-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Agent] Add agent standalone manifests for system module & Pod's log collection #23938
[Agent] Add agent standalone manifests for system module & Pod's log collection #23938
Conversation
Signed-off-by: chrismark <[email protected]>
Pinging @elastic/integrations (Team:Integrations) |
Pinging @elastic/agent (Team:Agent) |
💚 Build Succeeded
Expand to view the summary
Build stats
Trends 🧪❕ Flaky test reportNo test was executed to be analysed. |
This pull request doesn't have a |
Signed-off-by: chrismark <[email protected]>
Signed-off-by: chrismark <[email protected]>
@ruflin @michalpristas @blakerouse Do we need to add ids for inputs or stream? |
Signed-off-by: chrismark <[email protected]>
Signed-off-by: chrismark <[email protected]>
Adding the section to collect logs from Pod's using k8s provider works too. We can add it here or we can add it in separate follow-up PR. Sample event:
|
Signed-off-by: chrismark <[email protected]>
So at this state the manifest file supports the following:
@blakerouse @jsoriano @david-kow feel free to review when you have the time |
Signed-off-by: chrismark <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for splitting it in multiple files!
deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset-configmap.yaml
Show resolved
Hide resolved
Signed-off-by: chrismark <[email protected]>
args: [ | ||
"-c", "/etc/agent.yml", | ||
"-e", "-d", "composable.providers.kubernetes", | ||
"-e", "-d", "*", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we have the debug selector for all on by default? That seems like it would produce probably more than it should.
Maybe remove it with a comment on how to add it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍🏼
@@ -87,6 +111,137 @@ data: | |||
node: ${NODE_NAME} | |||
scope: node | |||
inputs: | |||
- id: 4ae27079-6cd4-4ab7-a459-abbae74ffc44 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should be able to remove the id
from everywhere. You really do not need those, being that those are normally generated by Fleet.
Elastic Agent will work without id
on the inputs and streams.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍🏼 thanks for clarifying
image: docker.elastic.co/beats/elastic-agent:%VERSION% | ||
args: [ | ||
"-c", "/etc/agent.yml", | ||
"-e", "-d", "composable.providers.kubernetes", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one has the debug selector specific to the kubernetes provider. That might be acceptable to always have on. It should be consistent across the files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍🏼
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But do we want any debug logging enabled by default? What do you think about leaving it commented out?
Signed-off-by: chrismark <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, but I wonder if we want any debug logging enabled by default.
image: docker.elastic.co/beats/elastic-agent:%VERSION% | ||
args: [ | ||
"-c", "/etc/agent.yml", | ||
"-e", "-d", "composable.providers.kubernetes", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But do we want any debug logging enabled by default? What do you think about leaving it commented out?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work, we might reuse some of this for ECK examples :) Added some comments/questions.
deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset-configmap.yaml
Show resolved
Hide resolved
deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-deployment.yaml
Show resolved
Hide resolved
deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-deployment.yaml
Show resolved
Hide resolved
Ok, makes sense, I will remove it for now. |
Signed-off-by: chrismark <[email protected]>
Phenomenal progress in getting standalone agent mode working to get logs and metrics for system and K8s control plane. Thanks @ChrsMark for getting us here so quickly in last few weeks, Kudos! Like you said in the description, we will need a single standalone manifest that collects metrics and logs for both system and k8s but looking at this standalone manifest and that doesn't have the system integration yet. Is that something we are planning to get next week? Once we have that single standalone manifest, I am assuming we can just fit this standalone manifest right in the "add agent in standalone mode" in Fleet UI with K8s integration config in the standalone manifest filled with kubernetes section from agent policy. So users can just copy this standalone manifest from Fleet UI, add ES creds, run it on K8s and bingo, they have the system and K8s observability. Is that right? This will also work with ECK agent CRD I assume where users can just insert the standalone manifest in appropriate section in agent config @shubhaat fyi |
Hey! This PR adds system integration and logs' collection from Pods. You can see the full manifest at https://github.com/elastic/beats/pull/23938/files.
In the past we had been sharing this kind of manifests(https://github.com/elastic/beats/blob/master/deploy/kubernetes/metricbeat-kubernetes.yaml) through GH and guiding our users through https://www.elastic.co/guide/en/beats/metricbeat/current/running-on-kubernetes.html. I expect we will have sth similar here, not sure if if this should be added in Fleet too :). |
037c16a
to
3e4a54d
Compare
Signed-off-by: chrismark <[email protected]>
3e4a54d
to
292c360
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome to see conditions just working! Nicely done.
