# For more information refer https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-standalone.html apiVersion: apps/v1 kind: DaemonSet metadata: name: elastic-agent-standalone namespace: kube-system labels: app.kubernetes.io/name: elastic-agent-standalone spec: selector: matchLabels: app.kubernetes.io/name: elastic-agent-standalone template: metadata: labels: app.kubernetes.io/name: elastic-agent-standalone spec: # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule - key: node-role.kubernetes.io/master effect: NoSchedule serviceAccountName: elastic-agent-standalone hostNetwork: true dnsPolicy: ClusterFirstWithHostNet # Uncomment if using hints feature #initContainers: # - name: k8s-templates-downloader # image: docker.elastic.co/elastic-agent/elastic-agent:9.1.0 # command: ['bash'] # args: # - -c # - >- # mkdir -p /etc/elastic-agent/inputs.d && # curl -sL https://github.com/elastic/elastic-agent/archive/9.1.tar.gz | tar xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-9.1/deploy/kubernetes/elastic-agent-standalone/templates.d" # volumeMounts: # - name: external-inputs # mountPath: /etc/elastic-agent/inputs.d containers: - name: elastic-agent-standalone image: docker.elastic.co/elastic-agent/elastic-agent:9.1.0 args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] env: # The API Key with access privilleges to connect to Elasticsearch. https://www.elastic.co/guide/en/fleet/current/grant-access-to-elasticsearch.html#create-api-key-standalone-agent - name: API_KEY value: "" # The basic authentication username used to connect to Elasticsearch. Alternative to API_KEY access. # This user needs the privileges required to publish events to Elasticsearch. - name: ES_USERNAME value: "elastic" # The basic authentication password used to connect to Elasticsearch - name: ES_PASSWORD value: "changeme" # The Elasticsearch host to communicate with - name: ES_HOST value: "" - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html - name: ELASTIC_NETINFO value: "false" securityContext: runAsUser: 0 # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. #procMount: "Unmasked" #privileged: true #capabilities: # add: # - SYS_ADMIN resources: limits: memory: 1Gi requests: cpu: 100m memory: 500Mi volumeMounts: - name: datastreams mountPath: /etc/elastic-agent/agent.yml readOnly: true subPath: agent.yml - name: proc mountPath: /hostfs/proc readOnly: true - name: cgroup mountPath: /hostfs/sys/fs/cgroup readOnly: true - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true - name: varlog mountPath: /var/log readOnly: true - name: etc-full mountPath: /hostfs/etc readOnly: true - name: var-lib mountPath: /hostfs/var/lib readOnly: true - name: sys-kernel-debug mountPath: /sys/kernel/debug - name: elastic-agent-state mountPath: /usr/share/elastic-agent/state # Uncomment if using hints feature # - name: external-inputs # mountPath: /usr/share/elastic-agent/state/inputs.d volumes: - name: datastreams configMap: defaultMode: 0644 name: agent-node-datastreams - name: proc hostPath: path: /proc - name: cgroup hostPath: path: /sys/fs/cgroup - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: varlog hostPath: path: /var/log # The following volumes are needed for Cloud Security Posture integration (cloudbeat) # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: etc-full hostPath: path: /etc - name: var-lib hostPath: path: /var/lib # Needed for Universal Profiling # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: path: /sys/kernel/debug # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state # Update 'kube-system' with the namespace of your agent installation - name: elastic-agent-state hostPath: path: /var/lib/elastic-agent-standalone/kube-system/state type: DirectoryOrCreate # Uncomment if using hints feature # - name: external-inputs # emptyDir: {}