feat: add kubernetes discovering to filebeat.yml

2022-04-26 18:59:58 +02:00 · 2022-04-26 18:59:58 +02:00 · f1f597f0df
parent 238d1dedea
commit f1f597f0df
5 changed files with 68 additions and 4 deletions
--- a/7
+++ b/7
@ -13,10 +13,13 @@ RUN cd beats/filebeat/ && \

 FROM debian:bullseye-slim

-COPY --chown=root:filebeat filebeat.yml /usr/share/filebeat/filebeat.yml
 COPY --chmod=750 --from=builder /build/beats/filebeat/filebeat /usr/local/bin/filebeat
+COPY --chown=root:filebeat filebeat-docker.yml /usr/share/filebeat/filebeat-docker.yml
+COPY --chown=root:filebeat filebeat-kubernetes.yml /usr/share/filebeat/filebeat-kubernetes.yml
 COPY --chmod=750 entrypoint.sh /entrypoint.sh

+# discovery mode could be docker or kubernetes
+ENV DISCOVERY_MODE="docker"
 ENV ELASTICSEARCH_HOSTS=""
 ENV ELASTICSEARCH_USERNAME=""
 ENV ELASTICSEARCH_PASSWORD_FILE=""
@ -24,4 +27,4 @@ ENV KIBANA_HOSTS=""

 ENTRYPOINT ["/entrypoint.sh"]

-CMD ["filebeat", "-e", "--strict.perms=false", "-c", "/usr/share/filebeat/filebeat.yml"]
+CMD filebeat -e --strict.perms=false -c /usr/share/filebeat/filebeat-$DISCOVERY_MODE.yml
--- a/2
+++ b/2
@ -5,7 +5,7 @@ REGISTRY_IP=docker.registry
 # linux/arm/v6
 # linux/arm64
 # linux/amd64
-PLATFORM=linux/arm/v7,linux/arm/v6
+PLATFORM=linux/arm/v7,linux/arm/v6,linux/amd64
 #VERBOSITY=info
 VERBOSITY=debug

--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -13,6 +13,9 @@ filebeat setup --dashboards --index-management -e \
  -E output.elasticsearch.ssl.verification_mode=none \
  -E setup.kibana.host="$KIBANA_HOSTS" \
  -E setup.kibana.ssl.verification_mode=none \
-  -c /usr/share/filebeat/filebeat.yml
+  -c /usr/share/filebeat/filebeat-"$DISCOVERY_MODE".yml
+
+
+

 exec "$@"
--- a/filebeat-docker.yml
+++ b/filebeat-docker.yml
--- a/filebeat-kubernetes.yml
+++ b/filebeat-kubernetes.yml
@ -0,0 +1,58 @@
+filebeat.config:
+  modules:
+    path: ${path.config}/modules.d/*.yml
+    reload.enabled: false
+
+filebeat.autodiscover:
+  providers:
+    - type: kubernetes
+      node: '${NODE_NAME}'
+      hints.enabled: true
+      # kubernetes pod annotation example
+      #annotations:
+      #  co.elastic.logs.json-logging/json.keys_under_root: "true"
+      #  co.elastic.logs.json-logging/json.add_error_key: "true"
+      #  co.elastic.logs.json-logging/json.message_key: "message"
+      #
+      hints.default_config:
+        type: container
+        paths:
+          - /var/log/containers/*${data.kubernetes.container.id}.log
+
+processors:
+  - add_cloud_metadata: ~
+  - add_locale:
+      format: offset
+  - add_docker_metadata:
+      host: "unix:///var/run/docker.sock"
+  - add_host_metadata: ~
+  - decode_json_fields:
+      fields: ["message"]
+      target: "json"
+      overwrite_keys: true
+
+setup:
+  kibana:
+    host: '${KIBANA_HOSTS:kibana:5601}'
+    ssl:
+      verification_mode: none
+  template:
+    enabled: true
+    name: "filebeat-%{[agent.version]}"
+    pattern: "index-%{[beat.version]}-*"
+  dashboards:
+    enabled: false
+    #index: "filebeat-%{[agent.version]}-*"
+
+output.elasticsearch:
+  hosts: '[${ELASTICSEARCH_HOSTS:elasticsearch:9200}]'
+  username: '${ELASTICSEARCH_USERNAME:}'
+  password: '${ELASTICSEARCH_PASSWORD:}'
+  ssl:
+    verification_mode: none
+  indices:
+    - index: "filebeat-%{[agent.version]}-%{[container.name]:common}-%{+yyyy.MM.dd}"
+
+
+#logging.json: true
+#logging.metrics.enabled: false