diff --git a/.gitignore b/.gitignore
index a917d1fa5..15f440687 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ index.yaml
 *.tgz
 .idea/
 /venv
+.vscode/
diff --git a/metricbeat/examples/default/test/goss.yaml b/metricbeat/examples/default/test/goss.yaml
index 1f127101e..d353cba76 100644
--- a/metricbeat/examples/default/test/goss.yaml
+++ b/metricbeat/examples/default/test/goss.yaml
@@ -9,10 +9,6 @@ mount:
     exists: true
   /run/docker.sock:
     exists: true
-  /var/lib/docker/containers:
-    exists: true
-    opts:
-      - ro
   /usr/share/metricbeat/metricbeat.yml:
     exists: true
     opts:
diff --git a/metricbeat/examples/oss/test/goss.yaml b/metricbeat/examples/oss/test/goss.yaml
index fe2f045a3..af2f0826b 100644
--- a/metricbeat/examples/oss/test/goss.yaml
+++ b/metricbeat/examples/oss/test/goss.yaml
@@ -9,10 +9,6 @@ mount:
     exists: true
   /run/docker.sock:
     exists: true
-  /var/lib/docker/containers:
-    exists: true
-    opts:
-      - ro
   /usr/share/metricbeat/metricbeat.yml:
     exists: true
     opts:
diff --git a/metricbeat/examples/security/test/goss.yaml b/metricbeat/examples/security/test/goss.yaml
index 23181251d..8ee1ea5b9 100644
--- a/metricbeat/examples/security/test/goss.yaml
+++ b/metricbeat/examples/security/test/goss.yaml
@@ -9,10 +9,6 @@ mount:
     exists: true
   /run/docker.sock:
     exists: true
-  /var/lib/docker/containers:
-    exists: true
-    opts:
-      - ro
   /usr/share/metricbeat/metricbeat.yml:
     exists: true
     opts:
diff --git a/metricbeat/examples/security/values.yaml b/metricbeat/examples/security/values.yaml
index cd2a942f5..8b48e814e 100644
--- a/metricbeat/examples/security/values.yaml
+++ b/metricbeat/examples/security/values.yaml
@@ -18,8 +18,7 @@ metricbeatConfig:
       #ssl.certificate_authorities:
         #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
       processors:
-      - add_kubernetes_metadata:
-          in_cluster: true
+      - add_kubernetes_metadata: ~
     - module: kubernetes
       enabled: true
       metricsets:
diff --git a/metricbeat/templates/daemonset.yaml b/metricbeat/templates/daemonset.yaml
index 392b7cf84..4ef74e6b9 100644
--- a/metricbeat/templates/daemonset.yaml
+++ b/metricbeat/templates/daemonset.yaml
@@ -68,9 +68,6 @@ spec:
         hostPath:
           path: {{ .Values.hostPathRoot }}/{{ template "metricbeat.fullname" . }}-{{ .Release.Namespace }}-data
           type: DirectoryOrCreate
-      - name: varlibdockercontainers
-        hostPath:
-          path: /var/lib/docker/containers
       - name: varrundockersock
         hostPath:
           path: /var/run/docker.sock
@@ -142,9 +139,6 @@ spec:
         {{- end }}
         - name: data
           mountPath: /usr/share/metricbeat/data
-        - name: varlibdockercontainers
-          mountPath: /var/lib/docker/containers
-          readOnly: true
         # Necessary when using autodiscovery; avoid mounting it otherwise
         # See: https://www.elastic.co/guide/en/beats/metricbeat/master/configuration-autodiscover.html
         - name: varrundockersock
diff --git a/metricbeat/tests/metricbeat_test.py b/metricbeat/tests/metricbeat_test.py
index c20fe252c..447f5cf3f 100644
--- a/metricbeat/tests/metricbeat_test.py
+++ b/metricbeat/tests/metricbeat_test.py
@@ -334,9 +334,9 @@ def test_cluster_role_rules():
     config = ""
     r = helm_template(config)
     rules = r["clusterrole"]["release-name-metricbeat-cluster-role"]["rules"][0]
-    assert rules["apiGroups"][0] == "extensions"
+    assert rules["apiGroups"][0] == ""
     assert rules["verbs"][0] == "get"
-    assert rules["resources"][0] == "namespaces"
+    assert rules["resources"][0] == "nodes"
 
     config = """
 clusterRoleRules:
diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml
index 2e88e5fa8..20c98ce29 100755
--- a/metricbeat/values.yaml
+++ b/metricbeat/values.yaml
@@ -21,8 +21,7 @@ metricbeatConfig:
       #ssl.certificate_authorities:
         #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
       processors:
-      - add_kubernetes_metadata:
-          in_cluster: true
+      - add_kubernetes_metadata: ~
     - module: kubernetes
       enabled: true
       metricsets:
@@ -141,22 +140,27 @@ labels: {}
 managedServiceAccount: true
 
 clusterRoleRules:
-  - apiGroups:
-    - "extensions"
-    - "apps"
-    - ""
-    resources:
-    - namespaces
-    - pods
-    - events
-    - deployments
-    - nodes
-    - nodes/stats
-    - replicasets
-    verbs:
-    - get
-    - list
-    - watch
+- apiGroups: [""]
+  resources:
+  - nodes
+  - namespaces
+  - events
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["extensions"]
+  resources:
+  - replicasets
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps"]
+  resources:
+  - statefulsets
+  - deployments
+  - replicasets
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources:
+  - nodes/stats
+  verbs: ["get"]
 
 podAnnotations: {}
   # iam.amazonaws.com/role: es-cluster