-
{es} for storing and searching your data, and {kib} for visualizing and managing it.
-
kube-state-metrics.
Set the {es} settings before deploying the manifest:
- name: ES_USERNAME
value: "elastic" (1)
- name: ES_PASSWORD
value: "passpassMyStr0ngP@ss" (2)
- name: ES_HOST
value: "https://somesuperhostiduuid.europe-west1.gcp.cloud.es.io:9243" (3)-
The basic authentication username used to connect to {es}.
-
The basic authentication password used to connect to {kib}.
-
The {es} host to communicate with.
Refer to [agent-environment-variables] for all available options.
-
Launch {kib}:
-
You can see data flowing in by going to Analytics → Discover and selecting the index
metrics-, or even more specific,metrics-kubernetes.. If you can’t see these indexes, {kibana-ref}/data-views.html[create a data view] for them. -
You can see predefined dashboards by selecting Analytics→Dashboard, or by installing assets through an integration.
If you are using Red Hat OpenShift, you need to specify additional settings in the manifest file and enable the container to run as privileged.
-
In the manifest file, modify the
agent-node-datastreamsConfigMap and adjust inputs:-
kubernetes-cluster-metricsinput:-
If
httpsis used to accesskube-state-metrics, add the following settings to allkubernetes.state_*datasets:bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.certificate_authorities: - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
-
-
kubernetes-node-metricsinput:-
Change the
kubernetes.controllermanagerdata stream condition to:condition: ${kubernetes.labels.app} == 'kube-controller-manager'
-
Change the
kubernetes.schedulerdata stream condition to:condition: ${kubernetes.labels.app} == 'openshift-kube-scheduler'
-
The
kubernetes.proxydata stream configuration should look like:- data_stream: dataset: kubernetes.proxy type: metrics metricsets: - proxy hosts: - 'localhost:29101' period: 10s
-
Add the following settings to all data streams that connect to
https://${env.NODE_NAME}:10250:bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.certificate_authorities: - /path/to/ca-bundle.crt
Noteca-bundle.crtcan be any CA bundle that contains the issuer of the certificate used in the Kubelet API. According to each specific installation of OpenShift this can be found either insecretsor inconfigmaps. In some installations it can be available as part of the service account secret, in/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt. When using the OpenShift installer for GCP, mount the followingconfigmapin the elastic-agent pod and useca-bundle.crtinssl.certificate_authorities:Name: kubelet-serving-ca Namespace: openshift-kube-apiserver Labels: <none> Annotations: <none> Data ==== ca-bundle.crt:
-
-
-
Grant the
elastic-agentservice account access to the privileged SCC:oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:elastic-agent
This command enables the container to be privileged as an administrator for OpenShift.
-
If the namespace where elastic-agent is running has the
"openshift.io/node-selector"annotation set, elastic-agent might not run on all nodes. In this case consider overriding the node selector for the namespace to allow scheduling on any node:oc patch namespace kube-system -p \ '{"metadata": {"annotations": {"openshift.io/node-selector": ""}}}'This command sets the node selector for the project to an empty string.
Refer to [elastic-agent-kubernetes-autodiscovery] for more information.