[Agent] Add agent standalone manifests for system module & Pod's log collection#23938
Conversation
Signed-off-by: chrismark <chrismarkou92@gmail.com>
|
Pinging @elastic/integrations (Team:Integrations) |
|
Pinging @elastic/agent (Team:Agent) |
💚 Build Succeeded
Expand to view the summary
Build stats
Trends 🧪❕ Flaky test reportNo test was executed to be analysed. |
|
This pull request doesn't have a |
Signed-off-by: chrismark <chrismarkou92@gmail.com>
Signed-off-by: chrismark <chrismarkou92@gmail.com>
|
@ruflin @michalpristas @blakerouse Do we need to add ids for inputs or stream? |
Signed-off-by: chrismark <chrismarkou92@gmail.com>
Signed-off-by: chrismark <chrismarkou92@gmail.com>
|
Adding the section to collect logs from Pod's using k8s provider works too. We can add it here or we can add it in separate follow-up PR. Sample event: |
Signed-off-by: chrismark <chrismarkou92@gmail.com>
|
So at this state the manifest file supports the following:
@blakerouse @jsoriano @david-kow feel free to review when you have the time |
Signed-off-by: chrismark <chrismarkou92@gmail.com>
jsoriano
left a comment
There was a problem hiding this comment.
Thanks for splitting it in multiple files!
deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset-configmap.yaml
Show resolved
Hide resolved
Signed-off-by: chrismark <chrismarkou92@gmail.com>
| args: [ | ||
| "-c", "/etc/agent.yml", | ||
| "-e", "-d", "composable.providers.kubernetes", | ||
| "-e", "-d", "*", |
There was a problem hiding this comment.
Should we have the debug selector for all on by default? That seems like it would produce probably more than it should.
Maybe remove it with a comment on how to add it?
| node: ${NODE_NAME} | ||
| scope: node | ||
| inputs: | ||
| - id: 4ae27079-6cd4-4ab7-a459-abbae74ffc44 |
There was a problem hiding this comment.
You should be able to remove the id from everywhere. You really do not need those, being that those are normally generated by Fleet.
Elastic Agent will work without id on the inputs and streams.
There was a problem hiding this comment.
👍🏼 thanks for clarifying
| image: docker.elastic.co/beats/elastic-agent:%VERSION% | ||
| args: [ | ||
| "-c", "/etc/agent.yml", | ||
| "-e", "-d", "composable.providers.kubernetes", |
There was a problem hiding this comment.
This one has the debug selector specific to the kubernetes provider. That might be acceptable to always have on. It should be consistent across the files.
There was a problem hiding this comment.
But do we want any debug logging enabled by default? What do you think about leaving it commented out?
Signed-off-by: chrismark <chrismarkou92@gmail.com>
jsoriano
left a comment
There was a problem hiding this comment.
Looks good, but I wonder if we want any debug logging enabled by default.
| image: docker.elastic.co/beats/elastic-agent:%VERSION% | ||
| args: [ | ||
| "-c", "/etc/agent.yml", | ||
| "-e", "-d", "composable.providers.kubernetes", |
There was a problem hiding this comment.
But do we want any debug logging enabled by default? What do you think about leaving it commented out?
david-kow
left a comment
There was a problem hiding this comment.
Nice work, we might reuse some of this for ECK examples :) Added some comments/questions.
deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset-configmap.yaml
Show resolved
Hide resolved
deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-deployment.yaml
Show resolved
Hide resolved
deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-deployment.yaml
Show resolved
Hide resolved
Ok, makes sense, I will remove it for now. |
Signed-off-by: chrismark <chrismarkou92@gmail.com>
|
Phenomenal progress in getting standalone agent mode working to get logs and metrics for system and K8s control plane. Thanks @ChrsMark for getting us here so quickly in last few weeks, Kudos! Like you said in the description, we will need a single standalone manifest that collects metrics and logs for both system and k8s but looking at this standalone manifest and that doesn't have the system integration yet. Is that something we are planning to get next week? Once we have that single standalone manifest, I am assuming we can just fit this standalone manifest right in the "add agent in standalone mode" in Fleet UI with K8s integration config in the standalone manifest filled with kubernetes section from agent policy. So users can just copy this standalone manifest from Fleet UI, add ES creds, run it on K8s and bingo, they have the system and K8s observability. Is that right? This will also work with ECK agent CRD I assume where users can just insert the standalone manifest in appropriate section in agent config @shubhaat fyi |
Hey! This PR adds system integration and logs' collection from Pods. You can see the full manifest at https://github.com/elastic/beats/pull/23938/files.
