Filebeat on Kubernetes with SSL to remote Elastic server

rainfarmer · July 22, 2020, 2:14am

Hello!

I'm trying to my filebeat kubernetes daemonset to talk to my remote elastic search server.
It works when ssl is off. When ssl is on, it gets cert error.

I downloaded the ca.crt from elastic.
But I'm not sure how to pass that to kubernetes in a way that it will be accessible to all pods and the filebeat daemonset.

filebeat-kubernetes.yaml

    ---
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: filebeat-config
      namespace: kube-system
      labels:
        k8s-app: filebeat
    data:
      filebeat.yml:
        output.elasticsearch:
          hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
          username: ${ELASTICSEARCH_USERNAME}
          password: ${ELASTICSEARCH_PASSWORD}
          protocol: https
          ssl.certificate_authorities:
            - certs/ca.crt
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: filebeat-inputs
      namespace: kube-system
      labels:
        k8s-app: filebeat
    data:
      kubernetes.yml: |-
        - type: docker
          containers.ids:
          - "*"
          processors:
            - add_kubernetes_metadata:
                in_cluster: true
    ---
    apiVersion: extensions/v1beta1
    kind: DaemonSet
    metadata:
      name: filebeat
      namespace: kube-system
      labels:
        k8s-app: filebeat
    spec:
      template:
        metadata:
          labels:
            k8s-app: filebeat
        spec:
          serviceAccountName: filebeat
          terminationGracePeriodSeconds: 30
          containers:
            - name: filebeat
              image: docker.elastic.co/beats/filebeat:6.8.10
              args: [
                "-c", "/etc/filebeat.yml",
                "-e",
              ]
              env:
                - name: ELASTICSEARCH_HOST
                  value: "https://1.1.1.1"
                - name: ELASTICSEARCH_PORT
                  value: "9200"
                - name: ELASTICSEARCH_USERNAME
                  value: 
                - name: ELASTICSEARCH_PASSWORD
                  value: 
                - name: ELASTIC_CLOUD_ID
                  value:
                - name: ELASTIC_CLOUD_AUTH
                  value:
              securityContext:
                runAsUser: 0
                # If using Red Hat OpenShift uncomment this:
                #privileged: true
              resources:
                limits:
                  memory: 200Mi
                requests:
                  cpu: 100m
                  memory: 100Mi
              volumeMounts:
                - name: config
                  mountPath: /etc/filebeat.yml
                  readOnly: true
                  subPath: filebeat.yml
                - name: inputs
                  mountPath: /usr/share/filebeat/inputs.d
                  readOnly: true
                - name: data
                  mountPath: /usr/share/filebeat/data
                - name: varlibdockercontainers
                  mountPath: /var/lib/docker/containers
                  readOnly: true
          volumes:
            - name: config
              configMap:
                defaultMode: 0600
                name: filebeat-config
            - name: varlibdockercontainers
              hostPath:
                path: /var/lib/docker/containers
            - name: inputs
              configMap:
                defaultMode: 0600
                name: filebeat-inputs
            # data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
            - name: data
              hostPath:
                path: /var/lib/filebeat-data
                type: DirectoryOrCreate
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: filebeat
    subjects:
      - kind: ServiceAccount
        name: filebeat
        namespace: kube-system
    roleRef:
      kind: ClusterRole
      name: filebeat
      apiGroup: rbac.authorization.k8s.io
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRole
    metadata:
      name: filebeat
      labels:
        k8s-app: filebeat
    rules:
      - apiGroups: [""] # "" indicates the core API group
        resources:
          - namespaces
          - pods
        verbs:
          - get
          - watch
          - list
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: filebeat
      namespace: kube-system
      labels:
        k8s-app: filebeat
    ---

Thanks!

system · August 19, 2020, 4:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.