This repository has been archived by the owner on May 16, 2023. It is now read-only.
[metricbeat] Adding custerRole permissions for leader election #1422
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
jenkins test this please |
jmlrt
previously approved these changes
Nov 10, 2021
jmlrt
reviewed
Nov 10, 2021
There was a problem hiding this comment.
Looking at https://github.com/elastic/beats/blob/ac8275f72e55b699fb5ae41c68774280d7188bd3/deploy/kubernetes/metricbeat/metricbeat-role.yaml#L46-L59, we may need to add this to a simple role instead of a cluster role.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: metricbeat
# should be the namespace where metricbeat is running
namespace: kube-system
labels:
k8s-app: metricbeat
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs: ["get", "create", "update"]Seems related to elastic/beats#24958
We may also add it to Filebeat chart => https://github.com/elastic/beats/blob/ac8275f72e55b699fb5ae41c68774280d7188bd3/deploy/kubernetes/filebeat/filebeat-role.yaml#L22-L35 |
|
@jmlrt Just added a single role for filebeat and metricbeat, can you please have a look at it? |
jmlrt
suggested changes
Dec 9, 2021
Comment on lines
+262
to
+265
| - apiGroups: ["coordination.k8s.io"] | ||
| resources: | ||
| - leases | ||
| verbs: ["create", "get", "list", "update"] |
There was a problem hiding this comment.
I think this should also be added to
helm-charts/filebeat/values.yaml
Lines 203 to 213 in c52ad07
jmlrt
added a commit
to jmlrt/helm-charts
that referenced
this pull request
Mar 3, 2022
…ic#1422) * Adding support to Ingress networking.k8s.io/v1 * Adjusting ES service name * Removing ingress typo & adjusting python test * Adjusting python tests to use the new ingress version * fixing conflict * Adding support to kubernetes ingress v1 & ClassName * Adding reformatted files * fixing conflict * Adding ClassName & Pathtype on ingress settings * Performing syntax adjustments and removing comments * custerRole permissions for leader election in k8s 1.19+ * Adding fb & mb role Co-authored-by: jmlrt <8582351+jmlrt@users.noreply.github.com>
jmlrt
added a commit
that referenced
this pull request
Mar 4, 2022
#1600) * Adding support to Ingress networking.k8s.io/v1 * Adjusting ES service name * Removing ingress typo & adjusting python test * Adjusting python tests to use the new ingress version * fixing conflict * Adding support to kubernetes ingress v1 & ClassName * Adding reformatted files * fixing conflict * Adding ClassName & Pathtype on ingress settings * Performing syntax adjustments and removing comments * custerRole permissions for leader election in k8s 1.19+ * Adding fb & mb role Co-authored-by: jmlrt <8582351+jmlrt@users.noreply.github.com> Co-authored-by: framsouza <francismara.souza@elastic.co>
jmlrt
added a commit
to jmlrt/helm-charts
that referenced
this pull request
Mar 4, 2022
This commits add a rolebinding and cluster role rules to match https://github.com/elastic/beats/blob/main/deploy/kubernetes/metricbeat-kubernetes.yaml Follow-up of elastic#1422
jmlrt
added a commit
that referenced
this pull request
Mar 7, 2022
This commits add a rolebinding and cluster role rules to match https://github.com/elastic/beats/blob/main/deploy/kubernetes/metricbeat-kubernetes.yaml Follow-up of #1422
jmlrt
added a commit
to jmlrt/helm-charts
that referenced
this pull request
Mar 7, 2022
…1603) This commits add a rolebinding and cluster role rules to match https://github.com/elastic/beats/blob/main/deploy/kubernetes/metricbeat-kubernetes.yaml Follow-up of elastic#1422
jmlrt
added a commit
that referenced
this pull request
Mar 8, 2022
…1607) This commits add a rolebinding and cluster role rules to match https://github.com/elastic/beats/blob/main/deploy/kubernetes/metricbeat-kubernetes.yaml Follow-up of #1422
Merged
jmlrt
added a commit
to jmlrt/helm-charts
that referenced
this pull request
Mar 8, 2022
