--- # metricbeat resources apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: metricbeat spec: type: metricbeat version: 8.17.0 elasticsearchRef: name: elasticsearch-monitoring config: metricbeat: autodiscover: providers: - type: kubernetes scope: cluster hints.enabled: true templates: - condition: contains: kubernetes.labels.scrape: es config: - module: elasticsearch metricsets: - ccr - cluster_stats - enrich - index - index_recovery - index_summary - ingest_pipeline - ml_job - node - node_stats - pending_tasks - shard period: 10s hosts: "https://${data.host}:${data.ports.https}" username: ${MONITORED_ES_USERNAME} password: ${MONITORED_ES_PASSWORD} # WARNING: disables TLS as the default certificate is not valid for the pod FQDN # TODO: switch this to "certificate" when available: https://github.com/elastic/beats/issues/8164 ssl.verification_mode: "none" xpack.enabled: true - condition: contains: kubernetes.labels.scrape: kb config: - module: kibana metricsets: - stats period: 10s hosts: "https://${data.host}:${data.ports.https}" username: ${MONITORED_ES_USERNAME} password: ${MONITORED_ES_PASSWORD} # WARNING: disables TLS as the default certificate is not valid for the pod FQDN # TODO: switch this to "certificate" when available: https://github.com/elastic/beats/issues/8164 ssl.verification_mode: "none" xpack.enabled: true processors: - add_cloud_metadata: {} logging.json: true # See https://github.com/elastic/beats/pull/41640 # Since 8.15 the default index template for metricbeat exceeds the default # index mapping total fields limit. setup.template.settings: index.mapping.total_fields.limit: 12500 deployment: podTemplate: spec: serviceAccountName: metricbeat automountServiceAccountToken: true # required to read /etc/beat.yml securityContext: runAsUser: 0 containers: - name: metricbeat env: - name: MONITORED_ES_USERNAME value: elastic - name: MONITORED_ES_PASSWORD valueFrom: secretKeyRef: key: elastic name: elasticsearch-es-elastic-user --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metricbeat rules: - apiGroups: [""] # "" indicates the core API group resources: - namespaces - pods - nodes verbs: - get - watch - list - apiGroups: ["apps"] resources: - replicasets verbs: - get - list - watch - apiGroups: ["batch"] resources: - jobs verbs: - get - list - watch --- apiVersion: v1 kind: ServiceAccount metadata: name: metricbeat namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: metricbeat subjects: - kind: ServiceAccount name: metricbeat namespace: default roleRef: kind: ClusterRole name: metricbeat apiGroup: rbac.authorization.k8s.io --- # filebeat resources apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: filebeat spec: type: filebeat version: 8.17.0 elasticsearchRef: name: elasticsearch-monitoring kibanaRef: name: kibana-monitoring config: filebeat: autodiscover: providers: - type: kubernetes node: ${NODE_NAME} hints: enabled: true default_config: type: filestream id: kubernetes-container-logs-${data.kubernetes.pod.name}-${data.kubernetes.container.id} paths: - /var/log/containers/*${data.kubernetes.container.id}.log parsers: - container: ~ prospector: scanner: fingerprint.enabled: true symlinks: true file_identity.fingerprint: ~ processors: - add_cloud_metadata: {} - add_host_metadata: {} logging.json: true daemonSet: podTemplate: spec: serviceAccountName: filebeat automountServiceAccountToken: true terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirstWithHostNet hostNetwork: true # Allows to provide richer host metadata securityContext: runAsUser: 0 # If using Red Hat OpenShift uncomment this: #privileged: true containers: - name: filebeat volumeMounts: - name: varlogcontainers mountPath: /var/log/containers - name: varlogpods mountPath: /var/log/pods - name: varlibdockercontainers mountPath: /var/lib/docker/containers env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumes: - name: varlogcontainers hostPath: path: /var/log/containers - name: varlogpods hostPath: path: /var/log/pods - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: filebeat rules: - apiGroups: [""] # "" indicates the core API group resources: - namespaces - pods - nodes verbs: - get - watch - list - apiGroups: ["apps"] resources: - replicasets verbs: - get - list - watch - apiGroups: ["batch"] resources: - jobs verbs: - get - list - watch --- apiVersion: v1 kind: ServiceAccount metadata: name: filebeat namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: filebeat subjects: - kind: ServiceAccount name: filebeat namespace: default roleRef: kind: ClusterRole name: filebeat apiGroup: rbac.authorization.k8s.io --- # ES and Kibana resources apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elasticsearch spec: version: 8.17.0 nodeSets: - name: default count: 3 config: node.store.allow_mmap: false podTemplate: metadata: labels: scrape: es --- apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana spec: version: 8.17.0 count: 1 elasticsearchRef: name: elasticsearch config: # https://www.elastic.co/guide/en/kibana/current/monitoring-metricbeat.html monitoring.kibana.collection.enabled: false podTemplate: metadata: labels: scrape: kb --- apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elasticsearch-monitoring spec: version: 8.17.0 nodeSets: - name: default count: 3 config: node.store.allow_mmap: false --- apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana-monitoring spec: version: 8.17.0 count: 1 elasticsearchRef: name: elasticsearch-monitoring config: # enable the UI to reflect container level CPU usage, only displays info if CPU limits are set on the monitored ES cluster # https://www.elastic.co/guide/en/kibana/current/monitoring-settings-kb.html monitoring.ui.container.elasticsearch.enabled: true ...