apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: metricbeat
  namespace: efk
  labels:
    k8s-app: metricbeat
spec:
  selector:
    matchLabels:
      k8s-app: metricbeat
  template:
    metadata:
      labels:
        k8s-app: metricbeat
    spec:
      serviceAccountName: metricbeat
      terminationGracePeriodSeconds: 30
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
      - name: metricbeat
        image: docker.elastic.co/beats/metricbeat:8.8.0
        args: [
          "-c", "/etc/metricbeat.yml",
          "-e",
        ]
        env:
        - name: ELASTICSEARCH_HOSTS
          value: "http://elasticsearch-0.efk.svc.cluster.local:9200,http://elasticsearch-1.efk.svc.cluster.local:9200,http://elasticsearch-2.efk.svc.cluster.local:9200,http://elasticsearch-3.efk.svc.cluster.local:9200"
        - name: ELASTICSEARCH_USERNAME
          value: "elastic"
        - name: ELASTICSEARCH_PASSWORD
          valueFrom:
            secretKeyRef:
              name: elasticsearch-secret
              key: elastic_password
        securityContext:
          runAsUser: 0
        resources:
          limits:
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 100Mi
        volumeMounts:
        - name: config
          mountPath: /etc/metricbeat.yml
          subPath: metricbeat.yml
          readOnly: true
        - name: data
          mountPath: /usr/share/metricbeat/data
        - name: varlibdockercontainers
          mountPath: /var/lib/docker/containers
          readOnly: true
        - name: proc
          mountPath: /hostfs/proc
          readOnly: true
        - name: cgroup
          mountPath: /hostfs/sys/fs/cgroup
          readOnly: true
      volumes:
      - name: config
        configMap:
          defaultMode: 0640
          name: metricbeat-config
      - name: varlibdockercontainers
        hostPath:
          path: /var/lib/docker/containers
      - name: proc
        hostPath:
          path: /proc
      - name: cgroup
        hostPath:
          path: /sys/fs/cgroup
      - name: data
        emptyDir: {}
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: metricbeat-config
  namespace: efk
data:
  metricbeat.yml: |
    metricbeat.modules:
    - module: system
      metricsets:
        - cpu
        - load
        - memory
        - network
        - process
        - process_summary
      enabled: true
      period: 10s
      processes: ['.*']

    # X-Pack 监控模块配置
    - module: elasticsearch
      xpack.enabled: true
      metricsets:
        - ccr
        - cluster_stats
        - index
        - index_recovery
        - index_summary
        - node_stats
        - shard
      period: 10s
      hosts: ${ELASTICSEARCH_HOSTS}
      username: "${ELASTICSEARCH_USERNAME}"
      password: "${ELASTICSEARCH_PASSWORD}"
      ssl.certificate_authorities: ["/etc/ssl/certs/ca-certificates.crt"]
      ssl.verification_mode: "certificate"

    output.elasticsearch:
      hosts:
        - "http://elasticsearch-0.efk.svc.cluster.local:9200"
        - "http://elasticsearch-1.efk.svc.cluster.local:9200"
        - "http://elasticsearch-2.efk.svc.cluster.local:9200"
        - "http://elasticsearch-3.efk.svc.cluster.local:9200"
      username: "${ELASTICSEARCH_USERNAME}"
      password: "${ELASTICSEARCH_PASSWORD}"

    setup.kibana:
      host: "http://kibana.efk.svc.cluster.local:5601"

    logging.level: info
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: metricbeat
rules:
- apiGroups: [""]
  resources:
  - nodes
  - namespaces
  - events
  - pods
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: metricbeat
subjects:
- kind: ServiceAccount
  name: metricbeat
  namespace: efk
roleRef:
  kind: ClusterRole
  name: metricbeat
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: metricbeat
  namespace: efk