README.md

Metricbeat Helm Chart

This Helm chart is a lightweight way to configure and run our official Metricbeat Docker image.

Warning: This branch is used for development, please use 7.7.1 release for supported version.

• Requirements
• Installing
  • Install released version using Helm repository
  • Install development version using master branch
• Upgrading
• Compatibility
• Usage notes
• Configuration
  • Deprecated
• FAQ
  • How to use Metricbeat with Elasticsearch with security (authentication and TLS) enabled?
  • How to install OSS version of Metricbeat?
  • How to use Kubelet read-only port instead of secure port?
  • Why is Metricbeat host.name field set to Kubernetes pod name?
• Contributing

Requirements

• Helm >=2.8.0 and <3.0.0
• Kubernetes >=1.9

See supported configurations for more details.

Installing

Install released version using Helm repository

• Add the Elastic Helm charts repo: helm repo add elastic https://helm.elastic.co

• Install it: helm install --name metricbeat elastic/metricbeat

Install development version using master branch

• Clone the git repo: git clone [email protected]:elastic/helm-charts.git

• Install it: helm install --name metricbeat ./helm-charts/metricbeat --set imageTag=7.7.1

Upgrading

Please always check CHANGELOG.md and BREAKING_CHANGES.md before upgrading to a new chart version.

Compatibility

This chart is tested with the latest supported versions. The currently tested versions are:

6.x	7.x
6.8.10	7.7.1

Examples of installing older major versions can be found in the examples directory.

While only the latest releases are tested, it is possible to easily install old or new releases by overriding the imageTag To install version 7.7.1 of Metricbeat it would look like this:

helm install --name metricbeat elastic/metricbeat --set imageTag=7.7.1

Usage notes

• The default Metricbeat configuration file for this chart is configured to use an Elasticsearch endpoint. Without any additional changes, Metricbeat will send documents to the service URL that the Elasticsearch Helm chart sets up by default. You may either set the ELASTICSEARCH_HOSTS environment variable in extraEnvs to override this endpoint or modify the default metricbeatConfig to change this behavior.
• This chart disables the HostNetwork setting by default for compatibility reasons with the majority of kubernetes providers and scenarios. Some kubernetes providers may not allow enabling hostNetwork and deploying multiple Metricbeat pods on the same node isn't possible with hostNetwork However Metricbeat does recommend activating it. If your kubernetes provider is compatible with hostNetwork and you don't need to run multiple Metricbeat DaemonSets, you can activate it by setting hostNetworking: true in values.yaml.
• This repo includes a number of examples configurations which can be used as a reference. They are also used in the automated testing of this chart.

Configuration

Parameter	Description	Default
clusterRoleRules	Configurable cluster role rules that Metricbeat uses to access Kubernetes resources	see values.yaml
daemonset.affinity	Configurable affinity for Metricbeat daemonset	{}
daemonset.envFrom	Templatable string of envFrom to be passed to the environment from variables which will be appended to Metricbeat container for DaemonSet	[]
daemonset.extraEnvs	Extra environment variables which will be appended to Metricbeat container for DaemonSet	[]
daemonset.extraVolumeMounts	Templatable string of additional volumeMounts to be passed to the tpl function or DaemonSet	[]
daemonset.extraVolumes	Templatable string of additional volumes to be passed to the tpl function or DaemonSet	[]
daemonset.hostNetworking	Enable Metricbeat DaemonSet to use hostNetwork	false
daemonset.metricbeatConfig	Allows you to add any config files in /usr/share/metricbeat such as metricbeat.yml for Metricbeat DaemonSet	see values.yaml
daemonset.nodeSelector	Configurable nodeSelector for Metricbeat DaemonSet	{}
daemonset.resources	Allows you to set the resources for Metricbeat DaemonSet	see values.yaml
daemonset.secretMounts	Allows you easily mount a secret as a file inside the DaemonSet. Useful for mounting certificates and other secrets. See values.yaml for an example	[]
daemonset.securityContext	Configurable securityContext for Metricbeat DaemonSet pod execution environment	see values.yaml
daemonset.tolerations	Configurable tolerations for Metricbeat DaemonSet	[]
deployment.affinity	Configurable affinity for Metricbeat Deployment	{}
deployment.envFrom	Templatable string of envFrom to be passed to the environment from variables which will be appended to Metricbeat container for Deployment	[]
deployment.extraEnvs	Extra environment variables which will be appended to Metricbeat container for Deployment	[]
deployment.extraVolumeMounts	Templatable string of additional volumeMounts to be passed to the tpl function or DaemonSet	[]
deployment.extraVolumes	Templatable string of additional volumes to be passed to the tpl function or Deployment	[]
deployment.metricbeatConfig	Allows you to add any config files in /usr/share/metricbeat such as metricbeat.yml for Metricbeat Deployment	see values.yaml
deployment.nodeSelector	Configurable nodeSelector for Metricbeat Deployment	{}
deployment.resources	Allows you to set the resources for Metricbeat Deployment	see values.yaml
deployment.secretMounts	Allows you easily mount a secret as a file inside the Deployment Useful for mounting certificates and other secrets. See values.yaml for an example	[]
deployment.securityContext	Configurable securityContext for Metricbeat Deployment pod execution environment	see values.yaml
deployment.tolerations	Configurable tolerations for Metricbeat Deployment	[]
extraContainers	Templatable string of additional containers to be passed to the tpl function	""
extraInitContainers	Templatable string of additional containers to be passed to the tpl function	""
fullnameOverride	Overrides the full name of the resources. If not set the name will default to " .Release.Name - .Values.nameOverride or .Chart.Name "	""
hostPathRoot	Fully-qualified hostPath that will be used to persist Metricbeat registry data	/var/lib
imagePullPolicy	The Kubernetes imagePullPolicy value	IfNotPresent
imagePullSecrets	Configuration for imagePullSecrets so that you can use a private registry for your image	[]
imageTag	The Metricbeat Docker image tag	7.7.1
image	The Metricbeat Docker image	docker.elastic.co/beats/metricbeat
labels	Configurable labels applied to all Metricbeat pods	{}
livenessProbe	Parameters to pass to liveness probe checks for values such as timeouts and thresholds	see values.yaml
managedServiceAccount	Whether the serviceAccount should be managed by this helm chart. Set this to false in order to manage your own service account and related roles	true
nameOverride	Overrides the chart name for resources. If not set the name will default to .Chart.Name	""
podAnnotations	Configurable annotations applied to all Metricbeat pods	{}
priorityClassName	The name of the PriorityClass. No default is supplied as the PriorityClass must be created first	""
readinessProbe	Parameters to pass to readiness probe checks for values such as timeouts and thresholds	see values.yaml
replicas	The replica count for the Metricbeat deployment talking to kube-state-metrics	1
serviceAccount	Custom serviceAccount that Metricbeat will use during execution. By default will use the service account created by this chart	""
terminationGracePeriod	Termination period (in seconds) to wait before killing Metricbeat pod process on pod shutdown	30
updateStrategy	The updateStrategy for the DaemonSet By default Kubernetes will kill and recreate pods on updates. Setting this to OnDelete will require that pods be deleted manually	RollingUpdate

