apiVersion: v1 kind: ConfigMap metadata: name: agent-node-datastreams namespace: kube-system labels: k8s-app: elastic-agent data: agent.yml: |- id: 73a81330-1910-11ee-b20d-d98d3a64e60b outputs: default: type: elasticsearch hosts: - 'https://es.euphon.uk:443' username: 'elastic' password: 'f37QjBRklMXU4hPn' allow_older_versions: true inputs: - id: kubernetes/metrics-kubelet-9d099e73-6c3c-4b20-acab-5f460f2a9709 revision: 1 name: emblem type: kubernetes/metrics data_stream: namespace: default use_output: default package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 streams: - id: >- kubernetes/metrics-kubernetes.container-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.container metricsets: - container add_metadata: true hosts: - 'https://${env.NODE_NAME}:10250' period: 10s bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: none - id: >- kubernetes/metrics-kubernetes.node-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.node metricsets: - node add_metadata: true hosts: - 'https://${env.NODE_NAME}:10250' period: 10s bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: none - id: >- kubernetes/metrics-kubernetes.pod-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.pod metricsets: - pod add_metadata: true hosts: - 'https://${env.NODE_NAME}:10250' period: 10s bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: none - id: >- kubernetes/metrics-kubernetes.system-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.system metricsets: - system add_metadata: true hosts: - 'https://${env.NODE_NAME}:10250' period: 10s bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: none - id: >- kubernetes/metrics-kubernetes.volume-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.volume metricsets: - volume add_metadata: true hosts: - 'https://${env.NODE_NAME}:10250' period: 10s bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.verification_mode: none meta: package: name: kubernetes version: 1.29.2 - id: >- kubernetes/metrics-kube-state-metrics-9d099e73-6c3c-4b20-acab-5f460f2a9709 revision: 1 name: emblem type: kubernetes/metrics data_stream: namespace: default use_output: default package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 streams: - id: >- kubernetes/metrics-kubernetes.state_container-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_container metricsets: - state_container add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_cronjob-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_cronjob metricsets: - state_cronjob add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_daemonset-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_daemonset metricsets: - state_daemonset add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_deployment-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_deployment metricsets: - state_deployment add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_job-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_job metricsets: - state_job add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_node-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_node metricsets: - state_node add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_persistentvolume-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_persistentvolume metricsets: - state_persistentvolume add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_persistentvolumeclaim-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_persistentvolumeclaim metricsets: - state_persistentvolumeclaim add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_pod-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_pod metricsets: - state_pod add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_replicaset-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_replicaset metricsets: - state_replicaset add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_resourcequota-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_resourcequota metricsets: - state_resourcequota add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_service-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_service metricsets: - state_service add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_statefulset-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_statefulset metricsets: - state_statefulset add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - id: >- kubernetes/metrics-kubernetes.state_storageclass-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.state_storageclass