Implement elasticsearch sink

Question

Implement elasticsearch sink

serboctor opened this issue 2 years ago · 1 comments

Implement a sink that writes to elasticsearch. The user should be able to configure the address of elasticsearch and the index to write to.

Answer 1 · 2022-08-18T11:42:46.000Z

Target entity test

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-4
  labels:
    app: myapp-4
spec:
  selector:
    matchLabels:
      app: myapp-4
  template:
    metadata:
      labels:
        app: myapp-4
    spec:
      containers:
        - name: container-1
          image: ubuntu
          securityContext:
            privileged: true
            allowPrivilegeEscalation: true

Verification Steps

Start the agent with helm chart in admission upsert mode, using ngrok to tunnel the elasticsearch port to pod, Works OK
Start the agent with helm chart in admission insert mode, using ngrok to tunnel the elasticsearch port to pod, Works OK
Start the agent with helm chart in audit upsert mode, using ngrok to tunnel the elasticsearch port to pod, Works OK
Start the agent with helm chart in audit insert mode, using ngrok to tunnel the elasticsearch port to pod, Works OK