Skip to content

Commit

Permalink
introducing apm-server to elastdocker
Browse files Browse the repository at this point in the history
Signed-off-by: (╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW <mostafa.hussein91@gmail.com>
  • Loading branch information
mostafahussein committed Nov 22, 2022
1 parent 83de211 commit c1daa3c
Show file tree
Hide file tree
Showing 8 changed files with 189 additions and 3 deletions.
4 changes: 4 additions & 0 deletions .env
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ KIBANA_PORT=5601
LOGSTASH_HOST=logstash
LOGSTASH_PORT=8080

APMSERVER_HOST=apm-server
APMSERVER_PORT=8200

#----------- Credientals ------------------------#
# Username & Password for Admin Elasticsearch cluster.
# This is used to set the password at setup, and used by others to connect to Elasticsearch at runtime.
Expand All @@ -25,6 +28,7 @@ ELASTIC_USERNAME=elastic
ELASTIC_PASSWORD=changeme
AWS_ACCESS_KEY_ID=nottherealid
AWS_SECRET_ACCESS_KEY=notherealsecret
ELASTIC_APM_SECRET_TOKEN=secrettokengoeshere

#----------- Cluster ----------------------------#
ELASTIC_CLUSTER_NAME=elastdocker-cluster
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ COMPOSE_MONITORING := -f docker-compose.yml -f docker-compose.monitor.yml
COMPOSE_LOGGING := -f docker-compose.yml -f docker-compose.logs.yml
COMPOSE_TOOLS := -f docker-compose.yml -f docker-compose.tools.yml
COMPOSE_NODES := -f docker-compose.yml -f docker-compose.nodes.yml
ELK_SERVICES := elasticsearch logstash kibana
ELK_SERVICES := elasticsearch logstash kibana apm-server
ELK_LOG_COLLECTION := filebeat
ELK_MONITORING := elasticsearch-exporter logstash-exporter filebeat-cluster-logs
ELK_TOOLS := rubban
Expand Down
25 changes: 25 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,32 @@ If you started Prometheus Exporters using `make monitoring` command. Prometheus
![Metrics](https://user-images.githubusercontent.com/16992394/78685076-89a58900-78f1-11ea-959b-ce374fe51500.jpg)
# Working with Elastic APM
After completing the setup step, you will notice a container named apm-server which gives you deeper visibility into your applications and can help you to identify and resolve root cause issues with correlated traces, logs, and metrics.
## Authenticating with Elastic APM
In order to authenticate with Elastic APM, you will need the following:
- The value of `ELASTIC_APM_SECRET_TOKEN` defined in `.env` file as we have [secret token](https://www.elastic.co/guide/en/apm/guide/master/secret-token.html) enabled by default
- The ability to reach port `8200`
- Install elastic apm client in your application e.g. for NodeJS based applications you need to install [elastic-apm-node](https://www.elastic.co/guide/en/apm/agent/nodejs/master/typescript.html)
- Import the package in your application and call the start function, In case of NodeJS based application you can do the following:
```
const apm = require('elastic-apm-node').start({
serviceName: 'foobar',
secretToken: process.env.ELASTIC_APM_SECRET_TOKEN,

// https is enabled by default as per elastdocker configuration
serverUrl: 'https://localhost:8200',
})
```
> Make sure that the agent is started before you require any other modules in your Node.js application - i.e. before express, http, etc. as mentioned in [Elastic APM Agent - NodeJS initialization](https://www.elastic.co/guide/en/apm/agent/nodejs/master/express.html#express-initialization)
For more details or other languages you can check the following:
- [APM Agents in different languages](https://www.elastic.co/guide/en/apm/agent/index.html)
# License
[MIT License](https://raw.githubusercontent.com/sherifabdlnaby/elastdocker/master/LICENSE)
Copyright (c) 2020 Sherif Abdel-Naby
Expand Down
5 changes: 5 additions & 0 deletions apm-server/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
ARG ELK_VERSION

# https://github.com/elastic/apm-server
FROM docker.elastic.co/apm/apm-server:${ELK_VERSION}
ARG ELK_VERSION
101 changes: 101 additions & 0 deletions apm-server/config/apm-server.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
######################### APM Server Configuration #########################

################################ APM Server ################################

apm-server:
# Defines the host and port the server is listening on. Use "unix:/path/to.sock" to listen on a unix domain socket.
host: "0.0.0.0:8200"


#---------------------------- APM Server - Secure Communication with Agents ----------------------------

# Enable authentication using Secret token
auth:
secret_token: '${ELASTIC_APM_SECRET_TOKEN}'

# Enable secure communication between APM agents and the server. By default ssl is disabled.
ssl:
enabled: true

# Path to file containing the certificate for server authentication.
# Needs to be configured when ssl is enabled.
certificate: "/certs/apm-server.crt"

# Path to file containing server certificate key.
# Needs to be configured when ssl is enabled.
key: "/certs/apm-server.key"