metricsets: - state_storageclass add_metadata: true hosts: - 'kube-state-metrics:8080' period: 10s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token meta: package: name: kubernetes version: 1.29.2 - id: kubernetes/metrics-kube-apiserver-9d099e73-6c3c-4b20-acab-5f460f2a9709 revision: 1 name: emblem type: kubernetes/metrics data_stream: namespace: default use_output: default package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 streams: - id: >- kubernetes/metrics-kubernetes.apiserver-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.apiserver metricsets: - apiserver hosts: - >- https://${env.KUBERNETES_SERVICE_HOST}:${env.KUBERNETES_SERVICE_PORT} period: 30s condition: '${kubernetes_leaderelection.leader} == true' bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.certificate_authorities: - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt meta: package: name: kubernetes version: 1.29.2 - id: kubernetes/metrics-kube-proxy-9d099e73-6c3c-4b20-acab-5f460f2a9709 revision: 1 name: emblem type: kubernetes/metrics data_stream: namespace: default use_output: default package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 streams: - id: >- kubernetes/metrics-kubernetes.proxy-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.proxy metricsets: - proxy hosts: - 'localhost:10249' period: 10s meta: package: name: kubernetes version: 1.29.2 - id: kubernetes/metrics-events-9d099e73-6c3c-4b20-acab-5f460f2a9709 revision: 1 name: emblem type: kubernetes/metrics data_stream: namespace: default use_output: default package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 streams: - id: >- kubernetes/metrics-kubernetes.event-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: metrics dataset: kubernetes.event metricsets: - event period: 10s add_metadata: true skip_older: true condition: '${kubernetes_leaderelection.leader} == true' meta: package: name: kubernetes version: 1.29.2 - id: filestream-container-logs-9d099e73-6c3c-4b20-acab-5f460f2a9709 revision: 1 name: emblem type: filestream data_stream: namespace: default use_output: default package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 streams: - id: >- kubernetes-container-logs-${kubernetes.pod.name}-${kubernetes.container.id} data_stream: type: logs dataset: kubernetes.container_logs paths: - '/var/log/containers/*${kubernetes.container.id}.log' prospector.scanner.symlinks: true parsers: - container: stream: all format: auto meta: package: name: kubernetes version: 1.29.2 - id: filestream-audit-logs-9d099e73-6c3c-4b20-acab-5f460f2a9709 revision: 1 name: emblem type: filestream data_stream: namespace: default use_output: default package_policy_id: 9d099e73-6c3c-4b20-acab-5f460f2a9709 streams: - id: >- filestream-kubernetes.audit_logs-9d099e73-6c3c-4b20-acab-5f460f2a9709 data_stream: type: logs dataset: kubernetes.audit_logs paths: - /var/log/kubernetes/kube-apiserver-audit.log exclude_files: - .gz$ parsers: - ndjson: add_error_key: true target: kubernetes_audit processors: - rename: fields: - from: kubernetes_audit to: kubernetes.audit - drop_fields: when: has_fields: kubernetes.audit.responseObject fields: - kubernetes.audit.responseObject.metadata - drop_fields: when: has_fields: kubernetes.audit.requestObject fields: - kubernetes.audit.requestObject.metadata - script: lang: javascript id: dedot_annotations source: | function process(event) { var audit = event.Get("kubernetes.audit"); for (var annotation in audit["annotations"]) { var annotation_dedoted = annotation.replace(/\./g,'_') event.Rename("kubernetes.audit.annotations."+annotation, "kubernetes.audit.annotations."+annotation_dedoted) } return event; } function test() { var event = process(new Event({ "kubernetes": { "audit": { "annotations": { "authorization.k8s.io/decision": "allow", "authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"system:kube-scheduler\" of ClusterRole \"system:kube-scheduler\" to User \"system:kube-scheduler\"" } } } })); if (event.Get("kubernetes.audit.annotations.authorization_k8s_io/decision") !