Created
August 11, 2020 06:39
-
-
Save namoshizun/c6d02c91cb84e2494711be122b477d05 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: metricbeat-daemonset-modules | |
| namespace: kube-system | |
| labels: | |
| k8s-app: metricbeat | |
| data: | |
| system.yml: |- | |
| - module: system | |
| period: 10s | |
| metricsets: | |
| - cpu | |
| - load | |
| - memory | |
| - network | |
| - process | |
| - process_summary | |
| #- core | |
| #- diskio | |
| #- socket | |
| processes: ['.*'] | |
| process.include_top_n: | |
| by_cpu: 5 # include top 5 processes by CPU | |
| by_memory: 5 # include top 5 processes by memory | |
| - module: system | |
| period: 1m | |
| metricsets: | |
| - filesystem | |
| - fsstat | |
| processors: | |
| - drop_event.when.regexp: | |
| system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)' | |
| kubernetes.yml: |- | |
| - module: kubernetes | |
| metricsets: | |
| - node | |
| - system | |
| - pod | |
| - container | |
| - volume | |
| period: 10s | |
| host: ${NODE_NAME} | |
| hosts: ["https://${NODE_NAME}:10250"] | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| ssl.verification_mode: "none" | |
| # If there is a CA bundle that contains the issuer of the certificate used in the Kubelet API, | |
| # remove ssl.verification_mode entry and use the CA, for instance: | |
| #ssl.certificate_authorities: | |
| #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt | |
| # Currently `proxy` metricset is not supported on Openshift, comment out section | |
| - module: kubernetes | |
| metricsets: | |
| - proxy | |
| period: 10s | |
| host: ${NODE_NAME} | |
| hosts: ["localhost:10249"] | |
| --- | |
| # Deploy a Metricbeat instance per node for node metrics retrieval | |
| apiVersion: apps/v1 | |
| kind: DaemonSet | |
| metadata: | |
| name: metricbeat | |
| namespace: kube-system | |
| labels: | |
| k8s-app: metricbeat | |
| spec: | |
| selector: | |
| matchLabels: | |
| k8s-app: metricbeat | |
| template: | |
| metadata: | |
| labels: | |
| k8s-app: metricbeat | |
| spec: | |
| serviceAccountName: metricbeat | |
| terminationGracePeriodSeconds: 30 | |
| hostNetwork: true | |
| dnsPolicy: ClusterFirstWithHostNet | |
| containers: | |
| - name: metricbeat | |
| image: docker.elastic.co/beats/metricbeat:7.8.1 | |
| args: [ | |
| "-c", "/etc/metricbeat.yml", | |
| "-e", | |
| "-system.hostfs=/hostfs", | |
| ] | |
| env: | |
| - name: LOGSTASH_URL | |
| value: "${LOGSTASH_URL}" | |
| - name: ENVIRONMENT | |
| value: "${ENVIRONMENT}" | |
| - name: NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| securityContext: | |
| runAsUser: 0 | |
| # If using Red Hat OpenShift uncomment this: | |
| #privileged: true | |
| resources: | |
| limits: | |
| memory: 200Mi | |
| requests: | |
| cpu: 100m | |
| memory: 100Mi | |
| volumeMounts: | |
| - name: config | |
| mountPath: /etc/metricbeat.yml | |
| readOnly: true | |
| subPath: metricbeat.yml | |
| - name: fields | |
| mountPath: /usr/share/metricbeat/fields.yml | |
| readOnly: true | |
| subPath: fields.yml | |
| - name: data | |
| mountPath: /usr/share/metricbeat/data | |
| - name: modules | |
| mountPath: /usr/share/metricbeat/modules.d | |
| readOnly: true | |
| - name: dockersock | |
| mountPath: /var/run/docker.sock | |
| - name: proc | |
| mountPath: /hostfs/proc | |
| readOnly: true | |
| - name: cgroup | |
| mountPath: /hostfs/sys/fs/cgroup | |
| readOnly: true | |
| - name: elkcrt | |
| mountPath: /etc/pki/tls/certs/ | |
| readOnly: true | |
| volumes: | |
| - name: proc | |
| hostPath: | |
| path: /proc | |
| - name: cgroup | |
| hostPath: | |
| path: /sys/fs/cgroup | |
| - name: dockersock | |
| hostPath: | |
| path: /var/run/docker.sock | |
| - name: config | |
| configMap: | |
| defaultMode: 0600 | |
| name: metricbeat-config | |
| - name: fields | |
| configMap: | |
| defaultMode: 0600 | |
| name: metricbeat-fields | |
| - name: modules | |
| configMap: | |
