[logstash] first version of logstash helm chart

[jmlrt]

This is the first version of logstash helm chart.

Related to #69

TODO

• Need to add templates/tests & NOTES.txt
• Need to add python tests
• Need to add examples with goss tests
• Need to add CI jobs
• Need to optimize resources usage for logstash (persistent disk size, resources requests/limits, java heap)
• Need to test beats input
• Need to add service and ingress for logstash inputs

[jordansissel]

Thanks for working on this! I added some comments on a brief review. I'll also compare this with what we have deployed in Infosec for this later.

[jordansissel]

I don't recommend exposing Logstash's http API as it is, to my knowledge, unauthenticated and has an API for mutation of things like log level.

[jmlrt]

Service and Ingress for Logstash HTTP API where removed in 1768d4b.

Do you think we should also remove port exposition at Pod level?

[jordansissel]

readiness is complicated. A successful HTTP call to port 9600 doesn't necessarily mean Logstash is capable of serving business needs.

I don't have any alternative solutions in mind, but I'll try to think of something. In the meantime, this comment is not a blocker ;)

[jmlrt]

Yes I guess I'll start like that and we'll see how we can set a better probe in a second time.

[jmlrt]

Chart Tests are not relevant for Logstash as we don't use service while chart tests usually imply running another pod which request some service resource.

[Crazybus]

This is looking great! I didn't try to run it or play around with it yet but it is shaping up very nicely!

The main thing missing functionality wise right now is how to handle services and ingress. This is a bit trickier for logstash since it is normal for a logstash instance to have multiple or none service endpoints.

[Crazybus]

I think leaving in the commented example like the Elasticsearch chart would make it easier for users to know the formatting.

[jmlrt]

Yeah for this one I'd like to add a commented example. Do you have any good use case needing a secret mount in Logstash so we can have a relevant example.

[Crazybus]

Best example would be for mounting certificates to be able to talk to Elasticsearch with security enabled.

[Crazybus]

I think these are just copied for Elasticsearch for now. But we should chat with the Logstash team (or check docs) to see what the recommended defaults would be.

[jmlrt]

I guess this is ready for a second review and hope to be able to merge it and add the missing parts in following PR.

Status of what's not fully completed in this PR:

• Need to optimize resources usage for logstash (persistent disk size, resources requests/limits, java heap)

  I didn't find any recommendation for default values in Logstash documentation. I guess we can add them in a following PR.

• Need to test Beats input

  Beats input has been tested using services provided in 68a85c0 and the Filebeat chart locally.

  We have 3 solution to add an automated test:

  • Reuse some Beats coming from Filebeat examples in the same way we are reusing Elasticsearch coming from Elasticsearch examples in other chart tests.
    In this case should Logstash and Filebeat test run in // or do we need to start one before the other?

  • Do not reuse Beats from another test but a new one (using helm install elastic/filebeat) in the make install target of the new logstash/examples/beats test

  • Adding a new "full stack test" outside of the examples of each charts which would deploy and tests all the chart together (filebeat + metricbeat + elasticsearch + logstash + kibana) so we don't need to add a new test for all the combinations of products integration we could have inside specific charts examples. This way also ensure that all chart are running in the same time, while we can't be 100% sure of the order in different sub jobs of a matrix job.

• Need to add service and ingress for logstash inputs

  Service has been added in 68a85c0, I'm not sure if we really want to manage Ingress for the "listener inputs". I guess if we need that we can add it in a following PR.

cc @Crazybus @jordansissel

[Crazybus]

LGTM! This is amazing work :) 🌟

I didn't find any recommendation for default values in Logstash documentation. I guess we can add them in a following PR.

Yup, I do think it would be a good idea to get these set properly before the first release though so that we can still change them.

Need to test Beats input

I don't think we really need to do this. For something like Kibana it makes sense to check that it can connect to Elasticsearch because it is required. I think that as long as we make sure that Logstash has the capability to talk to an output with certificates/passwords that it should be enough. So just making sure that secrets can be mounted, passwords can be passed into the config via the environment variable should mean that all outputs will be supported. Testing all of the output plugins would be a bit unreasonable and is something best left to the Logstash team.

Need to add service and ingress for logstash inputs
Service has been added in 68a85c0, I'm not sure if we really want to manage Ingress for the "listener inputs". I guess if we need that we can add it in a following PR.

+1 On adding ingress, with the ability to create an ingress per service input in Logstash. But yeah that can totally wait for another PR.

[Crazybus]

If you want you could split these jobs off into a separate PR. That way we can have Jenkins running CI tests for the changes in here.

[Crazybus]

Best example would be for mounting certificates to be able to talk to Elasticsearch with security enabled.

[Crazybus]

Nice! It's really cool that you can just support multiple ports and types this way.

[masterkain]

can't see this on the repo yet

NAME                 	CHART VERSION	APP VERSION	DESCRIPTION
elastic/elasticsearch	7.4.1        	7.4.1      	Official Elastic helm chart for Elasticsearch
elastic/filebeat     	7.4.1        	7.4.1      	Official Elastic helm chart for Filebeat
elastic/kibana       	7.4.1        	7.4.1      	Official Elastic helm chart for Kibana
elastic/metricbeat   	7.4.1        	7.4.1      	Official Elastic helm chart for Metricbeat

wanted to give it a try, thanks!

[jmlrt]

Hi @masterkain,

Logtsash chart hasn't been uploaded to Elastic Helm repository yet. It should be released soon on Helm repos with 7.5.0 release.

In the meantime, you need to install it from GitHub repo:

git clone https://github.com/elastic/helm-charts.git
cd helm-chart/logstash && helm install --name logstash .