From b0f1bccd0128536f0b1645c585e1dfcbc1c49582 Mon Sep 17 00:00:00 2001
From: Chris Mark <chrismarkou92@gmail.com>
Date: Thu, 6 Feb 2020 10:55:05 +0200
Subject: [PATCH] Make use of secure port when accessing Kubelet API (#2520)

What does this PR do?
This PR switches Metricbeat k8s manifests and docs to point to Kubelet secure port over https instead of the insecure port.

Why is it important?
Insecure port of Kubelet (10255/TCP) is now less common and discouraged and also in most cases it is not enabled by default (requiring to restart kubelet with --read-only-port flag)

Related to elastic/beats#16063
---
 config/recipes/beats/3_metricbeat-kubernetes.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/recipes/beats/3_metricbeat-kubernetes.yaml b/config/recipes/beats/3_metricbeat-kubernetes.yaml
index 63bc3bea4e..2da962339a 100644
--- a/config/recipes/beats/3_metricbeat-kubernetes.yaml
+++ b/config/recipes/beats/3_metricbeat-kubernetes.yaml
@@ -75,11 +75,11 @@ data:
         - volume
       period: 10s
       host: ${NODE_NAME}
-      hosts: ["localhost:10255"]
-      # If using Red Hat OpenShift remove the previous hosts entry and 
+      hosts: ["https://${HOSTNAME}:10250"]
+      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      ssl.verification_mode: "none"
+      # If using Red Hat OpenShift remove ssl.verification_mode entry and
       # uncomment these settings:
-      #hosts: ["https://${HOSTNAME}:10250"]
-      #bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
       #ssl.certificate_authorities:
         #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
     - module: kubernetes