Deprecated

Parameter	Description	Default
affinity	Configurable affinity for Metricbeat DaemonSet	{}
envFrom	Templatable string to be passed to the environment from variables which will be appended to Metricbeat container for both DaemonSet and Deployment	[]
extraEnvs	Extra environment variables which will be appended to Metricbeat container for both DaemonSet and Deployment	[]
extraVolumeMounts	Templatable string of additional volumeMounts to be passed to the tpl function for both DaemonSet and Deployment	[]
extraVolumes	Templatable string of additional volumes to be passed to the tpl function for both DaemonSet and Deployment	[]
metricbeatConfig	Allows you to add any config files in /usr/share/metricbeat such as metricbeat.yml for both Metricbeat DaemonSet and Deployment	{}
nodeSelector	Configurable nodeSelector for Metricbeat DaemonSet	{}
podSecurityContext	Configurable securityContext for Metricbeat DaemonSet and Deployment pod execution environment	{}
resources	Allows you to set the resources for both Metricbeat DaemonSet and Deployment	{}
secretMounts	Allows you easily mount a secret as a file inside DaemonSet and Deployment Useful for mounting certificates and other secrets	[]
tolerations	Configurable tolerations for both Metricbeat DaemonSet and Deployment	[]

FAQ

How to use Metricbeat with Elasticsearch with security (authentication and TLS) enabled?

This Helm chart can use existing Kubernetes secrets to setup credentials or certificates for examples. These secrets should be created outside of this chart and accessed using environment variables and volumes.

An example can be found in examples/security.

How to install OSS version of Metricbeat?

Deploying OSS version of Elasticsearch can be done by setting image value to [Metricbeat OSS Docker image][]

An example of Metricbeat deployment using OSS version can be found in examples/oss.

How to use Kubelet read-only port instead of secure port?

Default Metricbeat configuration has been switched to Kubelet secure port (10250/TCP) instead of read-only port (10255/TCP) in #471 because read-only port usage is now discouraged and not enabled by default in most Kubernetes configurations.

However, if you need to use read-only port, you can replace hosts: ["https://${NODE_NAME}:10250"] by hosts: ["${NODE_NAME}:10255"] and comment bearer_token_file and ssl.verification_mode in daemonset.metricbeatConfig in values.yaml.

Why is Metricbeat host.name field set to Kubernetes pod name?

The default Metricbeat configuration is using Metricbeat pod name for agent.hostname and host.name fields. The hostname of the Kubernetes nodes can be find in kubernetes.node.name field. If you would like to have agent.hostname and host.name fields set to the hostname of the nodes, you'll need to set daemonset.hostNetworking value to true.

Note that enabling hostNetwork make Metricbeat pod use the host network namespace which gives it access to the host loopback device, services listening on localhost, could be used to snoop on network activity of other pods on the same node.

Contributing

Please check CONTRIBUTING.md before any contribution or for any questions about our development and testing process.