From c489e20def510c253c45a2d4cc473318f900113c Mon Sep 17 00:00:00 2001 From: Chris Mark Date: Wed, 5 Feb 2020 13:19:17 +0200 Subject: [PATCH 1/4] Make use of secure port when accessing Kubelet API --- metricbeat/values.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml index 4e34369ef..47278584c 100755 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -13,7 +13,13 @@ metricbeatConfig: - volume period: 10s host: "${NODE_NAME}" - hosts: ["${NODE_NAME}:10255"] + hosts: ["https://${HOSTNAME}:10250"] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl.verification_mode: "none" + # If using Red Hat OpenShift remove ssl.verification_mode entry and + # uncomment these settings: + #ssl.certificate_authorities: + #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt processors: - add_kubernetes_metadata: in_cluster: true From 1e836901ab0bd445df862c69df0b9d8f2cd18cfb Mon Sep 17 00:00:00 2001 From: Chris Mark Date: Wed, 5 Feb 2020 13:23:29 +0200 Subject: [PATCH 2/4] Update values.yaml --- metricbeat/examples/security/values.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/metricbeat/examples/security/values.yaml b/metricbeat/examples/security/values.yaml index 95dbb687f..1c2d1a8e4 100644 --- a/metricbeat/examples/security/values.yaml +++ b/metricbeat/examples/security/values.yaml @@ -10,7 +10,13 @@ metricbeatConfig: - volume period: 10s host: "${NODE_NAME}" - hosts: ["${NODE_NAME}:10255"] + hosts: ["https://${HOSTNAME}:10250"] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl.verification_mode: "none" + # If using Red Hat OpenShift remove ssl.verification_mode entry and + # uncomment these settings: + #ssl.certificate_authorities: + #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt processors: - add_kubernetes_metadata: in_cluster: true From 3b2f3ef46da8eca7a951ff007d9b895270efabf3 Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Fri, 3 Apr 2020 15:52:11 +0300 Subject: [PATCH 3/4] Replace HOSTNAME with NODE_NAME to access host without hostNetwork Signed-off-by: ChrsMark --- metricbeat/examples/security/values.yaml | 2 +- metricbeat/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/metricbeat/examples/security/values.yaml b/metricbeat/examples/security/values.yaml index 1c2d1a8e4..cd2a942f5 100644 --- a/metricbeat/examples/security/values.yaml +++ b/metricbeat/examples/security/values.yaml @@ -10,7 +10,7 @@ metricbeatConfig: - volume period: 10s host: "${NODE_NAME}" - hosts: ["https://${HOSTNAME}:10250"] + hosts: ["https://${NODE_NAME}:10250"] bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: "none" # If using Red Hat OpenShift remove ssl.verification_mode entry and diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml index b694f6ac5..f4fa51e73 100755 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -13,7 +13,7 @@ metricbeatConfig: - volume period: 10s host: "${NODE_NAME}" - hosts: ["https://${HOSTNAME}:10250"] + hosts: ["https://${NODE_NAME}:10250"] bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: "none" # If using Red Hat OpenShift remove ssl.verification_mode entry and From 2aed9605ee55aa13f6d4a6fba482efe4a282b07a Mon Sep 17 00:00:00 2001 From: ChrsMark Date: Fri, 3 Apr 2020 16:09:20 +0300 Subject: [PATCH 4/4] Add nodes/stats clusterRoleRules Signed-off-by: ChrsMark --- metricbeat/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml index f4fa51e73..5e8bdf2d9 100755 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -151,6 +151,7 @@ clusterRoleRules: - events - deployments - nodes + - nodes/stats - replicasets verbs: - get