apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana spec: version: 8.8.0 count: 1 elasticsearchRef: name: elasticsearch config: xpack.fleet.agents.elasticsearch.hosts: ["https://elasticsearch-es-http.default.svc:9200"] xpack.fleet.agents.fleet_server.hosts: ["https://fleet-server-agent-http.default.svc:8220"] xpack.fleet.packages: - name: system version: latest - name: elastic_agent version: latest - name: fleet_server version: latest - name: log version: latest xpack.fleet.agentPolicies: - name: Fleet Server on ECK policy id: eck-fleet-server namespace: default monitoring_enabled: - logs - metrics unenroll_timeout: 900 package_policies: - name: fleet_server-1 id: fleet_server-1 package: name: fleet_server - name: Elastic Agent on ECK policy id: eck-agent namespace: default monitoring_enabled: - logs - metrics unenroll_timeout: 900 package_policies: - name: system-1 id: system-1 package: name: system - package: name: log name: log-1 inputs: - type: logfile enabled: true streams: - data_stream: dataset: log.log enabled: true vars: - name: paths value: - '/var/log/containers/*${kubernetes.container.id}.log' - name: custom value: | symlinks: true condition: ${kubernetes.namespace} == 'default' --- apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elasticsearch spec: version: 8.8.0 nodeSets: - name: default count: 3 config: node.store.allow_mmap: false --- apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: name: fleet-server spec: version: 8.8.0 kibanaRef: name: kibana elasticsearchRefs: - name: elasticsearch mode: fleet fleetServerEnabled: true policyID: eck-fleet-server deployment: replicas: 1 podTemplate: spec: serviceAccountName: fleet-server automountServiceAccountToken: true securityContext: runAsUser: 0 --- apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: name: elastic-agent spec: version: 8.8.0 kibanaRef: name: kibana fleetServerRef: name: fleet-server mode: fleet policyID: eck-agent daemonSet: podTemplate: spec: serviceAccountName: elastic-agent automountServiceAccountToken: true securityContext: runAsUser: 0 containers: - name: agent volumeMounts: - mountPath: /var/lib/docker/containers name: varlibdockercontainers - mountPath: /var/log/containers name: varlogcontainers - mountPath: /var/log/pods name: varlogpods volumes: - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: varlogcontainers hostPath: path: /var/log/containers - name: varlogpods hostPath: path: /var/log/pods --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: fleet-server rules: - apiGroups: [""] resources: - pods - namespaces - nodes verbs: - get - watch - list - apiGroups: ["coordination.k8s.io"] resources: - leases verbs: - get - create - update --- apiVersion: v1 kind: ServiceAccount metadata: name: fleet-server namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: fleet-server subjects: - kind: ServiceAccount name: fleet-server namespace: default roleRef: kind: ClusterRole name: fleet-server apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: elastic-agent rules: - apiGroups: [""] resources: - pods - nodes - namespaces - events - services - configmaps verbs: - get - watch - list - apiGroups: ["coordination.k8s.io"] resources: - leases verbs: - get - create - update - nonResourceURLs: - "/metrics" verbs: - get - apiGroups: ["extensions"] resources: - replicasets verbs: - "get" - "list" - "watch" - apiGroups: - "apps" resources: - statefulsets - deployments - replicasets verbs: - "get" - "list" - "watch" - apiGroups: - "" resources: - nodes/stats verbs: - get - apiGroups: - "batch" resources: - jobs verbs: - "get" - "list" - "watch" --- apiVersion: v1 kind: ServiceAccount metadata: name: elastic-agent namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: elastic-agent subjects: - kind: ServiceAccount name: elastic-agent namespace: default roleRef: kind: ClusterRole name: elastic-agent apiGroup: rbac.authorization.k8s.io ...