From 57683c6e3d56f92b700f471ed053dd6bb5a07ca9 Mon Sep 17 00:00:00 2001 From: Julien Mailleret Date: Wed, 8 Apr 2020 17:25:00 +0200 Subject: [PATCH 1/7] [metricbeat] remove in_cluster config from add_kubernetes_metadata This configuration was removed by https://github.com/elastic/beats/pull/13051 and https://github.com/elastic/beats/pull/13651 --- metricbeat/examples/security/values.yaml | 3 +-- metricbeat/values.yaml | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/metricbeat/examples/security/values.yaml b/metricbeat/examples/security/values.yaml index cd2a942f5..8b48e814e 100644 --- a/metricbeat/examples/security/values.yaml +++ b/metricbeat/examples/security/values.yaml @@ -18,8 +18,7 @@ metricbeatConfig: #ssl.certificate_authorities: #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt processors: - - add_kubernetes_metadata: - in_cluster: true + - add_kubernetes_metadata: ~ - module: kubernetes enabled: true metricsets: diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml index 5e8bdf2d9..a7a28ba45 100755 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -21,8 +21,7 @@ metricbeatConfig: #ssl.certificate_authorities: #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt processors: - - add_kubernetes_metadata: - in_cluster: true + - add_kubernetes_metadata: ~ - module: kubernetes enabled: true metricsets: From ed5b1b7b6a39bc18bf84d17f65e578f83d600e3a Mon Sep 17 00:00:00 2001 From: Julien Mailleret Date: Wed, 8 Apr 2020 17:43:52 +0200 Subject: [PATCH 2/7] [metricbeat] update clusterRoleRules with recommended values --- metricbeat/values.yaml | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml index a7a28ba45..f2db8b209 100755 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -140,22 +140,28 @@ labels: {} managedServiceAccount: true clusterRoleRules: - - apiGroups: - - "extensions" - - "apps" - - "" - resources: - - namespaces - - pods - - events - - deployments - - nodes - - nodes/stats - - replicasets - verbs: - - get - - list - - watch +- apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + verbs: ["get", "list", "watch"] +- apiGroups: ["extensions"] + resources: + - replicasets + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: + - statefulsets + - deployments + verbs: ["get", "list", "watch"] +- apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get podAnnotations: {} # iam.amazonaws.com/role: es-cluster From c503972e28199b4c6c490a021102b952a35f65b7 Mon Sep 17 00:00:00 2001 From: Julien Mailleret Date: Wed, 8 Apr 2020 18:18:27 +0200 Subject: [PATCH 3/7] fixup! [metricbeat] update clusterRoleRules with recommended values [metricbeat] fix test_cluster_role_rules --- metricbeat/tests/metricbeat_test.py | 4 ++-- metricbeat/values.yaml | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/metricbeat/tests/metricbeat_test.py b/metricbeat/tests/metricbeat_test.py index c20fe252c..447f5cf3f 100644 --- a/metricbeat/tests/metricbeat_test.py +++ b/metricbeat/tests/metricbeat_test.py @@ -334,9 +334,9 @@ def test_cluster_role_rules(): config = "" r = helm_template(config) rules = r["clusterrole"]["release-name-metricbeat-cluster-role"]["rules"][0] - assert rules["apiGroups"][0] == "extensions" + assert rules["apiGroups"][0] == "" assert rules["verbs"][0] == "get" - assert rules["resources"][0] == "namespaces" + assert rules["resources"][0] == "nodes" config = """ clusterRoleRules: diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml index f2db8b209..98dea8f85 100755 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -156,12 +156,10 @@ clusterRoleRules: - statefulsets - deployments verbs: ["get", "list", "watch"] -- apiGroups: - - "" +- apiGroups: [""] resources: - nodes/stats - verbs: - - get + verbs: ["get"] podAnnotations: {} # iam.amazonaws.com/role: es-cluster From fae889bb791ad81e530607a5604297648805169b Mon Sep 17 00:00:00 2001 From: Julien Mailleret Date: Thu, 9 Apr 2020 11:56:50 +0200 Subject: [PATCH 4/7] [metricbeat] remove unused /var/lib/docker/container mount This mount don't seem to be used by metricbeat as we don't use `add_docker_metadata` processor. --- metricbeat/templates/daemonset.