Skip to content

Commit

Permalink
Disable kubeadm for filebeat (both filbeat.input and filbeat.autodisc…
Browse files Browse the repository at this point in the history 
…over) (#40301)

* disable kubeadm for filebeat autodiscover

* Update filebeat/_meta/test/docs/01_playground/filebeat.yaml

Co-authored-by: Tiago Queiroz <tiago.queiroz@elastic.co>

* Update libbeat/processors/add_kubernetes_metadata/docs/add_kubernetes_metadata.asciidoc

Co-authored-by: Tiago Queiroz <tiago.queiroz@elastic.co>

* Update dev-tools/kubernetes/filebeat/Dockerfile.debug

Co-authored-by: Tiago Queiroz <tiago.queiroz@elastic.co>

* fixing docs and adding mericbeat references

* fixing docs and adding mericbeat references

* Update filebeat/_meta/config/filebeat.autodiscover.reference.yml.tmpl

Co-authored-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>

---------

Co-authored-by: Tiago Queiroz <tiago.queiroz@elastic.co>
Co-authored-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>
  • Loading branch information
@gizas @belimawr @tetianakravchenko
3 people authored Sep 18, 2024
1 parent cf83386 commit 89cd840
Show file tree
Hide file tree
Showing 19 changed files with 198 additions and 13 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
- Disable event normalization for netflow input {pull}40635[40635]
- Allow attribute selection in the Active Directory entity analytics provider. {issue}40482[40482] {pull}40662[40662]
- Improve error quality when CEL program does not correctly return an events array. {pull}40580[40580]
- Add `use_kubeadm` config option for filebeat (both filbeat.input and autodiscovery) in order to toggle kubeadm-config api requests {pull}40301[40301]

*Auditbeat*

Expand Down
2 changes: 1 addition & 1 deletion dev-tools/kubernetes/filebeat/Dockerfile.debug
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ ENV PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/go/bin:/usr/local/go/bin

ENV CGO_ENABLED=0

RUN go install github.com/go-delve/delve/cmd/dlv@v1.21.2
RUN go install github.com/go-delve/delve/cmd/dlv@latest

COPY build/filebeat-debugger /usr/share/filebeat/filebeat-debugger

Expand Down
2 changes: 1 addition & 1 deletion dev-tools/kubernetes/heartbeat/Dockerfile.debug
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ ENV PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/go/bin:/usr/local/go/bin

ENV CGO_ENABLED=0

RUN go install github.com/go-delve/delve/cmd/dlv@v1.21.2
RUN go install github.com/go-delve/delve/cmd/dlv@latest

COPY build/heartbeat-debugger /usr/share/heartbeat/heartbeat-debugger

Expand Down
2 changes: 1 addition & 1 deletion dev-tools/kubernetes/metricbeat/Dockerfile.debug
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ ENV PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/go/bin:/usr/local/go/bin

ENV CGO_ENABLED=0

RUN go install github.com/go-delve/delve/cmd/dlv@v1.21.2
RUN go install github.com/go-delve/delve/cmd/dlv@latest

COPY build/metricbeat-debugger /usr/share/metricbeat/metricbeat-debugger

Expand Down
24 changes: 24 additions & 0 deletions filebeat/_meta/config/filebeat.autodiscover.reference.yml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,27 @@
# - type: container
# paths:
# - /var/log/containers/*.log

#Example: for kubernetes container logs autodiscovery
# filebeat.autodiscover:
# providers:
# - type: kubernetes
# node: ${NODE_NAME}
# hints.enabled: true
# # By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
# use_kubeadm: true
# hints.default_config:
# type: filestream
# id: kubernetes-container-logs-${data.kubernetes.pod.name}-${data.kubernetes.container.id}
# paths:
# - /var/log/containers/*-${data.kubernetes.container.id}.log
# parsers:
# - container: ~
# prospector:
# scanner:
# fingerprint.enabled: true
# symlinks: true
# file_identity.fingerprint: ~

