about summary refs log tree commit diff
path: root/tools/eck-operator
diff options
context:
space:
mode:
Diffstat (limited to 'tools/eck-operator')
-rw-r--r--tools/eck-operator/templates/beat.yaml75
1 files changed, 68 insertions, 7 deletions
diff --git a/tools/eck-operator/templates/beat.yaml b/tools/eck-operator/templates/beat.yaml
index 0b9edd4..2783b8b 100644
--- a/tools/eck-operator/templates/beat.yaml
+++ b/tools/eck-operator/templates/beat.yaml
@@ -2,25 +2,48 @@ apiVersion: beat.k8s.elastic.co/v1beta1
 kind: Beat
 metadata:
   name: log-storage
+  namespace: elastic-system
 spec:
   type: filebeat
   version: 8.14.1
   elasticsearchRef:
     name: log-storage
   config:
-    filebeat.inputs:
-    - type: container
-      paths:
-      - /var/log/containers/*.log
+    filebeat:
+      autodiscover:
+        providers:
+        - type: kubernetes
+          node: ${NODE_NAME}
+          hints:
+            enabled: true
+            default_config:
+              type: container
+              paths:
+              - /var/log/containers/*${data.kubernetes.container.id}.log
+    processors:
+    - add_fields:
+        target: event
+        fields:
+          dataset: log-storage
+    - add_cloud_metadata: {}
+    - add_host_metadata: {}
   daemonSet:
     podTemplate:
       spec:
+        serviceAccountName: filebeat
+        automountServiceAccountToken: true
+        tolerations:
+        - key: node-role.kubernetes.io/master
+          effect: NoSchedule
+        terminationGracePeriodSeconds: 30
         dnsPolicy: ClusterFirstWithHostNet
-        hostNetwork: true
-        securityContext:
-          runAsUser: 0
+        hostNetwork: true # Allows to provide richer host metadata
         containers:
         - name: filebeat
+          securityContext:
+            runAsUser: 0
+            # If using Red Hat OpenShift uncomment this:
+            #privileged: true
           volumeMounts:
           - name: varlogcontainers
             mountPath: /var/log/containers
@@ -28,6 +51,11 @@ spec:
             mountPath: /var/log/pods
           - name: varlibdockercontainers
             mountPath: /var/lib/docker/containers
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
         volumes:
         - name: varlogcontainers
           hostPath:
@@ -38,3 +66,36 @@ spec:
         - name: varlibdockercontainers
           hostPath:
             path: /var/lib/docker/containers
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: filebeat
+rules:
+- apiGroups: [""] # "" indicates the core API group
+  resources:
+  - namespaces
+  - pods
+  verbs:
+  - get
+  - watch
+  - list
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: filebeat
+  namespace: elastic-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: filebeat
+subjects:
+- kind: ServiceAccount
+  name: filebeat
+  namespace: elastic-system
+roleRef:
+  kind: ClusterRole
+  name: filebeat
+  apiGroup: rbac.authorization.k8s.io
generated by cgit-pink 1.4.1-2-gfad0 (git 2.37.1) at 2024-12-26 05:17:41 +0100