diff --git a/deploy/helm/elastic-agent/.gitignore b/deploy/helm/elastic-agent/.gitignore new file mode 100644 index 00000000000..2fd7461480f --- /dev/null +++ b/deploy/helm/elastic-agent/.gitignore @@ -0,0 +1 @@ +./charts diff --git a/deploy/helm/elastic-agent/Chart.lock b/deploy/helm/elastic-agent/Chart.lock new file mode 100644 index 00000000000..f2481960ce4 --- /dev/null +++ b/deploy/helm/elastic-agent/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 5.28.0 +digest: sha256:906b95867021d3a0a7edd170f9986ddea15e452974bf5898e6dd987e3822eeb9 +generated: "2025-01-15T13:09:49.199939+02:00" diff --git a/deploy/helm/elastic-agent/Chart.yaml b/deploy/helm/elastic-agent/Chart.yaml index 9a650d65563..86fcf49ae8e 100644 --- a/deploy/helm/elastic-agent/Chart.yaml +++ b/deploy/helm/elastic-agent/Chart.yaml @@ -5,3 +5,8 @@ kubeVersion: ">= 1.27.0-0" type: application appVersion: 8.18.0 version: 8.18.0-beta +dependencies: + - name: kube-state-metrics + version: "5.28.0" + repository: https://prometheus-community.github.io/helm-charts + condition: kube-state-metrics.enabled diff --git a/deploy/helm/elastic-agent/README.md b/deploy/helm/elastic-agent/README.md index 5c7db4b4bfb..4dda4465719 100644 --- a/deploy/helm/elastic-agent/README.md +++ b/deploy/helm/elastic-agent/README.md @@ -5,7 +5,7 @@ # elastic-agent -![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 8.18.0-beta](https://img.shields.io/badge/Version-8.18.0--beta-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 8.18.0](https://img.shields.io/badge/AppVersion-8.18.0-informational?style=flat-square) Elastic-Agent Helm Chart @@ -67,8 +67,9 @@ The chart built-in [kubernetes integration](https://docs.elastic.co/integrations | kubernetes.namespace | string | `"default"` | kubernetes namespace | | kubernetes.hints.enabled | bool | `false` | enable [elastic-agent autodiscovery](https://www.elastic.co/guide/en/fleet/current/elastic-agent-kubernetes-autodiscovery.html) feature | | kubernetes.state.enabled | bool | `true` | integration global switch to enable state streams based on kube-state-metrics. Note that setting this to `false` results in overriding and *disabling all* the respective state streams | -| kubernetes.state.deployKSM | bool | `true` | deploy kube-state-metrics service as a sidecar container to the elastic agent of `ksmSharded` preset. If set to `false`, kube-state-metrics will *not* get deployed and `clusterWide` agent preset will be used for collecting kube-state-metrics. | -| kubernetes.state.host | string | `"kube-state-metrics:8080"` | host of the kube-state-metrics service. Note that this used only when `deployKSM` is set to `false`. | +| kubernetes.state.agentAsSidecar.enabled | bool | `false` | enable [ksm autosharding](https://github.com/kubernetes/kube-state-metrics?tab=readme-ov-file#automated-sharding) and deploy elastic-agent as a sidecar container. If `kube-state-metrics.enabled` is set to `false` this has no effect. | +| kubernetes.state.agentAsSidecar.resources | object | `{"limits":{"memory":"800Mi"},"requests":{"cpu":"100m","memory":"400Mi"}}` | resources of the elastic-agent sidecar if `agentAsSidecar.enabled` is set to `true` | +| kubernetes.state.host | string | `"kube-state-metrics:8080"` | host of the kube-state-metrics service. This used only when `kube-state-metrics.enabled` is set to `false`. | | kubernetes.state.vars | object | `{}` | state streams variables such as `add_metadata`, `hosts`, `period`, `bearer_token_file`. Please note that colliding vars also defined in respective state streams will *not* be overridden. | | kubernetes.metrics.enabled | bool | `true` | integration global switch to enable metric streams based on kubelet. Note that setting this to false results in overriding and *disabling all* the respective metric streams | | kubernetes.metrics.vars | object | `{}` | metric streams variables such as `add_metadata`, `hosts`, `period`, `bearer_token_file`, `ssl.verification_mode`. Please note that colliding vars also defined in respective metric streams will *not* be overridden. | @@ -143,12 +144,12 @@ The chart built-in [kubernetes integration](https://docs.elastic.co/integrations ### 6 - Elastic-Agent Configuration | Key | Type | Default | Description | |-----|------|---------|-------------| -| agent.version | string | `"9.0.0"` | elastic-agent version | -| agent.image | object | `{"pullPolicy":"IfNotPresent","repository":"docker.elastic.co/beats/elastic-agent","tag":"9.0.0-SNAPSHOT"}` | image configuration | +| agent.version | string | `"8.18.0"` | elastic-agent version | +| agent.image | object | `{"pullPolicy":"IfNotPresent","repository":"docker.elastic.co/beats/elastic-agent","tag":"8.18.0-SNAPSHOT"}` | image configuration | | agent.imagePullSecrets | list | `[]` | image pull secrets | | agent.engine | string | `"k8s"` | generate kubernetes manifests or [ECK](https://github.com/elastic/cloud-on-k8s) CRDs | | agent.unprivileged | bool | `false` | enable unprivileged mode | -| agent.presets | map[string]{} | `{ "perNode" : {...}, "clusterWide": {...}, "ksmSharded": {...} }` | Map of deployment presets for the Elastic Agent. The key of the map is the name of the preset. See more for the presets required by the built-in Kubernetes integration [here](./values.yaml) | +| agent.presets | map[string]{} | `{ "perNode" : {...}, "clusterWide": {...}}` | Map of deployment presets for the Elastic Agent. The key of the map is the name of the preset. See more for the presets required by the built-in Kubernetes integration [here](./values.yaml) | ### 6.1 - Elastic-Agent Managed Configuration | Key | Type | Default | Description | diff --git a/deploy/helm/elastic-agent/examples/README.md b/deploy/helm/elastic-agent/examples/README.md index 7f5e5f7d17e..722b5d4d327 100644 --- a/deploy/helm/elastic-agent/examples/README.md +++ b/deploy/helm/elastic-agent/examples/README.md @@ -3,6 +3,7 @@ Here is a collection of example configurations for the eck-integrations chart. - [Kubernetes - defaults](kubernetes-default/README.md) +- [Kubernetes - KSM autosharding](kubernetes-ksm-sharding/README.md) - [System - custom authlogs path](kubernetes-default/README.md) - [Kubernetes - only container logs](kubernetes-only-logs/README.md) - [Kubernetes - only hints autodiscover](kubernetes-hints-autodiscover/README.md) @@ -10,6 +11,7 @@ Here is a collection of example configurations for the eck-integrations chart. - [Multiple Integrations](multiple-integrations/README.md) - [ECK - Kubernetes - defaults](eck/README.md) - [Fleet - Managed Agent](fleet-managed/README.md) +- [Fleet - Managed Agent with KSM autosharding](fleet-managed-ksm-sharding/README.md) - [User created cluster role](user-cluster-role/README.md) - [User created service account](user-service-account/README.md) diff --git a/deploy/helm/elastic-agent/examples/eck/README.md b/deploy/helm/elastic-agent/examples/eck/README.md index bf0f34021c9..e32244ea1c8 100644 --- a/deploy/helm/elastic-agent/examples/eck/README.md +++ b/deploy/helm/elastic-agent/examples/eck/README.md @@ -20,10 +20,16 @@ In this example we install the built-in `kubernetes` integration with the defaul 1. The username to connect to Kibana is `elastic` 2. To find the password to connect to Kibana, run `kubectl get secrets/elasticsearch-sample-es-elastic-user -n elastic-system -o json | jq -r '.data.elastic' | base64 -d` - 3. Don't forget to forward the port of Kibana to your local machine by running `kubectl port-forward deployments/kibana-sample-kb -n elastic-system 12000:5601` + 3. Don't forget to forward the port of Kibana to your local machine with this command `kubectl port-forward deployments/kibana-sample-kb -n elastic-system 12000:5601` 4. Open https://localhost:12000 in your browser 5. Install kubernetes integration through Kibana +4. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` + ## Run: ```console helm install elastic-agent ../../ \ diff --git a/deploy/helm/elastic-agent/examples/eck/agent-kubernetes-values.yaml b/deploy/helm/elastic-agent/examples/eck/agent-kubernetes-values.yaml index 4fe7ac9fefe..45c4bb7c7c8 100644 --- a/deploy/helm/elastic-agent/examples/eck/agent-kubernetes-values.yaml +++ b/deploy/helm/elastic-agent/examples/eck/agent-kubernetes-values.yaml @@ -1,5 +1,11 @@ kubernetes: enabled: true + state: + agentAsSidecar: + enabled: false # deploying elastic-agent with ECK as sidecar container is not supported + +kube-state-metrics: + enabled: true agent: unprivileged: true diff --git a/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml index 539d8b72f9f..c74e387cd42 100644 --- a/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml @@ -1,23 +1,25 @@ --- -# Source: elastic-agent/templates/agent/service-account.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount +automountServiceAccountToken: true metadata: - name: agent-clusterwide-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 - annotations: - eck.k8s.elastic.co/license: basic + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics + namespace: default --- # Source: elastic-agent/templates/agent/service-account.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" labels: helm.sh/chart: elastic-agent-8.18.0-beta @@ -92,289 +94,186 @@ stringData: - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt type: kubernetes/metrics use_output: default ---- -# Source: elastic-agent/templates/agent/eck/secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: agent-ksmsharded-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent - app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 - annotations: - eck.k8s.elastic.co/license: basic -stringData: - agent.yml: |- - id: agent-ksmsharded-example - outputs: - secret_references: [] - agent: - monitoring: - enabled: true - logs: true - metrics: true - namespace: default - use_output: default - providers: - kubernetes: - enabled: false - kubernetes_leaderelection: - enabled: false - leader_lease: example-ksmsharded - inputs: - data_stream: namespace: default - id: kubernetes/metrics-kubernetes.state_container + id: kube-state-metrics-kubernetes/metrics streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_container type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_container metricsets: - state_container period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_cronjob - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_cronjob type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_cronjob metricsets: - state_cronjob period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_daemonset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_daemonset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_daemonset metricsets: - state_daemonset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_deployment - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_deployment type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_deployment metricsets: - state_deployment period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_job - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_job type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_job metricsets: - state_job period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_namespace - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_namespace type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_namespace metricsets: - state_namespace period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_node - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_node type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_node metricsets: - state_node period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_persistentvolumeclaim type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim metricsets: - state_persistentvolumeclaim period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_persistentvolume - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_persistentvolume type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_persistentvolume metricsets: - state_persistentvolume period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_pod - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_pod type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_pod metricsets: - state_pod period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_replicaset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_replicaset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_replicaset metricsets: - state_replicaset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_resourcequota - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_resourcequota type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_resourcequota metricsets: - state_resourcequota period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_service - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_service type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_service metricsets: - state_service period: 10s - use_output: default - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_statefulset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_statefulset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_statefulset metricsets: - state_statefulset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_storageclass - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_storageclass type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_storageclass metricsets: - state_storageclass @@ -560,135 +459,166 @@ stringData: type: kubernetes/metrics use_output: default --- -# Source: elastic-agent/templates/agent/cluster-role.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: agent-clusterWide-example-default - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 - annotations: - eck.k8s.elastic.co/license: basic + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics rules: - - apiGroups: [ "" ] # "" indicates the core API group - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - - persistentvolumes - - persistentvolumeclaims - - persistentvolumeclaims/status - - nodes/metrics - - nodes/proxy - - nodes/stats - verbs: - - get - - watch - - list - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - watch - - list - - nonResourceURLs: - - /metrics - verbs: - - get - - watch - - list - - apiGroups: [ "coordination.k8s.io" ] - resources: - - leases - verbs: - - get - - create - - update - - nonResourceURLs: - - /healthz - - /healthz/* - - /livez - - /livez/* - - /metrics - - /metrics/slis - - /readyz - - /readyz/* - verbs: - - get - - apiGroups: [ "apps" ] - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: [ "batch" ] - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - - namespaces - - pods - verbs: - - get - - watch - - list - - nonResourceURLs: - - /metrics - verbs: - - get - - watch - - list - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - verbs: - - get - - list - - watch + +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] + +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] + +- apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] + +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] + +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] + +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] --- # Source: elastic-agent/templates/agent/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default labels: helm.sh/chart: elastic-agent-8.18.0-beta app.kubernetes.io/name: elastic-agent @@ -765,157 +695,6 @@ rules: - get - list - watch - - apiGroups: - - "" - resources: - - namespaces - - pods - - persistentvolumes - - persistentvolumeclaims - - persistentvolumeclaims/status - - nodes - - nodes/metrics - - nodes/proxy - - nodes/stats - - services - - events - - configmaps - - secrets - - nodes - - pods - - services - - serviceaccounts - - resourcequotas - - replicationcontrollers - - limitranges - - endpoints - verbs: - - get - - watch - - list - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - get - - watch - - list - - nonResourceURLs: - - /healthz - - /healthz/* - - /livez - - /livez/* - - /metrics - - /metrics/slis - - /readyz - - /readyz/* - verbs: - - get - - apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingressclasses - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: - - get - - list - - watch --- # Source: elastic-agent/templates/agent/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -999,32 +778,33 @@ rules: - list - watch --- -# Source: elastic-agent/templates/agent/cluster-role-binding.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: agent-clusterWide-example-default - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 - annotations: - eck.k8s.elastic.co/license: basic -subjects: - - kind: ServiceAccount - name: agent-clusterwide-example - namespace: "default" + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics roleRef: - kind: ClusterRole - name: agent-clusterWide-example-default apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: +- kind: ServiceAccount + name: kube-state-metrics + namespace: default --- # Source: elastic-agent/templates/agent/cluster-role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default labels: helm.sh/chart: elastic-agent-8.18.0-beta app.kubernetes.io/name: elastic-agent @@ -1034,11 +814,11 @@ metadata: eck.k8s.elastic.co/license: basic subjects: - kind: ServiceAccount - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" roleRef: kind: ClusterRole - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default apiGroup: rbac.authorization.k8s.io --- # Source: elastic-agent/templates/agent/cluster-role-binding.yaml @@ -1062,6 +842,119 @@ roleRef: name: agent-perNode-example-default apiGroup: rbac.authorization.k8s.io --- +# Source: elastic-agent/charts/kube-state-metrics/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + annotations: + prometheus.io/scrape: 'true' +spec: + type: "ClusterIP" + ports: + - name: "http" + protocol: TCP + port: 8080 + targetPort: 8080 + + selector: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" +spec: + selector: + matchLabels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + replicas: 1 + strategy: + type: RollingUpdate + revisionHistoryLimit: 10 + template: + metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + spec: + automountServiceAccountToken: true + hostNetwork: false + serviceAccountName: kube-state-metrics + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + containers: + - name: kube-state-metrics + args: + - --port=8080 + - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments + imagePullPolicy: IfNotPresent + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0 + ports: + - containerPort: 8080 + name: "http" + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true +--- # Source: elastic-agent/templates/agent/eck/daemonset.yaml apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent @@ -1122,48 +1015,24 @@ spec: runAsGroup: 1000 runAsUser: 1000 volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - mountPath: /var/lib/docker/containers name: varlibdockercontainers readOnly: true - mountPath: /var/log name: varlog readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true dnsPolicy: ClusterFirstWithHostNet hostNetwork: true nodeSelector: kubernetes.io/os: linux serviceAccountName: agent-pernode-example volumes: - - hostPath: - path: /proc - name: proc - - hostPath: - path: /sys/fs/cgroup - name: cgroup - hostPath: path: /var/lib/docker/containers name: varlibdockercontainers - hostPath: path: /var/log name: varlog - - hostPath: - path: /etc - name: etc-full - - hostPath: - path: /var/lib - name: var-lib --- # Source: elastic-agent/templates/agent/eck/deployment.yaml apiVersion: agent.k8s.elastic.co/v1alpha1 @@ -1232,112 +1101,3 @@ spec: volumes: - emptyDir: {} name: agent-data ---- -# Source: elastic-agent/templates/agent/eck/statefulset.yaml -apiVersion: agent.k8s.elastic.co/v1alpha1 -kind: Agent -metadata: - name: agent-ksmsharded-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent - app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 - annotations: - eck.k8s.elastic.co/license: basic -spec: - version: 8.18.0 - configRef: - secretName: agent-ksmsharded-example - elasticsearchRefs: - - name: elasticsearch-sample - namespace: elastic-system - statefulSet: - podTemplate: - spec: - automountServiceAccountToken: true - containers: - - args: - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry - readinessProbe: - httpGet: - path: / - port: 8081 - initialDelaySeconds: 5 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: /usr/share/elastic-agent/state - - name: ELASTIC_NETINFO - value: "false" - image: docker.elastic.co/beats/elastic-agent:8.18.0-SNAPSHOT - imagePullPolicy: IfNotPresent - name: agent - resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi - securityContext: - capabilities: - add: - - CHOWN - - SETPCAP - - DAC_READ_SEARCH - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - volumeMounts: null - dnsPolicy: ClusterFirstWithHostNet - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: agent-ksmsharded-example - volumes: - - emptyDir: {} - name: agent-data diff --git a/deploy/helm/elastic-agent/examples/fleet-managed-ksm-sharding/README.md b/deploy/helm/elastic-agent/examples/fleet-managed-ksm-sharding/README.md new file mode 100644 index 00000000000..5422cf32feb --- /dev/null +++ b/deploy/helm/elastic-agent/examples/fleet-managed-ksm-sharding/README.md @@ -0,0 +1,42 @@ +# Example: Managed by Fleet Elastic Agent + +In this example we will perform two Helm chart installations, one installing elastic-agent as a Daemonset and the other installing kube-state-metrics with the `autosharding` feature enabled and elastic-agent as a sidecar container. All the agents are managed by [Fleet](https://www.elastic.co/guide/en/fleet/current/manage-agents-in-fleet.html). Such a type of setup is recommended for big k8s clusters, featuring a lot of k8s resources, where scaling of kube-state-metrics extraction is required. + +## Prerequisites: +1. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` + +## Run: + +1. Follow [this guide](https://www.elastic.co/guide/en/fleet/current/install-fleet-managed-elastic-agent.html#elastic-agent-installation-steps) to set up an agent policy and enroll an agent to it. In the policy unselect the "Collect system logs and metrics" options and continue to agent enrollment. Do not download any binary, from the proposed enrollment command just extract the Fleet URL (`--url=$FLEET_URL`) and Enrollment token (`--enrollment-token=$FLEET_TOKEN`). +2. Install `kube-state-metrics` with the `autosharding` feature enabled and an elastic-agent as a sidecar container. + ```console + helm install elastic-agent-ksm ../../ \ + --set agent.fleet.enabled=true \ + --set agent.fleet.url=$FLEET_URL \ + --set agent.fleet.token=$FLEET_TOKEN \ + --set agent.fleet.preset='' \ + --set kubernetes.state.agentAsSidecar.enabled=true \ + -n kube-system + ``` +3. In the associated policy from the previous steps install the Kubernetes integration and **enable only** the "Collect Kubernetes metrics from kube-state-metrics". +4. Follow again [this guide](https://www.elastic.co/guide/en/fleet/current/install-fleet-managed-elastic-agent.html#elastic-agent-installation-steps) to set up a different agent policy and enroll an agent to it. Extract again the Fleet URL (`--url=$NEW_FLEET_URL`) and Enrollment token (`--enrollment-token=$NEW_FLEET_TOKEN`). +5. Install elastic-agent as a Daemonset without kube-state-metrics. + ```console + helm install elastic-agent ../../ \ + --set agent.fleet.enabled=true \ + --set agent.fleet.url=$NEW_FLEET_URL \ + --set agent.fleet.token=$NEW_FLEET_TOKEN \ + --set agent.fleet.preset='perNode' \ + --set kube-state-metrics.enabled=false \ + -n kube-system + ``` +6. In the latter agent policy install the Kubernetes integration and keep the option "Collect Kubernetes metrics from kube-state-metrics" **disabled**. + +## Validate: + +1. `kube-state metrics` is installed with this command `kubectl get sts -n kube-system kube-state-metrics`. +2. The Kibana `kubernetes`-related dashboards should start showing the respective info. diff --git a/deploy/helm/elastic-agent/examples/fleet-managed-ksm-sharding/fleet-values.yaml b/deploy/helm/elastic-agent/examples/fleet-managed-ksm-sharding/fleet-values.yaml new file mode 100644 index 00000000000..2ccce06bfe5 --- /dev/null +++ b/deploy/helm/elastic-agent/examples/fleet-managed-ksm-sharding/fleet-values.yaml @@ -0,0 +1,12 @@ +kubernetes: + enabled: true + state: + agentAsSidecar: + enabled: true + +agent: + fleet: + enabled: true + url: http://localhost:8220 + token: fleetToken + preset: "" diff --git a/deploy/helm/elastic-agent/examples/fleet-managed-ksm-sharding/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/fleet-managed-ksm-sharding/rendered/manifest.yaml new file mode 100644 index 00000000000..64be8017c2c --- /dev/null +++ b/deploy/helm/elastic-agent/examples/fleet-managed-ksm-sharding/rendered/manifest.yaml @@ -0,0 +1,436 @@ +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics + namespace: default +--- +# Source: elastic-agent/templates/agent/k8s/statefulset.yaml +apiVersion: v1 +kind: Secret +metadata: + name: agent-ksm + namespace: "default" +stringData: + agent.yml: |- + fleet: + enabled: true + providers: + kubernetes: + enabled: false + kubernetes_leaderelection: + enabled: false + leader_lease: agent-ksm-sharded +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics +rules: + +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] + +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] + +- apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] + +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] + +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] + +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: +- kind: ServiceAccount + name: kube-state-metrics + namespace: default +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/stsdiscovery-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - kube-state-metrics + resources: + - statefulsets + verbs: + - get + - list + - watch +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-kube-state-metrics +subjects: + - kind: ServiceAccount + name: kube-state-metrics + namespace: default +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + annotations: + prometheus.io/scrape: 'true' +spec: + type: "ClusterIP" + ports: + - name: "http" + protocol: TCP + port: 8080 + targetPort: 8080 + + clusterIP: None + selector: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/deployment.