== "allow") { throw "expected kubernetes.audit.annotations.authorization_k8s_io/decision === allow"; } } meta: package: name: kubernetes version: 1.29.2 - id: logfile-system-51bc31a5-c238-4281-be45-87d5111fc100 revision: 1 name: system-1 type: logfile data_stream: namespace: default use_output: default package_policy_id: 51bc31a5-c238-4281-be45-87d5111fc100 streams: - id: logfile-system.auth-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: logs dataset: system.auth ignore_older: 72h paths: - /var/log/auth.log* - /var/log/secure* exclude_files: - .gz$ multiline: pattern: ^\s match: after tags: - system-auth processors: - add_locale: null - id: logfile-system.syslog-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: logs dataset: system.syslog paths: - /var/log/messages* - /var/log/syslog* exclude_files: - .gz$ multiline: pattern: ^\s match: after processors: - add_locale: null ignore_older: 72h meta: package: name: system version: 1.25.2 - id: winlog-system-51bc31a5-c238-4281-be45-87d5111fc100 revision: 1 name: system-1 type: winlog data_stream: namespace: default use_output: default package_policy_id: 51bc31a5-c238-4281-be45-87d5111fc100 streams: - id: winlog-system.application-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: logs dataset: system.application name: Application condition: '${host.platform} == ''windows''' ignore_older: 72h - id: winlog-system.security-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: logs dataset: system.security name: Security condition: '${host.platform} == ''windows''' ignore_older: 72h - id: winlog-system.system-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: logs dataset: system.system name: System condition: '${host.platform} == ''windows''' ignore_older: 72h meta: package: name: system version: 1.25.2 - id: system/metrics-system-51bc31a5-c238-4281-be45-87d5111fc100 revision: 1 name: system-1 type: system/metrics data_stream: namespace: default use_output: default package_policy_id: 51bc31a5-c238-4281-be45-87d5111fc100 streams: - id: system/metrics-system.cpu-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: metrics dataset: system.cpu metricsets: - cpu cpu.metrics: - percentages - normalized_percentages period: 10s - id: system/metrics-system.diskio-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: metrics dataset: system.diskio metricsets: - diskio diskio.include_devices: null period: 10s - id: >- system/metrics-system.filesystem-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: metrics dataset: system.filesystem metricsets: - filesystem period: 1m processors: - drop_event.when.regexp: system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/) - id: system/metrics-system.fsstat-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: metrics dataset: system.fsstat metricsets: - fsstat period: 1m processors: - drop_event.when.regexp: system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/) - id: system/metrics-system.load-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: metrics dataset: system.load metricsets: - load condition: '${host.platform} != ''windows''' period: 10s - id: system/metrics-system.memory-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: metrics dataset: system.memory metricsets: - memory period: 10s - id: system/metrics-system.network-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: metrics dataset: system.network metricsets: - network period: 10s network.interfaces: null - id: system/metrics-system.process-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: metrics dataset: system.process metricsets: - process period: 10s process.include_top_n.by_cpu: 5 process.include_top_n.by_memory: 5 process.cmdline.cache.enabled: true process.cgroups.enabled: false process.include_cpu_ticks: false processes: - .* - id: >- system/metrics-system.process.summary-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: metrics dataset: system.process.summary metricsets: - process_summary period: 10s - id: >- system/metrics-system.socket_summary-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: metrics dataset: system.socket_summary metricsets: - socket_summary period: 10s - id: system/metrics-system.uptime-51bc31a5-c238-4281-be45-87d5111fc100 data_stream: type: metrics dataset: system.uptime metricsets: - uptime period: 10s meta: package: name: system version: 1.25.2 revision: 2 agent: download: source_uri: 'https://artifacts.elastic.co/downloads/' monitoring: namespace: default use_output: default enabled: true logs: true metrics: true output_permissions: default: _elastic_agent_monitoring: indices: - names: - logs-elastic_agent.apm_server-default privileges: &ref_0 - auto_configure - create_doc - names: - metrics-elastic_agent.apm_server-default privileges: *ref_0 - names: - logs-elastic_agent.auditbeat-default privileges: *ref_0 - names: - metrics-elastic_agent.auditbeat-default privileges: *ref_0 - names: - logs-elastic_agent.cloud_defend-default privileges: *ref_0 - names: - logs-elastic_agent.cloudbeat-default privileges: *ref_0 - names: - metrics-elastic_agent.cloudbeat-default privileges: *ref_0 - names: - logs-elastic_agent-default privileges: *ref_0 - names: - metrics-elastic_agent.elastic_agent-default privileges: *ref_0 - names: - metrics-elastic_agent.endpoint_security-default privileges: *ref_0 - names: - logs-elastic_agent.endpoint_security-default privileges: *ref_0 - names: - logs-elastic_agent.filebeat_input-default privileges: *ref_0 - names: - metrics-elastic_agent.filebeat_input-default privileges: *ref_0 - names: - logs-elastic_agent.filebeat-default privileges: *ref_0 - names: - metrics-elastic_agent.filebeat-default privileges: *ref_0 - names: - logs-elastic_agent.fleet_server-default privileges: *ref_0 - names: - metrics-elastic_agent.fleet_server-default privileges: *ref_0 - names: - logs-elastic_agent.heartbeat-default privileges: *ref_0 - names: - metrics-elastic_agent.heartbeat-default privileges: *ref_0 - names: - logs-elastic_agent.metricbeat-default privileges: *ref_0 - names: - metrics-elastic_agent.metricbeat-default privileges: *ref_0 - names: - logs-elastic_agent.osquerybeat-default privileges: *ref_0 - names: - metrics-elastic_agent.osquerybeat-default privileges: *ref_0 - names: - logs-elastic_agent.packetbeat-default privileges: *ref_0 - names: - metrics-elastic_agent.packetbeat-default privileges: *ref_0 _elastic_agent_checks: cluster: - monitor 9d099e73-6c3c-4b20-acab-5f460f2a9709: indices: - names: - metrics-kubernetes.container-default privileges: *ref_0 - names: - metrics-kubernetes.node-default privileges: *ref_0 - names: - metrics-kubernetes.pod-default privileges: *ref_0 - names: - metrics-kubernetes.system-default privileges: *ref_0 - names: - metrics-kubernetes.volume-default privileges: *ref_0 - names: - metrics-kubernetes.state_container-default privileges: *ref_0 - names: - metrics-kubernetes.state_cronjob-default privileges: *ref_0 - names: - metrics-kubernetes.state_daemonset-default privileges: *ref_0 - names: - metrics-kubernetes.state_deployment-default privileges: *ref_0 - names: - metrics-kubernetes.state_job-default privileges: *ref_0 - names: - metrics-kubernetes.state_node-default privileges: *ref_0 - names: - metrics-kubernetes.state_persistentvolume-default privileges: *ref_0 - names: - metrics-kubernetes.state_persistentvolumeclaim-default privileges: *ref_0 - names: - metrics-kubernetes.state_pod-default privileges: *ref_0 - names: - metrics-kubernetes.state_replicaset-default privileges: *ref_0 - names: - metrics-kubernetes.state_resourcequota-default privileges: *ref_0 - names: - metrics-kubernetes.state_service-default privileges: *ref_0 - names: - metrics-kubernetes.state_statefulset-default privileges: *ref_0 - names: - metrics-kubernetes.state_storageclass-default privileges: *ref_0 - names: - metrics-kubernetes.apiserver-default privileges: *ref_0 - names: - metrics-kubernetes.proxy-default privileges: *ref_0 - names: - metrics-kubernetes.event-default privileges: *ref_0 - names: - logs-kubernetes.container_logs-default privileges: *ref_0 - names: - logs-kubernetes.audit_logs-default privileges: *ref_0 51bc31a5-c238-4281-be45-87d5111fc100: indices: - names: - logs-system.auth-default privileges: *ref_0 - names: - logs-system.syslog-default privileges: *ref_0 - names: - logs-system.application-default privileges: *ref_0 - names: - logs-system.security-default privileges: *ref_0 - names: - logs-system.system-default privileges: *ref_0 - names: - metrics-system.cpu-default privileges: *ref_0 - names: - metrics-system.diskio-default privileges: *ref_0 - names: - metrics-system.filesystem-default privileges: *ref_0 - names: - metrics-system.fsstat-default privileges: *ref_0 - names: - metrics-system.load-default privileges: *ref_0 - names: - metrics-system.memory-default privileges: *ref_0 - names: - metrics-system.network-default privileges: *ref_0 - names: - metrics-system.process-default privileges: *ref_0 - names: - metrics-system.process.summary-default privileges: *ref_0 - names: - metrics-system.socket_summary-default privileges: *ref_0 - names: - metrics-system.uptime-default privileges: *ref_0 --- # For more information refer https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-standalone.html apiVersion: apps/v1 kind: DaemonSet metadata: name: elastic-agent namespace: kube-system labels: app: elastic-agent