apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: log-storage spec: config: filebeat: autodiscover: providers: - node: ${NODE_NAME} type: kubernetes hints: enabled: true default_config: type: container paths: - /var/log/containers/*${data.kubernetes.container.id}.log daemonSet: podTemplate: spec: serviceAccount: elastic-beat-filebeat-log-storage automountServiceAccountToken: true containers: - name: filebeat env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName ... --- apiVersion: v1 kind: ServiceAccount metadata: name: elastic-beat-filebeat-log-storage --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: elastic-beat-autodiscover-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: elastic-beat-autodiscover subjects: - kind: ServiceAccount name: elastic-beat-filebeat-log-storage namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: elastic-beat-autodiscover rules: - apiGroups: - "" resources: - nodes - namespaces - events - pods verbs: - get - list - watch - apiGroups: ["apps"] resources: - replicasets verbs: - get - list - watch - apiGroups: ["batch"] resources: - jobs verbs: - get - list - watch