In this example, Elastic Agent enable kubernetes module and output to Logstash(beta). Logstash send data to Elasticsearch Service on Elastic Cloud.
For the moment, it includes
- Fleet managed Elastic Agent <> Logstash tls mutual verification
- Logstash <> Elasticsearch Cloud
Prepare cert/key for agent <> logstash. Agent is deployed to kube-system namespace. The DNS in certificate has pointed to logstash.default.svc.cluster.local.
./cert/generate_cert.sh
Config logstash output(beta) in fleet
- Go to Management > Fleet > Settings
- Add output
- Generate api_key for logstash config. Copy api_key to
YOUR_API_KEYin001-configmap.yaml - Set hosts
logstash.default.svc.cluster.local:5044 - Copy the content of ca.crt to Server SSL certificate
- Copy the content of client.crt to Client SSL certificate
- Copy the content of client.key to Client SSL certificate key
- Generate api_key for logstash config. Copy api_key to
- Create agent policy. Go to Fleet > Agent policies
- In advance options, set Output for integrations and Output for agent monitoring to logstash output you created earlier.
- Edit policy. Add integration. Add Kubernetes.
- Get enrollment token. Go to Fleet > Enrollment tokens
- Copy token to
YOUR_ENROLLMENT_TOKENin004-elastic-agent-managed-kubernetes.yaml
- Copy token to
Config endpoint
- Go to cloud deployment
- Copy Fleet endpoint to
YOUR_FLEET_URLin004-elastic-agent-managed-kubernetes.yaml - Copy Cloud ID to
YOUR_CLOUD_IDin001-configmap.yaml
Deploy the example
kubectl apply -f .
Check deployment
- Data should show in Dashboard. Go to Analytics > Dashboard > [Metrics Kubernetes] Pods
kubectl delete daemonset.apps/elastic-agent rolebinding.rbac.authorization.k8s.io/elastic-agent rolebinding.rbac.authorization.k8s.io/elastic-agent-kubeadm-config role.rbac.authorization.k8s.io/elastic-agent role.rbac.authorization.k8s.io/elastic-agent-kubeadm-config serviceaccount/elastic-agent -n kube-system
kubectl delete service,pods,deployment,configmap,secret -l app=logstash-agent-demo