* upstream/master: [Elastic Agent] Fix docker entrypoint for elastic-agent. (elastic#24155) [PACKAGING] Push docker images with the architecture in the version (elastic#24121) [Agent] Add agent standalone manifests for system module & Pod's log collection (elastic#23938) indicator type url is in upper case (elastic#24152) [Filebeat] Document netflow internal_networks and set default (elastic#24110) [Filebeat] Adding fixes to the TI module (elastic#24133) [Enhancement] Add RotateOnStartup feature flag for file output (elastic#19347) [Ingest Manager] Fix: Successfully installed and enrolled agent running standalone (elastic#24128) Set Elastic licence type for APM server Beats update job (elastic#24122) Add logrotation section on Running Filebeat on k8s (elastic#24120) [CI] Run if manual UI (elastic#24116) [CI] enable x-pack/heartbeat in the CI (elastic#23873)
…dows-7 * upstream/master: Remove OSS reference for kibana and elasticsearch (elastic#24164) Skip flaky TestActions on MacOSx (elastic#23966) [Filebeat][AWS] Fix vpcflow pipeline exception: Cannot invoke "Object.getClass()" because "receiver" is null (elastic#24167) [Elastic Agent] Fix docker entrypoint for elastic-agent. (elastic#24155) [PACKAGING] Push docker images with the architecture in the version (elastic#24121) [Agent] Add agent standalone manifests for system module & Pod's log collection (elastic#23938) indicator type url is in upper case (elastic#24152) [Filebeat] Document netflow internal_networks and set default (elastic#24110) [Filebeat] Adding fixes to the TI module (elastic#24133) [Enhancement] Add RotateOnStartup feature flag for file output (elastic#19347) [Ingest Manager] Fix: Successfully installed and enrolled agent running standalone (elastic#24128) Set Elastic licence type for APM server Beats update job (elastic#24122) Add logrotation section on Running Filebeat on k8s (elastic#24120) [CI] Run if manual UI (elastic#24116) [CI] enable x-pack/heartbeat in the CI (elastic#23873) chore: comment out the E2E (elastic#24109) chore: add-backport-next (elastic#24098) Adjust the position of the architecture name in Dockerlogbeat tarball (elastic#24095) Update dependencies for M1 support in System (elastic#24019)
…-arm * upstream/master: (24 commits) Add example input autodsicover config (elastic#24157) Empty configuration options generate `<no value>` string for azure-eventhub input (elastic#24156) Remove OSS reference for kibana and elasticsearch (elastic#24164) Skip flaky TestActions on MacOSx (elastic#23966) [Filebeat][AWS] Fix vpcflow pipeline exception: Cannot invoke "Object.getClass()" because "receiver" is null (elastic#24167) [Elastic Agent] Fix docker entrypoint for elastic-agent. (elastic#24155) [PACKAGING] Push docker images with the architecture in the version (elastic#24121) [Agent] Add agent standalone manifests for system module & Pod's log collection (elastic#23938) indicator type url is in upper case (elastic#24152) [Filebeat] Document netflow internal_networks and set default (elastic#24110) [Filebeat] Adding fixes to the TI module (elastic#24133) [Enhancement] Add RotateOnStartup feature flag for file output (elastic#19347) [Ingest Manager] Fix: Successfully installed and enrolled agent running standalone (elastic#24128) Set Elastic licence type for APM server Beats update job (elastic#24122) Add logrotation section on Running Filebeat on k8s (elastic#24120) [CI] Run if manual UI (elastic#24116) [CI] enable x-pack/heartbeat in the CI (elastic#23873) chore: comment out the E2E (elastic#24109) chore: add-backport-next (elastic#24098) Adjust the position of the architecture name in Dockerlogbeat tarball (elastic#24095) ...
@ChrsMark I may be missing something here but when I look at standalone config in master I see only one logfile input which collects the logs from var/log/containers but what about auth and syslog datasets? Here is what I see on the /var/log directory on single node K8s cluster. And I think we should be providing the auth.log and syslog similar to how our system integration logfile input collects.
|
@mukeshelastic system logs will be collected too after #24185. |
What does this PR do?
This PR adds k8s manifest for running Elastic Agent in standalone mode with:
system
integration enabled by default. This one deploys Agent as Daemonset Pods on all k8s nodes. It stands as the equivalent of Metricbeat's system module on k8s.Pod's log collection enabled using dynamic inputs in combination with k8s provider.
[DONE:] It will need to be combined with #23679 most probably so as to deliver one single manifest to end users, but for now I'm keeping these 2 separately.
How to test this PR locally
kind create cluster --config kind-mutly.yaml
2. Set a proper ES host inside manifest and deploy Agent:
kubectl apply -f elastic-agent-standalone-kubernetes.yml
3. Verify that all data streams ship data:
generic
dataset and also enriched by k8s metadata.kubernetes.apiserver
,kubernetes.state_pod
,kubernetes.pod
,kubernetes.proxy
,kubernetes.scheduler
,kubernetes.controllermanager
.Related issues
Logs
Sample event:
cc: @blakerouse @david-kow @fearful-symmetry