From f8cb7e85e5a378fab1c4f9249c9f2e2526f939ee Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Thu, 24 Apr 2025 20:54:32 +0100 Subject: [PATCH] drop deployment/elastic-agent.yml --- deploy/elastic-agent.yml | 1135 -------------------------------------- 1 file changed, 1135 deletions(-) delete mode 100644 deploy/elastic-agent.yml diff --git a/deploy/elastic-agent.yml b/deploy/elastic-agent.yml deleted file mode 100644 index 2bda929..0000000 --- a/deploy/elastic-agent.yml +++ /dev/null @@ -1,1135 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: agent-node-datastreams - namespace: kube-system - labels: - k8s-app: elastic-agent -data: - agent.yml: |- - id: 73a81330-1910-11ee-b20d-d98d3a64e60b - outputs: - default: - type: elasticsearch - hosts: - - 'https://es.euphon.uk:443' - username: 'elastic' - password: 'f37QjBRklMXU4hPn' - allow_older_versions: true - inputs: - - id: kubernetes/metrics-kubelet-9d099e73-6c3c-4b20-acab-5f460f2a9709 - revision: 1 - name: emblem - type: kubernetes/metrics - data_stream: - namespace: default - use_output: default - package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 - streams: - - id: >- - kubernetes/metrics-kubernetes.container-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.container - metricsets: - - container - add_metadata: true - hosts: - - 'https://${env.NODE_NAME}:10250' - period: 10s - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - ssl.verification_mode: none - - id: >- - kubernetes/metrics-kubernetes.node-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.node - metricsets: - - node - add_metadata: true - hosts: - - 'https://${env.NODE_NAME}:10250' - period: 10s - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - ssl.verification_mode: none - - id: >- - kubernetes/metrics-kubernetes.pod-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.pod - metricsets: - - pod - add_metadata: true - hosts: - - 'https://${env.NODE_NAME}:10250' - period: 10s - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - ssl.verification_mode: none - - id: >- - kubernetes/metrics-kubernetes.system-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.system - metricsets: - - system - add_metadata: true - hosts: - - 'https://${env.NODE_NAME}:10250' - period: 10s - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - ssl.verification_mode: none - - id: >- - kubernetes/metrics-kubernetes.volume-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.volume - metricsets: - - volume - add_metadata: true - hosts: - - 'https://${env.NODE_NAME}:10250' - period: 10s - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - ssl.verification_mode: none - meta: - package: - name: kubernetes - version: 1.29.2 - - id: >- - kubernetes/metrics-kube-state-metrics-9d099e73-6c3c-4b20-acab-5f460f2a9709 - revision: 1 - name: emblem - type: kubernetes/metrics - data_stream: - namespace: default - use_output: default - package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 - streams: - - id: >- - kubernetes/metrics-kubernetes.state_container-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_container - metricsets: - - state_container - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_cronjob-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_cronjob - metricsets: - - state_cronjob - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_daemonset-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_daemonset - metricsets: - - state_daemonset - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_deployment-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_deployment - metricsets: - - state_deployment - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_job-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_job - metricsets: - - state_job - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_node-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_node - metricsets: - - state_node - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_persistentvolume-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_persistentvolume - metricsets: - - state_persistentvolume - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_persistentvolumeclaim-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_persistentvolumeclaim - metricsets: - - state_persistentvolumeclaim - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_pod-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_pod - metricsets: - - state_pod - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_replicaset-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_replicaset - metricsets: - - state_replicaset - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_resourcequota-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_resourcequota - metricsets: - - state_resourcequota - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_service-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_service - metricsets: - - state_service - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_statefulset-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_statefulset - metricsets: - - state_statefulset - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - id: >- - kubernetes/metrics-kubernetes.state_storageclass-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.state_storageclass - metricsets: - - state_storageclass - add_metadata: true - hosts: - - 'kube-state-metrics:8080' - period: 10s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - meta: - package: - name: kubernetes - version: 1.29.2 - - id: kubernetes/metrics-kube-apiserver-9d099e73-6c3c-4b20-acab-5f460f2a9709 - revision: 1 - name: emblem - type: kubernetes/metrics - data_stream: - namespace: default - use_output: default - package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 - streams: - - id: >- - kubernetes/metrics-kubernetes.apiserver-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.apiserver - metricsets: - - apiserver - hosts: - - >- - https://${env.KUBERNETES_SERVICE_HOST}:${env.KUBERNETES_SERVICE_PORT} - period: 30s - condition: '${kubernetes_leaderelection.leader} == true' - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - ssl.certificate_authorities: - - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - meta: - package: - name: kubernetes - version: 1.29.2 - - id: kubernetes/metrics-kube-proxy-9d099e73-6c3c-4b20-acab-5f460f2a9709 - revision: 1 - name: emblem - type: kubernetes/metrics - data_stream: - namespace: default - use_output: default - package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 - streams: - - id: >- - kubernetes/metrics-kubernetes.proxy-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.proxy - metricsets: - - proxy - hosts: - - 'localhost:10249' - period: 10s - meta: - package: - name: kubernetes - version: 1.29.2 - - id: kubernetes/metrics-events-9d099e73-6c3c-4b20-acab-5f460f2a9709 - revision: 1 - name: emblem - type: kubernetes/metrics - data_stream: - namespace: default - use_output: default - package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 - streams: - - id: >- - kubernetes/metrics-kubernetes.event-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: metrics - dataset: kubernetes.event - metricsets: - - event - period: 10s - add_metadata: true - skip_older: true - condition: '${kubernetes_leaderelection.leader} == true' - meta: - package: - name: kubernetes - version: 1.29.2 - - id: filestream-container-logs-9d099e73-6c3c-4b20-acab-5f460f2a9709 - revision: 1 - name: emblem - type: filestream - data_stream: - namespace: default - use_output: default - package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 - streams: - - id: >- - kubernetes-container-logs-${kubernetes.pod.name}-${kubernetes.container.id} - data_stream: - type: logs - dataset: kubernetes.container_logs - paths: - - '/var/log/containers/*${kubernetes.container.id}.log' - prospector.scanner.symlinks: true - parsers: - - container: - stream: all - format: auto - meta: - package: - name: kubernetes - version: 1.29.2 - - id: filestream-audit-logs-9d099e73-6c3c-4b20-acab-5f460f2a9709 - revision: 1 - name: emblem - type: filestream - data_stream: - namespace: default - use_output: default - package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 - streams: - - id: >- - filestream-kubernetes.audit_logs-9d099e73-6c3c-4b20-acab-5f460f2a9709 - data_stream: - type: logs - dataset: kubernetes.audit_logs - paths: - - /var/log/kubernetes/kube-apiserver-audit.log - exclude_files: - - .gz$ - parsers: - - ndjson: - add_error_key: true - target: kubernetes_audit - processors: - - rename: - fields: - - from: kubernetes_audit - to: kubernetes.audit - - drop_fields: - when: - has_fields: kubernetes.audit.responseObject - fields: - - kubernetes.audit.responseObject.metadata - - drop_fields: - when: - has_fields: kubernetes.audit.requestObject - fields: - - kubernetes.audit.requestObject.metadata - - script: - lang: javascript - id: dedot_annotations - source: | - function process(event) { - var audit = event.Get("kubernetes.audit"); - for (var annotation in audit["annotations"]) { - var annotation_dedoted = annotation.replace(/\./g,'_') - event.Rename("kubernetes.audit.annotations."+annotation, "kubernetes.audit.annotations."