diff --git a/README.md b/README.md
index 58ba9085d..4032e0d79 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ Please look in the chart directories for the documentation for each chart. These
* [Elasticsearch](./elasticsearch/README.md) - [docker image docs](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html)
* [Kibana](./kibana/README.md) - [docker image docs](https://www.elastic.co/guide/en/kibana/current/docker.html)
+* [Filebeat](./filebeat/README.md) - [docker image docs](https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html)
## Kubernetes versions
diff --git a/elasticsearch/README.md b/elasticsearch/README.md
index 65341757b..f483c31bc 100644
--- a/elasticsearch/README.md
+++ b/elasticsearch/README.md
@@ -65,11 +65,11 @@ helm install --name elasticsearch elastic/elasticsearch --version 7.0.0-alpha1 -
| `minimumMasterNodes` | The value for [discovery.zen.minimum_master_nodes](https://www.elastic.co/guide/en/elasticsearch/reference/6.7/discovery-settings.html#minimum_master_nodes). Should be set to `(master_eligible_nodes / 2) + 1`. Ignored in Elasticsearch versions >= 7. | `2` |
| `esMajorVersion` | Used to set major version specific configuration | `7` |
| `esConfig` | Allows you to add any config files in `/usr/share/elasticsearch/config/` such as `elasticsearch.yml` and `log4j2.properties`. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` |
-| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `{}` |
+| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` |
| `extraVolumes` | Additional volumes to be passed to the `tpl` function | |
| `extraVolumeMounts` | Additional volumeMounts to be passed to the `tpl` function | |
| `extraInitContainers` | Additional init containers to be passed to the `tpl` function | |
-| `secretMounts` | Allows you easily mount a secret as a file inside the statefulset. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `{}` |
+| `secretMounts` | Allows you easily mount a secret as a file inside the statefulset. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `[]` |
| `image` | The Elasticsearch docker image | `docker.elastic.co/elasticsearch/elasticsearch` |
| `imageTag` | The Elasticsearch docker image tag | `7.0.0` |
| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` |
diff --git a/filebeat/.helmignore b/filebeat/.helmignore
new file mode 100644
index 000000000..e12c0b4b9
--- /dev/null
+++ b/filebeat/.helmignore
@@ -0,0 +1,2 @@
+tests/
+.pytest_cache/
diff --git a/filebeat/Chart.yaml b/filebeat/Chart.yaml
new file mode 100755
index 000000000..877fb001e
--- /dev/null
+++ b/filebeat/Chart.yaml
@@ -0,0 +1,11 @@
+description: Filebeat
+home: https://github.com/elastic/helm-charts
+maintainers:
+- email: helm-charts@elastic.co
+ name: Elastic
+name: filebeat
+version: 7.0.0-alpha1
+appVersion: 7.0.0
+sources:
+ - https://github.com/elastic/beats
+icon: https://helm.elastic.co/icons/filebeat.png
diff --git a/filebeat/Makefile b/filebeat/Makefile
new file mode 100644
index 000000000..22218a1f6
--- /dev/null
+++ b/filebeat/Makefile
@@ -0,0 +1 @@
+include ../helpers/common.mk
diff --git a/filebeat/README.md b/filebeat/README.md
new file mode 100644
index 000000000..78e5a1921
--- /dev/null
+++ b/filebeat/README.md
@@ -0,0 +1,110 @@
+# Filebeat Helm Chart
+
+This functionality is in alpha status and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but alpha features are not subject to the support SLA of official GA features.
+
+This helm chart is a lightweight way to configure and run our official [Filebeat docker image](https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html).
+
+## Requirements
+
+* Kubernetes >= 1.8
+* [Helm](https://helm.sh/) >= 2.8.0
+
+## Installing
+
+* Add the elastic helm charts repo
+ ```
+ helm repo add elastic https://helm.elastic.co
+ ```
+* Install it
+ ```
+ helm install --name filebeat elastic/filebeat --version 7.0.0-alpha1
+ ```
+
+## Compatibility
+
+This chart is tested with the latest supported versions. The currently tested versions are:
+
+| 5.x | 6.x | 7.x |
+| ------ | ----- | ----- |
+| 5.6.16 | 6.7.1 | 7.0.0 |
+
+Examples of installing older major versions can be found in the [examples](./examples) directory.
