| mapped_pages |
|---|
-
{{es}} for storing and searching your data, and {{kib}} for visualizing and managing it.
::::{tab-set}
:::{tab-item} {{ech}}
To get started quickly, spin up an {{ech}} deployment. {{ech}} is available on AWS, GCP, and Azure. Try it out for free. :::
:::{tab-item} Self-managed
To install and run {{es}} and {{kib}}, see Installing the {{stack}}. :::
::::
-
kube-state-metrics.You need to deploy
kube-state-metricsto get the metrics about the state of the objects on the cluster (see the Kubernetes deployment docs). You can do that by first downloading the project:gh repo clone kubernetes/kube-state-metrics
And then deploying it:
kubectl apply -k kube-state-metrics
::::{warning} On managed Kubernetes solutions, such as AKS, GKE or EKS, {{agent}} does not have the required permissions to collect metrics from Kubernetes control plane components, like
kube-schedulerandkube-controller-manager. Audit logs are only available on Kubernetes control plane nodes as well, and hence cannot be collected by {{agent}}. Refer here to find more information. For more information about specific cloud providers, refer to Run {{agent}} on Azure AKS managed by {{fleet}}, Run {{agent}} on GKE managed by {{fleet}} and Run {{agent}} on Amazon EKS managed by {{fleet}} ::::
::::{note} You can find {{agent}} Docker images here. ::::
Download the manifest file:
curl -L -O https://raw.githubusercontent.com/elastic/elastic-agent/master/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml::::{note} You might need to adjust resource limits of the {{agent}} container in the manifest. Container resource usage depends on the number of data streams and the environment size. ::::
This manifest includes the Kubernetes integration to collect Kubernetes metrics and System integration to collect system level metrics and logs from nodes.
The {{agent}} is deployed as a DaemonSet to ensure that there is a running instance on each node of the cluster. These instances are used to retrieve most metrics from the host, such as system metrics, Docker stats, and metrics from all the services running on top of Kubernetes. These metrics are accessed through the deployed kube-state-metrics. Notice that everything is deployed under the kube-system namespace by default. To change the namespace, modify the manifest file.
Moreover, one of the Pods in the DaemonSet will constantly hold a leader lock which makes it responsible for handling cluster-wide monitoring. You can find more information about leader election configuration options at leader election provider. The leader pod will retrieve metrics that are unique for the whole cluster, such as Kubernetes events or kube-state-metrics.
For Kubernetes Security Posture Management (KSPM) purposes, the {{agent}} requires read access to various types of Kubernetes resources, node processes, and files. To achieve this, read permissions are granted to the {{agent}} for the necessary resources, and volumes from the hosting node’s file system are mounted to allow accessibility to the {{agent}} pods.
::::{tip} The size and the number of nodes in a Kubernetes cluster can be large at times, and in such a case the Pod that will be collecting cluster level metrics might require more runtime resources than you would like to dedicate to all of the pods in the DaemonSet. The leader which is collecting the cluster wide metrics may face performance issues due to resource limitations if under-resourced. In this case users might consider avoiding the use of a single DaemonSet with the leader election strategy and instead run a dedicated standalone {{agent}} instance for collecting cluster wide metrics using a Deployment in addition to the DaemonSet to collect metrics for each node. Then both the Deployment and the DaemonSet can be resourced independently and appropriately. For more information check the Scaling {{agent}} on {{k8s}} page. ::::
The {{agent}} needs to be assigned to a policy to enable the proper inputs. To achieve Kubernetes observability, the policy needs to include the Kubernetes integration. Refer to Create a policy and Add an integration to a policy to learn how to configure the Kubernetes integration.
Enrollment of an {{agent}} is defined as the action to register a specific agent to a running {{fleet-server}}.
{{agent}} is enrolled to a running {{fleet-server}} by using FLEET_URL parameter. Additionally, the FLEET_ENROLLMENT_TOKEN parameter is used to connect {{agent}} to a specific {{agent}} policy.
A new FLEET_ENROLLMENT_TOKEN will be created upon new policy creation and will be inserted inside the Elastic Agent Manifest during the Guided installation.
Find more information for Enrollment Tokens.
To specify different destination/credentials, change the following parameters in the manifest file:
- name: FLEET_URL
value: "https://fleet-server_url:port" <1>
- name: FLEET_ENROLLMENT_TOKEN
value: "token" <2>
- name: FLEET_SERVER_POLICY_ID
value: "fleet-server-policy" <3>
- name: KIBANA_HOST
value: "" <4>
- name: KIBANA_FLEET_USERNAME
value: "" <5>
- name: KIBANA_FLEET_PASSWORD
value: "" <6>- URL to enroll the {{fleet-server}} into. You can find it in {{kib}}. Select Management → {{fleet}} → Fleet Settings, and copy the {{fleet-server}} host URL.
- The token to use for enrollment. Close the flyout panel and select Enrollment tokens. Find the Agent policy you created before to enroll {{agent}} into, and display and copy the secret token.
- The policy ID for {{fleet-server}} to use on itself.
- The {{kib}} host.
- The basic authentication username used to connect to {{kib}} and retrieve a
service_tokento enable {{fleet}}. - The basic authentication password used to connect to {{kib}} and retrieve a
service_tokento enable {{fleet}}.
If you need to run {{fleet-server}} as well, adjust the docker run command above by adding these environment variables:
- name: FLEET_SERVER_ENABLE
value: "true" <1>
- name: FLEET_SERVER_ELASTICSEARCH_HOST
value: "<elasticsearch-host>" <2>
- name: FLEET_SERVER_SERVICE_TOKEN
value: "<service-token>" <3>- Set to
trueto bootstrap {{fleet-server}} on this {{agent}}. This automatically forces {{fleet}} enrollment as well. - The Elasticsearch host for Fleet Server to communicate with, for example
http://elasticsearch:9200. - Service token to use for communication with {{es}} and {{kib}}.
Refer to Environment variables for all available options.
Kubernetes control plane nodes can use taints to limit the workloads that can run on them. The manifest for standalone {{agent}} defines tolerations to run on these. Agents running on control plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes. To disable {{agent}} from running on control plane nodes, remove the following part of the DaemonSet spec:
spec:
# Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes.
# Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoScheduleBoth these two tolerations do the same, but node-role.kubernetes.io/master is deprecated as of Kubernetes version v1.25.
To deploy {{agent}} to Kubernetes, run:
kubectl create -f elastic-agent-managed-kubernetes.yamlTo check the status, run:
$ kubectl -n kube-system get pods -l app=elastic-agent
NAME READY STATUS RESTARTS AGE
elastic-agent-4665d 1/1 Running 0 81m
elastic-agent-9f466c4b5-l8cm8 1/1 Running 0 81m
elastic-agent-fj2z9 1/1 Running 0 81m
elastic-agent-hs4pb 1/1 Running 0 81m::::{admonition} Running {{agent}} on a read-only file system :class: tip
If you’d like to run {{agent}} on Kubernetes on a read-only file system, you can do so by specifying the readOnlyRootFilesystem option.
::::
-
Launch {{kib}}:
::::{tab-set}
:::{tab-item} {{ech}}
- Log in to your {{ecloud}} account.
- Navigate to the {{kib}} endpoint in your deployment. :::
:::{tab-item} Self-managed
Point your browser to http://localhost:5601, replacing
localhostwith the name of the {{kib}} host.:::
::::
-
To check if your {{agent}} is enrolled in {{fleet}}, go to Management → {{fleet}} → Agents.
:::{image} images/kibana-fleet-agents.png :alt: {{agent}}s {{fleet}} page :screenshot: :::
-
To view data flowing in, go to Analytics → Discover and select the index
metrics-*, or even more specific,metrics-kubernetes.*. If you can’t see these indexes, create a data view for them. -
To view predefined dashboards, either select Analytics→Dashboard or install assets through an integration.