introducing apm-server to elastdocker

Signed-off-by: (╯°□°）╯︵ uᴉǝssnH ɐɟɐʇsoW <[email protected]>

.env

@@ -17,6 +17,9 @@ KIBANA_PORT=5601
 LOGSTASH_HOST=logstash
 LOGSTASH_PORT=8080
 
+APMSERVER_HOST=apm-server
+APMSERVER_PORT=8200
+
 #----------- Credientals ------------------------#
 # Username & Password for Admin Elasticsearch cluster.
 # This is used to set the password at setup, and used by others to connect to Elasticsearch at runtime.
@@ -25,6 +28,7 @@ ELASTIC_USERNAME=elastic
 ELASTIC_PASSWORD=changeme
 AWS_ACCESS_KEY_ID=nottherealid
 AWS_SECRET_ACCESS_KEY=notherealsecret
+ELASTIC_APM_SECRET_TOKEN=secrettokengoeshere
 
 #----------- Cluster ----------------------------#
 ELASTIC_CLUSTER_NAME=elastdocker-cluster

apm-server/Dockerfile

@@ -0,0 +1,5 @@
+ARG ELK_VERSION
+
+# https://github.com/elastic/apm-server
+FROM docker.elastic.co/apm/apm-server:${ELK_VERSION}
+ARG ELK_VERSION

apm-server/config/apm-server.yml

@@ -0,0 +1,101 @@
+######################### APM Server Configuration #########################
+
+################################ APM Server ################################
+
+apm-server:
+  # Defines the host and port the server is listening on. Use "unix:/path/to.sock" to listen on a unix domain socket.
+  host: "0.0.0.0:8200"
+
+
+  #---------------------------- APM Server - Secure Communication with Agents ----------------------------
+
+  # Enable authentication using Secret token
+  auth:
+    secret_token: '${ELASTIC_APM_SECRET_TOKEN}'
+
+  # Enable secure communication between APM agents and the server. By default ssl is disabled.
+  ssl:
+    enabled: true
+
+    # Path to file containing the certificate for server authentication.
+    # Needs to be configured when ssl is enabled.
+    certificate: "/certs/apm-server.crt"
+
+    # Path to file containing server certificate key.
+    # Needs to be configured when ssl is enabled.
+    key: "/certs/apm-server.key"
+
+#================================ Outputs =================================
+
+# Configure the output to use when sending the data collected by apm-server.
+
+#-------------------------- Elasticsearch output --------------------------
+output.elasticsearch:
+  # Array of hosts to connect to.
+  # Scheme and port can be left out and will be set to the default (`http` and `9200`).
+  # In case you specify and additional path, the scheme is required: `http://elasticsearch:9200/path`.
+  # IPv6 addresses should always be defined as: `https://[2001:db8::1]:9200`.
+  hosts: '${ELASTICSEARCH_HOST_PORT}'
+
+  # Boolean flag to enable or disable the output module.
+  enabled: true
+
+  # Protocol - either `http` (default) or `https`.
+  protocol: "https"
+
+  # Authentication credentials
+  username: '${ELASTIC_USERNAME}'
+  password: '${ELASTIC_PASSWORD}'
+
+  # Enable custom SSL settings. Set to false to ignore custom SSL settings for secure communication.
+  ssl.enabled: true
+
+  # List of root certificates for HTTPS server verifications.
+  ssl.certificate_authorities: ["/certs/ca.crt"]
+
+  # Certificate for SSL client authentication.
+  ssl.certificate: "/certs/apm-server.crt"
+
+  # Client Certificate Key
+  ssl.key: "/certs/apm-server.key"
+
+#============================= X-pack Monitoring =============================
+
+# APM server can export internal metrics to a central Elasticsearch monitoring
+# cluster.  This requires x-pack monitoring to be enabled in Elasticsearch.  The
+# reporting is disabled by default.
+
+# Set to true to enable the monitoring reporter.
+monitoring.enabled: true
+
+# Most settings from the Elasticsearch output are accepted here as well.
+# Note that these settings should be configured to point to your Elasticsearch *monitoring* cluster.
+# Any setting that is not set is automatically inherited from the Elasticsearch
+# output configuration. This means that if you have the Elasticsearch output configured,
+# you can simply uncomment the following line.
+monitoring.elasticsearch:
+
+  # Protocol - either `http` (default) or `https`.
+  protocol: "https"
+
+  # Authentication credentials
+  username: '${ELASTIC_USERNAME}'
+  password: '${ELASTIC_PASSWORD}'
+
+  # Array of hosts to connect to.
+  # Scheme and port can be left out and will be set to the default (`http` and `9200`).
+  # In case you specify and additional path, the scheme is required: `http://elasticsearch:9200/path`.
+  # IPv6 addresses should always be defined as: `https://[2001:db8::1]:9200`.
+  hosts: '${ELASTICSEARCH_HOST_PORT}'
+
+  # Enable custom SSL settings. Set to false to ignore custom SSL settings for secure communication.
+  ssl.enabled: true
+
+  # List of root certificates for HTTPS server verifications.
+  ssl.certificate_authorities: ["/certs/ca.crt"]
+
+  # Certificate for SSL client authentication.
+  ssl.certificate: "/certs/apm-server.crt"
+
+  # Client Certificate Key
+  ssl.key: "/certs/apm-server.key"