spec: selector: matchLabels: app: elastic-agent template: metadata: labels: app: elastic-agent spec: # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule - key: node-role.kubernetes.io/master effect: NoSchedule serviceAccountName: elastic-agent hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: elastic-agent image: docker.elastic.co/beats/elastic-agent:8.5.1 args: [ "-c", "/etc/agent.yml", "-e", ] env: # The basic authentication username used to connect to Elasticsearch # This user needs the privileges required to publish events to Elasticsearch. - name: ES_USERNAME value: "elastic" # The basic authentication password used to connect to Elasticsearch - name: ES_PASSWORD value: "changeme" - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name securityContext: runAsUser: 0 resources: limits: memory: 700Mi requests: cpu: 100m memory: 400Mi volumeMounts: - name: datastreams mountPath: /etc/agent.yml readOnly: true subPath: agent.yml - name: proc mountPath: /hostfs/proc readOnly: true - name: cgroup mountPath: /hostfs/sys/fs/cgroup readOnly: true - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true - name: varlog mountPath: /var/log readOnly: true - name: etc-kubernetes mountPath: /hostfs/etc/kubernetes readOnly: true - name: var-lib mountPath: /hostfs/var/lib readOnly: true - name: passwd mountPath: /hostfs/etc/passwd readOnly: true - name: group mountPath: /hostfs/etc/group readOnly: true - name: etcsysmd mountPath: /hostfs/etc/systemd readOnly: true volumes: - name: datastreams configMap: defaultMode: 0640 name: agent-node-datastreams - name: proc hostPath: path: /proc - name: cgroup hostPath: path: /sys/fs/cgroup - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: varlog hostPath: path: /var/log # Needed for cloudbeat - name: etc-kubernetes hostPath: path: /etc/kubernetes # Needed for cloudbeat - name: var-lib hostPath: path: /var/lib # Needed for cloudbeat - name: passwd hostPath: path: /etc/passwd # Needed for cloudbeat - name: group hostPath: path: /etc/group # Needed for cloudbeat - name: etcsysmd hostPath: path: /etc/systemd --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: elastic-agent subjects: - kind: ServiceAccount name: elastic-agent namespace: kube-system roleRef: kind: ClusterRole name: elastic-agent apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: namespace: kube-system name: elastic-agent subjects: - kind: ServiceAccount name: elastic-agent namespace: kube-system roleRef: kind: Role name: elastic-agent apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: elastic-agent-kubeadm-config namespace: kube-system subjects: - kind: ServiceAccount name: elastic-agent namespace: kube-system roleRef: kind: Role name: elastic-agent-kubeadm-config apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: elastic-agent labels: k8s-app: elastic-agent rules: - apiGroups: [""] resources: - nodes - namespaces - events - pods - services - configmaps # Needed for cloudbeat - serviceaccounts - persistentvolumes - persistentvolumeclaims verbs: ["get", "list", "watch"] # Enable this rule only if planing to use kubernetes_secrets provider #- apiGroups: [""] # resources: # - secrets # verbs: ["get"] - apiGroups: ["extensions"] resources: - replicasets verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: - statefulsets - deployments - replicasets - daemonsets verbs: ["get", "list", "watch"] - apiGroups: ["batch"] resources: - jobs - cronjobs verbs: ["get", "list", "watch"] - apiGroups: - "" resources: - nodes/stats verbs: - get # Needed for apiserver - nonResourceURLs: - "/metrics" verbs: - get # Needed for cloudbeat - apiGroups: ["rbac.authorization.k8s.io"] resources: - clusterrolebindings - clusterroles - rolebindings - roles verbs: ["get", "list", "watch"] # Needed for cloudbeat - apiGroups: ["policy"] resources: - podsecuritypolicies verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: elastic-agent # Should be the namespace where elastic-agent is running namespace: kube-system labels: k8s-app: elastic-agent rules: - apiGroups: - coordination.k8s.io resources: - leases verbs: ["get", "create", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: elastic-agent-kubeadm-config namespace: kube-system labels: k8s-app: elastic-agent rules: - apiGroups: [""] resources: - configmaps resourceNames: - kubeadm-config verbs: ["get"] --- apiVersion: v1 kind: ServiceAccount metadata: name: elastic-agent namespace: kube-system labels: k8s-app: elastic-agent ---