* 7.17.1 as default version. | PR | Author | Title | |-----------------------------------------------------------|----------------------------------------------|-------------------------------------------------------------------------| | [elastic#1604](elastic#1604) | [@jmlrt](https://github.com/jmlrt) | [meta] update docker images | | [elastic#1603](elastic#1603) | [@jmlrt](https://github.com/jmlrt) | [metricbeat] add missing rolebinding and cluster role rules | | [elastic#1602](elastic#1602) | [@jmlrt](https://github.com/jmlrt) | [filebeat] add missing rolebinding and cluster role rules | | [elastic#1593](elastic#1593) | [@jmlrt](https://github.com/jmlrt) | [meta] add support for k8s 1.22 | | [elastic#1582](elastic#1582) | [@jmlrt](https://github.com/jmlrt) | [kibana] fix extra values default values | | [elastic#1581](elastic#1581) | [@jmlrt](https://github.com/jmlrt) | [logstash] fix ServiceAccount inconsistencies | | [elastic#1580](elastic#1580) | [@jmlrt](https://github.com/jmlrt) | [elasticsearch] fix ServiceAccount inconsistencies | | [elastic#1570](elastic#1570) | [@jmlrt](https://github.com/jmlrt) | [logstash] add externalTrafficPolicy support | | [elastic#1569](elastic#1569) | [@jmlrt](https://github.com/jmlrt) | [logstash] add flexible ingress | | [elastic#1563](elastic#1563) | [@jmlrt](https://github.com/jmlrt) | [meta] bump Helm version to 3.8.0 | | [elastic#1538](elastic#1538) | [@chetanv-oi](https://github.com/chetanv-oi) | [elasticsearch] move the yaml separator inside the condition | | [elastic#1530](elastic#1530) | [@jmlrt](https://github.com/jmlrt) | [kibana] use bash for readiness script | | [elastic#1527](elastic#1527) | [@ebuildy](https://github.com/ebuildy) | [apm-server] add pod labels | | [elastic#1524](elastic#1524) | [@beatkind](https://github.com/beatkind) | [metricbeat] bump kube-state-metrics to version 4.7.0 | | [elastic#1521](elastic#1521) | [@ebuildy](https://github.com/ebuildy) | [apm-server] fix podLabels | | [elastic#1494](elastic#1494) | [@ebuildy](https://github.com/ebuildy) | [elasticsearch] add keystore container securityContext | | [elastic#1450](elastic#1450) | [@dmarcs](https://github.com/dmarcs) | [logstash] allow array values for extra | | [elastic#1422](elastic#1422) | [@framsouza](https://github.com/framsouza) | [metricbeat] adding custerRole permissions for leader election | | [elastic#1420](elastic#1420) | [@framsouza](https://github.com/framsouza) | [elasticsearch] [logstash] add support to PodDisruptionBudget policy/v1 | | [elastic#1417](elastic#1417) | [@framsouza](https://github.com/framsouza) | [kibana] add annotations at deployment level |
jmlrt
added a commit
that referenced
this pull request
Mar 8, 2022
* 7.17.1 release changelog * 7.17.1 as default version. | PR | Author | Title | |-----------------------------------------------------------|----------------------------------------------|-------------------------------------------------------------------------| | [#1604](#1604) | [@jmlrt](https://github.com/jmlrt) | [meta] update docker images | | [#1603](#1603) | [@jmlrt](https://github.com/jmlrt) | [metricbeat] add missing rolebinding and cluster role rules | | [#1602](#1602) | [@jmlrt](https://github.com/jmlrt) | [filebeat] add missing rolebinding and cluster role rules | | [#1593](#1593) | [@jmlrt](https://github.com/jmlrt) | [meta] add support for k8s 1.22 | | [#1582](#1582) | [@jmlrt](https://github.com/jmlrt) | [kibana] fix extra values default values | | [#1581](#1581) | [@jmlrt](https://github.com/jmlrt) | [logstash] fix ServiceAccount inconsistencies | | [#1580](#1580) | [@jmlrt](https://github.com/jmlrt) | [elasticsearch] fix ServiceAccount inconsistencies | | [#1570](#1570) | [@jmlrt](https://github.com/jmlrt) | [logstash] add externalTrafficPolicy support | | [#1569](#1569) | [@jmlrt](https://github.com/jmlrt) | [logstash] add flexible ingress | | [#1563](#1563) | [@jmlrt](https://github.com/jmlrt) | [meta] bump Helm version to 3.8.0 | | [#1538](#1538) | [@chetanv-oi](https://github.com/chetanv-oi) | [elasticsearch] move the yaml separator inside the condition | | [#1530](#1530) | [@jmlrt](https://github.com/jmlrt) | [kibana] use bash for readiness script | | [#1527](#1527) | [@ebuildy](https://github.com/ebuildy) | [apm-server] add pod labels | | [#1524](#1524) | [@beatkind](https://github.com/beatkind) | [metricbeat] bump kube-state-metrics to version 4.7.0 | | [#1521](#1521) | [@ebuildy](https://github.com/ebuildy) | [apm-server] fix podLabels | | [#1494](#1494) | [@ebuildy](https://github.com/ebuildy) | [elasticsearch] add keystore container securityContext | | [#1450](#1450) | [@dmarcs](https://github.com/dmarcs) | [logstash] allow array values for extra | | [#1422](#1422) | [@framsouza](https://github.com/framsouza) | [metricbeat] adding custerRole permissions for leader election | | [#1420](#1420) | [@framsouza](https://github.com/framsouza) | [elasticsearch] [logstash] add support to PodDisruptionBudget policy/v1 | | [#1417](#1417) | [@framsouza](https://github.com/framsouza) | [kibana] add annotations at deployment level | * add breaking changes + update all toc instructions * fix breaking change error
Merged
This was referenced Sep 14, 2022
Merged
galina-tochilkin
pushed a commit
to mtp-devops/3d-party-helm
that referenced
this pull request
Dec 20, 2022
* 7.17.1 release changelog * 7.17.1 as default version. | PR | Author | Title | |-----------------------------------------------------------|----------------------------------------------|-------------------------------------------------------------------------| | [#1604](elastic/helm-charts#1604) | [@jmlrt](https://github.com/jmlrt) | [meta] update docker images | | [#1603](elastic/helm-charts#1603) | [@jmlrt](https://github.com/jmlrt) | [metricbeat] add missing rolebinding and cluster role rules | | [#1602](elastic/helm-charts#1602) | [@jmlrt](https://github.com/jmlrt) | [filebeat] add missing rolebinding and cluster role rules | | [#1593](elastic/helm-charts#1593) | [@jmlrt](https://github.com/jmlrt) | [meta] add support for k8s 1.22 | | [#1582](elastic/helm-charts#1582) | [@jmlrt](https://github.com/jmlrt) | [kibana] fix extra values default values | | [#1581](elastic/helm-charts#1581) | [@jmlrt](https://github.com/jmlrt) | [logstash] fix ServiceAccount inconsistencies | | [#1580](elastic/helm-charts#1580) | [@jmlrt](https://github.com/jmlrt) | [elasticsearch] fix ServiceAccount inconsistencies | | [#1570](elastic/helm-charts#1570) | [@jmlrt](https://github.com/jmlrt) | [logstash] add externalTrafficPolicy support | | [#1569](elastic/helm-charts#1569) | [@jmlrt](https://github.com/jmlrt) | [logstash] add flexible ingress | | [#1563](elastic/helm-charts#1563) | [@jmlrt](https://github.com/jmlrt) | [meta] bump Helm version to 3.8.0 | | [#1538](elastic/helm-charts#1538) | [@chetanv-oi](https://github.com/chetanv-oi) | [elasticsearch] move the yaml separator inside the condition | | [#1530](elastic/helm-charts#1530) | [@jmlrt](https://github.com/jmlrt) | [kibana] use bash for readiness script | | [#1527](elastic/helm-charts#1527) | [@ebuildy](https://github.com/ebuildy) | [apm-server] add pod labels | | [#1524](elastic/helm-charts#1524) | [@beatkind](https://github.com/beatkind) | [metricbeat] bump kube-state-metrics to version 4.7.0 | | [#1521](elastic/helm-charts#1521) | [@ebuildy](https://github.com/ebuildy) | [apm-server] fix podLabels | | [#1494](elastic/helm-charts#1494) | [@ebuildy](https://github.com/ebuildy) | [elasticsearch] add keystore container securityContext | | [#1450](elastic/helm-charts#1450) | [@dmarcs](https://github.com/dmarcs) | [logstash] allow array values for extra | | [#1422](elastic/helm-charts#1422) | [@framsouza](https://github.com/framsouza) | [metricbeat] adding custerRole permissions for leader election | | [#1420](elastic/helm-charts#1420) | [@framsouza](https://github.com/framsouza) | [elasticsearch] [logstash] add support to PodDisruptionBudget policy/v1 | | [#1417](elastic/helm-charts#1417) | [@framsouza](https://github.com/framsouza) | [kibana] add annotations at deployment level | * add breaking changes + update all toc instructions * fix breaking change error
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds permissions to metricbeat use leader election (auto discovery)
Fix #1415