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" +spec: + selector: + matchLabels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + replicas: 1 + revisionHistoryLimit: 10 + serviceName: kube-state-metrics + volumeClaimTemplates: [] + template: + metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + annotations: + + checksum/config: 23ea9986d03b780c70c0a67796c271f1336b53e217163de5b5971495c39e2ff9 + spec: + automountServiceAccountToken: true + hostNetwork: false + serviceAccountName: kube-state-metrics + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + containers: + - name: kube-state-metrics + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + + args: + - --port=8080 + - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) + imagePullPolicy: IfNotPresent + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0 + ports: + - containerPort: 8080 + name: "http" + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: FLEET_URL + value: http://localhost:8220 + - name: FLEET_ENROLLMENT_TOKEN + value: fleetToken + - name: FLEET_INSECURE + value: "false" + - name: FLEET_ENROLL + value: "1" + image: docker.elastic.co/beats/elastic-agent:8.18.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + volumeMounts: + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + volumes: + - name: config + secret: + defaultMode: 292 + secretName: agent-ksm diff --git a/deploy/helm/elastic-agent/examples/fleet-managed/README.md b/deploy/helm/elastic-agent/examples/fleet-managed/README.md index 316746a70fa..d337dcc4c34 100644 --- a/deploy/helm/elastic-agent/examples/fleet-managed/README.md +++ b/deploy/helm/elastic-agent/examples/fleet-managed/README.md @@ -5,6 +5,12 @@ In this example we deploy an Elastic Agent that is managed by [Fleet](https://ww ## Prerequisites: 1. Follow [this guide](https://www.elastic.co/guide/en/fleet/current/install-fleet-managed-elastic-agent.html#elastic-agent-installation-steps) to set up an agent policy and enroll an agent to it. Do not download any binary, from the proposed enrollment command just extract the Fleet URL (`--url=$FLEET_URL`) and Enrollment token (`--enrollment-token=$FLEET_TOKEN`). +2. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` + ## Run: ```console @@ -18,18 +24,20 @@ helm install elastic-agent ../../ \ ## Validate: -1. [Optional] Install kube-state metrics if you want to see the KSM related metrics `kubectl apply -k https://github.com/kubernetes/kube-state-metrics`. -2. Install Kubernetes integration to the agent policy that you created in Fleet. If you didn't install kube-state metrics from above, make sure to disable them in the integration. +1. `kube-state metrics` is installed with this command `kubectl get deployments -n kube-system kube-state-metrics`. +2. Install Kubernetes integration to the agent policy that corresponds to the enrolled agents. 3. The Kibana `kubernetes`-related dashboards should start showing the respective info. ## Note: -In this example we deploy an Elastic Agent that is managed by Fleet using the built-in `perNode` preset (`DaemonSet`) targeting kubernetes monitoring. However, a user-defined agent `preset`, for different use cases, can be used as well, e.g. by using the following configuration: -```yaml -agent: - fleet: - enabled: true - url: $FLEET_URL # replace with Fleet URL - token: $FLEET_TOKEN # replace with Fleet Enrollment token - preset: perNode -``` +1. In this example we deploy an Elastic Agent that is managed by Fleet using the built-in `perNode` preset (`DaemonSet`) targeting kubernetes monitoring. However, a user-defined agent `preset`, for different use cases, can be used as well, e.g. by using the following configuration: + ```yaml + agent: + fleet: + enabled: true + url: $FLEET_URL # replace with Fleet URL + token: $FLEET_TOKEN # replace with Fleet Enrollment token + preset: changeme # replace with the custom used-defined preset name + ``` + +2. If you want to disable kube-state-metrics installation with the elastic-agent Helm chart, you can set `kube-state-metrics.enabled=false` in the Helm chart. diff --git a/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml index 4d0e8055329..54201fcd283 100644 --- a/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml @@ -1,4 +1,20 @@ --- +# Source: elastic-agent/charts/kube-state-metrics/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics + namespace: default +--- # Source: elastic-agent/templates/agent/service-account.yaml apiVersion: v1 kind: ServiceAccount @@ -35,6 +51,161 @@ stringData: enabled: true leader_lease: example-pernode --- +# Source: elastic-agent/charts/kube-state-metrics/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics +rules: + +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] + +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] + +- apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] + +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] + +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] + +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +--- # Source: elastic-agent/templates/agent/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -115,6 +286,28 @@ rules: - list - watch --- +# Source: elastic-agent/charts/kube-state-metrics/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: +- kind: ServiceAccount + name: kube-state-metrics + namespace: default +--- # Source: elastic-agent/templates/agent/cluster-role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -134,6 +327,34 @@ roleRef: name: agent-perNode-example-default apiGroup: rbac.authorization.k8s.io --- +# Source: elastic-agent/charts/kube-state-metrics/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + annotations: + prometheus.io/scrape: 'true' +spec: + type: "ClusterIP" + ports: + - name: "http" + protocol: TCP + port: 8080 + targetPort: 8080 + + selector: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example +--- # Source: elastic-agent/templates/agent/k8s/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet @@ -195,24 +416,24 @@ spec: securityContext: runAsUser: 0 volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - mountPath: /var/lib/docker/containers name: varlibdockercontainers readOnly: true - mountPath: /var/log name: varlog readOnly: true - - mountPath: /hostfs/etc - name: etc-full + - mountPath: /hostfs/proc + name: proc + readOnly: true + - mountPath: /hostfs/sys/fs/cgroup + name: cgroup readOnly: true - mountPath: /hostfs/var/lib name: var-lib readOnly: true + - mountPath: /hostfs/etc + name: etc-full + readOnly: true - mountPath: /usr/share/elastic-agent/state name: agent-data - mountPath: /etc/elastic-agent/agent.yml @@ -225,18 +446,18 @@ spec: kubernetes.io/os: linux serviceAccountName: agent-pernode-example volumes: - - hostPath: - path: /proc - name: proc - - hostPath: - path: /sys/fs/cgroup - name: cgroup - hostPath: path: /var/lib/docker/containers name: varlibdockercontainers - hostPath: path: /var/log name: varlog + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys/fs/cgroup + name: cgroup - hostPath: path: /etc name: etc-full @@ -251,3 +472,88 @@ spec: secret: defaultMode: 292 secretName: agent-pernode-example +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" +spec: + selector: + matchLabels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + replicas: 1 + strategy: + type: RollingUpdate + revisionHistoryLimit: 10 + template: + metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + spec: + automountServiceAccountToken: true + hostNetwork: false + serviceAccountName: kube-state-metrics + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + containers: + - name: kube-state-metrics + args: + - --port=8080 + - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments + imagePullPolicy: IfNotPresent + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0 + ports: + - containerPort: 8080 + name: "http" + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true diff --git a/deploy/helm/elastic-agent/examples/kubernetes-default/README.md b/deploy/helm/elastic-agent/examples/kubernetes-default/README.md index 1ffd8ac0ef5..a5e119ac9a8 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-default/README.md +++ b/deploy/helm/elastic-agent/examples/kubernetes-default/README.md @@ -3,14 +3,19 @@ In this example we install the built-in `kubernetes` integration with the default built-in values. ## Prerequisites: -1. A k8s secret that contains the connection details to an Elasticsearch cluster such as the URL and the API key ([Kibana - Creating API Keys](https://www.elastic.co/guide/en/kibana/current/api-keys.html)): +1. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` +2. A k8s secret that contains the connection details to an Elasticsearch cluster such as the URL and the API key ([Kibana - Creating API Keys](https://www.elastic.co/guide/en/kibana/current/api-keys.html)): ```console kubectl create secret generic es-api-secret \ --from-literal=api_key=... \ --from-literal=url=... ``` -2. `kubernetes` integration assets installed through Kibana ([Kibana - Install and uninstall Elastic Agent integration assets](https://www.elastic.co/guide/en/fleet/current/install-uninstall-integration-assets.html)) +3. `kubernetes` integration assets installed through Kibana ([Kibana - Install and uninstall Elastic Agent integration assets](https://www.elastic.co/guide/en/fleet/current/install-uninstall-integration-assets.html)) ## Run: @@ -40,4 +45,9 @@ helm install elastic-agent ../../ \ ## Validate: -1. The Kibana `kubernetes`-related dashboards should start showing up the respective info. +1. `kube-state metrics` is installed with this command `kubectl get deployments -n kube-system kube-state-metrics`. +2. The Kibana `kubernetes`-related dashboards should start showing up the respective info. + +## Note: + +1. If you want to disable kube-state-metrics installation with the elastic-agent Helm chart, you can set `kube-state-metrics.enabled=false` in the Helm chart. The helm chart will use the value of `kubernetes.state.host` to configure the elastic-agent input. diff --git a/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml index 34f8824d092..c1d117f9b0a 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml @@ -1,21 +1,25 @@ --- -# Source: elastic-agent/templates/agent/service-account.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount +automountServiceAccountToken: true metadata: - name: agent-clusterwide-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics + namespace: default --- # Source: elastic-agent/templates/agent/service-account.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" labels: helm.sh/chart: elastic-agent-8.18.0-beta @@ -84,295 +88,186 @@ stringData: - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt type: kubernetes/metrics use_output: default - providers: - kubernetes: - node: ${NODE_NAME} - scope: cluster - kubernetes_leaderelection: - enabled: true - leader_lease: example-clusterwide ---- -# Source: elastic-agent/templates/agent/k8s/secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: agent-ksmsharded-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent - app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 -stringData: - - agent.yml: |- - id: agent-ksmsharded-example - outputs: - default: - hosts: - - http://elasticsearch:9200 - password: changeme - type: elasticsearch - username: elastic - secret_references: [] - agent: - monitoring: - enabled: true - logs: true - metrics: true - namespace: default - use_output: default - inputs: - data_stream: namespace: default - id: kubernetes/metrics-kubernetes.state_container + id: kube-state-metrics-kubernetes/metrics streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_container type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_container metricsets: - state_container period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_cronjob - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_cronjob type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_cronjob metricsets: - state_cronjob period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_daemonset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_daemonset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_daemonset metricsets: - state_daemonset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_deployment - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_deployment type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_deployment metricsets: - state_deployment period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_job - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_job type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_job metricsets: - state_job period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_namespace - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_namespace type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_namespace metricsets: - state_namespace period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_node - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_node type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_node metricsets: - state_node period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_persistentvolumeclaim type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim metricsets: - state_persistentvolumeclaim period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_persistentvolume - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_persistentvolume type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_persistentvolume metricsets: - state_persistentvolume period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_pod - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_pod type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_pod metricsets: - state_pod period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_replicaset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_replicaset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_replicaset metricsets: - state_replicaset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_resourcequota - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_resourcequota type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_resourcequota metricsets: - state_resourcequota period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_service - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_service type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_service metricsets: - state_service period: 10s - use_output: default - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_statefulset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_statefulset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_statefulset metricsets: - state_statefulset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_storageclass - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_storageclass type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_storageclass metricsets: - state_storageclass @@ -381,10 +276,11 @@ stringData: use_output: default providers: kubernetes: - enabled: false + node: ${NODE_NAME} + scope: cluster kubernetes_leaderelection: - enabled: false - leader_lease: example-ksmsharded + enabled: true + leader_lease: example-clusterwide --- # Source: elastic-agent/templates/agent/k8s/secret.yaml apiVersion: v1 @@ -569,133 +465,166 @@ stringData: enabled: false leader_lease: example-pernode --- -# Source: elastic-agent/templates/agent/cluster-role.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: agent-clusterWide-example-default - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics rules: - - apiGroups: [ "" ] # "" indicates the core API group - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - - persistentvolumes - - persistentvolumeclaims - - persistentvolumeclaims/status - - nodes/metrics - - nodes/proxy - - nodes/stats - verbs: - - get - - watch - - list - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - watch - - list - - nonResourceURLs: - - /metrics - verbs: - - get - - watch - - list - - apiGroups: [ "coordination.k8s.io" ] - resources: - - leases - verbs: - - get - - create - - update - - nonResourceURLs: - - /healthz - - /healthz/* - - /livez - - /livez/* - - /metrics - - /metrics/slis - - /readyz - - /readyz/* - verbs: - - get - - apiGroups: [ "apps" ] - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: [ "batch" ] - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - - namespaces - - pods - verbs: - - get - - watch - - list - - nonResourceURLs: - - /metrics - verbs: - - get - - watch - - list - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - verbs: - - get - - list - - watch + +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] + +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] + +- apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] + +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] + +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] + +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] --- # Source: elastic-agent/templates/agent/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default labels: helm.sh/chart: elastic-agent-8.18.0-beta app.kubernetes.io/name: elastic-agent @@ -770,157 +699,6 @@ rules: - get - list - watch - - apiGroups: - - "" - resources: - - namespaces - - pods - - persistentvolumes - - persistentvolumeclaims - - persistentvolumeclaims/status - - nodes - - nodes/metrics - - nodes/proxy - - nodes/stats - - services - - events - - configmaps - - secrets - - nodes - - pods - - services - - serviceaccounts - - resourcequotas - - replicationcontrollers - - limitranges - - endpoints - verbs: - - get - - watch - - list - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - get - - watch - - list - - nonResourceURLs: - - /healthz - - /healthz/* - - /livez - - /livez/* - - /metrics - - /metrics/slis - - /readyz - - /readyz/* - verbs: - - get - - apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingressclasses - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: - - get - - list - - watch --- # Source: elastic-agent/templates/agent/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -1002,30 +780,33 @@ rules: - list - watch --- -# Source: elastic-agent/templates/agent/cluster-role-binding.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: agent-clusterWide-example-default - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 -subjects: - - kind: ServiceAccount - name: agent-clusterwide-example - namespace: "default" + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics roleRef: - kind: ClusterRole - name: agent-clusterWide-example-default apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: +- kind: ServiceAccount + name: kube-state-metrics + namespace: default --- # Source: elastic-agent/templates/agent/cluster-role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default labels: helm.sh/chart: elastic-agent-8.18.0-beta app.kubernetes.io/name: elastic-agent @@ -1033,11 +814,11 @@ metadata: app.kubernetes.io/version: 8.18.0 subjects: - kind: ServiceAccount - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" roleRef: kind: ClusterRole - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default apiGroup: rbac.authorization.k8s.io --- # Source: elastic-agent/templates/agent/cluster-role-binding.yaml @@ -1059,6 +840,34 @@ roleRef: name: agent-perNode-example-default apiGroup: rbac.authorization.k8s.io --- +# Source: elastic-agent/charts/kube-state-metrics/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + annotations: + prometheus.io/scrape: 'true' +spec: + type: "ClusterIP" + ports: + - name: "http" + protocol: TCP + port: 8080 + targetPort: 8080 + + selector: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example +--- # Source: elastic-agent/templates/agent/k8s/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet @@ -1122,24 +931,12 @@ spec: runAsGroup: 1000 runAsUser: 1000 volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - mountPath: /var/lib/docker/containers name: varlibdockercontainers readOnly: true - mountPath: /var/log name: varlog readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - mountPath: /usr/share/elastic-agent/state name: agent-data - mountPath: /etc/elastic-agent/agent.yml @@ -1152,24 +949,12 @@ spec: kubernetes.io/os: linux serviceAccountName: agent-pernode-example volumes: - - hostPath: - path: /proc - name: proc - - hostPath: - path: /sys/fs/cgroup - name: cgroup - hostPath: path: /var/lib/docker/containers name: varlibdockercontainers - hostPath: path: /var/log name: varlog - - hostPath: - path: /etc - name: etc-full - - hostPath: - path: /var/lib - name: var-lib - hostPath: path: /etc/elastic-agent/default/agent-pernode-example/state type: DirectoryOrCreate @@ -1179,92 +964,96 @@ spec: defaultMode: 292 secretName: agent-pernode-example --- -# Source: elastic-agent/templates/agent/k8s/deployment.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: agent-clusterwide-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 + app.kubernetes.io/version: "2.14.0" spec: selector: - matchLabels: - name: agent-clusterwide-example + matchLabels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + replicas: 1 + strategy: + type: RollingUpdate + revisionHistoryLimit: 10 template: metadata: - labels: - name: agent-clusterwide-example - annotations: - checksum/config: 97e62ed0d731dea2ecadf31b0a7b4160db1b8a253589b7324f3a381af2519591 + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" spec: automountServiceAccountToken: true + hostNetwork: false + serviceAccountName: kube-state-metrics + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault containers: - - args: - - -c - - /etc/elastic-agent/agent.yml - - -e - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: /usr/share/elastic-agent/state - - name: ELASTIC_NETINFO - value: "false" - image: docker.elastic.co/beats/elastic-agent:8.18.0-SNAPSHOT + - name: kube-state-metrics + args: + - --port=8080 + - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments imagePullPolicy: IfNotPresent - name: agent + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0 + ports: + - containerPort: 8080 + name: "http" + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi + {} securityContext: + allowPrivilegeEscalation: false capabilities: - add: - - CHOWN - - SETPCAP - - DAC_READ_SEARCH - - SYS_PTRACE drop: - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - volumeMounts: - - mountPath: /usr/share/elastic-agent/state - name: agent-data - - mountPath: /etc/elastic-agent/agent.yml - name: config - readOnly: true - subPath: agent.yml - dnsPolicy: ClusterFirstWithHostNet - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: agent-clusterwide-example - volumes: - - emptyDir: {} - name: agent-data - - name: config - secret: - defaultMode: 292 - secretName: agent-clusterwide-example + readOnlyRootFilesystem: true --- -# Source: elastic-agent/templates/agent/k8s/statefulset.yaml +# Source: elastic-agent/templates/agent/k8s/deployment.yaml apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" labels: helm.sh/chart: elastic-agent-8.18.0-beta @@ -1274,57 +1063,16 @@ metadata: spec: selector: matchLabels: - name: agent-ksmsharded-example + name: agent-clusterwide-example template: metadata: labels: - name: agent-ksmsharded-example + name: agent-clusterwide-example annotations: - checksum/config: 3b64edf7317419b11b0aef4cd10cad04037b7bc0b6866da25871b47b41c04490 + checksum/config: d5c563235f87ab23840416f6679b42b15c094cf361b8794d087b4fdfb8285b4b spec: automountServiceAccountToken: true containers: - - args: - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry - readinessProbe: - httpGet: - path: / - port: 8081 - initialDelaySeconds: 5 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - args: - -c - /etc/elastic-agent/agent.yml @@ -1373,11 +1121,11 @@ spec: dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux - serviceAccountName: agent-ksmsharded-example + serviceAccountName: agent-clusterwide-example volumes: - emptyDir: {} name: agent-data - name: config secret: defaultMode: 292 - secretName: agent-ksmsharded-example + secretName: agent-clusterwide-example diff --git a/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/README.md b/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/README.md index 2a24679f011..fe4f166ddff 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/README.md +++ b/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/README.md @@ -12,6 +12,11 @@ In this example we install the built-in `kubernetes` integration and enable the 2. `redis` integration assets are installed through Kibana ([Kibana - Install and uninstall Elastic Agent integration assets](https://www.elastic.co/guide/en/fleet/current/install-uninstall-integration-assets.html)) +3. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` ## Run: 1. Install Helm chart ```console diff --git a/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml index 467be5bc4f3..3f61f50d791 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml @@ -1,21 +1,25 @@ --- -# Source: elastic-agent/templates/agent/service-account.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount +automountServiceAccountToken: true metadata: - name: agent-clusterwide-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics + namespace: default --- # Source: elastic-agent/templates/agent/service-account.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" labels: helm.sh/chart: elastic-agent-8.18.0-beta @@ -84,295 +88,186 @@ stringData: - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt type: kubernetes/metrics use_output: default - providers: - kubernetes: - node: ${NODE_NAME} - scope: cluster - kubernetes_leaderelection: - enabled: true - leader_lease: example-clusterwide ---- -# Source: elastic-agent/templates/agent/k8s/secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: agent-ksmsharded-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent - app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 -stringData: - - agent.yml: |- - id: agent-ksmsharded-example - outputs: - default: - hosts: - - http://elasticsearch:9200 - password: changeme - type: elasticsearch - username: elastic - secret_references: [] - agent: - monitoring: - enabled: true - logs: true - metrics: true - namespace: default - use_output: default - inputs: - data_stream: namespace: default - id: kubernetes/metrics-kubernetes.state_container + id: kube-state-metrics-kubernetes/metrics streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_container type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_container metricsets: - state_container period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_cronjob - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_cronjob type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_cronjob metricsets: - state_cronjob period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_daemonset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_daemonset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_daemonset metricsets: - state_daemonset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_deployment - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_deployment type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_deployment metricsets: - state_deployment period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_job - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_job type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_job metricsets: - state_job period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_namespace - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_namespace type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_namespace metricsets: - state_namespace period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_node - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_node type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_node metricsets: - state_node period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_persistentvolumeclaim type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim metricsets: - state_persistentvolumeclaim period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_persistentvolume - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_persistentvolume type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_persistentvolume metricsets: - state_persistentvolume period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_pod - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_pod type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_pod metricsets: - state_pod period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_replicaset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_replicaset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_replicaset metricsets: - state_replicaset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_resourcequota - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_resourcequota type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_resourcequota metricsets: - state_resourcequota period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_service - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_service type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_service metricsets: - state_service period: 10s - use_output: default - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_statefulset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_statefulset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_statefulset metricsets: - state_statefulset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_storageclass - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_storageclass type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_storageclass metricsets: - state_storageclass @@ -381,10 +276,11 @@ stringData: use_output: default providers: kubernetes: - enabled: false + node: ${NODE_NAME} + scope: cluster kubernetes_leaderelection: - enabled: false - leader_lease: example-ksmsharded + enabled: true + leader_lease: example-clusterwide --- # Source: elastic-agent/templates/agent/k8s/secret.yaml apiVersion: v1 @@ -572,133 +468,166 @@ stringData: enabled: false leader_lease: example-pernode --- -# Source: elastic-agent/templates/agent/cluster-role.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: agent-clusterWide-example-default - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics rules: - - apiGroups: [ "" ] # "" indicates the core API group - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - - persistentvolumes - - persistentvolumeclaims - - persistentvolumeclaims/status - - nodes/metrics - - nodes/proxy - - nodes/stats - verbs: - - get - - watch - - list - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - watch - - list - - nonResourceURLs: - - /metrics - verbs: - - get - - watch - - list - - apiGroups: [ "coordination.k8s.io" ] - resources: - - leases - verbs: - - get - - create - - update - - nonResourceURLs: - - /healthz - - /healthz/* - - /livez - - /livez/* - - /metrics - - /metrics/slis - - /readyz - - /readyz/* - verbs: - - get - - apiGroups: [ "apps" ] - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: [ "batch" ] - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - - namespaces - - pods - verbs: - - get - - watch - - list - - nonResourceURLs: - - /metrics - verbs: - - get - - watch - - list - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - verbs: - - get - - list - - watch + +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] + +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] + +- apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] + +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] + +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] + +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] --- # Source: elastic-agent/templates/agent/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default labels: helm.sh/chart: elastic-agent-8.18.0-beta app.kubernetes.io/name: elastic-agent @@ -773,157 +702,6 @@ rules: - get - list - watch - - apiGroups: - - "" - resources: - - namespaces - - pods - - persistentvolumes - - persistentvolumeclaims - - persistentvolumeclaims/status - - nodes - - nodes/metrics - - nodes/proxy - - nodes/stats - - services - - events - - configmaps - - secrets - - nodes - - pods - - services - - serviceaccounts - - resourcequotas - - replicationcontrollers - - limitranges - - endpoints - verbs: - - get - - watch - - list - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - get - - watch - - list - - nonResourceURLs: - - /healthz - - /healthz/* - - /livez - - /livez/* - - /metrics - - /metrics/slis - - /readyz - - /readyz/* - verbs: - - get - - apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingressclasses - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: - - get - - list - - watch --- # Source: elastic-agent/templates/agent/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -1005,30 +783,33 @@ rules: - list - watch --- -# Source: elastic-agent/templates/agent/cluster-role-binding.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: agent-clusterWide-example-default - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 -subjects: - - kind: ServiceAccount - name: agent-clusterwide-example - namespace: "default" + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics roleRef: - kind: ClusterRole - name: agent-clusterWide-example-default apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: +- kind: ServiceAccount + name: kube-state-metrics + namespace: default --- # Source: elastic-agent/templates/agent/cluster-role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default labels: helm.sh/chart: elastic-agent-8.18.0-beta app.kubernetes.io/name: elastic-agent @@ -1036,11 +817,11 @@ metadata: app.kubernetes.io/version: 8.18.0 subjects: - kind: ServiceAccount - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" roleRef: kind: ClusterRole - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default apiGroup: rbac.authorization.k8s.io --- # Source: elastic-agent/templates/agent/cluster-role-binding.yaml @@ -1062,6 +843,34 @@ roleRef: name: agent-perNode-example-default apiGroup: rbac.authorization.k8s.io --- +# Source: elastic-agent/charts/kube-state-metrics/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + annotations: + prometheus.io/scrape: 'true' +spec: + type: "ClusterIP" + ports: + - name: "http" + protocol: TCP + port: 8080 + targetPort: 8080 + + selector: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example +--- # Source: elastic-agent/templates/agent/k8s/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet @@ -1125,24 +934,12 @@ spec: runAsGroup: 1000 runAsUser: 1000 volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - mountPath: /var/lib/docker/containers name: varlibdockercontainers readOnly: true - mountPath: /var/log name: varlog readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - mountPath: /usr/share/elastic-agent/state name: agent-data - mountPath: /etc/elastic-agent/agent.yml @@ -1155,24 +952,12 @@ spec: kubernetes.io/os: linux serviceAccountName: agent-pernode-example volumes: - - hostPath: - path: /proc - name: proc - - hostPath: - path: /sys/fs/cgroup - name: cgroup - hostPath: path: /var/lib/docker/containers name: varlibdockercontainers - hostPath: path: /var/log name: varlog - - hostPath: - path: /etc - name: etc-full - - hostPath: - path: /var/lib - name: var-lib - hostPath: path: /etc/elastic-agent/default/agent-pernode-example/state type: DirectoryOrCreate @@ -1182,92 +967,96 @@ spec: defaultMode: 292 secretName: agent-pernode-example --- -# Source: elastic-agent/templates/agent/k8s/deployment.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: agent-clusterwide-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 + app.kubernetes.io/version: "2.14.0" spec: selector: - matchLabels: - name: agent-clusterwide-example + matchLabels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + replicas: 1 + strategy: + type: RollingUpdate + revisionHistoryLimit: 10 template: metadata: - labels: - name: agent-clusterwide-example - annotations: - checksum/config: 97e62ed0d731dea2ecadf31b0a7b4160db1b8a253589b7324f3a381af2519591 + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" spec: automountServiceAccountToken: true + hostNetwork: false + serviceAccountName: kube-state-metrics + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault containers: - - args: - - -c - - /etc/elastic-agent/agent.yml - - -e - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: /usr/share/elastic-agent/state - - name: ELASTIC_NETINFO - value: "false" - image: docker.elastic.co/beats/elastic-agent:8.18.0-SNAPSHOT + - name: kube-state-metrics + args: + - --port=8080 + - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments imagePullPolicy: IfNotPresent - name: agent + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0 + ports: + - containerPort: 8080 + name: "http" + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi + {} securityContext: + allowPrivilegeEscalation: false capabilities: - add: - - CHOWN - - SETPCAP - - DAC_READ_SEARCH - - SYS_PTRACE drop: - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - volumeMounts: - - mountPath: /usr/share/elastic-agent/state - name: agent-data - - mountPath: /etc/elastic-agent/agent.yml - name: config - readOnly: true - subPath: agent.yml - dnsPolicy: ClusterFirstWithHostNet - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: agent-clusterwide-example - volumes: - - emptyDir: {} - name: agent-data - - name: config - secret: - defaultMode: 292 - secretName: agent-clusterwide-example + readOnlyRootFilesystem: true --- -# Source: elastic-agent/templates/agent/k8s/statefulset.yaml +# Source: elastic-agent/templates/agent/k8s/deployment.yaml apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" labels: helm.sh/chart: elastic-agent-8.18.0-beta @@ -1277,57 +1066,16 @@ metadata: spec: selector: matchLabels: - name: agent-ksmsharded-example + name: agent-clusterwide-example template: metadata: labels: - name: agent-ksmsharded-example + name: agent-clusterwide-example annotations: - checksum/config: 3b64edf7317419b11b0aef4cd10cad04037b7bc0b6866da25871b47b41c04490 + checksum/config: d5c563235f87ab23840416f6679b42b15c094cf361b8794d087b4fdfb8285b4b spec: automountServiceAccountToken: true containers: - - args: - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry - readinessProbe: - httpGet: - path: / - port: 8081 - initialDelaySeconds: 5 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - args: - -c - /etc/elastic-agent/agent.yml @@ -1376,11 +1124,11 @@ spec: dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux - serviceAccountName: agent-ksmsharded-example + serviceAccountName: agent-clusterwide-example volumes: - emptyDir: {} name: agent-data - name: config secret: defaultMode: 292 - secretName: agent-ksmsharded-example + secretName: agent-clusterwide-example diff --git a/deploy/helm/elastic-agent/examples/kubernetes-ksm-sharding/README.md b/deploy/helm/elastic-agent/examples/kubernetes-ksm-sharding/README.md new file mode 100644 index 00000000000..83ac598c188 --- /dev/null +++ b/deploy/helm/elastic-agent/examples/kubernetes-ksm-sharding/README.md @@ -0,0 +1,45 @@ +# Example: Kubernetes Integration with default chart values + +In this example we install the built-in `kubernetes` integration with the default built-in values. We also change the `kube-state-metrics` to run with the `autosharding` feature enabled and include elastic-agent as a sidecar container. Such a type of setup is recommended for big k8s clusters, featuring a lot of k8s resources, where scaling of kube-state-metrics extraction is required. + +## Prerequisites: +1. A k8s secret that contains the connection details to an Elasticsearch cluster such as the URL and the API key ([Kibana - Creating API Keys](https://www.elastic.co/guide/en/kibana/current/api-keys.html)): + ```console + kubectl create secret generic es-api-secret \ + --from-literal=api_key=... \ + --from-literal=url=... + ``` + +2. `kubernetes` integration assets installed through Kibana ([Kibana - Install and uninstall Elastic Agent integration assets](https://www.elastic.co/guide/en/fleet/current/install-uninstall-integration-assets.html)) + +3. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` +## Run: + +#### Public image registry: +```console +helm install elastic-agent ../../ \ + -f ./agent-kubernetes-values.yaml +``` + + +#### Private image registry: +Create secret with the contents of docker auth config +``` +kubectl create secret generic regcred --from-file=.dockerconfigjson=/.docker/config.json --type=kubernetes.io/dockerconfigjson +``` + +Install elastic-agent +```console +helm install elastic-agent ../../ \ + -f ./agent-kubernetes-values.yaml \ + --set 'agent.imagePullSecrets[0].name=regcred' +``` + +## Validate: + +1. `kube-state metrics` is installed by this command `kubectl get sts -n kube-system kube-state-metrics`. +2. The Kibana `kubernetes`-related dashboards should start showing up the respective info. diff --git a/deploy/helm/elastic-agent/examples/kubernetes-ksm-sharding/agent-kubernetes-values.yaml b/deploy/helm/elastic-agent/examples/kubernetes-ksm-sharding/agent-kubernetes-values.yaml new file mode 100644 index 00000000000..e89322a4400 --- /dev/null +++ b/deploy/helm/elastic-agent/examples/kubernetes-ksm-sharding/agent-kubernetes-values.yaml @@ -0,0 +1,13 @@ +outputs: + default: + type: ESSecretAuthAPI + secretName: es-api-secret + +kubernetes: + enabled: true + state: + agentAsSidecar: + enabled: true + +agent: + unprivileged: true diff --git a/deploy/helm/elastic-agent/examples/kubernetes-ksm-sharding/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-ksm-sharding/rendered/manifest.yaml new file mode 100644 index 00000000000..c4e5419bd34 --- /dev/null +++ b/deploy/helm/elastic-agent/examples/kubernetes-ksm-sharding/rendered/manifest.yaml @@ -0,0 +1,1282 @@ +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics + namespace: default +--- +# Source: elastic-agent/templates/agent/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: agent-clusterwide-example + namespace: "default" + labels: + helm.sh/chart: elastic-agent-8.18.0-beta + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.18.0 +--- +# Source: elastic-agent/templates/agent/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: agent-pernode-example + namespace: "default" + labels: + helm.sh/chart: elastic-agent-8.18.0-beta + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.18.0 +--- +# Source: elastic-agent/templates/agent/k8s/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: agent-clusterwide-example + namespace: "default" + labels: + helm.sh/chart: elastic-agent-8.18.0-beta + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.18.0 +stringData: + + agent.yml: |- + id: agent-clusterwide-example + outputs: + default: + api_key: ${OUTPUT_DEFAULT_API_KEY} + hosts: + - ${OUTPUT_DEFAULT_URL} + type: elasticsearch + secret_references: [] + agent: + monitoring: + enabled: true + logs: true + metrics: true + namespace: default + use_output: default + inputs: + - data_stream: + namespace: default + id: kubernetes/metrics-kubernetes.apiserver + streams: + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.apiserver + type: metrics + hosts: + - https://${env.KUBERNETES_SERVICE_HOST}:${env.KUBERNETES_SERVICE_PORT} + id: kubernetes/metrics-kubernetes.apiserver + metricsets: + - apiserver + period: 30s + ssl.certificate_authorities: + - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + type: kubernetes/metrics + use_output: default + providers: + kubernetes: + node: ${NODE_NAME} + scope: cluster + kubernetes_leaderelection: + enabled: true + leader_lease: example-clusterwide +--- +# Source: elastic-agent/templates/agent/k8s/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: agent-pernode-example + namespace: "default" + labels: + helm.sh/chart: elastic-agent-8.18.0-beta + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.18.0 +stringData: + + agent.yml: |- + id: agent-pernode-example + outputs: + default: + api_key: ${OUTPUT_DEFAULT_API_KEY} + hosts: + - ${OUTPUT_DEFAULT_URL} + type: elasticsearch + secret_references: [] + agent: + monitoring: + enabled: true + logs: true + metrics: true + namespace: default + use_output: default + inputs: + - data_stream: + namespace: default + id: filestream-container-logs + streams: + - data_stream: + dataset: kubernetes.container_logs + type: logs + id: kubernetes-container-logs-${kubernetes.pod.name}-${kubernetes.container.id} + parsers: + - container: + format: auto + stream: all + paths: + - /var/log/containers/*${kubernetes.container.id}.log + processors: + - add_fields: + fields: + annotations.elastic_co/dataset: ${kubernetes.annotations.elastic.co/dataset|""} + annotations.elastic_co/namespace: ${kubernetes.annotations.elastic.co/namespace|""} + annotations.elastic_co/preserve_original_event: ${kubernetes.annotations.elastic.co/preserve_original_event|""} + target: kubernetes + - drop_fields: + fields: + - kubernetes.annotations.elastic_co/dataset + ignore_missing: true + when: + equals: + kubernetes.annotations.elastic_co/dataset: "" + - drop_fields: + fields: + - kubernetes.annotations.elastic_co/namespace + ignore_missing: true + when: + equals: + kubernetes.annotations.elastic_co/namespace: "" + - drop_fields: + fields: + - kubernetes.annotations.elastic_co/preserve_original_event + ignore_missing: true + when: + equals: + kubernetes.annotations.elastic_co/preserve_original_event: "" + - add_tags: + tags: + - preserve_original_event + when: + and: + - has_fields: + - kubernetes.annotations.elastic_co/preserve_original_event + - regexp: + kubernetes.annotations.elastic_co/preserve_original_event: ^(?i)true$ + prospector.scanner.symlinks: true + type: filestream + use_output: default + - data_stream: + namespace: default + id: kubernetes/metrics-kubernetes.container + streams: + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.container + type: metrics + hosts: + - https://${env.NODE_NAME}:10250 + id: kubernetes/metrics-kubernetes.container + metricsets: + - container + period: 10s + ssl.verification_mode: none + type: kubernetes/metrics + use_output: default + - data_stream: + namespace: default + id: kubernetes/metrics-kubernetes.node + streams: + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.node + type: metrics + hosts: + - https://${env.NODE_NAME}:10250 + id: kubernetes/metrics-kubernetes.node + metricsets: + - node + period: 10s + ssl.verification_mode: none + type: kubernetes/metrics + use_output: default + - data_stream: + namespace: default + id: kubernetes/metrics-kubernetes.pod + streams: + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.pod + type: metrics + hosts: + - https://${env.NODE_NAME}:10250 + id: kubernetes/metrics-kubernetes.pod + metricsets: + - pod + period: 10s + ssl.verification_mode: none + type: kubernetes/metrics + use_output: default + - data_stream: + namespace: default + id: kubernetes/metrics-kubernetes.system + streams: + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.system + type: metrics + hosts: + - https://${env.NODE_NAME}:10250 + id: kubernetes/metrics-kubernetes.system + metricsets: + - system + period: 10s + ssl.verification_mode: none + type: kubernetes/metrics + use_output: default + - data_stream: + namespace: default + id: kubernetes/metrics-kubernetes.volume + streams: + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.volume + type: metrics + hosts: + - https://${env.NODE_NAME}:10250 + id: kubernetes/metrics-kubernetes.volume + metricsets: + - volume + period: 10s + ssl.verification_mode: none + type: kubernetes/metrics + use_output: default + providers: + kubernetes: + node: ${NODE_NAME} + scope: node + kubernetes_leaderelection: + enabled: false + leader_lease: example-pernode +--- +# Source: elastic-agent/templates/agent/k8s/statefulset.yaml +apiVersion: v1 +kind: Secret +metadata: + name: agent-ksm + namespace: "default" +stringData: + agent.yml: |- + inputs: + - data_stream: + namespace: default + id: kube-state-metrics-kubernetes/metrics + streams: + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_container + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_container + metricsets: + - state_container + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_cronjob + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_cronjob + metricsets: + - state_cronjob + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_daemonset + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_daemonset + metricsets: + - state_daemonset + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_deployment + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_deployment + metricsets: + - state_deployment + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_job + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_job + metricsets: + - state_job + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_namespace + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_namespace + metricsets: + - state_namespace + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_node + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_node + metricsets: + - state_node + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_persistentvolumeclaim + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim + metricsets: + - state_persistentvolumeclaim + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_persistentvolume + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_persistentvolume + metricsets: + - state_persistentvolume + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_pod + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_pod + metricsets: + - state_pod + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_replicaset + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_replicaset + metricsets: + - state_replicaset + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_resourcequota + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_resourcequota + metricsets: + - state_resourcequota + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_service + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_service + metricsets: + - state_service + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_statefulset + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_statefulset + metricsets: + - state_statefulset + period: 10s + - add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + data_stream: + dataset: kubernetes.state_storageclass + type: metrics + hosts: + - localhost:8080 + id: kubernetes/metrics-kubernetes.state_storageclass + metricsets: + - state_storageclass + period: 10s + type: kubernetes/metrics + use_output: default + outputs: + default: + api_key: ${OUTPUT_DEFAULT_API_KEY} + hosts: + - ${OUTPUT_DEFAULT_URL} + type: elasticsearch + providers: + kubernetes: + enabled: false + kubernetes_leaderelection: + enabled: false + leader_lease: agent-ksm-sharded +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics +rules: + +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] + +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] + +- apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] + +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] + +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] + +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +--- +# Source: elastic-agent/templates/agent/cluster-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: agent-clusterWide-example-default + labels: + helm.sh/chart: elastic-agent-8.18.0-beta + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.18.0 +rules: + - apiGroups: [ "" ] # "" indicates the core API group + resources: + - nodes + - namespaces + - events + - pods + - services + - configmaps + - persistentvolumes + - persistentvolumeclaims + - persistentvolumeclaims/status + - nodes/metrics + - nodes/proxy + - nodes/stats + verbs: + - get + - watch + - list + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - watch + - list + - nonResourceURLs: + - /metrics + verbs: + - get + - watch + - list + - apiGroups: [ "coordination.k8s.io" ] + resources: + - leases + verbs: + - get + - create + - update + - nonResourceURLs: + - /healthz + - /healthz/* + - /livez + - /livez/* + - /metrics + - /metrics/slis + - /readyz + - /readyz/* + verbs: + - get + - apiGroups: [ "apps" ] + resources: + - replicasets + - deployments + - daemonsets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: [ "batch" ] + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch +--- +# Source: elastic-agent/templates/agent/cluster-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: agent-perNode-example-default + labels: + helm.sh/chart: elastic-agent-8.18.0-beta + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.18.0 +rules: + - apiGroups: [ "" ] # "" indicates the core API group + resources: + - nodes + - namespaces + - events + - pods + - services + - configmaps + - persistentvolumes + - persistentvolumeclaims + - persistentvolumeclaims/status + - nodes/metrics + - nodes/proxy + - nodes/stats + verbs: + - get + - watch + - list + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - watch + - list + - nonResourceURLs: + - /metrics + verbs: + - get + - watch + - list + - apiGroups: [ "coordination.k8s.io" ] + resources: + - leases + verbs: + - get + - create + - update + - nonResourceURLs: + - /healthz + - /healthz/* + - /livez + - /livez/* + - /metrics + - /metrics/slis + - /readyz + - /readyz/* + verbs: + - get + - apiGroups: [ "apps" ] + resources: + - replicasets + - deployments + - daemonsets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: [ "batch" ] + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: +- kind: ServiceAccount + name: kube-state-metrics + namespace: default +--- +# Source: elastic-agent/templates/agent/cluster-role-binding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: agent-clusterWide-example-default + labels: + helm.sh/chart: elastic-agent-8.18.0-beta + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.18.0 +subjects: + - kind: ServiceAccount + name: agent-clusterwide-example + namespace: "default" +roleRef: + kind: ClusterRole + name: agent-clusterWide-example-default + apiGroup: rbac.authorization.k8s.io +--- +# Source: elastic-agent/templates/agent/cluster-role-binding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: agent-perNode-example-default + labels: + helm.sh/chart: elastic-agent-8.18.0-beta + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.18.0 +subjects: + - kind: ServiceAccount + name: agent-pernode-example + namespace: "default" +roleRef: + kind: ClusterRole + name: agent-perNode-example-default + apiGroup: rbac.authorization.k8s.io +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/stsdiscovery-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - kube-state-metrics + resources: + - statefulsets + verbs: + - get + - list + - watch +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-kube-state-metrics +subjects: + - kind: ServiceAccount + name: kube-state-metrics + namespace: default +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + annotations: + prometheus.io/scrape: 'true' +spec: + type: "ClusterIP" + ports: + - name: "http" + protocol: TCP + port: 8080 + targetPort: 8080 + + clusterIP: None + selector: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example +--- +# Source: elastic-agent/templates/agent/k8s/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: agent-pernode-example + namespace: "default" + labels: + helm.sh/chart: elastic-agent-8.18.0-beta + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.18.0 +spec: + selector: + matchLabels: + name: agent-pernode-example + template: + metadata: + labels: + name: agent-pernode-example + annotations: + checksum/config: 05797fdfdd3cdeefb99e39e0f4756a6b812465509b31195ff57ae3925aa5e087 + spec: + automountServiceAccountToken: true + containers: + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + - name: OUTPUT_DEFAULT_URL + valueFrom: + secretKeyRef: + key: url + name: es-api-secret + - name: OUTPUT_DEFAULT_API_KEY + valueFrom: + secretKeyRef: + key: api_key + name: es-api-secret + image: docker.elastic.co/beats/elastic-agent:8.18.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 1000Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - CHOWN + - SETPCAP + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /var/lib/docker/containers + name: varlibdockercontainers + readOnly: true + - mountPath: /var/log + name: varlog + readOnly: true + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: agent-pernode-example + volumes: + - hostPath: + path: /var/lib/docker/containers + name: varlibdockercontainers + - hostPath: + path: /var/log + name: varlog + - hostPath: + path: /etc/elastic-agent/default/agent-pernode-example/state + type: DirectoryOrCreate + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-pernode-example +--- +# Source: elastic-agent/templates/agent/k8s/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: agent-clusterwide-example + namespace: "default" + labels: + helm.sh/chart: elastic-agent-8.18.0-beta + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.18.0 +spec: + selector: + matchLabels: + name: agent-clusterwide-example + template: + metadata: + labels: + name: agent-clusterwide-example + annotations: + checksum/config: 5660dc09203da9bbeff206b176eef04fb1c881f4c668ebddf8b8ec86617bc5e2 + spec: + automountServiceAccountToken: true + containers: + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + - name: OUTPUT_DEFAULT_URL + valueFrom: + secretKeyRef: + key: url + name: es-api-secret + - name: OUTPUT_DEFAULT_API_KEY + valueFrom: + secretKeyRef: + key: api_key + name: es-api-secret + image: docker.elastic.co/beats/elastic-agent:8.18.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - CHOWN + - SETPCAP + - DAC_READ_SEARCH + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: agent-clusterwide-example + volumes: + - emptyDir: {} + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-clusterwide-example +--- +# Source: elastic-agent/charts/kube-state-metrics/templates/deployment.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" +spec: + selector: + matchLabels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + replicas: 1 + revisionHistoryLimit: 10 + serviceName: kube-state-metrics + volumeClaimTemplates: [] + template: + metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + annotations: + + checksum/config: 80abdbb9b473f2336713dacdae362b6a0982ca46324fbe02e7d20492b8ea8014 + spec: + automountServiceAccountToken: true + hostNetwork: false + serviceAccountName: kube-state-metrics + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + containers: + - name: kube-state-metrics + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + + args: + - --port=8080 + - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) + imagePullPolicy: IfNotPresent + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0 + ports: + - containerPort: 8080 + name: "http" + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: OUTPUT_DEFAULT_URL + valueFrom: + secretKeyRef: + key: url + name: es-api-secret + - name: OUTPUT_DEFAULT_API_KEY + valueFrom: + secretKeyRef: + key: api_key + name: es-api-secret + image: docker.elastic.co/beats/elastic-agent:8.18.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - CHOWN + - SETPCAP + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + volumes: + - name: config + secret: + defaultMode: 292 + secretName: agent-ksm diff --git a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/README.md b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/README.md index 4dc49f1ebb7..724bbbda988 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/README.md +++ b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/README.md @@ -12,6 +12,12 @@ In this example we install the built-in `kubernetes` integration and set it to e 2. `kubernetes` integration assets installed through Kibana ([Kibana - Install and uninstall Elastic Agent integration assets](https://www.elastic.co/guide/en/fleet/current/install-uninstall-integration-assets.html)) +3. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` + ## Run: ```console helm install elastic-agent ../../ \ diff --git a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/agent-kubernetes-values.yaml b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/agent-kubernetes-values.yaml index 4889fa195ac..97b69f067dc 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/agent-kubernetes-values.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/agent-kubernetes-values.yaml @@ -18,5 +18,8 @@ kubernetes: hints: enabled: false +kube-state-metrics: + enabled: false + agent: unprivileged: true diff --git a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml index d13815e2a86..a2dfdeee49a 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml @@ -266,24 +266,12 @@ spec: runAsGroup: 1000 runAsUser: 1000 volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - mountPath: /var/lib/docker/containers name: varlibdockercontainers readOnly: true - mountPath: /var/log name: varlog readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - mountPath: /usr/share/elastic-agent/state name: agent-data - mountPath: /etc/elastic-agent/agent.yml @@ -296,24 +284,12 @@ spec: kubernetes.io/os: linux serviceAccountName: agent-pernode-example volumes: - - hostPath: - path: /proc - name: proc - - hostPath: - path: /sys/fs/cgroup - name: cgroup - hostPath: path: /var/lib/docker/containers name: varlibdockercontainers - hostPath: path: /var/log name: varlog - - hostPath: - path: /etc - name: etc-full - - hostPath: - path: /var/lib - name: var-lib - hostPath: path: /etc/elastic-agent/default/agent-pernode-example/state type: DirectoryOrCreate diff --git a/deploy/helm/elastic-agent/examples/multiple-integrations/README.md b/deploy/helm/elastic-agent/examples/multiple-integrations/README.md index 3334010346a..a17aa6d263a 100644 --- a/deploy/helm/elastic-agent/examples/multiple-integrations/README.md +++ b/deploy/helm/elastic-agent/examples/multiple-integrations/README.md @@ -12,6 +12,12 @@ In this example we install the built-in `kubernetes` integration and a `nginx` c 2. `kubernetes`, `redis`, and `nginx` integration assets are installed through Kibana ([Kibana - Install and uninstall Elastic Agent integration assets](https://www.elastic.co/guide/en/fleet/current/install-uninstall-integration-assets.html)) +3. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` + ## Run: 1. Install Helm chart ```console diff --git a/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml index 421adc78ff9..9a1e30758ab 100644 --- a/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml @@ -1,21 +1,25 @@ --- -# Source: elastic-agent/templates/agent/service-account.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount +automountServiceAccountToken: true metadata: - name: agent-clusterwide-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics + namespace: default --- # Source: elastic-agent/templates/agent/service-account.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" labels: helm.sh/chart: elastic-agent-8.18.0-beta @@ -86,331 +90,223 @@ stringData: use_output: default - data_stream: namespace: default - id: nginx/metrics-nginx-69240207-6fcc-4d19-aee3-dbf716e3bb0f - meta: - package: - name: nginx - version: 1.19.1 - name: nginx-1 - package_policy_id: 69240207-6fcc-4d19-aee3-dbf716e3bb0f - preset: clusterWide - revision: 1 - streams: - - data_stream: - dataset: nginx.stubstatus - type: metrics - hosts: - - http://nginx.default.svc.cluster.local:80 - id: nginx/metrics-nginx.stubstatus-69240207-6fcc-4d19-aee3-dbf716e3bb0f - metricsets: - - stubstatus - period: 10s - server_status_path: /nginx_status - tags: - - nginx-stubstatus - type: nginx/metrics - use_output: default - providers: - kubernetes: - node: ${NODE_NAME} - scope: cluster - kubernetes_leaderelection: - enabled: true - leader_lease: example-clusterwide ---- -# Source: elastic-agent/templates/agent/k8s/secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: agent-ksmsharded-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent - app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 -stringData: - - agent.yml: |- - id: agent-ksmsharded-example - outputs: - default: - hosts: - - http://elasticsearch:9200 - password: changeme - type: elasticsearch - username: elastic - secret_references: [] - agent: - monitoring: - enabled: true - logs: true - metrics: true - namespace: default - use_output: default - inputs: - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_container + id: kube-state-metrics-kubernetes/metrics streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_container type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_container metricsets: - state_container period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_cronjob - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_cronjob type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_cronjob metricsets: - state_cronjob period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_daemonset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_daemonset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_daemonset metricsets: - state_daemonset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_deployment - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_deployment type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_deployment metricsets: - state_deployment period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_job - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_job type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_job metricsets: - state_job period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_namespace - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_namespace type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_namespace metricsets: - state_namespace period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_node - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_node type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_node metricsets: - state_node period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_persistentvolumeclaim type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim metricsets: - state_persistentvolumeclaim period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_persistentvolume - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_persistentvolume type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_persistentvolume metricsets: - state_persistentvolume period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_pod - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_pod type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_pod metricsets: - state_pod period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_replicaset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_replicaset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_replicaset metricsets: - state_replicaset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_resourcequota - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_resourcequota type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_resourcequota metricsets: - state_resourcequota period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_service - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_service type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_service metricsets: - state_service period: 10s - use_output: default - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_statefulset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_statefulset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_statefulset metricsets: - state_statefulset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_storageclass - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_storageclass type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_storageclass metricsets: - state_storageclass period: 10s type: kubernetes/metrics use_output: default + - data_stream: + namespace: default + id: nginx/metrics-nginx-69240207-6fcc-4d19-aee3-dbf716e3bb0f + meta: + package: + name: nginx + version: 1.19.1 + name: nginx-1 + package_policy_id: 69240207-6fcc-4d19-aee3-dbf716e3bb0f + preset: clusterWide + revision: 1 + streams: + - data_stream: + dataset: nginx.stubstatus + type: metrics + hosts: + - http://nginx.default.svc.cluster.local:80 + id: nginx/metrics-nginx.stubstatus-69240207-6fcc-4d19-aee3-dbf716e3bb0f + metricsets: + - stubstatus + period: 10s + server_status_path: /nginx_status + tags: + - nginx-stubstatus + type: nginx/metrics + use_output: default providers: kubernetes: - enabled: false + node: ${NODE_NAME} + scope: cluster kubernetes_leaderelection: - enabled: false - leader_lease: example-ksmsharded + enabled: true + leader_lease: example-clusterwide --- # Source: elastic-agent/templates/agent/k8s/secret.yaml apiVersion: v1 @@ -598,133 +494,166 @@ stringData: enabled: false leader_lease: example-pernode --- -# Source: elastic-agent/templates/agent/cluster-role.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: agent-clusterWide-example-default - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics rules: - - apiGroups: [ "" ] # "" indicates the core API group - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - - persistentvolumes - - persistentvolumeclaims - - persistentvolumeclaims/status - - nodes/metrics - - nodes/proxy - - nodes/stats - verbs: - - get - - watch - - list - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - watch - - list - - nonResourceURLs: - - /metrics - verbs: - - get - - watch - - list - - apiGroups: [ "coordination.k8s.io" ] - resources: - - leases - verbs: - - get - - create - - update - - nonResourceURLs: - - /healthz - - /healthz/* - - /livez - - /livez/* - - /metrics - - /metrics/slis - - /readyz - - /readyz/* - verbs: - - get - - apiGroups: [ "apps" ] - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: [ "batch" ] - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - - namespaces - - pods - verbs: - - get - - watch - - list - - nonResourceURLs: - - /metrics - verbs: - - get - - watch - - list - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - verbs: - - get - - list - - watch + +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] + +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] + +- apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] + +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] + +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] + +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] --- # Source: elastic-agent/templates/agent/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default labels: helm.sh/chart: elastic-agent-8.18.0-beta app.kubernetes.io/name: elastic-agent @@ -799,157 +728,6 @@ rules: - get - list - watch - - apiGroups: - - "" - resources: - - namespaces - - pods - - persistentvolumes - - persistentvolumeclaims - - persistentvolumeclaims/status - - nodes - - nodes/metrics - - nodes/proxy - - nodes/stats - - services - - events - - configmaps - - secrets - - nodes - - pods - - services - - serviceaccounts - - resourcequotas - - replicationcontrollers - - limitranges - - endpoints - verbs: - - get - - watch - - list - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - get - - watch - - list - - nonResourceURLs: - - /healthz - - /healthz/* - - /livez - - /livez/* - - /metrics - - /metrics/slis - - /readyz - - /readyz/* - verbs: - - get - - apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingressclasses - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: - - get - - list - - watch --- # Source: elastic-agent/templates/agent/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -1031,30 +809,33 @@ rules: - list - watch --- -# Source: elastic-agent/templates/agent/cluster-role-binding.