deploy/kubernetes/auditbeat/README.md
By deploying auditbeat as a DaemonSet we ensure we get a running auditbeat daemon on each node of the cluster.
Everything is deployed under kube-system namespace, you can change that by
updating YAML manifests under this folder.
We use official Beats Docker images, as they allow external files configuration, a ConfigMap is used for kubernetes specific settings. Check auditbeat-configmap.yaml for details.
Also, auditbeat-daemonset.yaml uses a set of environment variables to configure Elasticsearch output:
| Variable | Default | Description |
|---|---|---|
| ELASTICSEARCH_HOST | elasticsearch | Elasticsearch host |
| ELASTICSEARCH_PORT | 9200 | Elasticsearch port |
| ELASTICSEARCH_USERNAME | elastic | Elasticsearch username for HTTP auth |
| ELASTICSEARCH_PASSWORD | changeme | Elasticsearch password |
If there is an existing elasticsearch service in the kubernetes cluster these
defaults will use it.