-
Notifications
You must be signed in to change notification settings - Fork 148
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[helm]: forward agent providers configuration for fleet mode (#5912)
* feat: forward agent providers configuration for fleet mode * feat: add fleet example
- Loading branch information
1 parent
3eedba2
commit 9d2c3c9
Showing
12 changed files
with
432 additions
and
95 deletions.
There are no files selected for viewing
68 changes: 68 additions & 0 deletions
68
deploy/helm/elastic-agent/examples/fleet-managed/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
# Example: Managed by Fleet Elastic Agent | ||
|
||
In this example we deploy an Elastic Agent that is managed by [Fleet](https://www.elastic.co/guide/en/fleet/current/manage-agents-in-fleet.html). | ||
|
||
## Prerequisites: | ||
1. Follow [this guide](https://www.elastic.co/guide/en/fleet/current/install-fleet-managed-elastic-agent.html#elastic-agent-installation-steps) to set up an agent policy and enroll an agent to it. Do not download any binary, from the proposed enrollment command just extract the Fleet URL (`--url=$FLEET_URL`) and Enrollment token (`--enrollment-token=$FLEET_TOKEN`). | ||
|
||
## Run: | ||
|
||
```console | ||
helm install elastic-agent ../../ \ | ||
--set agent.fleet.enabled=true \ | ||
--set agent.fleet.url=$FLEET_URL \ | ||
--set agent.fleet.token=$FLEET_TOKEN \ | ||
--set agent.fleet.preset=perNode | ||
-n kube-system | ||
``` | ||
|
||
## Validate: | ||
|
||
1. [Optional] Install kube-state metrics if you want to see the KSM related metrics `kubectl apply -k https://github.com/kubernetes/kube-state-metrics`. | ||
2. Install Kubernetes integration to the agent policy that you created in Fleet. If you didn't install kube-state metrics from above, make sure to disable them in the integration. | ||
3. The Kibana `kubernetes`-related dashboards should start showing the respective info. | ||
|
||
## Note: | ||
|
||
In this example we deploy an Elastic Agent that is managed by Fleet using the built-in `perNode` preset (`DaemonSet`) targeting kubernetes monitoring. However, a user-defined agent `preset`, for different use cases, can be used as well, e.g. by using the following configuration: | ||
```yaml | ||
agent: | ||
fleet: | ||
enabled: true | ||
url: $FLEET_URL # replace with Fleet URL | ||
token: $FLEET_TOKEN # replace with Fleet Enrollment token | ||
preset: nginx | ||
presets: | ||
nginx: | ||
mode: deployment | ||
securityContext: | ||
runAsUser: 0 | ||
rules: | ||
# minimum cluster role ruleset required by agent | ||
- apiGroups: [ "" ] | ||
resources: | ||
- nodes | ||
- namespaces | ||
- pods | ||
verbs: | ||
- get | ||
- watch | ||
- list | ||
- apiGroups: [ "apps" ] | ||
resources: | ||
- replicasets | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: [ "batch" ] | ||
resources: | ||
- jobs | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
providers: | ||
kubernetes_leaderelection: | ||
enabled: false | ||
``` |
39 changes: 39 additions & 0 deletions
39
deploy/helm/elastic-agent/examples/fleet-managed/fleet-values.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
agent: | ||
fleet: | ||
enabled: true | ||
url: http://localhost:8220 | ||
token: fleetToken | ||
preset: nginx | ||
presets: | ||
nginx: | ||
mode: deployment | ||
securityContext: | ||
runAsUser: 0 | ||
rules: | ||
# minimum cluster role ruleset required by agent | ||
- apiGroups: [ "" ] | ||
resources: | ||
- nodes | ||
- namespaces | ||
- pods | ||
verbs: | ||
- get | ||
- watch | ||
- list | ||
- apiGroups: [ "apps" ] | ||
resources: | ||
- replicasets | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: [ "batch" ] | ||
resources: | ||
- jobs | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
providers: | ||
kubernetes_leaderelection: | ||
enabled: false |
233 changes: 233 additions & 0 deletions
233
deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,233 @@ | ||
--- | ||
# Source: elastic-agent/templates/agent/service-account.yaml | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: agent-nginx-example | ||
namespace: "default" | ||
labels: | ||
helm.sh/chart: elastic-agent-0.0.1 | ||
app.kubernetes.io/name: elastic-agent | ||
app.kubernetes.io/instance: example | ||
app.kubernetes.io/version: 9.0.0 | ||
app.kubernetes.io/managed-by: Helm | ||
--- | ||
# Source: elastic-agent/templates/agent/k8s/secret.yaml | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: agent-nginx-example | ||
namespace: "default" | ||
labels: | ||
helm.sh/chart: elastic-agent-0.0.1 | ||
app.kubernetes.io/name: elastic-agent | ||
app.kubernetes.io/instance: example | ||
