[automation] Publish kubernetes templates for elastic-agent

elastic · Oct 27, 2023 · 34bd3be · 34bd3be
1 parent 910d17b
commit 34bd3be
Show file tree

Hide file tree

Showing 21 changed files with 827 additions and 572 deletions.
diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/cef.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/cef.yml
@@ -1,35 +1,45 @@
 inputs:
-    - name: udp-cef
-      id: udp-cef-${kubernetes.hints.container_id}
-      type: udp
+    - name: filestream-cef
+      id: filestream-cef-${kubernetes.hints.container_id}
+      type: filestream
       use_output: default
       streams:
         - condition: ${kubernetes.hints.cef.log.enabled} == true or ${kubernetes.hints.cef.enabled} == true
           data_stream:
             dataset: cef.log
             type: logs
-          host: localhost:9003
+          exclude_files:
+            - .gz$
+          parsers:
+            - container:
+                format: auto
+                stream: ${kubernetes.hints.cef.log.stream|'all'}
+          paths:
+            - /var/log/containers/*${kubernetes.hints.container_id}.log
           processors:
             - rename:
                 fields:
                     - from: message
                       to: event.original
             - decode_cef:
                 field: event.original
+          prospector:
+            scanner:
+                symlinks: true
           tags:
             - cef
             - forwarded
       data_stream.namespace: default
-    - name: tcp-cef
-      id: tcp-cef-${kubernetes.hints.container_id}
-      type: tcp
+    - name: udp-cef
+      id: udp-cef-${kubernetes.hints.container_id}
+      type: udp
       use_output: default
       streams:
         - condition: ${kubernetes.hints.cef.log.enabled} == true or ${kubernetes.hints.cef.enabled} == true
           data_stream:
             dataset: cef.log
             type: logs
-          host: localhost:9004
+          host: localhost:9003
           processors:
             - rename:
                 fields:
@@ -41,33 +51,23 @@ inputs:
             - cef
             - forwarded
       data_stream.namespace: default
-    - name: filestream-cef
-      id: filestream-cef-${kubernetes.hints.container_id}
-      type: filestream
+    - name: tcp-cef
+      id: tcp-cef-${kubernetes.hints.container_id}
+      type: tcp
       use_output: default
       streams:
         - condition: ${kubernetes.hints.cef.log.enabled} == true or ${kubernetes.hints.cef.enabled} == true
           data_stream:
             dataset: cef.log
             type: logs
-          exclude_files:
-            - .gz$
-          parsers:
-            - container:
-                format: auto
-                stream: ${kubernetes.hints.cef.log.stream|'all'}
-          paths:
-            - /var/log/containers/*${kubernetes.hints.container_id}.log
+          host: localhost:9004
           processors:
             - rename:
                 fields:
                     - from: message
                       to: event.original
             - decode_cef:
                 field: event.original
-          prospector:
-            scanner:
-                symlinks: true
           tags:
             - cef
             - forwarded

diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/crowdstrike.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/crowdstrike.yml
@@ -1,4 +1,35 @@
 inputs:
+    - name: aws-s3-crowdstrike
+      id: aws-s3-crowdstrike-${kubernetes.hints.container_id}
+      type: aws-s3
+      use_output: default
+      streams:
+        - condition: ${kubernetes.hints.crowdstrike.fdr.enabled} == true or ${kubernetes.hints.crowdstrike.enabled} == true
+          data_stream:
+            dataset: crowdstrike.fdr
+            type: logs
+          queue_url: null
+          sqs.notification_parsing_script.source: |
+            function parse(n) {
+              var m = JSON.parse(n);
+              var evts = [];
+              var files = m.files;
+              var bucket = m.bucket;
+              if (!Array.isArray(files) || (files.length == 0) || bucket == null || bucket == "") {
+                return evts;
+              }
+              files.forEach(function(f){
+                var evt = new S3EventV2();
+                evt.SetS3BucketName(bucket);
+                evt.SetS3ObjectKey(f.path);
+                evts.push(evt);
+              });
+              return evts;
+            }
+          tags:
+            - forwarded
+            - crowdstrike-fdr
+      data_stream.namespace: default
     - name: filestream-crowdstrike
       id: filestream-crowdstrike-${kubernetes.hints.container_id}
       type: filestream
@@ -48,34 +79,3 @@ inputs:
             - forwarded
             - crowdstrike-fdr
       data_stream.namespace: default
-    - name: aws-s3-crowdstrike
-      id: aws-s3-crowdstrike-${kubernetes.hints.container_id}
-      type: aws-s3
-      use_output: default
-      streams:
-        - condition: ${kubernetes.hints.crowdstrike.fdr.enabled} == true or ${kubernetes.hints.crowdstrike.enabled} == true
-          data_stream:
-            dataset: crowdstrike.fdr
-            type: logs
-          queue_url: null
-          sqs.notification_parsing_script.source: |
-            function parse(n) {
-              var m = JSON.parse(n);
-              var evts = [];
-              var files = m.files;
-              var bucket = m.bucket;
-              if (!Array.isArray(files) || (files.length == 0) || bucket == null || bucket == "") {
-                return evts;
-              }
-              files.forEach(function(f){
-                var evt = new S3EventV2();
-                evt.SetS3BucketName(bucket);
-                evt.SetS3ObjectKey(f.path);
-                evts.push(evt);
-              });
-              return evts;
-            }
-          tags:
-            - forwarded
-            - crowdstrike-fdr
-      data_stream.namespace: default