.. | ||
auditbeat-daemonset-configmap.yaml | ||
auditbeat-daemonset.yaml | ||
auditbeat-role-binding.yaml | ||
auditbeat-role.yaml | ||
auditbeat-service-account.yaml | ||
README.md |
Auditbeat
Ship audit information from Kubernetes to Elasticsearch
Kubernetes DaemonSet
By deploying auditbeat as a DaemonSet we ensure we get a running auditbeat daemon on each node of the cluster.
Everything is deployed under kube-system
namespace, you can change that by
updating YAML manifests under this folder.
Settings
We use official Beats Docker images, as they allow external files configuration, a ConfigMap is used for kubernetes specific settings. Check auditbeat-configmap.yaml for details.
Also, auditbeat-daemonset.yaml uses a set of environment variables to configure Elasticsearch output:
Variable | Default | Description |
---|---|---|
ELASTICSEARCH_HOST | elasticsearch | Elasticsearch host |
ELASTICSEARCH_PORT | 9200 | Elasticsearch port |
ELASTICSEARCH_USERNAME | elastic | Elasticsearch username for HTTP auth |
ELASTICSEARCH_PASSWORD | changeme | Elasticsearch password |
If there is an existing elasticsearch
service in the kubernetes cluster these
defaults will use it.