From ed2a9b63edd6ecbf251b637a67c0d511a5aafe8e Mon Sep 17 00:00:00 2001 From: Chris Mark Date: Wed, 5 Feb 2020 13:07:53 +0200 Subject: [PATCH] Make use of secure port when accessing Kubelet API (#16063) (cherry picked from commit b9791ad3ec272d72b30be2ad8f56d58fed22279c) --- CHANGELOG.next.asciidoc | 1 + deploy/kubernetes/metricbeat-kubernetes.yaml | 8 ++++---- .../metricbeat/metricbeat-daemonset-configmap.yaml | 8 ++++---- metricbeat/docs/modules/kubernetes.asciidoc | 5 +++-- metricbeat/metricbeat.reference.yml | 5 +++-- metricbeat/module/kubernetes/_meta/config.reference.yml | 5 +++-- x-pack/metricbeat/metricbeat.reference.yml | 5 +++-- 7 files changed, 21 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 78c5c0062a0a..4aaf4cabf17b 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -26,6 +26,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Metricbeat* +- Make use of secure port when accessing Kubelet API {pull}16063[16063] *Packetbeat* diff --git a/deploy/kubernetes/metricbeat-kubernetes.yaml b/deploy/kubernetes/metricbeat-kubernetes.yaml index 3a96c7494513..862cbb9f7bf8 100644 --- a/deploy/kubernetes/metricbeat-kubernetes.yaml +++ b/deploy/kubernetes/metricbeat-kubernetes.yaml @@ -76,11 +76,11 @@ data: - volume period: 10s host: ${NODE_NAME} - hosts: ["localhost:10255"] - # If using Red Hat OpenShift remove the previous hosts entry and + hosts: ["https://${HOSTNAME}:10250"] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl.verification_mode: "none" + # If using Red Hat OpenShift remove ssl.verification_mode entry and # uncomment these settings: - #hosts: ["https://${HOSTNAME}:10250"] - #bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token #ssl.certificate_authorities: #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt - module: kubernetes diff --git a/deploy/kubernetes/metricbeat/metricbeat-daemonset-configmap.yaml b/deploy/kubernetes/metricbeat/metricbeat-daemonset-configmap.yaml index 76af01e2c55d..09b3b867d10e 100644 --- a/deploy/kubernetes/metricbeat/metricbeat-daemonset-configmap.yaml +++ b/deploy/kubernetes/metricbeat/metricbeat-daemonset-configmap.yaml @@ -76,11 +76,11 @@ data: - volume period: 10s host: ${NODE_NAME} - hosts: ["localhost:10255"] - # If using Red Hat OpenShift remove the previous hosts entry and + hosts: ["https://${HOSTNAME}:10250"] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl.verification_mode: "none" + # If using Red Hat OpenShift remove ssl.verification_mode entry and # uncomment these settings: - #hosts: ["https://${HOSTNAME}:10250"] - #bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token #ssl.certificate_authorities: #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt - module: kubernetes diff --git a/metricbeat/docs/modules/kubernetes.asciidoc b/metricbeat/docs/modules/kubernetes.asciidoc index 0297fdd440d2..5d322520b0cc 100644 --- a/metricbeat/docs/modules/kubernetes.asciidoc +++ b/metricbeat/docs/modules/kubernetes.asciidoc @@ -67,9 +67,10 @@ metricbeat.modules: - system - volume period: 10s - hosts: ["localhost:10255"] enabled: true - #bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: ["https://${HOSTNAME}:10250"] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl.verification_mode: "none" #ssl.certificate_authorities: # - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt #ssl.certificate: "/etc/pki/client/cert.pem" diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index 0db4e3771e42..ee91c1a791b4 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -452,9 +452,10 @@ metricbeat.modules: - system - volume period: 10s - hosts: ["localhost:10255"] enabled: true - #bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: ["https://${HOSTNAME}:10250"] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl.verification_mode: "none" #ssl.certificate_authorities: # - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt #ssl.certificate: "/etc/pki/client/cert.pem" diff --git a/metricbeat/module/kubernetes/_meta/config.reference.yml b/metricbeat/module/kubernetes/_meta/config.reference.yml index 1a418db81f48..6abf381e6dab 100644 --- a/metricbeat/module/kubernetes/_meta/config.reference.yml +++ b/metricbeat/module/kubernetes/_meta/config.reference.yml @@ -7,9 +7,10 @@ - system - volume period: 10s - hosts: ["localhost:10255"] enabled: true - #bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: ["https://${HOSTNAME}:10250"] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl.verification_mode: "none" #ssl.certificate_authorities: # - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt #ssl.certificate: "/etc/pki/client/cert.pem" diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index 9aa3ad33ee64..cd2a49027817 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -613,9 +613,10 @@ metricbeat.modules: - system - volume period: 10s - hosts: ["localhost:10255"] enabled: true - #bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: ["https://${HOSTNAME}:10250"] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + ssl.verification_mode: "none" #ssl.certificate_authorities: # - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt #ssl.certificate: "/etc/pki/client/cert.pem"