docker-compose.yml

@@ -25,6 +25,10 @@ secrets:
     file: ./secrets/certs/kibana/kibana.crt
   kibana.key:
     file: ./secrets/certs/kibana/kibana.key
+  apm-server.certificate:
+    file: ./secrets/certs/apm-server/apm-server.crt
+  apm-server.key:
+    file: ./secrets/certs/apm-server/apm-server.key
 
 services:
   elasticsearch:
@@ -120,3 +124,27 @@ services:
         target: /certs/kibana.key
     ports:
       - "5601:5601"
+
+  apm-server:
+    image: elastdocker/apm-server:${ELK_VERSION}
+    build:
+      context: apm-server/
+      args:
+        ELK_VERSION: $ELK_VERSION
+    restart: unless-stopped
+    ports:
+      - "8200:8200"
+    volumes:
+      - ./apm-server/config/apm-server.yml:/usr/share/apm-server/apm-server.yml:ro
+    environment:
+      ELASTIC_USERNAME: ${ELASTIC_USERNAME}
+      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
+      ELASTICSEARCH_HOST_PORT: https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}
+      ELASTIC_APM_SECRET_TOKEN: ${ELASTIC_APM_SECRET_TOKEN}
+    secrets:
+      - source: elastic.ca
+        target: /certs/ca.crt
+      - source: apm-server.certificate
+        target: /certs/apm-server.crt
+      - source: apm-server.key
+        target: /certs/apm-server.key

kibana/config/kibana.yml

@@ -21,6 +21,22 @@ xpack.reporting.encryptionKey: RSCueeHKzrqzOVTJhkjt17EMnzM96LlN
 elasticsearch.serviceAccountToken: "${KIBANA_SERVICE_ACCOUNT_TOKEN}"
 elasticsearch.ssl.certificateAuthorities: [ "/certs/ca.crt" ]
 
+## Add policy for apm-server integration
+xpack.fleet.packages:
+  - name: apm
+    version: latest
+xpack.fleet.agentPolicies:
+  - name: Agent policy 1
+    id: agent-policy-1
+    namespace: default
+    monitoring_enabled:
+      - logs
+      - metrics
+    package_policies:
+      - name: apm-1
+        id: default-apm
+        package:
+          name: apm
 
 ## Misc
 elasticsearch.requestTimeout: 90000
@@ -29,4 +45,4 @@ elasticsearch.requestTimeout: 90000
 
 ## ElastAlert Plugin
 #elastalert-kibana-plugin.serverHost: elastalert
-#elastalert-kibana-plugin.serverPort: 3030
+#elastalert-kibana-plugin.serverPort: 3030

setup/instances.yml

@@ -11,4 +11,11 @@ instances:
       - kibana
       - localhost
     ip:
-      - 127.0.0.1
+      - 127.0.0.1
+
+  - name: apm-server
+    dns:
+      - apm-server
+      - localhost
+    ip:
+      - 127.0.0.1