastic-stack.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

elasticsearch:
  enabled: true
  # prefix elasticsearch resources with the name of the releases
  # looks like we can't use {{ .Release.Name }}-elasticsearch
  # https://github.com/helm/helm/issues/2133
  clusterName: "elastic-stack-elasticsearch"

filebeat:
  enabled: true
  filebeatConfig:
    filebeat.yml: |
      output.file.enabled: false
      setup.ilm.enabled: false
      setup.template.name: 'filebeat'
      setup.template.pattern: 'filebeat-*'
      output.elasticsearch:
        hosts: ["http://elastic-stack-elasticsearch-master:9200"]
        index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
      filebeat.inputs:
      - type: container
        paths:
          - '/var/lib/docker/containers/*/*.log'
        json.keys_under_root: true
        json.ignore_decoding_error: true
        processors:
          - add_id:
              target_field: tie_breaker_id
          - add_cloud_metadata: ~
          - add_kubernetes_metadata: ~
          - decode_json_fields:
              fields: ["message"]
              when:
                equals:
                  kubernetes.container.namespace: "gitlab-managed-apps"
                  kubernetes.container.name: "modsecurity-log"
kibana:
  enabled: false
  elasticsearchHosts: "http://elastic-stack-elasticsearch-master:9200"

elasticsearch-curator:
  enabled: true
  configMaps:
    config_yml: |-
      ---
      client:
        hosts:
          - elastic-stack-elasticsearch-master
        port: 9200
    action_file_yml: |-
      ---
      actions:
        1:
          action: delete_indices
          description: >-
            Delete indices older than 30 days (based on index name), for filebeat-
            prefixed indices. Ignore the error if the filter does not result in an
            actionable list of indices (ignore_empty_list) and exit cleanly.
          options:
            ignore_empty_list: True
            allow_ilm_indices: True
          filters:
          - filtertype: pattern
            kind: prefix
            value: filebeat-
          - filtertype: age
            source: name
            direction: older
            timestring: '%Y.%m.%d'
            unit: days
            unit_count: 30