Quickstart: Running standalone Elastic Agent on Elastic Cloud on Kubernetes

1. Apply the following specification to deploy Elastic Agent with the System metrics integration to harvest CPU metrics from the Agent Pods. ECK automatically configures the secured connection to an Elasticsearch cluster named quickstart, created in Deploy an Elasticsearch cluster.

   cat <<EOF | kubectl apply -f -
   apiVersion: agent.k8s.elastic.co/v1alpha1
   kind: Agent
   metadata:
     name: quickstart
   spec:
     version: 9.4.1
     elasticsearchRefs:
     - name: quickstart
     daemonSet:
       podTemplate:
         spec:
           securityContext:
             runAsUser: 0
     config:
       inputs:
         - name: system-1
           revision: 1
           type: system/metrics
           use_output: default
           meta:
             package:
               name: system
               version: 0.9.1
           data_stream:
             namespace: default
           streams:
             - id: system/metrics-system.cpu
               data_stream:
                 dataset: system.cpu
                 type: metrics
               metricsets:
                 - cpu
               cpu.metrics:
                 - percentages
                 - normalized_percentages
               period: 10s
   EOF
   		

   1. The root user is required to persist state in a hostPath volume. See Storing local state in host path volume for options to not run the Agent container as root.

   Check Configuration examples for more ready-to-use manifests.

2. Monitor the status of Elastic Agent.

   kubectl get agent
   		

   NAME            HEALTH   AVAILABLE   EXPECTED   VERSION   AGE
   quickstart      green    3           3          9.4.1    15s
   		

3. List all the Pods that belong to a given Elastic Agent specification.

   kubectl get pods --selector='agent.k8s.elastic.co/name=quickstart'
   		

   NAME                     READY   STATUS    RESTARTS   AGE
   quickstart-agent-6bcxr   1/1     Running   0          68s
   quickstart-agent-t49fd   1/1     Running   0          68s
   quickstart-agent-zqp55   1/1     Running   0          68s
   		

4. Access logs for one of the Pods.

   kubectl logs -f quickstart-agent-6bcxr
   		

5. Access the CPU metrics ingested by Elastic Agent.

   You have two options:

   • Follow the Elasticsearch deployment guide and run:

     Tip

     If the remote endpoint uses a certificate that is not publicly trusted (for example, one signed by a private or corporate CA), provide the corresponding CA certificate using --cacert /path/to/ca.pem so that curl can verify it.

For testing only, you can use --insecure (or -k) to skip certificate verification. This flag turns off TLS trust checks and should not be used in production. ::::

sh curl -u "elastic:$PASSWORD" "https://localhost:9200/metrics-system.cpu-*/_search"

* Follow the Kibana deployment guide, log in and go to Kibana > Discover.