fix: add service for filebeat

[huongpt11]

Summary by CodeRabbit

• New Features
  • Added Filebeat Kubernetes Service with UDP port 5066 and LoadBalancer support with configurable external IP options.
  • Introduced Elasticsearch admin user configuration capability.
  • Added node affinity configuration support.
  • Updated filebeat module configuration management.

[coderabbitai]

Walkthrough

This pull request modifies the Kubernetes Filebeat Helm chart by introducing a new Service template for UDP syslog traffic, simplifying the ConfigMap module configuration (removing Juniper, retaining Cisco), and adding service-related configuration options to values.yaml including LoadBalancer support, external IP, elasticsearch admin credentials, and pod affinity settings.

Changes

Cohort / File(s)	Summary
ConfigMap Configuration kubernetes/filebeat/templates/cm.yml	Removed inline filebeat.config.modules block and replaced with commented version; simplified module configuration by removing Juniper (junos) module entirely while retaining Cisco (ios) module with enabled flag and variables.
Service Definition kubernetes/filebeat/templates/filebeat-service.yml	New Helm Service template with UDP port 5066 (filebeat-syslog), LoadBalancer type support with conditional nodePort and externalTrafficPolicy, optional external IPs and loadBalancerIP configuration.
DaemonSet Template kubernetes/filebeat/templates/filebeat.yml	Minor formatting cleanup: removed trailing blank line after commented block.
Helm Values Configuration kubernetes/filebeat/values.yaml	Added service type (LoadBalancer), global.externalIP field, elasticsearch.adminUser credentials block (name: elastic, password: juniper@123, role: superuser), and affinity configuration object.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• vyvuvivo
• phamtranlinhchi
• tuhoanganh

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a new filebeat Kubernetes Service resource, which is the primary addition across the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/filebeat

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

kubernetes/filebeat/templates/cm.yml (1)

38-45: ⚠️ Potential issue | 🔴 Critical

Port mismatch between ConfigMap and Service.

The Cisco IOS syslog module listens on port 9001 (var.syslog_port: 9001), but the new Service (filebeat-service.yml) exposes port 5066 with targetPort: 5066. UDP syslog traffic arriving on the Service will never reach the filebeat syslog listener. Either the targetPort in the Service should be 9001, or var.syslog_port here should be 5066.

🤖 Fix all issues with AI agents

In `@kubernetes/filebeat/templates/filebeat-service.yml`:
- Line 1: The file kubernetes/filebeat/templates/filebeat-service.yml uses
Windows CRLF line endings causing YAMLlint "wrong new line character" errors;
convert the file to Unix LF endings (e.g., run dos2unix or configure your
editor/git to use LF) and recommit so the linter sees valid newlines—leave the
Helm template syntax unchanged (the apparent syntax error at line 5 is a
YAMLlint false positive).
- Around line 27-34: The Service template is using the wrong value for
loadBalancerIP: replace the reference to {{
.Values.global.logstash.loadBalancerIP }} with the filebeat-specific value used
in the guard (e.g. {{ .Values.service.loadBalancerIP }} or a dedicated {{
.Values.global.filebeat.loadBalancerIP }} if you prefer global-scoped settings),
and add a corresponding default entry in values.yaml (service.loadBalancerIP: ""
or global.filebeat.loadBalancerIP: "") so the conditional and the value are
consistent (update the filebeat Service template and values.yaml accordingly).

In `@kubernetes/filebeat/values.yaml`:
- Around line 6-9: The adminUser block contains hardcoded credentials
(adminUser.name / adminUser.pass / adminUser.role); remove the plaintext pass
value from values.yaml and instead reference a Kubernetes Secret (or
sealed-secret/external secret manager). Update the Helm values to accept a
secret reference (e.g., adminUser.secretName or adminUser.secretRef) and change
templates that read adminUser.pass to pull from a secretKeyRef or env var
sourced from that Secret; ensure creation of the Secret is documented or handled
outside version control rather than storing the password in values.yaml.
- Around line 31-32: The template references .Values.service.loadBalancerIP in
conditionals but values.yaml only defines service.type, causing rendering
errors; add a default entry for service.loadBalancerIP in values.yaml (e.g.,
under the existing service block add loadBalancerIP with an empty value) so
.Values.service.loadBalancerIP always exists, preserving current behavior when
unset and satisfying the template checks for (not (empty
.Values.service.loadBalancerIP)).

🧹 Nitpick comments (1)

kubernetes/filebeat/templates/filebeat-service.yml (1)

17-18: Hardcoded nodePort value.

The nodePort 30901 is hardcoded. If this port is already in use in the cluster, the service will fail to create. Consider making it configurable via Values.service.nodePort or removing it to let Kubernetes auto-assign.

Proposed fix

   {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
-      nodePort: 30901
+      nodePort: {{ .Values.service.nodePort | default 30901 }}
   {{- end }}

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Static analysis: wrong newline character.

YAMLlint reports wrong new line character: expected \n on line 1. The file likely uses Windows-style line endings (\r\n). Convert to Unix line endings (\n). The syntax error on line 5 is a false positive caused by Helm template syntax that YAMLlint cannot parse.

🧰 Tools

🪛 YAMLlint (1.38.0)

[error] 1-1: wrong new line character: expected \n

(new-lines)

🤖 Prompt for AI Agents

In `@kubernetes/filebeat/templates/filebeat-service.yml` at line 1, The file
kubernetes/filebeat/templates/filebeat-service.yml uses Windows CRLF line
endings causing YAMLlint "wrong new line character" errors; convert the file to
Unix LF endings (e.g., run dos2unix or configure your editor/git to use LF) and
recommit so the linter sees valid newlines—leave the Helm template syntax
unchanged (the apparent syntax error at line 5 is a YAMLlint false positive).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

loadBalancerIP is sourced from global.logstash.loadBalancerIP — likely a copy-paste error.

Line 33 sets the Service's loadBalancerIP to {{ .Values.global.logstash.loadBalancerIP }} (the logstash load balancer IP), but the conditional on line 17/27 checks .Values.service.loadBalancerIP. This is inconsistent:

1. The guard condition references a value (service.loadBalancerIP) that doesn't exist in values.yaml.
2. The actual IP used belongs to logstash, not filebeat.

This likely means the filebeat Service will be assigned logstash's IP, which is almost certainly unintended.

Proposed fix — use a consistent, filebeat-specific value

   {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
   externalTrafficPolicy: Local
   {{- if .Values.global.externalIP }}
   externalIPs: 
     - {{ .Values.global.externalIP }}
   {{- end }}
-  loadBalancerIP: {{ .Values.global.logstash.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
   {{- end }}

And add a default in values.yaml:

service:
  type: LoadBalancer
  loadBalancerIP: ""

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
	externalTrafficPolicy: Local
	{{- if .Values.global.externalIP }}
	externalIPs:
	- {{ .Values.global.externalIP }}
	{{- end }}
	loadBalancerIP: {{ .Values.global.logstash.loadBalancerIP }}
	{{- end }}
	{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
	externalTrafficPolicy: Local
	{{- if .Values.global.externalIP }}
	externalIPs:
	- {{ .Values.global.externalIP }}
	{{- end }}
	loadBalancerIP: {{ .Values.service.loadBalancerIP }}
	{{- end }}

🤖 Prompt for AI Agents

In `@kubernetes/filebeat/templates/filebeat-service.yml` around lines 27 - 34, The
Service template is using the wrong value for loadBalancerIP: replace the
reference to {{ .Values.global.logstash.loadBalancerIP }} with the
filebeat-specific value used in the guard (e.g. {{
.Values.service.loadBalancerIP }} or a dedicated {{
.Values.global.filebeat.loadBalancerIP }} if you prefer global-scoped settings),
and add a corresponding default entry in values.yaml (service.loadBalancerIP: ""
or global.filebeat.loadBalancerIP: "") so the conditional and the value are
consistent (update the filebeat Service template and values.yaml accordingly).

[duchieu2k]

@huongpt11 @kiennkt Logstash value?

Use its own value .Values.service.loadBalancerIP

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Hardcoded credentials in values.yaml.

The adminUser block contains a plaintext password (juniper@123). Even in a Helm values file, committing secrets to version control is a security risk. Consider using Kubernetes Secrets, sealed-secrets, or an external secret manager, and reference them via environment variables or secret volume mounts instead.

🤖 Prompt for AI Agents

In `@kubernetes/filebeat/values.yaml` around lines 6 - 9, The adminUser block
contains hardcoded credentials (adminUser.name / adminUser.pass /
adminUser.role); remove the plaintext pass value from values.yaml and instead
reference a Kubernetes Secret (or sealed-secret/external secret manager). Update
the Helm values to accept a secret reference (e.g., adminUser.secretName or
adminUser.secretRef) and change templates that read adminUser.pass to pull from
a secretKeyRef or env var sourced from that Secret; ensure creation of the
Secret is documented or handled outside version control rather than storing the
password in values.yaml.

[duchieu2k]

@huongpt11 @kiennkt leave it as a blank or dummy user/pass

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

service.loadBalancerIP is missing from defaults but referenced in the service template.

The service template checks (not (empty .Values.service.loadBalancerIP)) in multiple conditionals, but values.yaml only defines service.type. This will cause a template rendering error if .Values.service.loadBalancerIP is not supplied by the user at install time.

Proposed fix

 service:
   type: LoadBalancer
+  loadBalancerIP: ""
+  annotations: {}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	service:
	type: LoadBalancer
	service:
	type: LoadBalancer
	loadBalancerIP: ""
	annotations: {}

🤖 Prompt for AI Agents

In `@kubernetes/filebeat/values.yaml` around lines 31 - 32, The template
references .Values.service.loadBalancerIP in conditionals but values.yaml only
defines service.type, causing rendering errors; add a default entry for
service.loadBalancerIP in values.yaml (e.g., under the existing service block
add loadBalancerIP with an empty value) so .Values.service.loadBalancerIP always
exists, preserving current behavior when unset and satisfying the template
checks for (not (empty .Values.service.loadBalancerIP)).

[duchieu2k]

@kiennkt add service.loadBalancerIP

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[duchieu2k]

Update to work with running CI via ternary template

Example:
{{ ternary "ClusterIP" .Values.service.type .Values.global.ci }}

[duchieu2k]

Move block externalIPs out of
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
{{- end }}

[duchieu2k]

@kiennkt add service.loadBalancerIP

[duchieu2k]

@huongpt11 @kiennkt leave it as a blank or dummy user/pass

[duchieu2k]

@huongpt11 @kiennkt Logstash value?

Use its own value .Values.service.loadBalancerIP