Elastic Agents in K8S ECK with ingest port for Cloudflare HTTP

Dallas_Toth · January 9, 2024, 2:33am

I have my stack running with ECK and healthy Agents being ran with integrations for kubernetes system elasticsearch and kibana. I have hit an issue with the Cloudflare HTTP integration which now requires a open port of 9560.
My question is how do I get a service running against the agent and get a loadbalancer IP so I can send traffic to it?
Is it supposed to go to the Agent or should it go to the Fleet Server?
I tried both. Neither expose a new service in K8s I did see in the logs on the Fleet server that it has processed the new integration.

2024-01-09T02:26:52.481603548Z {"log.level":"info","@timestamp":"2024-01-09T02:26:52.393Z","message":"Adding /cloudflare_logpush/sinkhole_http end point to server on 0.0.0.0:9560","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"http_endpoint-default","type":"http_endpoint"},"log":{"source":"http_endpoint-default"},"address":"0.0.0.0:9560","ecs.version":"1.6.0","id":"http_endpoint-cloudflare_logpush.sinkhole_http-88b38d60-ae96-11ee-bed6-cb23cdd4c924","log.logger":"input.http_endpoint","log.origin":{"file.line":131,"file.name":"http_endpoint/input.go"},"service.name":"filebeat","ecs.version":"1.6.0"}
2024-01-09T02:26:52.834544942Z {"log.level":"info","@timestamp":"2024-01-09T02:26:52.834Z","message":"applying new components data","component":{"binary":"fleet-server","dataset":"elastic_agent.fleet_server","id":"fleet-server-default","type":"fleet-server"},"log":{"source":"fleet-server-default"},"ecs.version":"1.6.0","server.address":"","http.request.id":"01HKP0PK14R7DFKD7F0CYKBCDZ","fleet.agent.id":"5d359ba3-a1a9-4720-941f-7d7f82644440","fleet.access.apikey.id":"nN4U5IwB2IyBbxQfx7tY","req.Components":[{"id":"fleet-server-default"

My fleet server deployment for eck

apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata:
  name: fleet-server
  namespace: koatprod
spec:
  version: 8.8.0
  kibanaRef:
    name: kibana-ops
  elasticsearchRefs:
  - name: elasticsearch-ops
  mode: fleet
  fleetServerEnabled: true
  policyID: eck-fleet-server
  deployment:
    replicas: 1
    podTemplate:
      spec:
        serviceAccountName: elastic-agent
        automountServiceAccountToken: true
        securityContext:
          runAsUser: 0
  http:
    service:
      spec:
        type: ClusterIP
    tls:
      selfSignedCertificate:
        disabled: true

system · February 6, 2024, 2:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to setup Cloudflare Logpush via HTTP Endpoint? Elastic Agent elastic-stack-security	1	408	September 25, 2023
Curl to ES from outside of the K8s cluster using the certificate I can't find Elastic Observability	0	264	December 26, 2022
Elastic Defend integration failing on eck-agent helm chart pods Elastic Agent elastic-stack-security	2	21	September 11, 2024
ECK Fleet Server Behind Ingress - elastic agents becoming unhealthy Elastic Cloud on Kubernetes (ECK) fleet	5	1921	October 1, 2022
Elastic Agent Kubernetes integration doesn't send container logs Elastic Agent elastic-agent	1	1127	August 16, 2022

Elastic Agents in K8S ECK with ingest port for Cloudflare HTTP

Related topics