diff --git a/_examples/complete/config/override-filebeat.yaml b/_examples/complete/config/override-filebeat.yaml new file mode 100644 index 0000000..3b8b764 --- /dev/null +++ b/_examples/complete/config/override-filebeat.yaml @@ -0,0 +1,113 @@ +## Node affinity for particular node in which labels key is "Infra-Services" and value is "true" +daemonset: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + ## Using limits and requests + resources: + limits: + cpu: "300m" + memory: "200Mi" + requests: + cpu: 100m + memory: 100Mi + # Include the daemonset + enabled: true + extraEnvs: + - name: "ELASTICSEARCH_USERNAME" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: username + - name: "ELASTICSEARCH_PASSWORD" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: password + # Allows you to add any config files in /usr/share/filebeat + # such as filebeat.yml for daemonset + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]' + username: '${ELASTICSEARCH_USERNAME}' + password: '${ELASTICSEARCH_PASSWORD}' + protocol: https + ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca.crt"] + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: + - name: elasticsearch-master-certs + secretName: elasticsearch-master-certs + path: /usr/share/filebeat/certs/ + +deployment: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "eks.amazonaws.com/nodegroup" + operator: In + values: + - "critical" + + ## Using limits and requests + resources: + limits: + cpu: "300m" + memory: "200Mi" + requests: + cpu: 100m + memory: 100Mi + + extraEnvs: + - name: "ELASTICSEARCH_USERNAME" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: username + - name: "ELASTICSEARCH_PASSWORD" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: password + # such as filebeat.yml for deployment + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: log + paths: + - /usr/share/filebeat/logs/filebeat + + output.elasticsearch: + host: "${NODE_NAME}" + hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]' + username: "${ELASTICSEARCH_USERNAME}" + password: "${ELASTICSEARCH_PASSWORD}" + protocol: https + ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca.crt"] + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: + - name: elasticsearch-master-certs + secretName: elasticsearch-master-certs + path: /usr/share/filebeat/certs/ \ No newline at end of file diff --git a/_examples/complete/main.tf b/_examples/complete/main.tf index a2878d9..8b63fb2 100644 --- a/_examples/complete/main.tf +++ b/_examples/complete/main.tf @@ -142,7 +142,6 @@ resource "aws_iam_policy" "node_additional" { }, ] }) - tags = local.tags } @@ -169,6 +168,7 @@ module "addons" { velero = true keda = true certification_manager = true + filebeat = true # -- Addons with mandatory variable istio_ingress = true @@ -197,6 +197,7 @@ module "addons" { kube_state_metrics_helm_config = { values = [file("./config/override-kube-state-matrics.yaml")] } keda_helm_config = { values = [file("./config/keda/override-keda.yaml")] } certification_manager_helm_config = { values = [file("./config/override-certification-manager.yaml")] } + filebeat_helm_config = { values = [file("./config/override-filebeat.yaml")] } # -- Override Helm Release attributes metrics_server_extra_configs = var.metrics_server_extra_configs @@ -218,6 +219,7 @@ module "addons" { keda_extra_configs = var.keda_extra_configs certification_manager_extra_configs = var.certification_manager_extra_configs external_secrets_extra_configs = var.external_secrets_extra_configs + filebeat_extra_configs = var.filebeat_extra_configs # -- Custom IAM Policy Json for Addon's ServiceAccount cluster_autoscaler_iampolicy_json_content = file("./custom-iam-policies/cluster-autoscaler.json") diff --git a/_examples/complete/variables.tf b/_examples/complete/variables.tf index 7a73cb5..81a6e69 100644 --- a/_examples/complete/variables.tf +++ b/_examples/complete/variables.tf @@ -174,4 +174,10 @@ variable "external_secrets_extra_configs" { default = { secret_manager_name = "external_secrets_addon" } +} + +# ------------------ FILEBEAT ------------------------------------------------- +variable "filebeat_extra_configs" { + type = any + default = {} } \ No newline at end of file diff --git a/addons/aws-ebs-csi-driver/README.md b/addons/aws-ebs-csi-driver/README.md index 24d783b..8d100a5 100644 --- a/addons/aws-ebs-csi-driver/README.md +++ b/addons/aws-ebs-csi-driver/README.md @@ -4,7 +4,7 @@ The [Amazon Elastic Block Store Container Storage](https://aws.amazon.com/ebs/) ## Installation Below terraform script shows how to use AWS EBS CSI Driver Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.0.1" diff --git a/addons/aws-efs-csi-driver/README.md b/addons/aws-efs-csi-driver/README.md index 34763bc..758696b 100644 --- a/addons/aws-efs-csi-driver/README.md +++ b/addons/aws-efs-csi-driver/README.md @@ -6,7 +6,7 @@ Amazon EFS CSI driver supports dynamic provisioning and static provisioning. Cur ## Installation Below terraform script shows how to use AWS EFS CSI Driver Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.0.1" diff --git