- Elastic Cloud on Kubernetes:
- Overview
- Quickstart
- Operating ECK
- Orchestrating Elastic Stack applications
- Run Elasticsearch on ECK
- JVM heap size
- Node configuration
- Volume claim templates
- Storage recommendations
- Transport settings
- Virtual memory
- Settings managed by ECK
- Secure settings
- Custom configuration files and plugins
- Init containers for plugin downloads
- Update strategy
- Pod disruption budget
- Nodes orchestration
- Advanced Elasticsearch node scheduling
- Create automated snapshots
- Remote clusters
- Readiness probe
- Pod PreStop hook
- Elasticsearch autoscaling
- JVM heap dumps
- Security Context
- Run Kibana on ECK
- Run APM Server on ECK
- Run standalone Elastic Agent on ECK
- Run Fleet-managed Elastic Agent on ECK
- Run Elastic Maps Server on ECK
- Run Enterprise Search on ECK
- Run Beats on ECK
- Secure the Elastic Stack
- Access Elastic Stack services
- Customize Pods
- Manage compute resources
- Autoscaling stateless applications
- Upgrade the Elastic Stack version
- Run Elasticsearch on ECK
- Advanced topics
- Reference
- API Reference
- agent.k8s.elastic.co/v1alpha1
- apm.k8s.elastic.co/v1
- apm.k8s.elastic.co/v1beta1
- beat.k8s.elastic.co/v1beta1
- common.k8s.elastic.co/v1
- common.k8s.elastic.co/v1beta1
- elasticsearch.k8s.elastic.co/v1
- elasticsearch.k8s.elastic.co/v1beta1
- enterprisesearch.k8s.elastic.co/v1
- enterprisesearch.k8s.elastic.co/v1beta1
- kibana.k8s.elastic.co/v1
- kibana.k8s.elastic.co/v1beta1
- maps.k8s.elastic.co/v1alpha1
- Glossary
- Third-party dependencies
- API Reference
- Release highlights
- 1.9.1 release highlights
- 1.9.0 release highlights
- 1.8.0 release highlights
- 1.7.1 release highlights
- 1.7.0 release highlights
- 1.6.0 release highlights
- 1.5.0 release highlights
- 1.4.1 release highlights
- 1.4.0 release highlights
- 1.3.2 release highlights
- 1.3.1 release highlights
- 1.3.0 release highlights
- 1.2.2 release highlights
- 1.2.1 release highlights
- 1.2.0 release highlights
- 1.1.2 release highlights
- 1.1.1 release highlights
- 1.1.0 release highlights
- 1.0.1 release highlights
- 1.0.0 release highlights
- 1.0.0-beta1 release highlights
- Release notes
- Elastic Cloud on Kubernetes version 1.9.1
- Elastic Cloud on Kubernetes version 1.9.0
- Elastic Cloud on Kubernetes version 1.8.0
- Elastic Cloud on Kubernetes version 1.7.1
- Elastic Cloud on Kubernetes version 1.7.0
- Elastic Cloud on Kubernetes version 1.6.0
- Elastic Cloud on Kubernetes version 1.5.0
- Elastic Cloud on Kubernetes version 1.4.1
- Elastic Cloud on Kubernetes version 1.4.0
- Elastic Cloud on Kubernetes version 1.3.2
- Elastic Cloud on Kubernetes version 1.3.1
- Elastic Cloud on Kubernetes version 1.3.0
- Elastic Cloud on Kubernetes version 1.2.2
- Elastic Cloud on Kubernetes version 1.2.1
- Elastic Cloud on Kubernetes version 1.2.0
- Elastic Cloud on Kubernetes version 1.1.2
- Elastic Cloud on Kubernetes version 1.1.1
- Elastic Cloud on Kubernetes version 1.1.0
- Elastic Cloud on Kubernetes version 1.0.1
- Elastic Cloud on Kubernetes version 1.0.0
- Elastic Cloud on Kubernetes version 1.0.0-beta1
Configuration Examples
editConfiguration Examples
editBelow you can find manifests that address a number of common use cases and can be your starting point in exploring Beats deployed with ECK. These manifests are self-contained and work out-of-the-box on any non-secured Kubernetes cluster. They all contain three-node Elasticsearch cluster and single Kibana instance. All Beat configurations set up Kibana dashboards if they are available for a given Beat and all required RBAC resources.
