diff --git a/Dockerfile b/Dockerfile
index 4e91205..5aa85fa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,10 +13,13 @@ RUN cd beats/filebeat/ && \
 
 FROM debian:bullseye-slim
 
-COPY --chown=root:filebeat filebeat.yml /usr/share/filebeat/filebeat.yml
 COPY --chmod=750 --from=builder /build/beats/filebeat/filebeat /usr/local/bin/filebeat
+COPY --chown=root:filebeat filebeat-docker.yml /usr/share/filebeat/filebeat-docker.yml
+COPY --chown=root:filebeat filebeat-kubernetes.yml /usr/share/filebeat/filebeat-kubernetes.yml
 COPY --chmod=750 entrypoint.sh /entrypoint.sh
 
+# discovery mode could be docker or kubernetes
+ENV DISCOVERY_MODE="docker"
 ENV ELASTICSEARCH_HOSTS=""
 ENV ELASTICSEARCH_USERNAME=""
 ENV ELASTICSEARCH_PASSWORD_FILE=""
@@ -24,4 +27,4 @@ ENV KIBANA_HOSTS=""
 
 ENTRYPOINT ["/entrypoint.sh"]
 
-CMD ["filebeat", "-e", "--strict.perms=false", "-c", "/usr/share/filebeat/filebeat.yml"]
\ No newline at end of file
+CMD filebeat -e --strict.perms=false -c /usr/share/filebeat/filebeat-$DISCOVERY_MODE.yml
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 84299f4..5964a0a 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@ REGISTRY_IP=docker.registry
 # linux/arm/v6
 # linux/arm64
 # linux/amd64
-PLATFORM=linux/arm/v7,linux/arm/v6
+PLATFORM=linux/arm/v7,linux/arm/v6,linux/amd64
 #VERBOSITY=info
 VERBOSITY=debug
 
diff --git a/entrypoint.sh b/entrypoint.sh
index 8b6b431..c0d5472 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -13,6 +13,9 @@ filebeat setup --dashboards --index-management -e \
   -E output.elasticsearch.ssl.verification_mode=none \
   -E setup.kibana.host="$KIBANA_HOSTS" \
   -E setup.kibana.ssl.verification_mode=none \
-  -c /usr/share/filebeat/filebeat.yml
+  -c /usr/share/filebeat/filebeat-"$DISCOVERY_MODE".yml
+
+
+
 
 exec "$@"
\ No newline at end of file
diff --git a/filebeat.yml b/filebeat-docker.yml
similarity index 100%
rename from filebeat.yml
rename to filebeat-docker.yml
diff --git a/filebeat-kubernetes.yml b/filebeat-kubernetes.yml
new file mode 100644
index 0000000..ae0e7de
--- /dev/null
+++ b/filebeat-kubernetes.yml
@@ -0,0 +1,58 @@
+filebeat.config:
+  modules:
+    path: ${path.config}/modules.d/*.yml
+    reload.enabled: false
+
+filebeat.autodiscover:
+  providers:
+    - type: kubernetes
+      node: '${NODE_NAME}'
+      hints.enabled: true
+      # kubernetes pod annotation example
+      #annotations:
+      #  co.elastic.logs.json-logging/json.keys_under_root: "true"
+      #  co.elastic.logs.json-logging/json.add_error_key: "true"
+      #  co.elastic.logs.json-logging/json.message_key: "message"
+      #
+      hints.default_config:
+        type: container
+        paths:
+          - /var/log/containers/*${data.kubernetes.container.id}.log
+
+processors:
+  - add_cloud_metadata: ~
+  - add_locale:
+      format: offset
+  - add_docker_metadata:
+      host: "unix:///var/run/docker.sock"
+  - add_host_metadata: ~
+  - decode_json_fields:
+      fields: ["message"]
+      target: "json"
+      overwrite_keys: true
+
+setup:
+  kibana:
+    host: '${KIBANA_HOSTS:kibana:5601}'
+    ssl:
+      verification_mode: none
+  template:
+    enabled: true
+    name: "filebeat-%{[agent.version]}"
+    pattern: "index-%{[beat.version]}-*"
+  dashboards:
+    enabled: false
+    #index: "filebeat-%{[agent.version]}-*"
+
+output.elasticsearch:
+  hosts: '[${ELASTICSEARCH_HOSTS:elasticsearch:9200}]'
+  username: '${ELASTICSEARCH_USERNAME:}'
+  password: '${ELASTICSEARCH_PASSWORD:}'
+  ssl:
+    verification_mode: none
+  indices:
+    - index: "filebeat-%{[agent.version]}-%{[container.name]:common}-%{+yyyy.MM.dd}"
+
+
+#logging.json: true
+#logging.metrics.enabled: false
\ No newline at end of file