Hi
Ok i've got filebeat running on kubernetes (k3s) via helm. All is working totally fine for gathering the cluster logs.
I also have podman running on the same nodes and i'd like to use the docker autodiscover provider.
I've setup /var/run/podman.sock using podman-docker and docker-compose packages like this
and i can confirm that this socket API call is working fine for the ROOT user and lists out all the pods:
curl --unix-socket /run/podman/podman.sock -v \
--output - \
--header "Content-Type: application/json" \
--header "Accept:" \
--header "User-Agent:" \
http://localhost/v1.24/containers/json?all=1
so i assume that the "docker daemon" is running correctly.
then to configure the autodiscover in filebeat.
i've used this:
- type: docker
host: "unix:///run/podman/podman.sock"
templates:
- config:
- type: container
paths:
- /containerstorage/containers/overlay-containers/${data.docker.container.id}/userdata/ctr.log
and i set the contianer to run as root like this in the helm chart
(note that it was collecting logs from the cluster totally fine without root permissions)
securityContext:
runAsUser: 0
privileged: true
then when i run it i get:
Exiting: error in autodiscover provider settings: error setting up docker autodiscover provider: Cannot connect to the Docker daemon at unix:///run/podman/podman.sock. Is the docker daemon running?
any tips here?
it would be nice to know what kind of query the autodiscover provider is attempting on the socket.
i tried to strace it using the following,.. but it didnt turn up anything interesting...
ps auxw | grep filebeat | grep -v grep | awk '{print"-p " $2}' | xargs strace -ff -tt -yy -x -e read=all -e write=all