Kubernetes Deployment (#1110)

adam-stokes · mdelapenya · commit 3551dc5ffa05 · 2021-05-17T18:11:14.000+02:00
* Kubernetes Deployment

Signed-off-by: Adam Stokes &lt;51892+adam-stokes@users.noreply.github.com&gt;

* Expose hostPort for kibana, elasticsearch, fleet without needing ingress

This is nice for local development where you don't need an ingress and are
relatively sure that the host system has the required ports available to bind to.

Signed-off-by: Adam Stokes &lt;51892+adam-stokes@users.noreply.github.com&gt;
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,6 +8,8 @@ repos:
         exclude: ^notice/overrides.json
     -   id: check-merge-conflict
     -   id: check-yaml
+        exclude: >
+          (?x)^(cli/config/kubernetes.*)$
     -   id: check-xml
     -   id: end-of-file-fixer
         exclude: >
diff --git a/cli/config/kubernetes/README.md b/cli/config/kubernetes/README.md
@@ -0,0 +1,26 @@
+# K8s deployment for Elasticsearch, Kibana, and Fleet-Server
+
+## Requirements
+
+- docker
+- kind (>= 0.10.0)
+- kubectl (>= 1.17)
+
+## Deployment
+
+```
+kind create cluster
+kubectl apply -k base
+```
+
+This will allow you to visit `http://localhost:5601` using username: `elastic` password: `changeme` to login
+
+## Local Ingress (Optional)
+
+If a local ingress is preferred, apply the following to setup nginx-ingress
+
+```
+kubectl apply -k overlays/local
+```
+
+This will allow you to reach the Kibana endpoint at `http://localhost`
diff --git a/cli/config/kubernetes/base/elasticsearch/configmap.yaml b/cli/config/kubernetes/base/elasticsearch/configmap.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: elasticsearch-config
+data:
+  ES_JAVA_OPTS: "-Xms1g -Xmx1g"
+  network.host: ""
+  transport.host: "127.0.0.1"
+  http.host: "0.0.0.0"
+  indices.id_field_data.enabled: 'true'
+  xpack.license.self_generated.type: "trial"
+  xpack.security.enabled: 'true'
+  xpack.security.authc.api_key.enabled: 'true'
+  ELASTIC_USERNAME: "elastic"
+  ELASTIC_PASSWORD: "changeme"
diff --git a/cli/config/kubernetes/base/elasticsearch/deployment.yaml b/cli/config/kubernetes/base/elasticsearch/deployment.yaml
@@ -0,0 +1,25 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: elasticsearch
+  labels:
+    app: elasticsearch
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: elasticsearch
+  template:
+    metadata:
+      labels:
+        app: elasticsearch
+    spec:
+      containers:
+      - name: elasticsearch
+        image: docker.elastic.co/elasticsearch/elasticsearch:8.0.0-SNAPSHOT
+        envFrom:
+          - configMapRef:
+              name: elasticsearch-config
+        ports:
+        - containerPort: 9200
+          name: client
diff --git a/cli/config/kubernetes/base/elasticsearch/kustomization.yaml b/cli/config/kubernetes/base/elasticsearch/kustomization.yaml
@@ -0,0 +1,4 @@
+resources:
+- deployment.yaml
+- service.yaml
+- configmap.yaml
diff --git a/cli/config/kubernetes/base/elasticsearch/service.yaml b/cli/config/kubernetes/base/elasticsearch/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: elasticsearch
+  labels:
+    service: elasticsearch
+spec:
+  type: NodePort
+  ports:
+  - port: 9200
+    name: client
+  selector:
+    app: elasticsearch
diff --git a/cli/config/kubernetes/base/fleet-server/cluster-role-binding.yaml b/cli/config/kubernetes/base/fleet-server/cluster-role-binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-server-cluster-role-binding
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: default
+roleRef:
+  kind: ClusterRole
+  name: fleet-server-cluster-role
+  apiGroup: rbac.authorization.k8s.io
diff --git a/cli/config/kubernetes/base/fleet-server/cluster-role.yaml b/cli/config/kubernetes/base/fleet-server/cluster-role.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-server-cluster-role
