Packetbeat 不添加 Kube.netes 元数据
[英]Packetbeat does not add Kubernetes metadata
问题描述
I've started a minikube (using Kube.netes 1.18.3) to test out ECK and specifically packetbeat.
我已经启动了一个 minikube(使用 Kube.netes 1.18.3)来测试 ECK,特别是 packetbeat。 The minikube profile is called "packetbeat" (important, as that's the hostname for the Virtualbox VM as well) and I followed the ECK quickstart to get it up and running. minikube 配置文件称为“packetbeat”(很重要,因为它也是 Virtualbox VM 的主机名),我按照 ECK 快速入门来启动和运行它。 ElasticSearch (single node) and Kibana are running fine and packetbeat is gathering flows as well, however, I'm unable to make it add the Kube.netes metadata to the fields. ElasticSearch(单节点)和 Kibana 运行良好,packetbeat 也在收集流量,但是,我无法将 Kube.netes 元数据添加到字段中。
I'm working in the default namespace and created a ClusterRoleBinding to view for the default ServiceAccount in the namespace.我在默认命名空间中工作,并创建了一个 ClusterRoleBinding 来查看命名空间中的默认 ServiceAccount。 This is working well, if I do not do that, packetbeat will report it is unable to list the Pods on the API server.这运行良好,如果我不这样做,packetbeat 将报告它无法列出 API 服务器上的 Pod。
This is the Beat config I'm using to make ECK deploy packetbeat:这是我用来让 ECK 部署 packetbeat 的 Beat 配置:
apiVersion: beat.k8s.elastic.co/v1beta1
kind: Beat
metadata:
name: packetbeat
spec:
type: packetbeat
version: 7.9.0
elasticsearchRef:
name: quickstart
kibanaRef:
name: kibana
config:
packetbeat.interfaces.device: any
packetbeat.protocols:
- type: http
ports: [80, 8000, 8080, 9200]
- type: tls
ports: [443]
packetbeat.flows:
timeout: 30s
period: 10s
processors:
- add_kubernetes_metadata: {}
daemonSet:
podTemplate:
spec:
terminationGracePeriodSeconds: 30
hostNetwork: true
automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: packetbeat
securityContext:
runAsUser: 0
capabilities:
add:
- NET_ADMIN
(This is mostly a slightly modified example from the ECK example page.) However, this is not working at all. (这主要是 ECK 示例页面中稍微修改的示例。)但是,这根本不起作用。 I tried it with "add_kube.netes_metadata: {}" first, but that will error with the message:我首先尝试使用“add_kube.netes_metadata: {}”,但会出现错误消息:
2020-08-19T14:23:38.550Z ERROR [kube.netes] kube.netes/util.go:117 kube.netes: Querying for pod failed with error: pods "packetbeat" not found {"libbeat.processor": "add_kube.netes_metadata"}
This message goes away when I add the "host: packetbeat".当我添加“主机:packetbeat”时,这条消息消失了。 I'm no longer getting an error now, but I'm not getting the Kube.netes metadata either.我现在不再收到错误,但我也没有收到 Kube.netes 元数据。 I'm mostly interested in the namespace tag, but I'm not getting any.我最感兴趣的是名称空间标记,但我什么也没得到。 I do not see any additional errors in the log and it just reports monitoring details every 30 seconds at the moment.我在日志中没有看到任何其他错误,它目前只是每 30 秒报告一次监控详细信息。
What am I doing wrong?我究竟做错了什么? Any more information I can provide to help me debug this?我可以提供更多信息来帮助我调试吗?
1 个解决方案
解决方案1
0 2020-08-20 14:23:19
So the docs are just unclear.所以文档还不清楚。 Although they do not explicitely state it, you do need to add indexers and matchers.尽管他们没有明确 state 它,但您确实需要添加索引器和匹配器。 My understanding was that there are "default" ones (as you can disable those), but that does not seem to be the case.我的理解是有“默认”的(因为你可以禁用它们),但情况似乎并非如此。 Adding the indexers and matchers as per the example in the docs makes the Kube.netes metadata part of the data.按照文档中的示例添加索引器和匹配器,使 Kube.netes 元数据成为数据的一部分。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.