Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filebeat kubernetes manifest is missing nodes in the ClusterRole #24051

Closed
jeffspahr opened this issue Feb 16, 2021 · 2 comments · Fixed by #24052
Closed

Filebeat kubernetes manifest is missing nodes in the ClusterRole #24051

jeffspahr opened this issue Feb 16, 2021 · 2 comments · Fixed by #24052
Assignees
@ChrsMark
Labels
Team:Integrations Label for the Integrations team

Comments

@jeffspahr
Copy link
Contributor

For confirmed bugs, please report:

  • Version: 7.11.0
  • Operating System: Kubernetes v1.20.2+k3s1 on Ubuntu 20.04
  • Steps to Reproduce:

Deploy Filebeat from the latest manifest in the docs:
https://www.elastic.co/guide/en/beats/filebeat/7.11/running-on-kubernetes.html
curl -L -O https://raw.githubusercontent.com/elastic/beats/7.11/deploy/kubernetes/filebeat-kubernetes.yaml

Use the autodiscover config by doing the following:
# To enable hints based autodiscover, remove filebeat.inputs configuration and uncomment this:

Filebeat starts up and is unable to list nodes:

E0215 03:45:32.109053 7 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.4/tools/cache/reflector.go:156: Failed to watch *v1.Node: failed to list *v1.Node: nodes "k3s-01a.spahr.dev" is forbidden: User "system:serviceaccount:bourbontracker:filebeat" cannot list resource "nodes" in API group "" at the cluster scope
E0215 03:45:33.243209 7 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.4/tools/cache/reflector.go:156: Failed to watch *v1.Node: failed to list *v1.Node: nodes "k3s-01a.spahr.dev" is forbidden: User "system:serviceaccount:bourbontracker:filebeat" cannot list resource "nodes" in API group "" at the cluster scope

This error goes away after adding nodes to the ClusterRole.

diff --git a/deploy/kubernetes/filebeat-kubernetes.yaml b/deploy/kubernetes/filebeat-kubernetes.yaml
index 6c98c85f3..85e971762 100644
--- a/deploy/kubernetes/filebeat-kubernetes.yaml
+++ b/deploy/kubernetes/filebeat-kubernetes.yaml
@@ -151,6 +151,7 @@ rules:
   resources:
   - namespaces
   - pods
+  - nodes
   verbs:
   - get
   - watch
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Feb 16, 2021
@jeffspahr jeffspahr mentioned this issue Feb 16, 2021
Merged
3 tasks
@andresrc andresrc added the Team:Integrations Label for the Integrations team label Feb 16, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations (Team:Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Feb 16, 2021
ChrsMark pushed a commit that referenced this issue Feb 17, 2021
@jeffspahr
Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes #24051 (#24052
410d900 
)
@ChrsMark ChrsMark mentioned this issue Feb 17, 2021
Merged
3 tasks
ChrsMark pushed a commit to ChrsMark/beats that referenced this issue Feb 17, 2021
@jeffspahr @ChrsMark
Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes elastic#24051
34e671f 
… (elastic#24052)

(cherry picked from commit 410d900)
@ChrsMark ChrsMark mentioned this issue Feb 17, 2021
Merged
3 tasks
ChrsMark pushed a commit to ChrsMark/beats that referenced this issue Feb 17, 2021
@jeffspahr @ChrsMark
Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes elastic#24051
e7d8967 
… (elastic#24052)

(cherry picked from commit 410d900)
v1v added a commit to v1v/beats that referenced this issue Feb 17, 2021
@v1v
Merge remote-tracking branch 'upstream/master' into feature/packaging…
e737d7e 
…-arm

* upstream/master:
  [CI] install docker-compose with retry (elastic#24069)
  Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes elastic#24051 (elastic#24052)
  updating manifest files for filebeat threatintel module (elastic#24074)
  Add Zeek Signatures (elastic#23772)
  Update Beats to ECS 1.8.0 (elastic#23465)
  Support running Docker logging plugin on ARM64 (elastic#24034)
  Fix ec2 metricset fields.yml and add integration test (elastic#23726)
  Only build targz and zip versions of Beats if PACKAGES is set in agent (elastic#24060)
  [Filebeat] Add field definitions for known Netflow/IPFIX vendor fields (elastic#23773)
  [Elastic Agent] Enroll with Fleet Server (elastic#23865)
  [Filebeat] Convert logstash logEvent.action objects to strings (elastic#23944)
  [Ingest Management] Fix reloading of log level for services (elastic#24055)
  Add Agent standalone k8s manifest (elastic#23679)
ChrsMark added a commit that referenced this issue Feb 17, 2021
@ChrsMark @jeffspahr
Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes #24051 (#24052
340760f 
) (#24080)

(cherry picked from commit 410d900)

Co-authored-by: Jeff Spahr <spahrj@gmail.com>
v1v added a commit to v1v/beats that referenced this issue Feb 17, 2021
@v1v
Merge remote-tracking branch 'upstream/master' into feature/retry-win…
e977e49 
…dows-7

* upstream/master: (332 commits)
  Use ECS v1.8.0 (elastic#24086)
  Add support for postgresql csv logs (elastic#23334)
  [Heartbeat] Refactor config system (elastic#23467)
  [CI] install docker-compose with retry (elastic#24069)
  Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes elastic#24051 (elastic#24052)
  updating manifest files for filebeat threatintel module (elastic#24074)
  Add Zeek Signatures (elastic#23772)
  Update Beats to ECS 1.8.0 (elastic#23465)
  Support running Docker logging plugin on ARM64 (elastic#24034)
  Fix ec2 metricset fields.yml and add integration test (elastic#23726)
  Only build targz and zip versions of Beats if PACKAGES is set in agent (elastic#24060)
  [Filebeat] Add field definitions for known Netflow/IPFIX vendor fields (elastic#23773)
  [Elastic Agent] Enroll with Fleet Server (elastic#23865)
  [Filebeat] Convert logstash logEvent.action objects to strings (elastic#23944)
  [Ingest Management] Fix reloading of log level for services (elastic#24055)
  Add Agent standalone k8s manifest (elastic#23679)
  [Metricbeat][Kubernetes] Extend state_node with more conditions (elastic#23905)
  [CI] googleStorageUploadExt step (elastic#24048)
  Check fields are documented for aws metricsets (elastic#23887)
  Update go-concert to 0.1.0 (elastic#23770)
  ...
ChrsMark added a commit that referenced this issue Feb 18, 2021
@ChrsMark
Cherry-pick #24052 to 7.11: Add nodes to filebeat-kubernetes.yaml Clu…
3996720 
…sterRole - fixes #24051 (#24081)
@maggieghamry
Copy link

@jeffspahr and @ChrsMark , FYI this same issue is occurring for Metricbeat on 7.11 as well; is there an issue for that as well?

@maggieghamry maggieghamry mentioned this issue Apr 23, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ChrsMark ChrsMark

Labels
Team:Integrations Label for the Integrations team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes #24051
5 participants
@andresrc @ChrsMark @elasticmachine @jeffspahr @maggieghamry