I am quite new to kubernetes and want to run metricbeat in kubernetes, so that I can see whats going on in kubernetes in my elastic stack.
Kubernetes is running on bare metal, so there is no cloud provider involved.
Just for your information. In my case metricbeat is shipping it's data to redis, then logstash pulls it and pushes to elasticsearch.
I digged a bit deeper. Looks like metricbeat is trying to access the read-only-port of kubelet.
Seems it is disabled by default.
If I add --read-only-port to kubelet the port is available and can be fetched by metricbeat.
BUT, as I understand this had been changed in kubernetes for security reasons. So I don't want to weaken security getting metricbeat data.
Which can be set for client authentication. But I am quite unfamiliar with these client certificates and I am thankful for further help:
as the daemonset is using dynamic names, the hostname of the metricbeat pod is changing with each starting of the pod. With client certificates kubelet should check if certificate matches the pod's host name. How do I create client certificate dynamically for the pod that kubelet is trusting?
Can you point out the workflow or provide any tutorials?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.