In the past we had been sharing this kind of manifests(https://github.com/elastic/beats/blob/master/deploy/kubernetes/metricbeat-kubernetes.yaml) through GH and guiding our users through https://www.elastic.co/guide/en/beats/metricbeat/current/running-on-kubernetes.html. I expect we will have sth similar here, not sure if if this should be added in Fleet too :). |
037c16a to
3e4a54d
Compare
Signed-off-by: chrismark <chrismarkou92@gmail.com>
3e4a54d to
292c360
Compare
blakerouse
left a comment
There was a problem hiding this comment.
Awesome to see conditions just working! Nicely done.
* upstream/master: [Elastic Agent] Fix docker entrypoint for elastic-agent. (elastic#24155) [PACKAGING] Push docker images with the architecture in the version (elastic#24121) [Agent] Add agent standalone manifests for system module & Pod's log collection (elastic#23938) indicator type url is in upper case (elastic#24152) [Filebeat] Document netflow internal_networks and set default (elastic#24110) [Filebeat] Adding fixes to the TI module (elastic#24133) [Enhancement] Add RotateOnStartup feature flag for file output (elastic#19347) [Ingest Manager] Fix: Successfully installed and enrolled agent running standalone (elastic#24128) Set Elastic licence type for APM server Beats update job (elastic#24122) Add logrotation section on Running Filebeat on k8s (elastic#24120) [CI] Run if manual UI (elastic#24116) [CI] enable x-pack/heartbeat in the CI (elastic#23873)
…dows-7 * upstream/master: Remove OSS reference for kibana and elasticsearch (elastic#24164) Skip flaky TestActions on MacOSx (elastic#23966) [Filebeat][AWS] Fix vpcflow pipeline exception: Cannot invoke "Object.getClass()" because "receiver" is null (elastic#24167) [Elastic Agent] Fix docker entrypoint for elastic-agent. (elastic#24155) [PACKAGING] Push docker images with the architecture in the version (elastic#24121) [Agent] Add agent standalone manifests for system module & Pod's log collection (elastic#23938) indicator type url is in upper case (elastic#24152) [Filebeat] Document netflow internal_networks and set default (elastic#24110) [Filebeat] Adding fixes to the TI module (elastic#24133) [Enhancement] Add RotateOnStartup feature flag for file output (elastic#19347) [Ingest Manager] Fix: Successfully installed and enrolled agent running standalone (elastic#24128) Set Elastic licence type for APM server Beats update job (elastic#24122) Add logrotation section on Running Filebeat on k8s (elastic#24120) [CI] Run if manual UI (elastic#24116) [CI] enable x-pack/heartbeat in the CI (elastic#23873) chore: comment out the E2E (elastic#24109) chore: add-backport-next (elastic#24098) Adjust the position of the architecture name in Dockerlogbeat tarball (elastic#24095) Update dependencies for M1 support in System (elastic#24019)
…-arm * upstream/master: (24 commits) Add example input autodsicover config (elastic#24157) Empty configuration options generate `<no value>` string for azure-eventhub input (elastic#24156) Remove OSS reference for kibana and elasticsearch (elastic#24164) Skip flaky TestActions on MacOSx (elastic#23966) [Filebeat][AWS] Fix vpcflow pipeline exception: Cannot invoke "Object.getClass()" because "receiver" is null (elastic#24167) [Elastic Agent] Fix docker entrypoint for elastic-agent. (elastic#24155) [PACKAGING] Push docker images with the architecture in the version (elastic#24121) [Agent] Add agent standalone manifests for system module & Pod's log collection (elastic#23938) indicator type url is in upper case (elastic#24152) [Filebeat] Document netflow internal_networks and set default (elastic#24110) [Filebeat] Adding fixes to the TI module (elastic#24133) [Enhancement] Add RotateOnStartup feature flag for file output (elastic#19347) [Ingest Manager] Fix: Successfully installed and enrolled agent running standalone (elastic#24128) Set Elastic licence type for APM server Beats update job (elastic#24122) Add logrotation section on Running Filebeat on k8s (elastic#24120) [CI] Run if manual UI (elastic#24116) [CI] enable x-pack/heartbeat in the CI (elastic#23873) chore: comment out the E2E (elastic#24109) chore: add-backport-next (elastic#24098) Adjust the position of the architecture name in Dockerlogbeat tarball (elastic#24095) ...
|
@ChrsMark I may be missing something here but when I look at standalone config in master I see only one logfile input which collects the logs from var/log/containers but what about auth and syslog datasets? Here is what I see on the /var/log directory on single node K8s cluster. And I think we should be providing the auth.log and syslog similar to how our system integration logfile input collects.
|
|
@mukeshelastic system logs will be collected too after #24185. |
What does this PR do?
