We are having issues while trying to use add_cloud_metadata in AKS clusters. Filebeat version is 8.15 and it's running AKS 1.28 clusters.
Our config looks like this:
processors:
- add_cloud_metadata:
providers: ['azure']
...
- name: AZURE_CLIENT_ID
valueFrom:
secretKeyRef:
name: azcli
key: client
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: azcli-pass
key: password
- name: AZURE_TENANT_ID
value: "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
And the logs are showing:
filebeat {"log.level":"warn","@timestamp":"2024-08-22T14:47:43.539Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add_cloud_metadata.(*azureMetadataFetcher).fetchMetadata","file.name":"add_cloud_metadata/provider_azure_vm.go","file.line":142},"message":"Failed to get additional AKS Cluster meta: failed to get AKS cluster name and ID: failed to advance page: context deadline exceeded","service.name":"filebeat","ecs.version":"1.6.0"}
filebeat {"log.level":"info","@timestamp":"2024-08-22T14:47:43.539Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add_cloud_metadata.(*addCloudMetadata).init.func1","file.name":"add_cloud_metadata/add_cloud_metadata.go","file.line":100},"message":"add_cloud_metadata: hosting provider type not detected.","service.name":"filebeat","ecs.version":"1.6.0"}
IMDS endpoint is accesible from Filebeat pods / No network policies in place:
/usr/share/filebeat# curl -s -H "Metadata:true" "http://169.254.169.254/metadata/instance?api-version=2021-01-01" | jq .compute.azEnvironment
"AzurePublicCloud"