cloudbeat
cloudbeat copied to clipboard
elastic
Failed to connect to backoff(elasticsearch(http://elasticsearch:9200))
While I am deploying Cloudbeat through https://github.com/elastic/cloudbeat/blob/main/dev-docs/Cloudbeat-Deployment.md#amazon-elastic-kubernetes-service-eks
and in kustomizeEksOverlay := "deploy/kustomize/overlays/cloudbeat-eks" folder I have edited my kibana host, elasticsearch hosts, password, username
as like
setup.kibana:
host: "http://
but later I am running just deploy-eks-cloudbeat
serviceaccount "cloudbeat" deleted role.rbac.authorization.k8s.io "cloudbeat-kubeadm-config" deleted role.rbac.authorization.k8s.io "cloudbeat-role" deleted Warning: deleting cluster-scoped resources, not scoped to the provided namespace clusterrole.rbac.authorization.k8s.io "cloudbeat" deleted rolebinding.rbac.authorization.k8s.io "cloudbeat-kubeadm-config" deleted serviceaccount/cloudbeat created rolebinding.rbac.authorization.k8s.io "cloudbeat-role-binding" deleted clusterrolebinding.rbac.authorization.k8s.io "cloudbeat" deleted configmap "cloudbeat-daemonset-config" deleted role.rbac.authorization.k8s.io/cloudbeat-kubeadm-config created secret "aws-creds-secret" deleted daemonset.apps "cloudbeat" deleted role.rbac.authorization.k8s.io/cloudbeat-role created clusterrole.rbac.authorization.k8s.io/cloudbeat created rolebinding.rbac.authorization.k8s.io/cloudbeat-kubeadm-config created rolebinding.rbac.authorization.k8s.io/cloudbeat-role-binding created clusterrolebinding.rbac.authorization.k8s.io/cloudbeat created configmap/cloudbeat-daemonset-config created secret/aws-creds-secret created daemonset.apps/cloudbeat created
These are getting created successfully, but even in my pod logs I am getting as Failed to connect to backoff(elasticsearch(http://elasticsearch:9200)) error.
Here can find the full log file,
logs-from-cloudbeat-in-cloudbeat-pcbbb.log
Hello @hema8184, please avoid directly tagging people (especially those not in the Cloudbeat team).
The just command you refer to is intended for development purposes like loading a custom modified cloudbeat binary to eks and run the KSPM flavor.
Is that your case? What is your use case in general?
For example, If you want to install Cloudbeat on EKS to run KSPM (given that you already have an ELK installation and that the eks cluster has network access to it), you will have to follow the KPSM integration installation guide here.
Thanks
Hai @moukoublen , I am also from the same team of @hema8184
Yes we have configured the Networking configurations correctly, My "EKS Cluster" and "Kibana, elasticsearch" are in the different vpc's with vpc peering connection enabled.
Actually it is taking elasticsearch host as "Failed to connect to backoff(elasticsearch(http://elasticsearch:9200))" but I have modified the file deploy/kustomize/overlays/cloudbeat-eks/cloudbeat.yml file to enter my kibana host and elasticsearch host, usernames and passwords. But even it is taking host as http://elasticsearch:9200, I think it is mentioned somewhere else as http://elasticsearch:9200 there i need to edit my host names.
Hello @sirishas23,
The just deploy-eks-cloudbeat was intended only for development purposes and is not actively maintained. It also uses an old elastic-agent (cloudbeat) image by default unless you overwrite that.
If you want to install cloudbeat into eks k8s cluster I think the best way to do that is by following the KPSM integration installation guide here.
If I may, what is your use case? If we know that, we might be able to provide better direction.
(Also if there is no objection I will mark this as duplicate and close it)
Hello @moukoublen, In my case, I need to install cloud beat for a project purpose in my AWS EKS and along with ELK Stack are maintained by us. What is the best way to include my existing elastic search credentials. Our final output should be when we have installed cloud beat into EKS it need connect with our ELK stack to transfer security findings to the Elasticsearch.
Hello @Shankar-Mendyala, have you tried to install the KSPM through kibana's install integration flow? (requires a fleet manager).
If yes, was there any issue with that flow?
If you try to install a standalone cloudbeat binary (not the whole elastic-agent package), you will need to do some manual work. I think there is no a quick / one-command solution for that.
You will have to use a docker image with a standalone cloudbeat binary (or elastic-agent image but use the cloudbeat binary directly) and provide a custom cloudbeat.yml config file.
Perhaps you can find an example in our kspm ci workflow, but you will have to remove the test cases and elasticsearch elements from the chart, so there is some manual work involved.