Skip to content

Commit

Permalink
[helm]: forward agent providers configuration for fleet mode (#5912)
Browse files Browse the repository at this point in the history
* feat: forward agent providers configuration for fleet mode

* feat: add fleet example
  • Loading branch information
pkoutsovasilis authored Nov 4, 2024
1 parent 3eedba2 commit 9d2c3c9
Show file tree
Hide file tree
Showing 12 changed files with 432 additions and 95 deletions.
68 changes: 68 additions & 0 deletions deploy/helm/elastic-agent/examples/fleet-managed/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
# Example: Managed by Fleet Elastic Agent

In this example we deploy an Elastic Agent that is managed by [Fleet](https://www.elastic.co/guide/en/fleet/current/manage-agents-in-fleet.html).

## Prerequisites:
1. Follow [this guide](https://www.elastic.co/guide/en/fleet/current/install-fleet-managed-elastic-agent.html#elastic-agent-installation-steps) to set up an agent policy and enroll an agent to it. Do not download any binary, from the proposed enrollment command just extract the Fleet URL (`--url=$FLEET_URL`) and Enrollment token (`--enrollment-token=$FLEET_TOKEN`).

## Run:

```console
helm install elastic-agent ../../ \
--set agent.fleet.enabled=true \
--set agent.fleet.url=$FLEET_URL \
--set agent.fleet.token=$FLEET_TOKEN \
--set agent.fleet.preset=perNode
-n kube-system
```

## Validate:

1. [Optional] Install kube-state metrics if you want to see the KSM related metrics `kubectl apply -k https://github.com/kubernetes/kube-state-metrics`.
2. Install Kubernetes integration to the agent policy that you created in Fleet. If you didn't install kube-state metrics from above, make sure to disable them in the integration.
3. The Kibana `kubernetes`-related dashboards should start showing the respective info.

## Note:

In this example we deploy an Elastic Agent that is managed by Fleet using the built-in `perNode` preset (`DaemonSet`) targeting kubernetes monitoring. However, a user-defined agent `preset`, for different use cases, can be used as well, e.g. by using the following configuration:
```yaml
agent:
fleet:
enabled: true
url: $FLEET_URL # replace with Fleet URL
token: $FLEET_TOKEN # replace with Fleet Enrollment token
preset: nginx
presets:
nginx:
mode: deployment
securityContext:
runAsUser: 0
rules:
# minimum cluster role ruleset required by agent
- apiGroups: [ "" ]
resources:
- nodes
- namespaces
- pods
verbs:
- get
- watch
- list
- apiGroups: [ "apps" ]
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups: [ "batch" ]
resources:
- jobs
verbs:
- get
- list
- watch
providers:
kubernetes_leaderelection:
enabled: false
```
39 changes: 39 additions & 0 deletions deploy/helm/elastic-agent/examples/fleet-managed/fleet-values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
agent:
fleet:
enabled: true
url: http://localhost:8220
token: fleetToken
preset: nginx
presets:
nginx:
mode: deployment
securityContext:
runAsUser: 0
rules:
# minimum cluster role ruleset required by agent
- apiGroups: [ "" ]
resources:
- nodes
- namespaces
- pods
verbs:
- get
- watch
- list
- apiGroups: [ "apps" ]
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups: [ "batch" ]
resources:
- jobs
verbs:
- get
- list
- watch
providers:
kubernetes_leaderelection:
enabled: false
Original file line number Diff line number Diff line change
@@ -0,0 +1,233 @@
---
# Source: elastic-agent/templates/agent/service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: agent-nginx-example
namespace: "default"
labels:
helm.sh/chart: elastic-agent-0.0.1
app.kubernetes.io/name: elastic-agent
app.kubernetes.io/instance: example
app.kubernetes.io/version: 9.0.0
app.kubernetes.io/managed-by: Helm
---
# Source: elastic-agent/templates/agent/k8s/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: agent-nginx-example
namespace: "default"
labels:
helm.sh/chart: elastic-agent-0.0.1
app.kubernetes.io/name: elastic-agent
app.kubernetes.io/instance: example
app.kubernetes.io/version: 9.0.0
app.kubernetes.io/managed-by: Helm
stringData:

