-
Notifications
You must be signed in to change notification settings - Fork 65
/
configmap.yaml
236 lines (232 loc) · 11.7 KB
/
configmap.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "graylog.fullname" . }}
labels:
{{ include "graylog.metadataLabels" . | indent 4 }}
data:
log4j2.xml: |-
<?xml version="1.0" encoding="UTF-8"?>
<Configuration packages="org.graylog2.log4j" shutdownHook="disable">
<Appenders>
<Console name="STDOUT" target="SYSTEM_OUT">
{{- if .Values.graylog.logInJson }}
<JsonLayout eventEOL="true" compact="true"/>
{{- else }}
<PatternLayout pattern="%d %-7level [%c{1}] - %m - %X%n"/>
{{- end }}
</Console>
<RollingFile name="rolling-file" fileName="/usr/share/graylog/log/server.log" filePattern="/usr/share/graylog/log/server.log.%i.gz">
<PatternLayout>
<Pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX} %-5p [%c{1}] %m%n</Pattern>
</PatternLayout>
<Policies>
<SizeBasedTriggeringPolicy size="50MB"/>
</Policies>
<DefaultRolloverStrategy max="10" fileIndex="min"/>
</RollingFile>
<!-- Internal Graylog log appender. Please do not disable. This makes internal log messages available via REST calls. -->
<Memory name="graylog-internal-logs" bufferSize="500"/>
<!-- Rotate audit logs daily -->
<RollingFile name="AUDITLOG" fileName="/usr/share/graylog/log/audit.log" filePattern="/usr/share/graylog/log/audit-%d{yyyy-MM-dd}.log.gz">
<PatternLayout>
<Pattern>%d [%c{1}] - %m - %X%n</Pattern>
</PatternLayout>
<Policies>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
</Appenders>
<Loggers>
<!-- Application Loggers -->
<Logger name="org.graylog2" level="warn"/>
<Logger name="com.github.joschi.jadconfig" level="warn"/>
<!-- This emits a harmless warning for ActiveDirectory every time which we can't work around :( -->
<Logger name="org.apache.directory.api.ldap.model.message.BindRequestImpl" level="error"/>
<!-- Prevent DEBUG message about Lucene Expressions not found. -->
<Logger name="org.elasticsearch.script" level="warn"/>
<!-- Disable messages from the version check -->
<Logger name="org.graylog2.periodical.VersionCheckThread" level="off"/>
<!-- Suppress crazy byte array dump of Drools -->
<Logger name="org.drools.compiler.kie.builder.impl.KieRepositoryImpl" level="warn"/>
<!-- Silence chatty natty -->
<Logger name="com.joestelmach.natty.Parser" level="warn"/>
<!-- Silence Kafka log chatter -->
<Logger name="kafka.log.Log" level="warn"/>
<Logger name="kafka.log.OffsetIndex" level="warn"/>
<!-- Silence useless session validation messages -->
<Logger name="org.apache.shiro.session.mgt.AbstractValidatingSessionManager" level="warn"/>
<Root level="warn">
<AppenderRef ref="STDOUT"/>
</Root>
<!-- Security Loggers -->
<Logger name="org.graylog2.security.realm.PasswordAuthenticator" level="trace" additivity="false">
<AppenderRef ref="AUDITLOG"/>
</Logger>
<Logger name="org.graylog2.security.realm.AccessTokenAuthenticator" level="trace" additivity="false">
<AppenderRef ref="AUDITLOG"/>
</Logger>
<Logger name="org.graylog2.security.realm.RootAccountRealm" level="trace" additivity="false">
<AppenderRef ref="AUDITLOG"/>
</Logger>
<Logger name="org.graylog2.shared.security.ShiroAuthorizationFilter" level="trace" additivity="false">
<AppenderRef ref="AUDITLOG"/>
</Logger>
</Loggers>
</Configuration>
graylog.conf: |-
node_id_file = /usr/share/graylog/data/journal/node-id
root_username = {{ .Values.graylog.rootUsername }}
root_email = {{ .Values.graylog.rootEmail }}
root_timezone = {{ default "UTC" .Values.graylog.rootTimezone }}
{{- $externalUri := include "graylog.url" . }}
{{- if contains ":2" .Values.graylog.image.repository }}
rest_listen_uri = http://0.0.0.0:9000/api/
web_listen_uri = http://0.0.0.0:9000/
{{- if $externalUri }}
web_endpoint_uri = {{ $externalUri }}/api
{{- end }}
{{- else }}
http_bind_address = 0.0.0.0:9000
