journalbeat is not shipping logs to ElasticSearch or not outputting logs on console in Kubernetes

问题

I am not sure if anyone has tried using journalbeat to ship logs to elasticsearch or even console output. I am trying to do the same. Its running fine but not shipping any logs. Any leads would be appreciated

00-configmap.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: journalbeat-config
  labels:
    k8s-app: journalbeat-logging
    version: v1
data:
  journalbeat.yml: |
    name: "${NODENAME}"
    journalbeat.inputs:
    - paths: []
      seek: cursor
      cursor_seek_fallback: tail

    processors:
    - add_kubernetes_metadata:
        host: "${NODENAME}"
        in_cluster: true
        default_indexers.enabled: false
        default_matchers.enabled: false
        indexers:
          - container:
        matchers:
          - fields:
              lookup_fields: ["container.id"]
    - decode_json_fields:
        fields: ["message"]
        process_array: false
        max_depth: 1
        target: ""
        overwrite_keys: true
    - drop_event.when:
        or:
        - regexp.kubernetes.pod.name: "filebeat-.*"
        - regexp.kubernetes.pod.name: "journalbeat-.*"
        - regexp.kubernetes.pod.name: "nginx-ingress-controller-.*"
        - regexp.kubernetes.pod.name: "prometheus-operator-.*"

    setup.template.enabled: false
    setup.template.name: "journal-${ENVIRONMENT}-%{[agent.version]}"
    setup.template.pattern: "journal-${ENVIRONMENT}-%{[agent.version]}-*"
    setup.template.settings:
      index.number_of_shards: 10
      index.refresh_interval: 10s

    output.logstash:
      hosts: '${LOGSTASH_HOSTS}'
      compression_level: 7

clusterrole.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: journalbeat
rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
      - pods
    verbs:
      - get
      - watch
      - list
  - apiGroups:
      - extensions
    resourceNames:
      - journalbeat
    resources:
      - podsecuritypolicies
    verbs:
      - use

rolebinding.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: journalbeat
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: journalbeat
subjects:
  - kind: ServiceAccount
    name: journalbeat
    namespace: default

podsecuritypolicy.yaml

---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
  name: journalbeat
spec:
  allowedCapabilities:
    - KILL
    - CHOWN
    - FSETID
    - FOWNER
    - SETGID
    - SETUID
    - SETFCAP
    - SETPCAP
    - AUDIT_WRITE
    - NET_BIND_SERVICE
  fsGroup:
    rule: RunAsAny
  hostIPC: false
  hostNetwork: false
  hostPID: false
  privileged: false
  requiredDropCapabilities:
    - MKNOD
    - DAC_OVERRIDE
    - NET_RAW
    - SYS_CHROOT
  runAsUser:
    rule: RunAsAny
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  volumes:
    - secret
    - configMap
    - hostPath

ServiceAccount.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: journalbeat

Daemonset.yaml

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: journalbeat
  labels:
    k8s-app: journalbeat-logging
    version: v1
spec:
  selector:
    matchLabels:
      k8s-app: journalbeat-logging
      version: v1


  template:
    metadata:
      labels:
        k8s-app: journalbeat-logging
        version: v1
        app: journalbeat
        name: journalbeat
    spec:
      containers:
        - args:
            - -e
            - -c
            - /etc/journalbeat.yml
          command:
            - journalbeat
          env:
            - name: NODENAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: PODNAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: ELASTICSEARCH_HOSTS
              value: "elasticsearch.domain.com"
            - name: ELASTICSEARCH_USERNAME
              value: "elastic"
            - name: ENVIRONMENT
              value: "test"
            - name: ELASTICSEARCH_PASSWORD
              value: "changeme"

          image: docker.elastic.co/beats/journalbeat:7.3.0
          imagePullPolicy: Always
          name: journalbeat
          resources:
            limits:
              cpu: 600m
              memory: 800Mi
            requests:
              cpu: 200m
              memory: 400Mi
          volumeMounts:
#            - mountPath: /usr/share/journalbeat/data
#              name: data
            - mountPath: /var/log/journal
              name: var-journal
#            - mountPath: /run/log/journal
#              name: run-journal
            - mountPath: /etc/journalbeat.yml
              name: config
              subPath: journalbeat.yml
            - mountPath: /etc/machine-id
              name: machine-id
      hostNetwork: true
      nodeSelector: {}
      securityContext:
        fsGroup: 0
        runAsUser: 0
      serviceAccount: journalbeat
      terminationGracePeriodSeconds: 60
      tolerations:
        - effect: NoSchedule
          key: node-role.kubernetes.io/master
      volumes:
        - hostPath:
            path: /var/log/journal/journalbeat-data
          name: data
        - hostPath:
            path: /var/log/journal
          name: var-journal
#        - hostPath:
#            path: /run/log/journal
#          name: run-journal
        - hostPath:
            path: /etc/machine-id
          name: machine-id
        - configMap:
            items:
              - key: journalbeat.yml
                path: journalbeat.yml
            name: journalbeat-config
          name: config

来源：https://stackoverflow.com/questions/62550249/journalbeat-is-not-shipping-logs-to-elasticsearch-or-not-outputting-logs-on-cons