Skip to content

Commit

Permalink
Update ES monitoring cluster and other changes
Browse files Browse the repository at this point in the history
  • Loading branch information
ejsmith committed Jul 27, 2023
1 parent 30c1fe0 commit 718b2e7
Show file tree
Hide file tree
Showing 5 changed files with 354 additions and 124 deletions.
335 changes: 335 additions & 0 deletions k8s/elastic-monitor.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,335 @@
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elastic-monitor
namespace: elastic-system
spec:
version: 8.9.0
nodeSets:
- name: main
count: 2
config:
# if not setting max_map_count in an init container, then use this setting
#node.store.allow_mmap: false
podTemplate:
spec:
containers:
- name: elasticsearch
env:
- name: ES_JAVA_OPTS
value: -Xms2g -Xmx2g
resources:
requests:
memory: 4Gi
cpu: 1
limits:
memory: 4Gi
cpu: 1
# related to "node.store.allow_mmap: false" setting above
initContainers:
- name: sysctl
securityContext:
privileged: true
runAsUser: 0
command: ["sh", "-c", "sysctl -w vm.max_map_count=262144"]
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Gi
storageClassName: managed-csi-premium

---
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: kibana-monitor
namespace: elastic-system
spec:
version: 8.9.0
count: 1
elasticsearchRef:
name: elastic-monitor
config:
server.publicBaseUrl: https://kibana.exceptionless.io
xpack.fleet.agents.elasticsearch.hosts:
["https://elastic-monitor-es-http.elastic-system.svc:9200"]
xpack.fleet.agents.fleet_server.hosts:
["https://fleet-server-agent-http.elastic-system.svc:8220"]
xpack.fleet.packages:
- name: system
version: latest
- name: elastic_agent
version: latest
- name: fleet_server
version: latest
- name: kubernetes
version: latest
- name: apm
version: latest
xpack.fleet.agentPolicies:
- name: Fleet Server on ECK policy
id: eck-fleet-server
namespace: default
monitoring_enabled:
- logs
- metrics
unenroll_timeout: 900
package_policies:
- name: fleet_server-1
id: fleet_server-1
package:
name: fleet_server
- name: Elastic Agent on ECK policy
id: eck-agent
namespace: default
monitoring_enabled:
- logs
- metrics
unenroll_timeout: 900
package_policies:
- package:
name: system
name: system-1
- package:
name: kubernetes
name: kubernetes-1
- package:
name: apm
name: apm-1
inputs:
- type: apm
enabled: true
vars:
- name: host
value: 0.0.0.0:8200

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: elastic-monitor
namespace: elastic-system
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "off"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- kibana.exceptionless.io
secretName: elastic-monitor-kibana-tls
rules:
- host: kibana.exceptionless.io
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: kibana-monitor-kb-http
port:
name: https

---
apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata:
name: fleet-server
namespace: elastic-system
spec:
version: 8.9.0
kibanaRef:
name: kibana-monitor
elasticsearchRefs:
- name: elastic-monitor
mode: fleet
fleetServerEnabled: true
policyID: eck-fleet-server
deployment:
replicas: 1
podTemplate:
spec:
serviceAccountName: fleet-server
automountServiceAccountToken: true
securityContext:
runAsUser: 0

---
apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata:
name: elastic-agent
namespace: elastic-system
spec:
version: 8.9.0
kibanaRef:
name: kibana-monitor
fleetServerRef:
name: fleet-server
mode: fleet
policyID: eck-agent
daemonSet:
podTemplate:
spec:
serviceAccountName: elastic-agent
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
automountServiceAccountToken: true
securityContext:
runAsUser: 0

---
apiVersion: v1
kind: Service
metadata:
name: apm
namespace: elastic-system
spec:
selector:
agent.k8s.elastic.co/name: elastic-agent
ports:
- protocol: TCP
port: 8200

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: fleet-server
namespace: elastic-system
rules:
- apiGroups: [""]
resources:
- pods
- namespaces
- nodes
verbs:
- get
- watch
- list
- apiGroups: ["coordination.k8s.io"]
resources:
- leases
verbs:
- get
- create
- update

---
apiVersion: v1
kind: ServiceAccount
metadata:
name: fleet-server
namespace: elastic-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: fleet-server
subjects:
- kind: ServiceAccount
name: fleet-server
namespace: elastic-system
roleRef:
kind: ClusterRole
name: fleet-server
apiGroup: rbac.authorization.k8s.io

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: elastic-agent
namespace: elastic-system
rules:
- apiGroups: [""]
resources:
- pods
- nodes
- namespaces
- events
- services
- configmaps
- persistentvolumeclaims
- persistentvolumes
verbs:
- get
- watch
- list
- apiGroups: ["storage.k8s.io"]
resources:
- storageclasses
verbs:
- get
- watch
- list
- apiGroups: ["coordination.k8s.io"]
resources:
- leases
verbs:
- get
- create
- update
- nonResourceURLs:
- "/metrics"
verbs:
- get
- apiGroups: ["extensions"]
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups: ["apps"]
resources:
- statefulsets
- deployments
- replicasets
- daemonsets
verbs:
- get
- list
- watch
- apiGroups: [""]
resources:
- nodes/stats
verbs:
- get
- apiGroups: ["batch"]
resources:
- jobs
- cronjobs
verbs:
- get
- list
- watch

---
apiVersion: v1
kind: ServiceAccount
metadata:
name: elastic-agent
namespace: elastic-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: elastic-agent
subjects:
- kind: ServiceAccount
name: elastic-agent
namespace: elastic-system
roleRef:
kind: ClusterRole
name: elastic-agent
apiGroup: rbac.authorization.k8s.io
15 changes: 12 additions & 3 deletions k8s/ex-prod-elasticsearch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,17 @@ metadata:
name: ex-prod
namespace: ex-prod
spec:
version: 7.17.12
image: exceptionless/elasticsearch:7.17.12 # https://github.com/exceptionless/Exceptionless/tree/main/build/docker/elasticsearch
version: 8.9.0
image: exceptionless/elasticsearch:8.9.0 # https://github.com/exceptionless/Exceptionless/tree/main/build/docker/elasticsearch
monitoring:
metrics:
elasticsearchRefs:
- name: elastic-monitor
namespace: elastic-system
logs:
elasticsearchRefs:
- name: elastic-monitor
namespace: elastic-system
secureSettings:
- secretName: ex-prod-snapshots
http:
Expand Down Expand Up @@ -59,7 +68,7 @@ metadata:
name: ex-prod
namespace: ex-prod
spec:
version: 7.17.12
version: 8.9.0
count: 1
elasticsearchRef:
name: ex-prod
Expand Down
Loading

0 comments on commit 718b2e7

Please sign in to comment.