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/metricbeat/templates/daemonset.yaml b/metricbeat/templates/daemonset.yaml index 392b7cf84..4ef74e6b9 100644 --- a/metricbeat/templates/daemonset.yaml +++ b/metricbeat/templates/daemonset.yaml @@ -68,9 +68,6 @@ spec: hostPath: path: {{ .Values.hostPathRoot }}/{{ template "metricbeat.fullname" . }}-{{ .Release.Namespace }}-data type: DirectoryOrCreate - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - name: varrundockersock hostPath: path: /var/run/docker.sock @@ -142,9 +139,6 @@ spec: {{- end }} - name: data mountPath: /usr/share/metricbeat/data - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true # Necessary when using autodiscovery; avoid mounting it otherwise # See: https://www.elastic.co/guide/en/beats/metricbeat/master/configuration-autodiscover.html - name: varrundockersock From 470fecdc483f120f80f60cca68f812656e8fb381 Mon Sep 17 00:00:00 2001 From: Julien Mailleret Date: Thu, 9 Apr 2020 12:04:18 +0200 Subject: [PATCH 5/7] [metricbeat] add replicasets.apps to clusterRoleRules --- metricbeat/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml index 98dea8f85..e89225f1f 100755 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -155,6 +155,7 @@ clusterRoleRules: resources: - statefulsets - deployments + - replicasets verbs: ["get", "list", "watch"] - apiGroups: [""] resources: From 1008c25f4c3787ad60ae097e194230efdaee4eae Mon Sep 17 00:00:00 2001 From: Julien Mailleret Date: Thu, 9 Apr 2020 12:04:49 +0200 Subject: [PATCH 6/7] [meta] ignore vscode settings --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index a917d1fa5..15f440687 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ index.yaml *.tgz .idea/ /venv +.vscode/ From 3e8bc8f8c4abe1028881cc8b55e3496ad5db129a Mon Sep 17 00:00:00 2001 From: Julien Mailleret Date: Thu, 9 Apr 2020 12:32:28 +0200 Subject: [PATCH 7/7] fixup! [metricbeat] remove unused /var/lib/docker/container mount [metricbeat] fix goss tests --- metricbeat/examples/6.x/test/goss.yaml | 4 ---- metricbeat/examples/default/test/goss.yaml | 4 ---- metricbeat/examples/oss/test/goss.yaml | 4 ---- metricbeat/examples/security/test/goss.yaml | 4 ---- 4 files changed, 16 deletions(-) diff --git a/metricbeat/examples/6.x/test/goss.yaml b/metricbeat/examples/6.x/test/goss.yaml index 262bc5843..72fdec740 100644 --- a/metricbeat/examples/6.x/test/goss.yaml +++ b/metricbeat/examples/6.x/test/goss.yaml @@ -9,10 +9,6 @@ mount: exists: true /run/docker.sock: exists: true - /var/lib/docker/containers: - exists: true - opts: - - ro /usr/share/metricbeat/metricbeat.yml: exists: true opts: diff --git a/metricbeat/examples/default/test/goss.yaml b/metricbeat/examples/default/test/goss.yaml index 267b9f7be..a157d4153 100644 --- a/metricbeat/examples/default/test/goss.yaml +++ b/metricbeat/examples/default/test/goss.yaml @@ -9,10 +9,6 @@ mount: exists: true /run/docker.sock: exists: true - /var/lib/docker/containers: - exists: true - opts: - - ro /usr/share/metricbeat/metricbeat.yml: exists: true opts: diff --git a/metricbeat/examples/oss/test/goss.yaml b/metricbeat/examples/oss/test/goss.yaml index 392daeee2..8aff344f9 100644 --- a/metricbeat/examples/oss/test/goss.yaml +++ b/metricbeat/examples/oss/test/goss.yaml @@ -9,10 +9,6 @@ mount: exists: true /run/docker.sock: exists: true - /var/lib/docker/containers: - exists: true - opts: - - ro /usr/share/metricbeat/metricbeat.yml: exists: true opts: diff --git a/metricbeat/examples/security/test/goss.yaml b/metricbeat/examples/security/test/goss.yaml index b693e5969..d88714910 100644 --- a/metricbeat/examples/security/test/goss.yaml +++ b/metricbeat/examples/security/test/goss.yaml @@ -9,10 +9,6 @@ mount: exists: true /run/docker.sock: exists: true - /var/lib/docker/containers: - exists: true - opts: - - ro /usr/share/metricbeat/metricbeat.yml: exists: true opts: