From e86663c99e616a42fd1b9ed9447c697abea8ebaf Mon Sep 17 00:00:00 2001
From: makefunstuff <plugatariov@gmail.com>
Date: Sat, 29 Jun 2024 23:47:15 +0300
Subject: beat more

---
 tools/eck-operator/templates/beat.yaml | 75 ++++++++++++++++++++++++++++++----
 1 file changed, 68 insertions(+), 7 deletions(-)

(limited to 'tools/eck-operator/templates')

diff --git a/tools/eck-operator/templates/beat.yaml b/tools/eck-operator/templates/beat.yaml
index 0b9edd4..2783b8b 100644
--- a/tools/eck-operator/templates/beat.yaml
+++ b/tools/eck-operator/templates/beat.yaml
@@ -2,25 +2,48 @@ apiVersion: beat.k8s.elastic.co/v1beta1
 kind: Beat
 metadata:
   name: log-storage
+  namespace: elastic-system
 spec:
   type: filebeat
   version: 8.14.1
   elasticsearchRef:
     name: log-storage
   config:
-    filebeat.inputs:
-    - type: container
-      paths:
-      - /var/log/containers/*.log
+    filebeat:
+      autodiscover:
+        providers:
+        - type: kubernetes
+          node: ${NODE_NAME}
+          hints:
+            enabled: true
+            default_config:
+              type: container
+              paths:
+              - /var/log/containers/*${data.kubernetes.container.id}.log
+    processors:
+    - add_fields:
+        target: event
+        fields:
+          dataset: log-storage
+    - add_cloud_metadata: {}
+    - add_host_metadata: {}
   daemonSet:
     podTemplate:
       spec:
+        serviceAccountName: filebeat
+        automountServiceAccountToken: true
+        tolerations:
+        - key: node-role.kubernetes.io/master
+          effect: NoSchedule
+        terminationGracePeriodSeconds: 30
         dnsPolicy: ClusterFirstWithHostNet
-        hostNetwork: true
-        securityContext:
-          runAsUser: 0
+        hostNetwork: true # Allows to provide richer host metadata
         containers:
         - name: filebeat
+          securityContext:
+            runAsUser: 0
+            # If using Red Hat OpenShift uncomment this:
+            #privileged: true
           volumeMounts:
           - name: varlogcontainers
             mountPath: /var/log/containers
@@ -28,6 +51,11 @@ spec:
             mountPath: /var/log/pods
           - name: varlibdockercontainers
             mountPath: /var/lib/docker/containers
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
         volumes:
         - name: varlogcontainers
           hostPath:
@@ -38,3 +66,36 @@ spec:
         - name: varlibdockercontainers
           hostPath:
             path: /var/lib/docker/containers
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: filebeat
+rules:
+- apiGroups: [""] # "" indicates the core API group
+  resources:
+  - namespaces
+  - pods
+  verbs:
+  - get
+  - watch
+  - list
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: filebeat
+  namespace: elastic-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: filebeat
+subjects:
+- kind: ServiceAccount
+  name: filebeat
+  namespace: elastic-system
+roleRef:
+  kind: ClusterRole
+  name: filebeat
+  apiGroup: rbac.authorization.k8s.io
-- 
cgit 1.4.1-2-gfad0