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: agent-clusterWide-example-default - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 -subjects: - - kind: ServiceAccount - name: agent-clusterwide-example - namespace: "default" + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics roleRef: - kind: ClusterRole - name: agent-clusterWide-example-default apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: +- kind: ServiceAccount + name: kube-state-metrics + namespace: default --- # Source: elastic-agent/templates/agent/cluster-role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default labels: helm.sh/chart: elastic-agent-8.18.0-beta app.kubernetes.io/name: elastic-agent @@ -1062,11 +843,11 @@ metadata: app.kubernetes.io/version: 8.18.0 subjects: - kind: ServiceAccount - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" roleRef: kind: ClusterRole - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default apiGroup: rbac.authorization.k8s.io --- # Source: elastic-agent/templates/agent/cluster-role-binding.yaml @@ -1088,6 +869,34 @@ roleRef: name: agent-perNode-example-default apiGroup: rbac.authorization.k8s.io --- +# Source: elastic-agent/charts/kube-state-metrics/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + annotations: + prometheus.io/scrape: 'true' +spec: + type: "ClusterIP" + ports: + - name: "http" + protocol: TCP + port: 8080 + targetPort: 8080 + + selector: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example +--- # Source: elastic-agent/templates/agent/k8s/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet @@ -1141,24 +950,12 @@ spec: securityContext: runAsUser: 0 volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - mountPath: /var/lib/docker/containers name: varlibdockercontainers readOnly: true - mountPath: /var/log name: varlog readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - mountPath: /usr/share/elastic-agent/state name: agent-data - mountPath: /etc/elastic-agent/agent.yml @@ -1171,24 +968,12 @@ spec: kubernetes.io/os: linux serviceAccountName: agent-pernode-example volumes: - - hostPath: - path: /proc - name: proc - - hostPath: - path: /sys/fs/cgroup - name: cgroup - hostPath: path: /var/lib/docker/containers name: varlibdockercontainers - hostPath: path: /var/log name: varlog - - hostPath: - path: /etc - name: etc-full - - hostPath: - path: /var/lib - name: var-lib - hostPath: path: /etc/elastic-agent/default/agent-pernode-example/state type: DirectoryOrCreate @@ -1198,82 +983,96 @@ spec: defaultMode: 292 secretName: agent-pernode-example --- -# Source: elastic-agent/templates/agent/k8s/deployment.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: agent-clusterwide-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 + app.kubernetes.io/version: "2.14.0" spec: selector: - matchLabels: - name: agent-clusterwide-example + matchLabels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + replicas: 1 + strategy: + type: RollingUpdate + revisionHistoryLimit: 10 template: metadata: - labels: - name: agent-clusterwide-example - annotations: - checksum/config: 4425148664b320184754e6ab2438144cdda5ec331ba76501a4264ddcab801623 + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" spec: automountServiceAccountToken: true + hostNetwork: false + serviceAccountName: kube-state-metrics + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault containers: - - args: - - -c - - /etc/elastic-agent/agent.yml - - -e - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: /usr/share/elastic-agent/state - - name: ELASTIC_NETINFO - value: "false" - image: docker.elastic.co/beats/elastic-agent:8.18.0-SNAPSHOT + - name: kube-state-metrics + args: + - --port=8080 + - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments imagePullPolicy: IfNotPresent - name: agent + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0 + ports: + - containerPort: 8080 + name: "http" + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi + {} securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /usr/share/elastic-agent/state - name: agent-data - - mountPath: /etc/elastic-agent/agent.yml - name: config - readOnly: true - subPath: agent.yml - dnsPolicy: ClusterFirstWithHostNet - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: agent-clusterwide-example - volumes: - - emptyDir: {} - name: agent-data - - name: config - secret: - defaultMode: 292 - secretName: agent-clusterwide-example + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true --- -# Source: elastic-agent/templates/agent/k8s/statefulset.yaml +# Source: elastic-agent/templates/agent/k8s/deployment.yaml apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" labels: helm.sh/chart: elastic-agent-8.18.0-beta @@ -1283,57 +1082,16 @@ metadata: spec: selector: matchLabels: - name: agent-ksmsharded-example + name: agent-clusterwide-example template: metadata: labels: - name: agent-ksmsharded-example + name: agent-clusterwide-example annotations: - checksum/config: 3b64edf7317419b11b0aef4cd10cad04037b7bc0b6866da25871b47b41c04490 + checksum/config: b27b8c59cca12784fcd6fba96f6ea4923afffa2c6ec373b6e02d763e0f342091 spec: automountServiceAccountToken: true containers: - - args: - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry - readinessProbe: - httpGet: - path: / - port: 8081 - initialDelaySeconds: 5 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - args: - -c - /etc/elastic-agent/agent.yml @@ -1372,11 +1130,11 @@ spec: dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux - serviceAccountName: agent-ksmsharded-example + serviceAccountName: agent-clusterwide-example volumes: - emptyDir: {} name: agent-data - name: config secret: defaultMode: 292 - secretName: agent-ksmsharded-example + secretName: agent-clusterwide-example diff --git a/deploy/helm/elastic-agent/examples/netflow-service/README.md b/deploy/helm/elastic-agent/examples/netflow-service/README.md index d4e4337c74c..d1d4631d70c 100644 --- a/deploy/helm/elastic-agent/examples/netflow-service/README.md +++ b/deploy/helm/elastic-agent/examples/netflow-service/README.md @@ -12,6 +12,12 @@ In this example we define a `netflow` custom integration alongside a custom agen 2. `NetFlow Records` integration assets are installed through Kibana +3. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` + ## Run: 1. Install Helm chart ```console diff --git a/deploy/helm/elastic-agent/examples/netflow-service/agent-netflow-values.yaml b/deploy/helm/elastic-agent/examples/netflow-service/agent-netflow-values.yaml index 59d0d0040aa..e6a137e2f28 100644 --- a/deploy/helm/elastic-agent/examples/netflow-service/agent-netflow-values.yaml +++ b/deploy/helm/elastic-agent/examples/netflow-service/agent-netflow-values.yaml @@ -3,6 +3,9 @@ outputs: type: ESSecretAuthAPI secretName: es-api-secret +kube-state-metrics: + enabled: false + extraIntegrations: netflow: id: netflow-netflow-60a9d5b2-c611-4749-90bf-5e2443936c1d diff --git a/deploy/helm/elastic-agent/examples/nginx-custom-integration/README.md b/deploy/helm/elastic-agent/examples/nginx-custom-integration/README.md index 5b554a84c05..59506c28675 100644 --- a/deploy/helm/elastic-agent/examples/nginx-custom-integration/README.md +++ b/deploy/helm/elastic-agent/examples/nginx-custom-integration/README.md @@ -12,6 +12,12 @@ In this example we define a `nginx` custom integration alongside a custom agent 2. `nginx` integration assets are installed through Kibana +3. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` + ## Run: 1. Install Helm chart ```console diff --git a/deploy/helm/elastic-agent/examples/nginx-custom-integration/agent-nginx-values.yaml b/deploy/helm/elastic-agent/examples/nginx-custom-integration/agent-nginx-values.yaml index c39a168f75d..f2a6222f0d6 100644 --- a/deploy/helm/elastic-agent/examples/nginx-custom-integration/agent-nginx-values.yaml +++ b/deploy/helm/elastic-agent/examples/nginx-custom-integration/agent-nginx-values.yaml @@ -1,6 +1,9 @@ kubernetes: enabled: false +kube-state-metrics: + enabled: false + extraIntegrations: nginx/metrics: id: nginx/metrics-nginx-69240207-6fcc-4d19-aee3-dbf716e3bb0f diff --git a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/README.md b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/README.md index 69f45ba1429..04509654265 100644 --- a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/README.md +++ b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/README.md @@ -12,6 +12,12 @@ In this example we install the built-in `system` integration and specify custom 2. `system` integration assets installed through Kibana ([Kibana - Install and uninstall Elastic Agent integration assets](https://www.elastic.co/guide/en/fleet/current/install-uninstall-integration-assets.html)) +3. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` + ## Run: ```console helm install elastic-agent ../../ \ diff --git a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/agent-system-values.yaml b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/agent-system-values.yaml index 008661c689f..342df9ffc02 100644 --- a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/agent-system-values.yaml +++ b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/agent-system-values.yaml @@ -10,5 +10,7 @@ system: - /var/log/custom_syslog.log kubernetes: enabled: false +kube-state-metrics: + enabled: false agent: unprivileged: true diff --git a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml index 36c0fed2f74..9c30ccc5da0 100644 --- a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml @@ -338,24 +338,24 @@ spec: runAsGroup: 1000 runAsUser: 1000 volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - mountPath: /var/lib/docker/containers name: varlibdockercontainers readOnly: true - mountPath: /var/log name: varlog readOnly: true - - mountPath: /hostfs/etc - name: etc-full + - mountPath: /hostfs/proc + name: proc + readOnly: true + - mountPath: /hostfs/sys/fs/cgroup + name: cgroup readOnly: true - mountPath: /hostfs/var/lib name: var-lib readOnly: true + - mountPath: /hostfs/etc + name: etc-full + readOnly: true - mountPath: /usr/share/elastic-agent/state name: agent-data - mountPath: /etc/elastic-agent/agent.yml @@ -368,18 +368,18 @@ spec: kubernetes.io/os: linux serviceAccountName: agent-pernode-example volumes: - - hostPath: - path: /proc - name: proc - - hostPath: - path: /sys/fs/cgroup - name: cgroup - hostPath: path: /var/lib/docker/containers name: varlibdockercontainers - hostPath: path: /var/log name: varlog + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys/fs/cgroup + name: cgroup - hostPath: path: /etc name: etc-full diff --git a/deploy/helm/elastic-agent/examples/user-cluster-role/README.md b/deploy/helm/elastic-agent/examples/user-cluster-role/README.md index c0ec7be31ef..bf5c2ef80a7 100644 --- a/deploy/helm/elastic-agent/examples/user-cluster-role/README.md +++ b/deploy/helm/elastic-agent/examples/user-cluster-role/README.md @@ -18,6 +18,12 @@ In this example we define a `nginx` custom integration alongside a custom agent kubectl create clusterrole user-cr --verb=get,list,watch --resource=pods,namespaces,nodes,replicasets,jobs ``` +4. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` + ## Run: 1. Install Helm chart ```console diff --git a/deploy/helm/elastic-agent/examples/user-cluster-role/agent-nginx-values.yaml b/deploy/helm/elastic-agent/examples/user-cluster-role/agent-nginx-values.yaml index f127b3cdfd3..3333e5a1c27 100644 --- a/deploy/helm/elastic-agent/examples/user-cluster-role/agent-nginx-values.yaml +++ b/deploy/helm/elastic-agent/examples/user-cluster-role/agent-nginx-values.yaml @@ -1,6 +1,9 @@ kubernetes: enabled: false +kube-state-metrics: + enabled: false + extraIntegrations: nginx/metrics: id: nginx/metrics-nginx-69240207-6fcc-4d19-aee3-dbf716e3bb0f diff --git a/deploy/helm/elastic-agent/examples/user-service-account/README.md b/deploy/helm/elastic-agent/examples/user-service-account/README.md index 749c2b07096..01d41ece3ab 100644 --- a/deploy/helm/elastic-agent/examples/user-service-account/README.md +++ b/deploy/helm/elastic-agent/examples/user-service-account/README.md @@ -17,6 +17,12 @@ In this example we install the built-in `kubernetes` integration with the defaul kubectl create serviceaccount user-sa ``` +4. Build the dependencies of the Helm chart + ```console + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm dependency build ../../ + ``` + ## Run: ```console helm install elastic-agent ../../ \ diff --git a/deploy/helm/elastic-agent/examples/user-service-account/agent-kubernetes-values.yaml b/deploy/helm/elastic-agent/examples/user-service-account/agent-kubernetes-values.yaml index 2d3c71866f3..fccf89691a5 100644 --- a/deploy/helm/elastic-agent/examples/user-service-account/agent-kubernetes-values.yaml +++ b/deploy/helm/elastic-agent/examples/user-service-account/agent-kubernetes-values.yaml @@ -18,10 +18,3 @@ agent: clusterRole: annotations: elastic-agent.k8s.elastic.co/cr: nginx - ksmSharded: - serviceAccount: - create: false - name: user-sa-ksmSharded - clusterRole: - annotations: - elastic-agent.k8s.elastic.co/cr: nginx diff --git a/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml index e65bba5f7a4..475031a59be 100644 --- a/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml @@ -1,4 +1,20 @@ --- +# Source: elastic-agent/charts/kube-state-metrics/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics + namespace: default +--- # Source: elastic-agent/templates/agent/k8s/secret.yaml apiVersion: v1 kind: Secret @@ -48,295 +64,186 @@ stringData: - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt type: kubernetes/metrics use_output: default - providers: - kubernetes: - node: ${NODE_NAME} - scope: cluster - kubernetes_leaderelection: - enabled: true - leader_lease: example-clusterwide ---- -# Source: elastic-agent/templates/agent/k8s/secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: agent-ksmsharded-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent - app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 -stringData: - - agent.yml: |- - id: agent-ksmsharded-example - outputs: - default: - hosts: - - http://elasticsearch:9200 - password: changeme - type: elasticsearch - username: elastic - secret_references: [] - agent: - monitoring: - enabled: true - logs: true - metrics: true - namespace: default - use_output: default - inputs: - data_stream: namespace: default - id: kubernetes/metrics-kubernetes.state_container + id: kube-state-metrics-kubernetes/metrics streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_container type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_container metricsets: - state_container period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_cronjob - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_cronjob type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_cronjob metricsets: - state_cronjob period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_daemonset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_daemonset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_daemonset metricsets: - state_daemonset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_deployment - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_deployment type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_deployment metricsets: - state_deployment period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_job - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_job type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_job metricsets: - state_job period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_namespace - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_namespace type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_namespace metricsets: - state_namespace period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_node - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_node type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_node metricsets: - state_node period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_persistentvolumeclaim type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim metricsets: - state_persistentvolumeclaim period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_persistentvolume - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_persistentvolume type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_persistentvolume metricsets: - state_persistentvolume period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_pod - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_pod type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_pod metricsets: - state_pod period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_replicaset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_replicaset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_replicaset metricsets: - state_replicaset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_resourcequota - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_resourcequota type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_resourcequota metricsets: - state_resourcequota period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_service - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_service type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_service metricsets: - state_service period: 10s - use_output: default - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_statefulset - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_statefulset type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_statefulset metricsets: - state_statefulset period: 10s - type: kubernetes/metrics - use_output: default - - data_stream: - namespace: default - id: kubernetes/metrics-kubernetes.state_storageclass - streams: - add_metadata: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + condition: ${kubernetes_leaderelection.leader} == true data_stream: dataset: kubernetes.state_storageclass type: metrics hosts: - - localhost:8080 + - kube-state-metrics:8080 id: kubernetes/metrics-kubernetes.state_storageclass metricsets: - state_storageclass @@ -345,10 +252,11 @@ stringData: use_output: default providers: kubernetes: - enabled: false + node: ${NODE_NAME} + scope: cluster kubernetes_leaderelection: - enabled: false - leader_lease: example-ksmsharded + enabled: true + leader_lease: example-clusterwide --- # Source: elastic-agent/templates/agent/k8s/secret.yaml apiVersion: v1 @@ -533,135 +441,166 @@ stringData: enabled: false leader_lease: example-pernode --- -# Source: elastic-agent/templates/agent/cluster-role.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: agent-clusterWide-example-default - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 - annotations: - elastic-agent.k8s.elastic.co/cr: nginx + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics rules: - - apiGroups: [ "" ] # "" indicates the core API group - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - - persistentvolumes - - persistentvolumeclaims - - persistentvolumeclaims/status - - nodes/metrics - - nodes/proxy - - nodes/stats - verbs: - - get - - watch - - list - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - watch - - list - - nonResourceURLs: - - /metrics - verbs: - - get - - watch - - list - - apiGroups: [ "coordination.k8s.io" ] - resources: - - leases - verbs: - - get - - create - - update - - nonResourceURLs: - - /healthz - - /healthz/* - - /livez - - /livez/* - - /metrics - - /metrics/slis - - /readyz - - /readyz/* - verbs: - - get - - apiGroups: [ "apps" ] - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: [ "batch" ] - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - - namespaces - - pods - verbs: - - get - - watch - - list - - nonResourceURLs: - - /metrics - verbs: - - get - - watch - - list - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - verbs: - - get - - list - - watch + +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] + +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] + +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] + +- apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] + +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] + +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] + +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] + +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] + +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] + +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] + +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] --- # Source: elastic-agent/templates/agent/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default labels: helm.sh/chart: elastic-agent-8.18.0-beta app.kubernetes.io/name: elastic-agent @@ -738,157 +677,6 @@ rules: - get - list - watch - - apiGroups: - - "" - resources: - - namespaces - - pods - - persistentvolumes - - persistentvolumeclaims - - persistentvolumeclaims/status - - nodes - - nodes/metrics - - nodes/proxy - - nodes/stats - - services - - events - - configmaps - - secrets - - nodes - - pods - - services - - serviceaccounts - - resourcequotas - - replicationcontrollers - - limitranges - - endpoints - verbs: - - get - - watch - - list - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - get - - watch - - list - - nonResourceURLs: - - /healthz - - /healthz/* - - /livez - - /livez/* - - /metrics - - /metrics/slis - - /readyz - - /readyz/* - verbs: - - get - - apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingressclasses - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: - - get - - list - - watch --- # Source: elastic-agent/templates/agent/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -972,30 +760,33 @@ rules: - list - watch --- -# Source: elastic-agent/templates/agent/cluster-role-binding.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: agent-clusterWide-example-default - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 -subjects: - - kind: ServiceAccount - name: user-sa-clusterWide - namespace: "default" + app.kubernetes.io/version: "2.14.0" + name: kube-state-metrics roleRef: - kind: ClusterRole - name: agent-clusterWide-example-default apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: +- kind: ServiceAccount + name: kube-state-metrics + namespace: default --- # Source: elastic-agent/templates/agent/cluster-role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default labels: helm.sh/chart: elastic-agent-8.18.0-beta app.kubernetes.io/name: elastic-agent @@ -1003,11 +794,11 @@ metadata: app.kubernetes.io/version: 8.18.0 subjects: - kind: ServiceAccount - name: user-sa-ksmSharded + name: user-sa-clusterWide namespace: "default" roleRef: kind: ClusterRole - name: agent-ksmSharded-example-default + name: agent-clusterWide-example-default apiGroup: rbac.authorization.k8s.io --- # Source: elastic-agent/templates/agent/cluster-role-binding.yaml @@ -1029,6 +820,34 @@ roleRef: name: agent-perNode-example-default apiGroup: rbac.authorization.k8s.io --- +# Source: elastic-agent/charts/kube-state-metrics/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" + annotations: + prometheus.io/scrape: 'true' +spec: + type: "ClusterIP" + ports: + - name: "http" + protocol: TCP + port: 8080 + targetPort: 8080 + + selector: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example +--- # Source: elastic-agent/templates/agent/k8s/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet @@ -1092,24 +911,12 @@ spec: runAsGroup: 1000 runAsUser: 1000 volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - mountPath: /var/lib/docker/containers name: varlibdockercontainers readOnly: true - mountPath: /var/log name: varlog readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - mountPath: /usr/share/elastic-agent/state name: agent-data - mountPath: /etc/elastic-agent/agent.yml @@ -1122,24 +929,12 @@ spec: kubernetes.io/os: linux serviceAccountName: user-sa-perNode volumes: - - hostPath: - path: /proc - name: proc - - hostPath: - path: /sys/fs/cgroup - name: cgroup - hostPath: path: /var/lib/docker/containers name: varlibdockercontainers - hostPath: path: /var/log name: varlog - - hostPath: - path: /etc - name: etc-full - - hostPath: - path: /var/lib - name: var-lib - hostPath: path: /etc/elastic-agent/default/agent-pernode-example/state type: DirectoryOrCreate @@ -1149,92 +944,96 @@ spec: defaultMode: 292 secretName: agent-pernode-example --- -# Source: elastic-agent/templates/agent/k8s/deployment.yaml +# Source: elastic-agent/charts/kube-state-metrics/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: agent-clusterwide-example - namespace: "default" - labels: - helm.sh/chart: elastic-agent-8.18.0-beta - app.kubernetes.io/name: elastic-agent + name: kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.18.0 + app.kubernetes.io/version: "2.14.0" spec: selector: - matchLabels: - name: agent-clusterwide-example + matchLabels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + replicas: 1 + strategy: + type: RollingUpdate + revisionHistoryLimit: 10 template: metadata: - labels: - name: agent-clusterwide-example - annotations: - checksum/config: 97e62ed0d731dea2ecadf31b0a7b4160db1b8a253589b7324f3a381af2519591 + labels: + helm.sh/chart: kube-state-metrics-5.28.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: example + app.kubernetes.io/version: "2.14.0" spec: automountServiceAccountToken: true + hostNetwork: false + serviceAccountName: kube-state-metrics + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault containers: - - args: - - -c - - /etc/elastic-agent/agent.yml - - -e - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: /usr/share/elastic-agent/state - - name: ELASTIC_NETINFO - value: "false" - image: docker.elastic.co/beats/elastic-agent:8.18.0-SNAPSHOT + - name: kube-state-metrics + args: + - --port=8080 + - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments imagePullPolicy: IfNotPresent - name: agent + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0 + ports: + - containerPort: 8080 + name: "http" + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi + {} securityContext: + allowPrivilegeEscalation: false capabilities: - add: - - CHOWN - - SETPCAP - - DAC_READ_SEARCH - - SYS_PTRACE drop: - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - volumeMounts: - - mountPath: /usr/share/elastic-agent/state - name: agent-data - - mountPath: /etc/elastic-agent/agent.yml - name: config - readOnly: true - subPath: agent.yml - dnsPolicy: ClusterFirstWithHostNet - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: user-sa-clusterWide - volumes: - - emptyDir: {} - name: agent-data - - name: config - secret: - defaultMode: 292 - secretName: agent-clusterwide-example + readOnlyRootFilesystem: true --- -# Source: elastic-agent/templates/agent/k8s/statefulset.yaml +# Source: elastic-agent/templates/agent/k8s/deployment.yaml apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: - name: agent-ksmsharded-example + name: agent-clusterwide-example namespace: "default" labels: helm.sh/chart: elastic-agent-8.18.0-beta @@ -1244,57 +1043,16 @@ metadata: spec: selector: matchLabels: - name: agent-ksmsharded-example + name: agent-clusterwide-example template: metadata: labels: - name: agent-ksmsharded-example + name: agent-clusterwide-example annotations: - checksum/config: 3b64edf7317419b11b0aef4cd10cad04037b7bc0b6866da25871b47b41c04490 + checksum/config: d5c563235f87ab23840416f6679b42b15c094cf361b8794d087b4fdfb8285b4b spec: automountServiceAccountToken: true containers: - - args: - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry - readinessProbe: - httpGet: - path: / - port: 8081 - initialDelaySeconds: 5 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - args: - -c - /etc/elastic-agent/agent.yml @@ -1343,11 +1101,11 @@ spec: dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux - serviceAccountName: user-sa-ksmSharded + serviceAccountName: user-sa-clusterWide volumes: - emptyDir: {} name: agent-data - name: config secret: defaultMode: 292 - secretName: agent-ksmsharded-example + secretName: agent-clusterwide-example diff --git a/deploy/helm/elastic-agent/templates/NOTES.txt b/deploy/helm/elastic-agent/templates/NOTES.txt index 61a13a819b3..09abcd6886e 100644 --- a/deploy/helm/elastic-agent/templates/NOTES.txt +++ b/deploy/helm/elastic-agent/templates/NOTES.txt @@ -13,6 +13,15 @@ Installed agent: {{- end }} {{- end }} +{{ if eq (index $.Values "kube-state-metrics" "enabled") true -}} +Installed kube-state-metrics at "{{ $.Release.Namespace }}" namespace. +{{- if eq $.Values.kubernetes.enabled true -}} +{{- if eq $.Values.kubernetes.state.agentAsSidecar.enabled true }} + - elastic-agent runs as a sidecar container +{{- end }} +{{- end }} +{{- end }} + {{ if eq $.Values.agent.fleet.enabled false -}} Installed integrations: {{- if eq $.Values.kubernetes.enabled true }} diff --git a/deploy/helm/elastic-agent/templates/agent/_helpers.tpl b/deploy/helm/elastic-agent/templates/agent/_helpers.tpl index 9832dea7b25..563664f8866 100644 --- a/deploy/helm/elastic-agent/templates/agent/_helpers.tpl +++ b/deploy/helm/elastic-agent/templates/agent/_helpers.tpl @@ -46,8 +46,10 @@ Validate fleet configuration {{- if eq $.Values.agent.fleet.enabled true -}} {{/* check if the preset exists */}} {{- $fleetPresetName := $.Values.agent.fleet.preset -}} +{{- if $fleetPresetName -}} {{- $fleetPresetVal := get $.Values.agent.presets $fleetPresetName -}} {{- $_ := required (printf "preset with name \"%s\" of fleet not defined" $fleetPresetName) $fleetPresetVal -}} +{{- end -}} {{/* disable all presets except the fleet one */}} {{- range $presetName, $presetVal := $.Values.agent.presets}} {{- if ne $presetName $fleetPresetName -}} @@ -84,6 +86,8 @@ Validate and initialise the defined agent presets */}} {{- define "elasticagent.init.presets" -}} {{- $ := . -}} +{{- include "elasticagent.presets.pernode.init" $ -}} +{{- include "elasticagent.presets.ksm.sidecar.init" $ -}} {{- range $presetName, $presetVal := $.Values.agent.presets -}} {{- include "elasticagent.preset.mutate.unprivileged" (list $ $presetVal) -}} {{- include "elasticagent.preset.mutate.fleet" (list $ $presetVal) -}} @@ -221,20 +225,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Values.agent.version}} {{- end }} -{{- define "elasticagent.preset.applyOnce" -}} -{{- $ := index . 0 -}} -{{- $preset := index . 1 -}} -{{- $templateName := index . 2 -}} -{{- if not (hasKey $preset "_appliedMutationTemplates") -}} -{{- $_ := set $preset "_appliedMutationTemplates" dict }} -{{- end -}} -{{- $appliedMutationTemplates := get $preset "_appliedMutationTemplates" -}} -{{- if not (hasKey $appliedMutationTemplates $templateName) -}} -{{- include $templateName $ -}} -{{- $_ := set $appliedMutationTemplates $templateName dict}} -{{- end -}} -{{- end -}} - {{- define "elasticagent.preset.mutate.inputs" -}} {{- $ := index . 0 -}} {{- $preset := index . 1 -}} @@ -245,9 +235,8 @@ app.kubernetes.io/version: {{ .Values.agent.version}} {{- end -}} {{- define "elasticagent.preset.mutate.securityContext.capabilities.add" -}} -{{- $ := index . 0 -}} -{{- $preset := index . 1 -}} -{{- $templateName := index . 2 -}} +{{- $preset := index . 0 -}} +{{- $capabilities := index . 1 -}} {{- if not (hasKey $preset "securityContext") -}} {{- $_ := set $preset "securityContext" dict }} {{- end -}} @@ -260,15 +249,14 @@ app.kubernetes.io/version: {{ .Values.agent.version}} {{- $_ := set $presetSecurityContextCapabilities "add" list }} {{- end -}} {{- $presetSecurityContextCapabilitiesAdd := get $presetSecurityContextCapabilities "add" }} -{{- $capabilitiesAddToAdd := dig "securityContext" "capabilities" "add" (list) (include $templateName $ | fromYaml) -}} +{{- $capabilitiesAddToAdd := dig "securityContext" "capabilities" "add" (list) $capabilities -}} {{- $presetSecurityContextCapabilitiesAdd = uniq (concat $presetSecurityContextCapabilitiesAdd $capabilitiesAddToAdd) -}} {{- $_ := set $presetSecurityContextCapabilities "add" $presetSecurityContextCapabilitiesAdd -}} {{- end -}} {{- define "elasticagent.preset.mutate.providers.kubernetes.hints" -}} -{{- $ := index . 0 -}} -{{- $preset := index . 1 -}} -{{- $templateName := index . 2 -}} +{{- $preset := index . 0 -}} +{{- $providers := index . 1 -}} {{- if not (hasKey $preset "providers") -}} {{- $_ := set $preset "providers" dict }} {{- end -}} @@ -281,23 +269,11 @@ app.kubernetes.io/version: {{ .Values.agent.version}} {{- $_ := set $presetProvidersKubernetes "hints" dict }} {{- end -}} {{- $presetProvidersKubernetesHints := get $presetProvidersKubernetes "hints" }} -{{- $presetProvidersKubernetesHintsToAdd := dig "providers" "kubernetes" "hints" (dict) (include $templateName $ | fromYaml) -}} +{{- $presetProvidersKubernetesHintsToAdd := dig "providers" "kubernetes" "hints" (dict) $providers -}} {{- $presetProvidersKubernetesHints = merge $presetProvidersKubernetesHintsToAdd $presetProvidersKubernetesHints -}} {{- $_ := set $presetProvidersKubernetes "hints" $presetProvidersKubernetesHints -}} {{- end -}} -{{- define "elasticagent.preset.mutate.rules" -}} -{{- $ := index . 0 -}} -{{- $preset := index . 1 -}} -{{- $templateName := index . 2 -}} -{{- if eq ($preset).clusterRole.create true -}} -{{- $presetClusterRoleRules := dig "rules" (list) ($preset).clusterRole -}} -{{- $rulesToAdd := get (include $templateName $ | fromYaml) "rules" -}} -{{- $presetClusterRoleRules = uniq (concat $presetClusterRoleRules $rulesToAdd) -}} -{{- $_ := set ($preset).clusterRole "rules" $presetClusterRoleRules -}} -{{- end -}} -{{- end -}} - {{- define "elasticagent.preset.mutate.annotations" -}} {{- $ := index . 0 -}} {{- $preset := index . 1 -}} @@ -307,54 +283,29 @@ app.kubernetes.io/version: {{ .Values.agent.version}} {{- $_ := set $preset "annotations" $presetAnnotations -}} {{- end -}} -{{- define "elasticagent.preset.mutate.containers" -}} -{{- $ := index . 0 -}} -{{- $preset := index . 1 -}} -{{- $templateName := index . 2 -}} -{{- $presetContainers := dig "extraContainers" (list) $preset -}} -{{- $containersToAdd := get (include $templateName $ | fromYaml) "extraContainers"}} -{{- $presetContainers = uniq (concat $presetContainers $containersToAdd) -}} -{{- $_ := set $preset "extraContainers" $presetContainers -}} -{{- end -}} - {{- define "elasticagent.preset.mutate.tolerations" -}} -{{- $ := index . 0 -}} -{{- $preset := index . 1 -}} -{{- $templateName := index . 2 -}} -{{- $tolerationsToAdd := dig "tolerations" (list) (include $templateName $ | fromYaml) }} -{{- if $tolerationsToAdd -}} +{{- $preset := index . 0 -}} +{{- $tolerations := index . 1 -}} +{{- $tolerationsToAdd := dig "tolerations" (list) (include $tolerations $ | fromYaml) }} {{- $presetTolerations := dig "tolerations" (list) $preset -}} {{- $presetTolerations = uniq (concat $presetTolerations $tolerationsToAdd) -}} {{- $_ := set $preset "tolerations" $tolerationsToAdd -}} {{- end -}} -{{- end -}} - -{{- define "elasticagent.preset.mutate.initcontainers" -}} -{{- $ := index . 0 -}} -{{- $preset := index . 1 -}} -{{- $templateName := index . 2 -}} -{{- $presetInitContainers := dig "initContainers" (list) $preset -}} -{{- $initContainersToAdd := get (include $templateName $ | fromYaml) "initContainers"}} -{{- $presetInitContainers = uniq (concat $presetInitContainers $initContainersToAdd) -}} -{{- $_ := set $preset "initContainers" $presetInitContainers -}} -{{- end -}} {{- define "elasticagent.preset.mutate.volumes" -}} -{{- $ := index . 0 -}} -{{- $preset := index . 1 -}} -{{- $templateName := index . 2 -}} +{{- $preset := index . 0 -}} +{{- $volumes := index . 1 -}} {{- $presetVolumes := dig "extraVolumes" (list) $preset -}} -{{- $volumesToAdd := get (include $templateName $ | fromYaml) "extraVolumes"}} +{{- $volumesToAdd := dig "extraVolumes" (list) $volumes -}} {{- $presetVolumes = uniq (concat $presetVolumes $volumesToAdd) -}} {{- $_ := set $preset "extraVolumes" $presetVolumes -}} {{- end -}} {{- define "elasticagent.preset.mutate.volumemounts" -}} -{{- $ := index . 0 -}} -{{- $preset := index . 1 -}} -{{- $templateName := index . 2 -}} +{{- $preset := index . 0 -}} +{{- $volumeMounts := index . 1 -}} {{- $presetVolumeMounts := dig "extraVolumeMounts" (list) $preset -}} -{{- $volumeMountsToAdd := get (include $templateName $ | fromYaml) "extraVolumeMounts"}} +{{- $volumeMountsToAdd := dig "extraVolumeMounts" (list) $volumeMounts}} {{- $presetVolumeMounts = uniq (concat $presetVolumeMounts $volumeMountsToAdd) -}} {{- $_ := set $preset "extraVolumeMounts" $presetVolumeMounts -}} {{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes.tpl index b8af13d2116..4f69a6ee885 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes.tpl @@ -1,22 +1,8 @@ {{- define "elasticagent.kubernetes.init" -}} {{- if eq $.Values.kubernetes.enabled true -}} {{- include "elasticagent.kubernetes.config.kube_apiserver.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.containers.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.cronjobs.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.daemonsets.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.deployments.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.jobs.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.namespaces.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.nodes.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.persistentvolumeclaims.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.persistentvolumes.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.pods.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.replicasets.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.resourcequotas.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.services.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.statefulsets.init" $ -}} -{{- include "elasticagent.kubernetes.config.state.storageclasses.init" $ -}} {{- include "elasticagent.kubernetes.config.kube_controller.init" $ -}} +{{- include "elasticagent.kubernetes.config.state.init" $ -}} {{- include "elasticagent.kubernetes.config.audit_logs.init" $ -}} {{- include "elasticagent.kubernetes.config.container_logs.init" $ -}} {{- include "elasticagent.kubernetes.config.kubelet.containers.init" $ -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_apiserver.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_apiserver.tpl index 34865f2c22c..8854359a835 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_apiserver.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_apiserver.tpl @@ -3,7 +3,6 @@ {{- $preset := $.Values.agent.presets.clusterWide -}} {{- $inputVal := (include "elasticagent.kubernetes.config.kube_apiserver.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.clusterwide.preset") -}} {{- end -}} {{- end -}} @@ -38,4 +37,4 @@ period: "30s" bearer_token_file: '/var/run/secrets/kubernetes.io/serviceaccount/token' ssl.certificate_authorities: - '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_controller_manager.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_controller_manager.tpl index 2010611a30b..9a5e7340fee 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_controller_manager.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_controller_manager.tpl @@ -3,7 +3,6 @@ {{- $preset := $.Values.agent.presets.perNode -}} {{- $inputVal := (include "elasticagent.kubernetes.config.kube_controller.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_hints.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_hints.tpl deleted file mode 100644 index 4388990db4d..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_hints.tpl +++ /dev/null @@ -1,2 +0,0 @@ -{{- define "elasticagent.kubernetes.config.hints.init" -}} -{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_containers.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_containers.tpl index 1a89f99158d..705871a9505 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_containers.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_containers.tpl @@ -6,7 +6,6 @@ {{- $preset := $.Values.agent.presets.perNode -}} {{- $inputVal := (include "elasticagent.kubernetes.config.kubelet.containers.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} {{- end -}} @@ -35,4 +34,4 @@ hosts: period: "10s" bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" ssl.verification_mode: "none" -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_nodes.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_nodes.tpl index 60cf95422f2..5c60d6ed21a 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_nodes.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_nodes.tpl @@ -6,7 +6,6 @@ {{- $preset := $.Values.agent.presets.perNode -}} {{- $inputVal := (include "elasticagent.kubernetes.config.kubelet.nodes.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} {{- end -}} @@ -35,4 +34,4 @@ hosts: period: "10s" bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" ssl.verification_mode: "none" -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_pods.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_pods.tpl index ea3d189f6dc..f7b103f45ec 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_pods.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_pods.tpl @@ -6,7 +6,6 @@ {{- $preset := $.Values.agent.presets.perNode -}} {{- $inputVal := (include "elasticagent.kubernetes.config.kubelet.pods.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} {{- end -}} @@ -35,4 +34,4 @@ hosts: period: "10s" bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" ssl.verification_mode: "none" -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_system.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_system.tpl index fe60ce489c5..54cf9b2c460 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_system.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_system.tpl @@ -6,7 +6,6 @@ {{- $preset := $.Values.agent.presets.perNode -}} {{- $inputVal := (include "elasticagent.kubernetes.config.kubelet.system.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} {{- end -}} @@ -35,4 +34,4 @@ hosts: period: "10s" bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" ssl.verification_mode: "none" -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_volumes.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_volumes.tpl index 15eb328390f..e0767bb080d 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_volumes.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_kubelet_volumes.tpl @@ -6,7 +6,6 @@ {{- $preset := $.Values.agent.presets.perNode -}} {{- $inputVal := (include "elasticagent.kubernetes.config.kubelet.volumes.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} {{- end -}} @@ -35,4 +34,4 @@ hosts: period: "10s" bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token" ssl.verification_mode: "none" -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_logs_audit.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_logs_audit.tpl index f7d65037875..6dc6bc3ed91 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_logs_audit.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_logs_audit.tpl @@ -3,7 +3,6 @@ {{- $preset := $.Values.agent.presets.perNode -}} {{- $inputVal := (include "elasticagent.kubernetes.config.audit_logs.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_logs_containers.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_logs_containers.tpl index 55571edd729..bac1e2468cb 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_logs_containers.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_logs_containers.tpl @@ -3,7 +3,6 @@ {{- $preset := $.Values.agent.presets.perNode -}} {{- $inputVal := (include "elasticagent.kubernetes.config.container_logs.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_proxy.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_proxy.tpl index 2f95ad5dd35..5d5337a6fb5 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_proxy.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_proxy.tpl @@ -3,7 +3,6 @@ {{- $preset := $.Values.agent.presets.perNode -}} {{- $inputVal := (include "elasticagent.kubernetes.config.kube_proxy.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} @@ -18,12 +17,12 @@ Config input for kube proxy namespace: {{ .Values.kubernetes.namespace }} use_output: {{ .Values.kubernetes.output }} streams: - - id: kubernetes/metrics-kubernetes.proxy - data_stream: - type: metrics - dataset: kubernetes.proxy - metricsets: - - proxy + - id: kubernetes/metrics-kubernetes.proxy + data_stream: + type: metrics + dataset: kubernetes.proxy + metricsets: + - proxy {{- mergeOverwrite $vars .Values.kubernetes.proxy.vars | toYaml | nindent 4 }} {{- end -}} @@ -35,4 +34,4 @@ Defaults for kube_proxy input streams hosts: - "localhost:10249" period: "10s" -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_scheduler.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_scheduler.tpl index a5df70619a9..dbd70999523 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_scheduler.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_scheduler.tpl @@ -3,7 +3,6 @@ {{- $preset := $.Values.agent.presets.perNode -}} {{- $inputVal := (include "elasticagent.kubernetes.config.kube_scheduler.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state.tpl new file mode 100644 index 00000000000..c788db7d272 --- /dev/null +++ b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state.tpl @@ -0,0 +1,82 @@ +{{- define "elasticagent.kubernetes.config.state.init" -}} +{{- if or (eq (index $.Values "kube-state-metrics" "enabled") false) (eq $.Values.kubernetes.state.agentAsSidecar.enabled false) -}} +{{/* in standablone mode kube-state-metrics will be collected by the clusterWide preset */}} +{{- with (include "elasticagent.kubernetes.config.state.input" $ | fromYamlArray) -}} +{{- include "elasticagent.preset.mutate.inputs" (list $ $.Values.agent.presets.clusterWide .) -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "elasticagent.kubernetes.config.state.input" -}} +{{- if and (eq $.Values.agent.fleet.enabled false) (eq $.Values.kubernetes.state.enabled true) -}} +{{- $streams := dict -}} +{{- $_ := set $streams "containers" "state_container" -}} +{{- $_ := set $streams "cronjobs" "state_cronjob" -}} +{{- $_ := set $streams "daemonsets" "state_daemonset" -}} +{{- $_ := set $streams "deployments" "state_deployment" -}} +{{- $_ := set $streams "jobs" "state_job" -}} +{{- $_ := set $streams "namespaces" "state_namespace" -}} +{{- $_ := set $streams "nodes" "state_node" -}} +{{- $_ := set $streams "persistentvolumeclaims" "state_persistentvolumeclaim" -}} +{{- $_ := set $streams "persistentvolumes" "state_persistentvolume" -}} +{{- $_ := set $streams "pods" "state_pod" -}} +{{- $_ := set $streams "replicasets" "state_replicaset" -}} +{{- $_ := set $streams "resourcequotas" "state_resourcequota" -}} +{{- $_ := set $streams "services" "state_service" -}} +{{- $_ := set $streams "statefulsets" "state_statefulset" -}} +{{- $_ := set $streams "storageclasses" "state_storageclass" -}} +{{- $activeStreams := list}} +{{- range $streamKey, $streamMetricset := $streams -}} +{{- with include "elasticagent.kubernetes.config.state.stream" (list $ $streamKey $streamMetricset) | fromYamlArray -}} +{{- $activeStreams = concat $activeStreams . -}} +{{- end -}} +{{- end -}} +{{- with $activeStreams }} +- id: kube-state-metrics-kubernetes/metrics + type: kubernetes/metrics + data_stream: + namespace: {{ $.Values.kubernetes.namespace }} + use_output: {{ $.Values.kubernetes.output }} + streams: + {{- . | toYaml | nindent 4 }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "elasticagent.kubernetes.config.state.stream" -}} +{{- $ := index . 0 -}} +{{- $streamKey := index . 1 -}} +{{- $streamMetricSet := index . 2 -}} +{{- if eq (dig $streamKey "state" "enabled" false $.Values.kubernetes) true -}} +- id: kubernetes/metrics-kubernetes.{{$streamMetricSet}} + data_stream: + type: metrics + dataset: kubernetes.{{$streamMetricSet}} + metricsets: + - {{$streamMetricSet}} +{{- $defaults := (include "elasticagent.kubernetes.config.state.default_vars" $ ) | fromYaml -}} +{{- mergeOverwrite $defaults (dig $streamKey "state" "vars" dict $.Values.kubernetes) | toYaml | nindent 2 }} +{{- end -}} +{{- end -}} + +{{- define "elasticagent.kubernetes.config.state.default_vars" -}} +add_metadata: true +hosts: +{{- if eq (index $.Values "kube-state-metrics" "enabled") true -}} +{{- $port := dig "kube-state-metrics" "service" "port" "8080" $.Values.AsMap -}} +{{- if eq $.Values.kubernetes.state.agentAsSidecar.enabled true }} + - 'localhost:{{ $port }}' +{{- else }} +{{- $kubeStateChart := index $.Subcharts "kube-state-metrics" }} + - '{{include "kube-state-metrics.fullname" $kubeStateChart }}:{{ $port }}' +{{- end }} +{{- else }} + - {{ $.Values.kubernetes.state.host }} +{{- end }} +period: 10s +{{- if or (eq (index $.Values "kube-state-metrics" "enabled") false) (eq $.Values.kubernetes.state.agentAsSidecar.enabled false) }} +condition: '${kubernetes_leaderelection.leader} == true' +{{- end }} +bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- end -}} + diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_containers.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_containers.tpl deleted file mode 100644 index c098f7917ab..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_containers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.containers.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.containers.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.containers.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.containers.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.containers.input" -}} -- id: kubernetes/metrics-kubernetes.state_container - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_container - data_stream: - type: metrics - dataset: kubernetes.state_container - metricsets: - - state_container -{{- $defaults := (include "elasticagent.kubernetes.config.state.containers.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.containers.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.containers.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_cronjobs.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_cronjobs.tpl deleted file mode 100644 index 4353f2c1d43..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_cronjobs.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.cronjobs.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.cronjobs.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.cronjobs.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.cronjobs.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.cronjobs.input" -}} -- id: kubernetes/metrics-kubernetes.state_cronjob - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_cronjob - data_stream: - type: metrics - dataset: kubernetes.state_cronjob - metricsets: - - state_cronjob -{{- $defaults := (include "elasticagent.kubernetes.config.state.cronjobs.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.cronjobs.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.cronjobs.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_daemonsets.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_daemonsets.tpl deleted file mode 100644 index 7342e5e10fc..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_daemonsets.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.daemonsets.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.daemonsets.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.daemonsets.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.daemonsets.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.daemonsets.input" -}} -- id: kubernetes/metrics-kubernetes.state_daemonset - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_daemonset - data_stream: - type: metrics - dataset: kubernetes.state_daemonset - metricsets: - - state_daemonset -{{- $defaults := (include "elasticagent.kubernetes.config.state.daemonsets.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.daemonsets.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.daemonsets.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_deployments.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_deployments.tpl deleted file mode 100644 index 86747bffe34..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_deployments.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.deployments.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.deployments.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.deployments.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.deployments.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.deployments.input" -}} -- id: kubernetes/metrics-kubernetes.state_deployment - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_deployment - data_stream: - type: metrics - dataset: kubernetes.state_deployment - metricsets: - - state_deployment -{{- $defaults := (include "elasticagent.kubernetes.config.state.deployments.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.deployments.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.deployments.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_jobs.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_jobs.tpl deleted file mode 100644 index 43fdb812b23..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_jobs.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.jobs.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.jobs.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.jobs.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.jobs.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.jobs.input" -}} -- id: kubernetes/metrics-kubernetes.state_job - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_job - data_stream: - type: metrics - dataset: kubernetes.state_job - metricsets: - - state_job -{{- $defaults := (include "elasticagent.kubernetes.config.state.jobs.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.jobs.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.jobs.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_namespaces.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_namespaces.tpl deleted file mode 100644 index 962c0275dc0..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_namespaces.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.namespaces.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.namespaces.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.namespaces.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.namespaces.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.namespaces.input" -}} -- id: kubernetes/metrics-kubernetes.state_namespace - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_namespace - data_stream: - type: metrics - dataset: kubernetes.state_namespace - metricsets: - - state_namespace -{{- $defaults := (include "elasticagent.kubernetes.config.state.namespaces.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.namespaces.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.namespaces.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_nodes.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_nodes.tpl deleted file mode 100644 index c02b8aaafcd..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_nodes.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.nodes.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.nodes.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.nodes.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.nodes.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.nodes.input" -}} -- id: kubernetes/metrics-kubernetes.state_node - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_node - data_stream: - type: metrics - dataset: kubernetes.state_node - metricsets: - - state_node -{{- $defaults := (include "elasticagent.kubernetes.config.state.nodes.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.nodes.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.nodes.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_persistentvolumeclaims.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_persistentvolumeclaims.tpl deleted file mode 100644 index 72b6c6a8055..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_persistentvolumeclaims.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.persistentvolumeclaims.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.persistentvolumeclaims.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.persistentvolumeclaims.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.persistentvolumeclaims.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.persistentvolumeclaims.input" -}} -- id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_persistentvolumeclaim - data_stream: - type: metrics - dataset: kubernetes.state_persistentvolumeclaim - metricsets: - - state_persistentvolumeclaim -{{- $defaults := (include "elasticagent.kubernetes.config.state.persistentvolumeclaims.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.persistentvolumeclaims.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.persistentvolumeclaims.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_persistentvolumes.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_persistentvolumes.tpl deleted file mode 100644 index f3372885152..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_persistentvolumes.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.persistentvolumes.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.persistentvolumes.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.persistentvolumes.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.persistentvolumes.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.persistentvolumes.input" -}} -- id: kubernetes/metrics-kubernetes.state_persistentvolume - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_persistentvolume - data_stream: - type: metrics - dataset: kubernetes.state_persistentvolume - metricsets: - - state_persistentvolume -{{- $defaults := (include "elasticagent.kubernetes.config.state.persistentvolumes.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.persistentvolumes.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.persistentvolumes.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_pods.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_pods.tpl deleted file mode 100644 index 09bacfb8fe1..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_pods.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.pods.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.pods.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.pods.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.pods.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.pods.input" -}} -- id: kubernetes/metrics-kubernetes.state_pod - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_pod - data_stream: - type: metrics - dataset: kubernetes.state_pod - metricsets: - - state_pod -{{- $defaults := (include "elasticagent.kubernetes.config.state.pods.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.pods.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.pods.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_replicasets.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_replicasets.tpl deleted file mode 100644 index 3f75dd75c10..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_replicasets.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.replicasets.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.replicasets.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.replicasets.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.replicasets.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.replicasets.input" -}} -- id: kubernetes/metrics-kubernetes.state_replicaset - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_replicaset - data_stream: - type: metrics - dataset: kubernetes.state_replicaset - metricsets: - - state_replicaset -{{- $defaults := (include "elasticagent.kubernetes.config.state.replicasets.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.replicasets.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.replicasets.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_resourcequotas.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_resourcequotas.tpl deleted file mode 100644 index e59ee9dd849..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_resourcequotas.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.resourcequotas.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.resourcequotas.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.resourcequotas.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.resourcequotas.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.resourcequotas.input" -}} -- id: kubernetes/metrics-kubernetes.state_resourcequota - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_resourcequota - data_stream: - type: metrics - dataset: kubernetes.state_resourcequota - metricsets: - - state_resourcequota -{{- $defaults := (include "elasticagent.kubernetes.config.state.resourcequotas.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.resourcequotas.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.resourcequotas.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_services.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_services.tpl deleted file mode 100644 index 801f457ae78..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_services.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.services.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.services.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.services.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.services.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.services.input" -}} -- id: kubernetes/metrics-kubernetes.state_service - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_service - data_stream: - type: metrics - dataset: kubernetes.state_service - use_output: {{ .Values.kubernetes.output }} - metricsets: - - state_service -{{- $defaults := (include "elasticagent.kubernetes.config.state.services.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.services.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.services.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_statefulsets.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_statefulsets.tpl deleted file mode 100644 index 2ce49126759..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_statefulsets.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.statefulsets.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.statefulsets.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.statefulsets.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.statefulsets.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.statefulsets.input" -}} -- id: kubernetes/metrics-kubernetes.state_statefulset - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_statefulset - data_stream: - type: metrics - dataset: kubernetes.state_statefulset - metricsets: - - state_statefulset -{{- $defaults := (include "elasticagent.kubernetes.config.state.statefulsets.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.statefulsets.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.statefulsets.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_storageclasses.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_storageclasses.tpl deleted file mode 100644 index 5035c189136..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_kubernetes_state_storageclasses.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{- define "elasticagent.kubernetes.config.state.storageclasses.init" -}} -{{- if eq ((.Values.kubernetes.state).enabled) false -}} -{{- $_ := set $.Values.kubernetes.storageclasses.state "enabled" false -}} -{{- else -}} -{{- if eq $.Values.kubernetes.storageclasses.state.enabled true -}} -{{- $preset := $.Values.agent.presets.clusterWide -}} -{{- if eq $.Values.kubernetes.state.deployKSM true -}} -{{- $preset = $.Values.agent.presets.ksmSharded -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.ksmsharded.preset") -}} -{{- end -}} -{{- $inputVal := (include "elasticagent.kubernetes.config.state.storageclasses.input" $ | fromYamlArray) -}} -{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.storageclasses.input" -}} -- id: kubernetes/metrics-kubernetes.state_storageclass - type: kubernetes/metrics - data_stream: - namespace: {{ $.Values.kubernetes.namespace }} - use_output: {{ $.Values.kubernetes.output }} - streams: - - id: kubernetes/metrics-kubernetes.state_storageclass - data_stream: - type: metrics - dataset: kubernetes.state_storageclass - metricsets: - - state_storageclass -{{- $defaults := (include "elasticagent.kubernetes.config.state.storageclasses.default_vars" $ ) | fromYaml -}} -{{- mergeOverwrite $defaults .Values.kubernetes.storageclasses.state.vars | toYaml | nindent 4 }} -{{- end -}} - -{{- define "elasticagent.kubernetes.config.state.storageclasses.default_vars" -}} -add_metadata: true -hosts: -{{- if eq $.Values.kubernetes.state.deployKSM true }} - - 'localhost:8080' -{{- else }} - - {{ $.Values.kubernetes.state.host }} -{{- end }} -period: 10s -{{- if eq $.Values.kubernetes.state.deployKSM false }} -condition: '${kubernetes_leaderelection.leader} == true' -{{- end }} -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_preset_clusterwide.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_preset_clusterwide.tpl deleted file mode 100644 index 758bea7ffc2..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_preset_clusterwide.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{- define "elasticagent.kubernetes.clusterwide.preset" -}} -{{- include "elasticagent.preset.mutate.rules" (list $ $.Values.agent.presets.clusterWide "elasticagent.kubernetes.clusterwide.preset.rules") -}} -{{- include "elasticagent.preset.mutate.outputs.byname" (list $ $.Values.agent.presets.clusterWide $.Values.kubernetes.output)}} -{{- end -}} - -{{- define "elasticagent.kubernetes.clusterwide.preset.rules" -}} -rules: -# minimum cluster role ruleset required by agent -- apiGroups: [ "" ] - resources: - - nodes - - namespaces - - pods - verbs: - - get - - watch - - list -- nonResourceURLs: - - /metrics - verbs: - - get - - watch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch -- apiGroups: [ "apps" ] - resources: - - replicasets - verbs: - - get - - list - - watch -- apiGroups: [ "batch" ] - resources: - - jobs - verbs: - - get - - list - - watch -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_preset_ksmsharded.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_preset_ksmsharded.tpl deleted file mode 100644 index d94e70f794a..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_preset_ksmsharded.tpl +++ /dev/null @@ -1,204 +0,0 @@ -{{- define "elasticagent.kubernetes.ksmsharded.preset" -}} -{{- include "elasticagent.preset.mutate.rules" (list $ $.Values.agent.presets.ksmSharded "elasticagent.kubernetes.ksmsharded.preset.rules") -}} -{{- include "elasticagent.preset.mutate.containers" (list $ $.Values.agent.presets.ksmSharded "elasticagent.kubernetes.ksmsharded.preset.containers") -}} -{{- include "elasticagent.preset.mutate.outputs.byname" (list $ $.Values.agent.presets.ksmSharded $.Values.kubernetes.output)}} -{{- end -}} - -{{- define "elasticagent.kubernetes.ksmsharded.preset.rules" -}} -rules: -- apiGroups: [""] # "" indicates the core API group - resources: - - namespaces - - pods - - persistentvolumes - - persistentvolumeclaims - - persistentvolumeclaims/status - - nodes - - nodes/metrics - - nodes/proxy - - nodes/stats - - services - - events - - configmaps - - secrets - - nodes - - pods - - services - - serviceaccounts - - resourcequotas - - replicationcontrollers - - limitranges - - endpoints - verbs: - - get - - watch - - list -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - get - - watch - - list -- nonResourceURLs: - - /healthz - - /healthz/* - - /livez - - /livez/* - - /metrics - - /metrics/slis - - /readyz - - /readyz/* - verbs: - - get -- apiGroups: ["apps"] - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingressclasses - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - update - - get - - list - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: - - get - - list - - watch -{{- end -}} - - - -{{- define "elasticagent.kubernetes.ksmsharded.preset.containers" -}} -extraContainers: - - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 - args: - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry - readinessProbe: - httpGet: - path: / - port: 8081 - initialDelaySeconds: 5 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault -{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_preset_pernode.tpl b/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_preset_pernode.tpl deleted file mode 100644 index 26a29356f4c..00000000000 --- a/deploy/helm/elastic-agent/templates/integrations/_kubernetes/_preset_pernode.tpl +++ /dev/null @@ -1,88 +0,0 @@ -{{- define "elasticagent.kubernetes.pernode.preset" -}} -{{- include "elasticagent.preset.mutate.volumemounts" (list $ $.Values.agent.presets.perNode "elasticagent.kubernetes.pernode.preset.volumemounts") -}} -{{- include "elasticagent.preset.mutate.volumes" (list $ $.Values.agent.presets.perNode "elasticagent.kubernetes.pernode.preset.volumes") -}} -{{- include "elasticagent.preset.mutate.outputs.byname" (list $ $.Values.agent.presets.perNode $.Values.kubernetes.output)}} -{{- if and (eq $.Values.kubernetes.hints.enabled true) (eq $.Values.agent.fleet.enabled false) -}} -{{- include "elasticagent.preset.mutate.providers.kubernetes.hints" (list $ $.Values.agent.presets.perNode "elasticagent.kubernetes.pernode.preset.providers.kubernetes.hints") -}} -{{- end -}} -{{- if or (eq $.Values.kubernetes.scheduler.enabled true) (eq $.Values.kubernetes.controller_manager.enabled true) -}} -{{- include "elasticagent.preset.mutate.tolerations" (list $ $.Values.agent.presets.perNode "elasticagent.kubernetes.pernode.preset.tolerations") -}} -{{- end -}} -{{- if eq $.Values.agent.unprivileged true -}} -{{- include "elasticagent.preset.mutate.securityContext.capabilities.add" (list $ $.Values.agent.presets.perNode "elasticagent.kubernetes.pernode.securityContext.capabilities.add") -}} -{{- end -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.pernode.preset.rules" -}} -{{- end -}} - -{{- define "elasticagent.kubernetes.pernode.preset.volumemounts" -}} -extraVolumeMounts: -- name: proc - mountPath: /hostfs/proc - readOnly: true -- name: cgroup - mountPath: /hostfs/sys/fs/cgroup - readOnly: true -- name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true -- name: varlog - mountPath: /var/log - readOnly: true -- name: etc-full - mountPath: /hostfs/etc - readOnly: true -- name: var-lib - mountPath: /hostfs/var/lib - readOnly: true -{{- end -}} - -{{- define "elasticagent.kubernetes.pernode.preset.volumes" -}} -extraVolumes: -- name: proc - hostPath: - path: /proc -- name: cgroup - hostPath: - path: /sys/fs/cgroup -- name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers -- name: varlog - hostPath: - path: /var/log -- name: etc-full - hostPath: - path: /etc -- name: var-lib - hostPath: - path: /var/lib -{{- end -}} - -{{- define "elasticagent.kubernetes.pernode.preset.providers.kubernetes.hints" -}} -providers: - kubernetes: - hints: - enabled: true -{{- if (eq $.Values.kubernetes.containers.logs.enabled false) }} - default_container_logs: true -{{- else }} - default_container_logs: false -{{- end }} -{{- end -}} - -{{- define "elasticagent.kubernetes.pernode.preset.tolerations" -}} -tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - - key: node-role.kubernetes.io/master - effect: NoSchedule -{{- end -}} - -{{- define "elasticagent.kubernetes.pernode.securityContext.capabilities.add" -}} -securityContext: - capabilities: - add: - - DAC_READ_SEARCH -{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_presets/_ksm_sidecar.tpl b/deploy/helm/elastic-agent/templates/integrations/_presets/_ksm_sidecar.tpl new file mode 100644 index 00000000000..25c9195ab47 --- /dev/null +++ b/deploy/helm/elastic-agent/templates/integrations/_presets/_ksm_sidecar.tpl @@ -0,0 +1,122 @@ +{{- define "elasticagent.presets.ksm.sidecar.init" -}} +{{- if and (eq $.Values.kubernetes.enabled true) (eq $.Values.kubernetes.state.enabled true) -}} +{{- if and (eq (index $.Values "kube-state-metrics" "enabled") true) (eq $.Values.kubernetes.state.agentAsSidecar.enabled true) -}} +{{- $config := print (include "elasticagent.kubernetes.config.state.input" $) | fromYamlArray -}} +{{- if or $config (eq $.Values.agent.fleet.enabled true) -}} +{{/* set up the kube-state-metrics chart values */}} +{{- $agentName := "agent-ksm" -}} +{{- $kubeStateChart := index $.Values "kube-state-metrics" -}} +{{- $agentContainer := print (include "elasticagent.presets.ksm.sidecar.container" $) | fromYaml }} +{{- $_ := set $kubeStateChart "containers" (list $agentContainer) -}} +{{- $agentConfigVolume := print (include "elasticagent.presets.ksm.sidecar.volume" (list $ $agentName)) | fromYaml }} +{{- $_ := set $kubeStateChart "volumes" (list $agentConfigVolume) -}} +{{- $_ := set $kubeStateChart "autosharding" (dict "enabled" true) }} +{{- with $.Values.agent.imagePullSecrets -}} +{{- $_ := set $kubeStateChart "imagePullSecrets" . -}} +{{- end -}} +{{- $secret := (include "elasticagent.presets.ksm.sidecar.secret" (list $ $agentName $config)) }} +{{- $_ := set $kubeStateChart "podAnnotations" (dict "checksum/config" ((print $secret) | sha256sum)) }} +{{- $_ := set $.Values.AsMap "kube-state-metrics" $kubeStateChart -}} +--- +{{ $secret }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "elasticagent.presets.ksm.sidecar.container" -}} +name: "agent" +{{- with $.Values.agent.image.pullPolicy }} +imagePullPolicy: {{ . }} +{{- end }} +{{- if $.Values.agent.image.tag }} +image: "{{ $.Values.agent.image.repository }}:{{ $.Values.agent.image.tag }}" +{{- else }} +image: "{{ $.Values.agent.image.repository }}:{{ $.Values.agent.version }}" +{{- end }} +args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] +{{- if eq $.Values.agent.unprivileged true }} +securityContext: + capabilities: + drop: + - ALL + add: + - CHOWN + - SETPCAP + - SYS_PTRACE + privileged: false + runAsGroup: 1000 + runAsUser: 1000 +{{- end }} +{{- with $.Values.kubernetes.state.agentAsSidecar.resources }} +resources: + {{- . | toYaml | nindent 2 }} +{{- end }} +volumeMounts: + - name: config + mountPath: /etc/elastic-agent/agent.yml + readOnly: true + subPath: agent.yml +env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: "/usr/share/elastic-agent/state" +{{- if eq $.Values.agent.fleet.enabled false -}} +{{- $outputName := $.Values.kubernetes.output -}} +{{- $ouputVal := get $.Values.outputs $.Values.kubernetes.output }} +{{- (include (printf "elasticagent.output.%s.preset.envvars" ($ouputVal).type) (list $ $outputName $ouputVal)) | nindent 2 }} +{{- else -}} +{{- $fleetEnvVars := dict}} +{{- include "elasticagent.preset.mutate.fleet" (list $ $fleetEnvVars) -}} +{{- with ($fleetEnvVars).extraEnvs -}} +{{- . | toYaml | nindent 2 }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "elasticagent.presets.ksm.sidecar.volume" -}} +{{- $ := index . 