![filebeats kubernetes filebeats kubernetes](https://www.fosstechnix.com/wp-content/uploads/2020/05/how-to-Install-Elastic-Stack-on-centos-7.png)
TerminationMessagePath: /dev/termination-log workloadselector: daemonSet-filebeat-filebeat
![filebeats kubernetes filebeats kubernetes](http://davegarry.com/wp-content/uploads/2020/09/image-2-768x205.png)
This is my workload yaml: apiVersion: apps/v1 13:19:05 Exiting: error initializing processors: kubernetes api: Failure 403 pods is forbidden: User "system:serviceaccount:filebeat:default" cannot list resource "pods" in API group "" at the cluster scope
#Filebeats kubernetes software
13:19:05 T12:19:05.195Z ERROR instance/beat.go:877 Exiting: error initializing processors: kubernetes api: Failure 403 pods is forbidden: User "system:serviceaccount:filebeat:default" cannot list resource "pods" in API group "" at the cluster scope If its about Gitlab, Jenkins, Chef, Ansible, AWS, Azure, Kubernetes, Software Engineer then it belongs here. 13:19:05 T12:19:05.195Z ERROR kubernetes/watcher.go:185 kubernetes: Performing a resource sync err kubernetes api: Failure 403 pods is forbidden: User "system:serviceaccount:filebeat:default" cannot list resource "pods" in API group "" at the cluster scope for *v1.PodList The wizard can be accessed via the Log Shipping Filebeat page. This allows users to easily define their Filebeat configuration file and avoid common syntax errors. 13:19:05 T12:19:05.194Z INFO kubernetes/watcher.go:182 kubernetes: Performing a resource sync for *v1.PodList Logz.io provides a Filebeat Wizard that results in an automatically formatted YAML file. 13:19:05 T12:19:05.194Z ERROR kubernetes/util.go:90 kubernetes: Querying for pod failed with error: kubernetes api: Failure 403 pods "filebeat-zw28r" is forbidden: User "system:serviceaccount:filebeat:default" cannot get resource "pods" in API group "" in the namespace "filebeat" 13:19:05 T12:19:05.190Z INFO kubernetes/util.go:86 kubernetes: Using pod name filebeat-zw28r and namespace filebeat to discover kubernetes node Then go to /etc/filebeat folder and open the filebeat.yml file ,remove the exising configuration and paste the below. Copy the logstash certificate to /etc/filebeat folder. My entire deploy routine is based on using the rancher api, so is there any way i can allow filebeat workload access to kubernetes api without manually creating service account in kubectl? More specifically is there any way to make logstash work in rancher by only using workload yaml or rancher api. After the package is installed on the system, The above installation will create a filebeat folder under /etc directory. I would like to have complete control of the config, so creating the filebeat helm chart through rancher api is not what i want even if this solves my automation “problem”.
#Filebeats kubernetes manual
I know that the helm chart for filebeat correctly creates a service account to access the kubernetes api, my manual setup don’t do this and therefor i get an error.
#Filebeats kubernetes install
I’m trying to install filebeat without using rancher app (helm). Se below for workload yaml and container error related to my problem.