Skip to content

Commit

Permalink
Merge branch 'main' into renovate/go.elastic.co-apm-module-apmhttp-v2…
Browse files Browse the repository at this point in the history
…-2.x
  • Loading branch information
thbkrkr authored Sep 20, 2024
2 parents 3440f34 + a677aa7 commit f329aa5
Show file tree
Hide file tree
Showing 5 changed files with 55 additions and 9 deletions.
3 changes: 3 additions & 0 deletions config/recipes/beats/stack_monitoring.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,11 @@ spec:
- index
- index_recovery
- index_summary
- ingest_pipeline
- ml_job
- node
- node_stats
- pending_tasks
- shard
period: 10s
hosts: "https://${data.host}:${data.ports.https}"
Expand Down
21 changes: 17 additions & 4 deletions pkg/controller/common/stackmon/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"path/filepath"
"text/template"

"github.com/blang/semver/v4"
"github.com/pkg/errors"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -173,6 +174,7 @@ type inputConfigData struct {
IsSSL bool
HasCA bool
CAPath string
Version semver.Version
}

// buildMetricbeatBaseConfig builds the base configuration for Metricbeat with the Elasticsearch or Kibana modules used
Expand All @@ -187,6 +189,7 @@ func buildMetricbeatBaseConfig(
password string,
isTLS bool,
configTemplate string,
version semver.Version,
) (string, volume.VolumeLike, error) {
hasCA := false
if isTLS {
Expand All @@ -200,9 +203,10 @@ func buildMetricbeatBaseConfig(
configData := inputConfigData{
Username: username,
Password: password,
URL: url, // Metricbeat in the sidecar connects to the monitored resource using `localhost`
IsSSL: isTLS, // enable SSL configuration based on whether the monitored resource has TLS enabled
HasCA: hasCA, // the CA is optional to support custom certificate issued by a well-known CA, so without provided CA to configure
URL: url, // Metricbeat in the sidecar connects to the monitored resource using `localhost`
IsSSL: isTLS, // enable SSL configuration based on whether the monitored resource has TLS enabled
HasCA: hasCA, // the CA is optional to support custom certificate issued by a well-known CA, so without provided CA to configure
Version: version, // Version of the monitored resource
}

var caVolume volume.VolumeLike
Expand All @@ -216,9 +220,18 @@ func buildMetricbeatBaseConfig(
configData.CAPath = filepath.Join(caVolume.VolumeMount().MountPath, certificates.CAFileName)
}

templateFuncMap := template.FuncMap{
"isVersionGTE": func(minAllowedVersion string) (bool, error) {
minAllowedSemver, err := semver.Parse(minAllowedVersion)
if err != nil {
return false, err
}
return version.GTE(minAllowedSemver), nil
},
}
// render the config template with the config data
var metricbeatConfig bytes.Buffer
err := template.Must(template.New("").Parse(configTemplate)).Execute(&metricbeatConfig, configData)
err := template.Must(template.New("").Funcs(templateFuncMap).Parse(configTemplate)).Execute(&metricbeatConfig, configData)
if err != nil {
return "", nil, err
}
Expand Down
25 changes: 24 additions & 1 deletion pkg/controller/common/stackmon/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"context"
"testing"

"github.com/blang/semver/v4"
"github.com/stretchr/testify/assert"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -131,6 +132,7 @@ func TestBuildMetricbeatBaseConfig(t *testing.T) {
certsSecret *corev1.Secret
hasCA bool
baseConfig string
version semver.Version
}{
{
name: "with TLS and a CA",
Expand All @@ -148,7 +150,9 @@ func TestBuildMetricbeatBaseConfig(t *testing.T) {
password: 1234567890
ssl.enabled: true
ssl.verification_mode: "certificate"
ingest_pipeline: "enabled"
ssl.certificate_authorities: ["/mnt/elastic-internal/xx-monitoring/namespace/name/certs/ca.crt"]`,
version: semver.MustParse("8.7.0"),
},
{
name: "with TLS and no CA",
Expand All @@ -164,17 +168,32 @@ func TestBuildMetricbeatBaseConfig(t *testing.T) {
username: elastic-internal-monitoring
password: 1234567890
ssl.enabled: true
ssl.verification_mode: "certificate"`,
ssl.verification_mode: "certificate"
ingest_pipeline: "enabled"`,
version: semver.MustParse("8.7.0"),
},
{
name: "without TLS",
isTLS: false,
baseConfig: `
hosts: ["scheme://localhost:1234"]
username: elastic-internal-monitoring
password: 1234567890
ssl.enabled: false
ssl.verification_mode: "certificate"
ingest_pipeline: "enabled"`,
version: semver.MustParse("8.7.0"),
},
{
name: "with version less than 8.7.0",
isTLS: false,
baseConfig: `
hosts: ["scheme://localhost:1234"]
username: elastic-internal-monitoring
password: 1234567890
ssl.enabled: false
ssl.verification_mode: "certificate"`,
version: semver.MustParse("8.6.0"),
},
}
baseConfigTemplate := `
Expand All @@ -183,6 +202,9 @@ func TestBuildMetricbeatBaseConfig(t *testing.T) {
password: {{ .Password }}
ssl.enabled: {{ .IsSSL }}
ssl.verification_mode: "certificate"
{{- if isVersionGTE "8.7.0" }}
ingest_pipeline: "enabled"
{{- end }}
{{- if .HasCA }}
ssl.certificate_authorities: ["{{ .CAPath }}"]
{{- end }}`
Expand Down Expand Up @@ -210,6 +232,7 @@ func TestBuildMetricbeatBaseConfig(t *testing.T) {
"1234567890",
tc.isTLS,
baseConfigTemplate,
tc.version,
)
assert.NoError(t, err)
assert.Equal(t, tc.baseConfig, baseConfig)
Expand Down
10 changes: 6 additions & 4 deletions pkg/controller/common/stackmon/sidecar.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@ func NewMetricBeatSidecar(
password string,
isTLS bool,
) (BeatSidecar, error) {
v, err := version.Parse(imageVersion)
if err != nil {
return BeatSidecar{}, err // error unlikely and should have been caught during validation
}

baseConfig, sourceCaVolume, err := buildMetricbeatBaseConfig(
client,
associationType,
Expand All @@ -43,15 +48,12 @@ func NewMetricBeatSidecar(
password,
isTLS,
baseConfigTemplate,
v,
)
if err != nil {
return BeatSidecar{}, err
}

v, err := version.Parse(imageVersion)
if err != nil {
return BeatSidecar{}, err // error unlikely and should have been caught during validation
}
image := container.ImageRepository(container.MetricbeatImage, v)

// EmptyDir volume so that MetricBeat does not write in the container image, which allows ReadOnlyRootFilesystem: true
Expand Down
5 changes: 5 additions & 0 deletions pkg/controller/elasticsearch/stackmon/metricbeat.tpl.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,15 @@ metricbeat.modules:
- index
- index_recovery
- index_summary
{{- if isVersionGTE "8.7.0" }}
- ingest_pipeline
{{- end }}
- ml_job
- node
- node_stats
- pending_tasks
- shard

period: 10s
xpack.enabled: true
hosts: ["{{ .URL }}"]
Expand Down

0 comments on commit f329aa5

Please sign in to comment.