about summary refs log tree commit diff
diff options
context:
space:
mode:
authormakefunstuff <[email protected]>2024-06-30 11:17:39 +0200
committermakefunstuff <[email protected]>2024-06-30 11:17:39 +0200
commit6d7a8578317701553dc081e3704388460334481c (patch)
tree6cd6d9b318526dc84e38c88c9b0e123e23377681
parente2f397b82bcf4c858a928768f386d73364587df5 (diff)
downloadk3s-lab-6d7a8578317701553dc081e3704388460334481c.tar.gz
filebeat config
-rw-r--r--tools/eck-operator/templates/beat.yaml84
1 files changed, 76 insertions, 8 deletions
diff --git a/tools/eck-operator/templates/beat.yaml b/tools/eck-operator/templates/beat.yaml
index 0b9edd4..c0c5ea0 100644
--- a/tools/eck-operator/templates/beat.yaml
+++ b/tools/eck-operator/templates/beat.yaml
@@ -4,23 +4,38 @@ metadata:
   name: log-storage
 spec:
   type: filebeat
-  version: 8.14.1
+  version: 8.14.0
   elasticsearchRef:
     name: log-storage
   config:
-    filebeat.inputs:
-    - type: container
-      paths:
-      - /var/log/containers/*.log
+    filebeat:
+      autodiscover:
+        providers:
+        - type: kubernetes
+          node: ${NODE_NAME}
+          hints:
+            enabled: true
+            default_config:
+              type: container
+              paths:
+              - /var/log/containers/*${data.kubernetes.container.id}.log
+    processors:
+    - add_cloud_metadata: {}
+    - add_host_metadata: {}
   daemonSet:
     podTemplate:
       spec:
+        serviceAccountName: filebeat
+        automountServiceAccountToken: true
+        terminationGracePeriodSeconds: 30
         dnsPolicy: ClusterFirstWithHostNet
-        hostNetwork: true
-        securityContext:
-          runAsUser: 0
+        hostNetwork: true # Allows to provide richer host metadata
         containers:
         - name: filebeat
+          securityContext:
+            runAsUser: 0
+            # If using Red Hat OpenShift uncomment this:
+            #privileged: true
           volumeMounts:
           - name: varlogcontainers
             mountPath: /var/log/containers
@@ -28,6 +43,11 @@ spec:
             mountPath: /var/log/pods
           - name: varlibdockercontainers
             mountPath: /var/lib/docker/containers
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
         volumes:
         - name: varlogcontainers
           hostPath:
@@ -38,3 +58,51 @@ spec:
         - name: varlibdockercontainers
           hostPath:
             path: /var/lib/docker/containers
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: filebeat
+rules:
+- apiGroups: [""] # "" indicates the core API group
+  resources:
+  - namespaces
+  - pods
+  - nodes
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups: ["apps"]
+  resources:
+  - replicasets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["batch"]
+  resources:
+  - jobs
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: filebeat
+  namespace: monitoring
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: filebeat
+subjects:
+- kind: ServiceAccount
+  name: filebeat
+  namespace: monitoring
+roleRef:
+  kind: ClusterRole
+  name: filebeat
+  apiGroup: rbac.authorization.k8s.io