From 4275712095852e06c1c9c50c8c42732d2327264b Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Thu, 31 Oct 2024 07:47:24 -0700 Subject: [PATCH 1/2] Revert "Temporarily pin versions for integration tests to `8.16.0` (#5819)" (#5827) This reverts commit fc648b007985b2a4d0e9eaf727ac7cb1bdb069f3. --- .buildkite/scripts/steps/beats_tests.sh | 2 +- .buildkite/scripts/steps/integration-package.sh | 2 +- .buildkite/scripts/steps/integration_tests.sh | 2 +- .buildkite/scripts/steps/k8s-extended-tests.sh | 4 ++-- testing/integration/upgrade_broken_package_test.go | 2 -- 5 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.buildkite/scripts/steps/beats_tests.sh b/.buildkite/scripts/steps/beats_tests.sh index d2dde8d4031..05fb5b47e2a 100755 --- a/.buildkite/scripts/steps/beats_tests.sh +++ b/.buildkite/scripts/steps/beats_tests.sh @@ -28,7 +28,7 @@ run_test_for_beat(){ export WORKSPACE=$(pwd) set +e - AGENT_STACK_VERSION="8.16.0-SNAPSHOT" TEST_INTEG_CLEAN_ON_EXIT=true TEST_PLATFORMS="linux/amd64" STACK_PROVISIONER="$STACK_PROVISIONER" SNAPSHOT=true mage integration:testBeatServerless $beat_name + TEST_INTEG_CLEAN_ON_EXIT=true TEST_PLATFORMS="linux/amd64" STACK_PROVISIONER="$STACK_PROVISIONER" SNAPSHOT=true mage integration:testBeatServerless $beat_name TESTS_EXIT_STATUS=$? set -e diff --git a/.buildkite/scripts/steps/integration-package.sh b/.buildkite/scripts/steps/integration-package.sh index c3a631857e1..8b15722066d 100644 --- a/.buildkite/scripts/steps/integration-package.sh +++ b/.buildkite/scripts/steps/integration-package.sh @@ -3,4 +3,4 @@ set -euo pipefail source .buildkite/scripts/common.sh -AGENT_PACKAGE_VERSION=8.16.0 PACKAGES=tar.gz,zip,rpm,deb PLATFORMS=linux/amd64,linux/arm64,windows/amd64 SNAPSHOT=true EXTERNAL=true DEV=true mage package +PACKAGES=tar.gz,zip,rpm,deb PLATFORMS=linux/amd64,linux/arm64,windows/amd64 SNAPSHOT=true EXTERNAL=true DEV=true mage package \ No newline at end of file diff --git a/.buildkite/scripts/steps/integration_tests.sh b/.buildkite/scripts/steps/integration_tests.sh index a89190af5f7..834da1cd4c6 100755 --- a/.buildkite/scripts/steps/integration_tests.sh +++ b/.buildkite/scripts/steps/integration_tests.sh @@ -19,7 +19,7 @@ fi # Run integration tests set +e -AGENT_VERSION="8.16.0-SNAPSHOT" AGENT_STACK_VERSION="8.16.0-SNAPSHOT" TEST_INTEG_CLEAN_ON_EXIT=true STACK_PROVISIONER="$STACK_PROVISIONER" SNAPSHOT=true mage $MAGE_TARGET $MAGE_SUBTARGET +AGENT_STACK_VERSION="${STACK_VERSION}" TEST_INTEG_CLEAN_ON_EXIT=true STACK_PROVISIONER="$STACK_PROVISIONER" SNAPSHOT=true mage $MAGE_TARGET $MAGE_SUBTARGET TESTS_EXIT_STATUS=$? set -e diff --git a/.buildkite/scripts/steps/k8s-extended-tests.sh b/.buildkite/scripts/steps/k8s-extended-tests.sh index fa230ebdd70..e3d78b64003 100644 --- a/.buildkite/scripts/steps/k8s-extended-tests.sh +++ b/.buildkite/scripts/steps/k8s-extended-tests.sh @@ -25,8 +25,8 @@ else exit 10 fi -AGENT_PACKAGE_VERSION="8.16.0" DEV=true SNAPSHOT=true EXTERNAL=true PACKAGES=docker mage -v package -AGENT_VERSION="8.16.0-SNAPSHOT" AGENT_STACK_VERSION="8.16.0-SNAPSHOT" TEST_INTEG_CLEAN_ON_EXIT=true INSTANCE_PROVISIONER=kind STACK_PROVISIONER=stateful SNAPSHOT=true mage integration:kubernetesMatrix +DEV=true SNAPSHOT=true EXTERNAL=true PACKAGES=docker mage -v package +TEST_INTEG_CLEAN_ON_EXIT=true INSTANCE_PROVISIONER=kind STACK_PROVISIONER=stateful SNAPSHOT=true mage integration:kubernetesMatrix TESTS_EXIT_STATUS=$? set -e diff --git a/testing/integration/upgrade_broken_package_test.go b/testing/integration/upgrade_broken_package_test.go index c1413c2575b..5ece19ddbd8 100644 --- a/testing/integration/upgrade_broken_package_test.go +++ b/testing/integration/upgrade_broken_package_test.go @@ -32,8 +32,6 @@ func TestUpgradeBrokenPackageVersion(t *testing.T) { Sudo: true, // requires Agent installation }) - t.Skip("This test cannot succeed with a AGENT_PACKAGE_VERSION override. Check contents of .buildkite/scripts/steps/beats_tests.sh") - ctx, cancel := testcontext.WithDeadline(t, context.Background(), time.Now().Add(10*time.Minute)) defer cancel() From 3b8049e22b617f8187758fdcda3856cd4e808ff1 