ECS EC2 Deployment
Deploy KubeSense sensors alongside your application containers in an ECS EC2 task definition.
Prerequisites
- AWS account with permissions for ECS, EC2, IAM, and S3
- An existing ECS cluster with EC2 instances (with public IP allocated)
- Your application containerized and pushed to a container registry
Setup
- Navigate to your existing EC2 task definition in the ECS console.
- Create a new revision of the task definition.
- Download configuration files:
Download: Download the configuration files tarball from https://docker.kubesense.ai/configs.tar. Extract and transfer the files to your EC2 instance.
- Add the following containers to the task definition:
KubeSensor
| Setting | Value |
|---|---|
| Image | 365639915496.dkr.ecr.us-east-1.amazonaws.com/kubesensor:1.1.0 |
| Network Mode | Host |
| PID Mode | Host |
| Privileged | Yes (required for eBPF) |
| Health Check Port | 22143 |
Required Linux capabilities: SYS_ADMIN, SYS_RESOURCE, SYS_PTRACE, NET_ADMIN, NET_RAW, IPC_LOCK, SYSLOG
Volume mounts:
| Source Path | Mount Path | Purpose |
|---|---|---|
{hostpath}/kubesensor.yaml | /etc/kubesensor/kubesensor.yaml | Sensor configuration |
/var/run/docker.sock | /var/run/docker.sock | Container stats and info |
/sys/kernel/debug | /sys/kernel/debug | eBPF instrumentation |
LogSensor
| Setting | Value |
|---|---|
| Image | 365639915496.dkr.ecr.us-east-1.amazonaws.com/vector:0.43.X-debian |
Volume mounts:
| Source Path | Mount Path | Purpose |
|---|---|---|
{hostpath}/logsensor.yaml | /etc/vector/ | LogSensor configuration |
/var/run/docker.sock | /var/run/docker.sock | Log capture |
Metrics Scraper
| Setting | Value |
|---|---|
| Image | 365639915496.dkr.ecr.us-east-1.amazonaws.com/vmagent:v1.101.0 |
Start command arguments:
-promscrape.config=/config/scrape.yml
-remoteWrite.tmpDataPath=/tmpData
-remoteWrite.maxDiskUsagePerURL=1GB
-envflag.enable=true
-envflag.prefix=VM_
-loggerFormat=json
-promscrape.dropOriginalLabels=true
-promscrape.streamParse=true
-remoteWrite.showURL=true
-remoteWrite.tlsInsecureSkipVerify=true
-remoteWrite.url=http://<METRICS_STORE_HOST>:<METRICS_STORE_PORT>/api/v1/writeinfo: Replace METRICS_STORE_HOST and METRICS_STORE_PORT with your server's metrics endpoint.
Volume mounts:
| Source Path | Mount Path | Purpose |
|---|---|---|
{hostpath}/scrape.yaml | /config/scrape.yml | Scrape configuration |
cAdvisor
| Setting | Value |
|---|---|
| Image | 365639915496.dkr.ecr.us-east-1.amazonaws.com/cadvisor:latest |
| PID Mode | Host |
| Privileged | Yes |
Volume mounts:
| Source Path | Mount Path |
|---|---|
/ | /rootfs |
/var/run | /var/run |
/sys | /sys |
/var/lib/docker/ | /var/lib/docker/ |
/dev/disk/ | /dev/disk/ |
Node Exporter
| Setting | Value |
|---|---|
| Image | 365639915496.dkr.ecr.us-east-1.amazonaws.com/node-exporter:v1.8.1 |
| PID Mode | Host |
| Privileged | Yes |
Volume mounts:
| Source Path | Mount Path | Purpose |
|---|---|---|
{hostpath}/scrape.yaml | /config/scrape.yml | Scrape configuration |
- Save the new task definition revision and update the ECS service.