Run Elastic Agent standalone on Kubernetes

Use Elastic Agent Docker images on Kubernetes to retrieve cluster metrics.

Deploy Elastic Agent as a DaemonSet to ensure that there is a running instance on each node of the cluster. These instances are used to retrieve most metrics from the host, such as system metrics, Docker stats, and metrics from all the services running on top of Kubernetes.

In addition, one of the Pods in the DaemonSet will constantly hold a leader lock which makes it responsible for handling cluster-wide monitoring. Find more information about leader election configuration options at leader election provider. This instance is used to retrieve metrics that are unique for the whole cluster, such as Kubernetes events or kube-state-metrics. If kube-state-metrics is not already running, deploy it now (see the Kubernetes deployment docs)

Everything is deployed under the kube-system namespace by default. Change the namespace by modifying the manifest file.

To download the manifest file, run:

curl -L -O https://raw.githubusercontent.com/elastic/beats/7.15/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml

This manifest includes the Kubernetes integration to collect Kubernetes metrics, System integration to collect system level metrics and logs from nodes, and the Pod’s log collection using dynamic inputs and kubernetes provider.

Set the Elasticsearch settings before deploying the manifest:

- name: ES_USERNAME
  value: "elastic"
- name: ES_PASSWORD
  value: "passpassMyStr0ngP@ss"
- name: ES_HOST
  value: "https://somesuperhostiduuid.europe-west1.gcp.cloud.es.io:443"

Kubernetes master nodes can use taints to limit the workloads that can run on them. The manifest for standalone Elastic Agent defines tolerations to run on master nodes. Agents running on master nodes collect metrics from the control plane components (scheduler, controller manager) of Kuberentes. To disable Elastic Agent from running on master nodes, remove the following part of the Daemonset spec:

spec:
 tolerations:
 - key: node-role.kubernetes.io/master
   effect: NoSchedule

To deploy to Kubernetes, run:

kubectl create -f elastic-agent-standalone-kubernetes.yaml

To check the status, run:

$ kubectl -n kube-system get pods -l app=elastic-agent
NAME                            READY   STATUS    RESTARTS   AGE
elastic-agent-4665d             1/1     Running   0          81m
elastic-agent-9f466c4b5-l8cm8   1/1     Running   0          81m
elastic-agent-fj2z9             1/1     Running   0          81m
elastic-agent-hs4pb             1/1     Running   0          81m

Autodiscover conditions can be defined to allow Elastic Agent to automatically identify Pods and start collecting from them using predefined integrations. For example, if a user wants to automatically identify a Redis Pod and start monitoring it using the Redis integration, the following configuration should be added as an extra input in the Daemonset manifest:

- name: redis
  type: redis/metrics
  use_output: default
  meta:
    package:
      name: redis
      version: 0.3.6
  data_stream:
    namespace: default
  streams:
    - data_stream:
        dataset: redis.info
        type: metrics
      metricsets:
        - info
      hosts:
        - '${kubernetes.pod.ip}:6379'
      idle_timeout: 20s
      maxconn: 10
      network: tcp
      period: 10s
      condition: ${kubernetes.pod.labels.app} == 'redis'

See dynamic inputs and kubernetes provider for more information about shaping dynamic inputs for autodiscovery.