Filebeat on Kubernetes with SSL to remote Elastic server

rainfarmer · July 22, 2020, 2:14am

Hello!

I'm trying to my filebeat kubernetes daemonset to talk to my remote elastic search server.
It works when ssl is off. When ssl is on, it gets cert error.

I downloaded the ca.crt from elastic.
But I'm not sure how to pass that to kubernetes in a way that it will be accessible to all pods and the filebeat daemonset.

filebeat-kubernetes.yaml

    ---
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: filebeat-config
      namespace: kube-system
      labels:
        k8s-app: filebeat
    data:
      filebeat.yml:
        output.elasticsearch:
          hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
          username: ${ELASTICSEARCH_USERNAME}
          password: ${ELASTICSEARCH_PASSWORD}
          protocol: https
          ssl.certificate_authorities:
            - certs/ca.crt
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: filebeat-inputs
      namespace: kube-system
      labels:
        k8s-app: filebeat
    data:
      kubernetes.yml: |-
        - type: docker
          containers.ids:
          - "*"
          processors:
            - add_kubernetes_metadata:
                in_cluster: true
    ---
    apiVersion: extensions/v1beta1
    kind: DaemonSet
    metadata:
      name: filebeat
      namespace: kube-system
      labels:
        k8s-app: filebeat
    spec:
      template:
        metadata:
          labels:
            k8s-app: filebeat
        spec:
          serviceAccountName: filebeat
          terminationGracePeriodSeconds: 30
          containers:
            - name: filebeat
              image: docker.elastic.co/beats/filebeat:6.8.10
              args: [
                "-c", "/etc/filebeat.yml",
                "-e",
              ]
              env:
                - name: ELASTICSEARCH_HOST
                  value: "https://1.1.1.1"
                - name: ELASTICSEARCH_PORT
                  value: "9200"
                - name: ELASTICSEARCH_USERNAME
                  value: 
                - name: ELASTICSEARCH_PASSWORD
                  value: 
                - name: ELASTIC_CLOUD_ID
                  value:
                - name: ELASTIC_CLOUD_AUTH
                  value:
              securityContext:
                runAsUser: 0
                # If using Red Hat OpenShift uncomment this:
                #privileged: true
              resources:
                limits:
                  memory: 200Mi
                requests:
                  cpu: 100m
                  memory: 100Mi
              volumeMounts:
                - name: config
                  mountPath: /etc/filebeat.yml
                  readOnly: true
                  subPath: filebeat.yml
                - name: inputs
                  mountPath: /usr/share/filebeat/inputs.d
                  readOnly: true
                - name: data
                  mountPath: /usr/share/filebeat/data
                - name: varlibdockercontainers
                  mountPath: /var/lib/docker/containers
                  readOnly: true
          volumes:
            - name: config
              configMap:
                defaultMode: 0600
                name: filebeat-config
            - name: varlibdockercontainers
              hostPath:
                path: /var/lib/docker/containers
            - name: inputs
              configMap:
                defaultMode: 0600
                name: filebeat-inputs
            # data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
            - name: data
              hostPath:
                path: /var/lib/filebeat-data
                type: DirectoryOrCreate
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: filebeat
    subjects:
      - kind: ServiceAccount
        name: filebeat
        namespace: kube-system
    roleRef:
      kind: ClusterRole
      name: filebeat
      apiGroup: rbac.authorization.k8s.io
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRole
    metadata:
      name: filebeat
      labels:
        k8s-app: filebeat
    rules:
      - apiGroups: [""] # "" indicates the core API group
        resources:
          - namespaces
          - pods
        verbs:
          - get
          - watch
          - list
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: filebeat
      namespace: kube-system
      labels:
        k8s-app: filebeat
    ---

Thanks!

system · August 19, 2020, 4:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat running on Kubernetes connected to Elasticsearch using SSL Beats docker , filebeat	1	2006	August 26, 2021
Kubernetes filebeat not sending logs to secured Elasticsearch Beats docker , filebeat , metricbeat	9	1321	December 23, 2022
How to configure metricbeat k8s to use ssl connection to ES Beats metricbeat	3	217	October 6, 2023
Filebeat and metricbeat as daemonset with eck Elastic Cloud on Kubernetes (ECK)	5	1795	November 4, 2022
How to deploy filebeat as a daemonset with ECK in Kubernetes? Elastic Cloud on Kubernetes (ECK)	2	157	June 6, 2024

Filebeat on Kubernetes with SSL to remote Elastic server

Related topics