{{- if .Values.graylog.tls.enabled }}
http_enable_tls = true
http_tls_cert_file = {{ .Values.graylog.tls.certFile }}
http_tls_key_file = {{ .Values.graylog.tls.keyFile }}
{{- end }}
{{- if $externalUri }}
http_external_uri = {{ $externalUri }}/
{{- end }}
{{- end }}
elasticsearch_hosts = {{ template "graylog.elasticsearch.hosts" . }}
allow_leading_wildcard_searches = {{ .Values.graylog.options.allowLeadingWildcardSearches }}
allow_highlighting = {{ .Values.graylog.options.allowHighlighting }}
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
# Do not change `message_journal_dir` location
message_journal_dir = /usr/share/graylog/data/journal
message_journal_max_size = {{ .Values.graylog.journal.maxSize }}
lb_recognition_period_seconds = 3
# Use a replica set instead of a single host
mongodb_uri = {{ template "graylog.mongodb.uri" . }}
mongodb_max_connections = {{ default 1000 .Values.graylog.mongodb.maxConnections }}
mongodb_threads_allowed_to_block_multiplier = 5
# Email transport
transport_email_enabled = {{ default false .Values.graylog.transportEmail.enabled }}
transport_email_hostname = {{ default .Values.graylog.transportEmail.hostname }}
transport_email_port = {{ default .Values.graylog.transportEmail.port }}
transport_email_use_auth = {{ default .Values.graylog.transportEmail.useAuth }}
transport_email_use_tls = {{ default .Values.graylog.transportEmail.useTls }}
transport_email_use_ssl = {{ default false .Values.graylog.transportEmail.useSsl }}
transport_email_auth_username = {{ default .Values.graylog.transportEmail.authUsername }}
transport_email_auth_password = {{ default .Values.graylog.transportEmail.authPassword }}
transport_email_subject_prefix = {{ default .Values.graylog.transportEmail.subjectPrefix }}
transport_email_from_email = {{ default .Values.graylog.transportEmail.fromEmail }}
{{- if $externalUri }}
transport_email_web_interface_url = {{ $externalUri }}
{{- end }}
content_packs_dir = /usr/share/graylog/data/contentpacks
content_packs_auto_load = grok-patterns.json
proxied_requests_thread_pool_size = 32
{{- if .Values.graylog.config }}
{{ .Values.graylog.config | indent 4 }}
{{- end }}
entrypoint.sh: |-
#!/usr/bin/env bash
export GRAYLOG_HTTP_PUBLISH_URI="{{ template "graylog.formatUrl" (list . "$(hostname -f):9000/") }}"
GRAYLOG_HOME=/usr/share/graylog
export GRAYLOG_PLUGIN_DIR=${GRAYLOG_HOME}/plugin
# Graylog 4.0.2 images move plugin dir to `plugins-default`
find ${GRAYLOG_HOME}/plugins-default/ -type f -exec cp {} ${GRAYLOG_PLUGIN_DIR} \;
# Looking for Master IP
MASTER_IP=`/k8s/kubectl --namespace {{ .Release.Namespace }} get pod -o jsonpath='{range .items[*]}{.metadata.name} {.status.podIP}{"\n"}{end}' -l graylog-role=master --field-selector=status.phase=Running|awk '{print $2}'`
SELF_IP=`/k8s/kubectl --namespace {{ .Release.Namespace }} get pod $HOSTNAME -o jsonpath='{.status.podIP}'`
echo "Current master is $MASTER_IP"
echo "Self IP is $SELF_IP"
if [[ -z "$MASTER_IP" ]]; then
echo "Launching $HOSTNAME as master"
export GRAYLOG_IS_MASTER="true"
/k8s/kubectl --namespace {{ .Release.Namespace }} label --overwrite pod $HOSTNAME graylog-role="master"
else
# When container was recreated or restart, MASTER_IP == SELF_IP, running as master and no need to change label graylog-role="master"
if [ "$SELF_IP" == "$MASTER_IP" ];then
export GRAYLOG_IS_MASTER="true"
else
# MASTER_IP != SELF_IP, running as coordinating
echo "Launching $HOSTNAME as coordinating"
export GRAYLOG_IS_MASTER="false"
/k8s/kubectl --namespace {{ .Release.Namespace }} label --overwrite pod $HOSTNAME graylog-role="coordinating"
fi
fi
# Download plugins
{{- if .Values.graylog.plugins.proxy.enabled }}
export https_proxy={{ .Values.graylog.plugins.proxy.host }}
{{- end }}
{{- if .Values.graylog.plugins.locations }}
echo "Downloading Graylog Plugins..."
