Beats: [Metricbeat] Access Kubernetes metrics from somewhere other than the read-only kublet port

Created on 25 Feb 2019  路  4Comments  路  Source: elastic/beats

Currently, it appears that metricbeat fetches metrics for kubernetes from the read-only http-metrics port (10255). Using this port is now deprecated. Kubernetes metrics need to be fetched through some other mechanism in the near future.

To make matters worse, the AWS EKS AMI has dropped support for the readonly port in recent versions. Out of the box, metricbeat no longer works on EKS without doing some custom work to the kubelet on the node. We upgraded recently to gain the benefit of other fixes implemented in the recent AMIs (like logrotate) and now we don't see any pod metrics.

This is somewhere between a bug and an enhancement.

Metricbeat Integrations Investigate containers
Source
picture dpankros

Most helpful comment

In master we have changed this to use the secured port by default. I'm wondering if it would be worthwhile to backport this at least to 7.6. Those three lines tested working for me under 7.5.

picture PhaedrusTheGreek on 6 Feb 2020
👍2

All 4 comments

Hi @dpankros ,

metricbeats do not enforce the read only kubelet port, you can use the commented settings here

https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-kubernetes.html#_example_configuration_17

if executing as a daemonset something like this should work on a regular kubernete cluster

    - module: kubernetes
      metricsets:
        - node
        - system
        - pod
        - container
        - volume
      period: 10s
      host: ${NODE_NAME}
      hosts: ["https://${NODE_NAME}:10250"]
      enabled: true
      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
      ssl.verification_mode: none
      ssl.certificate_authorities:
        - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
odacremolbap picture odacremolbap on 29 Mar 2019
👍2

@dpankros we will be closing this because of inactivity, if the comment above didn't solve the issue, please re-open

odacremolbap picture odacremolbap on 12 Apr 2019

@odacremolbap Hopefully this comment is not too much of a resurrection, but I have a question regarding the page and what you posted. Those seem to be the instructions for running metricbeat as a pod within the cluster.

But what about the correct configuration for running it outside of the cluster? Simply using in_cluster: false and specifying the kube_config doesn't seem to cut it. There obviously is now nothing listening to on the port specified in the documentation.

salt-mountain picture salt-mountain on 25 Jul 2019

In master we have changed this to use the secured port by default. I'm wondering if it would be worthwhile to backport this at least to 7.6. Those three lines tested working for me under 7.5.

PhaedrusTheGreek picture PhaedrusTheGreek on 6 Feb 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nicpenning picture nicpenning  路  3Comments
ptrlv picture ptrlv  路  3Comments
marian-craciunescu picture marian-craciunescu  路  3Comments
kemra102 picture kemra102  路  3Comments
adriansr picture adriansr  路  3Comments