metricbeat 설치
2025. 3. 2. 20:48ㆍk8s/EFK
ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: metricbeat-config
namespace: kube-system
labels:
k8s-app: metricbeat
data:
metricbeat.yml: |
metricbeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
# 10G 보다 용량이 작으면 1
index.number_of_shards: 1
index.codec: best_compression
# dashboard 업로드를 위해서 필요
setup.kibana:
host: "http://kibana.elastic.svc.cluster.local:5601"
metricbeat.modules:
# Monitor Elasticsearch
- module: elasticsearch
xpack.enabled: true
period: 10s
hosts: ["http://elastic-headless.elastic.svc.cluster.local:9200"]
api_key: {id}:{passwd}
# Monitor Kibana
- module: kibana
xpack.enabled: true
period: 10s
hosts: ["http://kibana.elastic.svc.cluster.local:5601"]
api_key: {id}:{passwd}
setup.ilm.enabled: false
output.elasticsearch:
hosts: ["http://elastic-headless.elastic.svc.cluster.local:9200"]
api_key: {id}:{passwd}
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~Deployment
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: metricbeat
namespace: kube-system
labels:
k8s-app: metricbeat
spec:
selector:
matchLabels:
k8s-app: metricbeat
template:
metadata:
labels:
k8s-app: metricbeat
spec:
# 이거 없으면, pod 뜨지도 않음
serviceAccountName: metricbeat
terminationGracePeriodSeconds: 30
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
volumes:
- name: config
configMap:
name: metricbeat-config
# docker를 사용하면 docker로 설정
- name: containerdsock
hostPath:
path: /var/run/containerd.sock
- name: proc
hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
- name: varlib
hostPath:
path: /var/lib
# hostPID 권한관련 설정
hostPID: true # Allow access to host process IDs
containers:
- name: metricbeat
# 권한관련 설정
securityContext:
privileged: true # Allow full system access
capabilities:
add:
- SYS_PTRACE
# 이게 문제였던 듯
runAsUser: 0 # ✅ Run as root
image: docker.elastic.co/beats/metricbeat:{tag}
args: [
"-e",
"-system.hostfs=/hostfs"
]
env:
- name: HOST_PROC
value: "/hostfs/proc"
- name: HOST_SYS
value: "/hostfs/sys"
- name: HOST_VAR
value: "/hostfs/var"
volumeMounts:
- name: config
mountPath: /usr/share/metricbeat/metricbeat.yml
subPath: metricbeat.yml
- name: containerdsock
mountPath: /var/run/docker.sock
- name: proc
mountPath: /hostfs/proc
readOnly: true
- name: sys
mountPath: /hostfs/sys
readOnly: true
- name: varlib
mountPath: /hostfs/var/lib
readOnly: true'k8s > EFK' 카테고리의 다른 글
| kibana에 metricbeat dashboard 업로드 (0) | 2025.03.02 |
|---|---|
| metricbeat용 api_key 생성 (0) | 2025.03.02 |
| elasticsearch self monitoring 여부 확인 (0) | 2025.03.02 |
| max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]; for more information (0) | 2025.03.01 |
| elasticsearch cluster 구성을 위한 인증서 생성 (0) | 2025.03.01 |