Configure Elastic Agent Add-On on Amazon EKS

Amazon EKS (Elastic Kubernetes Service) is a managed service that allows you to use Kubernetes on AWS without installing and operating your Kubernetes infrastructure.

Follow these steps to configure the Elastic Agent Add-On on Amazon EKS.

What you need

An existing Amazon EKS cluster. To deploy one, see Create an Amazon EKS cluster.
Elasticsearch for storing and searching your data, and Kibana for visualizing and managing it.

Elastic Cloud Hosted

To get started quickly, spin up an Elastic Cloud Hosted deployment. Elastic Cloud Hosted is available on AWS, GCP, and Azure. Try it out for free.

Self-managed

To install and run Elasticsearch and Kibana, see Installing the Elastic Stack.

Step 1: Create the Node group

You can create a managed node group with either of the following:

Step 2: Select the Elastic Agent Add-On

To see all available add-ons, check the AWS Add-ons. You can also view the most current list of available add-ons using eksctl, the AWS Management Console, or the AWS CLI.

Step 3: Configure Elastic Agent Add-On

Choose the version of Elastic Agent desired.
Get the URL and enrollment token from the cluster the Elastic Agent needs to register to.
From the Elastic Agent EKS add-on, go to Configuration values to enter the relevant URL and token values from your cluster.

		agent:
	    fleet:
            enabled: true
            url: <insert url from onboarding>
            token: <insert enrollment token from onboarding>

	

Make sure the configuration override is selected in case there are conflicts.

Step 4: Review and create

Review the data and add the Elastic Agent EKS add-on to your cluster.

Once created, you can see the Elastic Agent Add-on is Active on the AWS EKS console. Elastic Agent runs as a daemonset, so it is present on each node.

Step 5: View your data in Kibana

When the Elastic Agent is Active, it appears in Fleet and its configuration is downloaded.

Launch Kibana:
Elastic Cloud Hosted
1. Log in to your Elastic Cloud account.
2. Navigate to the Kibana endpoint in your deployment.
Self-managed

Point your browser to http://localhost:5601, replacing localhost with the name of the Kibana host.
To check if your Elastic Agent is enrolled in Fleet, go to Management → Fleet → Agents.

Important notes:

On managed Kubernetes solutions like EKS, Elastic Agent has no access to several data sources. Find below the list of the non available data:

Metrics from Kubernetes control plane components are not available. Consequently metrics are not available for kube-scheduler and kube-controller-manager components. In this regard, the respective dashboards will not be populated with data.
Audit logs are available only on Kubernetes master nodes as well, hence cannot be collected by Elastic Agent.
Fields orchestrator.cluster.name and orchestrator.cluster.url are not populated. orchestrator.cluster.name field is used as a cluster selector for default Kubernetes dashboards, shipped with Kubernetes integration.

In this regard, you can use add_fields processor to add orchestrator.cluster.name and orchestrator.cluster.url fields for each Kubernetes integration's component:
```
- add_fields:
    target: orchestrator.cluster
    fields:
      name: clusterName
      url: clusterURL
```