youtubebeat/vendor/github.com/elastic/beats/deploy/kubernetes/auditbeat/README.md

1.3 KiB

Auditbeat

Ship audit information from Kubernetes to Elasticsearch

Kubernetes DaemonSet

By deploying auditbeat as a DaemonSet we ensure we get a running auditbeat daemon on each node of the cluster.

Everything is deployed under kube-system namespace, you can change that by updating YAML manifests under this folder.

Settings

We use official Beats Docker images, as they allow external files configuration, a ConfigMap is used for kubernetes specific settings. Check auditbeat-configmap.yaml for details.

Also, auditbeat-daemonset.yaml uses a set of environment variables to configure Elasticsearch output:

Variable Default Description
ELASTICSEARCH_HOST elasticsearch Elasticsearch host
ELASTICSEARCH_PORT 9200 Elasticsearch port
ELASTICSEARCH_USERNAME elastic Elasticsearch username for HTTP auth
ELASTICSEARCH_PASSWORD changeme Elasticsearch password

If there is an existing elasticsearch service in the kubernetes cluster these defaults will use it.