Created
April 6, 2023 09:18
-
-
Save barkbay/e9c240ea1a7333d428e5508a155de66c to your computer and use it in GitHub Desktop.
Automatically adjust Elastic Agent hostPath permissions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: agent.k8s.elastic.co/v1alpha1 | |
| kind: Agent | |
| metadata: | |
| name: elastic-agent | |
| namespace: my-agent-project | |
| spec: | |
| version: 8.6.1 | |
| elasticsearchRefs: | |
| - name: elasticsearch | |
| daemonSet: | |
| podTemplate: | |
| spec: | |
| automountServiceAccountToken: true | |
| serviceAccountName: elastic-agent | |
| containers: | |
| - name: agent | |
| env: | |
| - name: NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| config: | |
| id: 488e0b80-3634-11eb-8208-57893829af4e | |
| revision: 2 | |
| agent: | |
| monitoring: | |
| enabled: true | |
| use_output: default | |
| logs: true | |
| metrics: true | |
| inputs: | |
| - id: 678daef0-3634-11eb-8208-57893829af4e | |
| name: kubernetes-1 | |
| revision: 1 | |
| type: kubernetes/metrics | |
| use_output: default | |
| meta: | |
| package: | |
| name: kubernetes | |
| version: 0.2.8 | |
| data_stream: | |
| namespace: k8s | |
| streams: | |
| - id: kubernetes/metrics-kubernetes.apiserver | |
| data_stream: | |
| dataset: kubernetes.apiserver | |
| type: metrics | |
| metricsets: | |
| - apiserver | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| hosts: | |
| - 'https://${env.KUBERNETES_SERVICE_HOST}:${env.KUBERNETES_SERVICE_PORT}' | |
| period: 30s | |
| ssl.certificate_authorities: | |
| - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
| - id: kubernetes/metrics-kubernetes.container | |
| data_stream: | |
| dataset: kubernetes.container | |
| type: metrics | |
| metricsets: | |
| - container | |
| add_metadata: true | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| hosts: | |
| - 'https://${env.NODE_NAME}:10250' | |
| period: 10s | |
| ssl.verification_mode: none | |
| - id: kubernetes/metrics-kubernetes.event | |
| data_stream: | |
| dataset: kubernetes.event | |
| type: metrics | |
| metricsets: | |
| - event | |
| period: 10s | |
| add_metadata: true | |
| - id: kubernetes/metrics-kubernetes.node | |
| data_stream: | |
| dataset: kubernetes.node | |
| type: metrics | |
| metricsets: | |
| - node | |
| add_metadata: true | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| hosts: | |
| - 'https://${env.NODE_NAME}:10250' | |
| period: 10s | |
| ssl.verification_mode: none | |
| - id: kubernetes/metrics-kubernetes.pod | |
| data_stream: | |
| dataset: kubernetes.pod | |
| type: metrics | |
| metricsets: | |
| - pod | |
| add_metadata: true | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| hosts: | |
| - 'https://${env.NODE_NAME}:10250' | |
| period: 10s | |
| ssl.verification_mode: none | |
| - id: kubernetes/metrics-kubernetes.system | |
| data_stream: | |
| dataset: kubernetes.system | |
| type: metrics | |
| metricsets: | |
| - system | |
| add_metadata: true | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| hosts: | |
| - 'https://${env.NODE_NAME}:10250' | |
| period: 10s | |
| ssl.verification_mode: none | |
| - id: kubernetes/metrics-kubernetes.volume | |
| data_stream: | |
| dataset: kubernetes.volume | |
| type: metrics | |
| metricsets: | |
| - volume | |
| add_metadata: true | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| hosts: | |
| - 'https://${env.NODE_NAME}:10250' | |
| period: 10s | |
| ssl.verification_mode: none | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: elastic-agent | |
| rules: | |
| - apiGroups: [""] # "" indicates the core API group | |
| resources: | |
| - namespaces | |
| - pods | |
| - nodes | |
| - nodes/metrics | |
| - nodes/proxy | |
| - nodes/stats | |
| - events | |
| verbs: | |
| - get | |
| - watch | |
| - list | |
| - nonResourceURLs: | |
| - /metrics | |
| verbs: | |
| - get | |
| - watch | |
| - list | |
| - apiGroups: ["coordination.k8s.io"] | |
| resources: | |
| - leases | |
| verbs: | |
| - get | |
| - create | |
| - update | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: elastic-agent | |
| namespace: my-agent-project | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: elastic-agent | |
| subjects: | |
| - kind: ServiceAccount | |
| name: elastic-agent | |
| namespace: my-agent-project | |
| roleRef: | |
| kind: ClusterRole | |
| name: elastic-agent | |
| apiGroup: rbac.authorization.k8s.io | |
| --- | |
| apiVersion: elasticsearch.k8s.elastic.co/v1 | |
| kind: Elasticsearch | |
| metadata: | |
| name: elasticsearch | |
| spec: | |
| version: 8.6.1 | |
| nodeSets: | |
| - name: default | |
| count: 3 | |
| config: | |
| node.store.allow_mmap: false | |
| --- | |
| apiVersion: kibana.k8s.elastic.co/v1 | |
| kind: Kibana | |
| metadata: | |
| name: kibana | |
| namespace: my-agent-project | |
| spec: | |
| version: 8.6.1 | |
| count: 1 | |
| elasticsearchRef: | |
| name: elasticsearch | |
| ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment