-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fleet Server on kubernetes document proposal #1518
Open
eedugon
wants to merge
54
commits into
elastic:main
Choose a base branch
from
eedugon:fleet_server_k8s_install
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 4 commits
Commits
Show all changes
54 commits
Select commit
Hold shift + click to select a range
4468d69
fleet server on kubernetes draft added
eedugon 553f290
widget tabs and a lot of other changes
eedugon 49521cc
Fleet Host URL info updated
eedugon 6f3eb8a
extra updates
eedugon b40c67f
bmorelli suggestions and other minor changes
eedugon 2b8f544
replicas commented
eedugon 507b596
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes-co…
eedugon e1967ca
k8s service example changed
eedugon b576c7d
Merge remote-tracking branch 'eedugon/fleet_server_k8s_install' into …
eedugon 97e5ee3
yaml block fixed for attributes
eedugon 178b444
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon f0af11d
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon b50b4a1
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 5d4478c
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 7415f79
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 56e4b58
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon e9c3350
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon dfc5229
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 4972370
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 3c09c35
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon a0f72ea
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 488b264
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon b320624
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon ec99099
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 83d29d6
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 9134518
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 0de808f
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon ecf1274
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon ddc9584
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 074adf8
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon ed66ac6
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon c178866
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 68d8cac
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon e1b665a
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon cffac6a
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon e520127
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 7b2ce21
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 3213815
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 5afa358
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon bc30b64
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon f8f0f5e
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon d3f5975
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 86cd96c
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 2b86587
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 3f5836f
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 8bcc19b
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon d2b55e5
structure updated
eedugon 23163bd
attributes reviewed and other changes
eedugon a45eb4d
applied Lara's suggestions
eedugon 3d3f7cb
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 7793c03
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon f5f3840
latest suggestions by David
eedugon b20b950
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes-co…
eedugon c206951
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes-co…
eedugon File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
176 changes: 176 additions & 0 deletions
176
docs/en/ingest-management/fleet/add-fleet-server-kubernetes-content.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,176 @@ | ||
| // tag::quickstart-secret[] | ||
| The following command assumes you have the {es} CA file available in a local file. | ||
| + | ||
| [source, shell] | ||
| ------------------------------------------------------------ | ||
| kubectl create secret generic fleet-server-certs \ | ||
| --from-file=es-ca.crt=<PATH_TO_ES_CA_CERT_FILE> <1> | ||
| ------------------------------------------------------------ | ||
| <1> Substitute `<PATH_TO_ES_CA_CERT_FILE>` with your local file containing the {es} CA(s). | ||
| + | ||
| If you prefer to obtain a `yaml manifest` of the Secret to create, append `--dry-run=client -o=yaml` to the command and save the output to a file. | ||
| // end::quickstart-secret[] | ||
|
|
||
| // *************************************************** | ||
| // *************************************************** | ||
|
|
||
| // tag::production-secret[] | ||
| The following command assumes you have the {es} CA file, the {fleet-server} certificate, and the {fleet-server} key available in local files. | ||
| + | ||
| [source, shell] | ||
| ------------------------------------------------------------ | ||
| kubectl create secret generic fleet-server-certs \ | ||
| --from-file=es-ca.crt=<PATH_TO_ES_CA_CERT_FILE> \ <1> | ||
| --from-file=fleet-server.crt=<PATH_TO_FLEET_SERVER_CERT> \ <2> | ||
| --from-file=fleet-server.key=<PATH_TO_FLEET_SERVER_CERT_KEY> <3> | ||
| ------------------------------------------------------------ | ||
| <1> Substitute `<PATH_TO_ES_CA_CERT_FILE>` with your local file containing the {es} CA(s). | ||