| defaultMode: 0600 | |
| name: metricbeat-daemonset-modules | |
| - name: data | |
| hostPath: | |
| path: /var/lib/metricbeat-data | |
| type: DirectoryOrCreate | |
| - name: elkcrt | |
| configMap: | |
| defaultMode: 0600 | |
| name: elkcrt | |
| items: | |
| - key: logstash-filebeat.crt | |
| path: logstash-filebeat.crt | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: metricbeat-deployment-modules | |
| namespace: kube-system | |
| labels: | |
| k8s-app: metricbeat | |
| data: | |
| # This module requires `kube-state-metrics` up and running under `kube-system` namespace | |
| kubernetes.yml: |- | |
| - module: kubernetes | |
| metricsets: | |
| - state_node | |
| - state_deployment | |
| - state_replicaset | |
| - state_pod | |
| - state_container | |
| - state_cronjob | |
| - state_resourcequota | |
| # Uncomment this to get k8s events: | |
| #- event | |
| period: 10s | |
| host: ${NODE_NAME} | |
| hosts: ["kube-state-metrics:8080"] | |
| --- | |
| # Deploy singleton instance in the whole cluster for some unique data sources, like kube-state-metrics | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: metricbeat | |
| namespace: kube-system | |
| labels: | |
| k8s-app: metricbeat | |
| spec: | |
| selector: | |
| matchLabels: | |
| k8s-app: metricbeat | |
| template: | |
| metadata: | |
| labels: | |
| k8s-app: metricbeat | |
| spec: | |
| nodeSelector: | |
| role: master | |
| serviceAccountName: metricbeat | |
| hostNetwork: true | |
| dnsPolicy: ClusterFirstWithHostNet | |
| containers: | |
| - name: metricbeat | |
| image: docker.elastic.co/beats/metricbeat:7.8.1 | |
| args: [ | |
| "-c", "/etc/metricbeat.yml", | |
| "-e", | |
| ] | |
| env: | |
| - name: LOGSTASH_URL | |
| value: "${LOGSTASH_URL}" | |
| - name: ENVIRONMENT | |
| value: "${ENVIRONMENT}" | |
| - name: NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| securityContext: | |
| runAsUser: 0 | |
| resources: | |
| limits: | |
| memory: 200Mi | |
| requests: | |
| cpu: 100m | |
| memory: 100Mi | |
| volumeMounts: | |
| - name: config | |
| mountPath: /etc/metricbeat.yml | |
| readOnly: true | |
| subPath: metricbeat.yml | |
| - name: fields | |
| mountPath: /usr/share/metricbeat/fields.yml | |
| readOnly: true | |
| subPath: fields.yml | |
| - name: modules | |
| mountPath: /usr/share/metricbeat/modules.d | |
| readOnly: true | |
| - name: elkcrt | |
| mountPath: /etc/pki/tls/certs/ | |
| readOnly: true | |
| volumes: | |
| - name: config | |
| configMap: | |
| defaultMode: 0600 | |
| name: metricbeat-config | |
| - name: fields | |
| configMap: | |
| defaultMode: 0600 | |
| name: metricbeat-fields | |
| - name: modules | |
| configMap: | |
| defaultMode: 0600 | |
| name: metricbeat-deployment-modules | |
| - name: elkcrt | |
| configMap: | |
| defaultMode: 0600 | |
| name: elkcrt | |
| items: | |
| - key: logstash-filebeat.crt | |
| path: logstash-filebeat.crt | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: metricbeat | |
| subjects: | |
| - kind: ServiceAccount | |
| name: metricbeat | |
| namespace: kube-system | |
| roleRef: | |
| kind: ClusterRole | |
| name: metricbeat | |
| apiGroup: rbac.authorization.k8s.io | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: metricbeat | |
| labels: | |
| k8s-app: metricbeat | |
| rules: | |
| - apiGroups: [""] | |
| resources: | |
| - nodes | |
| - namespaces | |
| - events | |
| - pods | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: ["extensions"] | |
| resources: | |
| - replicasets | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: ["apps"] | |
| resources: | |
| - statefulsets | |
| - deployments | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes/stats | |
| verbs: | |
| - get | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: metricbeat | |
| namespace: kube-system | |
| labels: | |
| k8s-app: metricbeat | |
| --- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment