From 1665fcdc6509573a2f734c29e3cf1aabd34b384b Mon Sep 17 00:00:00 2001 From: chrismark Date: Wed, 7 Apr 2021 11:46:44 +0300 Subject: [PATCH 1/4] Update k8s manifests to use proper roles' scope for leaderelection Signed-off-by: chrismark --- deploy/kubernetes/metricbeat-kubernetes.yaml | 34 +++++++++++++++---- .../metricbeat/metricbeat-role-binding.yaml | 13 +++++++ .../metricbeat/metricbeat-role.yaml | 21 ++++++++---- 3 files changed, 56 insertions(+), 12 deletions(-) diff --git a/deploy/kubernetes/metricbeat-kubernetes.yaml b/deploy/kubernetes/metricbeat-kubernetes.yaml index ce685aa0975..f982cdf48ff 100644 --- a/deploy/kubernetes/metricbeat-kubernetes.yaml +++ b/deploy/kubernetes/metricbeat-kubernetes.yaml @@ -270,12 +270,34 @@ rules: - "/metrics" verbs: - get -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: metricbeat +subjects: + - kind: ServiceAccount + name: metricbeat + namespace: kube-system +roleRef: + kind: Role + name: metricbeat + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: metricbeat + namespace: kube-system + labels: + k8s-app: metricbeat +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - ["get", "create", "update"] --- apiVersion: v1 kind: ServiceAccount diff --git a/deploy/kubernetes/metricbeat/metricbeat-role-binding.yaml b/deploy/kubernetes/metricbeat/metricbeat-role-binding.yaml index 3f6f7b62439..b9ac602a559 100644 --- a/deploy/kubernetes/metricbeat/metricbeat-role-binding.yaml +++ b/deploy/kubernetes/metricbeat/metricbeat-role-binding.yaml @@ -10,3 +10,16 @@ roleRef: kind: ClusterRole name: metricbeat apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: metricbeat +subjects: + - kind: ServiceAccount + name: metricbeat + namespace: kube-system +roleRef: + kind: Role + name: metricbeat + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/metricbeat/metricbeat-role.yaml b/deploy/kubernetes/metricbeat/metricbeat-role.yaml index 0eb2e89c7bd..b379f62aa10 100644 --- a/deploy/kubernetes/metricbeat/metricbeat-role.yaml +++ b/deploy/kubernetes/metricbeat/metricbeat-role.yaml @@ -38,9 +38,18 @@ rules: - "/metrics" verbs: - get -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: metricbeat + namespace: kube-system + labels: + k8s-app: metricbeat +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - ["get", "create", "update"] From d0a5fcbf3678ed47736d0ba2f8cb2b51388b0446 Mon Sep 17 00:00:00 2001 From: chrismark Date: Wed, 7 Apr 2021 13:33:01 +0300 Subject: [PATCH 2/4] fixes Signed-off-by: chrismark --- deploy/kubernetes/metricbeat-kubernetes.yaml | 14 +++++++------- .../metricbeat/metricbeat-role-binding.yaml | 1 + deploy/kubernetes/metricbeat/metricbeat-role.yaml | 3 +-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/kubernetes/metricbeat-kubernetes.yaml b/deploy/kubernetes/metricbeat-kubernetes.yaml index f982cdf48ff..f02e9e20f87 100644 --- a/deploy/kubernetes/metricbeat-kubernetes.yaml +++ b/deploy/kubernetes/metricbeat-kubernetes.yaml @@ -147,7 +147,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: metricbeat - image: docker.elastic.co/beats/metricbeat:8.0.0 + image: docker.elastic.co/beats/metricbeat:7.12.0 args: [ "-c", "/etc/metricbeat.yml", "-e", @@ -274,6 +274,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + namespace: kube-system name: metricbeat subjects: - kind: ServiceAccount @@ -292,12 +293,11 @@ metadata: labels: k8s-app: metricbeat rules: - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - ["get", "create", "update"] +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] --- apiVersion: v1 kind: ServiceAccount diff --git a/deploy/kubernetes/metricbeat/metricbeat-role-binding.yaml b/deploy/kubernetes/metricbeat/metricbeat-role-binding.yaml index b9ac602a559..a3a4438e068 100644 --- a/deploy/kubernetes/metricbeat/metricbeat-role-binding.yaml +++ b/deploy/kubernetes/metricbeat/metricbeat-role-binding.yaml @@ -15,6 +15,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: metricbeat + namespace: kube-system subjects: - kind: ServiceAccount name: metricbeat diff --git a/deploy/kubernetes/metricbeat/metricbeat-role.yaml b/deploy/kubernetes/metricbeat/metricbeat-role.yaml index b379f62aa10..74a97e1d38d 100644 --- a/deploy/kubernetes/metricbeat/metricbeat-role.yaml +++ b/deploy/kubernetes/metricbeat/metricbeat-role.yaml @@ -51,5 +51,4 @@ rules: - coordination.k8s.io resources: - leases - verbs: - - ["get", "create", "update"] + verbs: ["get", "create", "update"] From da4c0c59068c888aa95a8e083f5c92bf5fc16101 Mon Sep 17 00:00:00 2001 From: chrismark Date: Wed, 7 Apr 2021 13:36:11 +0300 Subject: [PATCH 3/4] fix version Signed-off-by: chrismark --- deploy/kubernetes/metricbeat-kubernetes.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/kubernetes/metricbeat-kubernetes.yaml b/deploy/kubernetes/metricbeat-kubernetes.yaml index f02e9e20f87..0d89122184f 100644 --- a/deploy/kubernetes/metricbeat-kubernetes.yaml +++ b/deploy/kubernetes/metricbeat-kubernetes.yaml @@ -147,7 +147,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: metricbeat - image: docker.elastic.co/beats/metricbeat:7.12.0 + image: docker.elastic.co/beats/metricbeat:8.0.0 args: [ "-c", "/etc/metricbeat.yml", "-e", From 28e24dc8854feb6a1e2690f86d38b86ad6e94cb6 Mon Sep 17 00:00:00 2001 From: chrismark Date: Wed, 7 Apr 2021 14:17:42 +0300 Subject: [PATCH 4/4] fix lint issue Signed-off-by: chrismark --- deploy/kubernetes/metricbeat-kubernetes.yaml | 38 ++++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/deploy/kubernetes/metricbeat-kubernetes.yaml b/deploy/kubernetes/metricbeat-kubernetes.yaml index 0d89122184f..952274c5420 100644 --- a/deploy/kubernetes/metricbeat-kubernetes.yaml +++ b/deploy/kubernetes/metricbeat-kubernetes.yaml @@ -231,6 +231,20 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: metricbeat + namespace: kube-system +subjects: + - kind: ServiceAccount + name: metricbeat + namespace: kube-system +roleRef: + kind: Role + name: metricbeat + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metricbeat @@ -272,20 +286,6 @@ rules: - get --- apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: kube-system - name: metricbeat -subjects: - - kind: ServiceAccount - name: metricbeat - namespace: kube-system -roleRef: - kind: Role - name: metricbeat - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: metricbeat @@ -293,11 +293,11 @@ metadata: labels: k8s-app: metricbeat rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: ["get", "create", "update"] + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] --- apiVersion: v1 kind: ServiceAccount