bradford

:~#

    XF9    fTz     wgI    Cdi cmFkZm9yZC5sYS9hc3      Nld    HMv      Yml    uL2   N0Zi9iV0Z1YjJzSycK       IFw    vCi       AiI    go=

This guide complements the Installing Elastic Cloud on Kubernetes (ECK) on k3s guide.

View all ECK Guides

You may want to deploy an agent to host certain integrations, e.g., syslog, netflow, etc.

  • Create <integration>-agent.yaml with this content, replacing the following values:

    • metadata.name: The name of your agent, e.g., syslog-agent

    • spec.policyID: Policy ID from a policy created for this agent - usually a GUID unless specified in helmchart

    • spec.deployment.podTemplate.spec.containers.env FLEET_ENROLLMENT_TOKEN: The new policy from above will have a default enrollment token

    • Customize the rest of the podTemplate spec. The example below is for syslog. Your agent will need different settings depending on the application.

      • hostPort utilizes hostPort binding, supported by k3s. This is the simplest for a single node cluster. Use a NodePort service as an alternative.
      apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata:
  name: <CHANGE ME>
  namespace: elastic-stack
spec:
  version: 8.17.0
  kibanaRef:
    name: kibana
  fleetServerRef:
    name: fleet-server
  mode: fleet
  policyID: <CHANGE ME>
  deployment:
    replicas: 1
    podTemplate:
      spec:
        containers:
        - name: agent
          env:
          - name: FLEET_ENROLLMENT_TOKEN
            value: "<CHANGE ME>"
          ports:
          - containerPort: 5514
            hostPort: 5514
            protocol: UDP
            name: syslog

      k apply -f <integration>-agent.yaml

  • NodePort alternative to hostPort:

    • If you are running multiple nodes, create <integration>-service.yaml with this content, replacing the following values:

      • metadata.name: The name of your service, e.g., syslog-service

      • spec.selector.agent.k8s.elastic.co/name: The name of the related agent, e.g. syslog-agent

      • spec.ports - set up ports as needed. The example is for syslog

        apiVersion: v1
  kind: Service
  metadata:
  name: <CHANGE ME>
  namespace: elastic-stack
  spec:
  selector:
      agent.k8s.elastic.co/name: <AGENT NAME>
  ports:
  - port: 5514
      protocol: UDP
      targetPort: 5514
      nodePort: 305514  # External port number
  type: NodePort

        k apply -f <integration>-service.yaml

If you see an error

The Service "syslog-service" is invalid: spec.ports[0].nodePort: Invalid value: 5514: provided port is not in the valid range. The range of valid ports is 30000-32767

you need to select a port in the proper range for NodePort

  • Wait for the agent to start and see it listed in your list of agents in Kibana

Leave a comment

Your email address will not be published. Required fields are marked *

Markdown is supported.