--- apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: filebeat namespace: elastic-system spec: type: filebeat version: 7.10.0 elasticsearchRef: name: elasticsearch-monitoring kibanaRef: name: kibana-monitoring config: filebeat: autodiscover: providers: - type: kubernetes node: ${HOSTNAME} hints: enabled: true default_config: type: container paths: - /var/log/containers/*${data.kubernetes.container.id}.log processors: - add_cloud_metadata: {} - add_host_metadata: {} daemonSet: podTemplate: spec: serviceAccountName: filebeat automountServiceAccountToken: true terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirstWithHostNet hostNetwork: true # Allows to provide richer host metadata containers: - name: filebeat ports: - containerPort: 5066 name: monitoring protocol: TCP securityContext: runAsUser: 0 # If using Red Hat OpenShift uncomment this: #privileged: true volumeMounts: - name: varlogcontainers mountPath: /var/log/containers - name: varlogpods mountPath: /var/log/pods - name: varlibdockercontainers mountPath: /var/lib/docker/containers env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumes: - name: varlogcontainers hostPath: path: /var/log/containers - name: varlogpods hostPath: path: /var/log/pods - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: filebeat namespace: elastic-system rules: - apiGroups: [""] # "" indicates the core API group resources: - namespaces - pods verbs: - get - watch - list --- apiVersion: v1 kind: ServiceAccount metadata: name: filebeat namespace: elastic-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: filebeat namespace: elastic-system subjects: - kind: ServiceAccount name: filebeat namespace: elastic-system roleRef: kind: ClusterRole name: filebeat apiGroup: rbac.authorization.k8s.io --- apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: metricbeat namespace: elastic-system spec: type: metricbeat version: 7.10.0 elasticsearchRef: name: elasticsearch-monitoring kibanaRef: name: kibana-monitoring config: metricbeat: autodiscover: providers: - hints: default_config: {} enabled: "true" host: ${NODE_NAME} type: kubernetes modules: - module: system period: 10s metricsets: - cpu - load - memory - network - process - process_summary process: include_top_n: by_cpu: 5 by_memory: 5 processes: - .* - module: system period: 1m metricsets: - filesystem - fsstat processors: - drop_event: when: regexp: system: filesystem: mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib)($|/) - module: kubernetes period: 10s host: ${NODE_NAME} hosts: - https://${NODE_NAME}:10250 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl: verification_mode: none metricsets: - node - system - pod - container - volume - module: prometheus period: 10s hosts: - http://tekton-pipelines-controller.tekton-pipelines:9090 metrics_path: /metrics processors: - add_cloud_metadata: {} - add_host_metadata: {} daemonSet: podTemplate: spec: serviceAccountName: metricbeat automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context containers: - args: - -e - -c - /etc/beat.yml - -system.hostfs=/hostfs name: metricbeat volumeMounts: - mountPath: /hostfs/sys/fs/cgroup name: cgroup - mountPath: /var/run/docker.sock name: dockersock - mountPath: /hostfs/proc name: proc env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName dnsPolicy: ClusterFirstWithHostNet hostNetwork: true # Allows to provide richer host metadata securityContext: runAsUser: 0 terminationGracePeriodSeconds: 30 volumes: - hostPath: path: /sys/fs/cgroup name: cgroup - hostPath: path: /var/run/docker.sock name: dockersock - hostPath: path: /proc name: proc --- # permissions needed for metricbeat # source: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-kubernetes.html apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metricbeat namespace: elastic-system rules: - apiGroups: - "" resources: - nodes - namespaces - events - pods verbs: - get - list - watch - apiGroups: - "extensions" resources: - replicasets verbs: - get - list - watch - apiGroups: - apps resources: - statefulsets - deployments - replicasets verbs: - get - list - watch - apiGroups: - "" resources: - nodes/stats verbs: - get - nonResourceURLs: - /metrics verbs: - get --- apiVersion: v1 kind: ServiceAccount metadata: name: metricbeat namespace: elastic-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: metricbeat namespace: elastic-system subjects: - kind: ServiceAccount name: metricbeat namespace: elastic-system roleRef: kind: ClusterRole name: metricbeat apiGroup: rbac.authorization.k8s.io ---