1

Elasticsearch Synthetics browser monitoring in kubernetes or containers

Elastic’s Synthetics is still a beat feature but lately many are trying to use this but is having a hard time configuring it in containers and in kubernetes. I’ve started a simple stack deployment using my deploy-elastick8s.sh script and added tested this out. create the stack https://www.gooksu.com/2022/09/new-elastic-kubernetes-script-deploy-elastick8s-sh/ configure heartbeat followed the documents from https://www.elastic.co/guide/en/beats/heartbeat/current/running-on-kubernetes.html and used https://raw.githubusercontent.com/elastic/beats/8.7/deploy/kubernetes/heartbeat-kubernetes.yaml to create heartbeats. added browser monitoring using https://www.elastic.co/guide/en/beats/heartbeat/8.7/monitor-browser-options.html ran into some issues since browser monitoring can not be ran with root user need to change so that heartbeat can be ran as heartbeat user found https://github.com/elastic/beats/issues/29465#issuecomment-1024975901 to add the securityContext for spec and… Continue Reading

9

Updated deploy-elastic script – version 7

UPDATE 3/30/2022 – another update was made to make fleet deployments easier. This is explained on this post The original post for the deploy-elastic.sh script is here. Made some updates so I thought I would post it on a new post. Changes: 8.x is now supported. You can use the script for any versions 6.x-8.x. full – modes are removed. The script is additive so if you deploy only the stack and want to add features on top you can run it again with the feature you want to add. You can add multiple features to your stack. Starting stack… Continue Reading

2

elasticsearch stack monitoring on kubernetes(ECK)

UPDATE: Since ECK operator 1.7 there is a new way to deploy stack monitoring. I’ve added the section at the end to cover for this. The old method still works and depending on your use case you can still use the old method versus new. The main difference between the OLD and NEW is that the OLD method uses filebeat and metricbeat pods while the new method uses filebeat and metricbeat sidecar containers. Lets get started with monitoring your elastic stack in kubernetes. There are multiple ways of doing this and I will divide this up into 3 sections, using… Continue Reading

1

elasticsearch 8.x configure roles and users for stack monitoring

A lot of changes were made with elasticsearch 8.0 release but the main one that affected me the most was the ability to use the default elastic(superuser role) to access system indices. According to https://www.elastic.co/guide/en/elasticsearch/reference/current/release-highlights.html#_better_protection_for_system_indices we no longer have write access to system indices with the superuser role. When configuring stack monitoring using metricbeats this is an issue if you’ve been just using the elastic user to configure the monitoring. You can add allow_restricted_indices to the role to enable it back however its the lazy and insecure method. I’ve summarized the creation of roles and users for metricbeats and filebeats… Continue Reading