{{- range .Values.graylog.plugins.locations }}
echo "Downloading {{ .url }} ..."
{{- if or (hasSuffix ".tgz" .url) (hasSuffix ".gz" .url) }}
curl -s --location --retry 3 -o /tmp/{{ .name }} "{{ .url }}"
curlreturn=$?
if [[ $curlreturn -eq 0 ]]; then
echo "Extracting {{ .name }} ..."
tar xvzf /tmp/{{ .name }} -C ${GRAYLOG_HOME} --strip-components 1 && chown -R graylog:graylog ${GRAYLOG_HOME}/bin ${GRAYLOG_PLUGIN_DIR}
rm -f /tmp/{{ .name }}
fi
{{- else }}
curl -s --location --retry 3 -o ${GRAYLOG_PLUGIN_DIR}/{{ .name }} "{{ .url }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.graylog.metrics.enabled }}
echo "Downloading https://github.com/graylog-labs/graylog-plugin-metrics-reporter/releases/download/3.0.0/metrics-reporter-prometheus-3.0.0.jar ..."
curl -s --location --retry 3 -o ${GRAYLOG_PLUGIN_DIR}/metrics-reporter-prometheus-3.0.0.jar "https://github.com/graylog-labs/graylog-plugin-metrics-reporter/releases/download/3.0.0/metrics-reporter-prometheus-3.0.0.jar"
{{- end }}
{{- if .Values.graylog.geoip.enabled }}
echo "Downloading Maxmind GeoLite2 ..."
curl -s --location --retry 3 -o /tmp/GeoLite2-City.tar.gz "{{ .Values.graylog.geoip.mmdbUri }}"
curlreturn=$?
if [[ $curlreturn -eq 0 ]]; then
mkdir -p ${GRAYLOG_HOME}/geoip && cd ${GRAYLOG_HOME}/geoip && tar xvzf /tmp/GeoLite2-City.tar.gz --wildcards "*.mmdb" --strip-components=1 -C ${GRAYLOG_HOME}/geoip && chown -R graylog:graylog ${GRAYLOG_HOME}/geoip
fi
{{- end }}
{{- if .Values.graylog.plugins.proxy.enabled }}
unset https_proxy
{{- end }}
# Start Graylog
echo "Starting graylog"
# Original docker-entrypoint.sh in Graylog Docker will error while executing since you can't chown readonly files in `config`
# exec /docker-entrypoint.sh graylog
{{- if or (.Values.graylog.elasticsearch.uriSecretKey) (.Values.graylog.mongodb.uriSecretKey) }}
# Interpolate
sed 's/"/\\\"/g;s/.*/echo "&"/e' ${GRAYLOG_HOME}/config/graylog.conf > ${GRAYLOG_HOME}/graylog.conf.subst
{{- end }}
{{- if .Values.graylog.elasticsearch.version }}
export GRAYLOG_ELASTICSEARCH_VERSION={{ .Values.graylog.elasticsearch.version }}
{{- end }}
echo "Graylog Home ${GRAYLOG_HOME}"
echo "Graylog Plugin Dir ${GRAYLOG_PLUGIN_DIR}"
echo "Graylog Elasticsearch Version ${GRAYLOG_ELASTICSEARCH_VERSION}"
"${JAVA_HOME}/bin/java" \
${GRAYLOG_SERVER_JAVA_OPTS} \
-jar \
-Dlog4j.configurationFile=${GRAYLOG_HOME}/config/log4j2.xml \
-Djava.library.path=${GRAYLOG_HOME}/lib/sigar/ \
-Dgraylog2.installation_source=docker \
${GRAYLOG_HOME}/graylog.jar \
server \
{{- if or (.Values.graylog.elasticsearch.uriSecretKey) (.Values.graylog.mongodb.uriSecretKey) }}
-f ${GRAYLOG_HOME}/graylog.conf.subst
{{- else }}
-f ${GRAYLOG_HOME}/config/graylog.conf
{{- end }}