+annotation_dedoted) - } - return event; - } function test() { - var event = process(new Event({ "kubernetes": { "audit": { "annotations": { "authorization.k8s.io/decision": "allow", "authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"system:kube-scheduler\" of ClusterRole \"system:kube-scheduler\" to User \"system:kube-scheduler\"" } } } })); - if (event.Get("kubernetes.audit.annotations.authorization_k8s_io/decision") !== "allow") { - throw "expected kubernetes.audit.annotations.authorization_k8s_io/decision === allow"; - } - } - meta: - package: - name: kubernetes - version: 1.29.2 - - id: logfile-system-51bc31a5-c238-4281-be45-87d5111fc100 - revision: 1 - name: system-1 - type: logfile - data_stream: - namespace: default - use_output: default - package_policy_id: 51bc31a5-c238-4281-be45-87d5111fc100 - streams: - - id: logfile-system.auth-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: logs - dataset: system.auth - ignore_older: 72h - paths: - - /var/log/auth.log* - - /var/log/secure* - exclude_files: - - .gz$ - multiline: - pattern: ^\s - match: after - tags: - - system-auth - processors: - - add_locale: null - - id: logfile-system.syslog-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: logs - dataset: system.syslog - paths: - - /var/log/messages* - - /var/log/syslog* - exclude_files: - - .gz$ - multiline: - pattern: ^\s - match: after - processors: - - add_locale: null - ignore_older: 72h - meta: - package: - name: system - version: 1.25.2 - - id: winlog-system-51bc31a5-c238-4281-be45-87d5111fc100 - revision: 1 - name: system-1 - type: winlog - data_stream: - namespace: default - use_output: default - package_policy_id: 51bc31a5-c238-4281-be45-87d5111fc100 - streams: - - id: winlog-system.application-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: logs - dataset: system.application - name: Application - condition: '${host.platform} == ''windows''' - ignore_older: 72h - - id: winlog-system.security-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: logs - dataset: system.security - name: Security - condition: '${host.platform} == ''windows''' - ignore_older: 72h - - id: winlog-system.system-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: logs - dataset: system.system - name: System - condition: '${host.platform} == ''windows''' - ignore_older: 72h - meta: - package: - name: system - version: 1.25.2 - - id: system/metrics-system-51bc31a5-c238-4281-be45-87d5111fc100 - revision: 1 - name: system-1 - type: system/metrics - data_stream: - namespace: default - use_output: default - package_policy_id: 51bc31a5-c238-4281-be45-87d5111fc100 - streams: - - id: system/metrics-system.cpu-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: metrics - dataset: system.cpu - metricsets: - - cpu - cpu.metrics: - - percentages - - normalized_percentages - period: 10s - - id: system/metrics-system.diskio-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: metrics - dataset: system.diskio - metricsets: - - diskio - diskio.include_devices: null - period: 10s - - id: >- - system/metrics-system.filesystem-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: metrics - dataset: system.filesystem - metricsets: - - filesystem - period: 1m - processors: - - drop_event.when.regexp: - system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/) - - id: system/metrics-system.fsstat-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: metrics - dataset: system.fsstat - metricsets: - - fsstat - period: 1m - processors: - - drop_event.when.regexp: - system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/) - - id: system/metrics-system.load-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: metrics - dataset: system.load - metricsets: - - load - condition: '${host.platform} != ''windows''' - period: 10s - - id: system/metrics-system.memory-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: metrics - dataset: system.memory - metricsets: - - memory - period: 10s - - id: system/metrics-system.network-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: metrics - dataset: system.network - metricsets: - - network - period: 10s - network.interfaces: null - - id: system/metrics-system.process-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: metrics - dataset: system.process - metricsets: - - process - period: 10s - process.include_top_n.by_cpu: 5 - process.include_top_n.by_memory: 5 - process.cmdline.cache.enabled: true - process.cgroups.enabled: false - process.include_cpu_ticks: false - processes: - - .