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Thu, 31 Oct 2024 16:49:04 +0200 Subject: [PATCH 2/2] [8.x](backport #5855) [helm]: implement system integration as chart built-in (#5887) * [helm]: implement system integration as chart built-in (#5855) * feat: implement system integration as chart built-in * feat: restructure logs streams in system integration to allow passing user-supplied vars * doc: add an example of system integration * feat: add missing rendered file for system integration example (cherry picked from commit e6f281aa4de18d5ba1aa10aa36da9796c3b22a47) # Conflicts: # deploy/helm/elastic-agent/values.yaml * fix: resolve merge conflicts * fix: update rendered examples --------- Co-authored-by: Panos Koutsovasilis --- deploy/helm/elastic-agent/README.md | 18 +- deploy/helm/elastic-agent/examples/README.md | 1 + .../system-custom-auth-paths/README.md | 25 ++ .../agent-system-values.yaml | 13 + .../rendered/manifest.yaml | 399 ++++++++++++++++++ deploy/helm/elastic-agent/templates/NOTES.txt | 3 + .../templates/agent/_helpers.tpl | 1 + .../integrations/_system/_system.tpl | 6 + .../integrations/_system/_system_logs.tpl | 71 ++++ .../integrations/_system/_system_metrics.tpl | 103 +++++ deploy/helm/elastic-agent/values.schema.json | 106 ++++- deploy/helm/elastic-agent/values.yaml | 63 ++- 12 files changed, 789 insertions(+), 20 deletions(-) create mode 100644 deploy/helm/elastic-agent/examples/system-custom-auth-paths/README.md create mode 100644 deploy/helm/elastic-agent/examples/system-custom-auth-paths/agent-system-values.yaml create mode 100644 deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml create mode 100644 deploy/helm/elastic-agent/templates/integrations/_system/_system.tpl create mode 100644 deploy/helm/elastic-agent/templates/integrations/_system/_system_logs.tpl create mode 100644 deploy/helm/elastic-agent/templates/integrations/_system/_system_metrics.tpl diff --git a/deploy/helm/elastic-agent/README.md b/deploy/helm/elastic-agent/README.md index 3cde27d9ccc..9afcf8625e1 100644 --- a/deploy/helm/elastic-agent/README.md +++ b/deploy/helm/elastic-agent/README.md @@ -123,12 +123,24 @@ The chart built-in [kubernetes integration](https://docs.elastic.co/integrations | kubernetes.system.metrics.enabled | bool | `true` | enable system metric stream (kubelet) [ref](https://www.elastic.co/docs/current/integrations/kubernetes/kubelet#system) | | kubernetes.system.metrics.vars | object | `{}` | system metric stream vars | -### 3 - User Extra Integrations +### 4 - System integration +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| system.enabled | bool | `false` | enable System integration. | +| system.output | string | `"default"` | name of the output used in System integration. Note that this output needs to be defined in [outputs](#1-outputs) | +| system.namespace | string | `"default"` | output namespace | +| system.authLogs.enabled | bool | `true` | enable auth logs | +| system.authLogs.vars | object | `{}` | override default variables of auth logs stream. Look in the [values.schema.json](values.schema.json) to see the available variables | +| system.syslog.enabled | bool | `true` | enable syslog | +| system.syslog.vars | object | `{}` | override default variables of syslog stream. Look in the [values.schema.json](values.schema.json) to see the available variables | +| system.metrics.enabled | bool | `true` | enable metrics | + +### 5 - User Extra Integrations | Key | Type | Default | Description | |-----|------|---------|-------------| | extraIntegrations | object | `{}` | extra [user-defined integrations](https://www.elastic.co/guide/en/fleet/current/elastic-agent-input-configuration.html) to be added to the Elastic Agent An example can be found [here](./examples/nginx-custom-integration/README.md) | -### 3 - Elastic-Agent Configuration +### 6 - Elastic-Agent Configuration | Key | Type | Default | Description | |-----|------|---------|-------------| | agent.version | string | `"9.0.0"` | elastic-agent version | @@ -138,7 +150,7 @@ The chart built-in [kubernetes integration](https://docs.elastic.co/integrations | agent.unprivileged | bool | `false` | enable unprivileged mode | | agent.presets | map[string]{} | `{ "perNode" : {...