Merge pull request #471 from ChrsMark/patch-2

Make use of secure port when accessing Kubelet API
elastic · Apr 3, 2020 · a03b78e · a03b78e
2 parents e7ed45d + 2aed960
commit a03b78e
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/metricbeat/examples/security/values.yaml b/metricbeat/examples/security/values.yaml
@@ -10,7 +10,13 @@ metricbeatConfig:
         - volume
       period: 10s
       host: "${NODE_NAME}"
-      hosts: ["${NODE_NAME}:10255"]
+      hosts: ["https://${NODE_NAME}:10250"]
+      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      ssl.verification_mode: "none"
+      # If using Red Hat OpenShift remove ssl.verification_mode entry and
+      # uncomment these settings:
+      #ssl.certificate_authorities:
+        #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
       processors:
       - add_kubernetes_metadata:
           in_cluster: true

diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml
@@ -13,7 +13,13 @@ metricbeatConfig:
         - volume
       period: 10s
       host: "${NODE_NAME}"
-      hosts: ["${NODE_NAME}:10255"]
+      hosts: ["https://${NODE_NAME}:10250"]
+      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      ssl.verification_mode: "none"
+      # If using Red Hat OpenShift remove ssl.verification_mode entry and
+      # uncomment these settings:
+      #ssl.certificate_authorities:
+        #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
       processors:
       - add_kubernetes_metadata:
           in_cluster: true
@@ -145,6 +151,7 @@ clusterRoleRules:
     - events
     - deployments
     - nodes
+    - nodes/stats
     - replicasets
     verbs:
     - get