Skip to content

Commit

Permalink
Add k8s cluster identifiers (#26056) (#26346)
Browse files Browse the repository at this point in the history 
(cherry picked from commit 0829211)
  • Loading branch information
@ChrsMark
ChrsMark authored Jun 17, 2021
1 parent 48f1032 commit d8d0551
Show file tree
Hide file tree
Showing 63 changed files with 1,739 additions and 531 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -431,6 +431,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add new option `suffix` to `logging.files` to control how log files are rotated. {pull}25464[25464]
- Validate that required functionality in Elasticsearch is available upon initial connection. {pull}25351[25351]
- Improve ES output error insights. {pull}25825[25825]
- Add orchestrator.cluster.name/url fields as k8s metadata {pull}26056[26056]
- Libbeat: report beat version to monitoring. {pull}26214[26214]

*Auditbeat*
Expand Down
58 changes: 58 additions & 0 deletions deploy/kubernetes/auditbeat-kubernetes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,34 @@ roleRef:
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: auditbeat
namespace: kube-system
subjects:
- kind: ServiceAccount
name: auditbeat
namespace: kube-system
roleRef:
kind: Role
name: auditbeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: auditbeat-kubeadm-config
namespace: kube-system
subjects:
- kind: ServiceAccount
name: auditbeat
namespace: kube-system
roleRef:
kind: Role
name: auditbeat-kubeadm-config
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: auditbeat
Expand All @@ -243,6 +271,36 @@ rules:
- replicasets
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: auditbeat
# should be the namespace where auditbeat is running
namespace: kube-system
labels:
k8s-app: auditbeat
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs: ["get", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: auditbeat-kubeadm-config
namespace: kube-system
labels:
k8s-app: auditbeat
rules:
- apiGroups: [""]
resources:
- configmaps
resourceNames:
- kubeadm-config
verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
28 changes: 28 additions & 0 deletions deploy/kubernetes/auditbeat/auditbeat-role-binding.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,31 @@ roleRef:
kind: ClusterRole
name: auditbeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: auditbeat
namespace: kube-system
subjects:
- kind: ServiceAccount
name: auditbeat
namespace: kube-system
roleRef:
kind: Role
name: auditbeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: auditbeat-kubeadm-config
namespace: kube-system
subjects:
- kind: ServiceAccount
name: auditbeat
namespace: kube-system
roleRef:
kind: Role
name: auditbeat-kubeadm-config
apiGroup: rbac.authorization.k8s.io
30 changes: 30 additions & 0 deletions deploy/kubernetes/auditbeat/auditbeat-role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,33 @@ rules:
resources:
- replicasets
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: auditbeat
# should be the namespace where auditbeat is running
namespace: kube-system
labels:
k8s-app: auditbeat
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs: ["get", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: auditbeat-kubeadm-config
namespace: kube-system
labels:
k8s-app: auditbeat
rules:
- apiGroups: [""]
resources:
- configmaps
resourceNames:
- kubeadm-config
verbs: ["get"]
31 changes: 31 additions & 0 deletions deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -549,6 +549,20 @@ roleRef:
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: elastic-agent-kubeadm-config
namespace: kube-system
subjects:
- kind: ServiceAccount
name: elastic-agent
namespace: kube-system
roleRef:
kind: Role
name: elastic-agent-kubeadm-config
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: elastic-agent
Expand All @@ -562,6 +576,7 @@ rules:
- events
- pods
- services
- configmaps
verbs: ["get", "list", "watch"]
# Enable this rule only if planing to use kubernetes_secrets provider
#- apiGroups: [""]
Expand Down Expand Up @@ -594,6 +609,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: elastic-agent
# should be the namespace where elastic-agent is running
namespace: kube-system
labels:
k8s-app: elastic-agent
Expand All @@ -604,6 +620,21 @@ rules:
- leases
verbs: ["get", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: elastic-agent-kubeadm-config
namespace: kube-system
labels:
k8s-app: elastic-agent
rules:
- apiGroups: [""]
resources:
- configmaps
resourceNames:
- kubeadm-config
verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
14 changes: 14 additions & 0 deletions deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-role-binding.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,17 @@ roleRef:
kind: Role
name: elastic-agent
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: elastic-agent-kubeadm-config
namespace: kube-system
subjects:
- kind: ServiceAccount
name: elastic-agent
namespace: kube-system
roleRef:
kind: Role
name: elastic-agent-kubeadm-config
apiGroup: rbac.authorization.k8s.io
17 changes: 17 additions & 0 deletions deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ rules:
- events
- pods
- services
- configmaps
verbs: ["get", "list", "watch"]
# Enable this rule only if planing to use kubernetes_secrets provider
#- apiGroups: [""]
Expand Down Expand Up @@ -44,6 +45,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: elastic-agent
# should be the namespace where elastic-agent is running
namespace: kube-system
labels:
k8s-app: elastic-agent
Expand All @@ -53,3 +55,18 @@ rules:
resources:
- leases
verbs: ["get", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: elastic-agent-kubeadm-config
namespace: kube-system
labels:
k8s-app: elastic-agent
rules:
- apiGroups: [""]
resources:
- configmaps
resourceNames:
- kubeadm-config
verbs: ["get"]
58 changes: 58 additions & 0 deletions deploy/kubernetes/filebeat-kubernetes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,34 @@ roleRef:
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: filebeat
namespace: kube-system
subjects:
- kind: ServiceAccount
name: filebeat
namespace: kube-system
roleRef:
kind: Role
name: filebeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: filebeat-kubeadm-config
namespace: kube-system
subjects:
- kind: ServiceAccount
name: filebeat
namespace: kube-system
roleRef:
kind: Role
name: filebeat-kubeadm-config
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: filebeat
Expand All @@ -161,6 +189,36 @@ rules:
- replicasets
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: filebeat
# should be the namespace where filebeat is running
namespace: kube-system
labels:
k8s-app: filebeat
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs: ["get", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: filebeat-kubeadm-config
namespace: kube-system
labels:
k8s-app: filebeat
rules:
- apiGroups: [""]
resources:
- configmaps
resourceNames:
- kubeadm-config
verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
28 changes: 28 additions & 0 deletions deploy/kubernetes/filebeat/filebeat-role-binding.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,31 @@ roleRef:
kind: ClusterRole
name: filebeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: filebeat
namespace: kube-system
subjects:
- kind: ServiceAccount
name: filebeat
namespace: kube-system
roleRef:
kind: Role
name: filebeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: filebeat-kubeadm-config
namespace: kube-system
subjects:
- kind: ServiceAccount
name: filebeat
namespace: kube-system
roleRef:
kind: Role
name: filebeat-kubeadm-config
apiGroup: rbac.authorization.k8s.io
30 changes: 30 additions & 0 deletions deploy/kubernetes/filebeat/filebeat-role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,33 @@ rules:
resources:
- replicasets
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: filebeat
# should be the namespace where filebeat is running
namespace: kube-system
labels:
k8s-app: filebeat
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs: ["get", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: filebeat-kubeadm-config
namespace: kube-system
labels:
k8s-app: filebeat
rules:
- apiGroups: [""]
resources:
- configmaps
resourceNames:
- kubeadm-config
verbs: ["get"]
Loading

0 comments on commit d8d0551

Please sign in to comment.