agent.yml: |-
fleet:
enabled: true
providers:
kubernetes_leaderelection:
enabled: false
---
# Source: elastic-agent/templates/agent/cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: agent-nginx-example-default
labels:
helm.sh/chart: elastic-agent-0.0.1
app.kubernetes.io/name: elastic-agent
app.kubernetes.io/instance: example
app.kubernetes.io/version: 9.0.0
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: [ "" ] # "" indicates the core API group
resources:
- nodes
- namespaces
- events
- pods
- services
- configmaps
- persistentvolumes
- persistentvolumeclaims
- persistentvolumeclaims/status
- nodes/metrics
- nodes/proxy
- nodes/stats
verbs:
- get
- watch
- list
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- watch
- list
- nonResourceURLs:
- /metrics
verbs:
- get
- watch
- list
- apiGroups: [ "coordination.k8s.io" ]
resources:
- leases
verbs:
- get
- create
- update
- nonResourceURLs:
- /healthz
- /healthz/*
- /livez
- /livez/*
- /metrics
- /metrics/slis
- /readyz
- /readyz/*
verbs:
- get
- apiGroups: [ "apps" ]
resources:
- replicasets
- deployments
- daemonsets
- statefulsets
verbs:
- get
- list
- watch
- apiGroups: [ "batch" ]
resources:
- jobs
- cronjobs
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
- namespaces
- pods
verbs:
- get
- watch
- list
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
---
# Source: elastic-agent/templates/agent/cluster-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: agent-nginx-example-default
labels:
helm.sh/chart: elastic-agent-0.0.1
app.kubernetes.io/name: elastic-agent
app.kubernetes.io/instance: example
app.kubernetes.io/version: 9.0.0
app.kubernetes.io/managed-by: Helm
subjects:
- kind: ServiceAccount
name: agent-nginx-example
namespace: "default"
roleRef:
kind: ClusterRole
name: agent-nginx-example-default
apiGroup: rbac.authorization.k8s.io
---
# Source: elastic-agent/templates/agent/k8s/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: agent-nginx-example
namespace: "default"
labels:
helm.sh/chart: elastic-agent-0.0.1
app.kubernetes.io/name: elastic-agent
app.kubernetes.io/instance: example
app.kubernetes.io/version: 9.0.0
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
name: agent-nginx-example
template:
metadata:
labels:
name: agent-nginx-example
annotations:
checksum/config: ce25762427c9b6e207de5327b69be314f9d077db8138b7b241fd40f7b8a80aca
spec:
automountServiceAccountToken: true
containers:
- args:
- -c
- /etc/elastic-agent/agent.yml
- -e
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: STATE_PATH
value: /usr/share/elastic-agent/state
- name: FLEET_URL
value: http://localhost:8220
- name: FLEET_ENROLLMENT_TOKEN
value: fleetToken
- name: FLEET_INSECURE
value: "false"
- name: FLEET_ENROLL
value: "1"
image: docker.elastic.co/beats/elastic-agent:9.0.0-SNAPSHOT
imagePullPolicy: IfNotPresent
name: agent
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /usr/share/elastic-agent/state
name: agent-data
- mountPath: /etc/elastic-agent/agent.yml
name: config
readOnly: true
subPath: agent.yml
dnsPolicy: ClusterFirstWithHostNet
serviceAccountName: agent-nginx-example
volumes:
- hostPath:
path: /etc/elastic-agent/default/agent-nginx-example-managed/state
type: DirectoryOrCreate
name: agent-data
- name: config
secret:
defaultMode: 292
secretName: agent-nginx-example
Loading

0 comments on commit 9d2c3c9

Please sign in to comment.