}, "clusterWide": {...}, "ksmSharded": {...} }` | Map of deployment presets for the Elastic Agent. The key of the map is the name of the preset. See more for the presets required by the built-in Kubernetes integration [here](./values.yaml) | -### 3.1 - Elastic-Agent Managed Configuration +### 6.1 - Elastic-Agent Managed Configuration | Key | Type | Default | Description | |-----|------|---------|-------------| | agent.fleet.enabled | bool | `false` | enable elastic-agent managed | diff --git a/deploy/helm/elastic-agent/examples/README.md b/deploy/helm/elastic-agent/examples/README.md index 198819db953..7c0963b94f7 100644 --- a/deploy/helm/elastic-agent/examples/README.md +++ b/deploy/helm/elastic-agent/examples/README.md @@ -3,6 +3,7 @@ Here is a collection of example configurations for the eck-integrations chart. - [Kubernetes - defaults](kubernetes-default/README.md) +- [System - custom authlogs path](kubernetes-default/README.md) - [Kubernetes - only container logs](kubernetes-only-logs/README.md) - [Kubernetes - only hints autodiscover](kubernetes-hints-autodiscover/README.md) - [Custom Integration - nginx](nginx-custom-integration/README.md) diff --git a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/README.md b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/README.md new file mode 100644 index 00000000000..69f45ba1429 --- /dev/null +++ b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/README.md @@ -0,0 +1,25 @@ +# Example: System Integration with custom auth log paths + +In this example we install the built-in `system` integration and specify custom paths for the auth logs stream (see [agent-system-values.yaml](agent-system-values.yaml)). + +## Prerequisites: +1. A k8s secret that contains the connection details to an Elasticsearch cluster such as the URL and the API key ([Kibana - Creating API Keys](https://www.elastic.co/guide/en/kibana/current/api-keys.html)): + ```console + kubectl create secret generic es-api-secret \ + --from-literal=api_key=... \ + --from-literal=url=... + ``` + +2. `system` integration assets installed through Kibana ([Kibana - Install and uninstall Elastic Agent integration assets](https://www.elastic.co/guide/en/fleet/current/install-uninstall-integration-assets.html)) + +## Run: +```console +helm install elastic-agent ../../ \ + -f ./agent-system-values.yaml \ + --set outputs.default.type=ESSecretAuthAPI \ + --set outputs.default.secretName=es-api-secret +``` + +## Validate: + +1. The Kibana `system`-related dashboards should start showing up the respective info. diff --git a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/agent-system-values.yaml b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/agent-system-values.yaml new file mode 100644 index 00000000000..52615a36cb5 --- /dev/null +++ b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/agent-system-values.yaml @@ -0,0 +1,13 @@ +system: + enabled: true + authLogs: + vars: + paths: + - /var/log/custom_auth.log + syslog: + vars: + paths: + - /var/log/custom_syslog.log + +agent: + unprivileged: true diff --git a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml new file mode 100644 index 00000000000..2472ee11d10 --- /dev/null +++ b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml @@ -0,0 +1,399 @@ +--- +# Source: elastic-agent/templates/agent/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: agent-pernode-example + namespace: "default" + labels: + helm.sh/chart: elastic-agent-0.0.1 + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.17.0 + app.kubernetes.io/managed-by: Helm +--- +# Source: elastic-agent/templates/agent/k8s/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: agent-pernode-example + namespace: "default" + labels: + helm.sh/chart: elastic-agent-0.0.1 + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.17.0 + app.kubernetes.io/managed-by: Helm +stringData: + + agent.yml: |- + id: agent-pernode-example + outputs: + default: + hosts: + - http://elasticsearch:9200 + password: changeme + type: elasticsearch + username: elastic + secret_references: [] + agent: + monitoring: + enabled: true + logs: true + metrics: true + namespace: default + use_output: default + providers: + kubernetes: + node: ${NODE_NAME} + scope: node + kubernetes_leaderelection: + enabled: false + inputs: + - data_stream: + namespace: default + id: system-logs + streams: + - data_stream: + dataset: system.auth + type: logs + exclude_files: + - \.gz$ + ignore_older: 72h + multiline: + match: after + pattern: ^\s + paths: + - /var/log/custom_auth.log + processors: + - add_locale: null + tags: + - system-auth + - data_stream: + dataset: system.syslog + type: logs + exclude_files: + - \.gz$ + ignore_older: 72h + multiline: + match: after + pattern: ^\s + paths: + - /var/log/custom_syslog.log + processors: + - add_locale: null + tags: null + type: logfile + use_output: default + - data_stream: + namespace: default + id: system-metrics + streams: + - cpu.metrics: + - percentages + - normalized_percentages + data_stream: + dataset: system.cpu + type: metrics + metricsets: + - cpu + period: 10s + - data_stream: + dataset: system.diskio + type: metrics + diskio.include_devices: null + metricsets: + - diskio + period: 10s + - data_stream: + dataset: system.filesystem + type: metrics + metricsets: + - filesystem + period: 1m + processors: + - drop_event.when.regexp: + system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/) + - data_stream: + dataset: system.fsstat + type: metrics + metricsets: + - fsstat + period: 1m + processors: + - drop_event.when.regexp: + system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/) + - condition: ${host.platform} != 'windows' + data_stream: + dataset: system.load + type: metrics + metricsets: + - load + period: 10s + - data_stream: + dataset: system.memory + type: metrics + metricsets: + - memory + period: 10s + - data_stream: + dataset: system.network + type: metrics + metricsets: + - network + network.interfaces: null + period: 10s + - data_stream: + dataset: system.process + type: metrics + metricsets: + - process + period: 10s + process.cgroups.enabled: false + process.cmdline.cache.enabled: true + process.include_cpu_ticks: false + process.include_top_n.by_cpu: 5 + process.include_top_n.by_memory: 5 + processes: + - .* + - data_stream: + dataset: system.process_summary + type: metrics + metricsets: + - process_summary + period: 10s + - data_stream: + dataset: system.socket_summary + type: metrics + metricsets: + - socket_summary + period: 10s + - data_stream: + dataset: system.uptime + type: metrics + metricsets: + - uptime + period: 10s + type: system/metrics + use_output: default +--- +# Source: elastic-agent/templates/agent/cluster-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: agent-perNode-example-default + labels: + helm.sh/chart: elastic-agent-0.0.1 + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.17.0 + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: [ "" ] # "" indicates the core API group + resources: + - nodes + - namespaces + - events + - pods + - services + - configmaps + - persistentvolumes + - persistentvolumeclaims + - persistentvolumeclaims/status + - nodes/metrics + - nodes/proxy + - nodes/stats + verbs: + - get + - watch + - list + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - watch + - list + - nonResourceURLs: + - /metrics + verbs: + - get + - watch + - list + - apiGroups: [ "coordination.k8s.io" ] + resources: + - leases + verbs: + - get + - create + - update + - nonResourceURLs: + - /healthz + - /healthz/* + - /livez + - /livez/* + - /metrics + - /metrics/slis + - /readyz + - /readyz/* + verbs: + - get + - apiGroups: [ "apps" ] + resources: + - replicasets + - deployments + - daemonsets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: [ "batch" ] + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch +--- +# Source: elastic-agent/templates/agent/cluster-role-binding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: agent-perNode-example-default + labels: + helm.sh/chart: elastic-agent-0.0.1 + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.17.0 + app.kubernetes.io/managed-by: Helm +subjects: + - kind: ServiceAccount + name: agent-pernode-example + namespace: "default" +roleRef: + kind: ClusterRole + name: agent-perNode-example-default + apiGroup: rbac.authorization.k8s.io +--- +# Source: elastic-agent/templates/agent/k8s/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: agent-pernode-example + namespace: "default" + labels: + helm.sh/chart: elastic-agent-0.0.1 + app.kubernetes.io/name: elastic-agent + app.kubernetes.io/instance: example + app.kubernetes.io/version: 8.17.0 + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + name: agent-pernode-example + template: + metadata: + labels: + name: agent-pernode-example + annotations: + checksum/config: 39e00ed2a77861d6ce0f1436c373284c3651db4325dbe5d25300677203cfdca7 + + spec: + dnsPolicy: ClusterFirstWithHostNet + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: agent-pernode-example + volumes: + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys/fs/cgroup + name: cgroup + - hostPath: + path: /var/lib/docker/containers + name: varlibdockercontainers + - hostPath: + path: /var/log + name: varlog + - hostPath: + path: /etc + name: etc-full + - hostPath: + path: /var/lib + name: var-lib + - name: agent-data + hostPath: + + path: /etc/elastic-agent/default/agent-pernode-example/state + type: DirectoryOrCreate + + - name: config + secret: + defaultMode: 0444 + secretName: agent-pernode-example + containers: + - name: agent + imagePullPolicy: IfNotPresent + image: "docker.elastic.co/beats/elastic-agent:8.17.0-SNAPSHOT" + args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] + securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - CHOWN + - SETPCAP + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + resources: + limits: + memory: 1000Mi + requests: + cpu: 100m + memory: 400Mi + volumeMounts: + - mountPath: /hostfs/proc + name: proc + readOnly: true + - mountPath: /hostfs/sys/fs/cgroup + name: cgroup + readOnly: true + - mountPath: /var/lib/docker/containers + name: varlibdockercontainers + readOnly: true + - mountPath: /var/log + name: varlog + readOnly: true + - mountPath: /hostfs/etc + name: etc-full + readOnly: true + - mountPath: /hostfs/var/lib + name: var-lib + readOnly: true + - name: agent-data + mountPath: /usr/share/elastic-agent/state + - name: config + mountPath: /etc/elastic-agent/agent.yml + readOnly: true + subPath: agent.yml + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: "/usr/share/elastic-agent/state" + - name: ELASTIC_NETINFO + value: "false" diff --git a/deploy/helm/elastic-agent/templates/NOTES.txt b/deploy/helm/elastic-agent/templates/NOTES.txt index e7f9d2caede..0b8587db0fb 100644 --- a/deploy/helm/elastic-agent/templates/NOTES.txt +++ b/deploy/helm/elastic-agent/templates/NOTES.txt @@ -22,6 +22,9 @@ Installed integrations: {{- if eq $.Values.kubernetes.enabled true }} - kubernetes [built-in chart integration] {{- end }} +{{- if eq $.Values.system.enabled true }} + - system [built-in chart integration] +{{- end }} {{- range $customInputName, $customInputVal := $.Values.extraIntegrations }} - {{$customInputName}} [user-defined integration] {{- end }} diff --git a/deploy/helm/elastic-agent/templates/agent/_helpers.tpl b/deploy/helm/elastic-agent/templates/agent/_helpers.tpl index 0de739754ee..d3021d69bd4 100644 --- a/deploy/helm/elastic-agent/templates/agent/_helpers.tpl +++ b/deploy/helm/elastic-agent/templates/agent/_helpers.tpl @@ -65,6 +65,7 @@ Initialise input templates if we are not deploying as managed {{- if eq $.Values.agent.fleet.enabled false -}} {{/* standalone agent so initialise inputs */}} {{- include "elasticagent.kubernetes.init" $ -}} +{{- include "elasticagent.system.init" $ -}} {{- range $customInputName, $customInputVal := $.Values.extraIntegrations -}} {{- $customInputPresetName := ($customInputVal).preset -}} {{- $presetVal := get $.Values.agent.presets $customInputPresetName -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_system/_system.tpl b/deploy/helm/elastic-agent/templates/integrations/_system/_system.tpl new file mode 100644 index 00000000000..fee22b990e9 --- /dev/null +++ b/deploy/helm/elastic-agent/templates/integrations/_system/_system.tpl @@ -0,0 +1,6 @@ +{{- define "elasticagent.system.init" -}} +{{- if eq $.Values.system.enabled true -}} +{{- include "elasticagent.system.config.logs.init" $ -}} +{{- include "elasticagent.system.config.metrics.init" $ -}} +{{- end -}} +{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_system/_system_logs.tpl b/deploy/helm/elastic-agent/templates/integrations/_system/_system_logs.tpl new file mode 100644 index 00000000000..60c5a403996 --- /dev/null +++ b/deploy/helm/elastic-agent/templates/integrations/_system/_system_logs.tpl @@ -0,0 +1,71 @@ +{{- define "elasticagent.system.config.logs.init" -}} +{{- if eq $.Values.system.enabled true }} +{{- $preset := $.Values.agent.presets.perNode -}} +{{- $inputVal := (include "elasticagent.system.config.logs.input" $ | fromYaml) -}} +{{- if ($inputVal).streams }} +{{- include "elasticagent.preset.mutate.inputs" (list $ $preset (list $inputVal)) -}} +{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "elasticagent.system.config.logs.input" -}} +id: system-logs +type: logfile +use_output: {{ $.Values.system.output }} +data_stream: + namespace: {{ $.Values.system.namespace }} +streams: + {{- if eq $.Values.system.authLogs.enabled true }} + - data_stream: + dataset: system.auth + type: logs + multiline: + pattern: ^\s + match: after + {{- $vars := (include "elasticagent.system.config.auth_logs.default_vars" .) | fromYaml -}} + {{- mergeOverwrite $vars $.Values.system.authLogs.vars | toYaml | nindent 4 }} + {{- end }} + {{- if eq $.Values.system.syslog.enabled true }} + - data_stream: + dataset: system.syslog + type: logs + multiline: + pattern: ^\s + match: after + {{- $vars := (include "elasticagent.system.config.syslog.default_vars" .) | fromYaml -}} + {{- mergeOverwrite $vars $.Values.system.syslog.vars | toYaml | nindent 4 }} + {{- end }} +{{- end -}} + +{{/* +Defaults for auth log input stream +*/}} +{{- define "elasticagent.system.config.auth_logs.default_vars" -}} +paths: + - /var/log/auth.log* + - /var/log/secure* +exclude_files: + - \.gz$ +processors: + - add_locale: null +tags: + - system-auth +ignore_older: 72h +{{- end -}} + +{{/* +Defaults for auth log syslog stream +*/}} +{{- define "elasticagent.system.config.syslog.default_vars" -}} +paths: + - /var/log/messages* + - /var/log/syslog* + - /var/log/system* +exclude_files: + - \.gz$ +processors: + - add_locale: null +tags: null +ignore_older: 72h +{{- end -}} diff --git a/deploy/helm/elastic-agent/templates/integrations/_system/_system_metrics.tpl b/deploy/helm/elastic-agent/templates/integrations/_system/_system_metrics.tpl new file mode 100644 index 00000000000..0661020385e --- /dev/null +++ b/deploy/helm/elastic-agent/templates/integrations/_system/_system_metrics.tpl @@ -0,0 +1,103 @@ +{{- define "elasticagent.system.config.metrics.init" -}} +{{- if $.Values.system.metrics.enabled}} +{{- $preset := $.Values.agent.presets.perNode -}} +{{- $inputVal := (include "elasticagent.system.config.metrics.input" $ | fromYamlArray) -}} +{{- include "elasticagent.preset.mutate.inputs" (list $ $preset $inputVal) -}} +{{- include "elasticagent.preset.applyOnce" (list $ $preset "elasticagent.kubernetes.pernode.preset") -}} +{{- end -}} +{{- end -}} + +{{- define "elasticagent.system.config.metrics.input" -}} +- id: system-metrics + type: system/metrics + use_output: {{ $.Values.system.output }} + data_stream: + namespace: {{ $.Values.system.namespace }} + streams: + - data_stream: + dataset: system.cpu + type: metrics + period: 10s + cpu.metrics: + - percentages + - normalized_percentages + metricsets: + - cpu + - data_stream: + dataset: system.diskio + type: metrics + period: 10s + diskio.include_devices: null + metricsets: + - diskio + - data_stream: + dataset: system.filesystem + type: metrics + period: 1m + metricsets: + - filesystem + processors: + - drop_event.when.regexp: + system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/) + - data_stream: + dataset: system.fsstat + type: metrics + period: 1m + metricsets: + - fsstat + processors: + - drop_event.when.regexp: + system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/) + - data_stream: + dataset: system.load + type: metrics + condition: '${host.platform} != ''windows''' + period: 10s + metricsets: + - load + - data_stream: + dataset: system.memory + type: metrics + period: 10s + metricsets: + - memory + - data_stream: + dataset: system.network + type: metrics + period: 10s + network.interfaces: null + metricsets: + - network + - data_stream: + dataset: system.process + type: metrics + period: 10s + processes: + - .