0 -}} +{{- $agentName := index . 1 -}} +name: config +secret: + defaultMode: 0444 + secretName: {{$agentName}} +{{- end -}} + +{{- define "elasticagent.presets.ksm.sidecar.secret" }} +{{- $ := index . 0 -}} +{{- $agentName := index . 1 -}} +{{- $streams := index . 2 -}} +{{- $outputName := $.Values.kubernetes.output -}} +{{- $ouputVal := get $.Values.outputs $outputName }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $agentName }} + namespace: {{ $.Release.Namespace | quote }} +stringData: + agent.yml: |- +{{- if eq $.Values.agent.fleet.enabled false }} + inputs: + {{- $streams | toYaml | nindent 6 }} + outputs: + {{- include (printf "elasticagent.output.%s.preset.config" $ouputVal.type) (list $ $outputName $ouputVal) | nindent 6 }} +{{- else }} + fleet: + enabled: true +{{- end }} + providers: + kubernetes: + enabled: false + kubernetes_leaderelection: + enabled: false + leader_lease: agent-ksm-sharded +{{- end }} diff --git a/deploy/helm/elastic-agent/templates/integrations/_presets/_pernode.tpl b/deploy/helm/elastic-agent/templates/integrations/_presets/_pernode.tpl new file mode 100644 index 00000000000..ba9199182d7 --- /dev/null +++ b/deploy/helm/elastic-agent/templates/integrations/_presets/_pernode.tpl @@ -0,0 +1,122 @@ +{{- define "elasticagent.presets.pernode.init" -}} +{{- with $.Values.agent.presets.perNode -}} +{{- $preset := . -}} +{{- $volumeMounts := (include "elasticagent.presets.pernode.volumemounts" $ | fromYaml) -}} +{{- with ($volumeMounts).extraVolumeMounts -}} +{{- include "elasticagent.preset.mutate.volumemounts" (list $preset $volumeMounts) -}} +{{- end -}} +{{- $volumes := (include "elasticagent.presets.pernode.volumes" $ | fromYaml) -}} +{{- with ($volumes).extraVolumes -}} +{{- include "elasticagent.preset.mutate.volumes" (list $preset $volumes) -}} +{{- end -}} +{{- $tolerations := (include "elasticagent.presets.pernode.tolerations" $ | fromYaml) -}} +{{- with ($tolerations).tolerations -}} +{{- include "elasticagent.preset.mutate.tolerations" (list $preset $tolerations ) -}} +{{- end -}} +{{- $capabilities := (include "elasticagent.presets.pernode.securityContext.capabilities.add" $ | fromYaml) -}} +{{- with ($capabilities).securityContext -}} +{{- include "elasticagent.preset.mutate.securityContext.capabilities.add" (list $preset $capabilities ) -}} +{{- end -}} +{{- if eq $.Values.agent.fleet.enabled false -}} +{{/* hints and outputs are supported only for standalone agents */}} +{{- $providers := (include "elasticagent.presets.pernode.providers.kubernetes.hints" $ | fromYaml) -}} +{{- with ($providers).providers -}} +{{- include "elasticagent.preset.mutate.providers.kubernetes.hints" (list $preset $providers ) -}} +{{- end -}} +{{- include "elasticagent.preset.mutate.outputs.byname" (list $ . $.Values.kubernetes.output)}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "elasticagent.presets.pernode.volumemounts" -}} +extraVolumeMounts: +{{- $k8sIntegrationLogs := and (eq $.Values.kubernetes.enabled true) (has true (pluck "enabled" $.Values.kubernetes.containers.logs $.Values.kubernetes.containers.audit_logs) ) }} +{{- $systemIntegrationLogs := and (eq $.Values.system.enabled true) (has true (pluck "enabled" $.Values.system.syslog $.Values.system.authLogs) ) }} +{{- if or $k8sIntegrationLogs $systemIntegrationLogs }} +- name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true +- name: varlog + mountPath: /var/log + readOnly: true +{{- end }} +{{- if and (eq $.Values.system.enabled true) (eq $.Values.system.metrics.enabled true) }} +- name: proc + mountPath: /hostfs/proc + readOnly: true +- name: cgroup + mountPath: /hostfs/sys/fs/cgroup + readOnly: true +- name: var-lib + mountPath: /hostfs/var/lib + readOnly: true +- name: etc-full + mountPath: /hostfs/etc + readOnly: true +{{- end }} +{{- end }} + +{{- define "elasticagent.presets.pernode.volumes" -}} +extraVolumes: +{{- $k8sIntegrationLogs := and (eq $.Values.kubernetes.enabled true) (has true (pluck "enabled" $.Values.kubernetes.containers.logs $.Values.kubernetes.containers.audit_logs) ) }} +{{- $systemIntegrationLogs := and (eq $.Values.system.enabled true) (has true (pluck "enabled" $.Values.system.syslog $.Values.system.authLogs) ) }} +{{- if or $k8sIntegrationLogs $systemIntegrationLogs }} +- name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers +- name: varlog + hostPath: + path: /var/log +{{- end }} +{{- if and (eq $.Values.system.enabled true) (eq $.Values.system.metrics.enabled true) }} +- name: proc + hostPath: + path: /proc +- name: cgroup + hostPath: + path: /sys/fs/cgroup +- name: etc-full + hostPath: + path: /etc +- name: var-lib + hostPath: + path: /var/lib +{{- end }} +{{- end -}} + +{{- define "elasticagent.presets.pernode.providers.kubernetes.hints" -}} +providers: +{{- if and (eq $.Values.kubernetes.enabled true) (eq $.Values.kubernetes.hints.enabled true) }} + kubernetes: + hints: + enabled: true +{{- if (eq $.Values.kubernetes.containers.logs.enabled false) }} + default_container_logs: true +{{- else }} + default_container_logs: false +{{- end }} +{{- end }} +{{- end -}} + +{{- define "elasticagent.presets.pernode.tolerations" -}} +tolerations: +{{- if and (eq $.Values.kubernetes.enabled true) (has true (pluck "enabled" $.Values.kubernetes.scheduler $.Values.kubernetes.controller_manager)) }} + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule +{{- end }} +{{- end -}} + +{{- define "elasticagent.presets.pernode.securityContext.capabilities.add" -}} +securityContext: +{{- if eq $.Values.agent.unprivileged true -}} +{{- $k8sIntegrationRead := and (eq $.Values.kubernetes.enabled true) (has true (pluck "enabled" $.Values.kubernetes.containers.logs $.Values.kubernetes.containers.audit_logs) ) }} +{{- $systemIntegrationRead := and (eq $.Values.system.enabled true) (has true (pluck "enabled" $.Values.system.syslog $.Values.system.authLogs $.Values.system.metrics) ) }} +{{- if or $k8sIntegrationRead $systemIntegrationRead }} + capabilities: + add: + - DAC_READ_SEARCH +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_system/_system_logs.tpl b/deploy/helm/elastic-agent/templates/integrations/_system/_system_logs.tpl index 60c5a403996..918ef677acf 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_system/_system_logs.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_system/_system_logs.tpl @@ -4,7 +4,6 @@ {{- $inputVal := (include "elasticagent.system.config.logs.input" $ | fromYaml) -}} {{- if ($inputVal).streams }} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset (list $inputVal)) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_system/_system_metrics.tpl b/deploy/helm/elastic-agent/templates/integrations/_system/_system_metrics.tpl index 0661020385e..9a2c30f1d09 100644 --- a/deploy/helm/elastic-agent/templates/integrations/_system/_system_metrics.tpl +++ b/deploy/helm/elastic-agent/templates/integrations/_system/_system_metrics.tpl @@ -3,7 +3,6 @@ {{- $preset := $.Values.agent.presets.perNode -}} {{- $inputVal := (include "elasticagent.system.config.metrics.input" $ | fromYamlArray) -}} {{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} -{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} {{- end -}} {{- end -}} diff --git a/deploy/helm/elastic-agent/values.schema.json b/deploy/helm/elastic-agent/values.schema.json index f9b473cab5b..509f2812227 100644 --- a/deploy/helm/elastic-agent/values.schema.json +++ b/deploy/helm/elastic-agent/values.schema.json @@ -116,13 +116,9 @@ "type": "boolean", "description": "Enable state streams based on kube-state-metrics." }, - "deployKSM": { - "type": "boolean", - "description": "Deploy kube-state-metrics service as a sidecar container." - }, "host": { "type": "string", - "description": "Host of the kube-state-metrics service, used when deployKSM is set to false." + "description": "Host of the kube-state-metrics service, used when kube-state-metrics.enabled is set to false." }, "vars": { "type": "object", @@ -130,27 +126,8 @@ } }, "required": [ - "enabled", - "deployKSM" - ], - "if": { - "properties": { - "deployKSM": { - "const": false - } - } - }, - "then": { - "properties": { - "host": { - "type": "string", - "format": "uri" - } - }, - "required": [ - "host" - ] - } + "enabled" + ] }, "metrics": { "type": "object", @@ -413,8 +390,7 @@ ], "properties": { "preset": { - "type": "string", - "minLength": 1 + "type": "string" }, "url": { "type": "string", @@ -436,8 +412,7 @@ ], "properties": { "preset": { - "type": "string", - "minLength": 1 + "type": "string" }, "url": { "type": "string", @@ -491,33 +466,135 @@ "outputs", "agent" ], - "if": { - "properties": { - "agent": { + "allOf": [ + { + "if": { "properties": { - "engine": { - "const": "k8s" + "agent": { + "properties": { + "engine": { + "const": "k8s" + } + } + } + } + }, + "then": { + "not": { + "properties": { + "outputs": { + "type": "object", + "additionalProperties": { + "properties": { + "type": { + "const": "ESECKRef" + } + } + } + } } } } - } - }, - "then": { - "not": { - "properties": { - "outputs": { - "type": "object", - "additionalProperties": { + }, + { + "if": { + "properties": { + "kube-state-metrics": { "properties": { - "type": { - "const": "ESECKRef" + "enabled": { + "const": true + } + } + }, + "agent": { + "properties": { + "engine": { + "const": "eck" + } + } + } + } + }, + "then": { + "properties": { + "kubernetes": { + "properties": { + "state": { + "properties": { + "agentAsSidecar": { + "properties": { + "enabled": { + "const": false + } + } + } + } + } + } + } + } + } + }, + { + "if": { + "properties": { + "kube-state-metrics": { + "properties": { + "enabled": { + "const": true + } + } + }, + "kubernetes": { + "properties": { + "state": { + "properties": { + "agentAsSidecar": { + "properties": { + "enabled": { + "const": true + } + } + } + } + } + } + }, + "agent": { + "fleet": { + "enabled": { + "const": true + } + } + } + } + }, + "then": { + "properties": { + "agent": { + "fleet": { + "preset": { + "type": "string", + "minLength": 0 + } + } + } + } + }, + "else": { + "properties": { + "agent": { + "fleet": { + "preset": { + "type": "string", + "minLength": 1 } } } } } } - }, + ], "definitions": { "OutputObject": { "type": "object", @@ -846,8 +923,7 @@ ], "properties": { "preset": { - "type": "string", - "minLength": 1 + "type": "string" }, "url": { "type": "string", @@ -869,8 +945,7 @@ ], "properties": { "preset": { - "type": "string", - "minLength": 1 + "type": "string" }, "url": { "type": "string", diff --git a/deploy/helm/elastic-agent/values.yaml b/deploy/helm/elastic-agent/values.yaml index c99db93367f..5a0643c478c 100644 --- a/deploy/helm/elastic-agent/values.yaml +++ b/deploy/helm/elastic-agent/values.yaml @@ -64,12 +64,19 @@ kubernetes: # results in overriding and *disabling all* the respective state streams # @section -- 2 - Kubernetes integration enabled: true - # -- deploy kube-state-metrics service as a sidecar container to the elastic agent of `ksmSharded` preset. - # If set to `false`, kube-state-metrics will *not* get deployed and `clusterWide` agent preset will be used for - # collecting kube-state-metrics. - # @section -- 2 - Kubernetes integration - deployKSM: true - # -- host of the kube-state-metrics service. Note that this used only when `deployKSM` is set to `false`. + agentAsSidecar: + # -- enable [ksm autosharding](https://github.com/kubernetes/kube-state-metrics?tab=readme-ov-file#automated-sharding) and deploy elastic-agent as a sidecar container. If `kube-state-metrics.enabled` is set to `false` this has no effect. + # @section -- 2 - Kubernetes integration + enabled: false + # -- resources of the elastic-agent sidecar if `agentAsSidecar.enabled` is set to `true` + # @section -- 2 - Kubernetes integration + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + # -- host of the kube-state-metrics service. This used only when `kube-state-metrics.enabled` is set to `false`. # @section -- 2 - Kubernetes integration host: "kube-state-metrics:8080" # -- state streams variables such as `add_metadata`, `hosts`, `period`, `bearer_token_file`. Please note @@ -370,7 +377,7 @@ agent: # required by the built-in Kubernetes integration [here](./values.yaml) # @notationType -- map[string]{} # @section -- 6 - Elastic-Agent Configuration - # @default -- `{ "perNode" : {...}, "clusterWide": {...}, "ksmSharded": {...} }` + # @default -- `{ "perNode" : {...}, "clusterWide": {...}}` presets: # examplePreset: # mode: [deployment, statefulset, daemonset] @@ -461,35 +468,7 @@ agent: kubernetes: node: ${NODE_NAME} scope: node - ksmSharded: - ## required by the built-in kubernetes integration - mode: statefulset - serviceAccount: - create: true - clusterRole: - create: true - resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi - extraVolumes: - # override the default agent-data volume and make it an emptyDir - - name: agent-data - emptyDir: {} - nodeSelector: - kubernetes.io/os: linux - extraEnvs: - - name: ELASTIC_NETINFO - value: "false" - agent: - monitoring: - namespace: default - use_output: default - enabled: true - logs: true - metrics: true - providers: - kubernetes: - enabled: false +kube-state-metrics: + enabled: true + fullnameOverride: "kube-state-metrics" + replicas: 1 diff --git a/magefile.go b/magefile.go index e24790a5cad..513a69cc5a0 100644 --- a/magefile.go +++ b/magefile.go @@ -45,6 +45,7 @@ import ( tcommon "github.com/elastic/elastic-agent/pkg/testing/common" "github.com/elastic/elastic-agent/pkg/testing/define" "github.com/elastic/elastic-agent/pkg/testing/ess" + "github.com/elastic/elastic-agent/pkg/testing/helm" "github.com/elastic/elastic-agent/pkg/testing/kubernetes/kind" "github.com/elastic/elastic-agent/pkg/testing/multipass" "github.com/elastic/elastic-agent/pkg/testing/ogc" @@ -3396,7 +3397,9 @@ type Helm mg.Namespace // RenderExamples runs the equivalent of `helm template` and `helm lint` // for the examples of the Elastic Helm chart which are located at // `deploy/helm/elastic-agent/examples` directory. -func (Helm) RenderExamples() error { +func (h Helm) RenderExamples() error { + mg.SerialDeps(h.BuildDependencies) + settings := cli.New() // Helm CLI settings actionConfig := &action.Configuration{} @@ -3513,7 +3516,9 @@ func (Helm) UpdateAgentVersion() error { } // Lint lints the Elastic-Agent Helm chart. -func (Helm) Lint() error { +func (h Helm) Lint() error { + mg.SerialDeps(h.BuildDependencies) + settings := cli.New() // Helm CLI settings actionConfig := &action.Configuration{} @@ -3579,6 +3584,10 @@ func updateYamlFile(path string, keyVal ...struct { return nil } +func (Helm) BuildDependencies() error { + return helm.BuildChartDependencies(helmChartPath) +} + func updateYamlNodes(rootNode *yaml.Node, value string, keys ...string) error { if len(keys) == 0 { return fmt.Errorf("no keys provided") diff --git a/pkg/testing/helm/helm.go b/pkg/testing/helm/helm.go new file mode 100644 index 00000000000..9c3b18e7966 --- /dev/null +++ b/pkg/testing/helm/helm.go @@ -0,0 +1,135 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License 2.0; +// you may not use this file except in compliance with the Elastic License 2.0. + +package helm + +import ( + "bufio" + "bytes" + "errors" + "fmt" + "os" + + "gopkg.in/yaml.v2" + "helm.sh/helm/v3/pkg/action" + "helm.sh/helm/v3/pkg/cli" + "helm.sh/helm/v3/pkg/downloader" + "helm.sh/helm/v3/pkg/getter" + "helm.sh/helm/v3/pkg/registry" + "helm.sh/helm/v3/pkg/repo" +) + +func ensureRepository(repoName, repoURL string, settings *cli.EnvSettings) error { + repoFile := settings.RepositoryConfig + // Load existing repositories + file, err := repo.LoadFile(repoFile) + if err != nil { + if errors.Is(err, os.ErrNotExist) { + file = repo.NewFile() + } else { + return fmt.Errorf("could not load Helm repository config: %w", err) + } + } + + // Check if the repository is already added + for _, entry := range file.Repositories { + if entry.URL == repoURL { + // repository already exists + return nil + } + } + + // Add the repository + entry := &repo.Entry{ + Name: repoName, + URL: repoURL, + } + + chartRepo, err := repo.NewChartRepository(entry, getter.All(settings)) + if err != nil { + return fmt.Errorf("could not create repo %s: %w", repoURL, err) + } + + _, err = chartRepo.DownloadIndexFile() + if err != nil { + return fmt.Errorf("could not download index file for repo %s: %w", repoURL, err) + } + + file.Update(entry) + if err := file.WriteFile(repoFile, 0o644); err != nil { + return fmt.Errorf("could not write Helm repository config: %w", err) + } + + return nil +} + +func BuildChartDependencies(chartPath string) error { + settings := cli.New() + settings.SetNamespace("") + actionConfig := &action.Configuration{} + + chartFile, err := os.ReadFile(fmt.Sprintf("%s/Chart.yaml", chartPath)) + if err != nil { + return fmt.Errorf("could not read %s/Chart.yaml: %w", chartPath, err) + } + + dependencies := struct { + Entry []struct { + Name string `yaml:"name"` + Repository string `yaml:"repository"` + } `yaml:"dependencies"` + }{} + + err = yaml.Unmarshal(chartFile, &dependencies) + if err != nil { + return fmt.Errorf("could not unmarshal %s/Chart.yaml: %w", chartPath, err) + } + + for _, dep := range dependencies.Entry { + err := ensureRepository(dep.Name, dep.Repository, settings) + if err != nil { + return err + } + } + + err = actionConfig.Init(settings.RESTClientGetter(), settings.Namespace(), "", + func(format string, v ...interface{}) {}) + if err != nil { + return fmt.Errorf("failed to init helm action config: %w", err) + } + + client := action.NewDependency() + + registryClient, err := registry.NewClient( + registry.ClientOptDebug(settings.Debug), + registry.ClientOptEnableCache(true), + registry.ClientOptWriter(os.Stderr), + registry.ClientOptCredentialsFile(settings.RegistryConfig), + ) + if err != nil { + return fmt.Errorf("failed to create helm registry client: %w", err) + } + + buffer := bytes.Buffer{} + + man := &downloader.Manager{ + Out: bufio.NewWriter(&buffer), + ChartPath: chartPath, + Keyring: client.Keyring, + SkipUpdate: true, + Getters: getter.All(settings), + RegistryClient: registryClient, + RepositoryConfig: settings.RepositoryConfig, + RepositoryCache: settings.RepositoryCache, + Debug: settings.Debug, + } + if client.Verify { + man.Verify = downloader.VerifyIfPossible + } + err = man.Build() + if err != nil { + return fmt.Errorf("failed to build helm dependencies: %w", err) + } + return nil +} diff --git a/testing/integration/kubernetes_agent_standalone_test.go b/testing/integration/kubernetes_agent_standalone_test.go index 24b91ab0d38..db35f657127 100644 --- a/testing/integration/kubernetes_agent_standalone_test.go +++ b/testing/integration/kubernetes_agent_standalone_test.go @@ -52,6 +52,7 @@ import ( aclient "github.com/elastic/elastic-agent/pkg/control/v2/client" atesting "github.com/elastic/elastic-agent/pkg/testing" "github.com/elastic/elastic-agent/pkg/testing/define" + "github.com/elastic/elastic-agent/pkg/testing/helm" "github.com/elastic/elastic-agent/pkg/testing/tools/fleettools" ) @@ -249,8 +250,11 @@ func TestKubernetesAgentHelm(t *testing.T) { ctx := context.Background() kCtx := k8sGetContext(t, info) + err := helm.BuildChartDependencies(agentK8SHelm) + require.NoError(t, err, "failed to build helm dependencies") + nodeList := corev1.NodeList{} - err := kCtx.client.Resources().List(ctx, &nodeList) + err = kCtx.client.Resources().List(ctx, &nodeList) require.NoError(t, err) schedulableNodeCount, err := k8sSchedulableNodeCount(ctx, kCtx) @@ -288,11 +292,9 @@ func TestKubernetesAgentHelm(t *testing.T) { }), k8sStepCheckAgentStatus("name=agent-pernode-helm-agent", schedulableNodeCount, "agent", nil), k8sStepCheckAgentStatus("name=agent-clusterwide-helm-agent", 1, "agent", nil), - k8sStepCheckAgentStatus("name=agent-ksmsharded-helm-agent", 1, "agent", nil), k8sStepCheckRestrictUpgrade("name=agent-pernode-helm-agent", schedulableNodeCount, "agent"), k8sStepRunInnerTests("name=agent-pernode-helm-agent", schedulableNodeCount, "agent"), k8sStepRunInnerTests("name=agent-clusterwide-helm-agent", 1, "agent"), - k8sStepRunInnerTests("name=agent-ksmsharded-helm-agent", 1, "agent"), }, }, { @@ -302,6 +304,11 @@ func TestKubernetesAgentHelm(t *testing.T) { k8sStepHelmDeploy(agentK8SHelm, "helm-agent", map[string]any{ "kubernetes": map[string]any{ "enabled": true, + "state": map[string]any{ + "agentAsSidecar": map[string]any{ + "enabled": true, + }, + }, }, "agent": map[string]any{ "unprivileged": true, @@ -321,11 +328,11 @@ func TestKubernetesAgentHelm(t *testing.T) { }), k8sStepCheckAgentStatus("name=agent-pernode-helm-agent", schedulableNodeCount, "agent", nil), k8sStepCheckAgentStatus("name=agent-clusterwide-helm-agent", 1, "agent", nil), - k8sStepCheckAgentStatus("name=agent-ksmsharded-helm-agent", 1, "agent", nil), + k8sStepCheckAgentStatus("app.kubernetes.io/name=kube-state-metrics", 1, "agent", nil), k8sStepCheckRestrictUpgrade("name=agent-pernode-helm-agent", schedulableNodeCount, "agent"), k8sStepRunInnerTests("name=agent-pernode-helm-agent", schedulableNodeCount, "agent"), k8sStepRunInnerTests("name=agent-clusterwide-helm-agent", 1, "agent"), - k8sStepRunInnerTests("name=agent-ksmsharded-helm-agent", 1, "agent"), + k8sStepRunInnerTests("app.kubernetes.io/name=kube-state-metrics", 1, "agent"), }, }, { @@ -382,11 +389,6 @@ func TestKubernetesAgentHelm(t *testing.T) { k8sStepCreateNamespace(), k8sStepHelmDeploy(agentK8SHelm, "helm-agent", map[string]any{ "agent": map[string]any{ - // NOTE: Setting the version to something released is mandatory as when we enable hints - // we have an init container that downloads a released agent archive and extracts - // the templates from there. If and when we embed the templates directly in the - // agent image, we can remove this. - "version": "8.16.0", "unprivileged": true, "image": map[string]any{ "repository": kCtx.agentImageRepo, @@ -399,6 +401,11 @@ func TestKubernetesAgentHelm(t *testing.T) { "hints": map[string]any{ "enabled": true, }, + "state": map[string]any{ + "agentAsSidecar": map[string]any{ + "enabled": true, + }, + }, }, "outputs": map[string]any{ "default": map[string]any{ @@ -410,10 +417,10 @@ func TestKubernetesAgentHelm(t *testing.T) { }), k8sStepCheckAgentStatus("name=agent-pernode-helm-agent", schedulableNodeCount, "agent", nil), k8sStepCheckAgentStatus("name=agent-clusterwide-helm-agent", 1, "agent", nil), - k8sStepCheckAgentStatus("name=agent-ksmsharded-helm-agent", 1, "agent", nil), + k8sStepCheckAgentStatus("app.kubernetes.io/name=kube-state-metrics", 1, "agent", nil), k8sStepRunInnerTests("name=agent-pernode-helm-agent", schedulableNodeCount, "agent"), k8sStepRunInnerTests("name=agent-clusterwide-helm-agent", 1, "agent"), - k8sStepRunInnerTests("name=agent-ksmsharded-helm-agent", 1, "agent"), + k8sStepRunInnerTests("app.kubernetes.io/name=kube-state-metrics", 1, "agent"), k8sStepHintsRedisCreate(), k8sStepHintsRedisCheckAgentStatus("name=agent-pernode-helm-agent", true), k8sStepHintsRedisDelete(), @@ -427,11 +434,6 @@ func TestKubernetesAgentHelm(t *testing.T) { k8sStepHintsRedisCreate(), k8sStepHelmDeploy(agentK8SHelm, "helm-agent", map[string]any{ "agent": map[string]any{ - // NOTE: Setting the version to something released is mandatory as when we enable hints - // we have an init container that downloads a released agent archive and extracts - // the templates from there. If and when we embed the templates directly in the - // agent image, we can remove this. - "version": "8.16.0", "unprivileged": true, "image": map[string]any{ "repository": kCtx.agentImageRepo, @@ -444,6 +446,11 @@ func TestKubernetesAgentHelm(t *testing.T) { "hints": map[string]any{ "enabled": true, }, + "state": map[string]any{ + "agentAsSidecar": map[string]any{ + "enabled": true, + }, + }, }, "outputs": map[string]any{ "default": map[string]any{ @@ -455,10 +462,10 @@ func TestKubernetesAgentHelm(t *testing.T) { }), k8sStepCheckAgentStatus("name=agent-pernode-helm-agent", schedulableNodeCount, "agent", nil), k8sStepCheckAgentStatus("name=agent-clusterwide-helm-agent", 1, "agent", nil), - k8sStepCheckAgentStatus("name=agent-ksmsharded-helm-agent", 1, "agent", nil), + k8sStepCheckAgentStatus("app.kubernetes.io/name=kube-state-metrics", 1, "agent", nil), k8sStepRunInnerTests("name=agent-pernode-helm-agent", schedulableNodeCount, "agent"), k8sStepRunInnerTests("name=agent-clusterwide-helm-agent", 1, "agent"), - k8sStepRunInnerTests("name=agent-ksmsharded-helm-agent", 1, "agent"), + k8sStepRunInnerTests("app.kubernetes.io/name=kube-state-metrics", 1, "agent"), k8sStepHintsRedisCheckAgentStatus("name=agent-pernode-helm-agent", true), k8sStepHintsRedisDelete(), k8sStepHintsRedisCheckAgentStatus("name=agent-pernode-helm-agent", false),