The examples in this section are purely descriptive and should not be considered to be production-ready. Some of these examples use the node.store.allow_mmap: false
setting which has performance implications and should be tuned for production workloads, as described in Virtual memory.
Metricbeat for Kubernetes monitoring
editkubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.9/config/recipes/beats/metricbeat_hosts.yaml
Deploys Metricbeat as a DaemonSet that monitors the usage of the following resources:
- Host: CPU, memory, network, filesystem.
- Kubernetes: Nodes, Pods, Containers, Volumes.
Filebeat with autodiscover
editkubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.9/config/recipes/beats/filebeat_autodiscover.yaml
Deploys Filebeat as a DaemonSet with the autodiscover feature enabled. It collects logs from Pods in every namespace and loads them to the connected Elasticsearch cluster.
Filebeat with autodiscover for metadata
editkubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.9/config/recipes/beats/filebeat_autodiscover_by_metadata.yaml
Deploys Filebeat as a DaemonSet with the autodiscover feature enabled. Logs from Pods that match the following criteria are shipped to the connected Elasticsearch cluster:
-
Pod is in
log-namespace
namespace -
Pod has
log-label: "true"
label
Filebeat without autodiscover
editkubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.9/config/recipes/beats/filebeat_no_autodiscover.yaml
Deploys Filebeat as a DaemonSet with the autodiscover feature disabled. Uses the entire logs directory on the host as the input source. This configuration does not require any RBAC resources as no Kubernetes APIs are used.
Elasticsearch and Kibana Stack Monitoring
editkubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.9/config/recipes/beats/stack_monitoring.yaml
Deploys Metricbeat configured for Elasticsearch and Kibana Stack Monitoring and Filebeat using autodiscover. Deploys one monitored Elasticsearch cluster and one monitoring Elasticsearch cluster. You can access the Stack Monitoring app in the monitoring cluster’s Kibana.
In this example, TLS verification is disabled when Metricbeat communicates with the monitored cluster, which is not secure and should not be used in production. To solve this, use custom certificates and configure Metricbeat to verify them.
Heartbeat monitoring Elasticsearch and Kibana health
editkubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.9/config/recipes/beats/heartbeat_es_kb_health.yaml
Deploys Heartbeat as a single Pod deployment that monitors the health of Elasticsearch and Kibana by TCP probing their Service endpoints. Heartbeat expects that Elasticsearch and Kibana are deployed in the default
namespace.
Auditbeat
editkubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.9/config/recipes/beats/auditbeat_hosts.yaml
Deploys Auditbeat as a DaemonSet that checks file integrity and audits file operations on the host system.
Journalbeat
editkubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.9/config/recipes/beats/journalbeat_hosts.yaml
Deploys Journalbeat as a DaemonSet that ships data from systemd journals.
Packetbeat monitoring DNS and HTTP traffic
editkubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.9/config/recipes/beats/packetbeat_dns_http.yaml
Deploys Packetbeat as a DaemonSet that monitors DNS on port 53
and HTTP(S) traffic on ports 80
, 8000
, 8080
and 9200
.
OpenShift monitoring
editkubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.9/config/recipes/beats/openshift_monitoring.yaml
Deploys Metricbeat as a DaemonSet that monitors the host resource usage (CPU, memory, network, filesystem), OpenShift resources (Nodes, Pods, Containers, Volumes), API Server and Filebeat using autodiscover. Deploys an Elasticsearch cluster and Kibana to centralize data collection.
On this page
- Metricbeat for Kubernetes monitoring
- Filebeat with autodiscover
- Filebeat with autodiscover for metadata
- Filebeat without autodiscover
- Elasticsearch and Kibana Stack Monitoring
- Heartbeat monitoring Elasticsearch and Kibana health
- Auditbeat
- Journalbeat
- Packetbeat monitoring DNS and HTTP traffic
- OpenShift monitoring
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now