Filebeat and Docker EE

Eric_Duquesnoy · November 14, 2018, 2:48pm

Hi There,
We have just installed a Docker EE cluster on 10 nodes (3 UCP , 3 DTR and 6 workers) .
Filebeat and Metricbeat are installed on each nodes with this configuration :

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 3
filebeat.autodiscover:
  providers:
    - type: docker
      templates:
        - condition:
            regexp:
              docker.container.name: ".*"
          config:
            - type: docker
              containers.ids:
                - "${data.docker.container.id}"
              processors:
               - add_docker_metadata: ~

As you seen docker logs are caught by Filebeat , parsed and send to Elasticsearch.
Everything works fine but now we would like to activate Kubernetes as Orchestrator (embedded in Docker EE).

Do you ever experienced this configuration with Filebeat ? What is the conf to address Kubernetes api for the autodiscovering ?

Thank you for your help.
Eric

steffens · November 14, 2018, 3:55pm

Have you considered the kubernetes autodiscovery provider?

Eric_Duquesnoy · November 15, 2018, 1:52pm

Yes, but Filebeat or Metricbeats need to have some informations about kubernetes (like the hostname and the port). I don't find in the documentation a way to declare them inside my Beats configuration.
does it need the kubelet in workers or just the Kubernetes API in Masters nodes ?

steffens · November 15, 2018, 4:42pm

Filebeat/Metricbeat auto discovery does connects to the local kubelet and listens to the local event stream.

Also see:

Running Filebeat on Kubernetes docs
Default Kubernetes deployment manifests on github.

Eric_Duquesnoy · November 15, 2018, 5:30pm

Fyi , Filebeat does not run in a container , it has been installed by a linux package.
It's like a unix agent.
Where can I specify the host and the port of k8s in Filebeat to enable the autodiscover ?

steffens · November 16, 2018, 1:24pm

See kubernetes provider docs. The kubernetes providers has the settings in_cluster, host, and kube_config.

Normally host is not configured. Beat tries to discover/select the kubernetes host by these rules:

If host is provided in the config use it directly.
If the Beat is deployed in the k8s cluster, it uses the hostname of the pod. It uses the pod name to query the pod meta in order to read the node name.
If the Beat is deployed outside the k8s cluster, it use the machine-id to match against k8s nodes for the current node name.

That is, if Filebeat is installed on the same host as as the kubelet, it should still be able to find the correct node. If not you can use the host configuration:

filebeat.autodiscover:
  providers:
  - type: kubernetes
    host: "<node endpoint>"
    templates:
      - ...

Eric_Duquesnoy · November 16, 2018, 2:21pm

Thank you for the example.

system · December 14, 2018, 2:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat - Kubernetes Autodiscovery with ElasticSearch Module Beats docker , filebeat	1	383	May 5, 2022
Filebeat not adding kubernetes metadata Beats docker , filebeat	1	602	February 12, 2019
Issue with Filebeat Kubernetes Configuration for Ingress Logs Beats docker , filebeat	2	253	October 9, 2023
Is there a complete, working example of a filebeats config on kubernetes? Beats filebeat	6	1628	July 27, 2019
Filebeat doesn't log anythign with kubernetes autodiscover Beats filebeat	2	1336	September 17, 2018

Filebeat and Docker EE

Related topics