1

Elasticsearch Synthetics browser monitoring in kubernetes or containers

Elastic’s Synthetics is still a beat feature but lately many are trying to use this but is having a hard time configuring it in containers and in kubernetes. I’ve started a simple stack deployment using my deploy-elastick8s.sh script and added tested this out. create the stack https://www.gooksu.com/2022/09/new-elastic-kubernetes-script-deploy-elastick8s-sh/ configure heartbeat followed the documents from https://www.elastic.co/guide/en/beats/heartbeat/current/running-on-kubernetes.html and used https://raw.githubusercontent.com/elastic/beats/8.7/deploy/kubernetes/heartbeat-kubernetes.yaml to create heartbeats. added browser monitoring using https://www.elastic.co/guide/en/beats/heartbeat/8.7/monitor-browser-options.html ran into some issues since browser monitoring can not be ran with root user need to change so that heartbeat can be ran as heartbeat user found https://github.com/elastic/beats/issues/29465#issuecomment-1024975901 to add the securityContext for spec and… Continue Reading

0

Upgrading stack, fleet, elastic-agents in k8s running with ECK

Lets say you are running your elastic stack in k8s with ECK and you need to upgrade your environment, how would you do it and in what order? ECK operator elasticsearch kibana fleet-server elastic-agent I will use my deploy-elastick8s.sh script to deploy a fleet deployment (elasticsearch + kibana + fleet server + elastic-agents running as daemonset). I will install ECK operator 2.7.0 and stack 8.6.2 and will upgrade to 8.7.0 > ./deploy-elastick8s.sh fleet 8.6.2 2.7.0 [DEBUG] jq found [DEBUG] docker found & running [DEBUG] kubectl found [DEBUG] openssl found [DEBUG] container image docker.elastic.co/elasticsearch/elasticsearch:8.6.2 is valid [DEBUG] ECK 2.7.0 version validated.… Continue Reading

4

New elastic kubernetes script – deploy-elastick8s.sh

Changelogs 2023/02/26 Added legacy APM server integration The old deploy-eck.sh script have grown and matured a bit and now it encompasses helm charts and native installs. I renamed the script to be more inclusive of its features. All of the older articles will reference this post. The new script is located deploy-elastick8s.sh This script was designed to easily stand up elastic and its stack on kubernetes in various modes to easily test and replicate issues for troubleshooting and to setup examples for various workloads. The deployments that this script creates is not for production use but to be used as… Continue Reading

2

Fun things with Elastic’s Fleet server & elastic-agent

There are many fun things we can do with the fleet server & elastic-agent To understand how to edit and change settings to do fun things with fleet server, first you have to understand how fleet server works with kibana & elasticsearch and elastic-agent. Fleet server itself is elastic-agent that runs in a server mode. It needs to communicate with both kibana and elasticsearch as well as elastic-agent. It uses elasticsearch as its config manager to store configurations so that it can configure & keep track of elastic-agents that is registered against it. Kibana is used to configure fleet server,… Continue Reading

1

deploy-eck update 1

OUTDATED – Please use this link for the new script and instructions https://www.gooksu.com/2022/09/new-elastic-kubernetes-script-deploy-elastick8s-sh/ I developed the deploy-eck.sh script to easily deploy the elastic stack in k8s to quickly test things. Did a quick update to the script. operator mode. Now you can run the script just to deploy the operator only and apply a trial license. You can develop your own test cases etc in this mode. If you work out of ~/eckstack and name your manifest files *.yaml when you run the deploy-eck.sh cleanup it will cleanup all of your items as well. > ./deploy-eck.sh cleanup ********** Cleaning up… Continue Reading

2

Updated deploy-elastic script – version 8

Last update to version 7 is listed here The original post for the deploy-elastic.sh script is here. Changes: fully tested from 6.x-8.2(will most likely work with future 8.x versions) decoupled non stack modes from checking versions so that you can add the secondary components like monitoring/fleet/apm/enterprise-search using different version than the stack version. Just install the stack first then install the secondary components with different versions. Secondary versions can not be higher than the stack version. This will allow you to test using different versions fleet setting is now auto-populated. The script will gather the machines external IP and set… Continue Reading

9

Updated deploy-elastic script – version 7

UPDATE 3/30/2022 – another update was made to make fleet deployments easier. This is explained on this post The original post for the deploy-elastic.sh script is here. Made some updates so I thought I would post it on a new post. Changes: 8.x is now supported. You can use the script for any versions 6.x-8.x. full – modes are removed. The script is additive so if you deploy only the stack and want to add features on top you can run it again with the feature you want to add. You can add multiple features to your stack. Starting stack… Continue Reading

2

elasticsearch stack monitoring on kubernetes(ECK)

UPDATE: Since ECK operator 1.7 there is a new way to deploy stack monitoring. I’ve added the section at the end to cover for this. The old method still works and depending on your use case you can still use the old method versus new. The main difference between the OLD and NEW is that the OLD method uses filebeat and metricbeat pods while the new method uses filebeat and metricbeat sidecar containers. Lets get started with monitoring your elastic stack in kubernetes. There are multiple ways of doing this and I will divide this up into 3 sections, using… Continue Reading

0

How to run setup for various beats(filebeat, metricbeat, & more) in kubernetes to load dashboards and more

Whenever you install beats or update beats its best if you run the setup so that the setup will update your index templates, ILM, visualizations, etc. I found that its always best before installing or upgrading to use a seed host to just run the setup before deploying or updating across your environment and to turn off template updates and dashboard loading on the beats locally so that your elasticsearch cluster is not flooded. In a baremetal environment this is easy to do but in docker and in kubernetes it gets a bit difficult. Sure you can setup a initContainer… Continue Reading