Filebeat k8s - autodiscover for podman.sock not working

Hi

Ok i've got filebeat running on kubernetes (k3s) via helm. All is working totally fine for gathering the cluster logs.

I also have podman running on the same nodes and i'd like to use the docker autodiscover provider.

I've setup /var/run/podman.sock using podman-docker and docker-compose packages like this

and i can confirm that this socket API call is working fine for the ROOT user and lists out all the pods:

curl --unix-socket /run/podman/podman.sock -v \
--output - \
--header "Content-Type: application/json" \
--header "Accept:" \
--header "User-Agent:" \
http://localhost/v1.24/containers/json?all=1

so i assume that the "docker daemon" is running correctly.

then to configure the autodiscover in filebeat.

i've used this:

          - type: docker
            host: "unix:///run/podman/podman.sock"
            templates:
              - config:
                  - type: container
                    paths:
                      - /containerstorage/containers/overlay-containers/${data.docker.container.id}/userdata/ctr.log

and i set the contianer to run as root like this in the helm chart
(note that it was collecting logs from the cluster totally fine without root permissions)

  securityContext:
    runAsUser: 0
    privileged: true

then when i run it i get:

Exiting: error in autodiscover provider settings: error setting up docker autodiscover provider: Cannot connect to the Docker daemon at unix:///run/podman/podman.sock. Is the docker daemon running?

any tips here?

it would be nice to know what kind of query the autodiscover provider is attempting on the socket.

i tried to strace it using the following,.. but it didnt turn up anything interesting...

ps auxw | grep filebeat | grep -v grep | awk '{print"-p " $2}' | xargs strace -ff -tt -yy -x -e read=all -e write=all

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.