--- apiVersion: v1 kind: ConfigMap metadata: name: filebeat-config namespace: logging data: filebeat.yml: |- logging: level: warning setup: ilm: enabled: false template: name: filebeat pattern: filebeat-* http.enabled: true filebeat.autodiscover: providers: - type: kubernetes host: ${NODE_NAME} hints.enabled: true hints.default_config: type: container paths: - /var/log/containers/*${data.kubernetes.container.id}.log output: elasticsearch: hosts: - http://zinc:4080 path: "/es/" index: "filebeat-%{+yyyy.MM.dd}" username: "${ZINC_FIRST_ADMIN_USER}" password: "${ZINC_FIRST_ADMIN_PASSWORD}" --- apiVersion: apps/v1 kind: DaemonSet metadata: name: filebeat spec: updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 50% selector: matchLabels: app: filebeat template: metadata: labels: app: filebeat annotations: co.elastic.logs/json.keys_under_root: "true" spec: serviceAccountName: filebeat containers: - name: filebeat image: docker.elastic.co/beats/filebeat:8.4.1 args: - -c - /etc/filebeat.yml - -e securityContext: runAsUser: 0 env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: ZINC_FIRST_ADMIN_USER value: admin - name: ZINC_FIRST_ADMIN_PASSWORD value: salakala ports: - containerPort: 5066 resources: limits: memory: 200Mi requests: cpu: 100m memory: 100Mi volumeMounts: - name: filebeat-config mountPath: /etc/filebeat.yml readOnly: true subPath: filebeat.yml - name: data mountPath: /usr/share/filebeat/data - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true - name: varlog mountPath: /var/log readOnly: true - name: exporter image: sepa/beats-exporter args: - -p=5066 ports: - containerPort: 8080 name: exporter protocol: TCP volumes: - name: filebeat-config configMap: defaultMode: 0600 name: filebeat-config - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: varlog hostPath: path: /var/log - name: data hostPath: path: /var/lib/filebeat-data type: DirectoryOrCreate tolerations: - operator: "Exists" effect: "NoExecute" - operator: "Exists" effect: "NoSchedule" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: logging-filebeat subjects: - kind: ServiceAccount name: filebeat namespace: logging roleRef: kind: ClusterRole name: filebeat apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: filebeat namespace: logging labels: app: filebeat --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: filebeat spec: podSelector: matchLabels: app: filebeat policyTypes: - Ingress - Egress ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: prometheus-operator podSelector: matchLabels: app.kubernetes.io/name: prometheus ports: - protocol: TCP port: 8080 egress: - to: - podSelector: matchLabels: app: zinc ports: - protocol: TCP port: 4080 --- apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: filebeat spec: selector: matchLabels: app: filebeat podMetricsEndpoints: - port: exporter