This PR adds k8s manifest for running Elastic Agent in standalone mode with:
systemintegration enabled by default. This one deploys Agent as Daemonset Pods on all k8s nodes. It stands as the equivalent of Metricbeat's system module on k8s.Pod's log collection enabled using dynamic inputs in combination with k8s provider.
[DONE:] It will need to be combined with #23679 most probably so as to deliver one single manifest to end users, but for now I'm keeping these 2 separately.
How to test this PR locally
kind create cluster --config kind-mutly.yaml2. Set a proper ES host inside manifest and deploy Agent:
kubectl apply -f elastic-agent-standalone-kubernetes.yml3. Verify that all data streams ship data:
genericdataset and also enriched by k8s metadata.kubernetes.apiserver,kubernetes.state_pod,kubernetes.pod,kubernetes.proxy,kubernetes.scheduler,kubernetes.controllermanager.Related issues
Logs
Sample event:
{ "_index": ".ds-metrics-system.process-default-2021.02.09-000001", "_type": "_doc", "_id": "wFSEh3cBJ6OP2vQnMKQa", "_version": 1, "_score": null, "_source": { "process": { "args": [ "elastic-agent", "run", "-c", "/etc/agent.yml", "-e", "-d", "*" ], "memory": { "pct": 0.0024 }, "pgid": 8, "name": "elastic-agent", "cpu": { "pct": 0.0006, "start_time": "2021-02-09T15:56:33.000Z" }, "pid": 8, "working_directory": "/usr/share/elastic-agent", "state": "sleeping", "executable": "/usr/share/elastic-agent/data/elastic-agent-06c53e/elastic-agent", "command_line": "elastic-agent run -c /etc/agent.yml -e -d *", "ppid": 1 }, "agent": { "hostname": "kind-control-plane", "name": "kind-control-plane", "id": "b8a7e05b-cde3-40be-ba18-6a54b230d6b0", "ephemeral_id": "f1effdd1-94f6-472f-a4b9-a8ec7b746794", "type": "metricbeat", "version": "7.12.0" }, "@timestamp": "2021-02-09T15:58:40.859Z", "system": { "process": { "cmdline": "elastic-agent run -c /etc/agent.yml -e -d *", "memory": { "rss": { "pct": 0.0024, "bytes": 43618304 }, "size": 1491582976, "share": 29769728 }, "cpu": { "start_time": "2021-02-09T15:56:33.000Z", "total": { "pct": 0.005, "value": 5860, "norm": { "pct": 0.0006 } } }, "state": "sleeping", "fd": { "limit": { "hard": 1048576, "soft": 1048576 }, "open": 16 } } }, "ecs": { "version": "1.7.0" }, "service": { "type": "system" }, "data_stream": { "namespace": "default", "type": "metrics", "dataset": "system.process" }, "host": { "hostname": "kind-control-plane", "os": { "kernel": "4.9.184-linuxkit", "codename": "Core", "name": "CentOS Linux", "family": "redhat", "version": "7 (Core)", "platform": "centos" }, "containerized": true, "ip": [ "10.244.0.1", "10.244.0.1", "10.244.0.1", "172.18.0.4", "fc00:f853:ccd:e793::4", "fe80::42:acff:fe12:4" ], "name": "kind-control-plane", "id": "5139dfb41717ff9b7cdaf89657e1c0c7", "mac": [ "12:f1:c7:a9:3f:a8", "36:fa:76:d1:f0:50", "2a:dd:7d:08:80:a2", "02:42:ac:12:00:04" ], "architecture": "x86_64" }, "elastic_agent": { "id": "887f7040-4fc3-44ec-8391-a3d7b1af5f7b", "version": "7.12.0", "snapshot": true }, "metricset": { "period": 10000, "name": "process" }, "event": { "duration": 2292246, "module": "system", "dataset": "system.process" }, "user": { "name": "root" } }, "fields": { "process.cpu.start_time": [ "2021-02-09T15:56:33.000Z" ], "@timestamp": [ "2021-02-09T15:58:40.859Z" ], "system.process.cpu.start_time": [ "2021-02-09T15:56:33.000Z" ] }, "sort": [ 1612886320859 ] }cc: @blakerouse @david-kow @fearful-symmetry