rbudiharso/daemonset.yml

## daemonset.yml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: filebeat
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: filebeat
rules:
- apiGroups:
  - ""
  resources:
  - namespaces
  - pods
  verbs:
  - get
  - watch
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: filebeat
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: filebeat
subjects:
- kind: ServiceAccount
  name: filebeat
  namespace: tech-a-tive
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-config
data:
  filebeat.yml: |-
    filebeat.fields_under_root: true
    filebeat.fields:
      environment: staging
      cluster: dev-spot
    filebeat.autodiscover:
      providers:
      - type: kubernetes
        hints.enabled: true
    output.logstash:
      hosts: ['logstash.host:5050']
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-inputs
data:
  kubernetes.yml: |-
    - type: docker
      containers.ids:
      - "*"
      processors:
        - add_kubernetes_metadata:
            in_cluster: true
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: filebeat
spec:
  selector:
    matchLabels:
      k8s-app: filebeat
  template:
    metadata:
      labels:
        k8s-app: filebeat
    spec:
      containers:
      - args:
        - -c
        - /etc/filebeat.yml
        - -e
        image: docker.elastic.co/beats/filebeat:7.5.0
        imagePullPolicy: IfNotPresent
        name: filebeat
        resources:
          limits:
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 100Mi
        securityContext:
          procMount: Default
          runAsUser: 0
        volumeMounts:
        - mountPath: /etc/filebeat.yml
          name: config
          readOnly: true
          subPath: filebeat.yml
        - mountPath: /usr/share/filebeat/inputs.d
          name: inputs
          readOnly: true
        - mountPath: /usr/share/filebeat/data
          name: data
        - mountPath: /var/lib/docker/containers
          name: varlibdockercontainers
          readOnly: true
      restartPolicy: Always
      securityContext: {}
      serviceAccount: filebeat
      serviceAccountName: filebeat
      volumes:
      - configMap:
          defaultMode: 384
          name: filebeat-config
        name: config
      - configMap:
          defaultMode: 384
          name: filebeat-inputs
        name: inputs
      - hostPath:
          path: /var/lib/docker/containers
          type: ""
        name: varlibdockercontainers
      - hostPath:
          path: /var/lib/filebeat-data
          type: DirectoryOrCreate
        name: data
  updateStrategy:
    type: OnDelete
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: filebeat
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: filebeat
	rules:
	- apiGroups:
	- ""
	resources:
	- namespaces
	- pods
	verbs:
	- get
	- watch
	- list
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: filebeat
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: filebeat
	subjects:
	- kind: ServiceAccount
	name: filebeat
	namespace: tech-a-tive
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: filebeat-config
	data:
	filebeat.yml: \|-
	filebeat.fields_under_root: true
	filebeat.fields:
	environment: staging
	cluster: dev-spot
	filebeat.autodiscover:
	providers:
	- type: kubernetes
	hints.enabled: true
	output.logstash:
	hosts: ['logstash.host:5050']
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: filebeat-inputs
	data:
	kubernetes.yml: \|-
	- type: docker
	containers.ids:
	- "*"
	processors:
	- add_kubernetes_metadata:
	in_cluster: true
	---
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: filebeat
	spec:
	selector:
	matchLabels:
	k8s-app: filebeat
	template:
	metadata:
	labels:
	k8s-app: filebeat
	spec:
	containers:
	- args:
	- -c
	- /etc/filebeat.yml
	- -e
	image: docker.elastic.co/beats/filebeat:7.5.0
	imagePullPolicy: IfNotPresent
	name: filebeat
	resources:
	limits:
	memory: 200Mi
	requests:
	cpu: 100m
	memory: 100Mi
	securityContext:
	procMount: Default
	runAsUser: 0
	volumeMounts:
	- mountPath: /etc/filebeat.yml
	name: config
	readOnly: true
	subPath: filebeat.yml
	- mountPath: /usr/share/filebeat/inputs.d
	name: inputs
	readOnly: true
	- mountPath: /usr/share/filebeat/data
	name: data
	- mountPath: /var/lib/docker/containers
	name: varlibdockercontainers
	readOnly: true
	restartPolicy: Always
	securityContext: {}
	serviceAccount: filebeat
	serviceAccountName: filebeat
	volumes:
	- configMap:
	defaultMode: 384
	name: filebeat-config
	name: config
	- configMap:
	defaultMode: 384
	name: filebeat-inputs
	name: inputs
	- hostPath:
	path: /var/lib/docker/containers
	type: ""
	name: varlibdockercontainers
	- hostPath:
	path: /var/lib/filebeat-data
	type: DirectoryOrCreate
	name: data
	updateStrategy:
	type: OnDelete