Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add kubernetes manifests for Heartbeat #17928

Merged
merged 6 commits into from
Jul 22, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion deploy/kubernetes/Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ALL=filebeat metricbeat auditbeat
ALL=filebeat metricbeat auditbeat heartbeat
BEAT_VERSION=$(shell head -n 1 ../../libbeat/docs/version.asciidoc | cut -c 17- )

.PHONY: all $(ALL)
Expand Down
2 changes: 2 additions & 0 deletions deploy/kubernetes/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,5 @@ Beat | Description
---- | ----
[filebeat](filebeat) | Tails and ships logs
[metricbeat](metricbeat) | Fetches sets of metrics from the operating system and services
[auditbeat](auditbeat) | Collect Linux audit framework data and monitor files integrity
[heartbeat](heartbeat) | Monitor services for their availability with active probing
159 changes: 159 additions & 0 deletions deploy/kubernetes/heartbeat-kubernetes.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: heartbeat-deployment-config
namespace: kube-system
labels:
k8s-app: heartbeat
data:
heartbeat.yml: |-
#heartbeat.autodiscover:
# # Autodiscover pods
# providers:
# - type: kubernetes
# resource: pod
# scope: cluster
# node: ${NODE_NAME}
# hints.enabled: true
#
# # Autodiscover services
# providers:
# - type: kubernetes
# resource: service
# scope: cluster
# node: ${NODE_NAME}
# hints.enabled: true
#
# # Autodiscover nodes
# providers:
# - type: kubernetes
# resource: node
# node: ${NODE_NAME}
# scope: cluster
# templates:
# # Example, check SSH port of all cluster nodes:
# - condition: ~
# config:
# - hosts:
# - ${data.host}:22
# name: ${data.kubernetes.node.name}
# schedule: '@every 10s'
# timeout: 5s
# type: tcp

processors:
- add_cloud_metadata:

cloud.id: ${ELASTIC_CLOUD_ID}
cloud.auth: ${ELASTIC_CLOUD_AUTH}

output.elasticsearch:
hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
username: ${ELASTICSEARCH_USERNAME}
password: ${ELASTICSEARCH_PASSWORD}
---
# Deploy singleton instance in the whole cluster for some unique data sources, like kube-state-metrics
apiVersion: apps/v1
kind: Deployment
metadata:
name: heartbeat
namespace: kube-system
labels:
k8s-app: heartbeat
spec:
selector:
matchLabels:
k8s-app: heartbeat
template:
metadata:
labels:
k8s-app: heartbeat
spec:
serviceAccountName: heartbeat
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: heartbeat
image: docker.elastic.co/beats/heartbeat:8.0.0
args: [
"-c", "/etc/heartbeat.yml",
"-e",
]
env:
- name: ELASTICSEARCH_HOST
value: elasticsearch
- name: ELASTICSEARCH_PORT
value: "9200"
- name: ELASTICSEARCH_USERNAME
value: elastic
- name: ELASTICSEARCH_PASSWORD
value: changeme
- name: ELASTIC_CLOUD_ID
value:
- name: ELASTIC_CLOUD_AUTH
value:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
runAsUser: 0
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: config
mountPath: /etc/heartbeat.yml
readOnly: true
subPath: heartbeat.yml
- name: data
mountPath: /usr/share/heartbeat/data
volumes:
- name: config
configMap:
defaultMode: 0600
name: heartbeat-deployment-config
- name: data
hostPath:
path: /var/lib/heartbeat-data
type: DirectoryOrCreate

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: heartbeat
subjects:
- kind: ServiceAccount
name: heartbeat
namespace: kube-system
roleRef:
kind: ClusterRole
name: heartbeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: heartbeat
labels:
k8s-app: heartbeat
rules:
- apiGroups: [""]
resources:
- nodes
- namespaces
- pods
verbs: ["get", "list", "watch"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: heartbeat
namespace: kube-system
labels:
k8s-app: heartbeat
---
30 changes: 30 additions & 0 deletions deploy/kubernetes/heartbeat/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Heartbeat

## Monitor Kubernetes services uptime

### Kubernetes Deployment

Heartbeat can be deployed to monitor the whole cluster from a single pod.

Everything is deployed under `kube-system` namespace, you can change that by
updating YAML manifests under this folder.