#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
# use_kubeadm: true
28 changes: 23 additions & 5 deletions filebeat/_meta/test/docs/01_playground/filebeat.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,20 @@ metadata:
data:
filebeat.yml: |-
filebeat.inputs:
- type: container
- type: filestream
id: kubernetes-container-logs
paths:
- /var/log/containers/*.log
parsers:
- container: ~
prospector:
scanner:
fingerprint.enabled: true
symlinks: true
file_identity.fingerprint: ~
processors:
- add_kubernetes_metadata:
#use_kubeadm: true
host: ${NODE_NAME}
matchers:
- logs_path:
Expand All @@ -25,10 +34,19 @@ data:
# - type: kubernetes
# node: ${NODE_NAME}
# hints.enabled: true
# #use_kubeadm: true
# hints.default_config:
# type: container
# type: filestream
# id: kubernetes-container-logs-${data.kubernetes.pod.name}-${data.kubernetes.container.id}
# paths:
# - /var/log/containers/*${data.kubernetes.container.id}.log
# - /var/log/containers/*-${data.kubernetes.container.id}.log
# parsers:
# - container: ~
# prospector:
# scanner:
# fingerprint.enabled: true
# symlinks: true
# file_identity.fingerprint: ~
processors:
- add_cloud_metadata:
Expand Down Expand Up @@ -64,12 +82,12 @@ spec:
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: filebeat
image: docker.elastic.co/beats/filebeat:8.0.0-SNAPSHOT
image: docker.elastic.co/beats/filebeat:8.16.0-SNAPSHOT
command: [ "sleep" ]
args: [ "infinity" ]
env:
- name: ELASTICSEARCH_HOST
value: elasticsearch.default.svc.cluster.local
value: elasticsearch
- name: ELASTICSEARCH_PORT
value: "9200"
- name: ELASTICSEARCH_USERNAME
Expand Down
24 changes: 24 additions & 0 deletions filebeat/filebeat.reference.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1219,6 +1219,30 @@ filebeat.inputs:
# paths:
# - /var/log/containers/*.log

#Example: for kubernetes container logs autodiscovery
# filebeat.autodiscover:
# providers:
# - type: kubernetes
# node: ${NODE_NAME}
# hints.enabled: true
# # By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
# use_kubeadm: true
# hints.default_config:
# type: filestream
# id: kubernetes-container-logs-${data.kubernetes.pod.name}-${data.kubernetes.container.id}
# paths:
# - /var/log/containers/*-${data.kubernetes.container.id}.log
# parsers:
# - container: ~
# prospector:
# scanner:
# fingerprint.enabled: true
# symlinks: true
# file_identity.fingerprint: ~

#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
# use_kubeadm: true

# ========================== Filebeat global options ===========================

# Registry data path. If a relative path is used, it is considered relative to the
Expand Down
2 changes: 2 additions & 0 deletions libbeat/autodiscover/providers/kubernetes/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ var AllSupportedHints = []string{"enabled", "module", "metricsets", "hosts", "pe
type Config struct {
KubeConfig string `config:"kube_config"`
KubeClientOptions kubernetes.KubeClientOptions `config:"kube_client_options"`
KubeAdm bool `config:"use_kubeadm"`

Namespace string `config:"namespace"`
SyncPeriod time.Duration `config:"sync_period"`
Expand Down Expand Up @@ -71,6 +72,7 @@ var DefaultCleanupTimeout time.Duration = 0
func defaultConfig() *Config {
return &Config{
SyncPeriod: 10 * time.Minute,
KubeAdm: true,
Resource: "pod",
CleanupTimeout: DefaultCleanupTimeout,
Prefix: "co.elastic",
Expand Down
9 changes: 9 additions & 0 deletions libbeat/autodiscover/providers/kubernetes/pod.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,15 @@ func NewPodEventer(uuid uuid.UUID, cfg *conf.C, client k8s.Interface, publish fu
}

metaConf := config.AddResourceMetadata
// We initialise the use_kubeadm variable based on modules KubeAdm base configuration
err = metaConf.Namespace.SetBool("use_kubeadm", -1, config.KubeAdm)
if err != nil {
logger.Errorf("couldn't set kubeadm variable for namespace due to error %+v", err)
}
err = metaConf.Node.SetBool("use_kubeadm", -1, config.KubeAdm)
if err != nil {
logger.Errorf("couldn't set kubeadm variable for node due to error %+v", err)
}

if metaConf.Node.Enabled() || config.Hints.Enabled() {
options := kubernetes.WatchOptions{
Expand Down
5 changes: 5 additions & 0 deletions libbeat/autodiscover/providers/kubernetes/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,11 @@ func NewServiceEventer(uuid uuid.UUID, cfg *conf.C, client k8s.Interface, publis
var namespaceWatcher kubernetes.Watcher

metaConf := config.AddResourceMetadata
// We initialise the use_kubeadm variable based on modules KubeAdm base configuration
err = metaConf.Namespace.SetBool("use_kubeadm", -1, config.KubeAdm)
if err != nil {
logger.Errorf("couldn't set kubeadm variable for namespace due to error %+v", err)
}

if metaConf.Namespace.Enabled() || config.Hints.Enabled() {
namespaceWatcher, err = kubernetes.NewNamedWatcher("namespace", client, &kubernetes.Namespace{}, kubernetes.WatchOptions{
Expand Down
1 change: 1 addition & 0 deletions libbeat/processors/add_kubernetes_metadata/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (
type kubeAnnotatorConfig struct {
KubeConfig string `config:"kube_config"`
KubeClientOptions kubernetes.KubeClientOptions `config:"kube_client_options"`
KubeAdm bool `config:"use_kubeadm"`
Node string `config:"node"`
Scope string `config:"scope"`
Namespace string `config:"namespace"`
Expand Down
1 change: 1 addition & 0 deletions libbeat/processors/add_kubernetes_metadata/docs/add_kubernetes_metadata.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,7 @@ Example:
-------------------------------------------------------------------------------------
`kube_config`:: (Optional) Use given config file as configuration for Kubernetes
client. It defaults to `KUBECONFIG` environment variable if present.
`use_kubeadm`:: (Optional) Default true. By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
`kube_client_options`:: (Optional) Additional options can be configured for Kubernetes
client. Currently client QPS and burst are supported, if not set Kubernetes client's
https://pkg.go.dev/k8s.io/client-go/rest#pkg-constants[default QPS and burst] will be used.
Expand Down
9 changes: 9 additions & 0 deletions libbeat/processors/add_kubernetes_metadata/kubernetes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,15 @@ func (k *kubernetesAnnotator) init(config kubeAnnotatorConfig, cfg *config.C) {
k.initOnce.Do(func() {
var replicaSetWatcher, jobWatcher, namespaceWatcher, nodeWatcher kubernetes.Watcher