+  labels:
+    app: fleet-server
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - namespaces
+  - events
+  - pods
+  - services
+  verbs: ["get", "list", "watch"]
diff --git a/cli/config/kubernetes/base/fleet-server/deployment.yaml b/cli/config/kubernetes/base/fleet-server/deployment.yaml
@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-server
+  labels:
+    app: fleet-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: fleet-server
+  template:
+    metadata:
+      labels:
+        app: fleet-server
+    spec:
+      containers:
+      - name: fleet-server
+        image: docker.elastic.co/beats/elastic-agent:8.0.0-SNAPSHOT
+        env:
+        - name: FLEET_SERVER_ENABLE
+          value: "1"
+        - name: FLEET_SERVER_INSECURE_HTTP
+          value: "1"
+        - name: KIBANA_FLEET_SETUP
+          value: "1"
+        - name: KIBANA_FLEET_HOST
+          value: "http://kibana:5601"
+        - name: FLEET_SERVER_HOST
+          value: "0.0.0.0"
+        - name: FLEET_SERVER_PORT
+          value: "8220"
diff --git a/cli/config/kubernetes/base/fleet-server/kustomization.yaml b/cli/config/kubernetes/base/fleet-server/kustomization.yaml
@@ -0,0 +1,7 @@
+resources:
+- deployment.yaml
+- service.yaml
+- role.yaml
+- role-binding.yaml
+- cluster-role.yaml
+- cluster-role-binding.yaml
diff --git a/cli/config/kubernetes/base/fleet-server/role-binding.yaml b/cli/config/kubernetes/base/fleet-server/role-binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: fleet-server-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: fleet-server-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: default
diff --git a/cli/config/kubernetes/base/fleet-server/role.yaml b/cli/config/kubernetes/base/fleet-server/role.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: fleet-server-role
+  namespace: default
+  labels:
+    app: fleet-server
+rules:
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs: ["get", "create", "update", "list", "watch", "update", "patch", "delete"]
diff --git a/cli/config/kubernetes/base/fleet-server/service.yaml b/cli/config/kubernetes/base/fleet-server/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: fleet-server
+  labels:
+    service: fleet-server
+spec:
+  type: NodePort
+  selector:
+    app: fleet-server
+  ports:
+  - port: 8220
+    name: http
diff --git a/cli/config/kubernetes/base/kibana/configmap.yaml b/cli/config/kubernetes/base/kibana/configmap.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kibana
+data:
+  kibana.yml: |-
+    ---
+    server.name: kibana
+    server.host: "0.0.0.0"
+
+    elasticsearch.hosts: [ "http://elasticsearch:9200" ]
+    elasticsearch.username: elastic
+    elasticsearch.password: changeme
+    monitoring.ui.container.elasticsearch.enabled: true
+
+    xpack.encryptedSavedObjects.encryptionKey: "12345678901234567890123456789012"
+
+    xpack.fleet.enabled: true
+    xpack.fleet.registryUrl: http://package-registry:8080
+    xpack.fleet.agents.enabled: true
+    xpack.fleet.agents.elasticsearch.host: http://elasticsearch:9200
+    xpack.fleet.agents.fleet_server.hosts: ["http://fleet-server:8220"]
+    xpack.fleet.agents.kibana.host: "http://kibana:5601"
+    xpack.fleet.agents.tlsCheckDisabled: true
diff --git a/cli/config/kubernetes/base/kibana/deployment.yaml b/cli/config/kubernetes/base/kibana/deployment.yaml
@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kibana
+  labels:
+    app: kibana
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kibana
+  template:
+    metadata:
+      labels:
+        app: kibana
+    spec:
+      containers:
+      - name: kibana
+        image: docker.elastic.co/kibana/kibana:8.0.0-SNAPSHOT
+        env:
