- Elastic Cloud on Kubernetes:
- Overview
- Quickstart
- Operating ECK
- Orchestrating Elastic Stack applications
- Run Elasticsearch on ECK
- Node configuration
- Volume claim templates
- Storage recommendations
- Transport settings
- Virtual memory
- Settings managed by ECK
- Secure settings
- Custom configuration files and plugins
- Init containers for plugin downloads
- Update strategy
- Pod disruption budget
- Nodes orchestration
- Advanced Elasticsearch node scheduling
- Create automated snapshots
- Remote clusters
- Readiness probe
- Pod PreStop hook
- Elasticsearch autoscaling
- JVM heap dumps
- Security Context
- Run Kibana on ECK
- Run APM Server on ECK
- Run standalone Elastic Agent on ECK
- Run Fleet-managed Elastic Agent on ECK
- Run Elastic Maps Server on ECK
- Run Enterprise Search on ECK
- Run Beats on ECK
- Run Logstash on ECK
- Elastic Stack Helm Chart
- Recipes
- Secure the Elastic Stack
- Access Elastic Stack services
- Customize Pods
- Manage compute resources
- Autoscaling stateless applications
- Elastic Stack configuration policies
- Upgrade the Elastic Stack version
- Connect to external Elastic resources
- Run Elasticsearch on ECK
- Advanced topics
- Troubleshooting ECK
- Reference
- API Reference
- agent.k8s.elastic.co/v1alpha1
- apm.k8s.elastic.co/v1
- apm.k8s.elastic.co/v1beta1
- autoscaling.k8s.elastic.co/v1alpha1
- beat.k8s.elastic.co/v1beta1
- common.k8s.elastic.co/v1
- common.k8s.elastic.co/v1alpha1
- common.k8s.elastic.co/v1beta1
- elasticsearch.k8s.elastic.co/v1
- elasticsearch.k8s.elastic.co/v1beta1
- enterprisesearch.k8s.elastic.co/v1
- enterprisesearch.k8s.elastic.co/v1beta1
- kibana.k8s.elastic.co/v1
- kibana.k8s.elastic.co/v1beta1
- logstash.k8s.elastic.co/v1alpha1
- maps.k8s.elastic.co/v1alpha1
- stackconfigpolicy.k8s.elastic.co/v1alpha1
- Glossary
- Third-party dependencies
- API Reference
- Release highlights
- 2.16.1 release highlights
- 2.16.0 release highlights
- 2.15.0 release highlights
- 2.14.0 release highlights
- 2.13.0 release highlights
- 2.12.1 release highlights
- 2.12.0 release highlights
- 2.11.1 release highlights
- 2.11.0 release highlights
- 2.10.0 release highlights
- 2.9.0 release highlights
- 2.8.0 release highlights
- 2.7.0 release highlights
- 2.6.2 release highlights
- 2.6.1 release highlights
- 2.6.0 release highlights
- 2.5.0 release highlights
- 2.4.0 release highlights
- 2.3.0 release highlights
- 2.2.0 release highlights
- 2.1.0 release highlights
- 2.0.0 release highlights
- 1.9.1 release highlights
- 1.9.0 release highlights
- 1.8.0 release highlights
- 1.7.1 release highlights
- 1.7.0 release highlights
- 1.6.0 release highlights
- 1.5.0 release highlights
- 1.4.1 release highlights
- 1.4.0 release highlights
- 1.3.2 release highlights
- 1.3.1 release highlights
- 1.3.0 release highlights
- 1.2.2 release highlights
- 1.2.1 release highlights
- 1.2.0 release highlights
- 1.1.2 release highlights
- 1.1.1 release highlights
- 1.1.0 release highlights
- 1.0.1 release highlights
- 1.0.0 release highlights
- 1.0.0-beta1 release highlights
- Release notes
- Elastic Cloud on Kubernetes version 2.16.1
- Elastic Cloud on Kubernetes version 2.16.0
- Elastic Cloud on Kubernetes version 2.15.0
- Elastic Cloud on Kubernetes version 2.14.0
- Elastic Cloud on Kubernetes version 2.13.0
- Elastic Cloud on Kubernetes version 2.12.1
- Elastic Cloud on Kubernetes version 2.12.0
- Elastic Cloud on Kubernetes version 2.11.1
- Elastic Cloud on Kubernetes version 2.11.0
- Elastic Cloud on Kubernetes version 2.10.0
- Elastic Cloud on Kubernetes version 2.9.0
- Elastic Cloud on Kubernetes version 2.8.0
- Elastic Cloud on Kubernetes version 2.7.0
- Elastic Cloud on Kubernetes version 2.6.2
- Elastic Cloud on Kubernetes version 2.6.1
- Elastic Cloud on Kubernetes version 2.6.0
- Elastic Cloud on Kubernetes version 2.5.0
- Elastic Cloud on Kubernetes version 2.4.0
- Elastic Cloud on Kubernetes version 2.3.0
- Elastic Cloud on Kubernetes version 2.2.0
- Elastic Cloud on Kubernetes version 2.1.0
- Elastic Cloud on Kubernetes version 2.0.0
- Elastic Cloud on Kubernetes version 1.9.1
- Elastic Cloud on Kubernetes version 1.9.0
- Elastic Cloud on Kubernetes version 1.8.0
- Elastic Cloud on Kubernetes version 1.7.1
- Elastic Cloud on Kubernetes version 1.7.0
- Elastic Cloud on Kubernetes version 1.6.0
- Elastic Cloud on Kubernetes version 1.5.0
- Elastic Cloud on Kubernetes version 1.4.1
- Elastic Cloud on Kubernetes version 1.4.0
- Elastic Cloud on Kubernetes version 1.3.2
- Elastic Cloud on Kubernetes version 1.3.1
- Elastic Cloud on Kubernetes version 1.3.0
- Elastic Cloud on Kubernetes version 1.2.2
- Elastic Cloud on Kubernetes version 1.2.1
- Elastic Cloud on Kubernetes version 1.2.0
- Elastic Cloud on Kubernetes version 1.1.2
- Elastic Cloud on Kubernetes version 1.1.1
- Elastic Cloud on Kubernetes version 1.1.0
- Elastic Cloud on Kubernetes version 1.0.1
- Elastic Cloud on Kubernetes version 1.0.0
- Elastic Cloud on Kubernetes version 1.0.0-beta1
Advanced configuration
editAdvanced configuration
editThis section covers the following topics:
Use APM Agent central configuration
editAPM Agent configuration management
[7.5.1]
Added in 7.5.1.
allows you to configure your APM Agents centrally from the Kibana APM app. To use this feature, the APM Server needs to be configured with connection details of the Kibana instance. If Kibana is managed by ECK, you can simply add a kibanaRef
attribute to the APM Server specification:
cat <<EOF | kubectl apply -f - apiVersion: apm.k8s.elastic.co/v1 kind: ApmServer metadata: name: apm-server-quickstart namespace: default spec: version: 8.17.2 count: 1 elasticsearchRef: name: quickstart kibanaRef: name: quickstart EOF
Starting with version 8.0.0 you will also need to ensure that your Kibana instance has the following configuration:
apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana config: xpack.fleet.packages: - name: apm version: latest
Customize the APM Server configuration
editTo customize the configuration of the APM Server, use the config
element in the specification:
apiVersion: apm.k8s.elastic.co/v1 kind: ApmServer metadata: name: apm-server-quickstart namespace: default spec: version: 8.17.2 count: 1 config: output: elasticsearch: headers: X-My-Header: Just an example of a custom settings elasticsearchRef: name: quickstart
The configuration items you provide always override the ones that are generated by the operator.
Specify secure settings for your APM Server
editThe APM Server keystore can be used to store sensitive settings in the APM Server configuration. ECK can automatically manage the APM Server keystore in the Pods.
-
Create a secret with the secret settings:
kubectl create secret generic apm-secret-settings --from-literal=ES_PASSWORD=asecretpassword
-
In the
spec.secureSettings
section, add a reference to the secret you previously created.apiVersion: apm.k8s.elastic.co/v1 kind: ApmServer metadata: name: apm-server-quickstart namespace: default spec: version: 8.17.2 count: 1 secureSettings: - secretName: apm-secret-settings config: output: elasticsearch: password: "${ES_PASSWORD}"
- Reference the key in the APM Server configuration, as described in the Secrets keystore for secure settings.
Reference an existing Elasticsearch cluster
editNow that you know how to use the APM keystore and customize the server configuration, you can manually configure a secured connection to an existing Elasticsearch cluster.
-
Create a secret with the Elasticsearch CA.
You need to store the certificate authority of the Elasticsearch cluster in a secret:
kubectl create secret generic es-ca --from-file=tls.crt=elasticsearch-ca.crt
The
elasticsearch-ca.crt
file must contain the CA certificate of the Elasticsearch cluster you want to use with the APM Server. -
Mount this secret using the Pod template, and reference the file in the
config
of the APM Server.Here is a complete example with a password stored in the Keystore, as described in the previous section:
apiVersion: apm.k8s.elastic.co/v1 kind: ApmServer metadata: name: apm-server-quickstart namespace: default spec: version: 8.17.2 count: 1 secureSettings: - secretName: apm-secret-settings config: output: elasticsearch: hosts: ["my-own-elasticsearch-cluster:9200"] username: elastic password: "${ES_PASSWORD}" protocol: "https" ssl.certificate_authorities: ["/usr/share/apm-server/config/elasticsearch-ca/tls.crt"] podTemplate: spec: containers: - name: apm-server volumeMounts: - mountPath: /usr/share/apm-server/config/elasticsearch-ca name: elasticsearch-ca readOnly: true volumes: - name: elasticsearch-ca secret: defaultMode: 420 optional: false secretName: es-ca # This is the secret that holds the Elasticsearch CA cert
TLS certificates
editBy default the operator manages a private CA and generates a self-signed certificate used to secure the communication between APM agents and the server.
This behavior and the relevant configuration is identical to what is done for Elasticsearch and Kibana. Check Setting up your own certificate for more information on how to use your own certificate to configure the TLS endpoint of the APM Server.
For more details on how to configure the APM agents to work with custom certificates, check the APM agents documentation.
On this page