// We initialise the use_kubeadm variable based on modules KubeAdm base configuration
err := config.AddResourceMetadata.Namespace.SetBool("use_kubeadm", -1, config.KubeAdm)
if err != nil {
k.log.Errorf("couldn't set kubeadm variable for namespace due to error %+v", err)
}
err = config.AddResourceMetadata.Node.SetBool("use_kubeadm", -1, config.KubeAdm)
if err != nil {
k.log.Errorf("couldn't set kubeadm variable for node due to error %+v", err)
}
client, err := kubernetes.GetKubernetesClient(config.KubeConfig, config.KubeClientOptions)
if err != nil {
if kubernetes.IsInCluster(config.KubeConfig) {
Expand Down
14 changes: 14 additions & 0 deletions metricbeat/docs/modules/kubernetes.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,8 @@ metricbeat.modules:
# If kube_config is not set, KUBECONFIG environment variable will be checked
# and if not present it will fall back to InCluster
#kube_config: ~/.kube/config
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true
#include_labels: []
#exclude_labels: []
#include_annotations: []
Expand Down Expand Up @@ -286,6 +288,8 @@ metricbeat.modules:
# If kube_config is not set, KUBECONFIG environment variable will be checked
# and if not present it will fall back to InCluster
#kube_config: ~/.kube/config
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true
#include_labels: []
#exclude_labels: []
#include_annotations: []
Expand Down Expand Up @@ -326,6 +330,8 @@ metricbeat.modules:
# If kube_config is not set, KUBECONFIG environment variable will be checked
# and if not present it will fall back to InCluster
#kube_config: ~/.kube/config
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true
# Set the namespace to watch for events
#namespace: staging
# Set the sync period of the watchers
Expand All @@ -346,6 +352,8 @@ metricbeat.modules:
ssl.certificate_authorities:
- /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
period: 30s
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true
# Kubernetes proxy server
# (when running metricbeat locally at hosts or as a daemonset + host network)
Expand All @@ -355,6 +363,8 @@ metricbeat.modules:
- proxy
hosts: ["localhost:10249"]
period: 10s
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true
# Kubernetes controller manager
# (URL and deployment method should be adapted to match the controller manager deployment / service / endpoint)
Expand All @@ -364,6 +374,8 @@ metricbeat.modules:
- controllermanager
hosts: ["http://localhost:10252"]
period: 10s
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true
# Kubernetes scheduler
# (URL and deployment method should be adapted to match scheduler deployment / service / endpoint)
Expand All @@ -373,6 +385,8 @@ metricbeat.modules:
- scheduler
hosts: ["localhost:10251"]
period: 10s
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true
----

This module supports TLS connections when using `ssl` config field, as described in <<configuration-ssl>>.
Expand Down
14 changes: 14 additions & 0 deletions metricbeat/metricbeat.reference.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -522,6 +522,8 @@ metricbeat.modules:
# If kube_config is not set, KUBECONFIG environment variable will be checked
# and if not present it will fall back to InCluster
#kube_config: ~/.kube/config
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true
#include_labels: []
#exclude_labels: []
#include_annotations: []
Expand Down Expand Up @@ -573,6 +575,8 @@ metricbeat.modules:
# If kube_config is not set, KUBECONFIG environment variable will be checked
# and if not present it will fall back to InCluster
#kube_config: ~/.kube/config
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true
#include_labels: []
#exclude_labels: []
#include_annotations: []
Expand Down Expand Up @@ -613,6 +617,8 @@ metricbeat.modules:
# If kube_config is not set, KUBECONFIG environment variable will be checked
# and if not present it will fall back to InCluster
#kube_config: ~/.kube/config
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true
# Set the namespace to watch for events
#namespace: staging
# Set the sync period of the watchers
Expand All @@ -633,6 +639,8 @@ metricbeat.modules:
ssl.certificate_authorities:
- /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
period: 30s
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true

# Kubernetes proxy server
# (when running metricbeat locally at hosts or as a daemonset + host network)
Expand All @@ -642,6 +650,8 @@ metricbeat.modules:
- proxy
hosts: ["localhost:10249"]
period: 10s
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true

# Kubernetes controller manager
# (URL and deployment method should be adapted to match the controller manager deployment / service / endpoint)
Expand All @@ -651,6 +661,8 @@ metricbeat.modules:
- controllermanager
hosts: ["http://localhost:10252"]
period: 10s
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true

# Kubernetes scheduler
# (URL and deployment method should be adapted to match scheduler deployment / service / endpoint)
Expand All @@ -660,6 +672,8 @@ metricbeat.modules:
- scheduler
hosts: ["localhost:10251"]
period: 10s
#By default requests to kubeadm config map are made in order to enrich cluster name by requesting /api/v1/namespaces/kube-system/configmaps/kubeadm-config API endpoint.
use_kubeadm: true

#--------------------------------- KVM Module ---------------------------------
- module: kvm
Expand Down
Loading

0 comments on commit 89cd840

Please sign in to comment.