Hi,
We're trying to use the add_kubernetes_metadata processor in Packetbeat (7.15.1) to be able to identify the flows generated by the pods and possibly filter by Pods metadata such as namespace, labels, or annotations.
Is it possible with this processor in Packetbeat?
We tried the following configuration
logging.level: debug
logging.selectors: ["kubernetes"]
processors:
- add_cloud_metadata:
- add_kubernetes_metadata:
in_cluster: true
host: ${HOSTNAME}
The flows are collected properly but the Kubernetes metadata are not added to the events.
(The Kubernetes cluster is in version 1.18.10 and hosted on VMs.)
Below the logs at starting with the kubernetes log selector in DEBUG
INFO procs/procs.go:103 Process watcher disabled
INFO add_kubernetes_metadata/kubernetes.go:71 add_kubernetes_metadata: kubernetes env detected, with version: v1.18.10
INFO [kubernetes] kubernetes/util.go:122 kubernetes: Using node NODENAME_REDACTED provided in the config {"libbeat.processor": "add_kubernetes_metadata"}
DEBUG [kubernetes] add_kubernetes_metadata/kubernetes.go:170 Initializing a new Kubernetes watcher using host: NODENAME_REDACTED {"libbeat.processor": "add_kubernetes_metadata"}
DEBUG [kubernetes] kubernetes/watcher.go:184 cache sync done
DEBUG [kubernetes] kubernetes/watcher.go:184 cache sync done
DEBUG [kubernetes] kubernetes/watcher.go:184 cache sync done
DEBUG [kubernetes] add_kubernetes_metadata/matchers.go:161 Unable to apply field format pattern on event
DEBUG [kubernetes] add_kubernetes_metadata/kubernetes.go:256 No container match string, not adding kubernetes data {"libbeat.processor": "add_kubernetes_metadata"}
Do we need to configure the indexers, the matchers ?
We have found old topics regarding similar issue, but the solutions given are not working for us.
Anybody has a working configuration?
Any idea?
Thank you very much for your help!
Loïc