--- apiVersion: v1 kind: ConfigMap metadata: name: metricbeat-config namespace: kube-system labels: k8s-app: metricbeat data: metricbeat.yml: |- metricbeat.config.modules: # Mounted `metricbeat-daemonset-modules` configmap: path: ${path.config}/modules.d/*.yml # Reload module configs as they change: reload.enabled: false processors: - add_cloud_metadata: cloud.id: ${ELASTIC_CLOUD_ID} cloud.auth: ${ELASTIC_CLOUD_AUTH} output.elasticsearch: hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}'] username: ${ELASTICSEARCH_USERNAME} password: ${ELASTICSEARCH_PASSWORD} --- apiVersion: v1 kind: ConfigMap metadata: name: metricbeat-daemonset-modules namespace: kube-system labels: k8s-app: metricbeat data: system.yml: |- - module: system period: 10s metricsets: - cpu - load - memory - network - process - process_summary #- core #- diskio #- socket processes: ['.*'] process.include_top_n: by_cpu: 5 # include top 5 processes by CPU by_memory: 5 # include top 5 processes by memory - module: system period: 1m metricsets: - filesystem - fsstat processors: - drop_event.when.regexp: system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)' kubernetes.yml: |- - module: kubernetes metricsets: - node - system - pod - container - volume period: 10s hosts: ["localhost:10255"] --- # Deploy a Metricbeat instance per node for node metrics retrieval apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: metricbeat namespace: kube-system labels: k8s-app: metricbeat spec: template: metadata: labels: k8s-app: metricbeat spec: serviceAccountName: metricbeat terminationGracePeriodSeconds: 30 hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: metricbeat image: docker.elastic.co/beats/metricbeat:6.3.2 args: [ "-c", "/etc/metricbeat.yml", "-e", "-system.hostfs=/hostfs", ] env: - name: ELASTICSEARCH_HOST value: elasticsearch - name: ELASTICSEARCH_PORT value: "9200" - name: ELASTICSEARCH_USERNAME value: elastic - name: ELASTICSEARCH_PASSWORD value: changeme - name: ELASTIC_CLOUD_ID value: - name: ELASTIC_CLOUD_AUTH value: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace securityContext: runAsUser: 0 resources: limits: memory: 200Mi requests: cpu: 100m memory: 100Mi volumeMounts: - name: config mountPath: /etc/metricbeat.yml readOnly: true subPath: metricbeat.yml - name: modules mountPath: /usr/share/metricbeat/modules.d readOnly: true - name: dockersock mountPath: /var/run/docker.sock - name: proc mountPath: /hostfs/proc readOnly: true - name: cgroup mountPath: /hostfs/sys/fs/cgroup readOnly: true volumes: - name: proc hostPath: path: /proc - name: cgroup hostPath: path: /sys/fs/cgroup - name: dockersock hostPath: path: /var/run/docker.sock - name: config configMap: defaultMode: 0600 name: metricbeat-config - name: modules configMap: defaultMode: 0600 name: metricbeat-daemonset-modules # We set an `emptyDir` here to ensure the manifest will deploy correctly. # It's recommended to change this to a `hostPath` folder, to ensure internal data # files survive pod changes (ie: version upgrade) - name: data emptyDir: {} --- apiVersion: v1 kind: ConfigMap metadata: name: metricbeat-deployment-modules namespace: kube-system labels: k8s-app: metricbeat data: # This module requires `kube-state-metrics` up and running under `kube-system` namespace kubernetes.yml: |- - module: kubernetes metricsets: - state_node - state_deployment - state_replicaset - state_pod - state_container # Uncomment this to get k8s events: #- event period: 10s hosts: ["kube-state-metrics:8080"] --- # Deploy singleton instance in the whole cluster for some unique data sources, like kube-state-metrics apiVersion: apps/v1beta1 kind: Deployment metadata: name: metricbeat namespace: kube-system labels: k8s-app: metricbeat spec: template: metadata: labels: k8s-app: metricbeat spec: serviceAccountName: metricbeat containers: - name: metricbeat image: docker.elastic.co/beats/metricbeat:6.3.2 args: [ "-c", "/etc/metricbeat.yml", "-e", ] env: - name: ELASTICSEARCH_HOST value: elasticsearch - name: ELASTICSEARCH_PORT value: "9200" - name: ELASTICSEARCH_USERNAME value: elastic - name: ELASTICSEARCH_PASSWORD value: changeme - name: ELASTIC_CLOUD_ID value: - name: ELASTIC_CLOUD_AUTH value: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace securityContext: runAsUser: 0 resources: limits: memory: 200Mi requests: cpu: 100m memory: 100Mi volumeMounts: - name: config mountPath: /etc/metricbeat.yml readOnly: true subPath: metricbeat.yml - name: modules mountPath: /usr/share/metricbeat/modules.d readOnly: true volumes: - name: config configMap: defaultMode: 0600 name: metricbeat-config - name: modules configMap: defaultMode: 0600 name: metricbeat-deployment-modules --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: metricbeat subjects: - kind: ServiceAccount name: metricbeat namespace: kube-system roleRef: kind: ClusterRole name: metricbeat apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: metricbeat labels: k8s-app: metricbeat rules: - apiGroups: [""] # "" indicates the core API group resources: - namespaces - events - pods verbs: - get - watch - list --- apiVersion: v1 kind: ServiceAccount metadata: name: metricbeat namespace: kube-system labels: k8s-app: metricbeat ---