apiVersion: v1 kind: ConfigMap metadata: name: logstash-config-alert data: logstash.conf: |- input { kafka{ bootstrap_servers => "10.2.0.12:30002,10.2.0.12:30003,10.2.0.12:30004" topics => ["beaconfire-logback-prod"] group_id => "logstash-app" auto_offset_reset => "latest" codec => json } } filter { if [tags][json] { json { source => "message" } } if [level] == "TRACE" { drop {} } if [level] == "DEBUG" { drop {} } if [level] == "INFO" { drop {} } if [level] == "WARN" { drop {} } if [message] =~ "Fail to parse JWT due to: Jwt expired at" { drop {} } mutate { split => { "[log][file][path]" => "/" } add_field => { "env" => "%{[log][file][path][3]}" } } mutate { join => { "[log][file][path]" => "/" } } } output { # stdout { codec => json_lines } # file { # path => "1.json" # codec => "json_lines" # } exec { command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}'" } } logstash.yml: |- http.host: "0.0.0.0" xpack.monitoring.elasticsearch.hosts: [ "http://elastic:9200" ] --- apiVersion: apps/v1 kind: Deployment metadata: name: logstash-alert labels: app: logstash-alert spec: replicas: 1 selector: matchLabels: app: logstash-alert template: metadata: labels: app: logstash-alert spec: imagePullSecrets: - name: deploy-regcred containers: - name: logstash-alert image: beaconfireiic/logstash:7.16.3 ports: - containerPort: 5044 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 1 memory: 1Gi volumeMounts: - name: config mountPath: /usr/share/logstash/pipeline/logstash.conf subPath: logstash.conf readOnly: true - name: config mountPath: /usr/share/logstash/config/logstash.yml subPath: logstash.yml readOnly: true volumes: - name: config configMap: name: logstash-alert-config items: - key: logstash.conf path: logstash.conf - key: logstash.yml path: logstash.yml --- apiVersion: v1 kind: Service metadata: name: logstash-alert labels: app: logstash-alert spec: ports: - port: 5044 targetPort: 5044 selector: app: logstash-alert type: ClusterIP