Kubernetes apiserver metricset
editKubernetes apiserver metricset
editThis is the apiserver
metricset of the Kubernetes module, in charge of retrieving metrics from the Kubernetes API (available at /metrics
).
This metricset needs access to the apiserver
component of Kubernetes, accessible typically by any POD via the kubernetes.default
service or via environment variables (KUBERNETES_SERVICE_HOST
and KUBERNETES_SERVICE_PORT
).
When the API uses https, the pod will need to authenticate using its default token and trust the server using the appropiate CA file.
Configuration example using https and token based authentication:
- module: kubernetes enabled: true metricsets: - apiserver hosts: ["https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}"] #hosts: ["https://kubernetes.default"] bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token ssl.certificate_authorities: - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt period: 30s
In order to access the /metrics
path of the API service, some Kubernetes environments might require the following permission to be added to a ClusterRole.
rules: - nonResourceURLs: - /metrics verbs: - get
The previous configuration and RBAC requirement is available in the complete example manifest proposed in Running Metricbeat on Kubernetes document.
Fields
editFor a description of each field in the metricset, see the exported fields section.
Here is an example document generated by this metricset:
{ "@timestamp": "2019-03-01T08:05:34.853Z", "event": { "dataset": "kubernetes.apiserver", "duration": 115000, "module": "kubernetes" }, "kubernetes": { "apiserver": { "etcd": { "object": { "count": 0 } }, "request": { "resource": "certificatesigningrequests.certificates.k8s.io" } } }, "metricset": { "name": "apiserver", "period": 10000 }, "service": { "address": "127.0.0.1:55555", "type": "kubernetes" } }