--- tags: Observability, elastic cloud kubernetes --- :::warning 這份筆記後續沒有維護，yaml 應該有錯誤，參考此份文件作業之前請注意此問題 ::: # elastic cloud kubernetes install https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html https://github.com/elastic/cloud-on-k8s (這邊可以找參考) :::warning ECK Operator 預設安裝後取得的是基本授權 (免費)，但是內部 ECK 相關的 Helm 安裝設定全部都是企業版限定 ([github issue](https://github.com/elastic/cloud-on-k8s/issues/6261)) 未來是否可以使用 value yaml 控制還不得而知，所以現階段需要在安裝好 eck operator 之後自行撰寫各服務的安裝 yaml 檔案來進行安裝 ::: ## 安裝後預設 kibana 帳號密碼 [參考資料](https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-users.html#bootstrap-elastic-passwords) user = elastic pasw = secrets: elasticsearch-es-elastic-user ## 參考資料 - [BLOG: 起風前的相遇-Elastic APM](https://blog.elliot.tw/?p=597) - [ECK with Istio](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-service-mesh-istio.html) - [ECK Fleet-managed Elastic Agent Quickstart](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-quickstart.html) ## 額外記錄用於未來參考 - [fleet-server secure-connections](https://www.elastic.co/guide/en/fleet/current/secure-connections.html) - [elastic observability offical doc](https://www.elastic.co/guide/en/observability/current/index.html) - [open-telemetry collector set export to elastic apm server](https://www.elastic.co/guide/en/apm/guide/current/open-telemetry-direct.html#connect-open-telemetry-collector) - [open-telemetry agent set send to elastic apm server](https://www.elastic.co/guide/en/apm/guide/current/open-telemetry-direct.html#instrument-apps-otel) - [open-telemetry elasticsearch exporter](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter/elasticsearchexporter) # yaml :::info 以下內容有參考 ECK-Helm 中，eck-stack 所產出的基礎設定來調整 ::: ## elastic-operator argocd application yaml ```yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: labels: type: cluster-infra namespace: argocd name: elastic-eck-operator spec: destination: name: 'in-cluster' namespace: elastic-system source: repoURL: 'https://helm.elastic.co' targetRevision: 2.6.1 chart: eck-operator helm: # 由於 helm value 內預設有 override full name，所以這個設定應該是不需要的 # releaseName: elastic-eck-operator valueFiles: - values.yaml project: default syncPolicy: syncOptions: - PruneLast=true - RespectIgnoreDifferences=true - ApplyOutOfSyncOnly=true - CreateNamespace=true ignoreDifferences: - group: apps kind: Deployment jsonPointers: - /spec/replicas revisionHistoryLimit: 3 ``` ## elasticsearch Manifests ```yaml apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elasticsearch namespace: elastic-system spec: http: tls: selfSignedCertificate: disabled: true version: 8.6.2 nodeSets: - name: default count: 1 config: node.store.allow_mmap: false podTemplate: metadata: annotations: traffic.sidecar.istio.io/includeInboundPorts: "*" traffic.sidecar.istio.io/excludeOutboundPorts: "9300" traffic.sidecar.istio.io/excludeInboundPorts: "9300" spec: automountServiceAccountToken: true containers: - name: elasticsearch resources: limits: cpu: 2 memory: 2Gi requests: cpu: 1 memory: 1Gi volumeClaimTemplates: - metadata: name: elasticsearch-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi storageClassName: longhorn ``` ## kibana Manifests ```yaml apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana namespace: elastic-system spec: count: 1 elasticsearchRef: name: elasticsearch # namespace: elastic-system version: 8.6.2 podTemplate: spec: automountServiceAccountToken: true containers: - name: kibana env: - name: NODE_OPTIONS value: "--max-old-space-size=2048" resources: requests: memory: 1Gi cpu: 0.5 limits: memory: 2Gi cpu: 2 http: tls: selfSignedCertificate: disabled: true ``` ## elastic-agent Manifests ```yaml apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: name: elastic-agent namespace: elastic-system spec: daemonSet: podTemplate: spec: containers: - name: agent securityContext: runAsUser: 0 elasticsearchRefs: - name: elasticsearch version: 8.6.2 ``` ## fleet-server Manifests ```yaml apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: name: fleet-server namespace: elastic-system spec: deployment: podTemplate: spec: automountServiceAccountToken: true securityContext: runAsUser: 0 serviceAccountName: fleet-server replicas: 1 elasticsearchRefs: - name: elasticsearch fleetServerEnabled: true kibanaRef: name: kibana mode: fleet version: 8.6.2 ``` ## kibana istio ingressgateway ### Gateway ```yaml apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: elastic-kibana-gateway namespace: elastic-system spec: selector: istio: ingressgateway #istio: kibana-ingressgateway servers: - hosts: - * port: name: http number: 8080 protocol: HTTP ``` ### VirtualService ```yaml apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: elastic-system-vs namespace: elastic-system spec: gateways: - elastic-kibana-gateway hosts: - * http: # - headers: # request: # set: # x-forwarded-proto: https - route: - destination: host: kibana-kb-http.elastic-system.svc.cluster.local port: number: 5601 ```