Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.
This repository has been archived by the owner on May 16, 2023. It is now read-only.

[filebeat] add support for optional mount the default volumes/volumesMounts #1620

Open
Open
[filebeat] add support for optional mount the default volumes/volumesMounts#1620

Description

@v8v5v

v8v5v
openedon Mar 16, 2022

Describe the feature:
Please, make some of the default hard-coded volumes and volumeMounts optional for Filebeat DaemonSet.

At this moment Filebeat DaemonSet has some hard-coded volumes/volumeMounts:

volumes:
  - name: varlibdockercontainers
    hostPath:
      path: /var/lib/docker/containers
  - name: varlog
    hostPath:
      path: /var/log
  - name: varrundockersock
    hostPath:
      path: /var/run/docker.sock

volumeMounts:
  - name: varlibdockercontainers
    mountPath: /var/lib/docker/containers
    readOnly: true
  - name: varlog
    mountPath: /var/log
    readOnly: true
  # Necessary when using autodiscovery; avoid mounting it otherwise
  # See: https://www.elastic.co/guide/en/beats/filebeat/7.17/configuration-autodiscover.html
  - name: varrundockersock
    mountPath: /var/run/docker.sock
    readOnly: true

It would be great to be able to use them optionally.

For example, to configure them inside extraVolumes and extraVolumeMounts in values.yaml (in the same way like it would be done with Filebeat Deployment);

or alternatively, to have the ability to disable them with using some keys in values.yaml config (example: mountDockerSock: true|false, mountVarLog: true|false)

Describe a specific use case for the feature:

  1. If the Docker is not installed on the target machine (for example, if containerd is used):
    then 2 new empty directories would be created:

    • /var/lib/docker/containers/
    • /var/run/docker.sock/

  2. The sharing of full /var/log directory is not always desired
    If Filebeat DaemonSet is used only for containers logs delivery, it is excessive to share the whole directory which contains all node logs.
    In case the container is compromised, access to all node logs might also be undesired and could be considered as a security flaw.

  3. mounting /var/run/docker.sock is only necessary for autodiscovery as it is written in manifest itself:

# Necessary when using autodiscovery; avoid mounting it otherwise
# See: https://www.elastic.co/guide/en/beats/filebeat/7.17/configuration-autodiscover.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    featurequestionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions