apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: metricbeat spec: type: metricbeat version: 8.17.0 elasticsearchRef: name: elasticsearch kibanaRef: name: kibana config: metricbeat: autodiscover: providers: - type: kubernetes scope: cluster node: ${NODE_NAME} unique: true templates: - config: - module: kubernetes hosts: ["https://kube-state-metrics.openshift-monitoring.svc:8443"] bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: none ssl.certificate_authorities: - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt period: 10s timeout: 30s add_metadata: true metricsets: - state_node - state_deployment - state_daemonset - state_replicaset - state_pod - state_container - state_cronjob - state_resourcequota - state_statefulset - module: kubernetes metricsets: - apiserver hosts: ["https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}"] bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: none period: 30s - hints: default_config: {} enabled: "true" node: ${NODE_NAME} type: kubernetes modules: - module: system period: 10s metricsets: - cpu - load - memory - network - process - process_summary process: include_top_n: by_cpu: 5 by_memory: 5 processes: - .* - module: system period: 1m metricsets: - filesystem - fsstat processors: - drop_event: when: regexp: system: filesystem: mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib)($|/) - module: kubernetes period: 10s node: ${NODE_NAME} hosts: - https://${NODE_NAME}:10250 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl: verification_mode: none ssl.certificate_authorities: - /run/secrets/kubernetes.io/serviceaccount/service-ca.crt metricsets: - node - system - pod - container - volume processors: - add_cloud_metadata: {} - add_host_metadata: {} daemonSet: podTemplate: spec: serviceAccountName: metricbeat automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context containers: - args: - -e - -c - /etc/beat.yml - --system.hostfs=/hostfs name: metricbeat securityContext: runAsUser: 0 privileged: true # This is required to access kubelet API volumeMounts: - mountPath: /hostfs/sys/fs/cgroup name: cgroup - mountPath: /var/run/docker.sock name: dockersock - mountPath: /hostfs/proc name: proc env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName resources: limits: memory: 2Gi requests: cpu: 2 memory: 2Gi dnsPolicy: ClusterFirstWithHostNet hostNetwork: true # Allows to provide richer host metadata terminationGracePeriodSeconds: 30 volumes: - hostPath: path: /sys/fs/cgroup name: cgroup - hostPath: path: /var/run/docker.sock name: dockersock - hostPath: path: /proc name: proc --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metricbeat rules: - apiGroups: - "" resources: - nodes - namespaces - events - pods verbs: - get - list - watch - apiGroups: - "extensions" resources: - replicasets verbs: - get - list - watch - apiGroups: - apps resources: - statefulsets - deployments - replicasets verbs: - get - list - watch - apiGroups: - "" resources: - nodes/stats - nodes/metrics verbs: - get - nonResourceURLs: - /metrics verbs: - get - apiGroups: - coordination.k8s.io resources: - leases verbs: - '*' --- apiVersion: v1 kind: ServiceAccount metadata: name: metricbeat namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: metricbeat subjects: - kind: ServiceAccount name: metricbeat namespace: default roleRef: kind: ClusterRole name: metricbeat apiGroup: rbac.authorization.k8s.io --- apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: filebeat spec: type: filebeat version: 8.17.0 elasticsearchRef: name: elasticsearch kibanaRef: name: kibana config: filebeat: autodiscover: providers: - type: kubernetes node: ${NODE_NAME} hints: enabled: true default_config: type: filestream id: kubernetes-container-logs-${data.kubernetes.pod.name}-${data.kubernetes.container.id} paths: - /var/log/containers/*${data.kubernetes.container.id}.log parsers: - container: ~ prospector: scanner: fingerprint.enabled: true symlinks: true file_identity.fingerprint: ~ processors: - add_cloud_metadata: {} - add_host_metadata: {} daemonSet: podTemplate: spec: serviceAccountName: filebeat automountServiceAccountToken: true terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirstWithHostNet hostNetwork: true # Allows to provide richer host metadata containers: - name: filebeat securityContext: runAsUser: 0 privileged: true # This is required to access other containers logs volumeMounts: - name: varlogcontainers mountPath: /var/log/containers - name: varlogpods mountPath: /var/log/pods - name: varlibdockercontainers mountPath: /var/lib/docker/containers env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumes: - name: varlogcontainers hostPath: path: /var/log/containers - name: varlogpods hostPath: path: /var/log/pods - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: filebeat rules: - apiGroups: [""] # "" indicates the core API group resources: - namespaces - pods - nodes verbs: - get - watch - list --- apiVersion: v1 kind: ServiceAccount metadata: name: filebeat namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: filebeat subjects: - kind: ServiceAccount name: filebeat namespace: default roleRef: kind: ClusterRole name: filebeat apiGroup: rbac.authorization.k8s.io --- apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elasticsearch spec: version: 8.17.0 nodeSets: - name: default count: 3 config: node.store.allow_mmap: false --- apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana spec: version: 8.17.0 count: 1 elasticsearchRef: name: elasticsearch ...