| <2> Substitute `<PATH_TO_FLEET_SERVER_CERT>` with your local file containing the server TLS certificate for the {fleet-server}. | ||
| <3> Substitute `PATH_TO_FLEET_SERVER_CERT_KEY` with your local file containing the server TLS key for the {fleet-server}. | ||
| + | ||
| If you prefer to obtain a `yaml manifest` of the Secret to create, append `--dry-run=client -o=yaml` to the command and save the output to a file. | ||
| // end::production-secret[] | ||
|
|
||
| // *************************************************** | ||
| // *************************************************** | ||
|
|
||
| // tag::quickstart-deployment[] | ||
| [source, yaml] | ||
eedugon marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| ------------------------------------------------------------ | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: fleet-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: fleet-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: fleet-server | ||
| spec: | ||
| automountServiceAccountToken: false <1> | ||
| containers: | ||
| - name: elastic-agent | ||
| image: docker.elastic.co/beats/elastic-agent:{version} | ||
eedugon marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| env: | ||
| - name: FLEET_SERVER_ENABLE <2> | ||
| value: "true" | ||
| - name: FLEET_SERVER_ELASTICSEARCH_HOST | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: elastic_endpoint | ||
| - name: FLEET_SERVER_SERVICE_TOKEN | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: elastic_service_token | ||
| - name: FLEET_SERVER_POLICY_ID | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: fleet_policy_id | ||
| - name: ELASTICSEARCH_CA | ||
| value: /mnt/certs/es-ca.crt | ||
| ports: | ||
| - containerPort: 8220 | ||
| protocol: TCP | ||
| resources: {} <3> | ||
| volumeMounts: | ||
| - name: certs | ||
| mountPath: /mnt/certs | ||
| readOnly: true | ||
| volumes: | ||
| - name: certs | ||
| secret: | ||
| defaultMode: 420 | ||
| optional: false | ||
| secretName: fleet-server-certs | ||
| ------------------------------------------------------------ | ||
| <1> Keep `automountServiceAccountToken` set to `false` to disable the <<kubernetes-provider>> | ||
| <2> Keep `FLEET_SERVER_ENABLE` set to `true` | ||
| <3> Consider configuring requests and limits as a best practice | ||
| // + | ||
| // Manifest highlights: | ||
| // + | ||
| // * `automountServiceAccountToken: false`: used to disable the Kubernetes provider of the {fleet-server}. | ||
| // * Feel free to adapt the `name` of the Deployment or the Pod template and selector `labels`. | ||
| // * `resources`: Adapt them to your needs. | ||
| // + | ||
| // [NOTE] | ||
| // ==== | ||
| // You can use `FLEET_SERVER_POLICY_ID` instead of `FLEET_SERVER_POLICY_NAME`, and `FLEET_SERVER_ELASTICSEARCH_CA_TRUSTED_FINGERPRINT` instead of `ELASTICSEARCH_CA` if preferred. | ||
| // If you opt for `FLEET_SERVER_POLICY_ID`, provide the ID of the policy instead of the name, and if you opt for `FLEET_SERVER_ELASTICSEARCH_CA_TRUSTED_FINGERPRINT` provide the SHA-256 fingerprint of the {es} CA certificate instead of the entire certificate in PEM format. | ||
| // ==== | ||
| // end::quickstart-deployment[] | ||
|
|
||
| // *************************************************** | ||
| // *************************************************** | ||
|
|
||
| // tag::production-deployment[] | ||
| [source, yaml] | ||
| ------------------------------------------------------------ | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: fleet-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: fleet-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: fleet-server | ||
| spec: | ||
| automountServiceAccountToken: false <1> | ||
| containers: | ||
| - name: elastic-agent | ||
| image: docker.elastic.co/beats/elastic-agent:{version} | ||
| env: | ||
| - name: FLEET_SERVER_ENABLE <2> | ||
| value: "true" | ||
| - name: FLEET_SERVER_ELASTICSEARCH_HOST | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: elastic_endpoint | ||
| - name: FLEET_SERVER_SERVICE_TOKEN | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: elastic_service_token | ||
| - name: FLEET_SERVER_POLICY_ID | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: fleet_policy_id | ||
| - name: ELASTICSEARCH_CA | ||
| value: /mnt/certs/es-ca.crt | ||
| - name: FLEET_SERVER_CERT | ||
| value: /mnt/certs/fleet-server.crt | ||
| - name: FLEET_SERVER_KEY | ||
eedugon marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| value: /mnt/certs/fleet-server.key | ||
eedugon marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| ports: | ||
| - containerPort: 8220 | ||
| protocol: TCP | ||
| resources: {} <3> | ||
| volumeMounts: | ||
| - name: certs | ||
| mountPath: /mnt/certs | ||
| readOnly: true | ||
| volumes: | ||
| - name: certs | ||
| secret: | ||
| defaultMode: 420 | ||
| optional: false | ||
| secretName: fleet-server-certs | ||
| ------------------------------------------------------------ | ||
| <1> Keep `automountServiceAccountToken` set to `false` to disable the <<kubernetes-provider>> | ||
| <2> Keep `FLEET_SERVER_ENABLE` set to `true` | ||
| <3> Consider configuring requests and limits as a best practice | ||
| // end::production-deployment[] | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
\ <1>ends up rendering a space after each backslash, which isn't valid shell escaping, and will produce an error. Not sure how to fix it in asciidoc.