Created
August 30, 2021 16:55
-
-
Save gschanuel/2ef2349f44d0a768c64d198253f32405 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| replicas: 2 | |
| # Allows you to add any config files in /usr/share/logstash/config/ | |
| # such as logstash.yml and log4j2.properties | |
| # | |
| # Note that when overriding logstash.yml, `http.host: 0.0.0.0` should always be included | |
| # to make default probes work. | |
| logstashConfig: | |
| logstash.yml: | | |
| http.host: "0.0.0.0" | |
| xpack.monitoring.enabled: true | |
| xpack.monitoring.elasticsearch.hosts: [ "https://logsys-ingest.elasticsearch:9200" ] | |
| xpack.monitoring.elasticsearch.username: "beats_system" | |
| xpack.monitoring.elasticsearch.password: "mypassword" | |
| xpack.monitoring.elasticsearch.ssl.certificate_authority: "/usr/share/elasticsearch/config/certs/elastic-certificate.crt" | |
| queue.type: persisted | |
| queue.max_bytes: 900mb | |
| # Allows you to add any pipeline files in /usr/share/logstash/pipeline/ | |
| ### ***warn*** there is a hardcoded logstash.conf in the image, override it first | |
| logstashPipeline: | |
| logstash.conf: | | |
| input { | |
| beats { | |
| port => "5244" | |
| tags => [ "activedirectory" ] | |
| } | |
| } | |
| output { | |
| elasticsearch { | |
| #index => "activedirectory-%{+YYYY.MM.dd}" | |
| hosts => "logsys-ingest.elasticsearch:9200" | |
| ssl => true | |
| cacert => "/usr/share/elasticsearch/config/certs/elastic-certificate.crt" | |
| user => "${ELASTICSEARCH_USERNAME}" | |
| password => "${ELASTICSEARCH_PASSWORD}" | |
| ssl_certificate_verification => true | |
| ecs_compatibility => v1 | |
| data_stream => "true" | |
| data_stream_sync_fields => true | |
| data_stream_dataset => "activedirectory" | |
| #data_stream_namespace => | |
| } | |
| } | |
| # Extra environment variables to append to this nodeGroup | |
| # This will be appended to the current 'env:' key. You can use any of the kubernetes env | |
| # syntax here | |
| extraEnvs: | |
| - name: 'ELASTICSEARCH_USERNAME' | |
| valueFrom: | |
| secretKeyRef: | |
| name: elastic-credentials | |
| key: username | |
| - name: 'ELASTICSEARCH_PASSWORD' | |
| valueFrom: | |
| secretKeyRef: | |
| name: elastic-credentials | |
| key: password | |
| # A list of secrets and their paths to mount inside the pod | |
| secretMounts: | |
| - name: elastic-certificates | |
| secretName: elastic-certificate-crt | |
| path: /usr/share/elasticsearch/config/certs | |
| logstashJavaOpts: "-Xmx2g -Xms2g" | |
| resources: | |
| requests: | |
| cpu: "100m" | |
| memory: "1536Mi" | |
| limits: | |
| cpu: "1000m" | |
| memory: "1536Mi" | |
| volumeClaimTemplate: | |
| accessModes: [ "ReadWriteOnce" ] | |
| resources: | |
| requests: | |
| storage: 1Gi | |
| persistence: | |
| enabled: true | |
| annotations: {} | |
| service: | |
| type: NodePort | |
| ports: | |
| - name: winevt-input | |
| port: 5244 | |
| protocol: TCP | |
| nodePort: 30000 | |
| ingress: | |
| enabled: false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment