| .. | ||
| auditbeat-daemonset-configmap.yaml | ||
| auditbeat-daemonset.yaml | ||
| auditbeat-role-binding.yaml | ||
| auditbeat-role.yaml | ||
| auditbeat-service-account.yaml | ||
| README.md | ||
Auditbeat
Ship audit information from Kubernetes to Elasticsearch
Kubernetes DaemonSet
By deploying auditbeat as a DaemonSet we ensure we get a running auditbeat daemon on each node of the cluster.
Everything is deployed under kube-system namespace, you can change that by
updating YAML manifests under this folder.
Settings
We use official Beats Docker images, as they allow external files configuration, a ConfigMap is used for kubernetes specific settings. Check auditbeat-configmap.yaml for details.
Also, auditbeat-daemonset.yaml uses a set of environment variables to configure Elasticsearch output:
| Variable | Default | Description |
|---|---|---|
| ELASTICSEARCH_HOST | elasticsearch | Elasticsearch host |
| ELASTICSEARCH_PORT | 9200 | Elasticsearch port |
| ELASTICSEARCH_USERNAME | elastic | Elasticsearch username for HTTP auth |
| ELASTICSEARCH_PASSWORD | changeme | Elasticsearch password |
If there is an existing elasticsearch service in the kubernetes cluster these
defaults will use it.