apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: metricbeat-hosts namespace: elastic-monitoring spec: type: metricbeat version: 7.10.0 elasticsearchRef: name: elasticsearch kibanaRef: name: kibana config: setup.kibana.ssl.certificate_authorities: ["/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"] metricbeat: autodiscover: providers: - type: kubernetes scope: node node: ${NODE_NAME} templates: - condition: contains: kubernetes.namespace: openshift-dns config: - module: coredns metricsets: - stats period: 10s hosts: ["https://${data.host}:9154"] ssl.verification_mode: none bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - condition: contains: kubernetes.labels.app: kube-controller-manager kubernetes.namespace: openshift-kube-controller-manager config: - module: kubernetes enabled: true metricsets: - controllermanager hosts: [ "https://${data.host}:10257" ] bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: none period: 10s - condition: contains: kubernetes.labels.app: openshift-kube-scheduler kubernetes.namespace: openshift-kube-scheduler config: - module: kubernetes enabled: true metricsets: - scheduler hosts: [ "https://${data.host}:10259" ] bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: none period: 10s - type: kubernetes scope: cluster node: ${NODE_NAME} unique: true templates: - config: - module: kubernetes hosts: ["https://kube-state-metrics.openshift-monitoring.svc:8443"] bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.certificate_authorities: - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt period: 10s timeout: 30s add_metadata: true metricsets: [ "state_node", "state_deployment", "state_daemonset", "state_replicaset", "state_pod", "state_container", "state_cronjob", "state_resourcequota", "state_statefulset" ] - module: kubernetes metricsets: - apiserver hosts: ["https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}"] bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: none period: 30s - type: kubernetes hints: default_config: {} enabled: "true" host: ${NODE_NAME} modules: - module: system period: 10s metricsets: [ "cpu" , "load", "memory", "network", "process", "process_summary"] process: include_top_n: by_cpu: 5 by_memory: 5 processes: - .* - module: system period: 1m metricsets: [ "filesystem" , "fsstat" ] processors: - drop_event: when: regexp: system: filesystem: mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib)($|/) - module: kubernetes period: 10s host: ${NODE_NAME} hosts: [ "https://${NODE_NAME}:10250" ] bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: none metricsets: [ "node" , "system" , "pod", "container", "volume" ] processors: - add_cloud_metadata: {} - add_host_metadata: {} daemonSet: podTemplate: spec: serviceAccountName: metricbeat automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context containers: - args: ["-e", "-c", "/etc/beat.yml", "-system.hostfs=/hostfs"] name: metricbeat resources: limits: memory: 2Gi requests: cpu: 2 memory: 2Gi securityContext: privileged: true runAsUser: 0 volumeMounts: - mountPath: /hostfs/sys/fs/cgroup name: cgroup - mountPath: /var/run/docker.sock name: dockersock - mountPath: /hostfs/proc name: proc env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName dnsPolicy: ClusterFirstWithHostNet hostNetwork: true # Allows to provide richer host metadata terminationGracePeriodSeconds: 30 tolerations: - operator: Exists nodeSelector: kubernetes.io/os: linux volumes: - hostPath: path: /sys/fs/cgroup name: cgroup - hostPath: path: /var/run/docker.sock name: dockersock - hostPath: path: /proc name: proc --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metricbeat rules: - apiGroups: - "" resources: - nodes - namespaces - events - pods verbs: - get - list - watch - apiGroups: - "extensions" resources: - replicasets verbs: - get - list - watch - apiGroups: - apps resources: - statefulsets - deployments - replicasets verbs: - get - list - watch - apiGroups: - "" resources: - nodes/stats - nodes/metrics verbs: - get - nonResourceURLs: - /metrics verbs: - get - apiGroups: - coordination.k8s.io resources: - leases verbs: - '*' --- apiVersion: v1 kind: ServiceAccount metadata: name: metricbeat namespace: elastic-monitoring --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: metricbeat subjects: - kind: ServiceAccount name: metricbeat namespace: elastic-monitoring roleRef: kind: ClusterRole name: metricbeat apiGroup: rbac.authorization.k8s.io