a/addons/aws-load-balancer-controller/README.md b/addons/aws-load-balancer-controller/README.md index 439041f..b4b4c2e 100644 --- a/addons/aws-load-balancer-controller/README.md +++ b/addons/aws-load-balancer-controller/README.md @@ -6,7 +6,7 @@ AWS Load Balancer controller manages the following AWS resources ## Installation Below terraform script shows how to use AWS Load Balancer Controller Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.0.1" diff --git a/addons/aws-node-termination-handler/README.md b/addons/aws-node-termination-handler/README.md index 4b0bbda..dbb397c 100644 --- a/addons/aws-node-termination-handler/README.md +++ b/addons/aws-node-termination-handler/README.md @@ -4,7 +4,7 @@ The AWS Node Termination Handler (NTH) project ensures that the Kubernetes contr ## Installation Below terraform script shows how to use Node Termination Handler Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.0.1" diff --git a/addons/calico-tigera/README.md b/addons/calico-tigera/README.md index 093388b..85faa66 100644 --- a/addons/calico-tigera/README.md +++ b/addons/calico-tigera/README.md @@ -12,7 +12,7 @@ For multi-tenant Kubernetes environments where isolation of tenants from each ot - Calico is an CNI addon, so this must be installed before EKS default CNI (aws-node). - If you see `aws-node` pods after cluster creation `kubectl get pods -n kube-system` then you can just delete them by running `kubectl delete ds aws-node -n kube-system` -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.0.1" diff --git a/addons/cluster-autoscaler/README.md b/addons/cluster-autoscaler/README.md index e17b738..7bda4ce 100644 --- a/addons/cluster-autoscaler/README.md +++ b/addons/cluster-autoscaler/README.md @@ -6,7 +6,7 @@ Cluster Autoscaler is a tool that automatically adjusts the size of the Kubernet ## Installation Below terraform script shows how to use Cluster Autoscaler Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.0.1" diff --git a/addons/external-secrets/README.md b/addons/external-secrets/README.md index e050d14..8cbf908 100644 --- a/addons/external-secrets/README.md +++ b/addons/external-secrets/README.md @@ -12,7 +12,7 @@ and they also need to change properties (`name`,`namespace`,`secretKey`) of Exte - If users wants to add more secrets then they can use following template in `external-secret.yaml` under data: -```bash +```yml data: - secretKey: do_not_delete_this_key # -- AWS Secret-Manager secret key remoteRef: @@ -20,7 +20,7 @@ data: property: do_not_delete_this_key # -- AWS Secret-Manager secret key ``` user also need to provide `secret_manager_name` inside `externalsecrets_manifest` variable in varriable.tf as below -```bash +```hcl variable "externalsecrets_manifest" { type = object({ secret_store_manifest_file_path = string @@ -37,7 +37,7 @@ variable "externalsecrets_manifest" { ``` Calling `externalsecrets_manifest` variable in main.tf as below - -```bash +```hcl module "addons" { source = "clouddrove/eks-addons/aws" version = "0.0.1" diff --git a/addons/filebeat/README.md b/addons/filebeat/README.md new file mode 100644 index 0000000..f337912 --- /dev/null +++ b/addons/filebeat/README.md @@ -0,0 +1,20 @@ +# Filebeat Helm Chart +Filebeat is a logging agent installed on the machine generating the log files, tailing them, and forwarding the data to either Logstash for more advanced processing or directly into Elasticsearch for indexing. + +## Installation +Below terraform script shows how to use Filebeat Terraform Addon, A complete example is also given [here](https://github.com/clouddrove/terraform-helm-eks-addons/blob/master/_examples/complete/main.tf). + +```hcl +module "addons" { + source = "clouddrove/eks-addons/aws" + version = "0.1.0" + + depends_on = [module.eks] + eks_cluster_name = module.eks.cluster_name + + filebeat = true +} +``` + + + diff --git a/addons/filebeat/config/default_values.yaml b/addons/filebeat/config/default_values.yaml new file mode 100644 index 0000000..f27bd0c --- /dev/null +++ b/addons/filebeat/config/default_values.yaml @@ -0,0 +1,254 @@ +--- +daemonset: + # Annotations to apply to the daemonset + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the daemonset + enabled: true + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: + - name: "ELASTICSEARCH_USERNAME" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: username + - name: "ELASTICSEARCH_PASSWORD" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: password + # Allows you to add any config files in /usr/share/filebeat + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + hostNetworking: false + # Allows you to add any config files in /usr/share/filebeat + # such as filebeat.yml for daemonset + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]' + username: '${ELASTICSEARCH_USERNAME}' + password: '${ELASTICSEARCH_PASSWORD}' + protocol: https + ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca.crt"] + # Only used when updateStrategy is set to "RollingUpdate" + maxUnavailable: 1 + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: + - name: elasticsearch-master-certs + secretName: elasticsearch-master-certs + path: /usr/share/filebeat/certs/ + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + # Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly. + # + # - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. + # - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] + +deployment: + # Annotations to apply to the deployment + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the deployment + enabled: false + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: + - name: "ELASTICSEARCH_USERNAME" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: username + - name: "ELASTICSEARCH_PASSWORD" + valueFrom: + secretKeyRef: + name: elasticsearch-master-credentials + key: password + # Allows you to add any config files in /usr/share/filebeat + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + # such as filebeat.yml for deployment + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: log + paths: + - /usr/share/filebeat/logs/filebeat + + output.elasticsearch: + host: "${NODE_NAME}" + hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]' + username: "${ELASTICSEARCH_USERNAME}" + password: "${ELASTICSEARCH_PASSWORD}" + protocol: https + ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca.crt"] + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: + - name: elasticsearch-master-certs + secretName: elasticsearch-master-certs + path: /usr/share/filebeat/certs/ + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + # + # - User that the container will execute as. + # Not necessary to run as root (0) as the Filebeat Deployment use cases do not need access to Kubernetes Node internals + # - Typically not necessarily unless running within environments such as OpenShift. + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] + +# Replicas being used for the filebeat deployment +replicas: 1 + +extraContainers: "" +# - name: dummy-init +# image: busybox +# command: ['echo', 'hey'] + +extraInitContainers: [] +# - name: dummy-init + +# Root directory where Filebeat will write data to in order to persist registry data across pod restarts (file position and other metadata). +hostPathRoot: /var/lib + +dnsConfig: {} +# options: +# - name: ndots +# value: "2" +hostAliases: [] +#- ip: "127.0.0.1" +# hostnames: +# - "foo.local" +# - "bar.local" +image: "docker.elastic.co/beats/filebeat" +imageTag: "8.5.1" +imagePullPolicy: "IfNotPresent" +imagePullSecrets: [] + +livenessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + curl --fail 127.0.0.1:5066 + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + +readinessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + filebeat test output + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + +# Whether this chart should self-manage its service account, role, and associated role binding. +managedServiceAccount: true + +clusterRoleRules: + - apiGroups: + - "" + resources: + - namespaces + - nodes + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "apps" + resources: + - replicasets + verbs: + - get + - list + - watch + +podAnnotations: {} +# iam.amazonaws.com/role: es-cluster + +# Custom service account override that the pod will use +serviceAccount: "" + +# Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set. +serviceAccountAnnotations: {} +# eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount + +# How long to wait for Filebeat pods to stop gracefully +terminationGracePeriod: 30 +# This is the PriorityClass settings as defined in +# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +priorityClassName: "" + +updateStrategy: RollingUpdate + +# Override various naming aspects of this chart +# Only edit these if you know what you're doing +nameOverride: "" +fullnameOverride: "" diff --git a/addons/filebeat/locals.tf b/addons/filebeat/locals.tf new file mode 100644 index 0000000..d5a4503 --- /dev/null +++ b/addons/filebeat/locals.tf @@ -0,0 +1,41 @@ +locals { + name = "filebeat" + + default_helm_config = { + name = try(var.filebeat_extra_configs.name, local.name) + chart = try(var.filebeat_extra_configs.chart, local.name) + repository = try(var.filebeat_extra_configs.repository, "https://helm.elastic.co") + version = try(var.filebeat_extra_configs.version, "8.5.1") + namespace = try(var.filebeat_extra_configs.namespace, "logging") + create_namespace = try(var.filebeat_extra_configs.create_namespace, true) + description = "Filebeat helm Chart deployment configuration" + timeout = try(var.filebeat_extra_configs.timeout, "600") + lint = try(var.filebeat_extra_configs.lint, "false") + repository_key_file = try(var.filebeat_extra_configs.repository_key_file, "") + repository_cert_file = try(var.filebeat_extra_configs.repository_cert_file, "") + repository_username = try(var.filebeat_extra_configs.repository_username, "") + repository_password = try(var.filebeat_extra_configs.repository_password, "") + verify = try(var.filebeat_extra_configs.verify, "false") + keyring = try(var.filebeat_extra_configs.keyring, "") + disable_webhooks = try(var.filebeat_extra_configs.disable_webhooks, "false") + reuse_values = try(var.filebeat_extra_configs.reuse_values, "false") + reset_values = try(var.filebeat_extra_configs.reset_values, "false") + force_update = try(var.filebeat_extra_configs.force_update, "false") + recreate_pods = try(var.filebeat_extra_configs.recreate_pods, "false") + cleanup_on_fail = try(var.filebeat_extra_configs.cleanup_on_fail, "false") + max_history = try(var.filebeat_extra_configs.max_history, "0") + atomic = try(var.filebeat_extra_configs.atomic, "false") + skip_crds = try(var.filebeat_extra_configs.skip_crds, "false") + render_subchart_notes = try(var.filebeat_extra_configs.render_subchart_notes, "true") + disable_openapi_validation = try(var.filebeat_extra_configs.disable_openapi_validation, "false") + wait = try(var.filebeat_extra_configs.wait, "true") + wait_for_jobs = try(var.filebeat_extra_configs.wait_for_jobs, "false") + dependency_update = try(var.filebeat_extra_configs.dependency_update, "false") + replace = try(var.filebeat_extra_configs.replace, "false") + } + + helm_config = merge( + local.default_helm_config, + var.helm_config + ) +} \ No newline at end of file diff --git a/addons/filebeat/main.tf b/addons/filebeat/main.tf new file mode 100644 index 0000000..1c7f1a8 --- /dev/null +++ b/addons/filebeat/main.tf @@ -0,0 +1,7 @@ +module "helm_addon" { + source = "../helm" + + manage_via_gitops = var.manage_via_gitops + helm_config = local.helm_config + addon_context = var.addon_context +} \ No newline at end of file diff --git a/addons/filebeat/outputs.tf b/addons/filebeat/outputs.tf new file mode 100644 index 0000000..a3832b1 --- /dev/null +++ b/addons/filebeat/outputs.tf @@ -0,0 +1,11 @@ +output "namespace" { + value = local.default_helm_config.namespace +} + +output "chart_version" { + value = local.default_helm_config.version +} + +output "repository" { + value = local.default_helm_config.repository +} \ No newline at end of file diff --git a/addons/filebeat/variables.tf b/addons/filebeat/variables.tf new file mode 100644 index 0000000..f1aebeb --- /dev/null +++ b/addons/filebeat/variables.tf @@ -0,0 +1,32 @@ +variable "helm_config" { + description = "Helm provider config for Filebeat" + type = any + default = {} +} + +variable "manage_via_gitops" { + description = "Determines if the add-on should be managed via GitOps" + type = bool + default = false +} + +variable "addon_context" { + description = "Input configuration for the addon" + type = object({ + aws_caller_identity_account_id = string + aws_caller_identity_arn = string + aws_eks_cluster_endpoint = string + aws_partition_id = string + aws_region_name = string + eks_cluster_id = string + eks_oidc_issuer_url = string + eks_oidc_provider_arn = string + tags = map(string) + }) +} + +variable "filebeat_extra_configs" { + description = "Override attributes of helm_release terraform resource" + type = any + default = {} +} \ No newline at end of file diff --git a/addons/filebeat/versions.tf b/addons/filebeat/versions.tf new file mode 100644 index 0000000..2d6c28d --- /dev/null +++ b/addons/filebeat/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.0.0" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.10" + } + aws = { + source = "hashicorp/aws" + version = ">= 3.72" + } + } +} diff --git a/main.tf b/main.tf index 2f921d7..707a6cf 100644 --- a/main.tf +++ b/main.tf @@ -197,4 +197,13 @@ module "certification_manager" { manage_via_gitops = var.manage_via_gitops addon_context = local.addon_context certification_manager_extra_configs = var.certification_manager_extra_configs +} + +module "filebeat" { + count = var.filebeat ? 1 : 0 + source = "./addons/filebeat" + helm_config = var.filebeat_helm_config != null ? var.filebeat_helm_config : { values = [local_file.filebeat_helm_config[count.index].content] } + manage_via_gitops = var.manage_via_gitops + addon_context = local.addon_context + filebeat_extra_configs = var.filebeat_extra_configs } \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index d002e94..64d72b5 100644 --- a/outputs.tf +++ b/outputs.tf @@ -312,4 +312,18 @@ output "certification_manager_chart_version" { output "certification_manager_repository" { value = module.certification_manager[*].repository description = "Helm chart repository of the certification-manager." +} + +#----------- FILEBEAT ------------------------ +output "filebeat_namespace" { + value = module.filebeat[*].namespace + description = "Namespace where Filebeat is installed" +} +output "filebeat_chart_version" { + value = module.filebeat[*].chart_version + description = "chart version used for Filebeat helmchart" +} +output "filebeat_repository" { + value = module.filebeat[*].repository + description = "helm repository url of Filebeat" } \ No newline at end of file diff --git a/override_values.tf b/override_values.tf index 87b70db..955cd3d 100644 --- a/override_values.tf +++ b/override_values.tf @@ -662,4 +662,52 @@ installCRDs: true EOT filename = "${path.module}/override_values/certification_manager.yaml" +} + +#-----------CERTIFICATION-MANAGER-------------------- +resource "local_file" "filebeat_helm_config" { + count = var.filebeat && (var.filebeat_helm_config == null) ? 1 : 0 + content = <