following
https://www.elastic.co/guide/en/beats/filebeat/6.1/running-on-kubernetes.html
and the following post:
curl -L -O https://raw.githubusercontent.com/elastic/beats/6.0/deploy/kubernetes/filebeat-kubernetes.yaml
here is full yaml:
I edited variables to point to my instance:
- name: ELASTICSEARCH_HOST
value: xxxxxxxxxx.us-central1.gcp.cloud.es.io
- name: ELASTICSEARCH_PORT
value: "9243"
- name: ELASTICSEARCH_USERNAME
value: elastic
- name: ELASTICSEARCH_PASSWORD
value: xxxxxxx
I ran kubectl apply -f filebeat-kubernetes.yaml
and get the following error:
configmap "filebeat-config" created
configmap "filebeat-prospectors" created
daemonset "filebeat" created
clusterrolebinding "filebeat" created
serviceaccount "filebeat" created
Error from server (Forbidden): error when creating "filebeat-kubernetes.yaml": clusterroles.rbac.authorization.k8s.io "filebeat" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]}] user=&{bob@example.com [system:authenticated] map[]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/*" "/apis" "/apis/*" "/healthz" "/swaggerapi" "/swaggerapi/*" "/version"], Verbs:["get"]}] ruleResolutionErrors=[]
beautify error:
Error from server (Forbidden): error when creating "filebeat-kubernetes.yaml": clusterroles.rbac.authorization.k8s.io "filebeat" is forbidden: attempt to grant extra privileges:
[
PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["get"]}
PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["watch"]}
PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["list"]}
PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["get"]}
PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]}
PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]}]
user=&{bob@example.com [system:authenticated] map[]}
ownerrules=[
PolicyRule{
Resources:["selfsubjectaccessreviews"],
APIGroups:["authorization.k8s.io"],
Verbs:["create"]}
PolicyRule{NonResourceURLs:["/api" "/api/*" "/apis" "/apis/*" "/healthz" "/swaggerapi" "/swaggerapi/*" "/version"],
Verbs:["get"]}]
ruleResolutionErrors=[]