Creating the Configmap

13.2.4 Creating the Configmap

Perform the following steps to create the Kubernetes ConfigMap for ELK:

Copy the elk.crt file to the $WORKDIR/kubernetes/elasticsearch-and-kibana directory.
Navigate to the $WORKDIR/kubernetes/elasticsearch-and-kibana directory and run the following:
```
kubectl create configmap elk-cert --from-file=elk.crt -n <namespace>
```
For example:
```
kubectl create configmap elk-cert --from-file=elk.crt -n oigns
```
The output will look similar to the following:
```
configmap/elk-cert created
```

Create a logstash_cm.yaml file in the $WORKDIR/kubernetes/elasticsearch-and-kibana directory as follows:

apiVersion: v1
kind: ConfigMap
metadata:
  name: oig-logstash-configmap
  namespace: <ELKNS>
data:
  logstash.yml: |
    #http.host: "0.0.0.0"
  logstash-config.conf: |
    input {
      file {
        path => "<Log Home>/servers/AdminServer/logs/AdminServer*.log*"
        tags => "Adminserver_log"
        start_position => beginning
      }
      file {
        path => "<Log Home>/**/logs/soa_server*.log*"
        tags => "soaserver_log"
        start_position => beginning
      }
      file {
        path => "<Log Home>/**/logs/oim_server*.log*"
        tags => "Oimserver_log"
        start_position => beginning
      }
      file {
        path => "<Domain Home>/servers/AdminServer/logs/AdminServer-diagnostic.log*"
        tags => "Adminserver_diagnostic"
        start_position => beginning
      }
      file {
        path => "<Domain Home>/servers/**/logs/soa_server*-diagnostic.log*"
        tags => "Soa_diagnostic"
        start_position => beginning
      }
      file {
        path => "<Domain Home>/servers/**/logs/oim_server*-diagnostic.log*"
        tags => "Oimserver_diagnostic"
        start_position => beginning
      }
      file {
        path => "<Domain Home>/servers/**/logs/access*.log*"
        tags => "Access_logs"
        start_position => beginning
      }
    }
    filter {
      grok {
        match => [ "message", "<%{DATA:log_timestamp}> <%{WORD:log_level}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:servername}> <%{DATA:timer}> <<%{DATA:kernel}>> <> <%{DATA:uuid}> <%{NUMBER:timestamp}> <%{DATA:misc}    > <%{DATA:log_number}> <%{DATA:log_message}>" ]
      }
    if "_grokparsefailure" in [tags] {
        mutate {
            remove_tag => [ "_grokparsefailure" ]
        }
    }
    }
    output {
      elasticsearch {
    hosts => ["<ELK_HOSTS>"]
    cacert => '/usr/share/logstash/config/certs/elk.crt'
    index => "oiglogs-000001"
    ssl => <ELK_SSL>
    ssl_certificate_verification => false
    user => "<ELK_USER>"
    password => "${ELASTICSEARCH_PASSWORD}"
    api_key => "${ELASTICSEARCH_PASSWORD}"
      }
    }

Change the values in the above file as follows:

Change the <ELKNS>, <ELK_HOSTS>, <ELK_SSL>, and <ELK_USER> to match the values in Variables Used in This Section.
Change <Log Home> and <Domain Home> to match the Log Home and Domain Home returned in Finding Required Domain Details.
If using API KEY for your ELK authentication, delete the user and password lines.
If using a password for ELK authentication, delete the api_key line.
If no authentication is used for ELK, delete the user, password, and api_key lines.

For example:

apiVersion: v1
kind: ConfigMap
metadata:
  name: oig-logstash-configmap
  namespace: oigns
data:
  logstash.yml: |
    #http.host: "0.0.0.0"
  logstash-config.conf: |
    input {
      file {
        path => "/u01/oracle/user_projects/domains/logs/governancedomain/servers/AdminServer/logs/AdminServer*.log*"
        tags => "Adminserver_log"
        start_position => beginning
      }
      file {
        path => "/u01/oracle/user_projects/domains/logs/governancedomain/**/logs/soa_server*.log*"
        tags => "soaserver_log"
        start_position => beginning
      }
      file {
        path => "/u01/oracle/user_projects/domains/logs/governancedomain/**/logs/oim_server*.log*"
        tags => "Oimserver_log"
        start_position => beginning
      }
      file {
        path => "/u01/oracle/user_projects/domains/governancedomain/servers/AdminServer/logs/AdminServer-diagnostic.log*"
        tags => "Adminserver_diagnostic"
        start_position => beginning
      }
      file {
        path => "/u01/oracle/user_projects/domains/governancedomain/servers/**/logs/soa_server*-diagnostic.log*"
        tags => "Soa_diagnostic"
        start_position => beginning
      }
      file {
        path => "/u01/oracle/user_projects/domains/governancedomain/servers/**/logs/oim_server*-diagnostic.log*"
        tags => "Oimserver_diagnostic"
        start_position => beginning
      }
      file {
        path => "/u01/oracle/user_projects/domains/governancedomain/servers/**/logs/access*.log*"
        tags => "Access_logs"
        start_position => beginning
      }
    }
    filter {
      grok {
        match => [ "message", "<%{DATA:log_timestamp}> <%{WORD:log_level}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:servername}> <%{DATA:timer}> <<%{DATA:kernel}>> <> <%{DATA:uuid}> <%{NUMBER:timestamp}> <%{DATA:misc}    > <%{DATA:log_number}> <%{DATA:log_message}>" ]
      }
    if "_grokparsefailure" in [tags] {
        mutate {
            remove_tag => [ "_grokparsefailure" ]
        }
    }
    }
    output {
      elasticsearch {
    hosts => ["https://elasticsearch.example.com:9200"]
    cacert => '/usr/share/logstash/config/certs/elk.crt'
    index => "oiglogs-000001"
    ssl => true
    ssl_certificate_verification => false
    user => "logstash_internal"
    password => "${ELASTICSEARCH_PASSWORD}"
      }
    }

Run the following command to create the ConfigMap:
```
kubectl apply -f logstash_cm.yaml
```
The output will look similar to the following:
```
configmap/oig-logstash-configmap created
```