apiVersion: v1 kind: ConfigMap metadata: name: logstash-ngx-config data: logstash.conf: |- input { kafka{ bootstrap_servers => "10.2.0.12:30002,10.2.0.12:30003,10.2.0.12:30004" topics => ["nginx-dev","nginx-tcs","nginx-prod"] group_id => "logstash-ngx" auto_offset_reset => "earliest" codec => json } } filter { date { match => [ "start_time", "dd/MMM/yyyy:HH:mm:ss Z" ] target => "@timestamp" } mutate { add_field => { "env" => "%{[fields][env]}" } remove_field => [ "fields" ] } } output { elasticsearch { hosts => ["http://elastic:9200"] index => "%{[env]}-nginx-%{+YYYY.MM.dd}" } } logstash.yml: |- http.host: "0.0.0.0" xpack.monitoring.elasticsearch.hosts: [ "http://elastic:9200" ] --- apiVersion: apps/v1 kind: Deployment metadata: name: logstash-ngx labels: app: logstash-ngx spec: replicas: 1 selector: matchLabels: app: logstash-ngx template: metadata: labels: app: logstash-ngx spec: containers: - name: logstash-ngx image: docker.elastic.co/logstash/logstash:7.16.3 ports: - containerPort: 5044 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 1 memory: 1Gi volumeMounts: - name: config mountPath: /usr/share/logstash/pipeline/logstash.conf subPath: logstash.conf readOnly: true - name: config mountPath: /usr/share/logstash/config/logstash.yml subPath: logstash.yml readOnly: true volumes: - name: config configMap: name: logstash-ngx-config items: - key: logstash.conf path: logstash.conf - key: logstash.yml path: logstash.yml --- apiVersion: v1 kind: Service metadata: name: logstash-ngx labels: app: logstash-ngx spec: ports: - port: 5044 targetPort: 5044 nodePort: 30011 selector: app: logstash-ngx type: NodePort