+
+While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.0.0` of Filebeat it would look like this:
+
+```
+helm install --name filebeat elastic/filebeat --version 7.0.0-alpha1 --set imageTag=7.0.0
+```
+
+
+## Configuration
+| Parameter | Description | Default |
+| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
+| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml`. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` |
+| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` |
+| `extraVolumeMounts` | Any extra volumes mounts to define for the Filebeat container | `[]` |
+| `extraVolumes` | Any extra volumes to define for the pod | `[]` |
+| `hostPathRoot` | Fully-qualified [hostPath](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) that will be used to persist Filebeat registry data | `/var/lib` |
+| `image` | The Filebeat docker image | `docker.elastic.co/beats/filebeat` |
+| `imageTag` | The Filebeat docker image tag | `7.0.0` |
+| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` |
+| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` |
+| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles. | `true` |
+| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Filebeat pods | `{}` |
+| `podSecurityContext` | Configurable [podSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for Filebeat pod execution environment | `fsGroup: 1000`
`runAsUser: 0`
`privileged: false` |
+| `livenessProbe` | Parameters to pass to [liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) checks for values such as timeouts and thresholds. | `failureThreshold: 3`
`initialDelaySeconds: 10`
`periodSeconds: 10`
`successThreshold: 3`
`timeoutSeconds: 5` |
+| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the `DaemonSet` | `requests.cpu: 100m`
`requests.memory: 100Mi`
`limits.cpu: 1000m`
`limits.memory: 200Mi` |
+| `serviceAccount` | The [serviceAccount](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) that Filebeat will use during execution | `filebeat` |
+| `secretMounts` | Allows you easily mount a secret as a file inside the `DaemonSet`. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `[]` |
+| `terminationGracePeriod` | Termination period (in seconds) to wait before killing Filebeat pod process on pod shutdown | `30` |
+| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
+| `updateStrategy` | The [updateStrategy](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) for the `DaemonSet`. By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually. | `RollingUpdate` |
+
+## Examples
+
+In [examples/](./examples) you will find some example configurations. These examples are used for the automated testing of this helm chart.
+
+### Default
+
+* Deploy the [default Elasticsearch helm chart](../elasticsearch/README.md#default)
+* Deploy Filebeat with the default values
+ ```
+ cd examples/default
+ make
+ ```
+* You can now setup a port forward for Elasticsearch to observe Filebeat indices
+ ```
+ kubectl port-forward svc/elasticsearch-master 9200
+ curl localhost:9200/_cat/indices
+ ```
+
+## Testing
+
+This chart uses [pytest](https://docs.pytest.org/en/latest/) to test the templating logic. The dependencies for testing can be installed from the [`requirements.txt`](../requirements.txt) in the parent directory.
+
+```
+pip install -r ../requirements.txt
+make pytest
+```
+
+You can also use `helm template` to look at the YAML being generated
+
+```
+make template
+```
+
+It is possible to run all of the tests and linting inside of a docker container
+
+```
+make test
+```
+
+## Integration Testing
+
+Integration tests are run using [goss](https://github.com/aelsabbahy/goss/blob/master/docs/manual.md) which is a serverspec like tool written in golang. See [goss.yaml](examples/default/test/goss.yaml) for an example of what the tests look like.
