Elastic Exporter Metricsπ
Reference Documentationπ
Overviewπ
The Elasticsearch Exporter needs authentication configured to be able to scrape information and serve up metrics:
- By default (similar to fluent-bit) the built-in
elasticsuperuser account is fed in to be able to authenticate. - There is also support for utilizing an API_KEY to communicate with the ES Cluster which is recommended for production installations.
Using an API Keyπ
The Exporter only needs read only permission to the cluster and itβs indices. The following policy that must be applied via curl -XPOST creates a Key and Role for just those permissions:
_security/api_key
{
"name": "prom-exporter",
"role_descriptors": {
"prom-monitoring": {
"cluster": [
"monitor",
"monitor_snapshot"
],
"index": [
{
"names": ["*"],
"privileges": ["monitor"]
}
]
}
}
}
This can be applied within a BigBang cluster with the following 2 commands (run on two separate windows/panes/terminals/etc):
kubectl port-forward svc/logging-ek-es-http -n logging 9200:9200
&
curl -XPOST -H 'Content-Type: application/json' -ku "elastic:$(kubectl get secrets -n logging logging-ek-es-elastic-user -o go-template='{{.data.elastic | base64decode}}')" "https://localhost:9200/_security/api_key" -d '{ "name": "prom-exporter", "role_descriptors": { "prom-monitoring": { "cluster": ["monitor", "monitor_snapshot"], "index": [ { "names": ["*"], "privileges": ["monitor"] } ] } } }'
The above comand will return the reponse of:
{"id":"XXXXXXXXXXXXXXXXXXXX","name":"prom-exporter","api_key":"XXXXXXXXXXXXXXXXXXXXXX","encoded":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=="}
Make sure to save the "encoded" portion and adjust your logging value overrides to match the following:
logging:
values:
metrics:
env:
ES_API_KEY: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=="
ES_USERNAME: ""
extraEnvSecrets: null
This will disable the BigBang built in mapping of the elastic user and instead utilize only the configured ES_API_KEY