# For more information https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-managed-by-fleet.html apiVersion: apps/v1 kind: DaemonSet metadata: name: elastic-agent namespace: kube-system labels: app.kubernetes.io/name: elastic-agent spec: selector: matchLabels: app.kubernetes.io/name: elastic-agent template: metadata: labels: app.kubernetes.io/name: elastic-agent spec: # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule - key: node-role.kubernetes.io/master effect: NoSchedule serviceAccountName: elastic-agent hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: elastic-agent image: docker.elastic.co/elastic-agent/elastic-agent:9.1.0 env: # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode - name: FLEET_ENROLL value: "1" # Set to true to communicate with Fleet with either insecure HTTP or unverified HTTPS - name: FLEET_INSECURE value: "false" # Fleet Server URL to enroll the Elastic Agent into # FLEET_URL can be found in Kibana, go to Management > Fleet > Settings - name: FLEET_URL value: "https://fleet-server:8220" # Elasticsearch API key used to enroll Elastic Agents in Fleet (https://www.elastic.co/guide/en/fleet/current/fleet-enrollment-tokens.html#fleet-enrollment-tokens) # If FLEET_ENROLLMENT_TOKEN is empty then KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed - name: FLEET_ENROLLMENT_TOKEN value: "token-id" - name: KIBANA_HOST value: "http://kibana:5601" # The basic authentication username used to connect to Kibana and retrieve a service_token to enable Fleet - name: KIBANA_FLEET_USERNAME value: "elastic" # The basic authentication password used to connect to Kibana and retrieve a service_token to enable Fleet - name: KIBANA_FLEET_PASSWORD value: "changeme" - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html - name: ELASTIC_NETINFO value: "false" securityContext: runAsUser: 0 # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. #procMount: "Unmasked" #privileged: true #capabilities: # add: # - SYS_ADMIN resources: limits: memory: 1Gi requests: cpu: 100m memory: 500Mi volumeMounts: - name: proc mountPath: /hostfs/proc readOnly: true - name: cgroup mountPath: /hostfs/sys/fs/cgroup readOnly: true - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true - name: varlog mountPath: /var/log readOnly: true - name: etc-full mountPath: /hostfs/etc readOnly: true - name: var-lib mountPath: /hostfs/var/lib readOnly: true - name: etc-mid mountPath: /etc/machine-id readOnly: true - name: sys-kernel-debug mountPath: /sys/kernel/debug - name: elastic-agent-state mountPath: /usr/share/elastic-agent/state volumes: - name: proc hostPath: path: /proc - name: cgroup hostPath: path: /sys/fs/cgroup - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: varlog hostPath: path: /var/log # The following volumes are needed for Cloud Security Posture integration (cloudbeat) # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: etc-full hostPath: path: /etc - name: var-lib hostPath: path: /var/lib # Mount /etc/machine-id from the host to determine host ID # Needed for Kubernetes node autodiscovery - name: etc-mid hostPath: path: /etc/machine-id type: File # Needed for Universal Profiling # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: path: /sys/kernel/debug # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state # Update 'kube-system' with the namespace of your agent installation - name: elastic-agent-state hostPath: path: /var/lib/elastic-agent-managed/kube-system/state type: DirectoryOrCreate