APM mutating admission webhookedit

This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

The APM mutating admission webhook for Kubernetes simplifies the instrumentation and configuration of your application pods.

The webhook includes a webhook receiver that modifies pods so they are automatically instrumented by an Elastic APM agent, and a Helm chart that manages the webhook receiver’s lifecycle within Kubernetes.

Learn more below, or skip ahead to Get started with the webhook.

Webhookedit

The webhook receiver modifies pods so they are automatically instrumented by an Elastic APM agent. Supported agents include:

  • Java agent
  • .NET agent
  • Node.js agent

The webhook receiver is invoked on pod creation. After receiving the object definition from the Kubernetes API server, it looks through the pod spec for a specific, user-supplied annotation. If found, the pod spec is mutated according to the webhook receiver’s configuration. This mutated object is then returned to the Kubernetes API server which uses it as the source of truth for the object.

Mutationedit

The mutation that occurs is defined below:

  1. Add an init container image that has the agent binary.
  2. Add a shared volume that is mounted into both the init container image and all container images contained in the original incoming object.
  3. Copy the agent binary from the init container image into the shared volume, making it available to the other container images.
  4. Update the environment variables in the container images to configure auto-instrumentation with the copied agent binary

To learn more about mutating webhooks, see the {kube-admin-docs}[Kubernetes Admission controller documentation].

Helm chartedit

The Helm chart manages the configuration of all associated manifest files for the webhook receiver, including generating certificates for securing communication between the Kubernetes API server and the webhook receiver.

To learn more about Helm charts, see the {helm-docs}[Helm documentation].