+
+To run the goss tests against the default example:
+```
+cd examples/default
+make goss
+```
diff --git a/filebeat/examples/default/Makefile b/filebeat/examples/default/Makefile
new file mode 100644
index 000000000..fa438f6bc
--- /dev/null
+++ b/filebeat/examples/default/Makefile
@@ -0,0 +1,13 @@
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-filebeat-default
+
+install:
+ helm upgrade --wait --timeout=600 --values values.yaml --install $(RELEASE) ../../
+
+test: install goss
+
+purge:
+ helm del --purge $(RELEASE)
diff --git a/filebeat/examples/default/test/goss.yaml b/filebeat/examples/default/test/goss.yaml
new file mode 100644
index 000000000..ec46d4d0e
--- /dev/null
+++ b/filebeat/examples/default/test/goss.yaml
@@ -0,0 +1,15 @@
+port:
+ tcp:5066:
+ listening: true
+ ip:
+ - '127.0.0.1'
+
+mount:
+ /usr/share/filebeat/data:
+ exists: true
+
+user:
+ filebeat:
+ exists: true
+ uid: 1000
+ gid: 1000
diff --git a/filebeat/examples/default/values.yaml b/filebeat/examples/default/values.yaml
new file mode 100644
index 000000000..14cc6ea95
--- /dev/null
+++ b/filebeat/examples/default/values.yaml
@@ -0,0 +1,17 @@
+---
+filebeatConfig:
+ filebeat.yml: |
+ filebeat.inputs:
+ - type: docker
+ containers.ids:
+ - '*'
+ processors:
+ - add_kubernetes_metadata:
+ in_cluster: true
+
+ output.elasticsearch:
+ hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'
+
+extraEnvs:
+- name: ELASTICSEARCH_HOSTS
+ value: elasticsearch-master:9200
diff --git a/filebeat/templates/NOTES.txt b/filebeat/templates/NOTES.txt
new file mode 100755
index 000000000..083d9885b
--- /dev/null
+++ b/filebeat/templates/NOTES.txt
@@ -0,0 +1,4 @@
+1. Watch all cluster members come up.
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "fullname" . }} -w
+2. Test cluster health using Helm test.
+ $ helm test {{ .Release.Name }}
diff --git a/filebeat/templates/_helpers.tpl b/filebeat/templates/_helpers.tpl
new file mode 100755
index 000000000..f0d83d2ed
--- /dev/null
+++ b/filebeat/templates/_helpers.tpl
@@ -0,0 +1,16 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/filebeat/templates/clusterrole.yaml b/filebeat/templates/clusterrole.yaml
new file mode 100644
index 000000000..6eed081bd
--- /dev/null
+++ b/filebeat/templates/clusterrole.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.managedServiceAccount }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ name: {{ .Values.serviceAccount }}-cluster-role
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+{{- end -}}
diff --git a/filebeat/templates/clusterrolebinding.yaml b/filebeat/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..d6d820477
--- /dev/null
+++ b/filebeat/templates/clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.managedServiceAccount }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .Values.serviceAccount }}-cluster-role-binding
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+roleRef:
+ kind: ClusterRole
+ name: {{ .Values.serviceAccount }}-cluster-role
+ apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.serviceAccount }}
+ namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/filebeat/templates/configmap.yaml b/filebeat/templates/configmap.yaml
new file mode 100644
index 000000000..17022984d
--- /dev/null
+++ b/filebeat/templates/configmap.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.filebeatConfig }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "name" . }}-config
+ labels:
+ app: "{{ template "name" . }}"
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+data:
+{{- range $path, $config := .Values.filebeatConfig }}
+ {{ $path }}: |
+{{ $config | indent 4 -}}
+{{- end -}}
+{{- end -}}
diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml
new file mode 100644
index 000000000..938b941ae
--- /dev/null
+++ b/filebeat/templates/daemonset.yaml
@@ -0,0 +1,125 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ template "fullname" . }}
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+spec:
+ selector:
+ matchLabels:
+ app: "{{ template "fullname" . }}"
+ release: {{ .Release.Name | quote }}
+ updateStrategy:
+ type: {{ .Values.updateStrategy }}
+ template:
+ metadata:
+ annotations:
+ {{- range $key, $value := .Values.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{/* This forces a restart if the configmap has changed */}}
+ {{- if .Values.filebeatConfig }}
+ configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
+ {{- end }}
+ name: "{{ template "fullname" . }}"
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ spec:
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 6 }}
+ {{- end }}
+ serviceAccountName: {{ .Values.serviceAccount }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }}
+ volumes:
+ {{- range .Values.secretMounts }}
+ - name: {{ .name }}
+ secret:
+ secretName: {{ .name }}
+ {{- end }}
+ {{- if .Values.filebeatConfig }}
+ - name: filebeat-config
+ configMap:
+ defaultMode: 0600
+ name: {{ template "name" . }}-config
+ {{- end }}
+ - name: data
+ hostPath:
+ path: {{ .Values.hostPathRoot }}/{{ template "fullname" . }}-data
+ type: DirectoryOrCreate
+ - name: varlibdockercontainers
+ hostPath:
+ path: /var/lib/docker/containers
+ - name: varrundockersock
+ hostPath:
+ path: /var/run/docker.sock
+ {{- if .Values.extraVolumes }}
+{{ tpl .Values.extraVolumes . | indent 6 }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ containers:
+ - name: "{{ template "name" . }}"
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+ args:
+ - "-e"
+ - "-E"
+ - "http.enabled=true"
+ livenessProbe:
+{{ toYaml .Values.livenessProbe | indent 10 }}
+ httpGet:
+ port: monitor
+ ports:
+ - name: monitor
+ containerPort: 5066
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+{{- if .Values.extraEnvs }}
+{{ toYaml .Values.extraEnvs | indent 8 }}
+{{- end }}
+{{- if .Values.podSecurityContext }}
+ securityContext:
+{{ toYaml .Values.podSecurityContext | indent 10 }}
+{{- end }}
+ volumeMounts:
+ {{- range .Values.secretMounts }}
+ - name: {{ .name }}
+ mountPath: {{ .path }}
+ {{- if .subPath }}
+ subPath: {{ .subPath }}
+ {{- end }}
+ {{- end }}
+ {{- range $path, $config := .Values.filebeatConfig }}
+ - name: filebeat-config
+ mountPath: /usr/share/filebeat/{{ $path }}
+ readOnly: true
+ subPath: {{ $path }}
+ {{- end }}
+ - name: data
+ mountPath: /usr/share/filebeat/data
+ - name: varlibdockercontainers
+ mountPath: /var/lib/docker/containers
+ readOnly: true
+ # Necessary when using autodiscovery; avoid mounting it otherwise
+ # See: https://www.elastic.co/guide/en/beats/filebeat/master/configuration-autodiscover.html
+ - name: varrundockersock
+ mountPath: /var/run/docker.sock
+ readOnly: true
+ {{- if .Values.extraVolumeMounts }}
+{{ tpl .Values.extraVolumeMounts . | indent 8 }}
+ {{- end }}
diff --git a/filebeat/templates/serviceaccount.yaml b/filebeat/templates/serviceaccount.yaml
new file mode 100644
index 000000000..64e6f9f1b
--- /dev/null
+++ b/filebeat/templates/serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.managedServiceAccount }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccount }}
+ labels:
+ app: "{{ template "fullname" . }}"
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+{{- end -}}
diff --git a/filebeat/tests/filebeat_test.py b/filebeat/tests/filebeat_test.py
new file mode 100644
index 000000000..889f6587e
--- /dev/null
+++ b/filebeat/tests/filebeat_test.py
@@ -0,0 +1,134 @@
+import os
+import sys
+sys.path.insert(1, os.path.join(sys.path[0], '../../helpers'))
+from helpers import helm_template
+import yaml
+
+project = 'filebeat'
+name = 'RELEASE-NAME-' + project
+
+
+def test_defaults():
+ config = '''
+ '''
+
+ r = helm_template(config)
+
+ assert name in r['daemonset']
+
+ c = r['daemonset'][name]['spec']['template']['spec']['containers'][0]
+ assert c['name'] == project
+ assert c['image'].startswith('docker.elastic.co/beats/' + project + ':')
+ assert c['ports'][0]['containerPort'] == 5066 # internal filebeat monitoring REST API
+
+ assert c['env'][0]['name'] == 'POD_NAMESPACE'
+ assert c['env'][0]['valueFrom']['fieldRef']['fieldPath'] == 'metadata.namespace'
+
+ assert c['livenessProbe']['httpGet']['port'] == 'monitor'
+
+ # Empty customizable defaults
+ assert 'imagePullSecrets' not in r['daemonset'][name]['spec']['template']['spec']
+ assert 'tolerations' not in r['daemonset'][name]['spec']['template']['spec']
+
+ assert r['daemonset'][name]['spec']['updateStrategy']['type'] == 'RollingUpdate'
+
+
+def test_adding_envs():
+ config = '''
+extraEnvs:
+- name: LOG_LEVEL
+ value: DEBUG
+'''
+ r = helm_template(config)
+ envs = r['daemonset'][name]['spec']['template']['spec']['containers'][0]['env']
+ assert {'name': 'LOG_LEVEL', 'value': 'DEBUG'} in envs
+
+
+def test_adding_image_pull_secrets():
+ config = '''
+imagePullSecrets:
+ - name: test-registry
+'''
+ r = helm_template(config)
+ assert r['daemonset'][name]['spec']['template']['spec']['imagePullSecrets'][0]['name'] == 'test-registry'
+
+
+def test_adding_tolerations():
+ config = '''
+tolerations:
+- key: "key1"
+ operator: "Equal"
+ value: "value1"
+ effect: "NoExecute"
+ tolerationSeconds: 3600
+'''
+ r = helm_template(config)
+ assert r['daemonset'][name]['spec']['template']['spec']['tolerations'][0]['key'] == 'key1'
+
+
+def test_override_the_default_update_strategy():
+ config = '''
+updateStrategy: OnDelete
+'''
+
+ r = helm_template(config)
+ assert r['daemonset'][name]['spec']['updateStrategy']['type'] == 'OnDelete'
+
+def test_setting_a_custom_service_account():
+ config = '''
+serviceAccount: notdefault
+'''
+ r = helm_template(config)
+ assert r['daemonset'][name]['spec']['template']['spec']['serviceAccountName'] == 'notdefault'
+
+def test_self_managing_rbac_resources():
+ config = '''
+managedServiceAccount: false
+'''
+ r = helm_template(config)
+ assert 'serviceaccount' not in r
+ assert 'clusterrole' not in r
+ assert 'clusterrolebinding' not in r
+
+def test_setting_pod_security_context():
+ config = '''
+podSecurityContext:
+ runAsUser: 1001
+ fsGroup: 1002
+ privileged: false
+'''
+ r = helm_template(config)
+ c = r['daemonset'][name]['spec']['template']['spec']['containers'][0]
+ assert c['securityContext']['runAsUser'] == 1001
+ assert c['securityContext']['fsGroup'] == 1002
+ assert c['securityContext']['privileged'] == False
+
+def test_adding_in_filebeat_config():
+ config = '''
+filebeatConfig:
+ filebeat.yml: |
+ key:
+ nestedkey: value
+ dot.notation: test
+
+ other-config.yml: |
+ hello = world
+'''
+ r = helm_template(config)
+ c = r['configmap'][project + '-config']['data']
+
+ assert 'filebeat.yml' in c
+ assert 'other-config.yml' in c
+
+ assert 'nestedkey: value' in c['filebeat.yml']
+ assert 'dot.notation: test' in c['filebeat.yml']
+
+ assert 'hello = world' in c['other-config.yml']
+
+ d = r['daemonset'][name]['spec']['template']['spec']
+
+ assert {'configMap': {'name': project + '-config', 'defaultMode': 0600}, 'name': project + '-config'} in d['volumes']
+ assert {'mountPath': '/usr/share/filebeat/filebeat.yml', 'name': project + '-config', 'subPath': 'filebeat.yml', 'readOnly': True} in d['containers'][0]['volumeMounts']
+ assert {'mountPath': '/usr/share/filebeat/other-config.yml', 'name': project + '-config', 'subPath': 'other-config.yml', 'readOnly': True} in d['containers'][0]['volumeMounts']
+
+ assert 'configChecksum' in r['daemonset'][name]['spec']['template']['metadata']['annotations']
diff --git a/filebeat/values.yaml b/filebeat/values.yaml
new file mode 100755
index 000000000..6fbe44937
--- /dev/null
+++ b/filebeat/values.yaml
@@ -0,0 +1,83 @@
+---
+# Allows you to add any config files in /usr/share/filebeat
+# such as filebeat.yml
+filebeatConfig: {}
+# filebeat.yml: |
+# key:
+# nestedkey: value
+
+# Extra environment variables to append to the DaemonSet pod spec.
+# This will be appended to the current 'env:' key. You can use any of the kubernetes env
+# syntax here
+extraEnvs: []
+# - name: MY_ENVIRONMENT_VAR
+# value: the_value_goes_here
+
+extraVolumeMounts: []
+ # - name: extras
+ # mountPath: /usr/share/extras
+ # readOnly: true
+
+extraVolumes: []
+ # - name: extras
+ # emptyDir: {}
+
+# Root directory where Filebeat will write data to in order to persist registry data across pod restarts (file position and other metadata).
+hostPathRoot: /var/lib
+
+image: "docker.elastic.co/beats/filebeat"
+imageTag: "7.0.0"
+imagePullPolicy: "IfNotPresent"
+imagePullSecrets: []
+
+livenessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 5
+
+# Whether this chart should self-manage its service account, role, and associated role binding.
+managedServiceAccount: true
+
+podAnnotations: {}
+ # iam.amazonaws.com/role: es-cluster
+
+# Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly.
+#
+# - Filesystem group for the Filebeat user. The official elastic docker images always have an id of 1000.
+# - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs.
+# - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift.
+podSecurityContext:
+ fsGroup: 1000
+ runAsUser: 0
+ privileged: false
+
+resources:
+ requests:
+ cpu: "100m"
+ memory: "100Mi"
+ limits:
+ cpu: "1000m"
+ memory: "200Mi"
+
+# Service account that the pod will use
+serviceAccount: filebeat
+
+# A list of secrets and their paths to mount inside the pod
+# This is useful for mounting certificates for security other sensitive values
+secretMounts: []
+# - name: filebeat-certificates
+# secretName: filebeat-certificates
+# path: /usr/share/filebeat/certs
+
+# How long to wait for Filebeat pods to stop gracefully
+terminationGracePeriod: 30
+
+tolerations: []
+
+updateStrategy: RollingUpdate
+
+# Override various naming aspects of this chart
+# Only edit these if you know what you're doing
+nameOverride: ""
+fullnameOverride: ""
diff --git a/kibana/README.md b/kibana/README.md
index 20dc91f3b..e761a08eb 100644
--- a/kibana/README.md
+++ b/kibana/README.md
@@ -43,8 +43,8 @@ helm install --name kibana elastic/kibana --version 7.0.0-alpha1 --set imageTag=
| `elasticsearchHosts` | The URLs used to connect to Elasticsearch. | `http://elasticsearch-master:9200` |
| `elasticsearchURL` | The URL used to connect to Elasticsearch. Deprecated, needs to be used for Kibana versions < 6.6 | |
| `replicas` | Kubernetes replica count for the deployment (i.e. how many pods) | `1` |
-| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `{}` |
-| `secretMounts` | Allows you easily mount a secret as a file inside the deployment. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `{}` |
+| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` |
+| `secretMounts` | Allows you easily mount a secret as a file inside the deployment. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `[]` |
| `image` | The Kibana docker image | `docker.elastic.co/kibana/kibana` |
| `imageTag` | The Kibana docker image tag | `7.0.0` |
| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` |