* - - id: >- - system/metrics-system.process.summary-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: metrics - dataset: system.process.summary - metricsets: - - process_summary - period: 10s - - id: >- - system/metrics-system.socket_summary-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: metrics - dataset: system.socket_summary - metricsets: - - socket_summary - period: 10s - - id: system/metrics-system.uptime-51bc31a5-c238-4281-be45-87d5111fc100 - data_stream: - type: metrics - dataset: system.uptime - metricsets: - - uptime - period: 10s - meta: - package: - name: system - version: 1.25.2 - revision: 2 - agent: - download: - source_uri: 'https://artifacts.elastic.co/downloads/' - monitoring: - namespace: default - use_output: default - enabled: true - logs: true - metrics: true - output_permissions: - default: - _elastic_agent_monitoring: - indices: - - names: - - logs-elastic_agent.apm_server-default - privileges: &ref_0 - - auto_configure - - create_doc - - names: - - metrics-elastic_agent.apm_server-default - privileges: *ref_0 - - names: - - logs-elastic_agent.auditbeat-default - privileges: *ref_0 - - names: - - metrics-elastic_agent.auditbeat-default - privileges: *ref_0 - - names: - - logs-elastic_agent.cloud_defend-default - privileges: *ref_0 - - names: - - logs-elastic_agent.cloudbeat-default - privileges: *ref_0 - - names: - - metrics-elastic_agent.cloudbeat-default - privileges: *ref_0 - - names: - - logs-elastic_agent-default - privileges: *ref_0 - - names: - - metrics-elastic_agent.elastic_agent-default - privileges: *ref_0 - - names: - - metrics-elastic_agent.endpoint_security-default - privileges: *ref_0 - - names: - - logs-elastic_agent.endpoint_security-default - privileges: *ref_0 - - names: - - logs-elastic_agent.filebeat_input-default - privileges: *ref_0 - - names: - - metrics-elastic_agent.filebeat_input-default - privileges: *ref_0 - - names: - - logs-elastic_agent.filebeat-default - privileges: *ref_0 - - names: - - metrics-elastic_agent.filebeat-default - privileges: *ref_0 - - names: - - logs-elastic_agent.fleet_server-default - privileges: *ref_0 - - names: - - metrics-elastic_agent.fleet_server-default - privileges: *ref_0 - - names: - - logs-elastic_agent.heartbeat-default - privileges: *ref_0 - - names: - - metrics-elastic_agent.heartbeat-default - privileges: *ref_0 - - names: - - logs-elastic_agent.metricbeat-default - privileges: *ref_0 - - names: - - metrics-elastic_agent.metricbeat-default - privileges: *ref_0 - - names: - - logs-elastic_agent.osquerybeat-default - privileges: *ref_0 - - names: - - metrics-elastic_agent.osquerybeat-default - privileges: *ref_0 - - names: - - logs-elastic_agent.packetbeat-default - privileges: *ref_0 - - names: - - metrics-elastic_agent.packetbeat-default - privileges: *ref_0 - _elastic_agent_checks: - cluster: - - monitor - 9d099e73-6c3c-4b20-acab-5f460f2a9709: - indices: - - names: - - metrics-kubernetes.container-default - privileges: *ref_0 - - names: - - metrics-kubernetes.node-default - privileges: *ref_0 - - names: - - metrics-kubernetes.pod-default - privileges: *ref_0 - - names: - - metrics-kubernetes.system-default - privileges: *ref_0 - - names: - - metrics-kubernetes.volume-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_container-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_cronjob-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_daemonset-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_deployment-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_job-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_node-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_persistentvolume-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_persistentvolumeclaim-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_pod-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_replicaset-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_resourcequota-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_service-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_statefulset-default - privileges: *ref_0 - - names: - - metrics-kubernetes.state_storageclass-default - privileges: *ref_0 - - names: - - metrics-kubernetes.apiserver-default - privileges: *ref_0 - - names: - - metrics-kubernetes.proxy-default - privileges: *ref_0 - - names: - - metrics-kubernetes.event-default - privileges: *ref_0 - - names: - - logs-kubernetes.container_logs-default - privileges: *ref_0 - - names: - - logs-kubernetes.audit_logs-default - privileges: *ref_0 - 51bc31a5-c238-4281-be45-87d5111fc100: - indices: - - names: - - logs-system.auth-default - privileges: *ref_0 - - names: - - logs-system.syslog-default - privileges: *ref_0 - - names: - - logs-system.application-default - privileges: *ref_0 - - names: - - logs-system.security-default - privileges: *ref_0 - - names: - - logs-system.system-default - privileges: *ref_0 - - names: - - metrics-system.cpu-default - privileges: *ref_0 - - names: - - metrics-system.diskio-default - privileges: *ref_0 - - names: - - metrics-system.filesystem-default - privileges: *ref_0 - - names: - - metrics-system.fsstat-default - privileges: *ref_0 - - names: - - metrics-system.load-default - privileges: *ref_0 - - names: - - metrics-system.memory-default - privileges: *ref_0 - - names: - - metrics-system.network-default - privileges: *ref_0 - - names: - - metrics-system.process-default - privileges: *ref_0 - - names: - - metrics-system.process.summary-default - privileges: *ref_0 - - names: - - metrics-system.socket_summary-default - privileges: *ref_0 - - names: - - metrics-system.uptime-default - privileges: *ref_0 - ---- -# For more information refer https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-standalone.html -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: elastic-agent - namespace: kube-system - labels: - app: elastic-agent -spec: - selector: - matchLabels: - app: elastic-agent - template: - metadata: - labels: - app: elastic-agent - spec: - # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. - # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: elastic-agent - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - containers: - - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:8.5.1 - args: [ - "-c", "/etc/agent.yml", - "-e", - ] - env: - # The basic authentication username used to connect to Elasticsearch - # This user needs the privileges required to publish events to Elasticsearch. - - name: ES_USERNAME - value: "elastic" - # The basic authentication password used to connect to Elasticsearch - - name: ES_PASSWORD - value: "changeme" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - runAsUser: 0 - resources: - limits: - memory: 700Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - name: datastreams - mountPath: /etc/agent.yml - readOnly: true - subPath: agent.yml - - name: proc - mountPath: /hostfs/proc - readOnly: true - - name: cgroup - mountPath: /hostfs/sys/fs/cgroup - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - - name: varlog - mountPath: /var/log - readOnly: true - - name: etc-kubernetes - mountPath: /hostfs/etc/kubernetes - readOnly: true - - name: var-lib - mountPath: /hostfs/var/lib - readOnly: true - - name: passwd - mountPath: /hostfs/etc/passwd - readOnly: true - - name: group - mountPath: /hostfs/etc/group - readOnly: true - - name: etcsysmd - mountPath: /hostfs/etc/systemd - readOnly: true - volumes: - - name: datastreams - configMap: - defaultMode: 0640 - name: agent-node-datastreams - - name: proc - hostPath: - path: /proc - - name: cgroup - hostPath: - path: /sys/fs/cgroup - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: varlog - hostPath: - path: /var/log - # Needed for cloudbeat - - name: etc-kubernetes - hostPath: - path: /etc/kubernetes - # Needed for cloudbeat - - name: var-lib - hostPath: - path: /var/lib - # Needed for cloudbeat - - name: passwd - hostPath: - path: /etc/passwd - # Needed for cloudbeat - - name: group - hostPath: - path: /etc/group - # Needed for cloudbeat - - name: etcsysmd - hostPath: - path: /etc/systemd ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: ClusterRole - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: kube-system - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent-kubeadm-config - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: elastic-agent - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - # Needed for cloudbeat - - serviceaccounts - - persistentvolumes - - persistentvolumeclaims - verbs: ["get", "list", "watch"] - # Enable this rule only if planing to use kubernetes_secrets provider - #- apiGroups: [""] - # resources: - # - secrets - # verbs: ["get"] - - apiGroups: ["extensions"] - resources: - - replicasets - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: - - statefulsets - - deployments - - replicasets - - daemonsets - verbs: ["get", "list", "watch"] - - apiGroups: ["batch"] - resources: - - jobs - - cronjobs - verbs: ["get", "list", "watch"] - - apiGroups: - - "" - resources: - - nodes/stats - verbs: - - get - # Needed for apiserver - - nonResourceURLs: - - "/metrics" - verbs: - - get - # Needed for cloudbeat - - apiGroups: ["rbac.authorization.k8s.io"] - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: ["get", "list", "watch"] - # Needed for cloudbeat - - apiGroups: ["policy"] - resources: - - podsecuritypolicies - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent - # Should be the namespace where elastic-agent is running - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: ["get", "create", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - configmaps - resourceNames: - - kubeadm-config - verbs: ["get"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: elastic-agent - namespace: kube-system - labels: - k8s-app: elastic-agent ----