+        - name: ELASTICSEARCH_URL
+          value: http://elasticsearch:9200
+        - name: ELASTICSEARCH_USERNAME
+          value: elastic
+        - name: ELASTICSEARCH_PASSWORD
+          value: changeme
+        ports:
+        - containerPort: 5601
+          hostPort: 5601
+          name: http
+        livenessProbe:
+          tcpSocket:
+            port: http
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          tcpSocket:
+            port: http
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        volumeMounts:
+        - mountPath: /usr/share/kibana/config/kibana.yml
+          name: config
+          subPath: kibana.yml
+      volumes:
+        - name: config
+          configMap:
+            name: kibana
diff --git a/cli/config/kubernetes/base/kibana/kustomization.yaml b/cli/config/kubernetes/base/kibana/kustomization.yaml
@@ -0,0 +1,4 @@
+resources:
+- deployment.yaml
+- service.yaml
+- configmap.yaml
diff --git a/cli/config/kubernetes/base/kibana/service.yaml b/cli/config/kubernetes/base/kibana/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kibana
+  labels:
+    service: kibana
+spec:
+  type: NodePort
+  ports:
+  - port: 5601
+    name: http
+  selector:
+    app: kibana
diff --git a/cli/config/kubernetes/base/kustomization.yaml b/cli/config/kubernetes/base/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+commonLabels:
+  env: test
+bases:
+- ./elasticsearch
+- ./kibana
+- ./package-registry
+- ./fleet-server
diff --git a/cli/config/kubernetes/base/package-registry/deployment.yaml b/cli/config/kubernetes/base/package-registry/deployment.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: package-registry
+  labels:
+    app: package-registry
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: package-registry
+  template:
+    metadata:
+      labels:
+        app: package-registry
+    spec:
+      containers:
+      - name: package-registry
+        image: docker.elastic.co/package-registry/distribution:staging
+        livenessProbe:
+          tcpSocket:
+            port: 8080
+          initialDelaySeconds: 15
+          periodSeconds: 20
diff --git a/cli/config/kubernetes/base/package-registry/kustomization.yaml b/cli/config/kubernetes/base/package-registry/kustomization.yaml
@@ -0,0 +1,3 @@
+resources:
+- deployment.yaml
+- service.yaml
diff --git a/cli/config/kubernetes/base/package-registry/service.yaml b/cli/config/kubernetes/base/package-registry/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: package-registry
+  labels:
+    service: package-registry
+spec:
+  type: NodePort
+  ports:
+  - port: 8080
+    name: package-registry
+  selector:
+    app: package-registry
diff --git a/cli/config/kubernetes/kind.yaml b/cli/config/kubernetes/kind.yaml
@@ -0,0 +1,26 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+  extraPortMappings:
+  - containerPort: 80
+    hostPort: 80
+    protocol: TCP
+  - containerPort: 443
+    hostPort: 443
+    protocol: TCP
+  - containerPort: 5601
+    hostPort: 5601
+    protocol: TCP
+  - containerPort: 9200
+    hostPort: 9200
+    protocol: TCP
+  - containerPort: 8220
+    hostPort: 8220
+    protocol: TCP
diff --git a/cli/config/kubernetes/overlays/local/ingress.yaml b/cli/config/kubernetes/overlays/local/ingress.yaml
@@ -0,0 +1,12 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: kibana-ingress
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /
+        backend:
+          serviceName: kibana
+          servicePort: 5601
diff --git a/cli/config/kubernetes/overlays/local/kustomization.yaml b/cli/config/kubernetes/overlays/local/kustomization.yaml
diff --git a/cli/config/kubernetes/overlays/local/nginx-ingress.yaml b/cli/config/kubernetes/overlays/local/nginx-ingress.yaml