### Settings

We use official [Beats Docker images](https://github.com/elastic/beats-docker),
as they allow external files configuration, a [ConfigMap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/)
is used for kubernetes specific settings. Check [heartbeat-configmap.yaml](heartbeat-configmap.yaml)
for details.

Also, [heartbeat-deployment.yaml](heartbeat-deployment.yaml) uses a set of environment
variables to configure Elasticsearch output:

Variable | Default | Description
-------- | ------- | -----------
ELASTICSEARCH_HOST | elasticsearch | Elasticsearch host
ELASTICSEARCH_PORT | 9200 | Elasticsearch port
ELASTICSEARCH_USERNAME | elastic | Elasticsearch username for HTTP auth
ELASTICSEARCH_PASSWORD | changeme | Elasticsearch password

If there is an existing `elasticsearch` service in the kubernetes cluster these
defaults will use it.
53 changes: 53 additions & 0 deletions deploy/kubernetes/heartbeat/heartbeat-configmap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: heartbeat-deployment-config
namespace: kube-system
labels:
k8s-app: heartbeat
data:
heartbeat.yml: |-
#heartbeat.autodiscover:
# # Autodiscover pods
# providers:
# - type: kubernetes
# resource: pod
# scope: cluster
# node: ${NODE_NAME}
# hints.enabled: true
#
# # Autodiscover services
# providers:
# - type: kubernetes
# resource: service
# scope: cluster
# node: ${NODE_NAME}
# hints.enabled: true
#
# # Autodiscover nodes
# providers:
# - type: kubernetes
# resource: node
# node: ${NODE_NAME}
# scope: cluster
# templates:
# # Example, check SSH port of all cluster nodes:
# - condition: ~
# config:
# - hosts:
# - ${data.host}:22
# name: ${data.kubernetes.node.name}
# schedule: '@every 10s'
# timeout: 5s
# type: tcp

processors:
- add_cloud_metadata:

cloud.id: ${ELASTIC_CLOUD_ID}
cloud.auth: ${ELASTIC_CLOUD_AUTH}

output.elasticsearch:
hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
username: ${ELASTICSEARCH_USERNAME}
password: ${ELASTICSEARCH_PASSWORD}
69 changes: 69 additions & 0 deletions deploy/kubernetes/heartbeat/heartbeat-deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
# Deploy singleton instance in the whole cluster for some unique data sources, like kube-state-metrics
apiVersion: apps/v1
kind: Deployment
metadata:
name: heartbeat
namespace: kube-system
labels:
k8s-app: heartbeat
spec:
selector:
matchLabels:
k8s-app: heartbeat
template:
metadata:
labels:
k8s-app: heartbeat
spec:
serviceAccountName: heartbeat
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: heartbeat
image: docker.elastic.co/beats/heartbeat:%VERSION%
args: [
"-c", "/etc/heartbeat.yml",
"-e",
]
env:
- name: ELASTICSEARCH_HOST
value: elasticsearch
- name: ELASTICSEARCH_PORT
value: "9200"
- name: ELASTICSEARCH_USERNAME
value: elastic
- name: ELASTICSEARCH_PASSWORD
value: changeme
- name: ELASTIC_CLOUD_ID
value:
- name: ELASTIC_CLOUD_AUTH
value:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
runAsUser: 0
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: config
mountPath: /etc/heartbeat.yml
readOnly: true
subPath: heartbeat.yml
- name: data
mountPath: /usr/share/heartbeat/data
volumes:
- name: config
configMap:
defaultMode: 0600
name: heartbeat-deployment-config
- name: data
hostPath:
path: /var/lib/heartbeat-data
type: DirectoryOrCreate

12 changes: 12 additions & 0 deletions deploy/kubernetes/heartbeat/heartbeat-role-binding.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: heartbeat
subjects:
- kind: ServiceAccount
name: heartbeat
namespace: kube-system
roleRef:
kind: ClusterRole
name: heartbeat
apiGroup: rbac.authorization.k8s.io
13 changes: 13 additions & 0 deletions deploy/kubernetes/heartbeat/heartbeat-role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: heartbeat
labels:
k8s-app: heartbeat
rules:
- apiGroups: [""]
resources:
- nodes
- namespaces
- pods
verbs: ["get", "list", "watch"]
7 changes: 7 additions & 0 deletions deploy/kubernetes/heartbeat/heartbeat-service-account.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: heartbeat
namespace: kube-system
labels:
k8s-app: heartbeat
Loading