Elasticsearch
What is "Persistence ElasticSearch" Hook about?
The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit elastic.io.
Installing the Elasticsearch persistenceProvider hook will add a ReadOnly Hook to your namespace.
Deployment
The persistence-elastic chart can be deployed via helm:
# Install HelmChart (use -n to configure another namespace)
helm upgrade --install persistence-elastic secureCodeBox/persistence-elastic
Requirements
Kubernetes: >=v1.11.0-0
Repository | Name | Version |
---|---|---|
https://helm.elastic.co | elasticsearch | 7.17.3 |
https://helm.elastic.co | kibana | 7.17.3 |
Additional Chart Configurations
Elasticsearch Indexing
For the elasticsearch indexSuffix
you can provide a date format pattern. We use Luxon to format the date. So checkout
the Luxon documentation to see what kind of format patterns you can use for the
indexSuffix
. Default pattern is yyyy-MM-dd
Values
Key | Type | Default | Description |
---|---|---|---|
affinity | object | {} | |
authentication | object | {"apiKeySecret":null,"userSecret":null} | Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch user and apikey are mutually exclusive, only set one! |
authentication.apiKeySecret | string | nil | Link a pre-existing generic secret with id and key key / value pairs |
authentication.userSecret | string | nil | Link a pre-existing generic secret with username and password key / value pairs |
dashboardImporter.enabled | bool | true | Enable if you want to import some example kibana dashboards for secureCodeBox findings analytics. |
dashboardImporter.image.repository | string | "securecodebox/persistence-elastic-dashboard-importer" | |
dashboardImporter.image.tag | string | nil | |
elasticsearch | object | {"enabled":true,"minimumMasterNodes":1,"replicas":1} | Configures the included elasticsearch subchart (see: https://github.com/elastic/helm-charts/tree/elasticsearch) |
elasticsearch.enabled | bool | true | Enable if you want to deploy an elasticsearch service. |
elasticsearch.minimumMasterNodes | int | 1 | The value for discovery.zen.minimum_master_nodes. Should be set to (master_eligible_nodes / 2) + 1. Ignored in Elasticsearch versions >= 7 |
elasticsearch.replicas | int | 1 | Kubernetes replica count for the StatefulSet (i.e. how many pods) |
externalElasticStack.elasticsearchAddress | string | "https://elasticsearch.example.com" | The URL of the elasticsearch service to persists all findings to. |
externalElasticStack.enabled | bool | false | Enable this when you already have an Elastic Stack running to which you want to send your results |
externalElasticStack.kibanaAddress | string | "https://kibana.example.com" | The URL of the kibana service used to visualize all findings. |
fullnameOverride | string | "" | |
hook.affinity | object | {} | Optional affinity settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) |
hook.image.repository | string | "docker.io/securecodebox/hook-persistence-elastic" | Hook image repository |
hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
hook.labels | object | {} | Add Kubernetes Labels to the hook definition |
hook.priority | int | 0 | Hook priority. Higher priority Hooks are guaranteed to execute before low priority Hooks. |
hook.resources | object | { requests: { cpu: "200m", memory: "100Mi" }, limits: { cpu: "400m", memory: "200Mi" } } | Optional resources lets you control resource limits and requests for the hook container. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
hook.tolerations | list | [] | Optional tolerations settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
hook.ttlSecondsAfterFinished | string | nil | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
imagePullSecrets | list | [] | Define imagePullSecrets when a private registry is used (see: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) |
indexAppendNamespace | bool | true | Define if the name of the namespace where this hook is deployed to must be added to the index name. The namespace can be used to separate index by tenants (namespaces). |
indexPrefix | string | "scbv2" | Define a specific index prefix used for all elasticsearch indices. |
indexSuffix | string | "“yyyy-MM-dd”" | Define a specific index suffix based on date pattern (YEAR (yyyy), MONTH (yyyy-MM), WEEK (yyyy-'W'W), DATE (yyyy-MM-dd)). We use Luxon for date formatting (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens) |
kibana | object | {"enabled":true} | Configures included Elasticsearch subchart |
kibana.enabled | bool | true | Enable if you want to deploy an kibana service (see: https://github.com/elastic/helm-charts/tree/master/kibana) |
nameOverride | string | "" | |
nodeSelector | object | {} | |
podSecurityContext | object | {} | |
resources | object | {} | |
securityContext | object | {} | |
tolerations | list | [] |
License
Code of secureCodeBox is licensed under the Apache License 2.0.