apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: filebeat spec: type: filebeat version: 8.17.0 elasticsearchRef: name: elasticsearch kibanaRef: name: kibana config: filebeat.autodiscover.providers: - node: ${NODE_NAME} type: kubernetes hints.default_config.enabled: "false" templates: - condition.equals.kubernetes.namespace: log-namespace config: - paths: ["/var/log/containers/*${data.kubernetes.container.id}.log"] id: kubernetes-container-logs-${data.kubernetes.pod.name}-${data.kubernetes.container.id} type: filestream parsers: - container: ~ prospector: scanner: fingerprint.enabled: true symlinks: true file_identity.fingerprint: ~ - condition.equals.kubernetes.labels.log-label: "true" config: - paths: ["/var/log/containers/*${data.kubernetes.container.id}.log"] id: kubernetes-container-logs-${data.kubernetes.pod.name}-${data.kubernetes.container.id} type: filestream parsers: - container: ~ prospector: scanner: fingerprint.enabled: true symlinks: true file_identity.fingerprint: ~ processors: - add_cloud_metadata: {} - add_host_metadata: {} daemonSet: podTemplate: spec: serviceAccountName: filebeat automountServiceAccountToken: true terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirstWithHostNet hostNetwork: true # Allows to provide richer host metadata containers: - name: filebeat securityContext: runAsUser: 0 # If using Red Hat OpenShift uncomment this: #privileged: true volumeMounts: - name: varlogcontainers mountPath: /var/log/containers - name: varlogpods mountPath: /var/log/pods - name: varlibdockercontainers mountPath: /var/lib/docker/containers env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumes: - name: varlogcontainers hostPath: path: /var/log/containers - name: varlogpods hostPath: path: /var/log/pods - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: filebeat rules: - apiGroups: [""] # "" indicates the core API group resources: - namespaces - pods - nodes verbs: - get - watch - list --- apiVersion: v1 kind: ServiceAccount metadata: name: filebeat namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: filebeat subjects: - kind: ServiceAccount name: filebeat namespace: default roleRef: kind: ClusterRole name: filebeat apiGroup: rbac.authorization.k8s.io --- apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elasticsearch spec: version: 8.17.0 nodeSets: - name: default count: 3 config: node.store.allow_mmap: false --- apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana spec: version: 8.17.0 count: 1 elasticsearchRef: name: elasticsearch ...