#================================ Outputs =================================

# Configure the output to use when sending the data collected by apm-server.

#-------------------------- Elasticsearch output --------------------------
output.elasticsearch:
# Array of hosts to connect to.
# Scheme and port can be left out and will be set to the default (`http` and `9200`).
# In case you specify and additional path, the scheme is required: `http://elasticsearch:9200/path`.
# IPv6 addresses should always be defined as: `https://[2001:db8::1]:9200`.
hosts: '${ELASTICSEARCH_HOST_PORT}'

# Boolean flag to enable or disable the output module.
enabled: true

# Protocol - either `http` (default) or `https`.
protocol: "https"

# Authentication credentials
username: '${ELASTIC_USERNAME}'
password: '${ELASTIC_PASSWORD}'

# Enable custom SSL settings. Set to false to ignore custom SSL settings for secure communication.
ssl.enabled: true

# List of root certificates for HTTPS server verifications.
ssl.certificate_authorities: ["/certs/ca.crt"]

# Certificate for SSL client authentication.
ssl.certificate: "/certs/apm-server.crt"

# Client Certificate Key
ssl.key: "/certs/apm-server.key"

#============================= X-pack Monitoring =============================

# APM server can export internal metrics to a central Elasticsearch monitoring
# cluster. This requires x-pack monitoring to be enabled in Elasticsearch. The
# reporting is disabled by default.

# Set to true to enable the monitoring reporter.
monitoring.enabled: true

# Most settings from the Elasticsearch output are accepted here as well.
# Note that these settings should be configured to point to your Elasticsearch *monitoring* cluster.
# Any setting that is not set is automatically inherited from the Elasticsearch
# output configuration. This means that if you have the Elasticsearch output configured,
# you can simply uncomment the following line.
monitoring.elasticsearch:

# Protocol - either `http` (default) or `https`.
protocol: "https"

# Authentication credentials
username: '${ELASTIC_USERNAME}'
password: '${ELASTIC_PASSWORD}'

# Array of hosts to connect to.
# Scheme and port can be left out and will be set to the default (`http` and `9200`).
# In case you specify and additional path, the scheme is required: `http://elasticsearch:9200/path`.
# IPv6 addresses should always be defined as: `https://[2001:db8::1]:9200`.
hosts: '${ELASTICSEARCH_HOST_PORT}'

# Enable custom SSL settings. Set to false to ignore custom SSL settings for secure communication.
ssl.enabled: true

# List of root certificates for HTTPS server verifications.
ssl.certificate_authorities: ["/certs/ca.crt"]

# Certificate for SSL client authentication.
ssl.certificate: "/certs/apm-server.crt"

# Client Certificate Key
ssl.key: "/certs/apm-server.key"
28 changes: 28 additions & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ secrets:
file: ./secrets/certs/kibana/kibana.crt
kibana.key:
file: ./secrets/certs/kibana/kibana.key
apm-server.certificate:
file: ./secrets/certs/apm-server/apm-server.crt
apm-server.key:
file: ./secrets/certs/apm-server/apm-server.key

services:
elasticsearch:
Expand Down Expand Up @@ -120,3 +124,27 @@ services:
target: /certs/kibana.key
ports:
- "5601:5601"

apm-server:
image: elastdocker/apm-server:${ELK_VERSION}
build:
context: apm-server/
args:
ELK_VERSION: $ELK_VERSION
restart: unless-stopped
ports:
- "8200:8200"
volumes:
- ./apm-server/config/apm-server.yml:/usr/share/apm-server/apm-server.yml:ro
environment:
ELASTIC_USERNAME: ${ELASTIC_USERNAME}
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
ELASTICSEARCH_HOST_PORT: https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}
ELASTIC_APM_SECRET_TOKEN: ${ELASTIC_APM_SECRET_TOKEN}
secrets:
- source: elastic.ca
target: /certs/ca.crt
- source: apm-server.certificate
target: /certs/apm-server.crt
- source: apm-server.key
target: /certs/apm-server.key
18 changes: 17 additions & 1 deletion kibana/config/kibana.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,22 @@ xpack.reporting.encryptionKey: RSCueeHKzrqzOVTJhkjt17EMnzM96LlN
elasticsearch.serviceAccountToken: "${KIBANA_SERVICE_ACCOUNT_TOKEN}"
elasticsearch.ssl.certificateAuthorities: [ "/certs/ca.crt" ]

## Add policy for apm-server integration
xpack.fleet.packages:
- name: apm
version: latest
xpack.fleet.agentPolicies:
- name: Agent policy 1
id: agent-policy-1
namespace: default
monitoring_enabled:
- logs
- metrics
package_policies:
- name: apm-1
id: default-apm
package:
name: apm

## Misc
elasticsearch.requestTimeout: 90000
Expand All @@ -29,4 +45,4 @@ elasticsearch.requestTimeout: 90000

## ElastAlert Plugin
#elastalert-kibana-plugin.serverHost: elastalert
#elastalert-kibana-plugin.serverPort: 3030
#elastalert-kibana-plugin.serverPort: 3030
9 changes: 8 additions & 1 deletion setup/instances.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,11 @@ instances:
- kibana
- localhost
ip:
- 127.0.0.1
- 127.0.0.1

- name: apm-server
dns:
- apm-server
- localhost
ip:
- 127.0.0.1

0 comments on commit c1daa3c

Please sign in to comment.