app.kubernetes.io/version: 9.0.0 | ||
app.kubernetes.io/managed-by: Helm | ||
stringData: | ||
|
||
agent.yml: |- | ||
fleet: | ||
enabled: true | ||
providers: | ||
kubernetes_leaderelection: | ||
enabled: false | ||
--- | ||
# Source: elastic-agent/templates/agent/cluster-role.yaml | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: agent-nginx-example-default | ||
labels: | ||
helm.sh/chart: elastic-agent-0.0.1 | ||
app.kubernetes.io/name: elastic-agent | ||
app.kubernetes.io/instance: example | ||
app.kubernetes.io/version: 9.0.0 | ||
app.kubernetes.io/managed-by: Helm | ||
rules: | ||
- apiGroups: [ "" ] # "" indicates the core API group | ||
resources: | ||
- nodes | ||
- namespaces | ||
- events | ||
- pods | ||
- services | ||
- configmaps | ||
- persistentvolumes | ||
- persistentvolumeclaims | ||
- persistentvolumeclaims/status | ||
- nodes/metrics | ||
- nodes/proxy | ||
- nodes/stats | ||
verbs: | ||
- get | ||
- watch | ||
- list | ||
- apiGroups: | ||
- storage.k8s.io | ||
resources: | ||
- storageclasses | ||
verbs: | ||
- get | ||
- watch | ||
- list | ||
- nonResourceURLs: | ||
- /metrics | ||
verbs: | ||
- get | ||
- watch | ||
- list | ||
- apiGroups: [ "coordination.k8s.io" ] | ||
resources: | ||
- leases | ||
verbs: | ||
- get | ||
- create | ||
- update | ||
- nonResourceURLs: | ||
- /healthz | ||
- /healthz/* | ||
- /livez | ||
- /livez/* | ||
- /metrics | ||
- /metrics/slis | ||
- /readyz | ||
- /readyz/* | ||
verbs: | ||
- get | ||
- apiGroups: [ "apps" ] | ||
resources: | ||
- replicasets | ||
- deployments | ||
- daemonsets | ||
- statefulsets | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: [ "batch" ] | ||
resources: | ||
- jobs | ||
- cronjobs | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- nodes | ||
- namespaces | ||
- pods | ||
verbs: | ||
- get | ||
- watch | ||
- list | ||
- apiGroups: | ||
- apps | ||
resources: | ||
- replicasets | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: | ||
- batch | ||
resources: | ||
- jobs | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
--- | ||
# Source: elastic-agent/templates/agent/cluster-role-binding.yaml | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: agent-nginx-example-default | ||
labels: | ||
helm.sh/chart: elastic-agent-0.0.1 | ||
app.kubernetes.io/name: elastic-agent | ||
app.kubernetes.io/instance: example | ||
app.kubernetes.io/version: 9.0.0 | ||
app.kubernetes.io/managed-by: Helm | ||
subjects: | ||
- kind: ServiceAccount | ||
name: agent-nginx-example | ||
namespace: "default" | ||
roleRef: | ||
kind: ClusterRole | ||
name: agent-nginx-example-default | ||
apiGroup: rbac.authorization.k8s.io | ||
--- | ||
# Source: elastic-agent/templates/agent/k8s/deployment.yaml | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: agent-nginx-example | ||
namespace: "default" | ||
labels: | ||
helm.sh/chart: elastic-agent-0.0.1 | ||
app.kubernetes.io/name: elastic-agent | ||
app.kubernetes.io/instance: example | ||
app.kubernetes.io/version: 9.0.0 | ||
app.kubernetes.io/managed-by: Helm | ||
spec: | ||
selector: | ||
matchLabels: | ||
name: agent-nginx-example | ||
template: | ||
metadata: | ||
labels: | ||
name: agent-nginx-example | ||
annotations: | ||
checksum/config: ce25762427c9b6e207de5327b69be314f9d077db8138b7b241fd40f7b8a80aca | ||
spec: | ||
automountServiceAccountToken: true | ||
containers: | ||
- args: | ||
- -c | ||
- /etc/elastic-agent/agent.yml | ||
- -e | ||
env: | ||
- name: NODE_NAME | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: spec.nodeName | ||
- name: POD_NAME | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.name | ||
- name: STATE_PATH | ||
value: /usr/share/elastic-agent/state | ||
- name: FLEET_URL | ||
value: http://localhost:8220 | ||
- name: FLEET_ENROLLMENT_TOKEN | ||
value: fleetToken | ||
- name: FLEET_INSECURE | ||
value: "false" | ||
- name: FLEET_ENROLL | ||
value: "1" | ||
image: docker.elastic.co/beats/elastic-agent:9.0.0-SNAPSHOT | ||
imagePullPolicy: IfNotPresent | ||
name: agent | ||
securityContext: | ||
runAsUser: 0 | ||
volumeMounts: | ||
- mountPath: /usr/share/elastic-agent/state | ||
name: agent-data | ||
- mountPath: /etc/elastic-agent/agent.yml | ||
name: config | ||
readOnly: true | ||
subPath: agent.yml | ||
dnsPolicy: ClusterFirstWithHostNet | ||
serviceAccountName: agent-nginx-example | ||
volumes: | ||
- hostPath: | ||
path: /etc/elastic-agent/default/agent-nginx-example-managed/state | ||
type: DirectoryOrCreate | ||
name: agent-data | ||
- name: config | ||
secret: | ||
defaultMode: 292 | ||
secretName: agent-nginx-example |
Oops, something went wrong.