* + process.include_top_n.by_cpu: 5 + process.include_top_n.by_memory: 5 + process.cmdline.cache.enabled: true + process.cgroups.enabled: false + process.include_cpu_ticks: false + metricsets: + - process + process.include_cpu_ticks: false + - data_stream: + dataset: system.process_summary + type: metrics + period: 10s + metricsets: + - process_summary + - data_stream: + dataset: system.socket_summary + type: metrics + period: 10s + metricsets: + - socket_summary + - data_stream: + type: metrics + dataset: system.uptime + metricsets: + - uptime + period: 10s +{{- end -}} diff --git a/deploy/helm/elastic-agent/values.schema.json b/deploy/helm/elastic-agent/values.schema.json index f791012c4d4..05fa9281af7 100644 --- a/deploy/helm/elastic-agent/values.schema.json +++ b/deploy/helm/elastic-agent/values.schema.json @@ -18,6 +18,71 @@ } ] }, + "system": { + "type": "object", + "description": "Configuration for system integration.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable system integration." + }, + "output": { + "type": "string", + "description": "Name of the output used in system integration. Must be defined in outputs." + }, + "namespace": { + "type": "string", + "description": "output namespace.", + "default": "default" + }, + "authLogs": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable system auth logs stream." + }, + "vars": { + "$ref": "#/definitions/SystemLogsStreamVars" + } + }, + "required": [ + "enabled" + ] + }, + "syslog": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable system syslog stream." + }, + "vars": { + "$ref": "#/definitions/SystemLogsStreamVars" + } + }, + "required": [ + "enabled" + ] + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable system metrics stream." + } + }, + "required": [ + "enabled" + ] + } + }, + "required": [ + "enabled", + "output" + ] + }, "kubernetes": { "type": "object", "description": "Configuration for Kubernetes integration.", @@ -534,7 +599,8 @@ "password" ] } - },{ + }, + { "if": { "properties": { "type": { @@ -1183,6 +1249,44 @@ "required": [ "mode" ] + }, + "SystemLogsStreamVars": { + "type": "object", + "description": "System integration log stream variables.", + "properties": { + "paths": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Paths to scan for logs." + }, + "exclude_files": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Files to exclude from logs." + }, + "processors": { + "type": "array", + "items": { + "type": "object" + }, + "description": "Processors for the system auth logs stream." + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Tags for the logs stream." + }, + "ignore_older": { + "type": "string", + "description": "If this option is specified, events that are older than the specified amount of time are ignored. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"." + } + } } } } diff --git a/deploy/helm/elastic-agent/values.yaml b/deploy/helm/elastic-agent/values.yaml index 72b151b40d7..d1f1b1c2fb5 100644 --- a/deploy/helm/elastic-agent/values.yaml +++ b/deploy/helm/elastic-agent/values.yaml @@ -64,7 +64,7 @@ kubernetes: # results in overriding and *disabling all* the respective state streams # @section -- 2 - Kubernetes integration enabled: true - # -- deploy kube-state-metrics service as a sidecar container to the elastic agent of `ksmShared` preset. + # -- deploy kube-state-metrics service as a sidecar container to the elastic agent of `ksmSharded` preset. # If set to `false`, kube-state-metrics will *not* get deployed and `clusterWide` agent preset will be used for # collecting kube-state-metrics. # @section -- 2 - Kubernetes integration @@ -287,58 +287,89 @@ kubernetes: # -- system metric stream vars # @section -- 2 - Kubernetes integration vars: {} +system: + # -- enable System integration. + # @section -- 4 - System integration + enabled: false + # -- name of the output used in System integration. Note that this output needs to be defined in + # [outputs](#1-outputs) + # @section -- 4 - System integration + output: default + # -- output namespace + # @section -- 4 - System integration + namespace: default + authLogs: + # -- enable auth logs + # @section -- 4 - System integration + enabled: true + # -- override default variables of auth logs stream. Look in the [values.schema.json](values.schema.json) to see the + # available variables + # @section -- 4 - System integration + vars: {} + syslog: + # -- enable syslog + # @section -- 4 - System integration + enabled: true + # -- override default variables of syslog stream. Look in the [values.schema.json](values.schema.json) to see the + # available variables + # @section -- 4 - System integration + vars: {} + metrics: + # -- enable metrics + # @section -- 4 - System integration + enabled: true # -- extra [user-defined integrations](https://www.elastic.co/guide/en/fleet/current/elastic-agent-input-configuration.html) to be added to the Elastic Agent # An example can be found [here](./examples/nginx-custom-integration/README.md) -# @section -- 3 - User Extra Integrations +# @section -- 5 - User Extra Integrations extraIntegrations: {} agent: # -- elastic-agent version - # @section -- 3 - Elastic-Agent Configuration + # @section -- 6 - Elastic-Agent Configuration version: 8.17.0 # -- image configuration - # @section -- 3 - Elastic-Agent Configuration + # @section -- 6 - Elastic-Agent Configuration image: repository: docker.elastic.co/beats/elastic-agent pullPolicy: IfNotPresent tag: "8.17.0-SNAPSHOT" # -- image pull secrets - # @section -- 3 - Elastic-Agent Configuration + # @section -- 6 - Elastic-Agent Configuration imagePullSecrets: [] # -- generate kubernetes manifests or [ECK](https://github.com/elastic/cloud-on-k8s) CRDs - # @section -- 3 - Elastic-Agent Configuration + # @section -- 6 - Elastic-Agent Configuration engine: k8s # k8s or eck # -- enable unprivileged mode - # @section -- 3 - Elastic-Agent Configuration + # @section -- 6 - Elastic-Agent Configuration unprivileged: false fleet: # -- enable elastic-agent managed - # @section -- 3.1 - Elastic-Agent Managed Configuration + # @section -- 6.1 - Elastic-Agent Managed Configuration enabled: false # -- Fleet server URL - # @section -- 3.1 - Elastic-Agent Managed Configuration + # @section -- 6.1 - Elastic-Agent Managed Configuration url: "" # -- Fleet enrollment token - # @section -- 3.1 - Elastic-Agent Managed Configuration + # @section -- 6.1 - Elastic-Agent Managed Configuration token: "" # -- Fleet insecure url - # @section -- 3.1 - Elastic-Agent Managed Configuration + # @section -- 6.1 - Elastic-Agent Managed Configuration insecure: false # -- Kibana host to fallback if enrollment token is not supplied - # @section -- 3.1 - Elastic-Agent Managed Configuration + # @section -- 6.1 - Elastic-Agent Managed Configuration kibanaHost: "" # -- Kibana username to fallback if enrollment token is not supplied - # @section -- 3.1 - Elastic-Agent Managed Configuration + # @section -- 6.1 - Elastic-Agent Managed Configuration kibanaUser: "" # -- Kibana password to fallback if enrollment token is not supplied - # @section -- 3.1 - Elastic-Agent Managed Configuration + # @section -- 6.1 - Elastic-Agent Managed Configuration kibanaPassword: "" # -- Agent preset to deploy - # @section -- 3.1 - Elastic-Agent Managed Configuration + # @section -- 6.1 - Elastic-Agent Managed Configuration preset: perNode # -- Map of deployment presets for the Elastic Agent. The key of the map is the name of the preset. See more for the presets # required by the built-in Kubernetes integration [here](./values.yaml) # @notationType -- map[string]{} - # @section -- 3 - Elastic-Agent Configuration + # @section -- 6 - Elastic-Agent Configuration # @default -- `{ "perNode" : {...}, "clusterWide": {...}, "ksmSharded": {...} }` presets: # examplePreset: