From bfd016fde7dca2a22180b389ddce73efe01e9015 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sat, 8 Feb 2025 13:35:14 +0100 Subject: [PATCH 01/70] eck overview added and raw documents deleted after merging --- deploy-manage/deploy/cloud-on-k8s.md | 89 ++++++++++++++++++- .../cloud-on-k8s/deploy-an-orchestrator.md | 4 + .../cloud-on-k8s/k8s-advanced-topics.md | 12 --- .../cloud-on-k8s/cloud-on-k8s/k8s-overview.md | 12 --- .../cloud-on-k8s/k8s-supported.md | 23 ----- .../cloud-on-k8s/k8s_learn_more_about_eck.md | 17 ---- raw-migrated-files/toc.yml | 4 - 7 files changed, 90 insertions(+), 71 deletions(-) delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-advanced-topics.md delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-overview.md delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-supported.md delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_learn_more_about_eck.md diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index dff4d8ffcc..81c6f6562c 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-overview.html - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-topics.html @@ -6,8 +8,6 @@ mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_learn_more_about_eck.html --- -# Elastic Cloud on Kubernetes - % What needs to be done: Refine % GitHub issue: https://github.com/elastic/docs-projects/issues/357 @@ -20,4 +20,87 @@ mapped_urls: % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-advanced-topics.md % Notes: redirect only % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-supported.md -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_learn_more_about_eck.md \ No newline at end of file +% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_learn_more_about_eck.md + +# Elastic Cloud on Kubernetes [k8s-overview] + +::::{important} +ECK is an Elastic self-managed product offered in two licensing tiers: Basic and Enterprise. For more details refer to [Elastic subscriptions](https://www.elastic.co/subscriptions) and [](/deploy-manage/license/manage-your-license-in-eck.md) documentation. +:::: + +::::{important} +ECK is only offered in two licensing tiers: Basic and Enterprise. Similar to the Elastic Stack, customers can download and use ECK with a Basic license for free. Basic license users can obtain support from GitHub or through our [community](https://discuss.elastic.co). A paid Enterprise subscription is required to engage the Elastic support team. For more details, check the [Elastic subscriptions](https://www.elastic.co/subscriptions). + +To configure a license within ECK refer to [](/deploy-manage/license/manage-your-license-in-eck.md) +:::: + +Built on the Kubernetes Operator pattern, Elastic Cloud on Kubernetes (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. + +With Elastic Cloud on Kubernetes you can streamline critical operations, such as: + +1. Managing and monitoring multiple clusters +2. Scaling cluster capacity and storage +3. Performing safe configuration changes through rolling upgrades +4. Securing clusters with TLS certificates +5. Setting up hot-warm-cold architectures with availability zone awareness + +On this section you will learn how to: +This sections offers everything you need to know about: + +- [](./cloud-on-k8s/deploy-an-orchestrator.md): ECK installation methods +- [](./cloud-on-k8s/manage-deployments.md): Install and configure {{es}} clusters and {{kib}} instances through ECK. +- [](./cloud-on-k8s/orchestrate-other-elastic-applications.md): Install and configure APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. +- [](./cloud-on-k8s/tools-apis.md): Collection of tools and APIs available in ECK based environments. + +## Supported versions [k8s-supported] + +ECK is compatible with: + +* Kubernetes 1.28-1.32 +* OpenShift 4.12-4.17 +* Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS), and Amazon Elastic Kubernetes Service (EKS) +* Helm: 3.2.0+ +* Elasticsearch, Kibana, APM Server: 6.8+, 7.1+, 8+ +* Enterprise Search: 7.7+, 8+ +* Beats: 7.0+, 8+ +* Elastic Agent: 7.10+ (standalone), 7.14+ (Fleet), 8+ +* Elastic Maps Server: 7.11+, 8+ +* Logstash: 8.7+ + +ECK should work with all conformant installers as listed in these [FAQs](https://github.com/cncf/k8s-conformance/blob/master/faq.md#what-is-a-distribution-hosted-platform-and-an-installer). Distributions include source patches and so may not work as-is with ECK. + +Alpha, beta, and stable API versions follow the same [conventions used by Kubernetes](https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-versioning). + +Elastic Stack application images for the OpenShift-certified Elasticsearch (ECK) Operator are only available from version 7.10 and later. + +Check the full [Elastic support matrix](https://www.elastic.co/support/matrix#matrix_kubernetes) for more information. + +## Learn more about ECK [k8s_learn_more_about_eck] + +* [Orchestrate Elasticsearch on Kubernetes](https://www.elastic.co/elasticsearch-kubernetes) +* [ECK post on the Elastic Blog](https://www.elastic.co/blog/introducing-elastic-cloud-on-kubernetes-the-elasticsearch-operator-and-beyond?elektra=products&storm=sub1) +* [Getting Started With Elastic Cloud on Kubernetes (ECK)](https://www.youtube.com/watch?v=PIJmlYBIFXM) +* [Running the Elastic Stack on Kubernetes with ECK](https://www.youtube.com/watch?v=Wf6E3vkvEFM) + + +## Ask for help [k8s-ask-for-help] + +If you are an existing Elastic customer with an active support contract, you can create a case in the [Elastic Support Portal](https://support.elastic.co/). Kindly attach an [ECK diagnostic](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) when opening your case. + +Alternatively, or if you do not have a support contract, and if you are unable to find a solution to your problem with the information provided in these documents, ask for help: + +* [ECK Discuss forums](https://discuss.elastic.co/c/eck) to ask any question +* [Github issues](https://github.com/elastic/cloud-on-k8s/issues) for bugs and feature requests + +% to consider in either deploy or manage deployment sections +## Advanced topics [k8s-advanced-topics] + +* [*Deploy ECK on OpenShift*](../../../deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md) +* [*Deploy ECK on GKE Autopilot*](../../../deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md) +* [*Create custom images*](../../../deploy-manage/deploy/cloud-on-k8s/create-custom-images.md) +* [*Service meshes*](../../../deploy-manage/deploy/cloud-on-k8s/service-meshes.md) +* [*Traffic Splitting*](../../../deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md) +* [*Network policies*](../../../deploy-manage/deploy/cloud-on-k8s/network-policies.md) +* [*Webhook namespace selectors*](../../../deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md) +* [*Stack Monitoring*](../../../deploy-manage/monitor/stack-monitoring/eck-stack-monitoring.md) +* [*Deploy a FIPS compatible version of ECK*](../../../deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md) diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index d942cbfa4e..2e006f1f87 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -3,6 +3,10 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html --- +% Similar to ECE section, write an introduction about the installation methods and include links to the other sections (AIR GAPPED and Configure). +% The page has been provided as it already provides a good introduction. + + # Deploy an orchestrator [k8s-quickstart] With Elastic Cloud on Kubernetes (ECK) you can extend the basic Kubernetes orchestration capabilities to easily deploy, secure, upgrade your {{es}} cluster, and much more. diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-advanced-topics.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-advanced-topics.md deleted file mode 100644 index 227a31684b..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-advanced-topics.md +++ /dev/null @@ -1,12 +0,0 @@ -# Advanced topics [k8s-advanced-topics] - -* [*Deploy ECK on OpenShift*](../../../deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md) -* [*Deploy ECK on GKE Autopilot*](../../../deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md) -* [*Create custom images*](../../../deploy-manage/deploy/cloud-on-k8s/create-custom-images.md) -* [*Service meshes*](../../../deploy-manage/deploy/cloud-on-k8s/service-meshes.md) -* [*Traffic Splitting*](../../../deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md) -* [*Network policies*](../../../deploy-manage/deploy/cloud-on-k8s/network-policies.md) -* [*Webhook namespace selectors*](../../../deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md) -* [*Stack Monitoring*](../../../deploy-manage/monitor/stack-monitoring/eck-stack-monitoring.md) -* [*Deploy a FIPS compatible version of ECK*](../../../deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md) - diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-overview.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-overview.md deleted file mode 100644 index 709fef78b3..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-overview.md +++ /dev/null @@ -1,12 +0,0 @@ -# Overview [k8s-overview] - -Built on the Kubernetes Operator pattern, Elastic Cloud on Kubernetes (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. - -With Elastic Cloud on Kubernetes you can streamline critical operations, such as: - -1. Managing and monitoring multiple clusters -2. Scaling cluster capacity and storage -3. Performing safe configuration changes through rolling upgrades -4. Securing clusters with TLS certificates -5. Setting up hot-warm-cold architectures with availability zone awareness - diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-supported.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-supported.md deleted file mode 100644 index 1f4cde423f..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-supported.md +++ /dev/null @@ -1,23 +0,0 @@ -# Supported versions [k8s-supported] - -ECK is compatible with: - -* Kubernetes 1.28-1.32 -* OpenShift 4.12-4.17 -* Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS), and Amazon Elastic Kubernetes Service (EKS) -* Helm: 3.2.0+ -* Elasticsearch, Kibana, APM Server: 6.8+, 7.1+, 8+ -* Enterprise Search: 7.7+, 8+ -* Beats: 7.0+, 8+ -* Elastic Agent: 7.10+ (standalone), 7.14+ (Fleet), 8+ -* Elastic Maps Server: 7.11+, 8+ -* Logstash: 8.7+ - -ECK should work with all conformant installers as listed in these [FAQs](https://github.com/cncf/k8s-conformance/blob/master/faq.md#what-is-a-distribution-hosted-platform-and-an-installer). Distributions include source patches and so may not work as-is with ECK. - -Alpha, beta, and stable API versions follow the same [conventions used by Kubernetes](https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-versioning). - -Elastic Stack application images for the OpenShift-certified Elasticsearch (ECK) Operator are only available from version 7.10 and later. - -Check the full [Elastic support matrix](https://www.elastic.co/support/matrix#matrix_kubernetes) for more information. - diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_learn_more_about_eck.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_learn_more_about_eck.md deleted file mode 100644 index 0501980ca6..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_learn_more_about_eck.md +++ /dev/null @@ -1,17 +0,0 @@ -# Learn more about ECK [k8s_learn_more_about_eck] - -* [Orchestrate Elasticsearch on Kubernetes](https://www.elastic.co/elasticsearch-kubernetes) -* [ECK post on the Elastic Blog](https://www.elastic.co/blog/introducing-elastic-cloud-on-kubernetes-the-elasticsearch-operator-and-beyond?elektra=products&storm=sub1) -* [Getting Started With Elastic Cloud on Kubernetes (ECK)](https://www.youtube.com/watch?v=PIJmlYBIFXM) -* [Running the Elastic Stack on Kubernetes with ECK](https://www.youtube.com/watch?v=Wf6E3vkvEFM) - - -## Ask for help [k8s-ask-for-help] - -If you are an existing Elastic customer with an active support contract, you can create a case in the [Elastic Support Portal](https://support.elastic.co/). Kindly attach an [ECK diagnostic](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) when opening your case. - -Alternatively, or if you do not have a support contract, and if you are unable to find a solution to your problem with the information provided in these documents, ask for help: - -* [ECK Discuss forums](https://discuss.elastic.co/c/eck) to ask any question -* [Github issues](https://github.com/elastic/cloud-on-k8s/issues) for bugs and feature requests - diff --git a/raw-migrated-files/toc.yml b/raw-migrated-files/toc.yml index d902109f89..5143375f55 100644 --- a/raw-migrated-files/toc.yml +++ b/raw-migrated-files/toc.yml @@ -15,9 +15,7 @@ toc: children: - file: cloud-on-k8s/cloud-on-k8s/k8s_audit_logging.md - file: cloud-on-k8s/cloud-on-k8s/k8s_installation.md - - file: cloud-on-k8s/cloud-on-k8s/k8s_learn_more_about_eck.md - file: cloud-on-k8s/cloud-on-k8s/k8s-accessing-elastic-services.md - - file: cloud-on-k8s/cloud-on-k8s/k8s-advanced-topics.md - file: cloud-on-k8s/cloud-on-k8s/k8s-air-gapped.md - file: cloud-on-k8s/cloud-on-k8s/k8s-custom-http-certificate.md - file: cloud-on-k8s/cloud-on-k8s/k8s-deploy-eck.md @@ -26,14 +24,12 @@ toc: - file: cloud-on-k8s/cloud-on-k8s/k8s-install-yaml-manifests.md - file: cloud-on-k8s/cloud-on-k8s/k8s-installing-eck.md - file: cloud-on-k8s/cloud-on-k8s/k8s-orchestration.md - - file: cloud-on-k8s/cloud-on-k8s/k8s-overview.md - file: cloud-on-k8s/cloud-on-k8s/k8s-request-elasticsearch-endpoint.md - file: cloud-on-k8s/cloud-on-k8s/k8s-rotate-credentials.md - file: cloud-on-k8s/cloud-on-k8s/k8s-saml-authentication.md - file: cloud-on-k8s/cloud-on-k8s/k8s-securing-stack.md - file: cloud-on-k8s/cloud-on-k8s/k8s-security.md - file: cloud-on-k8s/cloud-on-k8s/k8s-services.md - - file: cloud-on-k8s/cloud-on-k8s/k8s-supported.md - file: cloud-on-k8s/cloud-on-k8s/k8s-tls-certificates.md - file: cloud-on-k8s/cloud-on-k8s/k8s-upgrading-stack.md - file: cloud-on-k8s/cloud-on-k8s/k8s-users-and-roles.md From 03eaeadc0127684ca75e2202c82cb7129297db2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sat, 8 Feb 2025 13:44:30 +0100 Subject: [PATCH 02/70] applies applied to all eck files --- deploy-manage/deploy/cloud-on-k8s/accessing-services.md | 2 ++ .../deploy/cloud-on-k8s/advanced-configuration-logstash.md | 2 ++ .../cloud-on-k8s/advanced-configuration-maps-server.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md | 2 ++ .../cloud-on-k8s/advanced-elasticsearch-node-scheduling.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/apm-server.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/beats.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/configuration-beats.md | 2 ++ .../deploy/cloud-on-k8s/configuration-enterprise-search.md | 2 ++ .../deploy/cloud-on-k8s/configuration-examples-beats.md | 2 ++ .../deploy/cloud-on-k8s/configuration-examples-fleet.md | 2 ++ .../deploy/cloud-on-k8s/configuration-examples-logstash.md | 2 ++ .../deploy/cloud-on-k8s/configuration-examples-standalone.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/configuration-fleet.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/configuration-logstash.md | 2 ++ .../deploy/cloud-on-k8s/configuration-standalone.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/configure-deployments.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/configure-eck.md | 2 ++ .../deploy/cloud-on-k8s/configure-validating-webhook.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/configure.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/connect-to-apm-server.md | 2 ++ .../cloud-on-k8s/connect-to-external-elastic-resources.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/create-custom-images.md | 2 ++ .../cloud-on-k8s/custom-configuration-files-plugins.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/customize-pods.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md | 5 ++++- .../deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md | 2 ++ .../deploy/cloud-on-k8s/deploy-elastic-maps-server.md | 2 ++ .../cloud-on-k8s/deploy-fips-compatible-version-of-eck.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/elastic-maps-server.md | 2 ++ .../cloud-on-k8s/elastic-stack-configuration-policies.md | 2 ++ .../deploy/cloud-on-k8s/elasticsearch-configuration.md | 2 ++ .../cloud-on-k8s/elasticsearch-deployment-quickstart.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/enterprise-search.md | 2 ++ .../deploy/cloud-on-k8s/fleet-managed-elastic-agent.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/http-configuration.md | 2 ++ .../cloud-on-k8s/init-containers-for-plugin-downloads.md | 2 ++ .../deploy/cloud-on-k8s/install-using-helm-chart.md | 2 ++ .../cloud-on-k8s/install-using-yaml-manifest-quickstart.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/install.md | 2 ++ .../deploy/cloud-on-k8s/k8s-autopilot-deploy-agent-beats.md | 2 ++ .../cloud-on-k8s/k8s-autopilot-deploy-elasticsearch.md | 2 ++ .../deploy/cloud-on-k8s/k8s-autopilot-deploy-operator.md | 2 ++ .../cloud-on-k8s/k8s-autopilot-setting-virtual-memory.md | 2 ++ .../deploy/cloud-on-k8s/k8s-kibana-advanced-configuration.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/k8s-kibana-es.md | 2 ++ .../deploy/cloud-on-k8s/k8s-kibana-http-configuration.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/k8s-kibana-plugins.md | 2 ++ .../deploy/cloud-on-k8s/k8s-kibana-secure-settings.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/k8s-openshift-agent.md | 2 ++ .../deploy/cloud-on-k8s/k8s-openshift-anyuid-workaround.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/k8s-openshift-beats.md | 2 ++ .../cloud-on-k8s/k8s-openshift-deploy-elasticsearch.md | 2 ++ .../deploy/cloud-on-k8s/k8s-openshift-deploy-kibana.md | 2 ++ .../deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-istio.md | 2 ++ .../deploy/cloud-on-k8s/k8s-service-mesh-linkerd.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/k8s_prerequisites.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md | 2 ++ .../deploy/cloud-on-k8s/kibana-instance-quickstart.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/known-limitations.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/logstash-plugins.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/logstash.md | 2 ++ .../deploy/cloud-on-k8s/manage-compute-resources.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/manage-deployments.md | 4 ++++ .../cloud-on-k8s/managing-deployments-using-helm-chart.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/map-data.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/network-policies.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/node-configuration.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/nodes-orchestration.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/pod-disruption-budget.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/pod-prestop-hook.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/quickstart-beats.md | 2 ++ .../deploy/cloud-on-k8s/quickstart-enterprise-search.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/quickstart-fleet.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/quickstart-logstash.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/quickstart-standalone.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/readiness-probe.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/recipes.md | 2 ++ .../cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md | 2 ++ .../deploy/cloud-on-k8s/required-rbac-permissions.md | 2 ++ .../restrict-cross-namespace-resource-associations.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/securing-logstash-api.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/security-context.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/service-meshes.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/settings-managed-by-eck.md | 2 ++ .../deploy/cloud-on-k8s/standalone-elastic-agent.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/storage-recommendations.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/tls-certificates.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/transport-settings.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/troubleshooting-beats.md | 2 ++ .../deploy/cloud-on-k8s/troubleshooting-enterprise-search.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/update-deployments.md | 2 ++ .../deploy/cloud-on-k8s/update-strategy-logstash.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/update-strategy.md | 2 ++ .../use-an-elasticsearch-cluster-managed-by-eck.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/virtual-memory.md | 2 ++ deploy-manage/deploy/cloud-on-k8s/volume-claim-templates.md | 2 ++ .../deploy/cloud-on-k8s/webhook-namespace-selectors.md | 2 ++ deploy-manage/license/manage-your-license-in-eck.md | 2 ++ 102 files changed, 208 insertions(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md index 7b6d059eef..9bc4d751a9 100644 --- a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md +++ b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-accessing-elastic-services.html - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-request-elasticsearch-endpoint.html diff --git a/deploy-manage/deploy/cloud-on-k8s/advanced-configuration-logstash.md b/deploy-manage/deploy/cloud-on-k8s/advanced-configuration-logstash.md index 6972733ee9..2d0183b1c0 100644 --- a/deploy-manage/deploy/cloud-on-k8s/advanced-configuration-logstash.md +++ b/deploy-manage/deploy/cloud-on-k8s/advanced-configuration-logstash.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-advanced-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/advanced-configuration-maps-server.md b/deploy-manage/deploy/cloud-on-k8s/advanced-configuration-maps-server.md index 7293fb67b7..70908b4ec4 100644 --- a/deploy-manage/deploy/cloud-on-k8s/advanced-configuration-maps-server.md +++ b/deploy-manage/deploy/cloud-on-k8s/advanced-configuration-maps-server.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-maps-advanced-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md b/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md index 98f7b948e4..5b00e0a176 100644 --- a/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-apm-advanced-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/advanced-elasticsearch-node-scheduling.md b/deploy-manage/deploy/cloud-on-k8s/advanced-elasticsearch-node-scheduling.md index cb9f6f21cd..69964b3de9 100644 --- a/deploy-manage/deploy/cloud-on-k8s/advanced-elasticsearch-node-scheduling.md +++ b/deploy-manage/deploy/cloud-on-k8s/advanced-elasticsearch-node-scheduling.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md b/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md index 0fae72fba5..627e8905b2 100644 --- a/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md +++ b/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_urls: - https://www.elastic.co/guide/en/elastic-stack/current/air-gapped-install.html - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-air-gapped.html diff --git a/deploy-manage/deploy/cloud-on-k8s/apm-server.md b/deploy-manage/deploy/cloud-on-k8s/apm-server.md index 8a9f9144e1..288d73905c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/apm-server.md +++ b/deploy-manage/deploy/cloud-on-k8s/apm-server.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-apm-server.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/beats.md b/deploy-manage/deploy/cloud-on-k8s/beats.md index 25f3de6c50..88685012e1 100644 --- a/deploy-manage/deploy/cloud-on-k8s/beats.md +++ b/deploy-manage/deploy/cloud-on-k8s/beats.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configuration-beats.md b/deploy-manage/deploy/cloud-on-k8s/configuration-beats.md index 5f224a9d22..7c3a6e0353 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configuration-beats.md +++ b/deploy-manage/deploy/cloud-on-k8s/configuration-beats.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configuration-enterprise-search.md b/deploy-manage/deploy/cloud-on-k8s/configuration-enterprise-search.md index 2560affb4e..6a36456a31 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configuration-enterprise-search.md +++ b/deploy-manage/deploy/cloud-on-k8s/configuration-enterprise-search.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-enterprise-search-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configuration-examples-beats.md b/deploy-manage/deploy/cloud-on-k8s/configuration-examples-beats.md index 50da9fa39a..f33e449595 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configuration-examples-beats.md +++ b/deploy-manage/deploy/cloud-on-k8s/configuration-examples-beats.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration-examples.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configuration-examples-fleet.md b/deploy-manage/deploy/cloud-on-k8s/configuration-examples-fleet.md index fab24a105d..e6006af0ef 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configuration-examples-fleet.md +++ b/deploy-manage/deploy/cloud-on-k8s/configuration-examples-fleet.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration-examples.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configuration-examples-logstash.md b/deploy-manage/deploy/cloud-on-k8s/configuration-examples-logstash.md index 1d7ca54ae4..9640071f3c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configuration-examples-logstash.md +++ b/deploy-manage/deploy/cloud-on-k8s/configuration-examples-logstash.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration-examples.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configuration-examples-standalone.md b/deploy-manage/deploy/cloud-on-k8s/configuration-examples-standalone.md index 73f6d7f125..24a0312025 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configuration-examples-standalone.md +++ b/deploy-manage/deploy/cloud-on-k8s/configuration-examples-standalone.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-configuration-examples.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configuration-fleet.md b/deploy-manage/deploy/cloud-on-k8s/configuration-fleet.md index 70a8e35ab7..3e983061c0 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configuration-fleet.md +++ b/deploy-manage/deploy/cloud-on-k8s/configuration-fleet.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configuration-logstash.md b/deploy-manage/deploy/cloud-on-k8s/configuration-logstash.md index 87d1c9f185..eaa6135de0 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configuration-logstash.md +++ b/deploy-manage/deploy/cloud-on-k8s/configuration-logstash.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configuration-standalone.md b/deploy-manage/deploy/cloud-on-k8s/configuration-standalone.md index 0c2516d2c9..f05f3b8bf2 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configuration-standalone.md +++ b/deploy-manage/deploy/cloud-on-k8s/configuration-standalone.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index 7122ba6ada..1314e43f34 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-orchestrating-elastic-stack-applications.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md index 18c796e469..76fcdeaf5b 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-operator-config.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md b/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md index 4389a45d64..5cc680503f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-webhook.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/configure.md b/deploy-manage/deploy/cloud-on-k8s/configure.md index dd31d9655e..98e07243fc 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-operating-eck.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/connect-to-apm-server.md b/deploy-manage/deploy/cloud-on-k8s/connect-to-apm-server.md index a67608d3e2..7bf5287749 100644 --- a/deploy-manage/deploy/cloud-on-k8s/connect-to-apm-server.md +++ b/deploy-manage/deploy/cloud-on-k8s/connect-to-apm-server.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-apm-connecting.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/connect-to-external-elastic-resources.md b/deploy-manage/deploy/cloud-on-k8s/connect-to-external-elastic-resources.md index 4353ef8e6b..9ec084e1fc 100644 --- a/deploy-manage/deploy/cloud-on-k8s/connect-to-external-elastic-resources.md +++ b/deploy-manage/deploy/cloud-on-k8s/connect-to-external-elastic-resources.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-connect-to-unmanaged-resources.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/create-custom-images.md b/deploy-manage/deploy/cloud-on-k8s/create-custom-images.md index 3710c0afbb..9456542f2e 100644 --- a/deploy-manage/deploy/cloud-on-k8s/create-custom-images.md +++ b/deploy-manage/deploy/cloud-on-k8s/create-custom-images.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-custom-images.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md b/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md index 20d08630cb..54a3bccd4a 100644 --- a/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md +++ b/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-bundles-plugins.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/customize-pods.md b/deploy-manage/deploy/cloud-on-k8s/customize-pods.md index 83d489834d..75a300a7ec 100644 --- a/deploy-manage/deploy/cloud-on-k8s/customize-pods.md +++ b/deploy-manage/deploy/cloud-on-k8s/customize-pods.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-customize-pods.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index 2e006f1f87..1917aabd25 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -1,4 +1,8 @@ --- +applies: + eck: all +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html --- @@ -6,7 +10,6 @@ mapped_pages: % Similar to ECE section, write an introduction about the installation methods and include links to the other sections (AIR GAPPED and Configure). % The page has been provided as it already provides a good introduction. - # Deploy an orchestrator [k8s-quickstart] With Elastic Cloud on Kubernetes (ECK) you can extend the basic Kubernetes orchestration capabilities to easily deploy, secure, upgrade your {{es}} cluster, and much more. diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md index b3f6bb82fe..ba9fdbc38f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-autopilot.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md index 7210937227..07947fd3cd 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-openshift.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-elastic-maps-server.md b/deploy-manage/deploy/cloud-on-k8s/deploy-elastic-maps-server.md index 41140b7aa6..96bf3c19ab 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-elastic-maps-server.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-elastic-maps-server.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-maps-es.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md b/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md index 19ec55a2c3..c79f925a2f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-fips.html - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_installation.html diff --git a/deploy-manage/deploy/cloud-on-k8s/elastic-maps-server.md b/deploy-manage/deploy/cloud-on-k8s/elastic-maps-server.md index 7b1e3febed..9cfbfff517 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elastic-maps-server.md +++ b/deploy-manage/deploy/cloud-on-k8s/elastic-maps-server.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-maps.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/elastic-stack-configuration-policies.md b/deploy-manage/deploy/cloud-on-k8s/elastic-stack-configuration-policies.md index d78f90c84b..995f83e135 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elastic-stack-configuration-policies.md +++ b/deploy-manage/deploy/cloud-on-k8s/elastic-stack-configuration-policies.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-config-policy.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md index de7f0dbdb7..a644c6c3e5 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elasticsearch-specification.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md index 241e58734d..3f9c73e53f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-elasticsearch.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/enterprise-search.md b/deploy-manage/deploy/cloud-on-k8s/enterprise-search.md index dcdc004786..c577b0f964 100644 --- a/deploy-manage/deploy/cloud-on-k8s/enterprise-search.md +++ b/deploy-manage/deploy/cloud-on-k8s/enterprise-search.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-enterprise-search.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/fleet-managed-elastic-agent.md b/deploy-manage/deploy/cloud-on-k8s/fleet-managed-elastic-agent.md index ba34d038e2..af36fc1712 100644 --- a/deploy-manage/deploy/cloud-on-k8s/fleet-managed-elastic-agent.md +++ b/deploy-manage/deploy/cloud-on-k8s/fleet-managed-elastic-agent.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/http-configuration.md b/deploy-manage/deploy/cloud-on-k8s/http-configuration.md index ae08bd4ef0..bfec2acffa 100644 --- a/deploy-manage/deploy/cloud-on-k8s/http-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/http-configuration.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-maps-http-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/init-containers-for-plugin-downloads.md b/deploy-manage/deploy/cloud-on-k8s/init-containers-for-plugin-downloads.md index c0fba17fb8..df09d3adf8 100644 --- a/deploy-manage/deploy/cloud-on-k8s/init-containers-for-plugin-downloads.md +++ b/deploy-manage/deploy/cloud-on-k8s/init-containers-for-plugin-downloads.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-init-containers-plugin-downloads.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md index bf79932a50..166ccc34c2 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md index c0fb74b0b5..7031339934 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-yaml-manifests.html - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-eck.html diff --git a/deploy-manage/deploy/cloud-on-k8s/install.md b/deploy-manage/deploy/cloud-on-k8s/install.md index 54412c726c..a90b265d0c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install.md +++ b/deploy-manage/deploy/cloud-on-k8s/install.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-installing-eck.html - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-supported.html diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-agent-beats.md b/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-agent-beats.md index 63dcf74e14..0acfe2cd7f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-agent-beats.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-agent-beats.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-autopilot-deploy-agent-beats.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-elasticsearch.md b/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-elasticsearch.md index 0ca5a527bc..8fb4978aef 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-elasticsearch.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-elasticsearch.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-autopilot-deploy-elasticsearch.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-operator.md b/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-operator.md index 09d1c623bf..8d1acec63f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-operator.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-operator.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-autopilot-deploy-the-operator.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-setting-virtual-memory.md b/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-setting-virtual-memory.md index 153143fa81..afc5482c1e 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-setting-virtual-memory.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-setting-virtual-memory.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-autopilot-setting-virtual-memory.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-advanced-configuration.md b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-advanced-configuration.md index 3aaa779fa5..d05896e096 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-advanced-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-advanced-configuration.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-kibana-advanced-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-es.md b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-es.md index 398a3a38da..3caf76f2fd 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-es.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-es.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-kibana-es.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-http-configuration.md b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-http-configuration.md index 0f54a183df..273faa4918 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-http-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-http-configuration.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-kibana-http-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-plugins.md b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-plugins.md index d3fc7e9765..eaef57d59f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-plugins.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-plugins.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-kibana-plugins.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-secure-settings.md b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-secure-settings.md index cfdcd2854c..89bf674a1b 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-secure-settings.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-secure-settings.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-kibana-secure-settings.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-agent.md b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-agent.md index 1f1f9833b0..f0917853cd 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-agent.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-agent.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-openshift-agent.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-anyuid-workaround.md b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-anyuid-workaround.md index e53a7f6c30..dc93a09615 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-anyuid-workaround.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-anyuid-workaround.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-openshift-anyuid-workaround.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-beats.md b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-beats.md index 25e6be76a2..9d041c5067 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-beats.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-beats.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-openshift-beats.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-elasticsearch.md b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-elasticsearch.md index 85f25ed652..242fe6ec31 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-elasticsearch.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-elasticsearch.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-openshift-deploy-elasticsearch.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-kibana.md b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-kibana.md index ee112a0b31..1175d61275 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-kibana.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-kibana.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-openshift-deploy-kibana.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md index 026c7fdb66..2d8cf5d131 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-openshift-deploy-the-operator.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-istio.md b/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-istio.md index 870171d4ae..d42e99bcb6 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-istio.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-istio.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-service-mesh-istio.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-linkerd.md b/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-linkerd.md index 28fcdabbba..90485cc104 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-linkerd.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-linkerd.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-service-mesh-linkerd.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s_prerequisites.md b/deploy-manage/deploy/cloud-on-k8s/k8s_prerequisites.md index 3521f49c11..638d1f162e 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s_prerequisites.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s_prerequisites.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_prerequisites.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md b/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md index af59b323ae..450a28ce52 100644 --- a/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-kibana.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md index 795f2c115a..71aa17b4d7 100644 --- a/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-kibana.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/known-limitations.md b/deploy-manage/deploy/cloud-on-k8s/known-limitations.md index 0185402de1..f4cc067a15 100644 --- a/deploy-manage/deploy/cloud-on-k8s/known-limitations.md +++ b/deploy-manage/deploy/cloud-on-k8s/known-limitations.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-known-limitations.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/logstash-plugins.md b/deploy-manage/deploy/cloud-on-k8s/logstash-plugins.md index a3736cb6d6..33b0b2005e 100644 --- a/deploy-manage/deploy/cloud-on-k8s/logstash-plugins.md +++ b/deploy-manage/deploy/cloud-on-k8s/logstash-plugins.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-plugins.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/logstash.md b/deploy-manage/deploy/cloud-on-k8s/logstash.md index 3a614827b1..74b078da43 100644 --- a/deploy-manage/deploy/cloud-on-k8s/logstash.md +++ b/deploy-manage/deploy/cloud-on-k8s/logstash.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/manage-compute-resources.md b/deploy-manage/deploy/cloud-on-k8s/manage-compute-resources.md index 544cb4ac27..57dbd0849a 100644 --- a/deploy-manage/deploy/cloud-on-k8s/manage-compute-resources.md +++ b/deploy-manage/deploy/cloud-on-k8s/manage-compute-resources.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-managing-compute-resources.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md index 19c32a12f6..5b893d6967 100644 --- a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md @@ -1,3 +1,7 @@ +--- +applies: + eck: all +--- # Manage deployments % What needs to be done: Write from scratch diff --git a/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md index c7d7688997..73aead675c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-helm-chart.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/map-data.md b/deploy-manage/deploy/cloud-on-k8s/map-data.md index cbff490667..7e22059b35 100644 --- a/deploy-manage/deploy/cloud-on-k8s/map-data.md +++ b/deploy-manage/deploy/cloud-on-k8s/map-data.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-maps-data.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/network-policies.md b/deploy-manage/deploy/cloud-on-k8s/network-policies.md index 0f0bbfdb82..2fd238b0cf 100644 --- a/deploy-manage/deploy/cloud-on-k8s/network-policies.md +++ b/deploy-manage/deploy/cloud-on-k8s/network-policies.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-network-policies.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/node-configuration.md b/deploy-manage/deploy/cloud-on-k8s/node-configuration.md index ece4a79187..68d572bedf 100644 --- a/deploy-manage/deploy/cloud-on-k8s/node-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/node-configuration.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-node-configuration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/nodes-orchestration.md b/deploy-manage/deploy/cloud-on-k8s/nodes-orchestration.md index 87762d3aa6..09333ce9bb 100644 --- a/deploy-manage/deploy/cloud-on-k8s/nodes-orchestration.md +++ b/deploy-manage/deploy/cloud-on-k8s/nodes-orchestration.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-orchestration.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/pod-disruption-budget.md b/deploy-manage/deploy/cloud-on-k8s/pod-disruption-budget.md index 661b5f91f5..f19af44c6c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/pod-disruption-budget.md +++ b/deploy-manage/deploy/cloud-on-k8s/pod-disruption-budget.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-pod-disruption-budget.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/pod-prestop-hook.md b/deploy-manage/deploy/cloud-on-k8s/pod-prestop-hook.md index 0d3223a413..60cb7c4b0b 100644 --- a/deploy-manage/deploy/cloud-on-k8s/pod-prestop-hook.md +++ b/deploy-manage/deploy/cloud-on-k8s/pod-prestop-hook.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-prestop.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/quickstart-beats.md b/deploy-manage/deploy/cloud-on-k8s/quickstart-beats.md index bf98e7c60b..e55d5e6e58 100644 --- a/deploy-manage/deploy/cloud-on-k8s/quickstart-beats.md +++ b/deploy-manage/deploy/cloud-on-k8s/quickstart-beats.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-quickstart.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/quickstart-enterprise-search.md b/deploy-manage/deploy/cloud-on-k8s/quickstart-enterprise-search.md index f22d8ace53..5a1d6b922f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/quickstart-enterprise-search.md +++ b/deploy-manage/deploy/cloud-on-k8s/quickstart-enterprise-search.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-enterprise-search-quickstart.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/quickstart-fleet.md b/deploy-manage/deploy/cloud-on-k8s/quickstart-fleet.md index 809b99ac13..26b4423ee7 100644 --- a/deploy-manage/deploy/cloud-on-k8s/quickstart-fleet.md +++ b/deploy-manage/deploy/cloud-on-k8s/quickstart-fleet.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-quickstart.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/quickstart-logstash.md b/deploy-manage/deploy/cloud-on-k8s/quickstart-logstash.md index 396875ddef..e382b877ff 100644 --- a/deploy-manage/deploy/cloud-on-k8s/quickstart-logstash.md +++ b/deploy-manage/deploy/cloud-on-k8s/quickstart-logstash.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-quickstart.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/quickstart-standalone.md b/deploy-manage/deploy/cloud-on-k8s/quickstart-standalone.md index e2144da968..8ec7c87b75 100644 --- a/deploy-manage/deploy/cloud-on-k8s/quickstart-standalone.md +++ b/deploy-manage/deploy/cloud-on-k8s/quickstart-standalone.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-quickstart.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/readiness-probe.md b/deploy-manage/deploy/cloud-on-k8s/readiness-probe.md index 93454872c4..deeb00a40a 100644 --- a/deploy-manage/deploy/cloud-on-k8s/readiness-probe.md +++ b/deploy-manage/deploy/cloud-on-k8s/readiness-probe.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-readiness.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/recipes.md b/deploy-manage/deploy/cloud-on-k8s/recipes.md index 3fd4028488..6d546cab13 100644 --- a/deploy-manage/deploy/cloud-on-k8s/recipes.md +++ b/deploy-manage/deploy/cloud-on-k8s/recipes.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-recipes.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md b/deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md index 1b5ac483be..79cc20359c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md +++ b/deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-traffic-splitting.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md b/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md index 27bedd92d0..d0f4d27fa4 100644 --- a/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md +++ b/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-eck-permissions.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/restrict-cross-namespace-resource-associations.md b/deploy-manage/deploy/cloud-on-k8s/restrict-cross-namespace-resource-associations.md index 1f279f6f9f..77a91a2b50 100644 --- a/deploy-manage/deploy/cloud-on-k8s/restrict-cross-namespace-resource-associations.md +++ b/deploy-manage/deploy/cloud-on-k8s/restrict-cross-namespace-resource-associations.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-restrict-cross-namespace-associations.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/securing-logstash-api.md b/deploy-manage/deploy/cloud-on-k8s/securing-logstash-api.md index 421346f41f..2de0724b61 100644 --- a/deploy-manage/deploy/cloud-on-k8s/securing-logstash-api.md +++ b/deploy-manage/deploy/cloud-on-k8s/securing-logstash-api.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-securing-api.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/security-context.md b/deploy-manage/deploy/cloud-on-k8s/security-context.md index cc8460d7c1..3abb59085b 100644 --- a/deploy-manage/deploy/cloud-on-k8s/security-context.md +++ b/deploy-manage/deploy/cloud-on-k8s/security-context.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-security-context.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/service-meshes.md b/deploy-manage/deploy/cloud-on-k8s/service-meshes.md index 1c943134ab..4530b8dd38 100644 --- a/deploy-manage/deploy/cloud-on-k8s/service-meshes.md +++ b/deploy-manage/deploy/cloud-on-k8s/service-meshes.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-service-meshes.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/settings-managed-by-eck.md b/deploy-manage/deploy/cloud-on-k8s/settings-managed-by-eck.md index 58b6e22bbc..891aecd7d1 100644 --- a/deploy-manage/deploy/cloud-on-k8s/settings-managed-by-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/settings-managed-by-eck.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-reserved-settings.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/standalone-elastic-agent.md b/deploy-manage/deploy/cloud-on-k8s/standalone-elastic-agent.md index 7f597dec22..dfccd861ef 100644 --- a/deploy-manage/deploy/cloud-on-k8s/standalone-elastic-agent.md +++ b/deploy-manage/deploy/cloud-on-k8s/standalone-elastic-agent.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/storage-recommendations.md b/deploy-manage/deploy/cloud-on-k8s/storage-recommendations.md index 0505593e02..2a3f64f979 100644 --- a/deploy-manage/deploy/cloud-on-k8s/storage-recommendations.md +++ b/deploy-manage/deploy/cloud-on-k8s/storage-recommendations.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-storage-recommendations.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/tls-certificates.md b/deploy-manage/deploy/cloud-on-k8s/tls-certificates.md index 536ae2bd39..441b1bdc3a 100644 --- a/deploy-manage/deploy/cloud-on-k8s/tls-certificates.md +++ b/deploy-manage/deploy/cloud-on-k8s/tls-certificates.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-tls-certificates.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/transport-settings.md b/deploy-manage/deploy/cloud-on-k8s/transport-settings.md index e8ffe945c4..b9fa8dd5ec 100644 --- a/deploy-manage/deploy/cloud-on-k8s/transport-settings.md +++ b/deploy-manage/deploy/cloud-on-k8s/transport-settings.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-transport-settings.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/troubleshooting-beats.md b/deploy-manage/deploy/cloud-on-k8s/troubleshooting-beats.md index df5a2f81aa..b395f520e1 100644 --- a/deploy-manage/deploy/cloud-on-k8s/troubleshooting-beats.md +++ b/deploy-manage/deploy/cloud-on-k8s/troubleshooting-beats.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-troubleshooting.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/troubleshooting-enterprise-search.md b/deploy-manage/deploy/cloud-on-k8s/troubleshooting-enterprise-search.md index 3ee5f71707..ed942edd32 100644 --- a/deploy-manage/deploy/cloud-on-k8s/troubleshooting-enterprise-search.md +++ b/deploy-manage/deploy/cloud-on-k8s/troubleshooting-enterprise-search.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-enterprise-search-troubleshoot.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/update-deployments.md b/deploy-manage/deploy/cloud-on-k8s/update-deployments.md index a0f05f43e9..a7f5a7ae4d 100644 --- a/deploy-manage/deploy/cloud-on-k8s/update-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/update-deployments.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-update-deployment.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/update-strategy-logstash.md b/deploy-manage/deploy/cloud-on-k8s/update-strategy-logstash.md index 574908c0dd..6a93577feb 100644 --- a/deploy-manage/deploy/cloud-on-k8s/update-strategy-logstash.md +++ b/deploy-manage/deploy/cloud-on-k8s/update-strategy-logstash.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-update-strategy.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/update-strategy.md b/deploy-manage/deploy/cloud-on-k8s/update-strategy.md index decd1f262e..09d1c393f2 100644 --- a/deploy-manage/deploy/cloud-on-k8s/update-strategy.md +++ b/deploy-manage/deploy/cloud-on-k8s/update-strategy.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-update-strategy.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/use-an-elasticsearch-cluster-managed-by-eck.md b/deploy-manage/deploy/cloud-on-k8s/use-an-elasticsearch-cluster-managed-by-eck.md index 5e58ab05ec..bec68b1207 100644 --- a/deploy-manage/deploy/cloud-on-k8s/use-an-elasticsearch-cluster-managed-by-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/use-an-elasticsearch-cluster-managed-by-eck.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-apm-eck-managed-es.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/virtual-memory.md b/deploy-manage/deploy/cloud-on-k8s/virtual-memory.md index 52ebf84dbc..b8b11dffb8 100644 --- a/deploy-manage/deploy/cloud-on-k8s/virtual-memory.md +++ b/deploy-manage/deploy/cloud-on-k8s/virtual-memory.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/volume-claim-templates.md b/deploy-manage/deploy/cloud-on-k8s/volume-claim-templates.md index 0b713c23dc..fa18192283 100644 --- a/deploy-manage/deploy/cloud-on-k8s/volume-claim-templates.md +++ b/deploy-manage/deploy/cloud-on-k8s/volume-claim-templates.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html --- diff --git a/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md b/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md index 41e052ff26..f40566429f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md +++ b/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-webhook-namespace-selectors.html --- diff --git a/deploy-manage/license/manage-your-license-in-eck.md b/deploy-manage/license/manage-your-license-in-eck.md index 5029487c32..a3f60493de 100644 --- a/deploy-manage/license/manage-your-license-in-eck.md +++ b/deploy-manage/license/manage-your-license-in-eck.md @@ -1,4 +1,6 @@ --- +applies: + eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-licensing.html --- From a26348f14c98a16b7cda3f58460b00e2079f6b3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sat, 8 Feb 2025 21:45:13 +0100 Subject: [PATCH 03/70] eck landing page completed with pending items --- deploy-manage/deploy/cloud-on-k8s.md | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index 81c6f6562c..3355fd39ac 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -24,6 +24,7 @@ mapped_urls: # Elastic Cloud on Kubernetes [k8s-overview] +% TBD: choose ::::{important} ECK is an Elastic self-managed product offered in two licensing tiers: Basic and Enterprise. For more details refer to [Elastic subscriptions](https://www.elastic.co/subscriptions) and [](/deploy-manage/license/manage-your-license-in-eck.md) documentation. :::: @@ -44,10 +45,11 @@ With Elastic Cloud on Kubernetes you can streamline critical operations, such as 4. Securing clusters with TLS certificates 5. Setting up hot-warm-cold architectures with availability zone awareness +% TBD: choose On this section you will learn how to: This sections offers everything you need to know about: -- [](./cloud-on-k8s/deploy-an-orchestrator.md): ECK installation methods +- [](./cloud-on-k8s/deploy-an-orchestrator.md): ECK installation methods and configuration details. - [](./cloud-on-k8s/manage-deployments.md): Install and configure {{es}} clusters and {{kib}} instances through ECK. - [](./cloud-on-k8s/orchestrate-other-elastic-applications.md): Install and configure APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. - [](./cloud-on-k8s/tools-apis.md): Collection of tools and APIs available in ECK based environments. @@ -75,6 +77,8 @@ Elastic Stack application images for the OpenShift-certified Elasticsearch (ECK) Check the full [Elastic support matrix](https://www.elastic.co/support/matrix#matrix_kubernetes) for more information. +% TBD: discuss if these make sense here + ## Learn more about ECK [k8s_learn_more_about_eck] * [Orchestrate Elasticsearch on Kubernetes](https://www.elastic.co/elasticsearch-kubernetes) @@ -82,10 +86,11 @@ Check the full [Elastic support matrix](https://www.elastic.co/support/matrix#ma * [Getting Started With Elastic Cloud on Kubernetes (ECK)](https://www.youtube.com/watch?v=PIJmlYBIFXM) * [Running the Elastic Stack on Kubernetes with ECK](https://www.youtube.com/watch?v=Wf6E3vkvEFM) +% TBD: discuss where to put this "ask for help info" ## Ask for help [k8s-ask-for-help] -If you are an existing Elastic customer with an active support contract, you can create a case in the [Elastic Support Portal](https://support.elastic.co/). Kindly attach an [ECK diagnostic](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) when opening your case. +If you are an existing Elastic customer with an active support contract, you can create a case in the [Elastic Support Portal](https://support.elastic.co/). Kindly attach an [ECK diagnostic](/troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) when opening your case. Alternatively, or if you do not have a support contract, and if you are unable to find a solution to your problem with the information provided in these documents, ask for help: @@ -95,12 +100,12 @@ Alternatively, or if you do not have a support contract, and if you are unable t % to consider in either deploy or manage deployment sections ## Advanced topics [k8s-advanced-topics] -* [*Deploy ECK on OpenShift*](../../../deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md) -* [*Deploy ECK on GKE Autopilot*](../../../deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md) -* [*Create custom images*](../../../deploy-manage/deploy/cloud-on-k8s/create-custom-images.md) -* [*Service meshes*](../../../deploy-manage/deploy/cloud-on-k8s/service-meshes.md) -* [*Traffic Splitting*](../../../deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md) -* [*Network policies*](../../../deploy-manage/deploy/cloud-on-k8s/network-policies.md) -* [*Webhook namespace selectors*](../../../deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md) -* [*Stack Monitoring*](../../../deploy-manage/monitor/stack-monitoring/eck-stack-monitoring.md) -* [*Deploy a FIPS compatible version of ECK*](../../../deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md) +* [*Deploy ECK on OpenShift*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md) +* [*Deploy ECK on GKE Autopilot*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md) +* [*Create custom images*](/deploy-manage/deploy/cloud-on-k8s/create-custom-images.md) +* [*Service meshes*](/deploy-manage/deploy/cloud-on-k8s/service-meshes.md) +* [*Traffic Splitting*](/deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md) +* [*Network policies*](/deploy-manage/deploy/cloud-on-k8s/network-policies.md) +* [*Webhook namespace selectors*](/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md) +* [*Stack Monitoring*](/deploy-manage/monitor/stack-monitoring/eck-stack-monitoring.md) +* [*Deploy a FIPS compatible version of ECK*](/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md) From a45ecdfc7fcaeff10da638227d2936ec7778d8e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sat, 8 Feb 2025 22:36:01 +0100 Subject: [PATCH 04/70] eck install WIP --- .../cloud-on-k8s/deploy-an-orchestrator.md | 21 +++-- .../install-using-yaml-manifest-quickstart.md | 77 ++++++++++++++++++- deploy-manage/deploy/cloud-on-k8s/install.md | 24 +++++- 3 files changed, 114 insertions(+), 8 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index 1917aabd25..1263d64f01 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -12,14 +12,25 @@ mapped_pages: # Deploy an orchestrator [k8s-quickstart] -With Elastic Cloud on Kubernetes (ECK) you can extend the basic Kubernetes orchestration capabilities to easily deploy, secure, upgrade your {{es}} cluster, and much more. +With Elastic Cloud on Kubernetes (ECK) you can extend the basic Kubernetes orchestration capabilities to easily deploy, secure, upgrade your {{es}} cluster, along with other Elastic applications. -Eager to get started? This quickstart guide shows you how to: +This section provides step-by-step guidance on: -* [Deploy ECK in your Kubernetes cluster](install-using-yaml-manifest-quickstart.md) +- [**Installing the ECK Operator**](./install.md) → Learn different installation methods, including Helm and YAML manifests. +- [**Deploying in air-gapped environments**](./air-gapped-install.md) → Follow best practices for installing and operating ECK in restricted networks. +- [**Configuring ECK**](./configure.md) → Understand the available configuration options to optimize your ECK deployment. + +::::{tip} +If you're looking to deploy {{es}}, {{kib}}, or other Elastic applications using ECK, refer to [](./manage-deployments.md). +:::: + +## Looking for a quickstart? + +If you want to get started quickly, follow these guides to deploy ECK and set up an {{es}} cluster: + +* [Install ECK using the YAML manifests](install-using-yaml-manifest-quickstart.md) * [Deploy an {{es}} cluster](elasticsearch-deployment-quickstart.md) * [Deploy a {{kib}} instance](kibana-instance-quickstart.md) * [Update your deployment](update-deployments.md) -Afterwards, you can find further sample resources [in the project repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/config/samples) or by checking out [our recipes](recipes.md). - +Afterwards, you can find further sample resources [in the project repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/config/samples) or by checking out [our recipes](recipes.md). \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md index 7031339934..211c08d111 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md @@ -17,4 +17,79 @@ mapped_urls: % Use migrated content from existing pages that map to this page: % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-install-yaml-manifests.md -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-deploy-eck.md \ No newline at end of file +% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-deploy-eck.md + +# Install ECK using the YAML manifests [k8s-install-yaml-manifests] + +This method is the quickest way to get started with ECK if you have full administrative access to the Kubernetes cluster. + +During the installation, the following components are installed or updated: + +* `CustomResourceDefinition` objects for all supported resource types (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash). +* `Namespace` named `elastic-system` to hold all operator resources. +* `ServiceAccount`, `ClusterRole` and `ClusterRoleBinding` to allow the operator to manage resources throughout the cluster. +* `ValidatingWebhookConfiguration` to validate Elastic custom resources on admission. +* `StatefulSet`, `ConfigMap`, `Secret` and `Service` in `elastic-system` namespace to run the operator application. + +## Prerequisites and considerations + +Before you begin, review the following prerequisites and recommendations: + +* For this quickstart guide, your Kubernetes cluster is assumed to be already up and running. Before you proceed with the ECK installation, make sure you check the [supported versions](/deploy-manage/deploy/cloud-on-k8s.md#k8s-supported). + +* If you are using GKE, make sure your user has `cluster-admin` permissions. For more information, check [Prerequisites for using Kubernetes RBAC on GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#iam-rolebinding-bootstrap). + +* If you are using Amazon EKS, make sure the Kubernetes control plane is allowed to communicate with the Kubernetes nodes on port 443. This is required for communication with the Validating Webhook. For more information, check [Recommended inbound traffic](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.md). + +* Refer to [*Install ECK*](../../../deploy-manage/deploy/cloud-on-k8s/install.md) for more information on installation options. + +* Check the [upgrade notes](../../../deploy-manage/upgrade/orchestrator/upgrade-cloud-on-k8s.md) if you are attempting to upgrade an existing ECK deployment. + +## Installation procedure + +To deploy the ECK operator: + +1. Install [custom resource definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) with [`create`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/): + + ```sh + kubectl create -f https://download.elastic.co/downloads/eck/{{eck_version}}/crds.yaml + ``` + + This will output similar to the following upon Elastic resources' creation: + + ```sh + customresourcedefinition.apiextensions.k8s.io/agents.agent.k8s.elastic.co created + customresourcedefinition.apiextensions.k8s.io/apmservers.apm.k8s.elastic.co created + customresourcedefinition.apiextensions.k8s.io/beats.beat.k8s.elastic.co created + customresourcedefinition.apiextensions.k8s.io/elasticmapsservers.maps.k8s.elastic.co created + customresourcedefinition.apiextensions.k8s.io/elasticsearches.elasticsearch.k8s.elastic.co created + customresourcedefinition.apiextensions.k8s.io/enterprisesearches.enterprisesearch.k8s.elastic.co created + customresourcedefinition.apiextensions.k8s.io/kibanas.kibana.k8s.elastic.co created + customresourcedefinition.apiextensions.k8s.io/logstashes.logstash.k8s.elastic.co created + ``` + +2. Install the operator with its RBAC rules with [`apply`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_apply/): + + ```sh + kubectl apply -f https://download.elastic.co/downloads/eck/{{eck_version}}/operator.yaml + ``` + + ::::{note} + The ECK operator runs by default in the `elastic-system` namespace. It is recommended that you choose a dedicated namespace for your workloads, rather than using the `elastic-system` or the `default` namespace. + :::: + +3. Monitor the operator’s setup from its logs through [`logs`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_logs/): + + ```sh + kubectl -n elastic-system logs -f statefulset.apps/elastic-operator + ``` + +4. Once ready, the operator will report as `Running` as shown with [`get`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_get/), replacing default `elastic-system` with applicable installation namespace as needed: * + +``` +$ kubectl get -n elastic-system pods +NAME READY STATUS RESTARTS AGE +elastic-operator-0 1/1 Running 0 1m +``` + +This completes the quickstart of the ECK operator. We recommend continuing to [Deploying an {{es}} cluster](../../../deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md); but for more configuration options as needed, navigate to [Operating ECK](../../../deploy-manage/deploy/cloud-on-k8s/configure.md). diff --git a/deploy-manage/deploy/cloud-on-k8s/install.md b/deploy-manage/deploy/cloud-on-k8s/install.md index a90b265d0c..2b3137eee6 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install.md +++ b/deploy-manage/deploy/cloud-on-k8s/install.md @@ -6,7 +6,7 @@ mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-supported.html --- -# Install +# Install ECK [k8s-installing-eck] % What needs to be done: Lift-and-shift @@ -15,4 +15,24 @@ mapped_urls: % Use migrated content from existing pages that map to this page: % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-installing-eck.md -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-supported.md \ No newline at end of file + +% TBD: supported versions here or in the intro?? + +% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-supported.md + +Elastic Cloud on Kubernetes (ECK) is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) to orchestrate Elastic applications (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) on Kubernetes. It relies on a set of [Custom Resource Definitions (CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) to declaratively define the way each application is deployed. CRDs are global resources shared by all users of the Kubernetes cluster, which requires [certain permissions](../../../deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md#k8s-eck-permissions-installing-crds) to install them for initial use. The operator itself can be installed as a cluster-scoped application managing all namespaces or it can be restricted to a pre-defined set of namespaces. Multiple copies of the operator can be installed on a single Kubernetes cluster provided that the global CRDs are compatible with each instance and optional cluster-scoped extensions such as the [validating webhook](../../../deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md) are disabled. + +::::{warning} +Deleting CRDs will trigger deletion of all custom resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) in all namespaces of the cluster, regardless of whether they are managed by a single operator or multiple operators. +:::: + +* [Install ECK using the YAML manifests](../../../deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md) +* [Install ECK using the Helm chart](../../../deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md) + +ECK supports the following installation methods: +- [](./install-using-helm-chart.md) +- [](./install-using-yaml-manifest-quickstart.md) +- [](./deploy-eck-on-openshift.md) +- [](./deploy-eck-on-gke-autopilot.md) +- [](./deploy-fips-compatible-version-of-eck.md) +- [](./air-gapped-install.md) \ No newline at end of file From eb0561fc1491cb47cff5694b7b81e207dfcb60b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sat, 8 Feb 2025 22:37:20 +0100 Subject: [PATCH 05/70] eck_version substitution used --- deploy-manage/deploy/cloud-on-k8s/configure-eck.md | 2 +- .../deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md | 4 ++-- deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-istio.md | 4 ++-- deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-linkerd.md | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md index 76fcdeaf5b..18de903951 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md @@ -129,7 +129,7 @@ If you use [Operator Lifecycle Manager (OLM)](https://github.com/operator-framew name: elastic-cloud-eck source: elastic-operators sourceNamespace: openshift-marketplace - startingCSV: elastic-cloud-eck.v2.16.1 + startingCSV: elastic-cloud-eck.v{{eck_version}} config: volumes: - name: config diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md index 2d8cf5d131..12b25c4a13 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md @@ -10,8 +10,8 @@ mapped_pages: 1. Apply the all-in-one template, as described in the [quickstart](deploy-an-orchestrator.md). ```shell - oc create -f https://download.elastic.co/downloads/eck/2.16.1/crds.yaml - oc apply -f https://download.elastic.co/downloads/eck/2.16.1/operator.yaml + oc create -f https://download.elastic.co/downloads/eck/{{eck_version}}/crds.yaml + oc apply -f https://download.elastic.co/downloads/eck/{{eck_version}}/operator.yaml ``` 2. [Optional] If the Software Defined Network is configured with the `ovs-multitenant` plug-in, you must allow the `elastic-system` namespace to access other Pods and Services in the cluster: diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-istio.md b/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-istio.md index d42e99bcb6..651322de62 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-istio.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-istio.md @@ -35,8 +35,8 @@ The operator itself must be connected to the service mesh to deploy and manage E 2. Install ECK: ```sh - kubectl create -f https://download.elastic.co/downloads/eck/2.16.1/crds.yaml - kubectl apply -f https://download.elastic.co/downloads/eck/2.16.1/operator.yaml + kubectl create -f https://download.elastic.co/downloads/eck/{{eck_version}}/crds.yaml + kubectl apply -f https://download.elastic.co/downloads/eck/{{eck_version}}/operator.yaml ``` 3. Check the configuration and make sure the installation has been successful: diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-linkerd.md b/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-linkerd.md index 90485cc104..2349d0dc3d 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-linkerd.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-linkerd.md @@ -19,8 +19,8 @@ These instructions have been tested with Linkerd 2.7.0. In order to connect the operator to the service mesh, Linkerd sidecar must be injected into the ECK deployment. This can be done during installation as follows: ```sh -kubectl create -f https://download.elastic.co/downloads/eck/2.16.1/crds.yaml -linkerd inject https://download.elastic.co/downloads/eck/2.16.1/operator.yaml | kubectl apply -f - +kubectl create -f https://download.elastic.co/downloads/eck/{{eck_version}}/crds.yaml +linkerd inject https://download.elastic.co/downloads/eck/{{eck_version}}/operator.yaml | kubectl apply -f - ``` Confirm that the operator is now meshed: From 022631fc7361709d7f720cf3ec3305c8a8d60b01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sat, 8 Feb 2025 23:38:29 +0100 Subject: [PATCH 06/70] install finished, air gapped in progress --- deploy-manage/deploy/cloud-on-k8s.md | 1 + .../deploy/cloud-on-k8s/air-gapped-install.md | 131 ++++++++++++++++++ .../deploy-fips-compatible-version-of-eck.md | 41 +++++- .../cloud-on-k8s/install-using-helm-chart.md | 7 - .../install-using-yaml-manifest-quickstart.md | 7 +- deploy-manage/deploy/cloud-on-k8s/install.md | 22 +-- .../k8s-autopilot-deploy-operator.md | 3 +- .../cloud-on-k8s/k8s-air-gapped.md | 65 --------- .../cloud-on-k8s/k8s-deploy-eck.md | 57 -------- .../cloud-on-k8s/cloud-on-k8s/k8s-fips.md | 10 -- .../k8s-install-yaml-manifests.md | 10 -- .../cloud-on-k8s/k8s_installation.md | 33 ----- raw-migrated-files/toc.yml | 5 - 13 files changed, 189 insertions(+), 203 deletions(-) delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-air-gapped.md delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-deploy-eck.md delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-fips.md delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-install-yaml-manifests.md delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_installation.md diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index 3355fd39ac..c9f9089f67 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -16,6 +16,7 @@ mapped_urls: % Use migrated content from existing pages that map to this page: +% deleted all of them % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-overview.md % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-advanced-topics.md % Notes: redirect only diff --git a/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md b/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md index 627e8905b2..422dc0f5d4 100644 --- a/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md +++ b/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md @@ -17,6 +17,8 @@ mapped_urls: % Use migrated content from existing pages that map to this page: % - [ ] ./raw-migrated-files/stack-docs/elastic-stack/air-gapped-install.md + +% already removed % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-air-gapped.md % Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc): @@ -26,3 +28,132 @@ $$$air-gapped-install$$$ $$$k8s-container-registry-override$$$ $$$k8s-eck-diag-air-gapped$$$ + +% There are two concepts and areas to explore here: +% ECK installation on air-gapped. This has no complexity as it's all a matter of docker registry and docker images. +% Managing deployments on an ECK running on air-gapped is something not really covered in the official ECK book and partly covered in stack-docs + +% In this doc we will focus on ECK operator installation in air gapped environments, and we will link to Manage Deployments -> Air gapped (doesn't exist yet) for the content and examples about the rest. + +% from fleet air-gapped +% Kibana is able to reach the Elastic Package Registry to download package metadata and content. +% Elastic Agents are able to download binaries during upgrades from the Elastic Artifact Registry. + +% what about Elasticsearch requirements for example for GeoIP database, etc? + +Pending to determine what to do with this: +* Syncing container images for ECK and all other {{stack}} components over to a locally-accessible container repository. +* Modifying the ECK helm chart configuration so that ECK is aware that it is supposed to use your offline container repository instead of the public Elastic repository. +* Optionally, disabling ECK telemetry collection in the ECK helm chart. This configuration propagates to all other Elastic components, such as {{kib}}. +* Building your custom deployment container image for the {{artifact-registry}}. +* Building your custom deployment container image for the Elastic Endpoint Artifact Repository. + +# Running in air-gapped environments [k8s-air-gapped] + +The ECK operator can be run in an air-gapped environment without access to the open internet when it is configured not to pull container images from `docker.elastic.co`. + +By default ECK does not require you to specify the container image for each Elastic Stack application you deploy. + +```yaml +apiVersion: elasticsearch.k8s.elastic.co/v1 +kind: Elasticsearch +metadata: + name: quickstart +spec: + version: 8.16.1 + # image: docker.elastic.co/elasticsearch/elasticsearch:8.16.1 <1> + nodeSets: + - name: default + count: 1 + # podTemplate: + # spec: + # imagePullSecrets: <2> + # - name: private-registry-credentials-secret +``` + +1. The ECK operator will set this value by default. You can explicitly set it to your mirrored container image when running in an air-gapped environment +2. You can provide credentials to your private container registry by setting the `imagePullSecrets` field through the `spec.podTemplate` section of your Elastic resource specification, check [how to customize the Elastic resources Pods](../../../deploy-manage/deploy/cloud-on-k8s/customize-pods.md) and [how to setup a Secret containing your registry credentials](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). + + +ECK will automatically set the correct container image for each application. When running in an air-gapped or offline environment you will have to mirror the official Elastic container images in a private container image registry. To make use of your mirrored images you can either set the image for each application explicitly as shown in the preceding example or more conveniently override the default container registry as explained in the next section. + + +## Use a mirrored image of the ECK operator [k8s-use-mirrored-operator-image] + +To deploy the ECK operator in an air-gapped environment, you first have to mirror the operator image itself from `docker.elastic.co` to a private container registry, for example `my.registry`. + +Once the ECK operator image is copied internally, replace the original image name `docker.elastic.co/eck/eck-operator:2.16.1` with the private name of the image, for example `my.registry/eck/eck-operator:2.16.1`, in the [operator manifests](../../../deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md). When using [Helm charts](../../../deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md), replace the `image.repository` Helm value with, for example, `my.registry/eck/eck-operator`. + + +## Override the default container registry [k8s-container-registry-override] + +When creating custom resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash), the operator defaults to using container images pulled from the `docker.elastic.co` registry. If you are in an environment where external network access is restricted, you can configure the operator to use a different default container registry by starting the operator with the `--container-registry` command-line flag. Check [*Configure ECK*](../../../deploy-manage/deploy/cloud-on-k8s/configure-eck.md) for more information on how to configure the operator using command-line flags and environment variables. + +The operator expects container images to be located at specific repositories in the default container registry. Make sure that your container images are stored in the right repositories and are tagged correctly with the Stack version number. For example, if your private registry is `my.registry` and you wish to deploy components from Stack version 8.16.1, the following image names should exist: + +* `my.registry/elasticsearch/elasticsearch:8.16.1` +* `my.registry/kibana/kibana:8.16.1` +* `my.registry/apm/apm-server:8.16.1` + + +## Use a global container repository [k8s-container-repository-override] + +If you cannot follow the default Elastic image repositories naming scheme, you can configure the operator to use a different container repository by starting the operator with the `--container-repository` command-line flag. Check [*Configure ECK*](../../../deploy-manage/deploy/cloud-on-k8s/configure-eck.md) for more information on how to configure the operator using command-line flags and environment variables. + +For example, if your private registry is `my.registry` and all Elastic images are located under the `elastic` repository, the following image names should exist: + +* `my.registry/elastic/elasticsearch:8.16.1` +* `my.registry/elastic/kibana:8.16.1` +* `my.registry/elastic/apm-server:8.16.1` + + +## ECK Diagnostics in air-gapped environments [k8s-eck-diag-air-gapped] + +The [eck-diagnostics tool](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) optionally runs diagnostics for Elastic Stack applications in a separate container that is deployed into the Kubernetes cluster. + +In air-gapped environments with no access to the `docker.elastic.co` registry, you should copy the latest support-diagnostics container image to your internal image registry and then run the tool with the additional flag `--diagnostic-image `. To find out which support diagnostics container image matches your version of eck-diagnostics run the tool once without arguments and it will print the default image in use. + + +% FROM THE OTHER CONTENT (ELASTIC-STACK): + +### 2. Kubernetes & OpenShift Install [air-gapped-kubernetes-and-openshift] + +Setting up air-gapped Kubernetes or OpenShift installs of the {{stack}} has some unique concerns, but the general dependencies are the same as in the self-managed install case on a regular Linux machine. + + +#### 2.1. Elastic Kubernetes Operator (ECK) [air-gapped-k8s-os-elastic-kubernetes-operator] + +The Elastic Kubernetes operator is an additional component in the Kubernetes OpenShift install that, essentially, does a lot of the work in installing, configuring, and updating deployments of the {{stack}}. For details, refer to the [{{eck}} install instructions](../../../deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md). + +The main requirements are: + +* Syncing container images for ECK and all other {{stack}} components over to a locally-accessible container repository. +* Modifying the ECK helm chart configuration so that ECK is aware that it is supposed to use your offline container repository instead of the public Elastic repository. +* Optionally, disabling ECK telemetry collection in the ECK helm chart. This configuration propagates to all other Elastic components, such as {{kib}}. +* Building your custom deployment container image for the {{artifact-registry}}. +* Building your custom deployment container image for the Elastic Endpoint Artifact Repository. + + +#### 2.2. Elastic Package Registry [air-gapped-k8s-os-elastic-package-registry] + +The container image can be downloaded from the official Elastic Docker repository, as described in the {{fleet}} and {{elastic-agent}} [air-gapped environments](https://www.elastic.co/guide/en/fleet/current/air-gapped.html) documentation. + +This container would, ideally, run as a Kubernetes deployment. Refer to [Appendix C - EPR Kubernetes Deployment](../../../deploy-manage/deploy/self-managed/air-gapped-install.md#air-gapped-epr-kubernetes-example) for examples. + + +#### 2.3. {{artifact-registry}} [air-gapped-k8s-os-elastic-artifact-registry] + +A custom container would need to be created following similar instructions to setting up a web server in the [self-managed install case](../../../deploy-manage/deploy/self-managed/air-gapped-install.md#air-gapped-elastic-artifact-registry). For example, a container file using an NGINX base image could be used to run a build similar to the example described in [Appendix B - {{artifact-registry}}](../../../deploy-manage/deploy/self-managed/air-gapped-install.md#air-gapped-elastic-artifact-registry-example). + + +#### 2.4. Elastic Endpoint Artifact Repository [air-gapped-k8s-os-elastic-endpoint-artifact-repository] + +Just like the {{artifact-registry}}. A custom container needs to be created following similar instructions to setting up a web server for the [self-managed install case](../../../deploy-manage/deploy/self-managed/air-gapped-install.md#air-gapped-elastic-artifact-registry). + + +#### 2.5. Ironbank Secure Images for Elastic [air-gapped-k8s-os-ironbank-secure-images] + +Besides the public [Elastic container repository](https://www.docker.elastic.co), most {{stack}} container images are also available in Platform One’s [Iron Bank](https://ironbank.dso.mil/repomap?vendorFilters=Elastic&page=1&sort=1). + + + diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md b/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md index c79f925a2f..86b9451c4d 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md @@ -16,5 +16,44 @@ mapped_urls: % Use migrated content from existing pages that map to this page: +% removed both % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-fips.md -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_installation.md \ No newline at end of file +% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_installation.md + +# Deploy a FIPS compatible version of ECK [k8s-fips] + +The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2), titled "Security Requirements for Cryptographic Modules" is a U.S. government computer security standard used to approve cryptographic modules. Since version 2.6 ECK offers a FIPS-enabled image that is a drop-in replacement for the standard image. + +For the ECK operator, adherence to FIPS 140-2 is ensured by: + +* Using FIPS approved / NIST recommended cryptographic algorithms. +* Compiling the operator using the [BoringCrypto](https://github.com/golang/go/blob/dev.boringcrypto/README.boringcrypto.md) library for various cryptographic primitives. + +## FIPS compliant installation using Helm [k8s_fips_compliant_installation_using_helm] + +Set `image.fips=true` to install a FIPS-enabled version of the ECK Operator. Refer to [Install ECK using the Helm chart](../../../deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md) for full Helm installation instructions. + +```sh +helm install elastic-operator elastic/eck-operator \ + -n elastic-system --create-namespace \ + --set=image.fips=true +``` + +## FIPS compliant installation using manifests [k8s_fips_compliant_installation_using_manifests] + +The `StatefulSet` definition within the yaml installation manifest will need to be patched prior to installation to append `-fips` to the `spec.template.spec.containers[*].image` to install a FIPS-enabled version of the ECK Operator. Refer to [Install ECK using the YAML manifests](../../../deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md) for full manifest installation instructions. + +::::{note} +`${ECK_VERSION}` in the following command needs to be replaced with the version of the Operator that is to be installed. +:::: + +```sh +curl -s https://download.elastic.co/downloads/eck/${ECK_VERSION}/operator.yaml | sed -r 's#(image:.*eck-operator)(:.*)#\1-fips\2#' | kubectl apply -f - +``` + +If the Operator has already been installed using the manifests, the installation can be patched instead: + +```sh +kubectl patch sts elastic-operator -n elastic-system -p '{"spec":{"template":{"spec":{"containers":[{"name":"manager", "image":"docker.elastic.co/eck/eck-operator-fips:${ECK_VERSION}"}]}}}}' +``` + diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md index 166ccc34c2..c3f7e61c18 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md @@ -19,7 +19,6 @@ The minimum supported version of Helm is 3.2.0. :::: - ## Cluster-wide (global) installation [k8s-install-helm-global] This is the default mode of installation and is equivalent to [installing ECK using the stand-alone YAML manifests](install-using-yaml-manifest-quickstart.md). @@ -28,7 +27,6 @@ This is the default mode of installation and is equivalent to [installing ECK us helm install elastic-operator elastic/eck-operator -n elastic-system --create-namespace ``` - ## Restricted installation [k8s-install-helm-restricted] This mode avoids installing any cluster-scoped resources and restricts the operator to manage only a set of pre-defined namespaces. @@ -63,8 +61,6 @@ You can find the profile files in the Helm cache directory or from the [ECK sour :::: - - ## View available configuration options [k8s-install-helm-show-values] You can view all configurable values by running the following: @@ -73,21 +69,18 @@ You can view all configurable values by running the following: helm show values elastic/eck-operator ``` - ## Migrate an existing installation to Helm [k8s-migrate-to-helm] ::::{warning} Migrating an existing installation to Helm is essentially an upgrade operation and any [caveats associated with normal operator upgrades](../../upgrade/orchestrator/upgrade-cloud-on-k8s.md#k8s-beta-to-ga-rolling-restart) are applicable. Check the [upgrade documentation](../../upgrade/orchestrator/upgrade-cloud-on-k8s.md#k8s-ga-upgrade) before proceeding. :::: - You can migrate an existing operator installation to Helm by adding the `meta.helm.sh/release-name`, `meta.helm.sh/release-namespace` annotations and the `app.kubernetes.io/managed-by` label to all the resources you want to be adopted by Helm. You *must* do this for the Elastic Custom Resource Definitions (CRD) because deleting them would trigger the deletion of all deployed Elastic applications as well. All other resources are optional and can be deleted. ::::{note} A shell script is available in the [ECK source repository](https://github.com/elastic/cloud-on-k8s/blob/2.16/deploy/helm-migrate.sh) to demonstrate how to migrate from version 1.7.1 to Helm. You can modify it to suit your own environment. :::: - For example, an ECK 1.2.1 installation deployed using the [quickstart guide](https://www.elastic.co/guide/en/cloud-on-k8s/1.2/k8s-quickstart.html) can be migrated to Helm as follows: 1. Annotate and label all the ECK CRDs with the appropriate Helm annotations and labels. CRDs need to be preserved to retain any existing Elastic applications deployed using the operator. diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md index 211c08d111..e219bd2650 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md @@ -6,7 +6,7 @@ mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-eck.html --- -# Install using YAML manifest (quickstart) +# Install ECK using the YAML manifests [k8s-install-yaml-manifests] % What needs to be done: Refine @@ -16,11 +16,10 @@ mapped_urls: % Use migrated content from existing pages that map to this page: +% removed both % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-install-yaml-manifests.md % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-deploy-eck.md -# Install ECK using the YAML manifests [k8s-install-yaml-manifests] - This method is the quickest way to get started with ECK if you have full administrative access to the Kubernetes cluster. During the installation, the following components are installed or updated: @@ -75,7 +74,7 @@ To deploy the ECK operator: ``` ::::{note} - The ECK operator runs by default in the `elastic-system` namespace. It is recommended that you choose a dedicated namespace for your workloads, rather than using the `elastic-system` or the `default` namespace. + The ECK operator runs by default in the `elastic-system` namespace. It is recommended that you choose a dedicated namespace for your workloads (such as Elasticsearch and Kibana), rather than using the `elastic-system` or the `default` namespace. :::: 3. Monitor the operator’s setup from its logs through [`logs`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_logs/): diff --git a/deploy-manage/deploy/cloud-on-k8s/install.md b/deploy-manage/deploy/cloud-on-k8s/install.md index 2b3137eee6..a9866513ae 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install.md +++ b/deploy-manage/deploy/cloud-on-k8s/install.md @@ -20,19 +20,23 @@ mapped_urls: % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-supported.md +## Installation overview + +% TBD: I kind of hate this paragraph :) not because of the content, but because of the format... + Elastic Cloud on Kubernetes (ECK) is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) to orchestrate Elastic applications (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) on Kubernetes. It relies on a set of [Custom Resource Definitions (CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) to declaratively define the way each application is deployed. CRDs are global resources shared by all users of the Kubernetes cluster, which requires [certain permissions](../../../deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md#k8s-eck-permissions-installing-crds) to install them for initial use. The operator itself can be installed as a cluster-scoped application managing all namespaces or it can be restricted to a pre-defined set of namespaces. Multiple copies of the operator can be installed on a single Kubernetes cluster provided that the global CRDs are compatible with each instance and optional cluster-scoped extensions such as the [validating webhook](../../../deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md) are disabled. ::::{warning} Deleting CRDs will trigger deletion of all custom resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) in all namespaces of the cluster, regardless of whether they are managed by a single operator or multiple operators. :::: -* [Install ECK using the YAML manifests](../../../deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md) -* [Install ECK using the Helm chart](../../../deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md) +## Installation methods + +ECK offers multiple installation methods, including standard Kubernetes deployments and specialized procedures for environments such as OpenShift and GKE Autopilot. Choose the method that best suits your infrastructure: -ECK supports the following installation methods: -- [](./install-using-helm-chart.md) -- [](./install-using-yaml-manifest-quickstart.md) -- [](./deploy-eck-on-openshift.md) -- [](./deploy-eck-on-gke-autopilot.md) -- [](./deploy-fips-compatible-version-of-eck.md) -- [](./air-gapped-install.md) \ No newline at end of file +* [Install ECK using the YAML manifests (quickstart)](./install-using-yaml-manifest-quickstart.md) +* [Install ECK using the Helm chart](./install-using-helm-chart.md) +* [](./deploy-eck-on-openshift.md) +* [](./deploy-eck-on-gke-autopilot.md) +* [](./deploy-fips-compatible-version-of-eck.md) +* [](./air-gapped-install.md) \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-operator.md b/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-operator.md index 8d1acec63f..7414ab59c1 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-operator.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-operator.md @@ -7,5 +7,4 @@ mapped_pages: # Installing the ECK Operator [k8s-autopilot-deploy-the-operator] -Refer to [*Install ECK*](install.md) for more information on installation options. - +Refer to [*Install ECK*](install.md) for more information on installation options. On GKE Autopilot, the ECK Operator can be installed using either YAML manifests or the Helm chart. \ No newline at end of file diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-air-gapped.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-air-gapped.md deleted file mode 100644 index 737723b4de..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-air-gapped.md +++ /dev/null @@ -1,65 +0,0 @@ -# Running in air-gapped environments [k8s-air-gapped] - -The ECK operator can be run in an air-gapped environment without access to the open internet when it is configured not to pull container images from `docker.elastic.co`. - -By default ECK does not require you to specify the container image for each Elastic Stack application you deploy. - -```yaml -apiVersion: elasticsearch.k8s.elastic.co/v1 -kind: Elasticsearch -metadata: - name: quickstart -spec: - version: 8.16.1 - # image: docker.elastic.co/elasticsearch/elasticsearch:8.16.1 <1> - nodeSets: - - name: default - count: 1 - # podTemplate: - # spec: - # imagePullSecrets: <2> - # - name: private-registry-credentials-secret -``` - -1. The ECK operator will set this value by default. You can explicitly set it to your mirrored container image when running in an air-gapped environment -2. You can provide credentials to your private container registry by setting the `imagePullSecrets` field through the `spec.podTemplate` section of your Elastic resource specification, check [how to customize the Elastic resources Pods](../../../deploy-manage/deploy/cloud-on-k8s/customize-pods.md) and [how to setup a Secret containing your registry credentials](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). - - -ECK will automatically set the correct container image for each application. When running in an air-gapped or offline environment you will have to mirror the official Elastic container images in a private container image registry. To make use of your mirrored images you can either set the image for each application explicitly as shown in the preceding example or more conveniently override the default container registry as explained in the next section. - - -## Use a mirrored image of the ECK operator [k8s-use-mirrored-operator-image] - -To deploy the ECK operator in an air-gapped environment, you first have to mirror the operator image itself from `docker.elastic.co` to a private container registry, for example `my.registry`. - -Once the ECK operator image is copied internally, replace the original image name `docker.elastic.co/eck/eck-operator:2.16.1` with the private name of the image, for example `my.registry/eck/eck-operator:2.16.1`, in the [operator manifests](../../../deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md). When using [Helm charts](../../../deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md), replace the `image.repository` Helm value with, for example, `my.registry/eck/eck-operator`. - - -## Override the default container registry [k8s-container-registry-override] - -When creating custom resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash), the operator defaults to using container images pulled from the `docker.elastic.co` registry. If you are in an environment where external network access is restricted, you can configure the operator to use a different default container registry by starting the operator with the `--container-registry` command-line flag. Check [*Configure ECK*](../../../deploy-manage/deploy/cloud-on-k8s/configure-eck.md) for more information on how to configure the operator using command-line flags and environment variables. - -The operator expects container images to be located at specific repositories in the default container registry. Make sure that your container images are stored in the right repositories and are tagged correctly with the Stack version number. For example, if your private registry is `my.registry` and you wish to deploy components from Stack version 8.16.1, the following image names should exist: - -* `my.registry/elasticsearch/elasticsearch:8.16.1` -* `my.registry/kibana/kibana:8.16.1` -* `my.registry/apm/apm-server:8.16.1` - - -## Use a global container repository [k8s-container-repository-override] - -If you cannot follow the default Elastic image repositories naming scheme, you can configure the operator to use a different container repository by starting the operator with the `--container-repository` command-line flag. Check [*Configure ECK*](../../../deploy-manage/deploy/cloud-on-k8s/configure-eck.md) for more information on how to configure the operator using command-line flags and environment variables. - -For example, if your private registry is `my.registry` and all Elastic images are located under the `elastic` repository, the following image names should exist: - -* `my.registry/elastic/elasticsearch:8.16.1` -* `my.registry/elastic/kibana:8.16.1` -* `my.registry/elastic/apm-server:8.16.1` - - -## ECK Diagnostics in air-gapped environments [k8s-eck-diag-air-gapped] - -The [eck-diagnostics tool](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) optionally runs diagnostics for Elastic Stack applications in a separate container that is deployed into the Kubernetes cluster. - -In air-gapped environments with no access to the `docker.elastic.co` registry, you should copy the latest support-diagnostics container image to your internal image registry and then run the tool with the additional flag `--diagnostic-image `. To find out which support diagnostics container image matches your version of eck-diagnostics run the tool once without arguments and it will print the default image in use. - diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-deploy-eck.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-deploy-eck.md deleted file mode 100644 index fa2966fd2b..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-deploy-eck.md +++ /dev/null @@ -1,57 +0,0 @@ -# Deploy ECK in your Kubernetes cluster [k8s-deploy-eck] - -Things to consider before you start: - -* For this quickstart guide, your Kubernetes cluster is assumed to be already up and running. Before you proceed with the ECK installation, make sure you check the [supported versions](../../../deploy-manage/deploy/cloud-on-k8s.md). -* If you are using GKE, make sure your user has `cluster-admin` permissions. For more information, check [Prerequisites for using Kubernetes RBAC on GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#iam-rolebinding-bootstrap). -* If you are using Amazon EKS, make sure the Kubernetes control plane is allowed to communicate with the Kubernetes nodes on port 443. This is required for communication with the Validating Webhook. For more information, check [Recommended inbound traffic](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.md). -* Refer to [*Install ECK*](../../../deploy-manage/deploy/cloud-on-k8s/install.md) for more information on installation options. -* Check the [upgrade notes](../../../deploy-manage/upgrade/orchestrator/upgrade-cloud-on-k8s.md) if you are attempting to upgrade an existing ECK deployment. - -To deploy the ECK operator: - -1. Install [custom resource definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) with [`create`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/): - - ```sh - kubectl create -f https://download.elastic.co/downloads/eck/2.16.1/crds.yaml - ``` - - This will output similar to the following upon Elastic resources' creation: - - ```sh - customresourcedefinition.apiextensions.k8s.io/agents.agent.k8s.elastic.co created - customresourcedefinition.apiextensions.k8s.io/apmservers.apm.k8s.elastic.co created - customresourcedefinition.apiextensions.k8s.io/beats.beat.k8s.elastic.co created - customresourcedefinition.apiextensions.k8s.io/elasticmapsservers.maps.k8s.elastic.co created - customresourcedefinition.apiextensions.k8s.io/elasticsearches.elasticsearch.k8s.elastic.co created - customresourcedefinition.apiextensions.k8s.io/enterprisesearches.enterprisesearch.k8s.elastic.co created - customresourcedefinition.apiextensions.k8s.io/kibanas.kibana.k8s.elastic.co created - customresourcedefinition.apiextensions.k8s.io/logstashes.logstash.k8s.elastic.co created - ``` - -2. Install the operator with its RBAC rules with [`apply`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_apply/): - - ```sh - kubectl apply -f https://download.elastic.co/downloads/eck/2.16.1/operator.yaml - ``` - - ::::{note} - The ECK operator runs by default in the `elastic-system` namespace. It is recommended that you choose a dedicated namespace for your workloads, rather than using the `elastic-system` or the `default` namespace. - :::: - -3. Monitor the operator’s setup from its logs through [`logs`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_logs/): - - ```sh - kubectl -n elastic-system logs -f statefulset.apps/elastic-operator - ``` - -4. Once ready, the operator will report as `Running` as shown with [`get`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_get/), replacing default `elastic-system` with applicable installation namespace as needed: * - -``` -$ kubectl get -n elastic-system pods -NAME READY STATUS RESTARTS AGE -elastic-operator-0 1/1 Running 0 1m -``` - -This completes the quickstart of the ECK operator. We recommend continuing to [Deploying an {{es}} cluster](../../../deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md); but for more configuration options as needed, navigate to [Operating ECK](../../../deploy-manage/deploy/cloud-on-k8s/configure.md). - diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-fips.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-fips.md deleted file mode 100644 index c861994cee..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-fips.md +++ /dev/null @@ -1,10 +0,0 @@ -# Deploy a FIPS compatible version of ECK [k8s-fips] - -The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2), titled "Security Requirements for Cryptographic Modules" is a U.S. government computer security standard used to approve cryptographic modules. Since version 2.6 ECK offers a FIPS-enabled image that is a drop-in replacement for the standard image. - -For the ECK operator, adherence to FIPS 140-2 is ensured by: - -* Using FIPS approved / NIST recommended cryptographic algorithms. -* Compiling the operator using the [BoringCrypto](https://github.com/golang/go/blob/dev.boringcrypto/README.boringcrypto.md) library for various cryptographic primitives. - - diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-install-yaml-manifests.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-install-yaml-manifests.md deleted file mode 100644 index 5013d170de..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-install-yaml-manifests.md +++ /dev/null @@ -1,10 +0,0 @@ -# Install ECK using the YAML manifests [k8s-install-yaml-manifests] - -This method is the quickest way to get started with ECK if you have full administrative access to the Kubernetes cluster. The [Quickstart](../../../deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md) document describes how to proceed with this method. When you run the `kubectl` command listed in [*Deploy ECK in your Kubernetes cluster*](../../../deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md), the following components are installed or updated: - -* `CustomResourceDefinition` objects for all supported resource types (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash). -* `Namespace` named `elastic-system` to hold all operator resources. -* `ServiceAccount`, `ClusterRole` and `ClusterRoleBinding` to allow the operator to manage resources throughout the cluster. -* `ValidatingWebhookConfiguration` to validate Elastic custom resources on admission. -* `StatefulSet`, `ConfigMap`, `Secret` and `Service` in `elastic-system` namespace to run the operator application. - diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_installation.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_installation.md deleted file mode 100644 index 36ed69985f..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_installation.md +++ /dev/null @@ -1,33 +0,0 @@ -# Installation [k8s_installation] - -## FIPS compliant installation using Helm [k8s_fips_compliant_installation_using_helm] - -Set `image.fips=true` to install a FIPS-enabled version of the ECK Operator. Refer to [Install ECK using the Helm chart](../../../deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md) for full Helm installation instructions. - -```sh -helm install elastic-operator elastic/eck-operator \ - -n elastic-system --create-namespace \ - --set=image.fips=true -``` - - -## FIPS compliant installation using manifests [k8s_fips_compliant_installation_using_manifests] - -The `StatefulSet` definition within the yaml installation manifest will need to be patched prior to installation to append `-fips` to the `spec.template.spec.containers[*].image` to install a FIPS-enabled version of the ECK Operator. Refer to [Install ECK using the YAML manifests](../../../deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md) for full manifest installation instructions. - -::::{note} -`${ECK_VERSION}` in the following command needs to be replaced with the version of the Operator that is to be installed. -:::: - - -```sh -curl -s https://download.elastic.co/downloads/eck/${ECK_VERSION}/operator.yaml | sed -r 's#(image:.*eck-operator)(:.*)#\1-fips\2#' | kubectl apply -f - -``` - -If the Operator has already been installed using the manifests, the installation can be patched instead: - -```sh -kubectl patch sts elastic-operator -n elastic-system -p '{"spec":{"template":{"spec":{"containers":[{"name":"manager", "image":"docker.elastic.co/eck/eck-operator-fips:${ECK_VERSION}"}]}}}}' -``` - - diff --git a/raw-migrated-files/toc.yml b/raw-migrated-files/toc.yml index 5143375f55..7632add24e 100644 --- a/raw-migrated-files/toc.yml +++ b/raw-migrated-files/toc.yml @@ -14,14 +14,9 @@ toc: - file: cloud-on-k8s/cloud-on-k8s/index.md children: - file: cloud-on-k8s/cloud-on-k8s/k8s_audit_logging.md - - file: cloud-on-k8s/cloud-on-k8s/k8s_installation.md - file: cloud-on-k8s/cloud-on-k8s/k8s-accessing-elastic-services.md - - file: cloud-on-k8s/cloud-on-k8s/k8s-air-gapped.md - file: cloud-on-k8s/cloud-on-k8s/k8s-custom-http-certificate.md - - file: cloud-on-k8s/cloud-on-k8s/k8s-deploy-eck.md - file: cloud-on-k8s/cloud-on-k8s/k8s-es-secure-settings.md - - file: cloud-on-k8s/cloud-on-k8s/k8s-fips.md - - file: cloud-on-k8s/cloud-on-k8s/k8s-install-yaml-manifests.md - file: cloud-on-k8s/cloud-on-k8s/k8s-installing-eck.md - file: cloud-on-k8s/cloud-on-k8s/k8s-orchestration.md - file: cloud-on-k8s/cloud-on-k8s/k8s-request-elasticsearch-endpoint.md From b9bc4160d5cc5675c1ef3de4566512a487708e63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sat, 8 Feb 2025 23:51:06 +0100 Subject: [PATCH 07/70] some navigation_titles updated --- deploy-manage/deploy/cloud-on-k8s.md | 1 + .../deploy/cloud-on-k8s/air-gapped-install.md | 1 + .../deploy-fips-compatible-version-of-eck.md | 15 +-------------- .../cloud-on-k8s/install-using-helm-chart.md | 5 +++-- .../install-using-yaml-manifest-quickstart.md | 5 +++-- deploy-manage/deploy/cloud-on-k8s/install.md | 2 ++ 6 files changed, 11 insertions(+), 18 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index c9f9089f67..8aeb05ddf8 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -99,6 +99,7 @@ Alternatively, or if you do not have a support contract, and if you are unable t * [Github issues](https://github.com/elastic/cloud-on-k8s/issues) for bugs and feature requests % to consider in either deploy or manage deployment sections +% this was a "redirect only" in the excel ## Advanced topics [k8s-advanced-topics] * [*Deploy ECK on OpenShift*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md) diff --git a/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md b/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md index 422dc0f5d4..f9f5fe11ea 100644 --- a/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md +++ b/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md @@ -1,4 +1,5 @@ --- +navigation_title: Air gapped environments applies: eck: all mapped_urls: diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md b/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md index 86b9451c4d..e52a3607b3 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md @@ -1,4 +1,5 @@ --- +navigation_title: FIPS compatibility applies: eck: all mapped_urls: @@ -6,20 +7,6 @@ mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_installation.html --- -# Deploy a FIPS compatible version of ECK - -% What needs to be done: Refine - -% GitHub issue: https://github.com/elastic/docs-projects/issues/357 - -% Scope notes: Merge both docs into 1 - -% Use migrated content from existing pages that map to this page: - -% removed both -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-fips.md -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_installation.md - # Deploy a FIPS compatible version of ECK [k8s-fips] The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2), titled "Security Requirements for Cryptographic Modules" is a U.S. government computer security standard used to approve cryptographic modules. Since version 2.6 ECK offers a FIPS-enabled image that is a drop-in replacement for the standard image. diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md index c3f7e61c18..d06b27948a 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md @@ -1,8 +1,9 @@ --- -applies: - eck: all +navigation_title: Helm chart mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html +applies: + eck: all --- # Install using a Helm chart [k8s-install-helm] diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md index e219bd2650..801cf4210e 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md @@ -1,9 +1,10 @@ --- -applies: - eck: all +navigation_title: YAML manifests mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-yaml-manifests.html - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-eck.html +applies: + eck: all --- # Install ECK using the YAML manifests [k8s-install-yaml-manifests] diff --git a/deploy-manage/deploy/cloud-on-k8s/install.md b/deploy-manage/deploy/cloud-on-k8s/install.md index a9866513ae..42445cf89b 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install.md +++ b/deploy-manage/deploy/cloud-on-k8s/install.md @@ -20,6 +20,8 @@ mapped_urls: % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-supported.md +Pending to add link to supported versions (in the intro) [](../cloud-on-k8s.md#k8s-supported) + ## Installation overview % TBD: I kind of hate this paragraph :) not because of the content, but because of the format... From 1c522b101ed635099948cd44cf53e18dc75f7eab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 9 Feb 2025 00:06:26 +0100 Subject: [PATCH 08/70] rbac requirements moved to install --- deploy-manage/deploy/cloud-on-k8s/configure-eck.md | 3 +++ deploy-manage/deploy/cloud-on-k8s/configure.md | 1 + deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md | 4 ++-- .../deploy/cloud-on-k8s/required-rbac-permissions.md | 2 ++ deploy-manage/toc.yml | 4 ++-- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md index 18de903951..3e124d3aa1 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md @@ -1,4 +1,5 @@ --- +navigation_title: Configuration parameters applies: eck: all mapped_pages: @@ -9,6 +10,8 @@ mapped_pages: ECK can be configured using either command line flags or environment variables. +% this list of flags is a candidate to REFERENCE content + | Flag | Default | Description | | --- | --- | --- | | `ca-cert-rotate-before` | `24h` | Duration representing how long before expiration CA certificates should be re-issued. | diff --git a/deploy-manage/deploy/cloud-on-k8s/configure.md b/deploy-manage/deploy/cloud-on-k8s/configure.md index 98e07243fc..132754c985 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure.md @@ -1,4 +1,5 @@ --- +navigation_title: Configure ECK applies: eck: all mapped_pages: diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md index d06b27948a..b04f231852 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md @@ -22,7 +22,7 @@ The minimum supported version of Helm is 3.2.0. ## Cluster-wide (global) installation [k8s-install-helm-global] -This is the default mode of installation and is equivalent to [installing ECK using the stand-alone YAML manifests](install-using-yaml-manifest-quickstart.md). +This is the default mode of installation and is equivalent to [installing ECK using the stand-alone YAML manifests](./install-using-yaml-manifest-quickstart.md). ```sh helm install elastic-operator elastic/eck-operator -n elastic-system --create-namespace @@ -112,4 +112,4 @@ For example, an ECK 1.2.1 installation deployed using the [quickstart guide](htt 1. If you have previously customized the operator configuration in this ConfigMap, you will have to repeat the configuration once the operator has been reinstalled in the next step. -3. Install the ECK operator using the Helm chart as described in [Install ECK using the Helm chart](). +3. Install the ECK operator using the Helm chart as described in [Install ECK using the Helm chart](./install-using-helm-chart.md). diff --git a/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md b/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md index d0f4d27fa4..68ed67e9a3 100644 --- a/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md +++ b/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md @@ -5,6 +5,8 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-eck-permissions.html --- +% candidate for REFERENCE content. + # Required RBAC permissions [k8s-eck-permissions] Installing and running ECK, as well as using ECK-managed resources requires the following Kubernetes [permissions](https://kubernetes.io/docs/reference/access-authn-authz/rbac): diff --git a/deploy-manage/toc.yml b/deploy-manage/toc.yml index 6102870923..03688c1825 100644 --- a/deploy-manage/toc.yml +++ b/deploy-manage/toc.yml @@ -247,11 +247,11 @@ toc: - file: deploy/cloud-on-k8s/k8s-autopilot-deploy-elasticsearch.md - file: deploy/cloud-on-k8s/k8s-autopilot-deploy-agent-beats.md - file: deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md + - file: deploy/cloud-on-k8s/required-rbac-permissions.md - file: deploy/cloud-on-k8s/air-gapped-install.md - file: deploy/cloud-on-k8s/configure.md children: - file: deploy/cloud-on-k8s/configure-eck.md - - file: deploy/cloud-on-k8s/required-rbac-permissions.md - file: deploy/cloud-on-k8s/configure-validating-webhook.md - file: deploy/cloud-on-k8s/restrict-cross-namespace-resource-associations.md - file: deploy/cloud-on-k8s/create-custom-images.md @@ -860,4 +860,4 @@ toc: - file: uninstall/uninstall-elastic-cloud-enterprise.md - file: uninstall/uninstall-elastic-cloud-on-kubernetes.md - file: uninstall/uninstall-a-self-managed-cluster.md - - file: uninstall/delete-a-cloud-deployment.md \ No newline at end of file + - file: uninstall/delete-a-cloud-deployment.md From 74611c2640e10769b4baa7827c3c1e57ec5ee6e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 9 Feb 2025 09:57:45 +0100 Subject: [PATCH 09/70] configuration ECK section updated --- .../deploy/cloud-on-k8s/configure-eck.md | 16 +++++++--------- deploy-manage/deploy/cloud-on-k8s/configure.md | 17 ++++++++++++++--- deploy-manage/deploy/cloud-on-k8s/install.md | 11 +++++++---- 3 files changed, 28 insertions(+), 16 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md index 3e124d3aa1..589181a2fc 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md @@ -1,16 +1,18 @@ --- -navigation_title: Configuration parameters +navigation_title: Configuration flags applies: eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-operator-config.html --- -# Configure ECK [k8s-operator-config] +# ECK configuration flags [k8s-operator-config] -ECK can be configured using either command line flags or environment variables. +ECK can be configured using either **command-line flags** or **environment variables**. -% this list of flags is a candidate to REFERENCE content +Unless noted otherwise, environment variables can be used instead of flags to configure the operator. Simply convert the flag name to upper case and replace any dashes (`-`) with underscores (`_`). For example, the `log-verbosity` flag can be set by an environment variable named `LOG_VERBOSITY`. + +The following table lists and describes all available configuration flags: | Flag | Default | Description | | --- | --- | --- | @@ -52,8 +54,6 @@ ECK can be configured using either command line flags or environment variables. | `webhook-secret` | `""` | K8s secret mounted into the path designated by webhook-cert-dir to be used for webhook certificates. | | `webhook-port` | `9443` | Port to listen for incoming validation requests. | -Unless noted otherwise, environment variables can be used instead of flags to configure the operator as well. Simply convert the flag name to upper case and replace any dashes (`-`) with underscores (`_`). For example, the `log-verbosity` flag can be set by an environment variable named `LOG_VERBOSITY`. - Duration values should be specified as numeric values suffixed by the time unit. For example, a duration of 10 hours should be specified as `10h`. Acceptable time unit suffixes are: | Suffix | Unit | @@ -142,6 +142,4 @@ If you use [Operator Lifecycle Manager (OLM)](https://github.com/operator-framew - name: config mountPath: /conf readOnly: true - ``` - - + ``` \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/configure.md b/deploy-manage/deploy/cloud-on-k8s/configure.md index 132754c985..3fbd538ebc 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure.md @@ -6,10 +6,20 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-operating-eck.html --- -# Configure [k8s-operating-eck] +# Configure ECK [k8s-operating-eck] + +By default, the ECK installation includes a **ConfigMap** where you can **add, remove, or update configuration settings**. This ConfigMap is automatically mounted into the operator’s container and provided to it through the `--config` parameter. + +To configure ECK **edit the `elastic-operator` ConfigMap** to change the operator configuration. The operator will restart automatically to apply the new changes unless the `--disable-config-watch` flag is set. + +Alternatively, you can edit the `elastic-operator` StatefulSet and add flags to the `args` section — which will trigger an automatic restart of the operator pod by the StatefulSet controller. + +For a complete description of available **configuration flags and methods**, refer to the [](./configure-eck.md). + +## Configuration use cases + +The following guides provide detailed instructions on configuring specific features, managing licenses, and performing common operational tasks: -* [*Configure ECK*](configure-eck.md) -* [*Required RBAC permissions*](required-rbac-permissions.md) * [*Configure the validating webhook*](configure-validating-webhook.md) * [*Configure the metrics endpoint*](../../monitor/orchestrators/eck-metrics-configuration.md) * [*Restrict cross-namespace resource associations*](restrict-cross-namespace-resource-associations.md) @@ -19,3 +29,4 @@ mapped_pages: * [*Uninstall ECK*](../../uninstall/uninstall-elastic-cloud-on-kubernetes.md) * [*Running in air-gapped environments*](air-gapped-install.md) +% suggestion: maybe we should add a comment about most common configuration needs, like CA certificates, namespaces, log-verbosity... \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/install.md b/deploy-manage/deploy/cloud-on-k8s/install.md index 42445cf89b..d140967a0e 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install.md +++ b/deploy-manage/deploy/cloud-on-k8s/install.md @@ -32,13 +32,16 @@ Elastic Cloud on Kubernetes (ECK) is a [Kubernetes operator](https://kubernetes. Deleting CRDs will trigger deletion of all custom resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) in all namespaces of the cluster, regardless of whether they are managed by a single operator or multiple operators. :::: -## Installation methods +## Installation Methods -ECK offers multiple installation methods, including standard Kubernetes deployments and specialized procedures for environments such as OpenShift and GKE Autopilot. Choose the method that best suits your infrastructure: +ECK supports multiple installation methods. Choose the one that best fits your infrastructure: -* [Install ECK using the YAML manifests (quickstart)](./install-using-yaml-manifest-quickstart.md) +* [Install ECK using YAML manifests (quickstart)](./install-using-yaml-manifest-quickstart.md) * [Install ECK using the Helm chart](./install-using-helm-chart.md) * [](./deploy-eck-on-openshift.md) * [](./deploy-eck-on-gke-autopilot.md) * [](./deploy-fips-compatible-version-of-eck.md) -* [](./air-gapped-install.md) \ No newline at end of file + +For air-gapped environments, refer to [](./air-gapped-install.md) to understand the requirements and installation considerations. + +See [*Required RBAC permissions*](required-rbac-permissions.md) for a complete list of the permissions needed by the operator. \ No newline at end of file From 523303644922060f9fea9f15bf0c69918f12b0d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 9 Feb 2025 21:47:51 +0100 Subject: [PATCH 10/70] managing deployments changes started --- .../elasticsearch-deployment-quickstart.md | 5 +++- .../kibana-instance-quickstart.md | 1 + .../deploy/cloud-on-k8s/manage-deployments.md | 22 +++++++++++++++- .../managing-deployments-using-helm-chart.md | 3 ++- .../orchestrate-other-elastic-applications.md | 26 ++++++++++++++++++- .../deploy/cloud-on-k8s/update-deployments.md | 6 ++--- deploy-manage/toc.yml | 2 +- 7 files changed, 56 insertions(+), 9 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md index 3f9c73e53f..e023d365c9 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md @@ -1,4 +1,5 @@ --- +navigation_title: Deploy an Elasticsearch cluster applies: eck: all mapped_pages: @@ -139,4 +140,6 @@ In order to make requests to the [{{es}} API](https://www.elastic.co/guide/en/el ``` -This completes the quickstart of deploying an {{es}} cluster. We recommend continuing to [Deploy a {{kib}} instance](kibana-instance-quickstart.md) but for more configuration options as needed, navigate to [Running {{es}} on ECK](elasticsearch-configuration.md). +This completes the quickstart of deploying an {{es}} cluster. We recommend continuing to [Deploy a {{kib}} instance](kibana-instance-quickstart.md) but for more configuration options as needed, navigate to [](./elasticsearch-configuration.md). + +For more information about how to apply changes to your deployments, refer to [aplying updates](./update-deployments.md). \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md index 71aa17b4d7..0093054fd7 100644 --- a/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md @@ -1,4 +1,5 @@ --- +navigation_title: Deploy a Kibana instance applies: eck: all mapped_pages: diff --git a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md index 5b893d6967..c8a366cb2c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md @@ -8,4 +8,24 @@ applies: % GitHub issue: https://github.com/elastic/docs-projects/issues/357 -% Scope notes: To be decided... \ No newline at end of file +% Scope notes: To be decided... + +This section provides detailed guidance on deploying, configuring, and managing Elasticsearch and Kibana within ECK. A **deployment** refers to an {{es}} cluster, optionally with one or more {{kib}} instances connected to it. + +::::{tip} +This section focuses on **Elasticsearch and Kibana** deployments. To orchestrate other Elastic Stack applications such as **APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash**, refer to the [Orchestrating other Elastic Stack applications](./orchestrate-other-elastic-applications.md). +:::: + +## What You'll Learn + +- [**Deploy an Elasticsearch cluster (quickstart)**](./elasticsearch-deployment-quickstart.md) → Orchestrate an {{es}} cluster in Kubernetes. +- [**Deploy Kibana instances (quickstart)**](./kibana-instance-quickstart.md) → Set up and connect Kibana to an existing Elasticsearch cluster. +- [**Manage deployments using Elastic Stack Helm chart**](./managing-deployments-using-helm-chart.md) → (pending description) +- [**Apply updates to your deployments**](./update-deployments.md) → Modify existing deployments, scale clusters, and update configurations, while ensuring minimal disruption. +- [**Configure access to your deployments**](./accessing-services.md) → Expose your deployments through Kubernetes services. +- [**Advanced configuration use cases**](./configure-deployments.md) → Explore available settings for Elasticsearch and Kibana, including storage, networking, security, and scaling options. + +For a complete reference on configuration possibilities for {{es}} and {{kib}}, see: + +- [](./elasticsearch-configuration.md) +- [](./kibana-configuration.md) \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md index 73aead675c..ca3522598e 100644 --- a/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md @@ -1,11 +1,12 @@ --- +navigation_title: Elastic Stack Helm chart applies: eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-helm-chart.html --- -# Managing deployments using a Helm chart [k8s-stack-helm-chart] +# Elastic Stack Helm chart [k8s-stack-helm-chart] Starting from ECK 2.4.0, a Helm chart is available for managing Elastic Stack resources using the ECK Operator. It is available from the Elastic Helm repository and can be added to your Helm repository list by running the following command: diff --git a/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md b/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md index 0ab9e93bda..f111d698b2 100644 --- a/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md +++ b/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md @@ -1,3 +1,27 @@ # Orchestrate other Elastic applications -% What needs to be done: Write from scratch \ No newline at end of file +% What needs to be done: Write from scratch + +* [*Run APM Server on ECK*](apm-server.md) +* [*Run standalone Elastic Agent on ECK*](standalone-elastic-agent.md) +* [*Run {{fleet}}-managed {{agent}} on ECK*](fleet-managed-elastic-agent.md) +* [*Run Elastic Maps Server on ECK*](elastic-maps-server.md) +* [*Run Enterprise Search on ECK*](enterprise-search.md) +* [*Run Beats on ECK*](beats.md) +* [*Run {{ls}} on ECK*](logstash.md) + +% to analyze and decide how the content gets presented + +* [*Elastic Stack Helm Chart*](managing-deployments-using-helm-chart.md) +* [*Recipes*](recipes.md) + +* [*Secure the Elastic Stack*](../../security.md) +* [*Access Elastic Stack services*](accessing-services.md) +* [*Customize Pods*](customize-pods.md) +* [*Manage compute resources*](manage-compute-resources.md) +* [*Autoscaling stateless applications*](../../autoscaling/autoscaling-stateless-applications-on-eck.md) +* [*Elastic Stack configuration policies*](elastic-stack-configuration-policies.md) +* [*Upgrade the Elastic Stack version*](../../upgrade/deployment-or-cluster.md) +* [*Connect to external Elastic resources*](connect-to-external-elastic-resources.md) + + diff --git a/deploy-manage/deploy/cloud-on-k8s/update-deployments.md b/deploy-manage/deploy/cloud-on-k8s/update-deployments.md index a7f5a7ae4d..8ce6fabaac 100644 --- a/deploy-manage/deploy/cloud-on-k8s/update-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/update-deployments.md @@ -1,4 +1,5 @@ --- +navigation_title: Applying updates applies: eck: all mapped_pages: @@ -27,7 +28,4 @@ spec: EOF ``` -ECK will automatically schedule the requested update. Changes can be monitored with the [ECK operator logs](install-using-yaml-manifest-quickstart.md), [`events`](https://kubernetes.io/docs/reference/kubernetes-api/cluster-resources/event-v1/), and applicable product’s [pod `logs`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_logs/). These will either report successful application of changes or provide context for further troubleshooting. Kindly note, Kubernetes restricts some changes, for example refer to [Updating Volume Claims](volume-claim-templates.md#k8s-volume-claim-templates-update). - -This completes our quickstart guide for deploying an {{es}} cluster and {{kib}} instance with our ECK operator. We recommend continuing to [Orchestrating Elastic Stack applications](configure-deployments.md) for more configuration options - +ECK will automatically schedule the requested update. Changes can be monitored with the [ECK operator logs](install-using-yaml-manifest-quickstart.md), [`events`](https://kubernetes.io/docs/reference/kubernetes-api/cluster-resources/event-v1/), and applicable product’s [pod `logs`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_logs/). These will either report successful application of changes or provide context for further troubleshooting. Kindly note, Kubernetes restricts some changes, for example refer to [Updating Volume Claims](volume-claim-templates.md#k8s-volume-claim-templates-update). \ No newline at end of file diff --git a/deploy-manage/toc.yml b/deploy-manage/toc.yml index 03688c1825..9ce43de48a 100644 --- a/deploy-manage/toc.yml +++ b/deploy-manage/toc.yml @@ -267,8 +267,8 @@ toc: children: - file: deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md - file: deploy/cloud-on-k8s/kibana-instance-quickstart.md - - file: deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md - file: deploy/cloud-on-k8s/update-deployments.md + - file: deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md - file: deploy/cloud-on-k8s/accessing-services.md - file: deploy/cloud-on-k8s/configure-deployments.md children: From 07e5846d91f87e167651e897b69ce219f6f8a10e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Mon, 10 Feb 2025 13:05:00 +0100 Subject: [PATCH 11/70] manage deployments almost completed --- deploy-manage/deploy/cloud-on-k8s.md | 32 +++++------ .../cloud-on-k8s/configure-deployments.md | 55 ++++++++++++------- .../cloud-on-k8s/deploy-an-orchestrator.md | 15 +---- .../elasticsearch-deployment-quickstart.md | 2 +- deploy-manage/deploy/cloud-on-k8s/install.md | 21 +------ .../kibana-instance-quickstart.md | 2 +- .../deploy/cloud-on-k8s/manage-deployments.md | 12 ++-- .../orchestrate-other-elastic-applications.md | 28 +++++----- .../deploy/cloud-on-k8s/update-deployments.md | 2 + 9 files changed, 80 insertions(+), 89 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index 8aeb05ddf8..a64b655361 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -8,21 +8,6 @@ mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_learn_more_about_eck.html --- -% What needs to be done: Refine - -% GitHub issue: https://github.com/elastic/docs-projects/issues/357 - -% Scope notes: Maybe we can even leave it as it is. - -% Use migrated content from existing pages that map to this page: - -% deleted all of them -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-overview.md -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-advanced-topics.md -% Notes: redirect only -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-supported.md -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s_learn_more_about_eck.md - # Elastic Cloud on Kubernetes [k8s-overview] % TBD: choose @@ -46,15 +31,24 @@ With Elastic Cloud on Kubernetes you can streamline critical operations, such as 4. Securing clusters with TLS certificates 5. Setting up hot-warm-cold architectures with availability zone awareness -% TBD: choose -On this section you will learn how to: -This sections offers everything you need to know about: +This section provides everything you need to install, configure, and manage Elastic Stack applications with ECK, including: - [](./cloud-on-k8s/deploy-an-orchestrator.md): ECK installation methods and configuration details. - [](./cloud-on-k8s/manage-deployments.md): Install and configure {{es}} clusters and {{kib}} instances through ECK. - [](./cloud-on-k8s/orchestrate-other-elastic-applications.md): Install and configure APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. - [](./cloud-on-k8s/tools-apis.md): Collection of tools and APIs available in ECK based environments. +## Looking for a quickstart? [eck-quickstart] + +If you want to get started quickly, follow these guides to deploy ECK and set up an {{es}} cluster: + +* [Install ECK using the YAML manifests](install-using-yaml-manifest-quickstart.md) +* [Deploy an {{es}} cluster](elasticsearch-deployment-quickstart.md) +* [Deploy a {{kib}} instance](kibana-instance-quickstart.md) +* [Update your deployment](update-deployments.md) + +Afterwards, you can find further sample resources [in the project repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/config/samples) or by checking out [our recipes](recipes.md). + ## Supported versions [k8s-supported] ECK is compatible with: @@ -79,7 +73,6 @@ Elastic Stack application images for the OpenShift-certified Elasticsearch (ECK) Check the full [Elastic support matrix](https://www.elastic.co/support/matrix#matrix_kubernetes) for more information. % TBD: discuss if these make sense here - ## Learn more about ECK [k8s_learn_more_about_eck] * [Orchestrate Elasticsearch on Kubernetes](https://www.elastic.co/elasticsearch-kubernetes) @@ -100,6 +93,7 @@ Alternatively, or if you do not have a support contract, and if you are unable t % to consider in either deploy or manage deployment sections % this was a "redirect only" in the excel + ## Advanced topics [k8s-advanced-topics] * [*Deploy ECK on OpenShift*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index 1314e43f34..fd0da33bf6 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -3,27 +3,44 @@ applies: eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-orchestrating-elastic-stack-applications.html + - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-update-deployment.html --- +% the security link needs to be refined to point to the eck related section around security +% same for upgrade link + # Configure deployments [k8s-orchestrating-elastic-stack-applications] -* [*Run Elasticsearch on ECK*](elasticsearch-configuration.md) -* [*Run {{kib}} on ECK*](kibana-configuration.md) -* [*Run APM Server on ECK*](apm-server.md) -* [*Run standalone Elastic Agent on ECK*](standalone-elastic-agent.md) -* [*Run {{fleet}}-managed {{agent}} on ECK*](fleet-managed-elastic-agent.md) -* [*Run Elastic Maps Server on ECK*](elastic-maps-server.md) -* [*Run Enterprise Search on ECK*](enterprise-search.md) -* [*Run Beats on ECK*](beats.md) -* [*Run {{ls}} on ECK*](logstash.md) -* [*Elastic Stack Helm Chart*](managing-deployments-using-helm-chart.md) -* [*Recipes*](recipes.md) -* [*Secure the Elastic Stack*](../../security.md) -* [*Access Elastic Stack services*](accessing-services.md) -* [*Customize Pods*](customize-pods.md) -* [*Manage compute resources*](manage-compute-resources.md) -* [*Autoscaling stateless applications*](../../autoscaling/autoscaling-stateless-applications-on-eck.md) -* [*Elastic Stack configuration policies*](elastic-stack-configuration-policies.md) -* [*Upgrade the Elastic Stack version*](../../upgrade/deployment-or-cluster.md) -* [*Connect to external Elastic resources*](connect-to-external-elastic-resources.md) +This section provides details around {{kib}} and {{es}} configuration when running on ECK. For general information about how ECK applies configuration changes and the syntax to use in the YAML manifests, refer to [](./update-deployments.md). + +* [**{{es}} configuration**](elasticsearch-configuration.md) → Review configuration possibilities to tune your {{es}} cluster running on ECK, learn how [nodes orchestration](./nodes-orchestration.md) work, [storage recommendations](./storage-recommendations.md), and more. + +* [**{{kib}} configuration**](kibana-configuration.md) → Learn how to connect {{kib}} to an {{es}} cluster, apply advanced configuration settings, and tune the HTTP configuration. + +Additionally, the following topics apply to both {{es}} and {{kib}}, and in some cases, to other applications supported by ECK: + +* [**Access services**](accessing-services.md) → Learn how to access to the orchestrated clusters and how to adapt the Kubernetes services to your needs. + +* [**TLS certificates**](./tls-certificates.md) → Use your own SSL/TLS certificates for the HTTP endpoint of {{es}} or {{kib}}. + +* [**Secure the Elastic Stack**](../../security.md) → Manage users and roles, authentication realms, and more. + +* [**Recipes**](recipes.md) → Advanced use cases examples available in our GitHub repository. + +* [**Customize Pods**](customize-pods.md) → Learn how to adapt the `podTemplate` field to your needs. + +* [**Manage compute resources**](manage-compute-resources.md) → Important considerations around CPU and memory when running production workloads. + +* [**Autoscaling stateless applications**](../../autoscaling/autoscaling-stateless-applications-on-eck.md) → Use [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for {{kib}} or other stateless applications. + +* [**Connect to external Elastic resources**](connect-to-external-elastic-resources.md) → Use `secrets` with custom settings for `elasticsearchRef` and `kibanaRef` parameters. + +ECK also facilitates configuration and operation activities with advanced features, such as: + +* [**Elastic Stack configuration policies**](elastic-stack-configuration-policies.md) → Organize your {{es}} and {{kib}} configuration settings through `StackConfigPolicy` resources that can be referenced within your deployments. + +* [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html) → Monitor your deployments smoothly with the help of ECK. + +* [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.html) → Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. +* [**Upgrade the Elastic Stack version**](../../upgrade/deployment-or-cluster.md) → Upgrade orchestrated applications on ECK. \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index 1263d64f01..7aab30b6b1 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -20,17 +20,8 @@ This section provides step-by-step guidance on: - [**Deploying in air-gapped environments**](./air-gapped-install.md) → Follow best practices for installing and operating ECK in restricted networks. - [**Configuring ECK**](./configure.md) → Understand the available configuration options to optimize your ECK deployment. -::::{tip} If you're looking to deploy {{es}}, {{kib}}, or other Elastic applications using ECK, refer to [](./manage-deployments.md). -:::: - -## Looking for a quickstart? - -If you want to get started quickly, follow these guides to deploy ECK and set up an {{es}} cluster: -* [Install ECK using the YAML manifests](install-using-yaml-manifest-quickstart.md) -* [Deploy an {{es}} cluster](elasticsearch-deployment-quickstart.md) -* [Deploy a {{kib}} instance](kibana-instance-quickstart.md) -* [Update your deployment](update-deployments.md) - -Afterwards, you can find further sample resources [in the project repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/config/samples) or by checking out [our recipes](recipes.md). \ No newline at end of file +::::{tip} +For a quickstart experience covering the ECK installation, and an {{es}} cluster with a {{kib}} instance, refer to [](../cloud-on-k8s.md#eck-quickstart) +:::: \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md index e023d365c9..95eb4c336b 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md @@ -6,7 +6,7 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-elasticsearch.html --- -# Elasticsearch deployment quickstart [k8s-deploy-elasticsearch] +# Deploy an Elasticsearch cluster [k8s-deploy-elasticsearch] To deploy a simple [{es](https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started.html)}] cluster specification, with one {{es}} node: diff --git a/deploy-manage/deploy/cloud-on-k8s/install.md b/deploy-manage/deploy/cloud-on-k8s/install.md index d140967a0e..9b117ac3a9 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install.md +++ b/deploy-manage/deploy/cloud-on-k8s/install.md @@ -3,28 +3,11 @@ applies: eck: all mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-installing-eck.html - - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-supported.html --- # Install ECK [k8s-installing-eck] -% What needs to be done: Lift-and-shift - -% Scope notes: Entry point, i think the current page is valid. - -% Use migrated content from existing pages that map to this page: - -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-installing-eck.md - -% TBD: supported versions here or in the intro?? - -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-supported.md - -Pending to add link to supported versions (in the intro) [](../cloud-on-k8s.md#k8s-supported) - -## Installation overview - -% TBD: I kind of hate this paragraph :) not because of the content, but because of the format... +% TBD: This paragraph needs some improvement Elastic Cloud on Kubernetes (ECK) is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) to orchestrate Elastic applications (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) on Kubernetes. It relies on a set of [Custom Resource Definitions (CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) to declaratively define the way each application is deployed. CRDs are global resources shared by all users of the Kubernetes cluster, which requires [certain permissions](../../../deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md#k8s-eck-permissions-installing-crds) to install them for initial use. The operator itself can be installed as a cluster-scoped application managing all namespaces or it can be restricted to a pre-defined set of namespaces. Multiple copies of the operator can be installed on a single Kubernetes cluster provided that the global CRDs are compatible with each instance and optional cluster-scoped extensions such as the [validating webhook](../../../deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md) are disabled. @@ -32,6 +15,8 @@ Elastic Cloud on Kubernetes (ECK) is a [Kubernetes operator](https://kubernetes. Deleting CRDs will trigger deletion of all custom resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) in all namespaces of the cluster, regardless of whether they are managed by a single operator or multiple operators. :::: +For a list of supported versions refer to [](../cloud-on-k8s.md#k8s-supported) + ## Installation Methods ECK supports multiple installation methods. Choose the one that best fits your infrastructure: diff --git a/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md index 0093054fd7..912596409d 100644 --- a/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md @@ -6,7 +6,7 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-kibana.html --- -# Kibana instance quickstart [k8s-deploy-kibana] +# Deploy a Kibana instance [k8s-deploy-kibana] To deploy a simple [{{kib}}](https://www.elastic.co/guide/en/kibana/current/introduction.html#introduction) specification, with one {{kib}} instance: diff --git a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md index c8a366cb2c..c5713774ef 100644 --- a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md @@ -13,17 +13,17 @@ applies: This section provides detailed guidance on deploying, configuring, and managing Elasticsearch and Kibana within ECK. A **deployment** refers to an {{es}} cluster, optionally with one or more {{kib}} instances connected to it. ::::{tip} -This section focuses on **Elasticsearch and Kibana** deployments. To orchestrate other Elastic Stack applications such as **APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash**, refer to the [Orchestrating other Elastic Stack applications](./orchestrate-other-elastic-applications.md). +This content focuses on **Elasticsearch and Kibana** deployments. To orchestrate other Elastic Stack applications such as **APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash**, refer to the [Orchestrating other Elastic Stack applications](./orchestrate-other-elastic-applications.md). :::: ## What You'll Learn -- [**Deploy an Elasticsearch cluster (quickstart)**](./elasticsearch-deployment-quickstart.md) → Orchestrate an {{es}} cluster in Kubernetes. -- [**Deploy Kibana instances (quickstart)**](./kibana-instance-quickstart.md) → Set up and connect Kibana to an existing Elasticsearch cluster. -- [**Manage deployments using Elastic Stack Helm chart**](./managing-deployments-using-helm-chart.md) → (pending description) +- [**Deploy an Elasticsearch cluster**](./elasticsearch-deployment-quickstart.md) → Orchestrate an {{es}} cluster in Kubernetes. +- [**Deploy Kibana instances**](./kibana-instance-quickstart.md) → Set up and connect Kibana to an existing Elasticsearch cluster. +- [**Manage deployments using Elastic Stack Helm chart**](./managing-deployments-using-helm-chart.md) → Use Helm to deploy clusters and other stack applications. - [**Apply updates to your deployments**](./update-deployments.md) → Modify existing deployments, scale clusters, and update configurations, while ensuring minimal disruption. -- [**Configure access to your deployments**](./accessing-services.md) → Expose your deployments through Kubernetes services. -- [**Advanced configuration use cases**](./configure-deployments.md) → Explore available settings for Elasticsearch and Kibana, including storage, networking, security, and scaling options. +- [**Configure access to your deployments**](./accessing-services.md) → Make your deployments available through Kubernetes services. +- [**Advanced configuration**](./configure-deployments.md) → Explore available settings for Elasticsearch and Kibana, including storage, networking, security, and scaling options. For a complete reference on configuration possibilities for {{es}} and {{kib}}, see: diff --git a/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md b/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md index f111d698b2..8660fb963c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md +++ b/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md @@ -1,20 +1,24 @@ # Orchestrate other Elastic applications -% What needs to be done: Write from scratch +This section explains how to deploy and configure various Elastic Stack applications within Elastic Cloud on Kubernetes (ECK). -* [*Run APM Server on ECK*](apm-server.md) -* [*Run standalone Elastic Agent on ECK*](standalone-elastic-agent.md) -* [*Run {{fleet}}-managed {{agent}} on ECK*](fleet-managed-elastic-agent.md) -* [*Run Elastic Maps Server on ECK*](elastic-maps-server.md) -* [*Run Enterprise Search on ECK*](enterprise-search.md) -* [*Run Beats on ECK*](beats.md) -* [*Run {{ls}} on ECK*](logstash.md) +::::{tip} +This content applies to **APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash** applications. To orchestrate an **{{es}}** cluster or **{{kib}}**, refer to [](./manage-deployments.md). +:::: -% to analyze and decide how the content gets presented +The following guides provide specific instructions for deploying and configuring each application on ECK: +* [*APM Server*](apm-server.md) +* [*Standalone Elastic Agent*](standalone-elastic-agent.md) +* [*{{fleet}}-managed {{agent}}*](fleet-managed-elastic-agent.md) +* [*Elastic Maps Server*](elastic-maps-server.md) +* [*Enterprise Search*](enterprise-search.md) +* [*Beats*](beats.md) +* [*{{ls}}*](logstash.md) + +When orchestrating any of these applications, also consider the following topics, originally presented for {{es}} and {{kib}}: * [*Elastic Stack Helm Chart*](managing-deployments-using-helm-chart.md) * [*Recipes*](recipes.md) - * [*Secure the Elastic Stack*](../../security.md) * [*Access Elastic Stack services*](accessing-services.md) * [*Customize Pods*](customize-pods.md) @@ -22,6 +26,4 @@ * [*Autoscaling stateless applications*](../../autoscaling/autoscaling-stateless-applications-on-eck.md) * [*Elastic Stack configuration policies*](elastic-stack-configuration-policies.md) * [*Upgrade the Elastic Stack version*](../../upgrade/deployment-or-cluster.md) -* [*Connect to external Elastic resources*](connect-to-external-elastic-resources.md) - - +* [*Connect to external Elastic resources*](connect-to-external-elastic-resources.md) \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/update-deployments.md b/deploy-manage/deploy/cloud-on-k8s/update-deployments.md index 8ce6fabaac..e00a9e2a52 100644 --- a/deploy-manage/deploy/cloud-on-k8s/update-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/update-deployments.md @@ -6,6 +6,8 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-update-deployment.html --- +% consider moving this to Configure deployments + # Update your deployments [k8s-update-deployment] You can add and modify most elements of the original Kubernetes cluster specification provided that they translate to valid transformations of the underlying Kubernetes resources (for example [existing volume claims cannot be downsized](volume-claim-templates.md)). The ECK operator will attempt to apply your changes with minimal disruption to the existing cluster. You should ensure that the Kubernetes cluster has sufficient resources to accommodate the changes (extra storage space, sufficient memory and CPU resources to temporarily spin up new pods, and so on). From 90d6c0cdb8d8cf18d39c3953f9670f2db518a020 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Mon, 10 Feb 2025 13:31:02 +0100 Subject: [PATCH 12/70] overview docs final refinements --- deploy-manage/deploy/cloud-on-k8s.md | 7 ------- deploy-manage/deploy/cloud-on-k8s/install.md | 12 ++++++++++-- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index a64b655361..6c3fe56729 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -10,17 +10,10 @@ mapped_urls: # Elastic Cloud on Kubernetes [k8s-overview] -% TBD: choose ::::{important} ECK is an Elastic self-managed product offered in two licensing tiers: Basic and Enterprise. For more details refer to [Elastic subscriptions](https://www.elastic.co/subscriptions) and [](/deploy-manage/license/manage-your-license-in-eck.md) documentation. :::: -::::{important} -ECK is only offered in two licensing tiers: Basic and Enterprise. Similar to the Elastic Stack, customers can download and use ECK with a Basic license for free. Basic license users can obtain support from GitHub or through our [community](https://discuss.elastic.co). A paid Enterprise subscription is required to engage the Elastic support team. For more details, check the [Elastic subscriptions](https://www.elastic.co/subscriptions). - -To configure a license within ECK refer to [](/deploy-manage/license/manage-your-license-in-eck.md) -:::: - Built on the Kubernetes Operator pattern, Elastic Cloud on Kubernetes (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. With Elastic Cloud on Kubernetes you can streamline critical operations, such as: diff --git a/deploy-manage/deploy/cloud-on-k8s/install.md b/deploy-manage/deploy/cloud-on-k8s/install.md index 9b117ac3a9..4315617e75 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install.md +++ b/deploy-manage/deploy/cloud-on-k8s/install.md @@ -7,9 +7,17 @@ mapped_urls: # Install ECK [k8s-installing-eck] -% TBD: This paragraph needs some improvement +Elastic Cloud on Kubernetes (ECK) is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) that helps you deploy and manage Elastic applications on Kubernetes, including **Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash**. -Elastic Cloud on Kubernetes (ECK) is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) to orchestrate Elastic applications (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) on Kubernetes. It relies on a set of [Custom Resource Definitions (CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) to declaratively define the way each application is deployed. CRDs are global resources shared by all users of the Kubernetes cluster, which requires [certain permissions](../../../deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md#k8s-eck-permissions-installing-crds) to install them for initial use. The operator itself can be installed as a cluster-scoped application managing all namespaces or it can be restricted to a pre-defined set of namespaces. Multiple copies of the operator can be installed on a single Kubernetes cluster provided that the global CRDs are compatible with each instance and optional cluster-scoped extensions such as the [validating webhook](../../../deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md) are disabled. +ECK relies on a set of [Custom Resource Definitions (CRDs)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) to define how applications are deployed. **CRDs are global resources**, shared across the entire Kubernetes cluster, so installing them requires [specific permissions](../../../deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md#k8s-eck-permissions-installing-crds). + +ECK can be installed in two modes, depending on the namespaces the operator is allowed to manage: +1. **Cluster-wide installation** - Allows the operator to orchestrate applications in all namespaces of the Kubernetes cluster. This is the default installation method. +2. **Namespace-restricted installation** – Limited to specific, pre-defined namespaces. Use the `namespaces` [configuration flag](./configure-eck.md) to limit the namespaces in which the operator is allowed to work. + +::::{note} +You can install multiple instances of ECK in the same Kubernetes cluster, **but only if** the CRDs are compatible across all operator instances (e.g., by ensuring they run the same version). If running multiple instances, you must also disable cluster-wide features like the [validating webhook](../../../deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md). +:::: ::::{warning} Deleting CRDs will trigger deletion of all custom resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) in all namespaces of the cluster, regardless of whether they are managed by a single operator or multiple operators. From 087c3743af45930ca358cbc80d2c216fbd8beedc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Mon, 10 Feb 2025 13:49:24 +0100 Subject: [PATCH 13/70] toc updated --- deploy-manage/deploy/cloud-on-k8s/configure.md | 8 ++++++-- deploy-manage/toc.yml | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure.md b/deploy-manage/deploy/cloud-on-k8s/configure.md index 3fbd538ebc..e42064d2b5 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure.md @@ -8,13 +8,17 @@ mapped_pages: # Configure ECK [k8s-operating-eck] -By default, the ECK installation includes a **ConfigMap** where you can **add, remove, or update configuration settings**. This ConfigMap is automatically mounted into the operator’s container and provided to it through the `--config` parameter. +::::{tip} +For a detailed description of available **configuration flags and methods**, refer to the [](./configure-eck.md). +:::: + +By default, the ECK installation includes a **ConfigMap** where you can **add, remove, or update [configuration settings](./configure-eck.md)**. This ConfigMap is mounted into the operator’s container as `eck.yaml` file, and provided to the application through the `--config` flag. To configure ECK **edit the `elastic-operator` ConfigMap** to change the operator configuration. The operator will restart automatically to apply the new changes unless the `--disable-config-watch` flag is set. Alternatively, you can edit the `elastic-operator` StatefulSet and add flags to the `args` section — which will trigger an automatic restart of the operator pod by the StatefulSet controller. -For a complete description of available **configuration flags and methods**, refer to the [](./configure-eck.md). +If you use [Operator Lifecycle Manager](https://github.com/operator-framework/operator-lifecycle-manager) refer to [](./configure-eck.md#k8s-operator-config-olm) ## Configuration use cases diff --git a/deploy-manage/toc.yml b/deploy-manage/toc.yml index 9ce43de48a..5976c093fc 100644 --- a/deploy-manage/toc.yml +++ b/deploy-manage/toc.yml @@ -232,6 +232,7 @@ toc: children: - file: deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md - file: deploy/cloud-on-k8s/install-using-helm-chart.md + - file: deploy/cloud-on-k8s/required-rbac-permissions.md - file: deploy/cloud-on-k8s/deploy-eck-on-openshift.md children: - file: deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md @@ -247,7 +248,6 @@ toc: - file: deploy/cloud-on-k8s/k8s-autopilot-deploy-elasticsearch.md - file: deploy/cloud-on-k8s/k8s-autopilot-deploy-agent-beats.md - file: deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md - - file: deploy/cloud-on-k8s/required-rbac-permissions.md - file: deploy/cloud-on-k8s/air-gapped-install.md - file: deploy/cloud-on-k8s/configure.md children: @@ -267,8 +267,8 @@ toc: children: - file: deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md - file: deploy/cloud-on-k8s/kibana-instance-quickstart.md - - file: deploy/cloud-on-k8s/update-deployments.md - file: deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md + - file: deploy/cloud-on-k8s/update-deployments.md - file: deploy/cloud-on-k8s/accessing-services.md - file: deploy/cloud-on-k8s/configure-deployments.md children: From fb473bbaa20172267ad467dcede440e31ae606fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Mon, 10 Feb 2025 14:34:40 +0100 Subject: [PATCH 14/70] eck accessing services content in progress --- .../deploy/cloud-on-k8s/accessing-services.md | 121 +++++++++++++++++- .../cloud-on-k8s/configure-deployments.md | 2 + .../k8s-accessing-elastic-services.md | 19 --- .../k8s-request-elasticsearch-endpoint.md | 34 ----- .../cloud-on-k8s/cloud-on-k8s/k8s-security.md | 19 --- .../cloud-on-k8s/cloud-on-k8s/k8s-services.md | 50 -------- raw-migrated-files/toc.yml | 4 - 7 files changed, 121 insertions(+), 128 deletions(-) delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-accessing-elastic-services.md delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-request-elasticsearch-endpoint.md delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-security.md delete mode 100644 raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-services.md diff --git a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md index 9bc4d751a9..e9246e3d82 100644 --- a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md +++ b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md @@ -8,7 +8,7 @@ mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-security.html --- -# Accessing services +# Accessing services [k8s-accessing-elastic-services] % What needs to be done: Refine @@ -27,4 +27,121 @@ mapped_urls: $$$k8s-allow-public-access$$$ -$$$k8s-setting-up-your-own-certificate$$$ \ No newline at end of file +$$$k8s-setting-up-your-own-certificate$$$ + +All Elastic Stack resources deployed by the ECK operator are secured by default. The operator sets up basic authentication and TLS to encrypt network traffic to, from, and within your Elasticsearch cluster. + +ECK implements the access to the different applications through standard Kubernetes services. + +This sections guides you through the activities related with the access to {{es}} or {{kib}} endpoints, such as: + +* [Retrieve the `elastic` user password for basic authentication](#k8s-authentication) +* [Manage Kubernetes services](#k8s-kubernetes-service) +* [Obtain the CA certificate and access the endpoint](#k8s-request-elasticsearch-endpoint) + +Related topics that might be of interest at this point: +* [](./tls-certificates.md) → Decide if you want to use the self-signed certificate generated by ECK, or configure your own certificate for the HTTP endpoint. +* [](./service-meshes.md) → You can connect ECK and your managed deployments to some of the most popular service mesh implementations in the Kubernetes ecosystem, such as `Istio` and `Linkerd`. + +## Retrieve the `elastic` user password [k8s-authentication] + +To access Elastic resources, the operator manages a default user named `elastic` with the `superuser` role. Its password is stored in a `Secret` named `-elastic-user`. + +```sh +> kubectl get secret hulk-es-elastic-user -o go-template='{{.data.elastic | base64decode }}' +42xyz42citsale42xyz42 +``` + +::::{note} +Beware of copying this Secret as-is into a different namespace. Check [Common Problems: Owner References](../../../troubleshoot/deployments/cloud-on-k8s/common-problems.md#k8s-common-problems-owner-refs) for more information. +:::: + +## Managing Kubernetes services [k8s-kubernetes-service] + +You can access Elastic resources by using native Kubernetes services that are not reachable from the public Internet by default. + +For each resource, the operator manages a Kubernetes service named `-[es|kb|apm|ent|agent]-http`, which is of type `ClusterIP` by default. `ClusterIP` exposes the service on a cluster-internal IP and makes the service only reachable within the cluster. + +```sh +> kubectl get svc + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +hulk-apm-http ClusterIP 10.19.212.105 8200/TCP 1m +hulk-es-http ClusterIP 10.19.252.160 9200/TCP 1m +hulk-kb-http ClusterIP 10.19.247.151 5601/TCP 1m +``` + +### Allow public access [k8s-allow-public-access] + +You can expose services in [different ways](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) by specifying an `http.service.spec.type` in the `spec` of the resource manifest. On cloud providers which support external load balancers, you can set the `type` field to `LoadBalancer` to provision a load balancer for the `Service`, and populate the column `EXTERNAL-IP` after a short delay. Depending on the cloud provider, it may incur costs. + +By default, the Elasticsearch service created by ECK is configured to route traffic to all Elasticsearch nodes in the cluster. Depending on your cluster configuration, you may want more control over the set of nodes that handle different types of traffic (query, ingest, and so on). Check [](./requests-routing-to-elasticsearch-nodes.md) for more information. + +::::{warning} +When you change the `clusterIP` setting of the service, ECK will delete and re-create the service as `clusterIP` is an immutable field. Depending on your client implementation, this might result in a short disruption until the service DNS entries refresh to point to the new endpoints. +:::: + + +```yaml +apiVersion: .k8s.elastic.co/v1 +kind: +metadata: + name: hulk +spec: + version: 8.16.1 + http: + service: + spec: + type: LoadBalancer +``` + +```sh +> kubectl get svc + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +hulk-apm-http LoadBalancer 10.19.212.105 35.176.227.106 8200:31000/TCP 1m +hulk-es-http LoadBalancer 10.19.252.160 35.198.131.115 9200:31320/TCP 1m +hulk-kb-http LoadBalancer 10.19.247.151 35.242.197.228 5601:31380/TCP 1m +``` + +## Access the Elasticsearch endpoint [k8s-request-elasticsearch-endpoint] + +::::{tip} +The example in this section can also be used to access {{kib}} instead of {{es}}. +:::: + +You can access the Elasticsearch endpoint within or outside the Kubernetes cluster. + +**Within the Kubernetes cluster** + +1. Retrieve the CA certificate. +2. Retrieve the password of the `elastic` user. +3. Use the service name to access the endpoint. + +```sh +NAME=hulk + +kubectl get secret "$NAME-es-http-certs-public" -o go-template='{{index .data "tls.crt" | base64decode }}' > tls.crt +PW=$(kubectl get secret "$NAME-es-elastic-user" -o go-template='{{.data.elastic | base64decode }}') + +curl --cacert tls.crt -u elastic:$PW https://$NAME-es-http:9200/ +``` + +**Outside the Kubernetes cluster** + +1. Retrieve the CA certificate. +2. Retrieve the password of the `elastic` user. +3. Retrieve the IP of the `LoadBalancer` service. + +```sh +NAME=hulk + +kubectl get secret "$NAME-es-http-certs-public" -o go-template='{{index .data "tls.crt" | base64decode }}' > tls.crt +IP=$(kubectl get svc "$NAME-es-http" -o jsonpath='{.status.loadBalancer.ingress[].ip}') +PW=$(kubectl get secret "$NAME-es-elastic-user" -o go-template='{{.data.elastic | base64decode }}') + +curl --cacert tls.crt -u elastic:$PW https://$IP:9200/ +``` + + + diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index fd0da33bf6..19bd90912d 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -15,6 +15,8 @@ This section provides details around {{kib}} and {{es}} configuration when runni * [**{{es}} configuration**](elasticsearch-configuration.md) → Review configuration possibilities to tune your {{es}} cluster running on ECK, learn how [nodes orchestration](./nodes-orchestration.md) work, [storage recommendations](./storage-recommendations.md), and more. + * [](./requests-routing-to-elasticsearch-nodes.md) → Control the nodes receiving incoming traffic when using multiple `nodeSets` with different [node roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/node-roles-overview.html). + * [**{{kib}} configuration**](kibana-configuration.md) → Learn how to connect {{kib}} to an {{es}} cluster, apply advanced configuration settings, and tune the HTTP configuration. Additionally, the following topics apply to both {{es}} and {{kib}}, and in some cases, to other applications supported by ECK: diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-accessing-elastic-services.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-accessing-elastic-services.md deleted file mode 100644 index 280cfd2ae1..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-accessing-elastic-services.md +++ /dev/null @@ -1,19 +0,0 @@ -# Access Elastic Stack services [k8s-accessing-elastic-services] - -To access the Elastic Stack services, you need to: - -* Retrieve the `elastic` user password for basic authentication. -* Specify the IP of the service, if you want to access the service from outside the Kubernetes cluster. -* Decide if you want to use the self-signed certificate generated by ECK, or configure your own certificate. - -The following sections will guide you through this process: - -* [Security](../../../deploy-manage/security/secure-cluster-communications.md) -* [Services](../../../deploy-manage/deploy/cloud-on-k8s/accessing-services.md) -* [TLS certificates](../../../deploy-manage/security/secure-http-communications.md) -* [Access the Elasticsearch endpoint](../../../deploy-manage/deploy/cloud-on-k8s/accessing-services.md) - - - - - diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-request-elasticsearch-endpoint.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-request-elasticsearch-endpoint.md deleted file mode 100644 index c73311711a..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-request-elasticsearch-endpoint.md +++ /dev/null @@ -1,34 +0,0 @@ -# Access the Elasticsearch endpoint [k8s-request-elasticsearch-endpoint] - -You can access the Elasticsearch endpoint within or outside the Kubernetes cluster. - -**Within the Kubernetes cluster** - -1. Retrieve the CA certificate. -2. Retrieve the password of the `elastic` user. - -```sh -NAME=hulk - -kubectl get secret "$NAME-es-http-certs-public" -o go-template='{{index .data "tls.crt" | base64decode }}' > tls.crt -PW=$(kubectl get secret "$NAME-es-elastic-user" -o go-template='{{.data.elastic | base64decode }}') - -curl --cacert tls.crt -u elastic:$PW https://$NAME-es-http:9200/ -``` - -**Outside the Kubernetes cluster** - -1. Retrieve the CA certificate. -2. Retrieve the password of the `elastic` user. -3. Retrieve the IP of the `LoadBalancer` `Service`. - -```sh -NAME=hulk - -kubectl get secret "$NAME-es-http-certs-public" -o go-template='{{index .data "tls.crt" | base64decode }}' > tls.crt -IP=$(kubectl get svc "$NAME-es-http" -o jsonpath='{.status.loadBalancer.ingress[].ip}') -PW=$(kubectl get secret "$NAME-es-elastic-user" -o go-template='{{.data.elastic | base64decode }}') - -curl --cacert tls.crt -u elastic:$PW https://$IP:9200/ -``` - diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-security.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-security.md deleted file mode 100644 index 068c54755f..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-security.md +++ /dev/null @@ -1,19 +0,0 @@ -# Security [k8s-security] - -All Elastic Stack resources deployed by the ECK operator are secured by default. The operator sets up basic authentication and TLS to encrypt network traffic to, from, and within your Elasticsearch cluster. - -## Authentication [k8s-authentication] - -To access Elastic resources, the operator manages a default user named `elastic` with the `superuser` role. Its password is stored in a `Secret` named `-elastic-user`. - -```sh -> kubectl get secret hulk-es-elastic-user -o go-template='{{.data.elastic | base64decode }}' -42xyz42citsale42xyz42 -``` - -::::{note} -Beware of copying this Secret as-is into a different namespace. Check [Common Problems: Owner References](../../../troubleshoot/deployments/cloud-on-k8s/common-problems.md#k8s-common-problems-owner-refs) for more information. -:::: - - - diff --git a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-services.md b/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-services.md deleted file mode 100644 index f4a1791f2d..0000000000 --- a/raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-services.md +++ /dev/null @@ -1,50 +0,0 @@ -# Services [k8s-services] - -You can access Elastic resources by using native Kubernetes services that are not reachable from the public Internet by default. - -## Manage Kubernetes services [k8s-kubernetes-service] - -For each resource, the operator manages a Kubernetes service named `-[es|kb|apm|ent|agent]-http`, which is of type `ClusterIP` by default. `ClusterIP` exposes the service on a cluster-internal IP and makes the service only reachable from the cluster. - -```sh -> kubectl get svc - -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -hulk-apm-http ClusterIP 10.19.212.105 8200/TCP 1m -hulk-es-http ClusterIP 10.19.252.160 9200/TCP 1m -hulk-kb-http ClusterIP 10.19.247.151 5601/TCP 1m -``` - - -## Allow public access [k8s-allow-public-access] - -You can expose services in [different ways](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) by specifying an `http.service.spec.type` in the `spec` of the resource manifest. On cloud providers which support external load balancers, you can set the `type` field to `LoadBalancer` to provision a load balancer for the `Service`, and populate the column `EXTERNAL-IP` after a short delay. Depending on the cloud provider, it may incur costs. - -By default, the Elasticsearch service created by ECK is configured to route traffic to all Elasticsearch nodes in the cluster. Depending on your cluster configuration, you may want more control over the set of nodes that handle different types of traffic (query, ingest, and so on). Check [*Traffic Splitting*](../../../deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md) for more information. - -::::{warning} -When you change the `clusterIP` setting of the service, ECK will delete and re-create the service as `clusterIP` is an immutable field. Depending on your client implementation, this might result in a short disruption until the service DNS entries refresh to point to the new endpoints. -:::: - - -```yaml -apiVersion: .k8s.elastic.co/v1 -kind: -metadata: - name: hulk -spec: - version: 8.16.1 - http: - service: - spec: - type: LoadBalancer -``` - -```sh -> kubectl get svc - -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -hulk-apm-http LoadBalancer 10.19.212.105 35.176.227.106 8200:31000/TCP 1m -hulk-es-http LoadBalancer 10.19.252.160 35.198.131.115 9200:31320/TCP 1m -hulk-kb-http LoadBalancer 10.19.247.151 35.242.197.228 5601:31380/TCP 1m -``` diff --git a/raw-migrated-files/toc.yml b/raw-migrated-files/toc.yml index 7632add24e..83b39442d9 100644 --- a/raw-migrated-files/toc.yml +++ b/raw-migrated-files/toc.yml @@ -14,17 +14,13 @@ toc: - file: cloud-on-k8s/cloud-on-k8s/index.md children: - file: cloud-on-k8s/cloud-on-k8s/k8s_audit_logging.md - - file: cloud-on-k8s/cloud-on-k8s/k8s-accessing-elastic-services.md - file: cloud-on-k8s/cloud-on-k8s/k8s-custom-http-certificate.md - file: cloud-on-k8s/cloud-on-k8s/k8s-es-secure-settings.md - file: cloud-on-k8s/cloud-on-k8s/k8s-installing-eck.md - file: cloud-on-k8s/cloud-on-k8s/k8s-orchestration.md - - file: cloud-on-k8s/cloud-on-k8s/k8s-request-elasticsearch-endpoint.md - file: cloud-on-k8s/cloud-on-k8s/k8s-rotate-credentials.md - file: cloud-on-k8s/cloud-on-k8s/k8s-saml-authentication.md - file: cloud-on-k8s/cloud-on-k8s/k8s-securing-stack.md - - file: cloud-on-k8s/cloud-on-k8s/k8s-security.md - - file: cloud-on-k8s/cloud-on-k8s/k8s-services.md - file: cloud-on-k8s/cloud-on-k8s/k8s-tls-certificates.md - file: cloud-on-k8s/cloud-on-k8s/k8s-upgrading-stack.md - file: cloud-on-k8s/cloud-on-k8s/k8s-users-and-roles.md From a2801fe01fe296b6db94fc67e82d52b5fc4c0350 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Mon, 10 Feb 2025 16:39:51 +0100 Subject: [PATCH 15/70] access services updated --- .../deploy/cloud-on-k8s/accessing-services.md | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md index e9246e3d82..cf2fe74905 100644 --- a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md +++ b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md @@ -24,24 +24,27 @@ mapped_urls: % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-security.md % Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc): - +% already present $$$k8s-allow-public-access$$$ - +% pending $$$k8s-setting-up-your-own-certificate$$$ All Elastic Stack resources deployed by the ECK operator are secured by default. The operator sets up basic authentication and TLS to encrypt network traffic to, from, and within your Elasticsearch cluster. -ECK implements the access to the different applications through standard Kubernetes services. +To provide access to {{es}} and {{kib}}, ECK creates standard Kubernetes services when orchestrating deployments. + +This section explains how to access and customize the Kubernetes services and secrets created by ECK, covering topics such as: -This sections guides you through the activities related with the access to {{es}} or {{kib}} endpoints, such as: +* [Retrieving the `elastic` user password for basic authentication](#k8s-authentication) +* [Managing Kubernetes services](#k8s-kubernetes-service) +* [Obtaining the CA certificate and accessing the endpoint](#k8s-request-elasticsearch-endpoint) -* [Retrieve the `elastic` user password for basic authentication](#k8s-authentication) -* [Manage Kubernetes services](#k8s-kubernetes-service) -* [Obtain the CA certificate and access the endpoint](#k8s-request-elasticsearch-endpoint) +For advanced use cases related to exposing and accessing orchestrated applications, see: -Related topics that might be of interest at this point: -* [](./tls-certificates.md) → Decide if you want to use the self-signed certificate generated by ECK, or configure your own certificate for the HTTP endpoint. -* [](./service-meshes.md) → You can connect ECK and your managed deployments to some of the most popular service mesh implementations in the Kubernetes ecosystem, such as `Istio` and `Linkerd`. +* [](./tls-certificates.md) → Learn how to use the self-signed certificate generated by ECK or configure a custom certificate for the HTTP endpoint. +* [](./service-meshes.md) → Connect ECK and your managed deployments to service mesh implementations such as `Istio` and `Linkerd`. +* [](./requests-routing-to-elasticsearch-nodes.md) → Create custom services to expose different node types. +* [Add Ingress resources through the Helm chart](./managing-deployments-using-helm-chart.md#k8s-eck-stack-ingress). ## Retrieve the `elastic` user password [k8s-authentication] @@ -75,13 +78,12 @@ hulk-kb-http ClusterIP 10.19.247.151 5601/TCP 1 You can expose services in [different ways](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) by specifying an `http.service.spec.type` in the `spec` of the resource manifest. On cloud providers which support external load balancers, you can set the `type` field to `LoadBalancer` to provision a load balancer for the `Service`, and populate the column `EXTERNAL-IP` after a short delay. Depending on the cloud provider, it may incur costs. -By default, the Elasticsearch service created by ECK is configured to route traffic to all Elasticsearch nodes in the cluster. Depending on your cluster configuration, you may want more control over the set of nodes that handle different types of traffic (query, ingest, and so on). Check [](./requests-routing-to-elasticsearch-nodes.md) for more information. +By default, the Elasticsearch service created by ECK is configured to route traffic to all Elasticsearch nodes in the cluster. Depending on your cluster configuration, you may want more control over the set of nodes that handle different types of traffic (query, ingest, and so on). Refer to [](./requests-routing-to-elasticsearch-nodes.md) for more information. ::::{warning} When you change the `clusterIP` setting of the service, ECK will delete and re-create the service as `clusterIP` is an immutable field. Depending on your client implementation, this might result in a short disruption until the service DNS entries refresh to point to the new endpoints. :::: - ```yaml apiVersion: .k8s.elastic.co/v1 kind: @@ -104,11 +106,7 @@ hulk-es-http LoadBalancer 10.19.252.160 35.198.131.115 9200:31320/T hulk-kb-http LoadBalancer 10.19.247.151 35.242.197.228 5601:31380/TCP 1m ``` -## Access the Elasticsearch endpoint [k8s-request-elasticsearch-endpoint] - -::::{tip} -The example in this section can also be used to access {{kib}} instead of {{es}}. -:::: +## Access the endpoint [k8s-request-elasticsearch-endpoint] You can access the Elasticsearch endpoint within or outside the Kubernetes cluster. @@ -127,6 +125,10 @@ PW=$(kubectl get secret "$NAME-es-elastic-user" -o go-template='{{.data.elastic curl --cacert tls.crt -u elastic:$PW https://$NAME-es-http:9200/ ``` +::::{tip} +You can also use the examples in this section to access {{kib}} instead of {{es}} by adapting the secret and service names. +:::: + **Outside the Kubernetes cluster** 1. Retrieve the CA certificate. From 03fcd183e4874b3e6cd88d036f6544852b737bcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Mon, 10 Feb 2025 17:36:58 +0100 Subject: [PATCH 16/70] eck overview page updated --- deploy-manage/deploy/cloud-on-k8s.md | 45 +++++++++++++++------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index 6c3fe56729..e6bf3c6422 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -35,12 +35,12 @@ This section provides everything you need to install, configure, and manage Elas If you want to get started quickly, follow these guides to deploy ECK and set up an {{es}} cluster: -* [Install ECK using the YAML manifests](install-using-yaml-manifest-quickstart.md) -* [Deploy an {{es}} cluster](elasticsearch-deployment-quickstart.md) -* [Deploy a {{kib}} instance](kibana-instance-quickstart.md) -* [Update your deployment](update-deployments.md) +* [Install ECK using the YAML manifests](./cloud-on-k8s/install-using-yaml-manifest-quickstart.md) +* [Deploy an {{es}} cluster](./cloud-on-k8s/elasticsearch-deployment-quickstart.md) +* [Deploy a {{kib}} instance](./cloud-on-k8s/kibana-instance-quickstart.md) +* [Update your deployment](./cloud-on-k8s/update-deployments.md) -Afterwards, you can find further sample resources [in the project repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/config/samples) or by checking out [our recipes](recipes.md). +Afterwards, you can find further sample resources [in the project repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/config/samples) or by checking out [our recipes](./cloud-on-k8s/recipes.md). ## Supported versions [k8s-supported] @@ -65,6 +65,26 @@ Elastic Stack application images for the OpenShift-certified Elasticsearch (ECK) Check the full [Elastic support matrix](https://www.elastic.co/support/matrix#matrix_kubernetes) for more information. +## Common tasks + +* [Deploy and configure ECK](./cloud-on-k8s/deploy-an-orchestrator.md) +* [Manage {{es}} and {{kib}} deployments](./cloud-on-k8s/manage-deployments.md) +* [Orchestrate other Elastic Stack applications](./cloud-on-k8s/orchestrate-other-elastic-applications.md) + +% to consider in either deploy or manage deployment sections +% this was a "redirect only" in the excel +## Advanced topics [k8s-advanced-topics] + +* [*Deploy ECK on OpenShift*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md) +* [*Deploy ECK on GKE Autopilot*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md) +* [*Create custom images*](/deploy-manage/deploy/cloud-on-k8s/create-custom-images.md) +* [*Service meshes*](/deploy-manage/deploy/cloud-on-k8s/service-meshes.md) +* [*Traffic Splitting*](/deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md) +* [*Network policies*](/deploy-manage/deploy/cloud-on-k8s/network-policies.md) +* [*Webhook namespace selectors*](/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md) +* [*Stack Monitoring*](/deploy-manage/monitor/stack-monitoring/eck-stack-monitoring.md) +* [*Deploy a FIPS compatible version of ECK*](/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md) + % TBD: discuss if these make sense here ## Learn more about ECK [k8s_learn_more_about_eck] @@ -83,18 +103,3 @@ Alternatively, or if you do not have a support contract, and if you are unable t * [ECK Discuss forums](https://discuss.elastic.co/c/eck) to ask any question * [Github issues](https://github.com/elastic/cloud-on-k8s/issues) for bugs and feature requests - -% to consider in either deploy or manage deployment sections -% this was a "redirect only" in the excel - -## Advanced topics [k8s-advanced-topics] - -* [*Deploy ECK on OpenShift*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md) -* [*Deploy ECK on GKE Autopilot*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md) -* [*Create custom images*](/deploy-manage/deploy/cloud-on-k8s/create-custom-images.md) -* [*Service meshes*](/deploy-manage/deploy/cloud-on-k8s/service-meshes.md) -* [*Traffic Splitting*](/deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md) -* [*Network policies*](/deploy-manage/deploy/cloud-on-k8s/network-policies.md) -* [*Webhook namespace selectors*](/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md) -* [*Stack Monitoring*](/deploy-manage/monitor/stack-monitoring/eck-stack-monitoring.md) -* [*Deploy a FIPS compatible version of ECK*](/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md) From e387169408894cedf851ba0bb823a1b57aa92246 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Mon, 10 Feb 2025 17:45:59 +0100 Subject: [PATCH 17/70] eck overview page updated --- deploy-manage/deploy/cloud-on-k8s.md | 35 +++++++++++----------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index e6bf3c6422..32f510b84a 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -65,26 +65,6 @@ Elastic Stack application images for the OpenShift-certified Elasticsearch (ECK) Check the full [Elastic support matrix](https://www.elastic.co/support/matrix#matrix_kubernetes) for more information. -## Common tasks - -* [Deploy and configure ECK](./cloud-on-k8s/deploy-an-orchestrator.md) -* [Manage {{es}} and {{kib}} deployments](./cloud-on-k8s/manage-deployments.md) -* [Orchestrate other Elastic Stack applications](./cloud-on-k8s/orchestrate-other-elastic-applications.md) - -% to consider in either deploy or manage deployment sections -% this was a "redirect only" in the excel -## Advanced topics [k8s-advanced-topics] - -* [*Deploy ECK on OpenShift*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md) -* [*Deploy ECK on GKE Autopilot*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md) -* [*Create custom images*](/deploy-manage/deploy/cloud-on-k8s/create-custom-images.md) -* [*Service meshes*](/deploy-manage/deploy/cloud-on-k8s/service-meshes.md) -* [*Traffic Splitting*](/deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md) -* [*Network policies*](/deploy-manage/deploy/cloud-on-k8s/network-policies.md) -* [*Webhook namespace selectors*](/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md) -* [*Stack Monitoring*](/deploy-manage/monitor/stack-monitoring/eck-stack-monitoring.md) -* [*Deploy a FIPS compatible version of ECK*](/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md) - % TBD: discuss if these make sense here ## Learn more about ECK [k8s_learn_more_about_eck] @@ -94,7 +74,6 @@ Check the full [Elastic support matrix](https://www.elastic.co/support/matrix#ma * [Running the Elastic Stack on Kubernetes with ECK](https://www.youtube.com/watch?v=Wf6E3vkvEFM) % TBD: discuss where to put this "ask for help info" - ## Ask for help [k8s-ask-for-help] If you are an existing Elastic customer with an active support contract, you can create a case in the [Elastic Support Portal](https://support.elastic.co/). Kindly attach an [ECK diagnostic](/troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) when opening your case. @@ -103,3 +82,17 @@ Alternatively, or if you do not have a support contract, and if you are unable t * [ECK Discuss forums](https://discuss.elastic.co/c/eck) to ask any question * [Github issues](https://github.com/elastic/cloud-on-k8s/issues) for bugs and feature requests + +% TBD: decide if this should be ommited also. +% This was a "redirect only" in the excel +## Advanced topics [k8s-advanced-topics] + +* [*Deploy ECK on OpenShift*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md) +* [*Deploy ECK on GKE Autopilot*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md) +* [*Create custom images*](/deploy-manage/deploy/cloud-on-k8s/create-custom-images.md) +* [*Service meshes*](/deploy-manage/deploy/cloud-on-k8s/service-meshes.md) +* [*Traffic Splitting*](/deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md) +* [*Network policies*](/deploy-manage/deploy/cloud-on-k8s/network-policies.md) +* [*Webhook namespace selectors*](/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md) +* [*Stack Monitoring*](/deploy-manage/monitor/stack-monitoring/eck-stack-monitoring.md) +* [*Deploy a FIPS compatible version of ECK*](/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md) From 469d42bea3341379768705bb92c3d4556773c577 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Mon, 10 Feb 2025 17:51:59 +0100 Subject: [PATCH 18/70] link fixed --- deploy-manage/deploy/cloud-on-k8s/configure-deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index 19bd90912d..2ad5d3bd23 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -43,6 +43,6 @@ ECK also facilitates configuration and operation activities with advanced featur * [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html) → Monitor your deployments smoothly with the help of ECK. -* [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.html) → Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. +* [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md) → Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. * [**Upgrade the Elastic Stack version**](../../upgrade/deployment-or-cluster.md) → Upgrade orchestrated applications on ECK. \ No newline at end of file From df2e4c55d79301c43e55b749bc97fed0db60b646 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:50:33 +0100 Subject: [PATCH 19/70] Update deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index 7aab30b6b1..d8acf0a578 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -1,6 +1,4 @@ --- -applies: - eck: all applies: eck: all mapped_pages: From 170fae68e4dd36d18eab80b752551371cc53a3d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:50:49 +0100 Subject: [PATCH 20/70] Update deploy-manage/deploy/cloud-on-k8s.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index 32f510b84a..cb8b6bf7ab 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -16,7 +16,7 @@ ECK is an Elastic self-managed product offered in two licensing tiers: Basic and Built on the Kubernetes Operator pattern, Elastic Cloud on Kubernetes (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. -With Elastic Cloud on Kubernetes you can streamline critical operations, such as: +With Elastic Cloud on Kubernetes, you can streamline critical operations, such as: 1. Managing and monitoring multiple clusters 2. Scaling cluster capacity and storage From 5391feafbbeb82ca1aa1ef0831d46d35e4065f62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:51:53 +0100 Subject: [PATCH 21/70] Update deploy-manage/deploy/cloud-on-k8s.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index cb8b6bf7ab..116e3df75b 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -14,7 +14,7 @@ mapped_urls: ECK is an Elastic self-managed product offered in two licensing tiers: Basic and Enterprise. For more details refer to [Elastic subscriptions](https://www.elastic.co/subscriptions) and [](/deploy-manage/license/manage-your-license-in-eck.md) documentation. :::: -Built on the Kubernetes Operator pattern, Elastic Cloud on Kubernetes (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. +Built on the Kubernetes Operator pattern, {{eck}} (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. With Elastic Cloud on Kubernetes, you can streamline critical operations, such as: From 0ab39f7d93cc2b5c87150e72ca71c64f0d0ace41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:55:14 +0100 Subject: [PATCH 22/70] Update deploy-manage/deploy/cloud-on-k8s.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index 116e3df75b..e2788a77b7 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -29,7 +29,7 @@ This section provides everything you need to install, configure, and manage Elas - [](./cloud-on-k8s/deploy-an-orchestrator.md): ECK installation methods and configuration details. - [](./cloud-on-k8s/manage-deployments.md): Install and configure {{es}} clusters and {{kib}} instances through ECK. - [](./cloud-on-k8s/orchestrate-other-elastic-applications.md): Install and configure APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. -- [](./cloud-on-k8s/tools-apis.md): Collection of tools and APIs available in ECK based environments. +- [](./cloud-on-k8s/tools-apis.md): A collection of tools and APIs available in ECK based environments. ## Looking for a quickstart? [eck-quickstart] From 3ca0f0971493ab690858fa398b7b4ddf3c47df19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:55:38 +0100 Subject: [PATCH 23/70] Update deploy-manage/deploy/cloud-on-k8s.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index e2788a77b7..5344ddc226 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -31,7 +31,7 @@ This section provides everything you need to install, configure, and manage Elas - [](./cloud-on-k8s/orchestrate-other-elastic-applications.md): Install and configure APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. - [](./cloud-on-k8s/tools-apis.md): A collection of tools and APIs available in ECK based environments. -## Looking for a quickstart? [eck-quickstart] +## Quickstart [eck-quickstart] If you want to get started quickly, follow these guides to deploy ECK and set up an {{es}} cluster: From a17243e0dc88f082c94c38b94d92e65cc423e8ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:57:02 +0100 Subject: [PATCH 24/70] Update deploy-manage/deploy/cloud-on-k8s.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index 5344ddc226..5a1ec7e3da 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -35,7 +35,7 @@ This section provides everything you need to install, configure, and manage Elas If you want to get started quickly, follow these guides to deploy ECK and set up an {{es}} cluster: -* [Install ECK using the YAML manifests](./cloud-on-k8s/install-using-yaml-manifest-quickstart.md) +* [Install ECK using YAML manifests](./cloud-on-k8s/install-using-yaml-manifest-quickstart.md) * [Deploy an {{es}} cluster](./cloud-on-k8s/elasticsearch-deployment-quickstart.md) * [Deploy a {{kib}} instance](./cloud-on-k8s/kibana-instance-quickstart.md) * [Update your deployment](./cloud-on-k8s/update-deployments.md) From 57e33e5dee1f7941e0390178a82a695a9e3b5a1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:57:31 +0100 Subject: [PATCH 25/70] Update deploy-manage/deploy/cloud-on-k8s.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index 5a1ec7e3da..6d327ea9d6 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -57,7 +57,7 @@ ECK is compatible with: * Elastic Maps Server: 7.11+, 8+ * Logstash: 8.7+ -ECK should work with all conformant installers as listed in these [FAQs](https://github.com/cncf/k8s-conformance/blob/master/faq.md#what-is-a-distribution-hosted-platform-and-an-installer). Distributions include source patches and so may not work as-is with ECK. +ECK should work with all conformant installers listed in these [FAQs](https://github.com/cncf/k8s-conformance/blob/master/faq.md#what-is-a-distribution-hosted-platform-and-an-installer). Distributions include source patches and so may not work as-is with ECK. Alpha, beta, and stable API versions follow the same [conventions used by Kubernetes](https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-versioning). From ca3a2c6bdd6a224a22381ecc987ff4b539bc9bf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:58:04 +0100 Subject: [PATCH 26/70] Update deploy-manage/deploy/cloud-on-k8s/configure.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/configure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure.md b/deploy-manage/deploy/cloud-on-k8s/configure.md index e42064d2b5..8960ad2e71 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure.md @@ -12,7 +12,7 @@ mapped_pages: For a detailed description of available **configuration flags and methods**, refer to the [](./configure-eck.md). :::: -By default, the ECK installation includes a **ConfigMap** where you can **add, remove, or update [configuration settings](./configure-eck.md)**. This ConfigMap is mounted into the operator’s container as `eck.yaml` file, and provided to the application through the `--config` flag. +By default, the ECK installation includes a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) where you can add, remove, or update [configuration settings](./configure-eck.md). This ConfigMap is mounted into the operator’s container as an `eck.yaml` file, and provided to the application through the `--config` flag. To configure ECK **edit the `elastic-operator` ConfigMap** to change the operator configuration. The operator will restart automatically to apply the new changes unless the `--disable-config-watch` flag is set. From 20e999a19b6bdc2afa0a8937b25f288c21777a90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:58:15 +0100 Subject: [PATCH 27/70] Update deploy-manage/deploy/cloud-on-k8s/configure.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/configure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure.md b/deploy-manage/deploy/cloud-on-k8s/configure.md index 8960ad2e71..f85d7ec729 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure.md @@ -9,7 +9,7 @@ mapped_pages: # Configure ECK [k8s-operating-eck] ::::{tip} -For a detailed description of available **configuration flags and methods**, refer to the [](./configure-eck.md). +For a detailed description of available **configuration flags and methods**, refer to [](./configure-eck.md). :::: By default, the ECK installation includes a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) where you can add, remove, or update [configuration settings](./configure-eck.md). This ConfigMap is mounted into the operator’s container as an `eck.yaml` file, and provided to the application through the `--config` flag. From 220eeb818b5c37485d200a97309ec5482a4ffa1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:58:39 +0100 Subject: [PATCH 28/70] Update deploy-manage/deploy/cloud-on-k8s/configure.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/configure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure.md b/deploy-manage/deploy/cloud-on-k8s/configure.md index f85d7ec729..6ce55692f7 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure.md @@ -14,7 +14,7 @@ For a detailed description of available **configuration flags and methods**, ref By default, the ECK installation includes a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) where you can add, remove, or update [configuration settings](./configure-eck.md). This ConfigMap is mounted into the operator’s container as an `eck.yaml` file, and provided to the application through the `--config` flag. -To configure ECK **edit the `elastic-operator` ConfigMap** to change the operator configuration. The operator will restart automatically to apply the new changes unless the `--disable-config-watch` flag is set. +To configure ECK, edit the `elastic-operator` ConfigMap to change the operator configuration. The operator will restart automatically to apply the new changes unless the `--disable-config-watch` flag is set. Alternatively, you can edit the `elastic-operator` StatefulSet and add flags to the `args` section — which will trigger an automatic restart of the operator pod by the StatefulSet controller. From 120b455a8898b430d764b1772ffcdb751ba8f94a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:59:27 +0100 Subject: [PATCH 29/70] Update deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index d8acf0a578..6114948cf4 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -5,8 +5,6 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html --- -% Similar to ECE section, write an introduction about the installation methods and include links to the other sections (AIR GAPPED and Configure). -% The page has been provided as it already provides a good introduction. # Deploy an orchestrator [k8s-quickstart] From ac4d6ffafb895badaec1d2a31b368de4be360fce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:59:47 +0100 Subject: [PATCH 30/70] Update deploy-manage/deploy/cloud-on-k8s/configure.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/configure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure.md b/deploy-manage/deploy/cloud-on-k8s/configure.md index 6ce55692f7..9cb70b6950 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure.md @@ -18,7 +18,7 @@ To configure ECK, edit the `elastic-operator` ConfigMap to change the operator c Alternatively, you can edit the `elastic-operator` StatefulSet and add flags to the `args` section — which will trigger an automatic restart of the operator pod by the StatefulSet controller. -If you use [Operator Lifecycle Manager](https://github.com/operator-framework/operator-lifecycle-manager) refer to [](./configure-eck.md#k8s-operator-config-olm) +If you use [Operator Lifecycle Manager](https://github.com/operator-framework/operator-lifecycle-manager), refer to [Configure ECK under Operator Lifecycle Manager](./configure-eck.md#k8s-operator-config-olm) ## Configuration use cases From e3a2e6e0f3a94892d4172f2422e3374086768c48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:01:57 +0100 Subject: [PATCH 31/70] Update deploy-manage/deploy/cloud-on-k8s/configure-eck.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/configure-eck.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md index 589181a2fc..932ea61140 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md @@ -8,7 +8,7 @@ mapped_pages: # ECK configuration flags [k8s-operator-config] -ECK can be configured using either **command-line flags** or **environment variables**. +ECK can be configured using either command-line flags or environment variables. Unless noted otherwise, environment variables can be used instead of flags to configure the operator. Simply convert the flag name to upper case and replace any dashes (`-`) with underscores (`_`). For example, the `log-verbosity` flag can be set by an environment variable named `LOG_VERBOSITY`. From eea43350ebbc3cd5e92f44b38e1fa64dcccda274 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:07:57 +0100 Subject: [PATCH 32/70] Update deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- .../deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md index 95eb4c336b..dfcf283f78 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md @@ -8,7 +8,7 @@ mapped_pages: # Deploy an Elasticsearch cluster [k8s-deploy-elasticsearch] -To deploy a simple [{es](https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started.html)}] cluster specification, with one {{es}} node: +To deploy a simple [{{es}}](https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started.html)}] cluster specification, with one {{es}} node: ```yaml cat < Date: Thu, 13 Feb 2025 10:08:42 +0100 Subject: [PATCH 33/70] Update deploy-manage/deploy/cloud-on-k8s/manage-deployments.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/manage-deployments.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md index c5713774ef..dd36d8e05f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md @@ -18,6 +18,8 @@ This content focuses on **Elasticsearch and Kibana** deployments. To orchestrate ## What You'll Learn +In this section, you'll learn how to perform the following tasks in ECK: + - [**Deploy an Elasticsearch cluster**](./elasticsearch-deployment-quickstart.md) → Orchestrate an {{es}} cluster in Kubernetes. - [**Deploy Kibana instances**](./kibana-instance-quickstart.md) → Set up and connect Kibana to an existing Elasticsearch cluster. - [**Manage deployments using Elastic Stack Helm chart**](./managing-deployments-using-helm-chart.md) → Use Helm to deploy clusters and other stack applications. From 121b8071f88a389311f57b8774496061feed47d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:09:26 +0100 Subject: [PATCH 34/70] Update deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index 6114948cf4..61711a0545 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -8,7 +8,7 @@ mapped_pages: # Deploy an orchestrator [k8s-quickstart] -With Elastic Cloud on Kubernetes (ECK) you can extend the basic Kubernetes orchestration capabilities to easily deploy, secure, upgrade your {{es}} cluster, along with other Elastic applications. +With Elastic Cloud on Kubernetes (ECK), you can extend the basic Kubernetes orchestration capabilities to easily deploy, secure, upgrade your {{es}} cluster, along with other Elastic applications. This section provides step-by-step guidance on: From 099fe5c8c20fa951bd952cd857f245ebd9032b49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:10:01 +0100 Subject: [PATCH 35/70] Update deploy-manage/deploy/cloud-on-k8s/configure-eck.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/configure-eck.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md index 932ea61140..5958b39712 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md @@ -10,7 +10,7 @@ mapped_pages: ECK can be configured using either command-line flags or environment variables. -Unless noted otherwise, environment variables can be used instead of flags to configure the operator. Simply convert the flag name to upper case and replace any dashes (`-`) with underscores (`_`). For example, the `log-verbosity` flag can be set by an environment variable named `LOG_VERBOSITY`. +To pass configuration options as environment variables, convert the flag name to upper case and replace any dashes (`-`) with underscores (`_`). For example, the `log-verbosity` flag can be set by an environment variable named `LOG_VERBOSITY`. The following table lists and describes all available configuration flags: From b78eae0c3f01e518a8a62e5929a295ad0da994b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:10:57 +0100 Subject: [PATCH 36/70] Update deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index 61711a0545..80998394a3 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -10,7 +10,7 @@ mapped_pages: With Elastic Cloud on Kubernetes (ECK), you can extend the basic Kubernetes orchestration capabilities to easily deploy, secure, upgrade your {{es}} cluster, along with other Elastic applications. -This section provides step-by-step guidance on: +In this section, you'll learn how to do the following: - [**Installing the ECK Operator**](./install.md) → Learn different installation methods, including Helm and YAML manifests. - [**Deploying in air-gapped environments**](./air-gapped-install.md) → Follow best practices for installing and operating ECK in restricted networks. From f9332bbbd7c745509ae5b7954352a3415baffe1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:11:36 +0100 Subject: [PATCH 37/70] Update deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index 80998394a3..26e09a550b 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -19,5 +19,5 @@ In this section, you'll learn how to do the following: If you're looking to deploy {{es}}, {{kib}}, or other Elastic applications using ECK, refer to [](./manage-deployments.md). ::::{tip} -For a quickstart experience covering the ECK installation, and an {{es}} cluster with a {{kib}} instance, refer to [](../cloud-on-k8s.md#eck-quickstart) +For a quickstart experience covering installation of ECK and deployment of an {{es}} cluster with a {{kib}} instance, refer to [](../cloud-on-k8s.md#eck-quickstart) :::: \ No newline at end of file From 3de03183df908009137ebb8d2355129ceaecd69d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:12:18 +0100 Subject: [PATCH 38/70] Update deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index 26e09a550b..2037a88f17 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -12,9 +12,9 @@ With Elastic Cloud on Kubernetes (ECK), you can extend the basic Kubernetes orch In this section, you'll learn how to do the following: -- [**Installing the ECK Operator**](./install.md) → Learn different installation methods, including Helm and YAML manifests. -- [**Deploying in air-gapped environments**](./air-gapped-install.md) → Follow best practices for installing and operating ECK in restricted networks. -- [**Configuring ECK**](./configure.md) → Understand the available configuration options to optimize your ECK deployment. +- [**Installing the ECK Operator**](./install.md): Learn different installation methods, including Helm and YAML manifests. +- [**Deploying in air-gapped environments**](./air-gapped-install.md): Follow best practices for installing and operating ECK in restricted networks. +- [**Configuring ECK**](./configure.md): Understand the available configuration options to optimize your ECK deployment. If you're looking to deploy {{es}}, {{kib}}, or other Elastic applications using ECK, refer to [](./manage-deployments.md). From 68557bcba8f68eaa429f6e27f312596b9b8a50e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:12:42 +0100 Subject: [PATCH 39/70] Update deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index 2037a88f17..00cb4cef35 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -16,7 +16,7 @@ In this section, you'll learn how to do the following: - [**Deploying in air-gapped environments**](./air-gapped-install.md): Follow best practices for installing and operating ECK in restricted networks. - [**Configuring ECK**](./configure.md): Understand the available configuration options to optimize your ECK deployment. -If you're looking to deploy {{es}}, {{kib}}, or other Elastic applications using ECK, refer to [](./manage-deployments.md). +To learn how to deploy {{es}}, {{kib}}, or other Elastic applications using ECK, refer to [](./manage-deployments.md). ::::{tip} For a quickstart experience covering installation of ECK and deployment of an {{es}} cluster with a {{kib}} instance, refer to [](../cloud-on-k8s.md#eck-quickstart) From 32fe270e7bef9dc4c6d650931965bfd9b9290639 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:13:11 +0100 Subject: [PATCH 40/70] Update deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md index b04f231852..315d112004 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md @@ -82,7 +82,7 @@ You can migrate an existing operator installation to Helm by adding the `meta.he A shell script is available in the [ECK source repository](https://github.com/elastic/cloud-on-k8s/blob/2.16/deploy/helm-migrate.sh) to demonstrate how to migrate from version 1.7.1 to Helm. You can modify it to suit your own environment. :::: -For example, an ECK 1.2.1 installation deployed using the [quickstart guide](https://www.elastic.co/guide/en/cloud-on-k8s/1.2/k8s-quickstart.html) can be migrated to Helm as follows: +For example, an ECK 1.2.1 installation deployed using [YAML manifests](/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart) can be migrated to Helm as follows: 1. Annotate and label all the ECK CRDs with the appropriate Helm annotations and labels. CRDs need to be preserved to retain any existing Elastic applications deployed using the operator. From 2adbb325f48579b9c3bdb35906aa63ebe86660df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:13:37 +0100 Subject: [PATCH 41/70] Update deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md b/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md index 68ed67e9a3..f1c3c53399 100644 --- a/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md +++ b/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md @@ -9,7 +9,7 @@ mapped_pages: # Required RBAC permissions [k8s-eck-permissions] -Installing and running ECK, as well as using ECK-managed resources requires the following Kubernetes [permissions](https://kubernetes.io/docs/reference/access-authn-authz/rbac): +Installing and running ECK, as well as using ECK-managed resources, requires the following Kubernetes [permissions](https://kubernetes.io/docs/reference/access-authn-authz/rbac): * [Installing CRDs](#k8s-eck-permissions-installing-crds) * [Installing the ECK operator](#k8s-eck-permissions-installing-operator) From 87952529dfe52e814269a8f559644cef0cf68724 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:14:03 +0100 Subject: [PATCH 42/70] Update deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- .../cloud-on-k8s/install-using-yaml-manifest-quickstart.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md index 801cf4210e..825528d347 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md @@ -21,7 +21,9 @@ applies: % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-install-yaml-manifests.md % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-deploy-eck.md -This method is the quickest way to get started with ECK if you have full administrative access to the Kubernetes cluster. +In this guide, you'll learn how to deploy ECK using Elastic-provided YAML manifests. This method is the quickest way to get started with ECK if you have full administrative access to the Kubernetes cluster. + +To learn about other installation methods, refer to [](/deploy-manage/deploy/cloud-on-k8s/install.md). During the installation, the following components are installed or updated: From c517256e9164510b4af7c69ece9c332a54a9dc12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:14:41 +0100 Subject: [PATCH 43/70] Update deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- .../cloud-on-k8s/install-using-yaml-manifest-quickstart.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md index 825528d347..a031fa0a72 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md @@ -37,7 +37,7 @@ During the installation, the following components are installed or updated: Before you begin, review the following prerequisites and recommendations: -* For this quickstart guide, your Kubernetes cluster is assumed to be already up and running. Before you proceed with the ECK installation, make sure you check the [supported versions](/deploy-manage/deploy/cloud-on-k8s.md#k8s-supported). +* You're running a Kubernetes cluster using a [supported platform](/deploy-manage/deploy/cloud-on-k8s.md#k8s-supported). * If you are using GKE, make sure your user has `cluster-admin` permissions. For more information, check [Prerequisites for using Kubernetes RBAC on GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#iam-rolebinding-bootstrap). From 3c407549439824c60fa2d3ccf9db3ff078bee8fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:15:04 +0100 Subject: [PATCH 44/70] Update deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- .../cloud-on-k8s/install-using-yaml-manifest-quickstart.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md index a031fa0a72..018b2bf9e3 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md @@ -41,7 +41,7 @@ Before you begin, review the following prerequisites and recommendations: * If you are using GKE, make sure your user has `cluster-admin` permissions. For more information, check [Prerequisites for using Kubernetes RBAC on GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#iam-rolebinding-bootstrap). -* If you are using Amazon EKS, make sure the Kubernetes control plane is allowed to communicate with the Kubernetes nodes on port 443. This is required for communication with the Validating Webhook. For more information, check [Recommended inbound traffic](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.md). +* If you are using Amazon EKS, make sure the Kubernetes control plane is allowed to communicate with the Kubernetes nodes on port 443. This is required for communication with the validating webhook. For more information, check [Recommended inbound traffic](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html). * Refer to [*Install ECK*](../../../deploy-manage/deploy/cloud-on-k8s/install.md) for more information on installation options. From 68b3b3b6671d0b8c675a9a3943cc623039cca50c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:18:39 +0100 Subject: [PATCH 45/70] Apply suggestions from code review Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- .../install-using-yaml-manifest-quickstart.md | 18 +++++++++--------- deploy-manage/deploy/cloud-on-k8s/install.md | 16 ++++++++-------- .../deploy/cloud-on-k8s/manage-deployments.md | 2 +- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md index 018b2bf9e3..fcc04447b3 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md @@ -43,21 +43,18 @@ Before you begin, review the following prerequisites and recommendations: * If you are using Amazon EKS, make sure the Kubernetes control plane is allowed to communicate with the Kubernetes nodes on port 443. This is required for communication with the validating webhook. For more information, check [Recommended inbound traffic](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html). -* Refer to [*Install ECK*](../../../deploy-manage/deploy/cloud-on-k8s/install.md) for more information on installation options. - -* Check the [upgrade notes](../../../deploy-manage/upgrade/orchestrator/upgrade-cloud-on-k8s.md) if you are attempting to upgrade an existing ECK deployment. ## Installation procedure To deploy the ECK operator: -1. Install [custom resource definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) with [`create`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/): +1. Install Elastic's [custom resource definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) with [`create`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/): ```sh kubectl create -f https://download.elastic.co/downloads/eck/{{eck_version}}/crds.yaml ``` - This will output similar to the following upon Elastic resources' creation: + You'll see output similar to the following as resources are created: ```sh customresourcedefinition.apiextensions.k8s.io/agents.agent.k8s.elastic.co created @@ -70,7 +67,7 @@ To deploy the ECK operator: customresourcedefinition.apiextensions.k8s.io/logstashes.logstash.k8s.elastic.co created ``` -2. Install the operator with its RBAC rules with [`apply`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_apply/): +2. Using [`kubectl apply`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_apply/), install the operator with its RBAC rules: ```sh kubectl apply -f https://download.elastic.co/downloads/eck/{{eck_version}}/operator.yaml @@ -80,13 +77,13 @@ To deploy the ECK operator: The ECK operator runs by default in the `elastic-system` namespace. It is recommended that you choose a dedicated namespace for your workloads (such as Elasticsearch and Kibana), rather than using the `elastic-system` or the `default` namespace. :::: -3. Monitor the operator’s setup from its logs through [`logs`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_logs/): +3. Using [`kubectl logs`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_logs), monitor the operator’s setup by watching the logs: ```sh kubectl -n elastic-system logs -f statefulset.apps/elastic-operator ``` -4. Once ready, the operator will report as `Running` as shown with [`get`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_get/), replacing default `elastic-system` with applicable installation namespace as needed: * +4. Use [`kubectl get`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_get/) to check the operator status, passing in the namespace using the `-n` flag. When the operator is ready to use, it will report as `Running`. ``` $ kubectl get -n elastic-system pods @@ -94,4 +91,7 @@ NAME READY STATUS RESTARTS AGE elastic-operator-0 1/1 Running 0 1m ``` -This completes the quickstart of the ECK operator. We recommend continuing to [Deploying an {{es}} cluster](../../../deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md); but for more configuration options as needed, navigate to [Operating ECK](../../../deploy-manage/deploy/cloud-on-k8s/configure.md). +## Next steps + +* To continue the quickstart, go to [](/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md) +* For more configuration options, refer to [](/deploy-manage/deploy/cloud-on-k8s/configure.md). diff --git a/deploy-manage/deploy/cloud-on-k8s/install.md b/deploy-manage/deploy/cloud-on-k8s/install.md index 4315617e75..66a13dae8b 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install.md +++ b/deploy-manage/deploy/cloud-on-k8s/install.md @@ -7,16 +7,16 @@ mapped_urls: # Install ECK [k8s-installing-eck] -Elastic Cloud on Kubernetes (ECK) is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) that helps you deploy and manage Elastic applications on Kubernetes, including **Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash**. +Elastic Cloud on Kubernetes (ECK) is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) that helps you deploy and manage Elastic applications on Kubernetes, including Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash. -ECK relies on a set of [Custom Resource Definitions (CRDs)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) to define how applications are deployed. **CRDs are global resources**, shared across the entire Kubernetes cluster, so installing them requires [specific permissions](../../../deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md#k8s-eck-permissions-installing-crds). +ECK relies on a set of [Custom Resource Definitions (CRDs)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) to define how applications are deployed. CRDs are global resources, shared across the entire Kubernetes cluster, so installing them requires [specific permissions](../../../deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md#k8s-eck-permissions-installing-crds). ECK can be installed in two modes, depending on the namespaces the operator is allowed to manage: -1. **Cluster-wide installation** - Allows the operator to orchestrate applications in all namespaces of the Kubernetes cluster. This is the default installation method. -2. **Namespace-restricted installation** – Limited to specific, pre-defined namespaces. Use the `namespaces` [configuration flag](./configure-eck.md) to limit the namespaces in which the operator is allowed to work. +1. **Cluster-wide installation**: Allows the operator to orchestrate applications in all namespaces of the Kubernetes cluster. This is the default installation method. +2. **Namespace-restricted installation**: Limited to specific, pre-defined namespaces. Use the `namespaces` [configuration flag](./configure-eck.md) to limit the namespaces in which the operator is allowed to work. ::::{note} -You can install multiple instances of ECK in the same Kubernetes cluster, **but only if** the CRDs are compatible across all operator instances (e.g., by ensuring they run the same version). If running multiple instances, you must also disable cluster-wide features like the [validating webhook](../../../deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md). +You can install multiple instances of ECK in the same Kubernetes cluster, but only if the CRDs are compatible across all operator instances (e.g., by ensuring they run the same version). If running multiple instances, you must also disable cluster-wide features like the [validating webhook](../../../deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md). :::: ::::{warning} @@ -25,16 +25,16 @@ Deleting CRDs will trigger deletion of all custom resources (Elasticsearch, Kiba For a list of supported versions refer to [](../cloud-on-k8s.md#k8s-supported) -## Installation Methods +## Installation methods ECK supports multiple installation methods. Choose the one that best fits your infrastructure: * [Install ECK using YAML manifests (quickstart)](./install-using-yaml-manifest-quickstart.md) -* [Install ECK using the Helm chart](./install-using-helm-chart.md) +* [Install ECK using a Helm chart](./install-using-helm-chart.md) * [](./deploy-eck-on-openshift.md) * [](./deploy-eck-on-gke-autopilot.md) * [](./deploy-fips-compatible-version-of-eck.md) For air-gapped environments, refer to [](./air-gapped-install.md) to understand the requirements and installation considerations. -See [*Required RBAC permissions*](required-rbac-permissions.md) for a complete list of the permissions needed by the operator. \ No newline at end of file +Refer to [Required RBAC permissions](required-rbac-permissions.md) for a complete list of the permissions needed by the operator. \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md index dd36d8e05f..8fe3bd4324 100644 --- a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md @@ -13,7 +13,7 @@ applies: This section provides detailed guidance on deploying, configuring, and managing Elasticsearch and Kibana within ECK. A **deployment** refers to an {{es}} cluster, optionally with one or more {{kib}} instances connected to it. ::::{tip} -This content focuses on **Elasticsearch and Kibana** deployments. To orchestrate other Elastic Stack applications such as **APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash**, refer to the [Orchestrating other Elastic Stack applications](./orchestrate-other-elastic-applications.md). +This content focuses on Elasticsearch and Kibana deployments. To orchestrate other Elastic Stack applications such as APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash, refer to the [Orchestrating other Elastic Stack applications](./orchestrate-other-elastic-applications.md). :::: ## What You'll Learn From 3dbb8a93146f58abed3e6e3e01fe8268394c7c5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Fri, 14 Feb 2025 01:27:14 +0100 Subject: [PATCH 46/70] access services updated and fixed link --- .../deploy/cloud-on-k8s/accessing-services.md | 32 ++++++------------- .../cloud-on-k8s/install-using-helm-chart.md | 2 +- 2 files changed, 10 insertions(+), 24 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md index cf2fe74905..fc4ab8f5b5 100644 --- a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md +++ b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md @@ -5,29 +5,11 @@ mapped_urls: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-accessing-elastic-services.html - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-request-elasticsearch-endpoint.html - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-services.html - - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-security.html --- # Accessing services [k8s-accessing-elastic-services] -% What needs to be done: Refine - -% GitHub issue: https://github.com/elastic/docs-projects/issues/357 - -% Scope notes: Merge the selected docs into one: - First describe how to access Elasticsearch. - Describe the services that ECK creates for ES. - Provide the example and instructions - -% Use migrated content from existing pages that map to this page: - -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-accessing-elastic-services.md -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-request-elasticsearch-endpoint.md -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-services.md -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-security.md - -% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc): -% already present -$$$k8s-allow-public-access$$$ -% pending -$$$k8s-setting-up-your-own-certificate$$$ +% removing internal link / anchor k8s-setting-up-your-own-certificate to see what fails All Elastic Stack resources deployed by the ECK operator are secured by default. The operator sets up basic authentication and TLS to encrypt network traffic to, from, and within your Elasticsearch cluster. @@ -41,15 +23,17 @@ This section explains how to access and customize the Kubernetes services and se For advanced use cases related to exposing and accessing orchestrated applications, see: -* [](./tls-certificates.md) → Learn how to use the self-signed certificate generated by ECK or configure a custom certificate for the HTTP endpoint. -* [](./service-meshes.md) → Connect ECK and your managed deployments to service mesh implementations such as `Istio` and `Linkerd`. -* [](./requests-routing-to-elasticsearch-nodes.md) → Create custom services to expose different node types. -* [Add Ingress resources through the Helm chart](./managing-deployments-using-helm-chart.md#k8s-eck-stack-ingress). +* [](./tls-certificates.md): Learn how to use the self-signed certificate generated by ECK or configure a custom certificate for the HTTP endpoint. +* [](./service-meshes.md): Connect ECK and your managed deployments to service mesh implementations such as `Istio` and `Linkerd`. +* [](./requests-routing-to-elasticsearch-nodes.md): Create custom services to expose different node types. +* [Use Ingress to expose {{es}} or {{kib}}](./managing-deployments-using-helm-chart.md#k8s-eck-stack-ingress): Helm based installation facilitates the creation of Ingress resources. ## Retrieve the `elastic` user password [k8s-authentication] To access Elastic resources, the operator manages a default user named `elastic` with the `superuser` role. Its password is stored in a `Secret` named `-elastic-user`. +Run the following command to obtain the password of the `elastic` user: + ```sh > kubectl get secret hulk-es-elastic-user -o go-template='{{.data.elastic | base64decode }}' 42xyz42citsale42xyz42 @@ -59,6 +43,8 @@ To access Elastic resources, the operator manages a default user named `elastic` Beware of copying this Secret as-is into a different namespace. Check [Common Problems: Owner References](../../../troubleshoot/deployments/cloud-on-k8s/common-problems.md#k8s-common-problems-owner-refs) for more information. :::: +For more information about handling users on ECK deployments refer to [ECK users and roles](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-users.md). + ## Managing Kubernetes services [k8s-kubernetes-service] You can access Elastic resources by using native Kubernetes services that are not reachable from the public Internet by default. diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md index 315d112004..247fc382a2 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md @@ -82,7 +82,7 @@ You can migrate an existing operator installation to Helm by adding the `meta.he A shell script is available in the [ECK source repository](https://github.com/elastic/cloud-on-k8s/blob/2.16/deploy/helm-migrate.sh) to demonstrate how to migrate from version 1.7.1 to Helm. You can modify it to suit your own environment. :::: -For example, an ECK 1.2.1 installation deployed using [YAML manifests](/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart) can be migrated to Helm as follows: +For example, an ECK 1.2.1 installation deployed using [YAML manifests](/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md) can be migrated to Helm as follows: 1. Annotate and label all the ECK CRDs with the appropriate Helm annotations and labels. CRDs need to be preserved to retain any existing Elastic applications deployed using the operator. From 4f1d2822b7a885e86cd4870dc8c36f037adba260 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sat, 15 Feb 2025 12:01:07 +0100 Subject: [PATCH 47/70] eck stack helm chart guide updated --- deploy-manage/deploy/cloud-on-k8s.md | 74 ++- .../cloud-on-k8s/configure-deployments.md | 14 + .../deploy/cloud-on-k8s/configure-eck.md | 176 ++++--- .../deploy/cloud-on-k8s/configure.md | 68 ++- .../cloud-on-k8s/deploy-an-orchestrator.md | 1 - .../k8s-kibana-secure-settings.md | 2 + .../k8s-openshift-deploy-operator.md | 44 +- .../deploy/cloud-on-k8s/k8s_prerequisites.md | 462 ------------------ .../deploy/cloud-on-k8s/manage-deployments.md | 18 +- .../managing-deployments-using-helm-chart.md | 101 +++- .../deploy/cloud-on-k8s/network-policies.md | 458 ++++++++++++++++- .../orchestrate-other-elastic-applications.md | 36 +- deploy-manage/toc.yml | 2 - 13 files changed, 790 insertions(+), 666 deletions(-) delete mode 100644 deploy-manage/deploy/cloud-on-k8s/k8s_prerequisites.md diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index 6d327ea9d6..86a2a36cbf 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -10,10 +10,6 @@ mapped_urls: # Elastic Cloud on Kubernetes [k8s-overview] -::::{important} -ECK is an Elastic self-managed product offered in two licensing tiers: Basic and Enterprise. For more details refer to [Elastic subscriptions](https://www.elastic.co/subscriptions) and [](/deploy-manage/license/manage-your-license-in-eck.md) documentation. -:::: - Built on the Kubernetes Operator pattern, {{eck}} (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. With Elastic Cloud on Kubernetes, you can streamline critical operations, such as: @@ -26,11 +22,24 @@ With Elastic Cloud on Kubernetes, you can streamline critical operations, such a This section provides everything you need to install, configure, and manage Elastic Stack applications with ECK, including: -- [](./cloud-on-k8s/deploy-an-orchestrator.md): ECK installation methods and configuration details. -- [](./cloud-on-k8s/manage-deployments.md): Install and configure {{es}} clusters and {{kib}} instances through ECK. -- [](./cloud-on-k8s/orchestrate-other-elastic-applications.md): Install and configure APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. +- [](./cloud-on-k8s/deploy-an-orchestrator.md): ECK installation methods and configuration options. Deploy ECK on managed Kubernetes platforms like GKE, AKS, and EKS, on self-managed Kubernetes clusters, on OpenShift, and even in air-gapped environments. +- [](./cloud-on-k8s/manage-deployments.md): Handle {{es}} clusters and {{kib}} instances through ECK. +- [](./cloud-on-k8s/orchestrate-other-elastic-applications.md): Run APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. - [](./cloud-on-k8s/tools-apis.md): A collection of tools and APIs available in ECK based environments. +Other sections of the documentation include the following important topics around ECK: + +- [Logging and Monitoring](../monitor.md): Configure stack monitoring and logs forwarding with the help of ECK. +- [Remote Clusters](../remote-clusters.md): Configure remote clusters on ECK. +- [](../tools.md): Add snapshot repositories to your {{es}} clusters for automatic snapshots. +- [Security](../security.md): Users and roles, built-in users, configure SSO authentication realms, and more. +- [Autoscaling](../autoscaling.md): Learn how to use {{es}} autoscaling on ECK, or use Horizontal Pod Autoscaler functionality for stateless workloads. +- [Licensing](../license/manage-your-license-in-eck.md): Manage licenses on ECK. + +::::{important} +ECK is an Elastic self-managed product offered in two licensing tiers: Basic and Enterprise. For more details refer to [Elastic subscriptions](https://www.elastic.co/subscriptions) and [](/deploy-manage/license/manage-your-license-in-eck.md) documentation. +:::: + ## Quickstart [eck-quickstart] If you want to get started quickly, follow these guides to deploy ECK and set up an {{es}} cluster: @@ -38,18 +47,32 @@ If you want to get started quickly, follow these guides to deploy ECK and set up * [Install ECK using YAML manifests](./cloud-on-k8s/install-using-yaml-manifest-quickstart.md) * [Deploy an {{es}} cluster](./cloud-on-k8s/elasticsearch-deployment-quickstart.md) * [Deploy a {{kib}} instance](./cloud-on-k8s/kibana-instance-quickstart.md) -* [Update your deployment](./cloud-on-k8s/update-deployments.md) -Afterwards, you can find further sample resources [in the project repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/config/samples) or by checking out [our recipes](./cloud-on-k8s/recipes.md). +Afterwards, you can: + +* Learn how to [update your deployment](./cloud-on-k8s/update-deployments.md) +* Check out [our recipes](./cloud-on-k8s/recipes.md) for multiple use cases +* Find further sample resources [in the project repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/config/samples) ## Supported versions [k8s-supported] -ECK is compatible with: +This section outlines the supported Kubernetes and Elastic Stack versions for ECK. Check the full [Elastic support matrix](https://www.elastic.co/support/matrix#matrix_kubernetes) for more information. + +### Kubernetes compatibility + +ECK is compatible with the following Kubernetes distributions and related technologies: * Kubernetes 1.28-1.32 * OpenShift 4.12-4.17 * Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS), and Amazon Elastic Kubernetes Service (EKS) * Helm: 3.2.0+ + +ECK should work with all conformant **installers** listed in these [FAQs](https://github.com/cncf/k8s-conformance/blob/master/faq.md#what-is-a-distribution-hosted-platform-and-an-installer). Distributions include source patches and so may not work as-is with ECK. + +### Elastic Stack compatibility + +ECK is compatible with the following Elastic Stack applications: + * Elasticsearch, Kibana, APM Server: 6.8+, 7.1+, 8+ * Enterprise Search: 7.7+, 8+ * Beats: 7.0+, 8+ @@ -57,42 +80,11 @@ ECK is compatible with: * Elastic Maps Server: 7.11+, 8+ * Logstash: 8.7+ -ECK should work with all conformant installers listed in these [FAQs](https://github.com/cncf/k8s-conformance/blob/master/faq.md#what-is-a-distribution-hosted-platform-and-an-installer). Distributions include source patches and so may not work as-is with ECK. - -Alpha, beta, and stable API versions follow the same [conventions used by Kubernetes](https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-versioning). - Elastic Stack application images for the OpenShift-certified Elasticsearch (ECK) Operator are only available from version 7.10 and later. -Check the full [Elastic support matrix](https://www.elastic.co/support/matrix#matrix_kubernetes) for more information. - -% TBD: discuss if these make sense here ## Learn more about ECK [k8s_learn_more_about_eck] * [Orchestrate Elasticsearch on Kubernetes](https://www.elastic.co/elasticsearch-kubernetes) * [ECK post on the Elastic Blog](https://www.elastic.co/blog/introducing-elastic-cloud-on-kubernetes-the-elasticsearch-operator-and-beyond?elektra=products&storm=sub1) * [Getting Started With Elastic Cloud on Kubernetes (ECK)](https://www.youtube.com/watch?v=PIJmlYBIFXM) * [Running the Elastic Stack on Kubernetes with ECK](https://www.youtube.com/watch?v=Wf6E3vkvEFM) - -% TBD: discuss where to put this "ask for help info" -## Ask for help [k8s-ask-for-help] - -If you are an existing Elastic customer with an active support contract, you can create a case in the [Elastic Support Portal](https://support.elastic.co/). Kindly attach an [ECK diagnostic](/troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) when opening your case. - -Alternatively, or if you do not have a support contract, and if you are unable to find a solution to your problem with the information provided in these documents, ask for help: - -* [ECK Discuss forums](https://discuss.elastic.co/c/eck) to ask any question -* [Github issues](https://github.com/elastic/cloud-on-k8s/issues) for bugs and feature requests - -% TBD: decide if this should be ommited also. -% This was a "redirect only" in the excel -## Advanced topics [k8s-advanced-topics] - -* [*Deploy ECK on OpenShift*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md) -* [*Deploy ECK on GKE Autopilot*](/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md) -* [*Create custom images*](/deploy-manage/deploy/cloud-on-k8s/create-custom-images.md) -* [*Service meshes*](/deploy-manage/deploy/cloud-on-k8s/service-meshes.md) -* [*Traffic Splitting*](/deploy-manage/deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md) -* [*Network policies*](/deploy-manage/deploy/cloud-on-k8s/network-policies.md) -* [*Webhook namespace selectors*](/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md) -* [*Stack Monitoring*](/deploy-manage/monitor/stack-monitoring/eck-stack-monitoring.md) -* [*Deploy a FIPS compatible version of ECK*](/deploy-manage/deploy/cloud-on-k8s/deploy-fips-compatible-version-of-eck.md) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index 2ad5d3bd23..341b8134a9 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -9,18 +9,32 @@ mapped_pages: % the security link needs to be refined to point to the eck related section around security % same for upgrade link +% WORK IN PROGRESS, TOGETHER WITH CONFIGURE.md + # Configure deployments [k8s-orchestrating-elastic-stack-applications] This section provides details around {{kib}} and {{es}} configuration when running on ECK. For general information about how ECK applies configuration changes and the syntax to use in the YAML manifests, refer to [](./update-deployments.md). * [**{{es}} configuration**](elasticsearch-configuration.md) → Review configuration possibilities to tune your {{es}} cluster running on ECK, learn how [nodes orchestration](./nodes-orchestration.md) work, [storage recommendations](./storage-recommendations.md), and more. + * [Users and roles]() (SECURITY) + * [](./requests-routing-to-elasticsearch-nodes.md) → Control the nodes receiving incoming traffic when using multiple `nodeSets` with different [node roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/node-roles-overview.html). + * [{{es}} autoscaling on ECK](../../autoscaling/deployments-autoscaling-on-eck.md): + + * [Snapshot and Restore](../../tools/snapshot-and-restore/cloud-on-k8s.md) + + * [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html) → Monitor your deployments smoothly with the help of ECK. + + * [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md) → Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. + * [**{{kib}} configuration**](kibana-configuration.md) → Learn how to connect {{kib}} to an {{es}} cluster, apply advanced configuration settings, and tune the HTTP configuration. Additionally, the following topics apply to both {{es}} and {{kib}}, and in some cases, to other applications supported by ECK: +* [Configure secure settings]() (LINK TBD, SECURITY CONFIGURE ES AND KIB SECURE SETTINGS) + * [**Access services**](accessing-services.md) → Learn how to access to the orchestrated clusters and how to adapt the Kubernetes services to your needs. * [**TLS certificates**](./tls-certificates.md) → Use your own SSL/TLS certificates for the HTTP endpoint of {{es}} or {{kib}}. diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md index 5958b39712..bab930dee9 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md @@ -1,98 +1,94 @@ --- -navigation_title: Configuration flags +navigation_title: Apply configuration settings applies: eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-operator-config.html --- -# ECK configuration flags [k8s-operator-config] +# Apply ECK configuration settings [k8s-operator-config] -ECK can be configured using either command-line flags or environment variables. +This page explains the various methods for configuring and applying ECK settings. -To pass configuration options as environment variables, convert the flag name to upper case and replace any dashes (`-`) with underscores (`_`). For example, the `log-verbosity` flag can be set by an environment variable named `LOG_VERBOSITY`. +::::{tip} +For a detailed list and description of all available settings in ECK, refer to asciidocalypse://reference/cloud/cloud-on-k8s/eck-configuration-flags.md. +:::: -The following table lists and describes all available configuration flags: - -| Flag | Default | Description | -| --- | --- | --- | -| `ca-cert-rotate-before` | `24h` | Duration representing how long before expiration CA certificates should be re-issued. | -| `ca-cert-validity` | `8760h` | Duration representing the validity period of a generated CA certificate. | -| `ca-dir` | `""` | Path to a directory containing a CA certificate (tls.crt) and its associated private key (tls.key) to be used for all managed resources. Effectively disables the CA rotation and validity options. | -| `cert-rotate-before` | `24h` | Duration representing how long before expiration TLS certificates should be re-issued. | -| `cert-validity` | `8760h` | Duration representing the validity period of a generated TLS certificate. | -| `config` | `""` | Path to a file containing the operator configuration. | -| `container-registry` | `docker.elastic.co` | Container registry to use for pulling Elastic Stack container images. | -| `container-repository` | `""` | Container repository to use for pulling Elastic Stack container images. | -| `container-suffix` | `""` | Suffix to be appended to container images by default. Cannot be combined with `--ubi-only` flag. | -| `disable-config-watch` | `false` | Watch the configuration file for changes and restart to apply them. Only effective when the `--config` flag is used to set the configuration file. | -| `disable-telemetry` | `false` | Disable periodically updating ECK telemetry data for Kibana to consume. | -| `elasticsearch-client-timeout` | `180s` | Default timeout for requests made by the Elasticsearch client. | -| `enable-leader-election` | `true` | Enable leader election. Must be set to true if using multiple replicas of the operator | -| `enable-tracing` | `false` | Enable APM tracing in the operator process. Use environment variables to configure APM server URL, credentials, and so on. Check [Apm Go Agent reference](https://www.elastic.co/guide/en/apm/agent/go/1.x/configuration.html) for details. | -| `enable-webhook` | `false` | Enables a validating webhook server in the operator process. | -| `enforce-rbac-on-refs` | `false` | Enables restrictions on cross-namespace resource association through RBAC. | -| `exposed-node-labels` | `""` | List of Kubernetes node labels which are allowed to be copied as annotations on the Elasticsearch Pods. Check [Topology spread constraints and availability zone awareness](advanced-elasticsearch-node-scheduling.md#k8s-availability-zone-awareness) for more details. | -| `ip-family` | `""` | Set the IP family to use. Possible values: IPv4, IPv6, "" (= auto-detect) | -| `kube-client-qps` | `0` | Set the maximum number of queries per second to the Kubernetes API. Default value is inherited from the [Go client](https://github.com/kubernetes/client-go/blob/e6538dd42b4fe55b6c754e41c66b43133ba41a59/rest/config.go#L44). | -| `kube-client-timeout` | `60s` | Set the request timeout for Kubernetes API calls made by the operator. | -| `log-verbosity` | `0` | Verbosity level of logs. `-2`=Error, `-1`=Warn, `0`=Info, `0` and above=Debug. | -| `manage-webhook-certs` | `true` | Enables automatic webhook certificate management. | -| `max-concurrent-reconciles` | `3` | Maximum number of concurrent reconciles per controller (Elasticsearch, Kibana, APM Server). Affects the ability of the operator to process changes concurrently. | -| `metrics-cert-dir` | `"{{TempDir}}/k8s-metrics-server/serving-certs"` | Location of TLS certs for the metrics server. Directory needs to contain tls.key and tls.crt. If empty self-signed certificates are used. Only effective when combined with metrics-port and metrics-secure. | -| `metrics-host` | `0.0.0.0` | The host to which the operator should bind to serve metrics in the Prometheus format. Will be combined with metrics-port. | -| `metrics-port` | `0` | Prometheus metrics port. Set to 0 to disable the metrics endpoint. | -| `metrics-secure` | `false` | Enables TLS for the metrics server. Only effective combined with metrics-port. | -| `namespaces` | `""` | Namespaces in which this operator should manage resources. Accepts multiple comma-separated values. Defaults to all namespaces if empty or unspecified. | -| `operator-namespace` | `""` | Namespace the operator runs in. Required. | -| `password-hash-cache-size` | `5 x max-concurrent-reconciles` | Sets the size of the password hash cache. Caching is disabled if explicitly set to 0 or any negative value. | -| `set-default-security-context` | `auto-detect` | Enables adding a default Pod Security Context to Elasticsearch Pods in Elasticsearch `8.0.0` and later. `fsGroup` is set to `1000` by default to match Elasticsearch container default UID. This behavior might not be appropriate for OpenShift and PSP-secured Kubernetes clusters, so it can be disabled. | -| `ubi-only` | `false` | Use only UBI container images to deploy Elastic Stack applications. UBI images are only available from 7.10.0 onward. Cannot be combined with `--container-suffix` flag. | -| `validate-storage-class` | `true` | Specifies whether the operator should retrieve storage classes to verify volume expansion support. Can be disabled if cluster-wide storage class RBAC access is not available. | -| `webhook-cert-dir` | `"{{TempDir}}/k8s-webhook-server/serving-certs"` | Path to the directory that contains the webhook server key and certificate. | -| `webhook-name` | `"elastic-webhook.k8s.elastic.co"` | Name of the Kubernetes ValidatingWebhookConfiguration resource. Only used when `enable-webhook` is true. | -| `webhook-secret` | `""` | K8s secret mounted into the path designated by webhook-cert-dir to be used for webhook certificates. | -| `webhook-port` | `9443` | Port to listen for incoming validation requests. | - -Duration values should be specified as numeric values suffixed by the time unit. For example, a duration of 10 hours should be specified as `10h`. Acceptable time unit suffixes are: - -| Suffix | Unit | -| --- | --- | -| `ms` | Milliseconds | -| `s` | Seconds | -| `m` | Minutes | -| `h` | Hours | +By default, the ECK installation includes a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) with an `eck.yaml` key where you can add, remove, or update configuration settings. This ConfigMap is mounted into the operator’s container as a file, and provided to the application through the `--config` flag. -If you have a large number of configuration options to specify, use the `--config` flag to point to a file containing those options. For example, assume you have a file named `eck-config.yaml` with the following content: +::::{note} +If you use [Operator Lifecycle Manager](https://github.com/operator-framework/operator-lifecycle-manager), refer to [Configure ECK under Operator Lifecycle Manager](#k8s-operator-config-olm) +:::: + +To configure ECK settings, follow the instructions in the next sections depending on whether you installed ECK through the Helm chart or the YAML manifests. + +## Using the operator Helm chart + +If you installed ECK through the Helm chart commands listed in [](./install-using-helm-chart.md), add your configuration parameters under the `config` key in your values file, or set them inline using the equivalent `--set config.=` flags when updating or installing the release. + +For example, to add the `ca-cert-validity` setting with a value of `43800h`, you can use any of the following methods: + +### Option 1: Use a values file and reference it in the helm upgrade command: + +Create a values file with the following content: ```yaml -log-verbosity: 2 -metrics-port: 6060 -namespaces: [ns1, ns2, ns3] +config: + ca-cert-validity: 43800h ``` -The operator can be started using any of the following methods to achieve the same end result: +Then, update the installed release pointing to the values file: ```sh -./elastic-operator manager --config=eck-config.yaml +helm upgrade elastic-operator elastic/eck-operator -f my-values-file.yaml -n elastic-system ``` -```sh -./elastic-operator manager --log-verbosity=2 --metrics-port=6060 --namespaces=ns1,ns2,ns3 -``` +### Option 2: Use `--set` in the helm upgrade command ```sh -LOG_VERBOSITY=2 METRICS_PORT=6060 NAMESPACES="ns1,ns2,ns3" ./elastic-operator manager +helm upgrade elastic-operator elastic/eck-operator --set config.ca-cert-validity=43800h -n elastic-system ``` -If you use a combination of all or some of the these methods, the descending order of precedence in case of a conflict is as follows: +## Using the operator YAML manifests -* Flag -* Environment variable -* File +If you installed ECK using the manifests and the commands listed in [Deploy ECK](./install-using-yaml-manifest-quickstart.md), you can configure it by editing the `eck.yaml` key of the `elastic-operator` ConfigMap. Add, remove or update any configuration setting there and the operator will restart automatically to apply the new changes unless the `--disable-config-watch` flag is set. -You can edit the `elastic-operator` ConfigMap to change the operator configuration. Unless the `--disable-config-watch` flag is set, the operator should restart automatically to apply the new changes. Alternatively, you can edit the `elastic-operator` StatefulSet and add flags to the `args` section — which will trigger an automatic restart of the operator pod by the StatefulSet controller. +The following shows the default `elastic-operator` ConfigMap, for reference purposes. Refer to asciidocalypse://reference/cloud/cloud-on-k8s/eck-configuration-flags.md for a complete list of available settings. +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: elastic-operator + namespace: elastic-system +data: + eck.yaml: |- + log-verbosity: 0 + metrics-port: 0 + container-registry: docker.elastic.co + max-concurrent-reconciles: 3 + ca-cert-validity: 8760h + ca-cert-rotate-before: 24h + cert-validity: 8760h + cert-rotate-before: 24h + disable-config-watch: false + exposed-node-labels: [topology.kubernetes.io/.*,failure-domain.beta.kubernetes.io/.*] + set-default-security-context: auto-detect + kube-client-timeout: 60s + elasticsearch-client-timeout: 180s + disable-telemetry: false + distribution-channel: all-in-one + validate-storage-class: true + enable-webhook: true + webhook-name: elastic-webhook.k8s.elastic.co + webhook-port: 9443 + operator-namespace: elastic-system + enable-leader-election: true + elasticsearch-observation-interval: 10s + ubi-only: false +``` + +Alternatively, you can edit the `elastic-operator` StatefulSet and add flags to the `args` section of the operator container — which will trigger an automatic restart of the operator pod by the StatefulSet controller. ## Configure ECK under Operator Lifecycle Manager [k8s-operator-config-olm] @@ -142,4 +138,44 @@ If you use [Operator Lifecycle Manager (OLM)](https://github.com/operator-framew - name: config mountPath: /conf readOnly: true - ``` \ No newline at end of file + ``` + +## Advanced configuration methods + +ECK can be configured using either command-line flags, environment variables or a file containing the operator configuration, pointed by `--config` flag. + +::::{important} +For most use cases, Elastic recommends configuring ECK through the `elastic-operator` ConfigMap, which is included by default in all installation methods. + +This section provides a low-level overview of alternative configuration methods, primarily intended for developers or advanced users who might need to start the operator binary manually or adjust its configuration without modifying the ConfigMap. The implementation of these methods through Kubernetes manifests is out of the scope of this document. +:::: + +To pass configuration options as environment variables, convert the flag name to upper case and replace any dashes (`-`) with underscores (`_`). For example, the `log-verbosity` flag can be set by an environment variable named `LOG_VERBOSITY`. + +If you use a combination of all or some of the these methods, the descending order of precedence in case of a conflict is as follows: + +* Flag +* Environment variable +* File + +If you have a large number of configuration options to specify, use the `--config` flag to point to a file containing those options. For example, assume you have a file named `eck-config.yaml` with the following content: + +```yaml +log-verbosity: 2 +metrics-port: 6060 +namespaces: [ns1, ns2, ns3] +``` + +The operator can be started using any of the following methods to achieve the same end result: + +```sh +./elastic-operator manager --config=eck-config.yaml +``` + +```sh +./elastic-operator manager --log-verbosity=2 --metrics-port=6060 --namespaces=ns1,ns2,ns3 +``` + +```sh +LOG_VERBOSITY=2 METRICS_PORT=6060 NAMESPACES="ns1,ns2,ns3" ./elastic-operator manager +``` diff --git a/deploy-manage/deploy/cloud-on-k8s/configure.md b/deploy-manage/deploy/cloud-on-k8s/configure.md index 9cb70b6950..ffd86006ee 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure.md @@ -8,29 +8,65 @@ mapped_pages: # Configure ECK [k8s-operating-eck] +This section covers ECK configuration mechanisms and use cases, starting with the basic setup of the operator using the provided `ConfigMap` and extending to more advanced configuration scenarios that require detailed procedures. + ::::{tip} -For a detailed description of available **configuration flags and methods**, refer to [](./configure-eck.md). +This content focuses on ECK operator configuration. For details on available features and how to configure your {{es}} and {{kib}} deployments, refer to [](./configure-deployments.md). :::: -By default, the ECK installation includes a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) where you can add, remove, or update [configuration settings](./configure-eck.md). This ConfigMap is mounted into the operator’s container as an `eck.yaml` file, and provided to the application through the `--config` flag. +The following guides cover common ECK configuration tasks: + +* [](./configure-eck.md): Apply configuration changes, such the CA certificate validity period, the namespaces where the operator is allowed to work, or the log verbosity level for ECK. + +* [Configure the validating webhook](configure-validating-webhook.md): Enable or disable the webhook, and configure multiple SSL certificate generation options. + +* [Restrict cross-namespace resource associations](restrict-cross-namespace-resource-associations.md): Configure access control rules for cross-namespace associations. This functionality is disabled by default. + +* [Create custom images](./create-custom-images.md): Use your own images with {{es}} plugins already installed rather than installing them through init containers. + +* [Service meshes](./service-meshes.md): Connect ECK and managed Elastic Stack applications to some of the most popular [service mesh](https://www.cncf.io/blog/2017/04/26/service-mesh-critical-component-cloud-native-stack/) implementations in the Kubernetes ecosystem. + +* [Network policies](./network-policies.md): Use [Kubernetes network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to isolate pods by restricting incoming and outgoing network connections to a trusted set of sources and destinations. + +* [](./webhook-namespace-selectors.md): Restrict the namespaces that the validation webhook applies to, allowing multiple operators to coexist efficiently in the same cluster. + +Other sections of the Elastic documentation cover additional topics related to ECK configuration: + +* **Security** + * (topis related with ECK security (TLS certificates?), not deployments stuff ), CA certificates? + +* **Monitoring** + * [Configure the metrics endpoint](/deploy-manage/monitor/orchestrators/eck-metrics-configuration.md) (monitor an orchestrator) + +* **Licensing** + * [Manage licenses in ECK](../../license/manage-your-license-in-eck.md) + +* **Maintenance** + * [Upgrade ECK](../../upgrade/orchestrator/upgrade-cloud-on-k8s.md) + * [Uninstall ECK](../../uninstall/uninstall-elastic-cloud-on-kubernetes.md) -To configure ECK, edit the `elastic-operator` ConfigMap to change the operator configuration. The operator will restart automatically to apply the new changes unless the `--disable-config-watch` flag is set. +(Apps related) +* **Snapshots and Restore** + * Manage snapshots repositories --> Pending to add to configure deployments. -Alternatively, you can edit the `elastic-operator` StatefulSet and add flags to the `args` section — which will trigger an automatic restart of the operator pod by the StatefulSet controller. +* **Remote Clusters** + * Configure interconnection between your {{es}} clusters with the help of ECK. -If you use [Operator Lifecycle Manager](https://github.com/operator-framework/operator-lifecycle-manager), refer to [Configure ECK under Operator Lifecycle Manager](./configure-eck.md#k8s-operator-config-olm) +* **Monitoring** + * Stack Monitoring (for deployments) -## Configuration use cases +* **Licensing** + * [Manage licenses in ECK](../../license/manage-your-license-in-eck.md) -The following guides provide detailed instructions on configuring specific features, managing licenses, and performing common operational tasks: +* **Maintenance** + * [Upgrade ECK](../../upgrade/orchestrator/upgrade-cloud-on-k8s.md) + * [Uninstall ECK](../../uninstall/uninstall-elastic-cloud-on-kubernetes.md) -* [*Configure the validating webhook*](configure-validating-webhook.md) -* [*Configure the metrics endpoint*](../../monitor/orchestrators/eck-metrics-configuration.md) -* [*Restrict cross-namespace resource associations*](restrict-cross-namespace-resource-associations.md) -* [*Manage licenses in ECK*](../../license/manage-your-license-in-eck.md) -* [*Install ECK*](install.md) -* [*Upgrade ECK*](../../upgrade/orchestrator/upgrade-cloud-on-k8s.md) -* [*Uninstall ECK*](../../uninstall/uninstall-elastic-cloud-on-kubernetes.md) -* [*Running in air-gapped environments*](air-gapped-install.md) +* **Autoscaling** + * Autoscaling stateless applications + * Elasticsearch autoscaling on ECK -% suggestion: maybe we should add a comment about most common configuration needs, like CA certificates, namespaces, log-verbosity... \ No newline at end of file +* Security + * SAML authentication + * Users and roles + * Built-in users \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md index 00cb4cef35..b64f751985 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-an-orchestrator.md @@ -5,7 +5,6 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html --- - # Deploy an orchestrator [k8s-quickstart] With Elastic Cloud on Kubernetes (ECK), you can extend the basic Kubernetes orchestration capabilities to easily deploy, secure, upgrade your {{es}} cluster, along with other Elastic applications. diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-secure-settings.md b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-secure-settings.md index 89bf674a1b..4083fc31a7 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-secure-settings.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-kibana-secure-settings.md @@ -5,6 +5,8 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-kibana-secure-settings.html --- +% pending to move to security + # Secure settings [k8s-kibana-secure-settings] [Similar to {{es}}](../../security/secure-settings.md), you can use Kubernetes secrets to manage secure settings for {{kib}}. diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md index 12b25c4a13..2f7a616347 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-deploy-operator.md @@ -7,36 +7,34 @@ mapped_pages: # Deploy the operator [k8s-openshift-deploy-the-operator] -1. Apply the all-in-one template, as described in the [quickstart](deploy-an-orchestrator.md). +This page shows the installation steps to deploy ECK in Openshift: - ```shell - oc create -f https://download.elastic.co/downloads/eck/{{eck_version}}/crds.yaml - oc apply -f https://download.elastic.co/downloads/eck/{{eck_version}}/operator.yaml - ``` +1. Apply the manifests the same way as described in [](./install-using-yaml-manifest-quickstart.md) document: + + ```shell + oc create -f https://download.elastic.co/downloads/eck/{{eck_version}}/crds.yaml + oc apply -f https://download.elastic.co/downloads/eck/{{eck_version}}/operator.yaml + ``` 2. [Optional] If the Software Defined Network is configured with the `ovs-multitenant` plug-in, you must allow the `elastic-system` namespace to access other Pods and Services in the cluster: - ```shell - oc adm pod-network make-projects-global elastic-system - ``` + ```shell + oc adm pod-network make-projects-global elastic-system + ``` 3. Create a namespace to hold the Elastic resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash): + ::::{note} + A namespace other than the default namespaces (default, kube-\*, openshift-\*, etc) is required such that default [Security Context Constraint](https://docs.openshift.com/container-platform/4.12/authentication/managing-security-context-constraints.md) (SCC) permissions are applied automatically. Elastic resources will not work properly in any of the default namespaces. + :::: - ::::{note} - A namespace other than the default namespaces (default, kube-**, openshift-**, etc) is required such that default [Security Context Constraint](https://docs.openshift.com/container-platform/4.12/authentication/managing-security-context-constraints.md) (SCC) permissions are applied automatically. Elastic resources will not work properly in any of the default namespaces. - :::: - - -```shell -oc new-project elastic # creates the elastic project -``` - -1. [Optional] Allow another user or a group of users to manage the Elastic resources: - - ```shell - oc adm policy add-role-to-user elastic-operator developer -n elastic - ``` + ```sh + oc new-project elastic # creates the elastic project + ``` - In this example the user `developer` is allowed to manage Elastic resources in the namespace `elastic`. +4. [Optional] Allow another user or a group of users to manage the Elastic resources: + ```shell + oc adm policy add-role-to-user elastic-operator developer -n elastic + ``` + In this example the user `developer` is allowed to manage Elastic resources in the namespace `elastic`. \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s_prerequisites.md b/deploy-manage/deploy/cloud-on-k8s/k8s_prerequisites.md deleted file mode 100644 index 638d1f162e..0000000000 --- a/deploy-manage/deploy/cloud-on-k8s/k8s_prerequisites.md +++ /dev/null @@ -1,462 +0,0 @@ ---- -applies: - eck: all -mapped_pages: - - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_prerequisites.html ---- - -# Prerequisites [k8s_prerequisites] - -To set up the network policies correctly you must know the operator Pod selector and the Kubernetes API server IP. They may vary depending on your environment and how the operator has been installed. - -## Operator Pod selector [k8s_operator_pod_selector] - -The operator Pod label depends on how the operator has been installed. Check the following table to know which label name is used in the network policies. - -| Installation method | Pod selector | -| --- | --- | -| YAML manifests | `control-plane: elastic-operator`
| -| Helm Charts | `app.kubernetes.io/name: elastic-operator`
| - -::::{note} -The examples in this section assume that the ECK operator has been installed using the Helm chart. -:::: - - - -## Kubernetes API server IP [k8s_kubernetes_api_server_ip] - -Run `kubectl get endpoints kubernetes -n default` to obtain the API server IP address for your cluster. - -::::{note} -The following examples assume that the Kubernetes API server IP address is `10.0.0.1`. -:::: - - - -## Isolating the operator [k8s-network-policies-operator-isolation] - -The minimal set of permissions required are as follows: - -| | | -| --- | --- | -| Egress (outgoing) | * TCP port 443 of the Kubernetes API server.
* UDP port 53 for DNS lookup.
* TCP port 9200 of {{es}} nodes on managed namespace.
| -| Ingress (incoming) | * TCP port 9443 for webhook requests from the Kubernetes API server.
| - -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: elastic-operator - namespace: elastic-system -spec: - egress: - - ports: - - port: 53 - protocol: UDP - - ports: - - port: 443 - protocol: TCP - to: - - ipBlock: - cidr: 10.0.0.1/32 - - ports: - - port: 9200 - protocol: TCP - to: - - namespaceSelector: - matchExpressions: - - key: eck.k8s.elastic.co/tenant - operator: In - values: - - team-a - - team-b - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch - ingress: - - from: - - ipBlock: - cidr: 10.0.0.1/32 - ports: - - port: 9443 - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: elastic-operator -``` - - -## Isolating {{es}} [k8s-network-policies-elasticsearch-isolation] - -| | | -| --- | --- | -| Egress (outgoing) | * TCP port 9300 to other {{es}} nodes in the namespace (transport port).
* UDP port 53 for DNS lookup.
| -| Ingress (incoming) | * TCP port 9200 from the operator and other pods in the namespace.
* TCP port 9300 from other {{es}} nodes in the namespace (transport port).
| - -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: eck-elasticsearch - namespace: team-a -spec: - egress: - - ports: - - port: 9300 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch - - ports: - - port: 53 - protocol: UDP - ingress: - - from: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/operator-name: elastic-operator - podSelector: - matchLabels: - app.kubernetes.io/name: elastic-operator - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - # [Optional] Allow ingress controller pods from the ingress-nginx namespace. - #- namespaceSelector: - # matchLabels: - # name: ingress-nginx - ports: - - port: 9200 - protocol: TCP - - from: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch - ports: - - port: 9300 - protocol: TCP - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch -``` - - -## Isolating {{kib}} [k8s-network-policies-kibana-isolation] - -| | | -| --- | --- | -| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* UDP port 53 for DNS lookup.
| -| Ingress (incoming) | * TCP port 5601 from other pods in the namespace.
| - -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: eck-kibana - namespace: team-a -spec: - egress: - - ports: - - port: 9200 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch - # [Optional] Restrict to a single {es} cluster named hulk. - # elasticsearch.k8s.elastic.co/cluster-name=hulk - - ports: - - port: 53 - protocol: UDP - # [Optional] If Agent is deployed, this is to allow Kibana to access the Elastic Package Registry (https://epr.elastic.co). - # - port: 443 - # protocol: TCP - ingress: - - from: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - # [Optional] Allow ingress controller pods from the ingress-nginx namespace. - #- namespaceSelector: - # matchLabels: - # name: ingress-nginx - ports: - - port: 5601 - protocol: TCP - podSelector: - matchLabels: - common.k8s.elastic.co/type: kibana -``` - - -## Isolating APM Server [k8s-network-policies-apm-server-isolation] - -| | | -| --- | --- | -| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* TCP port 5601 to {{kib}} instances in the namespace.
* UDP port 53 for DNS lookup.
| -| Ingress (incoming) | * TCP port 8200 from other pods in the namespace.
| - -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: eck-apm-server - namespace: team-a -spec: - egress: - - ports: - - port: 9200 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch - - ports: - - port: 5601 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: kibana - - ports: - - port: 53 - protocol: UDP - ingress: - - from: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - # [Optional] Allow ingress controller pods from the ingress-nginx namespace. - #- namespaceSelector: - # matchLabels: - # name: ingress-nginx - ports: - - port: 8200 - protocol: TCP - podSelector: - matchLabels: - common.k8s.elastic.co/type: apm-server -``` - - -## Isolating Enterprise Search [k8s-network-policies-enterprise-search-isolation] - -| | | -| --- | --- | -| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* UDP port 53 for DNS lookup.
| -| Ingress (incoming) | * TCP port 3002 from other pods in the namespace.
| - -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: eck-enterprise-search - namespace: team-a -spec: - egress: - - ports: - - port: 9200 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch - - ports: - - port: 53 - protocol: UDP - ingress: - - from: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - # [Optional] Allow ingress controller pods from the ingress-nginx namespace. - #- namespaceSelector: - # matchLabels: - # name: ingress-nginx - ports: - - port: 3002 - protocol: TCP - podSelector: - matchLabels: - common.k8s.elastic.co/type: enterprise-search -``` - - -## Isolating {{beats}} [k8s-network-policies-beats-isolation] - -::::{note} -Some {{beats}} may require additional access rules than what is listed here. For example, {{heartbeat}} will require a rule to allow access to the endpoint it is monitoring. -:::: - - -| | | -| --- | --- | -| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* TCP port 5601 to {{kib}} instances in the namespace.
* UDP port 53 for DNS lookup.
| - -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: eck-beats - namespace: team-a -spec: - egress: - - ports: - - port: 9200 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch - - ports: - - port: 5601 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: kibana - - ports: - - port: 53 - protocol: UDP - podSelector: - matchLabels: - common.k8s.elastic.co/type: beat -``` - - -## Isolating {{agent}} and {{fleet}} [k8s-network-policies-agent-isolation] - -::::{note} -Some {{agent}} policies may require additional access rules other than those listed here. -:::: - - -| | | -| --- | --- | -| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* TCP port 5601 to {{kib}} instances in the namespace.
* TCP port 8220 to {{fleet}} instances in the namespace.
* UDP port 53 for DNS lookup.
| - -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: eck-agent - namespace: team-a -spec: - egress: - - ports: - - port: 8220 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: agent - - ports: - - port: 5601 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: kibana - - ports: - - port: 9200 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch - - ports: - - port: 53 - protocol: UDP - - ports: - - port: 443 - protocol: TCP - to: - - ipBlock: - cidr: 10.0.0.1/32 - ingress: - - from: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - ports: - - port: 8220 - protocol: TCP - podSelector: - matchLabels: - common.k8s.elastic.co/type: agent -``` - - -## Isolating {{ls}} [k8s-network-policies-logstash-isolation] - -::::{note} -{{ls}} may require additional access rules than those listed here, depending on plugin usage. -:::: - - -| | | -| --- | --- | -| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* UDP port 53 for DNS lookup.
| - -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: eck-logstash - namespace: team-a -spec: - egress: - - ports: - - port: 9200 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch - - ports: - - port: 53 - protocol: UDP - podSelector: - matchLabels: - common.k8s.elastic.co/type: logstash -``` - - diff --git a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md index 8fe3bd4324..b7cd38ce8c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md @@ -4,12 +4,6 @@ applies: --- # Manage deployments -% What needs to be done: Write from scratch - -% GitHub issue: https://github.com/elastic/docs-projects/issues/357 - -% Scope notes: To be decided... - This section provides detailed guidance on deploying, configuring, and managing Elasticsearch and Kibana within ECK. A **deployment** refers to an {{es}} cluster, optionally with one or more {{kib}} instances connected to it. ::::{tip} @@ -20,12 +14,12 @@ This content focuses on Elasticsearch and Kibana deployments. To orchestrate oth In this section, you'll learn how to perform the following tasks in ECK: -- [**Deploy an Elasticsearch cluster**](./elasticsearch-deployment-quickstart.md) → Orchestrate an {{es}} cluster in Kubernetes. -- [**Deploy Kibana instances**](./kibana-instance-quickstart.md) → Set up and connect Kibana to an existing Elasticsearch cluster. -- [**Manage deployments using Elastic Stack Helm chart**](./managing-deployments-using-helm-chart.md) → Use Helm to deploy clusters and other stack applications. -- [**Apply updates to your deployments**](./update-deployments.md) → Modify existing deployments, scale clusters, and update configurations, while ensuring minimal disruption. -- [**Configure access to your deployments**](./accessing-services.md) → Make your deployments available through Kubernetes services. -- [**Advanced configuration**](./configure-deployments.md) → Explore available settings for Elasticsearch and Kibana, including storage, networking, security, and scaling options. +- [**Deploy an Elasticsearch cluster**](./elasticsearch-deployment-quickstart.md): Orchestrate an {{es}} cluster in Kubernetes. +- [**Deploy Kibana instances**](./kibana-instance-quickstart.md): Set up and connect Kibana to an existing Elasticsearch cluster. +- [**Manage deployments using Elastic Stack Helm chart**](./managing-deployments-using-helm-chart.md): Use Helm to deploy clusters and other stack applications. +- [**Apply updates to your deployments**](./update-deployments.md): Modify existing deployments, scale clusters, and update configurations, while ensuring minimal disruption. +- [**Configure access to your deployments**](./accessing-services.md): Make your deployments available through Kubernetes services. +- [**Advanced configuration**](./configure-deployments.md): Explore available settings for Elasticsearch and Kibana, including storage, networking, security, and scaling options. For a complete reference on configuration possibilities for {{es}} and {{kib}}, see: diff --git a/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md index ca3522598e..883e76ab58 100644 --- a/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md @@ -19,21 +19,26 @@ helm repo update The minimum supported version of Helm is 3.2.0. :::: +The Elastic Stack (`eck-stack`) Helm chart is built on top of individual charts such as `eck-elasticsearch` and `eck-kibana`. For more details on its structure and dependencies, refer to the [chart repository](https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-stack/). +The chart enables you to deploy the core components ({{es}} and {{kib}}) together, along with other {{stack}} applications if needed, under the same chart release. The following sections guide you through the installation process for multiple use cases. Choose the command that best fits your setup. -## Installing Elasticsearch and Kibana using the eck-stack Helm Chart [k8s-install-elasticsearch-kibana-helm] +::::{tip} +All the provided examples deploy the applications in a namespace named `elastic-stack`. Consider adapting the commands to your use case. +:::: + +## Elasticsearch and Kibana [k8s-install-elasticsearch-kibana-helm] -Similar to the [quickstart](elasticsearch-deployment-quickstart.md), the following section describes how to setup an Elasticsearch cluster with a simple Kibana instance managed by ECK, and how to customize a deployment using the eck-stack Helm chart’s values. +Similar to the quickstart examples for {{es}} and {{kib}}, this section describes how to setup an {{es}} cluster with a simple {{kib}} instance managed by ECK, and how to customize a deployment using the eck-stack Helm chart’s values. ```sh # Install an eck-managed Elasticsearch and Kibana using the default values, which deploys the quickstart examples. helm install es-kb-quickstart elastic/eck-stack -n elastic-stack --create-namespace ``` +### Customize Elasticsearch and Kibana installation with example values [k8s-eck-stack-helm-customize] -### Customizing Kibana and Elasticsearch using the eck-stack Helm Chart’s example values [k8s-eck-stack-helm-customize] - -There are example Helm values files for installing and managing a more advanced Elasticsearch and/or Kibana [in the project repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/deploy/eck-stack/examples). +You can find example Helm values files for deploying and managing more advanced Elasticsearch and Kibana setups [in the project repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/deploy/eck-stack/examples). To use one or more of these example configurations, use the `--values` Helm option, as seen in the following section. @@ -44,8 +49,7 @@ helm install es-quickstart elastic/eck-stack -n elastic-stack --create-namespace --values https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.16/deploy/eck-stack/examples/kibana/http-configuration.yaml ``` - -## Installing Fleet Server with Elastic Agents along with Elasticsearch and Kibana using the eck-stack Helm Chart [k8s-install-fleet-agent-elasticsearch-kibana-helm] +## Fleet Server with Elastic Agents along with Elasticsearch and Kibana [k8s-install-fleet-agent-elasticsearch-kibana-helm] The following section builds upon the previous section, and allows installing Fleet Server, and Fleet-managed Elastic Agents along with Elasticsearch and Kibana. @@ -55,8 +59,7 @@ helm install eck-stack-with-fleet elastic/eck-stack \ --values https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.16/deploy/eck-stack/examples/agent/fleet-agents.yaml -n elastic-stack ``` - -## Installing Logstash along with Elasticsearch, Kibana and Beats using the eck-stack Helm Chart [k8s-install-logstash-elasticsearch-kibana-helm] +## Logstash along with Elasticsearch, Kibana and Beats [k8s-install-logstash-elasticsearch-kibana-helm] The following section builds upon the previous sections, and allows installing Logstash along with Elasticsearch, Kibana and Beats. @@ -66,8 +69,7 @@ helm install eck-stack-with-logstash elastic/eck-stack \ --values https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.16/deploy/eck-stack/examples/logstash/basic-eck.yaml -n elastic-stack ``` - -## Installing a standalone Elastic APM Server along with Elasticsearch and Kibana using the eck-stack Helm Chart [k8s-install-apm-server-elasticsearch-kibana-helm] +## Standalone Elastic APM Server along with Elasticsearch and Kibana [k8s-install-apm-server-elasticsearch-kibana-helm] The following section builds upon the previous sections, and allows installing a standalone Elastic APM Server along with Elasticsearch and Kibana. @@ -77,8 +79,7 @@ helm install eck-stack-with-apm-server elastic/eck-stack \ --values https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.16/deploy/eck-stack/examples/apm-server/basic.yaml -n elastic-stack ``` - -## Installing an Elastic Enterprise Search Server along with Elasticsearch and Kibana using the eck-stack Helm Chart [k8s-install-enterprise-search-elasticsearch-kibana-helm] +## Elastic Enterprise Search Server along with Elasticsearch and Kibana [k8s-install-enterprise-search-elasticsearch-kibana-helm] The following section builds upon the previous sections, and allows installing an Elastic Enterprise Search Server along with Elasticsearch and Kibana. @@ -88,13 +89,12 @@ helm install eck-stack-with-enterprise-search elastic/eck-stack \ --values https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.16/deploy/eck-stack/examples/enterprise-search/basic.yaml -n elastic-stack ``` - -### Installing individual components of the Elastic Stack using the Helm Charts [k8s-eck-stack-individual-components] +## Install individual components of the Elastic Stack [k8s-eck-stack-individual-components] You can install individual components in one of two ways using the provided Helm Charts. 1. Using Helm values -2. Using the individual Helm Charts directly +2. Using the individual Helm Charts directly (not the `eck-stack` helm chart) **Using Helm values to install only Elasticsearch** @@ -108,12 +108,75 @@ helm install es-quickstart elastic/eck-stack -n elastic-stack --create-namespace helm install es-quickstart elastic/eck-elasticsearch -n elastic-stack --create-namespace ``` +For more details about eck-stack helm chart, the other individual charts, and all possible values, refer to the [chart repository](https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-stack/). -### Adding Ingress to the Elastic stack using the Helm Charts [k8s-eck-stack-ingress] +## Adding Ingress to the Elastic stack [k8s-eck-stack-ingress] -Both Elasticsearch and Kibana support Ingress, which can be enabled using the following options: +Both Elasticsearch and Kibana support [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/), which can be enabled using the following options: + +**If an individual chart is used (not eck-stack)** ```sh -helm install es-quickstart elastic/eck-elasticsearch -n elastic-stack --create-namespace --set=ingress.enabled=true --set=ingress.hosts[0].host=elasticsearch.example.com --set=ingress.hosts[0].path="/" +helm install es-quickstart elastic/eck-elasticsearch -n elastic-stack --create-namespace \ + --set=ingress.enabled=true --set=ingress.hosts[0].host=elasticsearch.example.com --set=ingress.hosts[0].path="/" ``` +**If eck-stack chart is used** + +The following command deploys the basic {{es}} and {{kib}} example with ingress resources for both components: + +```sh +helm install es-kb-quickstart elastic/eck-stack -n elastic-stack --create-namespace \ + --set=eck-elasticsearch.ingress.enabled=true --set=eck-elasticsearch.ingress.hosts[0].host=elasticsearch.example.com --set=eck-elasticsearch.ingress.hosts[0].path="/" \ + --set=eck-kibana.ingress.enabled=true --set=eck-kibana.ingress.hosts[0].host=kibana.example.com --set=eck-kibana.ingress.hosts[0].path="/" +``` + +For illustration purposes, the ingress objects created by the previous command will look similar to the following: + +```yaml +# Source: eck-stack/charts/eck-elasticsearch/templates/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: elasticsearch + labels: + helm.sh/chart: eck-elasticsearch-0.14.1 + app.kubernetes.io/name: eck-elasticsearch + app.kubernetes.io/instance: es-kb-quickstart + app.kubernetes.io/managed-by: Helm +spec: + rules: + - host: "elasticsearch.example.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: elasticsearch-es-http + port: + number: 9200 +--- +# Source: eck-stack/charts/eck-kibana/templates/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: es-kb-quickstart-eck-kibana + labels: + helm.sh/chart: eck-kibana-0.14.1 + app.kubernetes.io/name: eck-kibana + app.kubernetes.io/instance: es-kb-quickstart + app.kubernetes.io/managed-by: Helm +spec: + rules: + - host: "kibana.example.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: es-kb-quickstart-eck-kibana-kb-http + port: + number: 5601 +``` \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/network-policies.md b/deploy-manage/deploy/cloud-on-k8s/network-policies.md index 2fd238b0cf..1ee0174bf2 100644 --- a/deploy-manage/deploy/cloud-on-k8s/network-policies.md +++ b/deploy-manage/deploy/cloud-on-k8s/network-policies.md @@ -3,17 +3,23 @@ applies: eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-network-policies.html + - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_prerequisites.html --- +% this section could be moved entirely to security. to be considered. + # Network policies [k8s-network-policies] -[Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) allow you to isolate pods by restricting incoming and outgoing network connections to a trusted set of sources and destinations. This section describes how to use network policies to isolate the ECK operator and the {{stack}} applications to a set of namespaces to implement a form of soft multi-tenancy. Soft multi-tenancy is a term used to describe a scenario where a group of trusted users (different teams within an organization, for example) share a single resource such as a Kubernetes cluster. Note that network policies alone are not sufficient for security. You should complement them with strict RBAC policies, resource quotas, node taints, and other available security mechanisms to ensure that tenants cannot access, modify, or disrupt resources belonging to each other. +Kubernetes [network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) allow you to isolate pods by restricting incoming and outgoing network connections to a trusted set of sources and destinations. + +This section describes how to use network policies to isolate the ECK operator and the {{stack}} applications to a set of namespaces to implement a form of soft multi-tenancy. Soft multi-tenancy is a term used to describe a scenario where a group of trusted users (different teams within an organization, for example) share a single resource such as a Kubernetes cluster. + +Note that network policies alone are not sufficient for security. You should complement them with strict RBAC policies, resource quotas, node taints, and other available security mechanisms to ensure that tenants cannot access, modify, or disrupt resources belonging to each other. ::::{note} There are several efforts to support multi-tenancy on Kubernetes, including the [official working group for multi-tenancy](https://github.com/kubernetes-sigs/multi-tenancy) and community extensions such as [loft](https://loft.sh) and [kiosk](https://github.com/kiosk-sh/kiosk), that can make configuration and management easier. You might need to employ network policies such the ones described in this section to have fine-grained control over {{stack}} applications deployed by your tenants. :::: - The following sections assume that the operator is installed in the `elastic-system` namespace with the [`namespaces` configuration](configure-eck.md) set to `team-a,team-b`. Each namespace is expected to be labelled as follows: ```sh @@ -22,4 +28,452 @@ kubectl label namespace team-a eck.k8s.elastic.co/tenant=team-a kubectl label namespace team-b eck.k8s.elastic.co/tenant=team-b ``` +## Prerequisites [k8s_prerequisites] + +To set up the network policies correctly you must know the operator Pod selector and the Kubernetes API server IP. They may vary depending on your environment and how the operator has been installed. + +### Operator Pod selector [k8s_operator_pod_selector] + +The operator Pod label depends on how the operator has been installed. Check the following table to know which label name is used in the network policies. + +| Installation method | Pod selector | +| --- | --- | +| YAML manifests | `control-plane: elastic-operator`
| +| Helm Charts | `app.kubernetes.io/name: elastic-operator`
| + +::::{note} +The examples in this section assume that the ECK operator has been installed using the Helm chart. +:::: + +### Kubernetes API server IP [k8s_kubernetes_api_server_ip] + +Run `kubectl get endpoints kubernetes -n default` to obtain the API server IP address for your cluster. + +::::{note} +The following examples assume that the Kubernetes API server IP address is `10.0.0.1`. +:::: + +## Isolating the operator [k8s-network-policies-operator-isolation] + +The minimal set of permissions required are as follows: + +| | | +| --- | --- | +| Egress (outgoing) | * TCP port 443 of the Kubernetes API server.
* UDP port 53 for DNS lookup.
* TCP port 9200 of {{es}} nodes on managed namespace.
| +| Ingress (incoming) | * TCP port 9443 for webhook requests from the Kubernetes API server.
| + +```yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: elastic-operator + namespace: elastic-system +spec: + egress: + - ports: + - port: 53 + protocol: UDP + - ports: + - port: 443 + protocol: TCP + to: + - ipBlock: + cidr: 10.0.0.1/32 + - ports: + - port: 9200 + protocol: TCP + to: + - namespaceSelector: + matchExpressions: + - key: eck.k8s.elastic.co/tenant + operator: In + values: + - team-a + - team-b + podSelector: + matchLabels: + common.k8s.elastic.co/type: elasticsearch + ingress: + - from: + - ipBlock: + cidr: 10.0.0.1/32 + ports: + - port: 9443 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: elastic-operator +``` + + +## Isolating Elasticsearch [k8s-network-policies-elasticsearch-isolation] + +| | | +| --- | --- | +| Egress (outgoing) | * TCP port 9300 to other {{es}} nodes in the namespace (transport port).
* UDP port 53 for DNS lookup.
| +| Ingress (incoming) | * TCP port 9200 from the operator and other pods in the namespace.
* TCP port 9300 from other {{es}} nodes in the namespace (transport port).
| + +```yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: eck-elasticsearch + namespace: team-a +spec: + egress: + - ports: + - port: 9300 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: elasticsearch + - ports: + - port: 53 + protocol: UDP + ingress: + - from: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/operator-name: elastic-operator + podSelector: + matchLabels: + app.kubernetes.io/name: elastic-operator + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + # [Optional] Allow ingress controller pods from the ingress-nginx namespace. + #- namespaceSelector: + # matchLabels: + # name: ingress-nginx + ports: + - port: 9200 + protocol: TCP + - from: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: elasticsearch + ports: + - port: 9300 + protocol: TCP + podSelector: + matchLabels: + common.k8s.elastic.co/type: elasticsearch +``` + + +## Isolating Kibana [k8s-network-policies-kibana-isolation] + +| | | +| --- | --- | +| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* UDP port 53 for DNS lookup.
| +| Ingress (incoming) | * TCP port 5601 from other pods in the namespace.
| + +```yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: eck-kibana + namespace: team-a +spec: + egress: + - ports: + - port: 9200 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: elasticsearch + # [Optional] Restrict to a single {es} cluster named hulk. + # elasticsearch.k8s.elastic.co/cluster-name=hulk + - ports: + - port: 53 + protocol: UDP + # [Optional] If Agent is deployed, this is to allow Kibana to access the Elastic Package Registry (https://epr.elastic.co). + # - port: 443 + # protocol: TCP + ingress: + - from: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + # [Optional] Allow ingress controller pods from the ingress-nginx namespace. + #- namespaceSelector: + # matchLabels: + # name: ingress-nginx + ports: + - port: 5601 + protocol: TCP + podSelector: + matchLabels: + common.k8s.elastic.co/type: kibana +``` + + +## Isolating APM Server [k8s-network-policies-apm-server-isolation] + +| | | +| --- | --- | +| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* TCP port 5601 to {{kib}} instances in the namespace.
* UDP port 53 for DNS lookup.
| +| Ingress (incoming) | * TCP port 8200 from other pods in the namespace.
| + +```yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: eck-apm-server + namespace: team-a +spec: + egress: + - ports: + - port: 9200 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: elasticsearch + - ports: + - port: 5601 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: kibana + - ports: + - port: 53 + protocol: UDP + ingress: + - from: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + # [Optional] Allow ingress controller pods from the ingress-nginx namespace. + #- namespaceSelector: + # matchLabels: + # name: ingress-nginx + ports: + - port: 8200 + protocol: TCP + podSelector: + matchLabels: + common.k8s.elastic.co/type: apm-server +``` + + +## Isolating Enterprise Search [k8s-network-policies-enterprise-search-isolation] + +| | | +| --- | --- | +| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* UDP port 53 for DNS lookup.
| +| Ingress (incoming) | * TCP port 3002 from other pods in the namespace.
| + +```yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: eck-enterprise-search + namespace: team-a +spec: + egress: + - ports: + - port: 9200 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: elasticsearch + - ports: + - port: 53 + protocol: UDP + ingress: + - from: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + # [Optional] Allow ingress controller pods from the ingress-nginx namespace. + #- namespaceSelector: + # matchLabels: + # name: ingress-nginx + ports: + - port: 3002 + protocol: TCP + podSelector: + matchLabels: + common.k8s.elastic.co/type: enterprise-search +``` + + +## Isolating Beats [k8s-network-policies-beats-isolation] + +::::{note} +Some {{beats}} may require additional access rules than what is listed here. For example, {{heartbeat}} will require a rule to allow access to the endpoint it is monitoring. +:::: + + +| | | +| --- | --- | +| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* TCP port 5601 to {{kib}} instances in the namespace.
* UDP port 53 for DNS lookup.
| + +```yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: eck-beats + namespace: team-a +spec: + egress: + - ports: + - port: 9200 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: elasticsearch + - ports: + - port: 5601 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: kibana + - ports: + - port: 53 + protocol: UDP + podSelector: + matchLabels: + common.k8s.elastic.co/type: beat +``` + + +## Isolating Elastic Agent and Fleet [k8s-network-policies-agent-isolation] + +::::{note} +Some {{agent}} policies may require additional access rules other than those listed here. +:::: + + +| | | +| --- | --- | +| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* TCP port 5601 to {{kib}} instances in the namespace.
* TCP port 8220 to {{fleet}} instances in the namespace.
* UDP port 53 for DNS lookup.
| + +```yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: eck-agent + namespace: team-a +spec: + egress: + - ports: + - port: 8220 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: agent + - ports: + - port: 5601 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: kibana + - ports: + - port: 9200 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: elasticsearch + - ports: + - port: 53 + protocol: UDP + - ports: + - port: 443 + protocol: TCP + to: + - ipBlock: + cidr: 10.0.0.1/32 + ingress: + - from: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + ports: + - port: 8220 + protocol: TCP + podSelector: + matchLabels: + common.k8s.elastic.co/type: agent +``` + +## Isolating Logstash [k8s-network-policies-logstash-isolation] + +::::{note} +{{ls}} may require additional access rules than those listed here, depending on plugin usage. +:::: + + +| | | +| --- | --- | +| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* UDP port 53 for DNS lookup.
| + +```yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: eck-logstash + namespace: team-a +spec: + egress: + - ports: + - port: 9200 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + eck.k8s.elastic.co/tenant: team-a + podSelector: + matchLabels: + common.k8s.elastic.co/type: elasticsearch + - ports: + - port: 53 + protocol: UDP + podSelector: + matchLabels: + common.k8s.elastic.co/type: logstash +``` diff --git a/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md b/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md index 8660fb963c..322f54ea56 100644 --- a/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md +++ b/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md @@ -3,27 +3,27 @@ This section explains how to deploy and configure various Elastic Stack applications within Elastic Cloud on Kubernetes (ECK). ::::{tip} -This content applies to **APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash** applications. To orchestrate an **{{es}}** cluster or **{{kib}}**, refer to [](./manage-deployments.md). +This content applies to APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash applications. To orchestrate an {{es}} cluster or {{kib}}, refer to [](./manage-deployments.md). :::: The following guides provide specific instructions for deploying and configuring each application on ECK: -* [*APM Server*](apm-server.md) -* [*Standalone Elastic Agent*](standalone-elastic-agent.md) -* [*{{fleet}}-managed {{agent}}*](fleet-managed-elastic-agent.md) -* [*Elastic Maps Server*](elastic-maps-server.md) -* [*Enterprise Search*](enterprise-search.md) -* [*Beats*](beats.md) -* [*{{ls}}*](logstash.md) +* [APM Server](apm-server.md) +* [Standalone Elastic Agent](standalone-elastic-agent.md) +* [{{fleet}}-managed {{agent}}](fleet-managed-elastic-agent.md) +* [Elastic Maps Server](elastic-maps-server.md) +* [Enterprise Search](enterprise-search.md) +* [Beats](beats.md) +* [{{ls}}](logstash.md) When orchestrating any of these applications, also consider the following topics, originally presented for {{es}} and {{kib}}: -* [*Elastic Stack Helm Chart*](managing-deployments-using-helm-chart.md) -* [*Recipes*](recipes.md) -* [*Secure the Elastic Stack*](../../security.md) -* [*Access Elastic Stack services*](accessing-services.md) -* [*Customize Pods*](customize-pods.md) -* [*Manage compute resources*](manage-compute-resources.md) -* [*Autoscaling stateless applications*](../../autoscaling/autoscaling-stateless-applications-on-eck.md) -* [*Elastic Stack configuration policies*](elastic-stack-configuration-policies.md) -* [*Upgrade the Elastic Stack version*](../../upgrade/deployment-or-cluster.md) -* [*Connect to external Elastic resources*](connect-to-external-elastic-resources.md) \ No newline at end of file +* [Elastic Stack Helm Chart](managing-deployments-using-helm-chart.md) +* [Recipes](recipes.md) +* [Secure the Elastic Stack](../../security.md) +* [Access Elastic Stack services](accessing-services.md) +* [Customize Pods](customize-pods.md) +* [Manage compute resources](manage-compute-resources.md) +* [Autoscaling stateless applications](../../autoscaling/autoscaling-stateless-applications-on-eck.md) +* [Elastic Stack configuration policies](elastic-stack-configuration-policies.md) +* [Upgrade the Elastic Stack version](../../upgrade/deployment-or-cluster.md) +* [Connect to external Elastic resources](connect-to-external-elastic-resources.md) \ No newline at end of file diff --git a/deploy-manage/toc.yml b/deploy-manage/toc.yml index 1efea7fd97..0259092c27 100644 --- a/deploy-manage/toc.yml +++ b/deploy-manage/toc.yml @@ -260,8 +260,6 @@ toc: - file: deploy/cloud-on-k8s/k8s-service-mesh-istio.md - file: deploy/cloud-on-k8s/k8s-service-mesh-linkerd.md - file: deploy/cloud-on-k8s/network-policies.md - children: - - file: deploy/cloud-on-k8s/k8s_prerequisites.md - file: deploy/cloud-on-k8s/webhook-namespace-selectors.md - file: deploy/cloud-on-k8s/manage-deployments.md children: From d4fd0f3d05628e1aeccd38576ae9b1744d3efefa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sat, 15 Feb 2025 12:20:37 +0100 Subject: [PATCH 48/70] going through Shaina's suggestions --- .../cloud-on-k8s/install-using-helm-chart.md | 4 ++++ .../install-using-yaml-manifest-quickstart.md | 12 ------------ .../managing-deployments-using-helm-chart.md | 19 ++++++++++++++++--- .../cloud-on-k8s/required-rbac-permissions.md | 2 -- .../cloud-on-k8s/settings-managed-by-eck.md | 4 ++-- .../deploy/cloud-on-k8s/update-deployments.md | 2 -- 6 files changed, 22 insertions(+), 21 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md index 247fc382a2..353f099d7c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md @@ -113,3 +113,7 @@ For example, an ECK 1.2.1 installation deployed using [YAML manifests](/deploy-m 1. If you have previously customized the operator configuration in this ConfigMap, you will have to repeat the configuration once the operator has been reinstalled in the next step. 3. Install the ECK operator using the Helm chart as described in [Install ECK using the Helm chart](./install-using-helm-chart.md). + +## Configure the webhook namespace selectors + +If needed, the Helm based installation support the configuration of the namespaces associated to the webhook validator. Refer to [](./webhook-namespace-selectors.md) for more information. \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md index fcc04447b3..894c39f0b0 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md @@ -9,18 +9,6 @@ applies: # Install ECK using the YAML manifests [k8s-install-yaml-manifests] -% What needs to be done: Refine - -% GitHub issue: https://github.com/elastic/docs-projects/issues/357 - -% Scope notes: Work with the quickstart and the small "yaml manifest installation" doc to create a single doc. - -% Use migrated content from existing pages that map to this page: - -% removed both -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-install-yaml-manifests.md -% - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-deploy-eck.md - In this guide, you'll learn how to deploy ECK using Elastic-provided YAML manifests. This method is the quickest way to get started with ECK if you have full administrative access to the Kubernetes cluster. To learn about other installation methods, refer to [](/deploy-manage/deploy/cloud-on-k8s/install.md). diff --git a/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md index 883e76ab58..dca34165e1 100644 --- a/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/managing-deployments-using-helm-chart.md @@ -108,8 +108,6 @@ helm install es-quickstart elastic/eck-stack -n elastic-stack --create-namespace helm install es-quickstart elastic/eck-elasticsearch -n elastic-stack --create-namespace ``` -For more details about eck-stack helm chart, the other individual charts, and all possible values, refer to the [chart repository](https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-stack/). - ## Adding Ingress to the Elastic stack [k8s-eck-stack-ingress] Both Elasticsearch and Kibana support [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/), which can be enabled using the following options: @@ -179,4 +177,19 @@ spec: name: es-kb-quickstart-eck-kibana-kb-http port: number: 5601 -``` \ No newline at end of file +``` + +## View available configuration options [k8s-install-helm-show-values-stack] + +You can view all configurable values of the Elastic Stack helm chart of the individual charts by running the following: + +```sh +helm show values elastic/eck-stack +helm show values elastic/eck-elasticsearch +helm show values elastic/eck-kibana +helm show values elastic/eck-agent +helm show values elastic/eck-beats +helm show values elastic/eck-apm-server +helm show values elastic/eck-fleet-server +helm show values elastic/eck-logstash +``` diff --git a/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md b/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md index f1c3c53399..6ff4dceb6a 100644 --- a/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md +++ b/deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md @@ -5,8 +5,6 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-eck-permissions.html --- -% candidate for REFERENCE content. - # Required RBAC permissions [k8s-eck-permissions] Installing and running ECK, as well as using ECK-managed resources, requires the following Kubernetes [permissions](https://kubernetes.io/docs/reference/access-authn-authz/rbac): diff --git a/deploy-manage/deploy/cloud-on-k8s/settings-managed-by-eck.md b/deploy-manage/deploy/cloud-on-k8s/settings-managed-by-eck.md index 891aecd7d1..617935e8b2 100644 --- a/deploy-manage/deploy/cloud-on-k8s/settings-managed-by-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/settings-managed-by-eck.md @@ -12,8 +12,8 @@ The following Elasticsearch settings are managed by ECK: * `cluster.name` * `discovery.seed_hosts` * `discovery.seed_providers` -* `discovery.zen.minimum_master_nodes` [7.0] -* `cluster.initial_master_nodes` [7.0] +* `discovery.zen.minimum_master_nodes` +* `cluster.initial_master_nodes` * `network.host` * `network.publish_host` * `path.data` diff --git a/deploy-manage/deploy/cloud-on-k8s/update-deployments.md b/deploy-manage/deploy/cloud-on-k8s/update-deployments.md index e00a9e2a52..8ce6fabaac 100644 --- a/deploy-manage/deploy/cloud-on-k8s/update-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/update-deployments.md @@ -6,8 +6,6 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-update-deployment.html --- -% consider moving this to Configure deployments - # Update your deployments [k8s-update-deployment] You can add and modify most elements of the original Kubernetes cluster specification provided that they translate to valid transformations of the underlying Kubernetes resources (for example [existing volume claims cannot be downsized](volume-claim-templates.md)). The ECK operator will attempt to apply your changes with minimal disruption to the existing cluster. You should ensure that the Kubernetes cluster has sufficient resources to accommodate the changes (extra storage space, sufficient memory and CPU resources to temporarily spin up new pods, and so on). From 94862bdd1b26d66833264b4b88901b56ad4fdabb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sat, 15 Feb 2025 12:26:35 +0100 Subject: [PATCH 49/70] note added to elasticsearch configuration doc --- .../deploy/cloud-on-k8s/elasticsearch-configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md index a644c6c3e5..afb8adda6d 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md @@ -7,7 +7,7 @@ mapped_pages: # Elasticsearch configuration [k8s-elasticsearch-specification] -Before you deploy and run ECK, take some time to look at the basic and advanced settings available on this page. These settings are related both to Elasticsearch and Kubernetes. +Before you deploy and run ECK in production, take some time to look at the basic and advanced settings available on this page. These settings are related both to Elasticsearch and Kubernetes functionality. **Basic settings** From 25a93ce9af2cd4f7c53faab9b240d83e442dc198 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 16 Feb 2025 08:15:25 +0100 Subject: [PATCH 50/70] continuing with review changes --- .../deploy/cloud-on-k8s/configure-eck.md | 2 ++ .../deploy/cloud-on-k8s/configure.md | 2 +- .../cloud-on-k8s/deploy-eck-on-openshift.md | 4 +--- .../elasticsearch-configuration.md | 19 +++++++++++---- .../cloud-on-k8s/install-using-helm-chart.md | 24 +++++++++++++------ .../install-using-yaml-manifest-quickstart.md | 21 ++++++++++------ deploy-manage/deploy/cloud-on-k8s/install.md | 5 ++-- .../webhook-namespace-selectors.md | 1 - 8 files changed, 52 insertions(+), 26 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md index bab930dee9..c2c6cc018d 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-eck.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-eck.md @@ -53,6 +53,8 @@ helm upgrade elastic-operator elastic/eck-operator --set config.ca-cert-validity If you installed ECK using the manifests and the commands listed in [Deploy ECK](./install-using-yaml-manifest-quickstart.md), you can configure it by editing the `eck.yaml` key of the `elastic-operator` ConfigMap. Add, remove or update any configuration setting there and the operator will restart automatically to apply the new changes unless the `--disable-config-watch` flag is set. +You can update the ConfigMap directly using the command `kubectl edit configmap elastic-operator -n elastic-operator` or modify the installation manifests and reapply them with `kubectl apply -f `. + The following shows the default `elastic-operator` ConfigMap, for reference purposes. Refer to asciidocalypse://reference/cloud/cloud-on-k8s/eck-configuration-flags.md for a complete list of available settings. ```yaml diff --git a/deploy-manage/deploy/cloud-on-k8s/configure.md b/deploy-manage/deploy/cloud-on-k8s/configure.md index ffd86006ee..a38f6ee1ff 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure.md @@ -1,5 +1,5 @@ --- -navigation_title: Configure ECK +navigation_title: Configure applies: eck: all mapped_pages: diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md index 07947fd3cd..05f2f1e8e4 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md @@ -7,7 +7,7 @@ mapped_pages: # Deploy ECK on Openshift [k8s-openshift] -This page shows how to run ECK on OpenShift. +This section shows how to run ECK on OpenShift. * [Before you begin](#k8s-openshift-before-you-begin) * [Deploy the operator](k8s-openshift-deploy-operator.md) @@ -21,8 +21,6 @@ This page shows how to run ECK on OpenShift. Some Docker images are incompatible with the `restricted` SCC. This is the case for the **APM Server before 7.9** and for **Enterprise Search 7.9 and 7.10**. You can use this [workaround](k8s-openshift-anyuid-workaround.md) to run those images with the `anyuid` SCC. :::: - - ## Before you begin [k8s-openshift-before-you-begin] 1. To run the instructions on this page, you must be a `system:admin` user or a user with the privileges to create Projects, CRDs, and RBAC resources at the cluster level. diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md index afb8adda6d..32f7732232 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md @@ -22,20 +22,29 @@ Before you deploy and run ECK in production, take some time to look at the basic Snapshots are essential for recovering Elasticsearch indices in case of accidental deletion or for migrating data between clusters. :::: +* [Nodes orchestration](nodes-orchestration.md) + * [Virtual memory](virtual-memory.md) * [Settings managed by ECK](settings-managed-by-eck.md) -* [Secure settings](../../security/secure-settings.md) * [Custom configuration files and plugins](custom-configuration-files-plugins.md) * [Init containers for plugin downloads](init-containers-for-plugin-downloads.md) * [Update strategy](update-strategy.md) * [Pod disruption budget](pod-disruption-budget.md) * [Advanced Elasticsearch node scheduling](advanced-elasticsearch-node-scheduling.md) -* [Nodes orchestration](nodes-orchestration.md) -* [Create automated snapshots](../../tools/snapshot-and-restore/cloud-on-k8s.md) -* [Remote clusters](../../remote-clusters/eck-remote-clusters.md) * [Readiness probe](readiness-probe.md) * [Pod PreStop hook](pod-prestop-hook.md) +* [Security Context](security-context.md) + +In other sections of the documentation you can find information for the following configuration use cases: + +* [Secure settings](../../security/secure-settings.md) +* [Remote clusters](../../remote-clusters/eck-remote-clusters.md) +* [Create automated snapshots](../../tools/snapshot-and-restore/cloud-on-k8s.md) * [Elasticsearch autoscaling](../../autoscaling/deployments-autoscaling-on-eck.md) + +**Troubleshooting utilities** + * [JVM heap dumps](../../../troubleshoot/deployments/cloud-on-k8s/jvm-heap-dumps.md) -* [Security Context](security-context.md) +* [ECK diagnostics utility](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) + diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md index 353f099d7c..1a71f2a6a8 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md @@ -19,8 +19,16 @@ helm repo update The minimum supported version of Helm is 3.2.0. :::: +## Installation options -## Cluster-wide (global) installation [k8s-install-helm-global] +The Elastic Operator Helm chart supports two main installation methods: + +* Cluster-wide (global) installation – Installs both the operator and all its Custom Resource Definitions (CRDs) in a single step. +* Restricted installation – Separates the installation of the CRDs from the operator, allowing multiple operator instances to coexist in the same cluster while managing different sets of namespaces. + +A restricted installation is required if you plan to run multiple operators in the same cluster or if the operator cannot have cluster-wide permissions. + +### Cluster-wide (global) installation [k8s-install-helm-global] This is the default mode of installation and is equivalent to [installing ECK using the stand-alone YAML manifests](./install-using-yaml-manifest-quickstart.md). @@ -28,7 +36,7 @@ This is the default mode of installation and is equivalent to [installing ECK us helm install elastic-operator elastic/eck-operator -n elastic-system --create-namespace ``` -## Restricted installation [k8s-install-helm-restricted] +### Restricted installation [k8s-install-helm-restricted] This mode avoids installing any cluster-scoped resources and restricts the operator to manage only a set of pre-defined namespaces. @@ -58,13 +66,14 @@ helm install elastic-operator elastic/eck-operator -n elastic-system --create-na --set=managedNamespaces='{namespace-a, namespace-b}' ``` -You can find the profile files in the Helm cache directory or from the [ECK source repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/deploy/eck-operator). - +You can find the profile files in the Helm cache directory or in the [ECK source repository](https://github.com/elastic/cloud-on-k8s/tree/2.16/deploy/eck-operator). :::: +The previous example disabled the validation webhook along with all other cluster-wide resources. If you need to enable the validation webhook in a restricted environment, see [](./webhook-namespace-selectors.md). To understand what the validation webhook does, refer to [](./configure-validating-webhook.md). + ## View available configuration options [k8s-install-helm-show-values] -You can view all configurable values by running the following: +You can view all configurable values of the operator Helm chart by running the following: ```sh helm show values elastic/eck-operator @@ -114,6 +123,7 @@ For example, an ECK 1.2.1 installation deployed using [YAML manifests](/deploy-m 3. Install the ECK operator using the Helm chart as described in [Install ECK using the Helm chart](./install-using-helm-chart.md). -## Configure the webhook namespace selectors +## Next steps -If needed, the Helm based installation support the configuration of the namespaces associated to the webhook validator. Refer to [](./webhook-namespace-selectors.md) for more information. \ No newline at end of file +* For ECK configuration settings, refer to [](/deploy-manage/deploy/cloud-on-k8s/configure.md). +* To continue with the installation of {{es}} and {{kib}} go to [](/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md). diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md index 894c39f0b0..79d4e6a28d 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md @@ -62,7 +62,7 @@ To deploy the ECK operator: ``` ::::{note} - The ECK operator runs by default in the `elastic-system` namespace. It is recommended that you choose a dedicated namespace for your workloads (such as Elasticsearch and Kibana), rather than using the `elastic-system` or the `default` namespace. + The ECK operator runs by default in the `elastic-system` namespace. While this namespace is used for the operator itself, it is recommended that you deploy your application workloads in a separate, dedicated namespace instead of `elastic-system` or `default`. You will need to consider this when setting up your applications. :::: 3. Using [`kubectl logs`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_logs), monitor the operator’s setup by watching the logs: @@ -71,13 +71,20 @@ To deploy the ECK operator: kubectl -n elastic-system logs -f statefulset.apps/elastic-operator ``` -4. Use [`kubectl get`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_get/) to check the operator status, passing in the namespace using the `-n` flag. When the operator is ready to use, it will report as `Running`. +4. Use [`kubectl get pods`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_get/) to check the operator status, passing in the namespace using the `-n` flag: + + ```sh + kubectl get -n elastic-system pods + ``` + + When the operator is ready to use, it will report as `Running` + + ``` + $ kubectl get -n elastic-system pods + NAME READY STATUS RESTARTS AGE + elastic-operator-0 1/1 Running 0 1m + ``` -``` -$ kubectl get -n elastic-system pods -NAME READY STATUS RESTARTS AGE -elastic-operator-0 1/1 Running 0 1m -``` ## Next steps diff --git a/deploy-manage/deploy/cloud-on-k8s/install.md b/deploy-manage/deploy/cloud-on-k8s/install.md index 66a13dae8b..40225ed409 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install.md +++ b/deploy-manage/deploy/cloud-on-k8s/install.md @@ -1,4 +1,5 @@ --- +navigation_title: Install applies: eck: all mapped_urls: @@ -23,13 +24,13 @@ You can install multiple instances of ECK in the same Kubernetes cluster, but on Deleting CRDs will trigger deletion of all custom resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) in all namespaces of the cluster, regardless of whether they are managed by a single operator or multiple operators. :::: -For a list of supported versions refer to [](../cloud-on-k8s.md#k8s-supported) +For a list of supported Kubernetes versions refer to [](../cloud-on-k8s.md#k8s-supported) ## Installation methods ECK supports multiple installation methods. Choose the one that best fits your infrastructure: -* [Install ECK using YAML manifests (quickstart)](./install-using-yaml-manifest-quickstart.md) +* [Install ECK using YAML manifests](./install-using-yaml-manifest-quickstart.md) * [Install ECK using a Helm chart](./install-using-helm-chart.md) * [](./deploy-eck-on-openshift.md) * [](./deploy-eck-on-gke-autopilot.md) diff --git a/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md b/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md index f40566429f..661a32e7ef 100644 --- a/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md +++ b/deploy-manage/deploy/cloud-on-k8s/webhook-namespace-selectors.md @@ -17,6 +17,5 @@ Webhook resources are cluster-scoped, therefore `createClusterScopedResources` m It is not recommended to deploy webhook resources in environments where operators are run by untrusted users and need to be locked down tightly. :::: - For more information, check [Configure the validating webhook](configure-validating-webhook.md) and [Dynamic Admission Control](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/). From c3cc9b821c01ba80f6bed81d27c42d3568a0df21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 16 Feb 2025 08:17:53 +0100 Subject: [PATCH 51/70] create custom images navigation changed --- deploy-manage/toc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/toc.yml b/deploy-manage/toc.yml index 0259092c27..ae5941038a 100644 --- a/deploy-manage/toc.yml +++ b/deploy-manage/toc.yml @@ -254,7 +254,6 @@ toc: - file: deploy/cloud-on-k8s/configure-eck.md - file: deploy/cloud-on-k8s/configure-validating-webhook.md - file: deploy/cloud-on-k8s/restrict-cross-namespace-resource-associations.md - - file: deploy/cloud-on-k8s/create-custom-images.md - file: deploy/cloud-on-k8s/service-meshes.md children: - file: deploy/cloud-on-k8s/k8s-service-mesh-istio.md @@ -345,6 +344,7 @@ toc: - file: deploy/cloud-on-k8s/configuration-examples-logstash.md - file: deploy/cloud-on-k8s/update-strategy-logstash.md - file: deploy/cloud-on-k8s/advanced-configuration-logstash.md + - file: deploy/cloud-on-k8s/create-custom-images.md - file: deploy/cloud-on-k8s/tools-apis.md - file: deploy/self-managed.md children: From 3bdafb6ee4f05d0dcb86e0b77e82605919640cd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 16 Feb 2025 08:30:51 +0100 Subject: [PATCH 52/70] gke autopilot merged --- .../deploy-eck-on-gke-autopilot.md | 51 +++++++++++++++++-- .../k8s-autopilot-deploy-agent-beats.md | 13 ----- .../k8s-autopilot-deploy-elasticsearch.md | 36 ------------- .../k8s-autopilot-deploy-operator.md | 10 ---- .../k8s-autopilot-setting-virtual-memory.md | 14 ----- deploy-manage/toc.yml | 5 -- 6 files changed, 46 insertions(+), 83 deletions(-) delete mode 100644 deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-agent-beats.md delete mode 100644 deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-elasticsearch.md delete mode 100644 deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-deploy-operator.md delete mode 100644 deploy-manage/deploy/cloud-on-k8s/k8s-autopilot-setting-virtual-memory.md diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md index ba9fdbc38f..a94f93d7f7 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md @@ -3,6 +3,10 @@ applies: eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-autopilot.html + - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-autopilot-setting-virtual-memory.html + - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-autopilot-deploy-the-operator.html + - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-autopilot-deploy-elasticsearch.html + - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-autopilot-deploy-agent-beats.html --- # Deploy ECK on GKE Autopilot [k8s-autopilot] @@ -12,15 +16,52 @@ This page shows how to run ECK on GKE Autopilot. 1. It is recommended that each Kubernetes host’s virtual memory kernel settings be modified. Refer to [Virtual memory](virtual-memory.md). 2. It is recommended that Elasticsearch Pods have an `initContainer` that waits for virtual memory settings to be in place. Refer to [Deploy an Elasticsearch instance](k8s-autopilot-deploy-elasticsearch.md). 3. For Elastic Agent/Beats there are storage limitations to be considered. Refer to [Deploy a standalone Elastic Agent and/or Beats](k8s-autopilot-deploy-agent-beats.md) -4. Ensure you are using a node class that is applicable for your workload by adding a `cloud.google.com/compute-class` label in a `nodeSelector`. Refer to [GKE Autopilot documentation.](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-compute-classes) +4. Ensure you are using a node class that is applicable for your workload by adding a `cloud.google.com/compute-class` label in a `nodeSelector`. Refer to [GKE Autopilot documentation.](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-compute-classes). - * [Ensuring virtual memory kernel settings](k8s-autopilot-setting-virtual-memory.md) - * [Installing the ECK Operator](k8s-autopilot-deploy-operator.md) - * [Deploy an Elasticsearch instance](k8s-autopilot-deploy-elasticsearch.md) - * [Deploy a standalone Elastic Agent and/or Beats](k8s-autopilot-deploy-agent-beats.md) +## Ensuring virtual memory kernel settings [k8s-autopilot-setting-virtual-memory] +If you are intending to run production workloads on GKE Autopilot then `vm.max_map_count` should be set. The recommended way to set this kernel setting on the Autopilot hosts is with a `Daemonset` as described in the [Virtual memory](virtual-memory.md) section. You must be running at least version 1.25 when on the `regular` channel or using the `rapid` channel, which currently runs version 1.27. +::::{warning} +Only use the provided `Daemonset` exactly as specified or it could be rejected by the Autopilot control plane. +:::: +## Install the ECK Operator [k8s-autopilot-deploy-the-operator] +Refer to [*Install ECK*](install.md) for more information on installation options. +## Deploy an Elasticsearch cluster [k8s-autopilot-deploy-elasticsearch] + +Create an Elasticsearch cluster. If you are using the `Daemonset` described in the [Virtual memory](virtual-memory.md) section to set `max_map_count` you can add the `initContainer` below is also used to ensure the setting is set prior to starting Elasticsearch. + +```shell +cat < Date: Sun, 16 Feb 2025 09:04:43 +0100 Subject: [PATCH 53/70] almost done --- .../elasticsearch-configuration.md | 38 ++++++++++--------- .../elasticsearch-deployment-quickstart.md | 8 +++- deploy-manage/deploy/cloud-on-k8s/install.md | 6 ++- .../kibana-instance-quickstart.md | 9 ++++- .../deploy/cloud-on-k8s/transport-settings.md | 1 - 5 files changed, 40 insertions(+), 22 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md index 32f7732232..a7d714cc6f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md @@ -5,36 +5,34 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elasticsearch-specification.html --- +% WORK IN PROGRESS HERE! # Elasticsearch configuration [k8s-elasticsearch-specification] Before you deploy and run ECK in production, take some time to look at the basic and advanced settings available on this page. These settings are related both to Elasticsearch and Kubernetes functionality. -**Basic settings** - -* [Node configuration](node-configuration.md) -* [Volume claim templates](volume-claim-templates.md) -* [Storage recommendations](storage-recommendations.md) -* [Transport settings](transport-settings.md) - -**Advanced settings** - -::::{note} -Snapshots are essential for recovering Elasticsearch indices in case of accidental deletion or for migrating data between clusters. -:::: - -* [Nodes orchestration](nodes-orchestration.md) - +**Basic {{es}} settings** +* [Node configuration](node-configuration.md): Configure the `elasticsearch.yml` of your {{es}} nodes. +* [Volume claim templates](volume-claim-templates.md): Configure storage in your {{es}} nodes. * [Virtual memory](virtual-memory.md) -* [Settings managed by ECK](settings-managed-by-eck.md) * [Custom configuration files and plugins](custom-configuration-files-plugins.md) * [Init containers for plugin downloads](init-containers-for-plugin-downloads.md) + +**Kubernetes and system related configuration** +* [Security Context](security-context.md): Kubernetes security context and kernel capabilities. * [Update strategy](update-strategy.md) * [Pod disruption budget](pod-disruption-budget.md) * [Advanced Elasticsearch node scheduling](advanced-elasticsearch-node-scheduling.md) * [Readiness probe](readiness-probe.md) + + +**Advanced configuration use cases** + +* [HTTP access](./accessing-services.md): Customize the HTTP service of your cluster. +* [HTTP TLS certificates](./tls-certificates.md): Customize HTTP TLS certificates. +* [Transport settings](transport-settings.md): Customize the service and TLS certificate for the transport protocol. * [Pod PreStop hook](pod-prestop-hook.md) -* [Security Context](security-context.md) + In other sections of the documentation you can find information for the following configuration use cases: @@ -43,6 +41,12 @@ In other sections of the documentation you can find information for the followin * [Create automated snapshots](../../tools/snapshot-and-restore/cloud-on-k8s.md) * [Elasticsearch autoscaling](../../autoscaling/deployments-autoscaling-on-eck.md) +**Theory** + +* [Nodes orchestration](nodes-orchestration.md): Learn how ECK orchestrates nodes, applies changes or upgrades the cluster. +* [Storage recommendations](storage-recommendations.md): Kubernetes storage considerations for {{es}} workloads. +* [Settings managed by ECK](settings-managed-by-eck.md): List of {{es}} settings that you cannot update. + **Troubleshooting utilities** * [JVM heap dumps](../../../troubleshoot/deployments/cloud-on-k8s/jvm-heap-dumps.md) diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md index dfcf283f78..77272a2cbf 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md @@ -140,6 +140,10 @@ In order to make requests to the [{{es}} API](https://www.elastic.co/guide/en/el ``` -This completes the quickstart of deploying an {{es}} cluster. We recommend continuing to [Deploy a {{kib}} instance](kibana-instance-quickstart.md) but for more configuration options as needed, navigate to [](./elasticsearch-configuration.md). +## Next steps -For more information about how to apply changes to your deployments, refer to [aplying updates](./update-deployments.md). \ No newline at end of file +This completes the quickstart of deploying an {{es}} cluster. We recommend continuing to: + +* [Deploy a {{kib}} instance](kibana-instance-quickstart.md) +* For more configuration options as needed, navigate to [](./elasticsearch-configuration.md). +* For more information about how to apply changes to your deployments, refer to [aplying updates](./update-deployments.md). \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/install.md b/deploy-manage/deploy/cloud-on-k8s/install.md index 40225ed409..99ff8898ba 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install.md +++ b/deploy-manage/deploy/cloud-on-k8s/install.md @@ -38,4 +38,8 @@ ECK supports multiple installation methods. Choose the one that best fits your i For air-gapped environments, refer to [](./air-gapped-install.md) to understand the requirements and installation considerations. -Refer to [Required RBAC permissions](required-rbac-permissions.md) for a complete list of the permissions needed by the operator. \ No newline at end of file +Refer to [Required RBAC permissions](required-rbac-permissions.md) for a complete list of the permissions needed by the operator. + +::::{note} +To upgrade ECK, refer to [](../../upgrade/orchestrator/upgrade-cloud-on-k8s.md). +:::: \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md index 912596409d..acfb771a67 100644 --- a/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md @@ -71,5 +71,12 @@ For a full description of each `CustomResourceDefinition` (CRD), refer to the [* kubectl describe crd kibana ``` -This completes the quickstart of deploying an {{kib}} instance on top of [the ECK operator](install-using-yaml-manifest-quickstart.md) and [deployed {{es}} cluster](elasticsearch-deployment-quickstart.md). We recommend continuing to [updating your deployment](update-deployments.md). For more {{kib}} configuration options, refer to [Running {{kib}} on ECK](kibana-configuration.md). +## Next steps + +This completes the quickstart of deploying an {{kib}} instance on top of [the ECK operator](install-using-yaml-manifest-quickstart.md) and [deployed {{es}} cluster](elasticsearch-deployment-quickstart.md). + +We recommend continuing to: +* [Updating your deployment](update-deployments.md). +* For more {{kib}} configuration options, refer to [Running {{kib}} on ECK](kibana-configuration.md). + diff --git a/deploy-manage/deploy/cloud-on-k8s/transport-settings.md b/deploy-manage/deploy/cloud-on-k8s/transport-settings.md index 27ab76cbe5..64a3f9f313 100644 --- a/deploy-manage/deploy/cloud-on-k8s/transport-settings.md +++ b/deploy-manage/deploy/cloud-on-k8s/transport-settings.md @@ -31,7 +31,6 @@ When you change the `clusterIP` setting of the service, ECK deletes and re-creat :::: - ## Configure a custom Certificate Authority [k8s-transport-ca] Elasticsearch uses X.509 certificates to establish encrypted and authenticated connections across nodes in the cluster. By default, ECK creates a self-signed CA certificate to issue a certificate [for each node in the cluster](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html#encrypt-internode-communication). From 51ad4b1308e68a237d90eb20b6ed599846a33623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 16 Feb 2025 11:05:17 +0100 Subject: [PATCH 54/70] plugins and config files updated --- .../custom-configuration-files-plugins.md | 96 +++++++++++++------ 1 file changed, 69 insertions(+), 27 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md b/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md index 54a3bccd4a..141dbd4e20 100644 --- a/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md +++ b/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md @@ -7,7 +7,7 @@ mapped_pages: # Custom configuration files and plugins [k8s-bundles-plugins] -To run Elasticsearch with specific plugins or configuration files installed on ECK, you have two options. Each option has its own pros and cons. +To run Elasticsearch with specific plugins or configuration files installed on ECK, you have multiple options. Each option has its own pros and cons. 1. Create a custom container image with the required plugins and configuration files. @@ -35,9 +35,26 @@ To run Elasticsearch with specific plugins or configuration files installed on E * Each Elasticsearch node needs to repeat the download, wasting bandwidth and slowing startup. * Deployment manifests are more complicated. +3. Use ConfigMaps or Secrets together with volumes and volume mounts for configuration files. + + * **Pros** + + * Best choice for injecting configuration files into your {{es}} nodes. + * Follows standard Kubernetes methodology to mount files into Pods. + + * **Cons** + + * Not valid for plugins installation. + * Requires to maintain the ConfigMaps or Secrets with the content of the files. + +The following sections provide examples for each of the mentioned options. + +## Create a custom image Refer to [Creating custom images](create-custom-images.md) for instructions on how to build custom Docker images based on the official Elastic images. +## Use init containers for plugins installation + The following example describes option 2, using a repository plugin. To install the plugin before the Elasticsearch nodes start, use an init container to run the [plugin installation tool](https://www.elastic.co/guide/en/elasticsearch/plugins/current/installation.html). ```yaml @@ -57,9 +74,9 @@ spec: bin/elasticsearch-plugin install --batch repository-azure ``` -To install custom configuration files you can use volumes and volume mounts. +### Note when using Istio [istio-note] -The next example shows how to add a synonyms file for the [synonym token filter](https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-synonym-tokenfilter.html) in Elasticsearch. But you can use the same approach for any kind of file you want to mount into the configuration directory of Elasticsearch. +When using Istio, init containers do **not** have network access, as the Envoy sidecar that provides network connectivity is not started yet. In this scenario, custom containers are the best option. If custom containers are simply not a viable option, then it is possible to adjust the startup command for the elasticsearch container itself to run the plugin installation before starting Elasticsearch, as the following example describes. Note that this approach will require updating the startup command if it changes in the Elasticsearch image, which could potentially cause failures during upgrades. ```yaml spec: @@ -69,24 +86,45 @@ spec: podTemplate: spec: containers: - - name: elasticsearch <1> - volumeMounts: - - name: synonyms - mountPath: /usr/share/elasticsearch/config/dictionaries - volumes: - - name: synonyms - configMap: - name: synonyms <2> + - name: elasticsearch + command: + - /usr/bin/env + - bash + - -c + - | + #!/usr/bin/env bash + set -e + bin/elasticsearch-plugin remove --purge repository-s3 || true + bin/elasticsearch-plugin install --batch repository-s3 + /bin/tini -- /usr/local/bin/docker-entrypoint.sh ``` -1. Elasticsearch runs by convention in a container called *elasticsearch*. -2. Assuming you have created a config map in the same namespace as Elasticsearch with the name *synonyms* containing the synonyms file(s). +## Use a volume and volume mount together with a ConfigMap or Secret +To install custom configuration files you can: -$$$istio-note$$$ -**Note when using Istio** +1. Add the configuration data into a ConfigMap or Secret. +2. Use volumes and volume mounts in your manifest to mount the contents of the ConfigMap or Secret as files in your {{es}} nodes. -When using Istio, init containers do **not** have network access, as the Envoy sidecar that provides network connectivity is not started yet. In this scenario, custom containers are the best option. If custom containers are simply not a viable option, then it is possible to adjust the startup command for the elasticsearch container itself to run the plugin installation before starting Elasticsearch, as the following example describes. Note that this approach will require updating the startup command if it changes in the Elasticsearch image, which could potentially cause failures during upgrades. +The next example shows how to add a synonyms file for the [synonym token filter](https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-synonym-tokenfilter.html) in Elasticsearch. But you can **use the same approach for any kind of file you want to mount into the configuration directory of Elasticsearch**, like adding CA certificates of external systems. + +1. Create the ConfigMap or Secret with the data: + +There are multiple ways to create and mount [ConfigMaps](https://kubernetes.io/docs/concepts/configuration/configmap/) and [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) on Kubernetes. Refer to the official documentation for more details. + +This example shows how to create a ConfigMap named `synonyms` with the content of a local file named `my-synonyms.txt` added into the `synonyms-elasticsearch.txt` key of the ConfigMap. + +```sh +kubectl create configmap synonyms -n --from-file=my-synonyms.txt=synonyms-elasticsearch.txt +``` + +::::{tip} +Create the ConfigMap or Secret in the same namespace where your {{es}} cluster runs. +:::: + +2. Declare the ConfigMap as a volume and mount it in the Elasticsearch containers. + +In this example, modify your {{es}} manifest to mount the contents of the `synonyms` ConfigMap into `/usr/share/elasticsearch/config/dictionaries` on the {{es}} nodes. ```yaml spec: @@ -96,15 +134,19 @@ spec: podTemplate: spec: containers: - - name: elasticsearch - command: - - /usr/bin/env - - bash - - -c - - | - #!/usr/bin/env bash - set -e - bin/elasticsearch-plugin remove --purge repository-s3 || true - bin/elasticsearch-plugin install --batch repository-s3 - /bin/tini -- /usr/local/bin/docker-entrypoint.sh + - name: elasticsearch <1> + volumeMounts: + - name: synonyms + mountPath: /usr/share/elasticsearch/config/dictionaries <2> + volumes: + - name: synonyms + configMap: <3> + name: synonyms <4> ``` + +1. Elasticsearch runs by convention in a container called `elasticsearch`. Do not change that value. +2. Use always a path under `/usr/share/elasticsearch/config`. +3. Use `secret` instead of `configMap` if you used a secret to store the data. +4. The ConfigMap name must be the same as the ConfigMap created in the previous step. + +After the changes are applied, {{es}} nodes should be able to access `dictionaries/synonyms-elasticsearch.txt` and use it in any [configuration setting](./node-configuration.md). From ebfeaba25ce9a9adb6627f4ab86ab38385c19ee6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 16 Feb 2025 11:05:47 +0100 Subject: [PATCH 55/70] toc reorganized a bit --- deploy-manage/toc.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy-manage/toc.yml b/deploy-manage/toc.yml index 06389f585c..01b3fa424e 100644 --- a/deploy-manage/toc.yml +++ b/deploy-manage/toc.yml @@ -281,6 +281,7 @@ toc: - file: deploy/cloud-on-k8s/readiness-probe.md - file: deploy/cloud-on-k8s/pod-prestop-hook.md - file: deploy/cloud-on-k8s/security-context.md + - file: deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md - file: deploy/cloud-on-k8s/kibana-configuration.md children: - file: deploy/cloud-on-k8s/k8s-kibana-es.md @@ -288,11 +289,10 @@ toc: - file: deploy/cloud-on-k8s/k8s-kibana-secure-settings.md - file: deploy/cloud-on-k8s/k8s-kibana-http-configuration.md - file: deploy/cloud-on-k8s/k8s-kibana-plugins.md - - file: deploy/cloud-on-k8s/tls-certificates.md - - file: deploy/cloud-on-k8s/recipes.md - - file: deploy/cloud-on-k8s/requests-routing-to-elasticsearch-nodes.md - file: deploy/cloud-on-k8s/customize-pods.md - file: deploy/cloud-on-k8s/manage-compute-resources.md + - file: deploy/cloud-on-k8s/tls-certificates.md + - file: deploy/cloud-on-k8s/recipes.md - file: deploy/cloud-on-k8s/elastic-stack-configuration-policies.md - file: deploy/cloud-on-k8s/connect-to-external-elastic-resources.md - file: deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md From 1aa17ad5e80d7206fa71c3ba04e85c16f876b920 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 16 Feb 2025 11:25:12 +0100 Subject: [PATCH 56/70] config overviews with links almost completed --- .../cloud-on-k8s/configure-deployments.md | 53 ++++++---------- .../deploy/cloud-on-k8s/configure.md | 31 +--------- .../elasticsearch-configuration.md | 61 +++++++++++++++++-- .../deploy/cloud-on-k8s/manage-deployments.md | 6 +- 4 files changed, 83 insertions(+), 68 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index 341b8134a9..9f9a873d91 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -6,57 +6,44 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-update-deployment.html --- -% the security link needs to be refined to point to the eck related section around security -% same for upgrade link - -% WORK IN PROGRESS, TOGETHER WITH CONFIGURE.md - # Configure deployments [k8s-orchestrating-elastic-stack-applications] This section provides details around {{kib}} and {{es}} configuration when running on ECK. For general information about how ECK applies configuration changes and the syntax to use in the YAML manifests, refer to [](./update-deployments.md). -* [**{{es}} configuration**](elasticsearch-configuration.md) → Review configuration possibilities to tune your {{es}} cluster running on ECK, learn how [nodes orchestration](./nodes-orchestration.md) work, [storage recommendations](./storage-recommendations.md), and more. - - * [Users and roles]() (SECURITY) - - * [](./requests-routing-to-elasticsearch-nodes.md) → Control the nodes receiving incoming traffic when using multiple `nodeSets` with different [node roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/node-roles-overview.html). - - * [{{es}} autoscaling on ECK](../../autoscaling/deployments-autoscaling-on-eck.md): +* [**{{es}} configuration**](elasticsearch-configuration.md): Review configuration possibilities to tune your {{es}} cluster running on ECK, learn how [nodes orchestration](./nodes-orchestration.md) work, [storage recommendations](./storage-recommendations.md), and more. - * [Snapshot and Restore](../../tools/snapshot-and-restore/cloud-on-k8s.md) - - * [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html) → Monitor your deployments smoothly with the help of ECK. - - * [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md) → Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. - -* [**{{kib}} configuration**](kibana-configuration.md) → Learn how to connect {{kib}} to an {{es}} cluster, apply advanced configuration settings, and tune the HTTP configuration. +* [**{{kib}} configuration**](kibana-configuration.md): Learn how to connect {{kib}} to an {{es}} cluster, apply advanced configuration settings, and tune the HTTP configuration. Additionally, the following topics apply to both {{es}} and {{kib}}, and in some cases, to other applications supported by ECK: -* [Configure secure settings]() (LINK TBD, SECURITY CONFIGURE ES AND KIB SECURE SETTINGS) +* [**Customize Pods**](customize-pods.md): Learn how to adapt the `podTemplate` field to your needs. -* [**Access services**](accessing-services.md) → Learn how to access to the orchestrated clusters and how to adapt the Kubernetes services to your needs. +* [**Manage compute resources**](manage-compute-resources.md): Important considerations around CPU and memory `requests` and `limits` when running production workloads. -* [**TLS certificates**](./tls-certificates.md) → Use your own SSL/TLS certificates for the HTTP endpoint of {{es}} or {{kib}}. +* [**Access services**](accessing-services.md): Learn how to access to the orchestrated clusters and how to adapt the Kubernetes services to your needs. -* [**Secure the Elastic Stack**](../../security.md) → Manage users and roles, authentication realms, and more. +* [**Recipes**](recipes.md): Advanced use cases examples available in our GitHub repository. -* [**Recipes**](recipes.md) → Advanced use cases examples available in our GitHub repository. +* [**Connect to external Elastic resources**](connect-to-external-elastic-resources.md): Use custom `secrets` for the `elasticsearchRef` and `kibanaRef` parameters. -* [**Customize Pods**](customize-pods.md) → Learn how to adapt the `podTemplate` field to your needs. +ECK also facilitates configuration and operation activities with advanced features, such as: -* [**Manage compute resources**](manage-compute-resources.md) → Important considerations around CPU and memory when running production workloads. +* [**Elastic Stack configuration policies**](elastic-stack-configuration-policies.md): Organize your {{es}} and {{kib}} configuration settings through `StackConfigPolicy` resources that can be referenced within your deployments. This helps to keep your manifests simplified. -* [**Autoscaling stateless applications**](../../autoscaling/autoscaling-stateless-applications-on-eck.md) → Use [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for {{kib}} or other stateless applications. +## Other sections -* [**Connect to external Elastic resources**](connect-to-external-elastic-resources.md) → Use `secrets` with custom settings for `elasticsearchRef` and `kibanaRef` parameters. +Other sections of the Elastic documentation cover additional topics related to deployments configuration on ECK: -ECK also facilitates configuration and operation activities with advanced features, such as: +**Security** -* [**Elastic Stack configuration policies**](elastic-stack-configuration-policies.md) → Organize your {{es}} and {{kib}} configuration settings through `StackConfigPolicy` resources that can be referenced within your deployments. + * [**HTTP TLS certificates**](./tls-certificates.md): Use your own SSL/TLS certificates for the HTTP endpoint of {{es}} and {{kib}}. + +**Monitoring and Logging** -* [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html) → Monitor your deployments smoothly with the help of ECK. + * [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html): Use ECK to manage logs and metrics for your deployments. -* [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md) → Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. +**Remote Clusters** + * [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. -* [**Upgrade the Elastic Stack version**](../../upgrade/deployment-or-cluster.md) → Upgrade orchestrated applications on ECK. \ No newline at end of file +**Autoscaling** + * [**Autoscaling stateless applications**](../../autoscaling/autoscaling-stateless-applications-on-eck.md): Use [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for {{kib}} or other stateless applications. \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/configure.md b/deploy-manage/deploy/cloud-on-k8s/configure.md index a38f6ee1ff..d7c8f7f220 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure.md @@ -32,9 +32,6 @@ The following guides cover common ECK configuration tasks: Other sections of the Elastic documentation cover additional topics related to ECK configuration: -* **Security** - * (topis related with ECK security (TLS certificates?), not deployments stuff ), CA certificates? - * **Monitoring** * [Configure the metrics endpoint](/deploy-manage/monitor/orchestrators/eck-metrics-configuration.md) (monitor an orchestrator) @@ -43,30 +40,4 @@ Other sections of the Elastic documentation cover additional topics related to E * **Maintenance** * [Upgrade ECK](../../upgrade/orchestrator/upgrade-cloud-on-k8s.md) - * [Uninstall ECK](../../uninstall/uninstall-elastic-cloud-on-kubernetes.md) - -(Apps related) -* **Snapshots and Restore** - * Manage snapshots repositories --> Pending to add to configure deployments. - -* **Remote Clusters** - * Configure interconnection between your {{es}} clusters with the help of ECK. - -* **Monitoring** - * Stack Monitoring (for deployments) - -* **Licensing** - * [Manage licenses in ECK](../../license/manage-your-license-in-eck.md) - -* **Maintenance** - * [Upgrade ECK](../../upgrade/orchestrator/upgrade-cloud-on-k8s.md) - * [Uninstall ECK](../../uninstall/uninstall-elastic-cloud-on-kubernetes.md) - -* **Autoscaling** - * Autoscaling stateless applications - * Elasticsearch autoscaling on ECK - -* Security - * SAML authentication - * Users and roles - * Built-in users \ No newline at end of file + * [Uninstall ECK](../../uninstall/uninstall-elastic-cloud-on-kubernetes.md) \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md index a7d714cc6f..c0a4caead4 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md @@ -5,18 +5,22 @@ mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elasticsearch-specification.html --- -% WORK IN PROGRESS HERE! # Elasticsearch configuration [k8s-elasticsearch-specification] Before you deploy and run ECK in production, take some time to look at the basic and advanced settings available on this page. These settings are related both to Elasticsearch and Kubernetes functionality. +**Read first** +* [Nodes orchestration](nodes-orchestration.md): Learn how ECK orchestrates nodes, applies changes or upgrades the cluster. +* [Storage recommendations](storage-recommendations.md): Kubernetes storage considerations for {{es}} workloads. + **Basic {{es}} settings** * [Node configuration](node-configuration.md): Configure the `elasticsearch.yml` of your {{es}} nodes. * [Volume claim templates](volume-claim-templates.md): Configure storage in your {{es}} nodes. -* [Virtual memory](virtual-memory.md) -* [Custom configuration files and plugins](custom-configuration-files-plugins.md) +* [Virtual memory](virtual-memory.md): Methods to accomplish {{es}} virtual memory system configuration requirement. +* [Custom configuration files and plugins](custom-configuration-files-plugins.md): Learn how to * [Init containers for plugin downloads](init-containers-for-plugin-downloads.md) +* [Settings managed by ECK](settings-managed-by-eck.md): List of {{es}} settings that you cannot update. **Kubernetes and system related configuration** * [Security Context](security-context.md): Kubernetes security context and kernel capabilities. @@ -37,7 +41,7 @@ Before you deploy and run ECK in production, take some time to look at the basic In other sections of the documentation you can find information for the following configuration use cases: * [Secure settings](../../security/secure-settings.md) -* [Remote clusters](../../remote-clusters/eck-remote-clusters.md) +* [Remote clusters](../../remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. * [Create automated snapshots](../../tools/snapshot-and-restore/cloud-on-k8s.md) * [Elasticsearch autoscaling](../../autoscaling/deployments-autoscaling-on-eck.md) @@ -52,3 +56,52 @@ In other sections of the documentation you can find information for the followin * [JVM heap dumps](../../../troubleshoot/deployments/cloud-on-k8s/jvm-heap-dumps.md) * [ECK diagnostics utility](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) + +***** REMOVED ***** + +**Remote Clusters** + * [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. + +(Apps related) +* **Snapshots and Restore** + * Manage snapshots repositories --> Pending to add to configure deployments. + +* **Remote Clusters** + * Configure interconnection between your {{es}} clusters with the help of ECK. + +* **Monitoring** + * Stack Monitoring (for deployments) + +* **Licensing** + * [Manage licenses in ECK](../../license/manage-your-license-in-eck.md) + +* **Maintenance** + * [Upgrade ECK](../../upgrade/orchestrator/upgrade-cloud-on-k8s.md) + * [Uninstall ECK](../../uninstall/uninstall-elastic-cloud-on-kubernetes.md) + +* **Autoscaling** + * Autoscaling stateless applications + * Elasticsearch autoscaling on ECK + +* Security + * Secure settings + * SAML authentication + * Users and roles + * Built-in users +* [**Secure the Elastic Stack**](../../security.md): Manage users and roles, authentication realms, and more. + + + * [Users and roles]() (SECURITY) + + * [](./requests-routing-to-elasticsearch-nodes.md): Control the nodes receiving incoming traffic when using multiple `nodeSets` with different [node roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/node-roles-overview.html). + + * [{{es}} autoscaling on ECK](../../autoscaling/deployments-autoscaling-on-eck.md): + + * [Snapshot and Restore](../../tools/snapshot-and-restore/cloud-on-k8s.md) + + * [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html): Monitor your deployments smoothly with the help of ECK. + + * [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. + + + diff --git a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md index b7cd38ce8c..693f04cd9e 100644 --- a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md @@ -24,4 +24,8 @@ In this section, you'll learn how to perform the following tasks in ECK: For a complete reference on configuration possibilities for {{es}} and {{kib}}, see: - [](./elasticsearch-configuration.md) -- [](./kibana-configuration.md) \ No newline at end of file +- [](./kibana-configuration.md) + +Other references for managing deployments: + +* [**Upgrade the Elastic Stack version**](../../upgrade/deployment-or-cluster.md): Upgrade orchestrated applications on ECK. From 7c10fc5afe3cf8421dc67ccb86f8c38416e88a27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 16 Feb 2025 12:52:19 +0100 Subject: [PATCH 57/70] getting there... --- .../cloud-on-k8s/configure-deployments.md | 16 ++-- .../elasticsearch-configuration.md | 75 ++++++++----------- .../deploy/cloud-on-k8s/manage-deployments.md | 2 +- deploy-manage/toc.yml | 8 +- 4 files changed, 46 insertions(+), 55 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index 9f9a873d91..857d523f9b 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -16,12 +16,12 @@ This section provides details around {{kib}} and {{es}} configuration when runni Additionally, the following topics apply to both {{es}} and {{kib}}, and in some cases, to other applications supported by ECK: +* [**Access services**](accessing-services.md): Learn how to access to the orchestrated clusters and how to adapt the Kubernetes services to your needs. + * [**Customize Pods**](customize-pods.md): Learn how to adapt the `podTemplate` field to your needs. * [**Manage compute resources**](manage-compute-resources.md): Important considerations around CPU and memory `requests` and `limits` when running production workloads. -* [**Access services**](accessing-services.md): Learn how to access to the orchestrated clusters and how to adapt the Kubernetes services to your needs. - * [**Recipes**](recipes.md): Advanced use cases examples available in our GitHub repository. * [**Connect to external Elastic resources**](connect-to-external-elastic-resources.md): Use custom `secrets` for the `elasticsearchRef` and `kibanaRef` parameters. @@ -36,14 +36,18 @@ Other sections of the Elastic documentation cover additional topics related to d **Security** +% the two pages about HTTP TLS certificate should be merged into one and be placed on Security docs * [**HTTP TLS certificates**](./tls-certificates.md): Use your own SSL/TLS certificates for the HTTP endpoint of {{es}} and {{kib}}. - + + * Custom HTTP certificate -> TBD: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-custom-http-certificate.html + + * SAML authentication -> TBD: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-saml-authentication.html (this mixes Elasticsearch and Kibana) + + * [Users and roles] -> TBD Link to wherever this ends up: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-users-and-roles.html + **Monitoring and Logging** * [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html): Use ECK to manage logs and metrics for your deployments. -**Remote Clusters** - * [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. - **Autoscaling** * [**Autoscaling stateless applications**](../../autoscaling/autoscaling-stateless-applications-on-eck.md): Use [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for {{kib}} or other stateless applications. \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md index c0a4caead4..ad6951fde3 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md @@ -18,70 +18,59 @@ Before you deploy and run ECK in production, take some time to look at the basic * [Node configuration](node-configuration.md): Configure the `elasticsearch.yml` of your {{es}} nodes. * [Volume claim templates](volume-claim-templates.md): Configure storage in your {{es}} nodes. * [Virtual memory](virtual-memory.md): Methods to accomplish {{es}} virtual memory system configuration requirement. -* [Custom configuration files and plugins](custom-configuration-files-plugins.md): Learn how to -* [Init containers for plugin downloads](init-containers-for-plugin-downloads.md) * [Settings managed by ECK](settings-managed-by-eck.md): List of {{es}} settings that you cannot update. +* [Custom configuration files and plugins](custom-configuration-files-plugins.md): Add extra configuration files or install plugins in your {{es}} nodes. +* [Init containers for plugin downloads](init-containers-for-plugin-downloads.md): Use Kubernetes init containers to install plugins before starting {{es}}. -**Kubernetes and system related configuration** +**Kubernetes related configuration** * [Security Context](security-context.md): Kubernetes security context and kernel capabilities. -* [Update strategy](update-strategy.md) -* [Pod disruption budget](pod-disruption-budget.md) -* [Advanced Elasticsearch node scheduling](advanced-elasticsearch-node-scheduling.md) -* [Readiness probe](readiness-probe.md) +* [Update strategy](update-strategy.md): +* [Pod disruption budget](pod-disruption-budget.md): +* [Advanced Elasticsearch node scheduling](advanced-elasticsearch-node-scheduling.md): Integrate standard Kubernetes scheduling options with your {{es}} nodes. +* [Readiness probe](readiness-probe.md): Customize `readinessProbe` in certain use cases. +**Traffic handling** +* [HTTP access](./accessing-services.md): Configure the HTTP service of your cluster. +* [](./requests-routing-to-elasticsearch-nodes.md): Control the nodes receiving incoming traffic when using multiple `nodeSets` with different [node roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/node-roles-overview.html). + +**TLS/SSL Certificates** +* [HTTP TLS certificates](./tls-certificates.md): Customize HTTP TLS certificates. +* [Transport settings](transport-settings.md): Customize the service and TLS certificates used for transport traffic. +* Custom SSL certificate: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-custom-http-certificate.html (needs to be merged and add to security (secure HTTP communications)) **Advanced configuration use cases** -* [HTTP access](./accessing-services.md): Customize the HTTP service of your cluster. -* [HTTP TLS certificates](./tls-certificates.md): Customize HTTP TLS certificates. -* [Transport settings](transport-settings.md): Customize the service and TLS certificate for the transport protocol. * [Pod PreStop hook](pod-prestop-hook.md) +## Other sections In other sections of the documentation you can find information for the following configuration use cases: -* [Secure settings](../../security/secure-settings.md) -* [Remote clusters](../../remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. -* [Create automated snapshots](../../tools/snapshot-and-restore/cloud-on-k8s.md) -* [Elasticsearch autoscaling](../../autoscaling/deployments-autoscaling-on-eck.md) - -**Theory** - -* [Nodes orchestration](nodes-orchestration.md): Learn how ECK orchestrates nodes, applies changes or upgrades the cluster. -* [Storage recommendations](storage-recommendations.md): Kubernetes storage considerations for {{es}} workloads. -* [Settings managed by ECK](settings-managed-by-eck.md): List of {{es}} settings that you cannot update. - -**Troubleshooting utilities** - -* [JVM heap dumps](../../../troubleshoot/deployments/cloud-on-k8s/jvm-heap-dumps.md) -* [ECK diagnostics utility](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) +**Security** + * [Secure settings](../../security/secure-settings.md) + * Built-in users +* [**Secure the Elastic Stack**](../../security.md): Manage users and roles, authentication realms, and more. -***** REMOVED ***** +* **Snapshots and Restore** + * [Create automated snapshots](../../tools/snapshot-and-restore/cloud-on-k8s.md) **Remote Clusters** * [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. -(Apps related) -* **Snapshots and Restore** - * Manage snapshots repositories --> Pending to add to configure deployments. - -* **Remote Clusters** - * Configure interconnection between your {{es}} clusters with the help of ECK. +* **Autoscaling** + * [Elasticsearch autoscaling](../../autoscaling/deployments-autoscaling-on-eck.md): Use {{es}} autoscaling functionality with ECK. * **Monitoring** - * Stack Monitoring (for deployments) + * [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html): Monitor your {{es}} cluster smoothly with the help of ECK. -* **Licensing** - * [Manage licenses in ECK](../../license/manage-your-license-in-eck.md) +**Troubleshoot** -* **Maintenance** - * [Upgrade ECK](../../upgrade/orchestrator/upgrade-cloud-on-k8s.md) - * [Uninstall ECK](../../uninstall/uninstall-elastic-cloud-on-kubernetes.md) + * [JVM heap dumps](../../../troubleshoot/deployments/cloud-on-k8s/jvm-heap-dumps.md) + * [ECK diagnostics utility](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) -* **Autoscaling** - * Autoscaling stateless applications - * Elasticsearch autoscaling on ECK + +***** REMOVED ***** * Security * Secure settings @@ -93,14 +82,12 @@ In other sections of the documentation you can find information for the followin * [Users and roles]() (SECURITY) - * [](./requests-routing-to-elasticsearch-nodes.md): Control the nodes receiving incoming traffic when using multiple `nodeSets` with different [node roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/node-roles-overview.html). * [{{es}} autoscaling on ECK](../../autoscaling/deployments-autoscaling-on-eck.md): * [Snapshot and Restore](../../tools/snapshot-and-restore/cloud-on-k8s.md) - * [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html): Monitor your deployments smoothly with the help of ECK. - + * [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. diff --git a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md index 693f04cd9e..fca7efe6ff 100644 --- a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md @@ -18,7 +18,7 @@ In this section, you'll learn how to perform the following tasks in ECK: - [**Deploy Kibana instances**](./kibana-instance-quickstart.md): Set up and connect Kibana to an existing Elasticsearch cluster. - [**Manage deployments using Elastic Stack Helm chart**](./managing-deployments-using-helm-chart.md): Use Helm to deploy clusters and other stack applications. - [**Apply updates to your deployments**](./update-deployments.md): Modify existing deployments, scale clusters, and update configurations, while ensuring minimal disruption. -- [**Configure access to your deployments**](./accessing-services.md): Make your deployments available through Kubernetes services. +- [**Configure access to your deployments**](./accessing-services.md): Use and adapt Kubernetes services to your needs. - [**Advanced configuration**](./configure-deployments.md): Explore available settings for Elasticsearch and Kibana, including storage, networking, security, and scaling options. For a complete reference on configuration possibilities for {{es}} and {{kib}}, see: diff --git a/deploy-manage/toc.yml b/deploy-manage/toc.yml index 01b3fa424e..472b7e41ae 100644 --- a/deploy-manage/toc.yml +++ b/deploy-manage/toc.yml @@ -266,17 +266,17 @@ toc: children: - file: deploy/cloud-on-k8s/elasticsearch-configuration.md children: + - file: deploy/cloud-on-k8s/nodes-orchestration.md + - file: deploy/cloud-on-k8s/storage-recommendations.md - file: deploy/cloud-on-k8s/node-configuration.md - file: deploy/cloud-on-k8s/volume-claim-templates.md - - file: deploy/cloud-on-k8s/storage-recommendations.md - - file: deploy/cloud-on-k8s/transport-settings.md - file: deploy/cloud-on-k8s/virtual-memory.md - file: deploy/cloud-on-k8s/settings-managed-by-eck.md - file: deploy/cloud-on-k8s/custom-configuration-files-plugins.md - file: deploy/cloud-on-k8s/init-containers-for-plugin-downloads.md + - file: deploy/cloud-on-k8s/transport-settings.md - file: deploy/cloud-on-k8s/update-strategy.md - file: deploy/cloud-on-k8s/pod-disruption-budget.md - - file: deploy/cloud-on-k8s/nodes-orchestration.md - file: deploy/cloud-on-k8s/advanced-elasticsearch-node-scheduling.md - file: deploy/cloud-on-k8s/readiness-probe.md - file: deploy/cloud-on-k8s/pod-prestop-hook.md @@ -293,8 +293,8 @@ toc: - file: deploy/cloud-on-k8s/manage-compute-resources.md - file: deploy/cloud-on-k8s/tls-certificates.md - file: deploy/cloud-on-k8s/recipes.md - - file: deploy/cloud-on-k8s/elastic-stack-configuration-policies.md - file: deploy/cloud-on-k8s/connect-to-external-elastic-resources.md + - file: deploy/cloud-on-k8s/elastic-stack-configuration-policies.md - file: deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md children: - file: deploy/cloud-on-k8s/apm-server.md From 4aa53da132b4ecce692e1ae7b8c499fd86d42261 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 16 Feb 2025 13:04:16 +0100 Subject: [PATCH 58/70] getting there... --- .../cloud-on-k8s/elasticsearch-configuration.md | 15 +++++++++------ .../deploy/cloud-on-k8s/readiness-probe.md | 3 ++- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md index ad6951fde3..7bc7bcce3b 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md @@ -9,7 +9,7 @@ mapped_pages: Before you deploy and run ECK in production, take some time to look at the basic and advanced settings available on this page. These settings are related both to Elasticsearch and Kubernetes functionality. -**Read first** +**Read first (theory)** * [Nodes orchestration](nodes-orchestration.md): Learn how ECK orchestrates nodes, applies changes or upgrades the cluster. * [Storage recommendations](storage-recommendations.md): Kubernetes storage considerations for {{es}} workloads. @@ -18,15 +18,18 @@ Before you deploy and run ECK in production, take some time to look at the basic * [Node configuration](node-configuration.md): Configure the `elasticsearch.yml` of your {{es}} nodes. * [Volume claim templates](volume-claim-templates.md): Configure storage in your {{es}} nodes. * [Virtual memory](virtual-memory.md): Methods to accomplish {{es}} virtual memory system configuration requirement. -* [Settings managed by ECK](settings-managed-by-eck.md): List of {{es}} settings that you cannot update. -* [Custom configuration files and plugins](custom-configuration-files-plugins.md): Add extra configuration files or install plugins in your {{es}} nodes. +* [Settings managed by ECK](settings-managed-by-eck.md): List of {{es}} settings that you shouldn't update. +* [Custom configuration files and plugins](custom-configuration-files-plugins.md): Add extra configuration files or install plugins to your {{es}} nodes. * [Init containers for plugin downloads](init-containers-for-plugin-downloads.md): Use Kubernetes init containers to install plugins before starting {{es}}. **Kubernetes related configuration** -* [Security Context](security-context.md): Kubernetes security context and kernel capabilities. -* [Update strategy](update-strategy.md): -* [Pod disruption budget](pod-disruption-budget.md): + +% This section shows interactions between Kubernetes standard functionality and your ECK managed clusters. + * [Advanced Elasticsearch node scheduling](advanced-elasticsearch-node-scheduling.md): Integrate standard Kubernetes scheduling options with your {{es}} nodes. +* [Update strategy](update-strategy.md): Control how the changes are applied to the cluster. +* [Pod disruption budget](pod-disruption-budget.md): Integrate Kubernetes Pod disruption budgets in your cluster. +* [Security Context](security-context.md): Kubernetes security context and kernel capabilities. * [Readiness probe](readiness-probe.md): Customize `readinessProbe` in certain use cases. **Traffic handling** diff --git a/deploy-manage/deploy/cloud-on-k8s/readiness-probe.md b/deploy-manage/deploy/cloud-on-k8s/readiness-probe.md index deeb00a40a..ec7ef13f50 100644 --- a/deploy-manage/deploy/cloud-on-k8s/readiness-probe.md +++ b/deploy-manage/deploy/cloud-on-k8s/readiness-probe.md @@ -41,9 +41,10 @@ spec: Note that this requires restarting the Pods. - ## Elasticsearch versions 8.2.0 and later [k8s_elasticsearch_versions_8_2_0_and_later] +% this feature might have disappeared, we will need to investigate this a bit more, as the link below doesn't work anymore but it does for 8.15 for example. + We do not recommend overriding the default readiness probe on Elasticsearch 8.2.0 and later. ECK configures a socket based readiness probe using the Elasticsearch [readiness port feature](https://www.elastic.co/guide/en/elasticsearch/reference/current/advanced-configuration.html#readiness-tcp-port) which is not influenced by the load on the Elasticsearch cluster. From 61cc8e1e7b4ae5fa8f3dc8077c11bca1baf3ba65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 16 Feb 2025 16:03:34 +0100 Subject: [PATCH 59/70] config section ready for next review --- .../cloud-on-k8s/configure-deployments.md | 5 +- .../elasticsearch-configuration.md | 60 ++++++------------- .../cloud-on-k8s/kibana-configuration.md | 4 +- .../orchestrate-other-elastic-applications.md | 2 +- 4 files changed, 22 insertions(+), 49 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index 857d523f9b..6afa507259 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -31,7 +31,7 @@ ECK also facilitates configuration and operation activities with advanced featur * [**Elastic Stack configuration policies**](elastic-stack-configuration-policies.md): Organize your {{es}} and {{kib}} configuration settings through `StackConfigPolicy` resources that can be referenced within your deployments. This helps to keep your manifests simplified. ## Other sections - +% check this other sections with the same section on elasticsearch-configuration to decide what to do Other sections of the Elastic documentation cover additional topics related to deployments configuration on ECK: **Security** @@ -48,6 +48,3 @@ Other sections of the Elastic documentation cover additional topics related to d **Monitoring and Logging** * [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html): Use ECK to manage logs and metrics for your deployments. - -**Autoscaling** - * [**Autoscaling stateless applications**](../../autoscaling/autoscaling-stateless-applications-on-eck.md): Use [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for {{kib}} or other stateless applications. \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md index 7bc7bcce3b..b75779c062 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md @@ -7,9 +7,11 @@ mapped_pages: # Elasticsearch configuration [k8s-elasticsearch-specification] -Before you deploy and run ECK in production, take some time to look at the basic and advanced settings available on this page. These settings are related both to Elasticsearch and Kubernetes functionality. +This section covers various Elasticsearch cluster configuration scenarios when using ECK. For configuration topics relevant to both {{es}} and {{kib}}, see the [](./configure-deployments.md). -**Read first (theory)** +Before deploying and running ECK in production, review the basic and advanced settings available on this page. These configurations integrate Elasticsearch, Kubernetes, and ECK operator functionality to help you fine-tune your deployment. + +**Read first** * [Nodes orchestration](nodes-orchestration.md): Learn how ECK orchestrates nodes, applies changes or upgrades the cluster. * [Storage recommendations](storage-recommendations.md): Kubernetes storage considerations for {{es}} workloads. @@ -22,76 +24,50 @@ Before you deploy and run ECK in production, take some time to look at the basic * [Custom configuration files and plugins](custom-configuration-files-plugins.md): Add extra configuration files or install plugins to your {{es}} nodes. * [Init containers for plugin downloads](init-containers-for-plugin-downloads.md): Use Kubernetes init containers to install plugins before starting {{es}}. -**Kubernetes related configuration** - -% This section shows interactions between Kubernetes standard functionality and your ECK managed clusters. +**Scheduling and lifecycle management** * [Advanced Elasticsearch node scheduling](advanced-elasticsearch-node-scheduling.md): Integrate standard Kubernetes scheduling options with your {{es}} nodes. * [Update strategy](update-strategy.md): Control how the changes are applied to the cluster. * [Pod disruption budget](pod-disruption-budget.md): Integrate Kubernetes Pod disruption budgets in your cluster. * [Security Context](security-context.md): Kubernetes security context and kernel capabilities. * [Readiness probe](readiness-probe.md): Customize `readinessProbe` in certain use cases. +* [Pod PreStop hook](pod-prestop-hook.md) **Traffic handling** + * [HTTP access](./accessing-services.md): Configure the HTTP service of your cluster. * [](./requests-routing-to-elasticsearch-nodes.md): Control the nodes receiving incoming traffic when using multiple `nodeSets` with different [node roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/node-roles-overview.html). **TLS/SSL Certificates** + * [HTTP TLS certificates](./tls-certificates.md): Customize HTTP TLS certificates. * [Transport settings](transport-settings.md): Customize the service and TLS certificates used for transport traffic. * Custom SSL certificate: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-custom-http-certificate.html (needs to be merged and add to security (secure HTTP communications)) -**Advanced configuration use cases** - -* [Pod PreStop hook](pod-prestop-hook.md) - ## Other sections In other sections of the documentation you can find information for the following configuration use cases: -**Security** +**Security** (TBD) * [Secure settings](../../security/secure-settings.md) - * Built-in users - -* [**Secure the Elastic Stack**](../../security.md): Manage users and roles, authentication realms, and more. + * [Secure the Elastic Stack](../../security.md): Manage users and roles, authentication realms, and more. + * Users and roles + * SAML authentication + * (TBD when security section is completed) -* **Snapshots and Restore** +* **Snapshot and Restore** * [Create automated snapshots](../../tools/snapshot-and-restore/cloud-on-k8s.md) **Remote Clusters** - * [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. + * [Remote clusters](/deploy-manage/remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. * **Autoscaling** - * [Elasticsearch autoscaling](../../autoscaling/deployments-autoscaling-on-eck.md): Use {{es}} autoscaling functionality with ECK. + * [{{es}} autoscaling](../../autoscaling/deployments-autoscaling-on-eck.md): Use {{es}} autoscaling functionality with ECK. -* **Monitoring** - * [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html): Monitor your {{es}} cluster smoothly with the help of ECK. +* **Monitoring and Logging** + * [Stack monitoring](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html): Monitor your {{es}} cluster smoothly with the help of ECK. **Troubleshoot** * [JVM heap dumps](../../../troubleshoot/deployments/cloud-on-k8s/jvm-heap-dumps.md) * [ECK diagnostics utility](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) - - -***** REMOVED ***** - -* Security - * Secure settings - * SAML authentication - * Users and roles - * Built-in users -* [**Secure the Elastic Stack**](../../security.md): Manage users and roles, authentication realms, and more. - - - * [Users and roles]() (SECURITY) - - - * [{{es}} autoscaling on ECK](../../autoscaling/deployments-autoscaling-on-eck.md): - - * [Snapshot and Restore](../../tools/snapshot-and-restore/cloud-on-k8s.md) - - - * [**Remote clusters**](/deploy-manage/remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. - - - diff --git a/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md b/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md index 450a28ce52..61ef331e85 100644 --- a/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md @@ -7,7 +7,7 @@ mapped_pages: # Kibana configuration [k8s-kibana] -The [quickstart](kibana-instance-quickstart.md) is a good starting point to quickly setup a {{kib}} instance with ECK. The following sections describe how to customize a {{kib}} deployment to suit your requirements. +The following sections describe how to customize a {{kib}} deployment to suit your requirements. * [Connect to an {{es}} cluster](k8s-kibana-es.md) @@ -28,7 +28,7 @@ The [quickstart](kibana-instance-quickstart.md) is a good starting point to quic * [Disable TLS](k8s-kibana-http-configuration.md#k8s-kibana-http-disable-tls) * [Install {{kib}} plugins](k8s-kibana-plugins.md) - +* [Autoscaling stateless applications](../../autoscaling/autoscaling-stateless-applications-on-eck.md): Use [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for {{kib}} or other stateless applications. diff --git a/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md b/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md index 322f54ea56..a6634e5d51 100644 --- a/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md +++ b/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md @@ -15,7 +15,7 @@ The following guides provide specific instructions for deploying and configuring * [Beats](beats.md) * [{{ls}}](logstash.md) -When orchestrating any of these applications, also consider the following topics, originally presented for {{es}} and {{kib}}: +When orchestrating any of these applications, also consider the following topics: * [Elastic Stack Helm Chart](managing-deployments-using-helm-chart.md) * [Recipes](recipes.md) From e0e98dc76fd8c907798d0ffea03dca2db7ef012e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Sun, 16 Feb 2025 16:11:59 +0100 Subject: [PATCH 60/70] fixing build errors --- deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md | 4 +--- .../deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md b/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md index bdd0266d63..463da339ec 100644 --- a/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md @@ -168,8 +168,6 @@ Now that you know how to use the APM keystore and customize the server configura By default the operator manages a private CA and generates a self-signed certificate used to secure the communication between APM agents and the server. -This behavior and the relevant configuration is identical to what is done for Elasticsearch and Kibana. Check [Setting up your own certificate](accessing-services.md#k8s-setting-up-your-own-certificate) for more information on how to use your own certificate to configure the TLS endpoint of the APM Server. +This behavior and the relevant configuration is identical to what is done for Elasticsearch and Kibana. Check [Setting up your own certificate](./tls-certificates.md) for more information on how to use your own certificate to configure the TLS endpoint of the APM Server. For more details on how to configure the APM agents to work with custom certificates, check the [APM agents documentation](https://www.elastic.co/guide/en/apm/agent/index.html). - - diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md index a94f93d7f7..077fd70698 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-gke-autopilot.md @@ -14,8 +14,8 @@ mapped_pages: This page shows how to run ECK on GKE Autopilot. 1. It is recommended that each Kubernetes host’s virtual memory kernel settings be modified. Refer to [Virtual memory](virtual-memory.md). -2. It is recommended that Elasticsearch Pods have an `initContainer` that waits for virtual memory settings to be in place. Refer to [Deploy an Elasticsearch instance](k8s-autopilot-deploy-elasticsearch.md). -3. For Elastic Agent/Beats there are storage limitations to be considered. Refer to [Deploy a standalone Elastic Agent and/or Beats](k8s-autopilot-deploy-agent-beats.md) +2. It is recommended that Elasticsearch Pods have an `initContainer` that waits for virtual memory settings to be in place. +3. For Elastic Agent/Beats there are storage limitations to be considered. 4. Ensure you are using a node class that is applicable for your workload by adding a `cloud.google.com/compute-class` label in a `nodeSelector`. Refer to [GKE Autopilot documentation.](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-compute-classes). ## Ensuring virtual memory kernel settings [k8s-autopilot-setting-virtual-memory] From 0c9ed6e49b81cce40bcb1dc73e6454f6083c0448 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Tue, 18 Feb 2025 10:23:25 +0100 Subject: [PATCH 61/70] HTTP TLS document removed and linked to security --- .../cloud-on-k8s/advanced-configuration.md | 2 +- .../cloud-on-k8s/configuration-fleet.md | 2 +- .../cloud-on-k8s/configure-deployments.md | 2 +- .../elasticsearch-configuration.md | 40 +++++++------------ .../elasticsearch-deployment-quickstart.md | 2 +- .../deploy/cloud-on-k8s/http-configuration.md | 4 +- .../kibana-instance-quickstart.md | 2 +- .../deploy/cloud-on-k8s/tls-certificates.md | 5 +-- .../deploy/cloud-on-k8s/transport-settings.md | 4 +- .../security/secure-http-communications.md | 3 ++ deploy-manage/toc.yml | 1 - 11 files changed, 28 insertions(+), 39 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md b/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md index 463da339ec..3390f9e231 100644 --- a/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/advanced-configuration.md @@ -168,6 +168,6 @@ Now that you know how to use the APM keystore and customize the server configura By default the operator manages a private CA and generates a self-signed certificate used to secure the communication between APM agents and the server. -This behavior and the relevant configuration is identical to what is done for Elasticsearch and Kibana. Check [Setting up your own certificate](./tls-certificates.md) for more information on how to use your own certificate to configure the TLS endpoint of the APM Server. +This behavior and the relevant configuration is identical to what is done for Elasticsearch and Kibana. Check [Setting up your own certificate](/deploy-manage/security/secure-http-communications.md) for more information on how to use your own certificate to configure the TLS endpoint of the APM Server. For more details on how to configure the APM agents to work with custom certificates, check the [APM agents documentation](https://www.elastic.co/guide/en/apm/agent/index.html). diff --git a/deploy-manage/deploy/cloud-on-k8s/configuration-fleet.md b/deploy-manage/deploy/cloud-on-k8s/configuration-fleet.md index 7fda0f0924..b7760578bb 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configuration-fleet.md +++ b/deploy-manage/deploy/cloud-on-k8s/configuration-fleet.md @@ -223,7 +223,7 @@ To deploy {{agent}} in clusters with the Pod Security Policy admission controlle ## Customize {{fleet-server}} Service [k8s-elastic-agent-fleet-configuration-customize-fleet-server-service] -By default, ECK creates a Service for {{fleet-server}} that {{agents}} can connect through. You can customize it using the `http` configuration element. Check more information on how to [make changes](accessing-services.md) to the Service and [customize](tls-certificates.md) the TLS configuration. +By default, ECK creates a Service for {{fleet-server}} that {{agents}} can connect through. You can customize it using the `http` configuration element. Check more information on how to [make changes](accessing-services.md) to the Service and [customize](/deploy-manage/security/secure-http-communications.md) the TLS configuration. ## Control {{fleet}} policy selection [k8s-elastic-agent-control-fleet-policy-selection] diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index 6afa507259..d8058a56f1 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -37,7 +37,7 @@ Other sections of the Elastic documentation cover additional topics related to d **Security** % the two pages about HTTP TLS certificate should be merged into one and be placed on Security docs - * [**HTTP TLS certificates**](./tls-certificates.md): Use your own SSL/TLS certificates for the HTTP endpoint of {{es}} and {{kib}}. + * [**HTTP TLS certificates**](/deploy-manage/security/secure-http-communications.md): Use your own SSL/TLS certificates for the HTTP endpoint of {{es}} and {{kib}}. * Custom HTTP certificate -> TBD: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-custom-http-certificate.html diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md index b75779c062..70910729be 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md @@ -11,11 +11,12 @@ This section covers various Elasticsearch cluster configuration scenarios when u Before deploying and running ECK in production, review the basic and advanced settings available on this page. These configurations integrate Elasticsearch, Kubernetes, and ECK operator functionality to help you fine-tune your deployment. -**Read first** +## Key concepts + * [Nodes orchestration](nodes-orchestration.md): Learn how ECK orchestrates nodes, applies changes or upgrades the cluster. * [Storage recommendations](storage-recommendations.md): Kubernetes storage considerations for {{es}} workloads. -**Basic {{es}} settings** +## Basic {{es}} settings * [Node configuration](node-configuration.md): Configure the `elasticsearch.yml` of your {{es}} nodes. * [Volume claim templates](volume-claim-templates.md): Configure storage in your {{es}} nodes. @@ -24,7 +25,7 @@ Before deploying and running ECK in production, review the basic and advanced se * [Custom configuration files and plugins](custom-configuration-files-plugins.md): Add extra configuration files or install plugins to your {{es}} nodes. * [Init containers for plugin downloads](init-containers-for-plugin-downloads.md): Use Kubernetes init containers to install plugins before starting {{es}}. -**Scheduling and lifecycle management** +## Scheduling and lifecycle management * [Advanced Elasticsearch node scheduling](advanced-elasticsearch-node-scheduling.md): Integrate standard Kubernetes scheduling options with your {{es}} nodes. * [Update strategy](update-strategy.md): Control how the changes are applied to the cluster. @@ -33,41 +34,30 @@ Before deploying and running ECK in production, review the basic and advanced se * [Readiness probe](readiness-probe.md): Customize `readinessProbe` in certain use cases. * [Pod PreStop hook](pod-prestop-hook.md) -**Traffic handling** +## Traffic handling * [HTTP access](./accessing-services.md): Configure the HTTP service of your cluster. * [](./requests-routing-to-elasticsearch-nodes.md): Control the nodes receiving incoming traffic when using multiple `nodeSets` with different [node roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/node-roles-overview.html). -**TLS/SSL Certificates** +## TLS/SSL Certificates -* [HTTP TLS certificates](./tls-certificates.md): Customize HTTP TLS certificates. +* [Secure HTTP communications](/deploy-manage/security/secure-http-communications.md): Customize the service and TLS certificates used for transport traffic. * [Transport settings](transport-settings.md): Customize the service and TLS certificates used for transport traffic. -* Custom SSL certificate: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-custom-http-certificate.html (needs to be merged and add to security (secure HTTP communications)) ## Other sections -In other sections of the documentation you can find information for the following configuration use cases: +In other sections of the documentation you can find also relevant information: -**Security** (TBD) - * [Secure settings](../../security/secure-settings.md) - * [Secure the Elastic Stack](../../security.md): Manage users and roles, authentication realms, and more. - * Users and roles - * SAML authentication - * (TBD when security section is completed) +* [Secure settings](/deploy-manage/security/secure-settings.md) -* **Snapshot and Restore** - * [Create automated snapshots](../../tools/snapshot-and-restore/cloud-on-k8s.md) +* [Users and roles](/deploy-manage/users-roles.md) -**Remote Clusters** - * [Remote clusters](/deploy-manage/remote-clusters/eck-remote-clusters.md): Configure {{es}} remote clusters functionality for Cross Cluster Search (CCS) and Cross Cluster Replication. +* [Snapshots](../../tools/snapshot-and-restore/cloud-on-k8s.md) -* **Autoscaling** - * [{{es}} autoscaling](../../autoscaling/deployments-autoscaling-on-eck.md): Use {{es}} autoscaling functionality with ECK. +* [Remote clusters](/deploy-manage/remote-clusters/eck-remote-clusters.md) -* **Monitoring and Logging** - * [Stack monitoring](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html): Monitor your {{es}} cluster smoothly with the help of ECK. +* [Autoscaling](../../autoscaling/deployments-autoscaling-on-eck.md) -**Troubleshoot** +* [Stack monitoring](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html): Monitor your {{es}} cluster smoothly with the help of ECK. - * [JVM heap dumps](../../../troubleshoot/deployments/cloud-on-k8s/jvm-heap-dumps.md) - * [ECK diagnostics utility](../../../troubleshoot/deployments/cloud-on-k8s/run-eck-diagnostics.md) +* [Troubleshoot](/troubleshoot/deployments/cloud-on-k8s/kubernetes.md) diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md index 61b2057417..a5b68f8216 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md @@ -117,7 +117,7 @@ In order to make requests to the [{{es}} API](https://www.elastic.co/guide/en/el PASSWORD=$(kubectl get secret quickstart-es-elastic-user -o go-template='{{.data.elastic | base64decode}}') ``` -2. Request the [{{es}} root API](https://www.elastic.co/docs/api/doc/elasticsearch/group/endpoint-info). You can do so from inside the Kubernetes cluster or from your local workstation. For demonstration purposes, certificate verification is disabled using the `-k` curl flag; however, this is not recommended outside of testing purposes. Refer to [Setup your own certificate](tls-certificates.md#k8s-setting-up-your-own-certificate) for more information. +2. Request the [{{es}} root API](https://www.elastic.co/docs/api/doc/elasticsearch/group/endpoint-info). You can do so from inside the Kubernetes cluster or from your local workstation. For demonstration purposes, certificate verification is disabled using the `-k` curl flag; however, this is not recommended outside of testing purposes. Refer to [Setup your own certificate](/deploy-manage/security/secure-http-communications.md#k8s-setting-up-your-own-certificate) for more information. * From inside the Kubernetes cluster: diff --git a/deploy-manage/deploy/cloud-on-k8s/http-configuration.md b/deploy-manage/deploy/cloud-on-k8s/http-configuration.md index bfec2acffa..8ab1de6f85 100644 --- a/deploy-manage/deploy/cloud-on-k8s/http-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/http-configuration.md @@ -16,7 +16,7 @@ This functionality is in technical preview and may be changed or removed in a fu By default a `ClusterIP` [service](https://kubernetes.io/docs/concepts/services-networking/service/) is created and associated with the Elastic Maps Server deployment. If you want to expose maps externally with a [load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer), it is recommended to include a custom DNS name or IP in the self-generated certificate. -Refer to [Reserve static IP and custom domain](tls-certificates.md#k8s-static-ip-custom-domain) for more details. +Refer to [Reserve static IP and custom domain](/deploy-manage/security/secure-http-communications.md#k8s-static-ip-custom-domain) for more details. ## Provide your own certificate [k8s-maps-http-custom-tls] @@ -26,7 +26,7 @@ If you want to use your own certificate, the required configuration is identical ## Disable TLS [k8s-maps-http-disable-tls] -You can disable the generation of the self-signed certificate and hence disable TLS. Check [Disable TLS](tls-certificates.md#k8s-disable-tls). +You can disable the generation of the self-signed certificate and hence disable TLS. Check [Disable TLS](/deploy-manage/security/secure-http-communications.md#k8s-disable-tls). ### Ingress and Kibana configuration [k8s-maps-ingress] diff --git a/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md index a7c688ceea..ce294ede35 100644 --- a/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/kibana-instance-quickstart.md @@ -56,7 +56,7 @@ To deploy a simple [{{kib}}](https://www.elastic.co/guide/en/kibana/current/intr kubectl port-forward service/quickstart-kb-http 5601 ``` - Open `https://localhost:5601` in your browser. Your browser will show a warning because the self-signed certificate configured by default is not verified by a known certificate authority and not trusted by your browser. You can temporarily acknowledge the warning for the purposes of this quick start but it is highly recommended that you [configure valid certificates](tls-certificates.md#k8s-setting-up-your-own-certificate) for any production deployments. + Open `https://localhost:5601` in your browser. Your browser will show a warning because the self-signed certificate configured by default is not verified by a known certificate authority and not trusted by your browser. You can temporarily acknowledge the warning for the purposes of this quick start but it is highly recommended that you [configure valid certificates](/deploy-manage/security/secure-http-communications.md#k8s-setting-up-your-own-certificate) for any production deployments. Login as the `elastic` user. The password can be obtained with the following command: diff --git a/deploy-manage/deploy/cloud-on-k8s/tls-certificates.md b/deploy-manage/deploy/cloud-on-k8s/tls-certificates.md index 441b1bdc3a..60a43182df 100644 --- a/deploy-manage/deploy/cloud-on-k8s/tls-certificates.md +++ b/deploy-manage/deploy/cloud-on-k8s/tls-certificates.md @@ -1,11 +1,12 @@ --- +navigation_title: HTTP TLS certificates applies: eck: all mapped_pages: - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-tls-certificates.html --- -# TLS Certificates [k8s-tls-certificates] +# HTTP TLS Certificates [k8s-tls-certificates] This section only covers TLS certificates for the HTTP layer. TLS certificates for the transport layer that are used for internal communications between Elasticsearch nodes are managed by ECK and cannot be changed. You can however set your own certificate authority for the [transport layer](transport-settings.md#k8s-transport-ca). @@ -48,8 +49,6 @@ spec: - dns: hulk.example.com ``` - - ## Setup your own certificate [k8s-setting-up-your-own-certificate] You can bring your own certificate to configure TLS to ensure that communication between HTTP clients and the Elastic Stack application is encrypted. diff --git a/deploy-manage/deploy/cloud-on-k8s/transport-settings.md b/deploy-manage/deploy/cloud-on-k8s/transport-settings.md index 64a3f9f313..37ff1f3ba3 100644 --- a/deploy-manage/deploy/cloud-on-k8s/transport-settings.md +++ b/deploy-manage/deploy/cloud-on-k8s/transport-settings.md @@ -7,7 +7,7 @@ mapped_pages: # Transport settings [k8s-transport-settings] -The transport module in Elasticsearch is used for internal communication between nodes within the cluster as well as communication between remote clusters. Check the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html) for details. For customization options of the HTTP layer, check [Services](accessing-services.md) and [TLS certificates](tls-certificates.md). +The transport module in Elasticsearch is used for internal communication between nodes within the cluster as well as communication between remote clusters. Check the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html) for details. For customization options of the HTTP layer, check [Services](accessing-services.md) and [TLS certificates](/deploy-manage/security/secure-http-communications.md). ## Customize the Transport Service [k8s_customize_the_transport_service] @@ -121,8 +121,6 @@ spec: 3. If the remote cluster server is enabled, then the DNS names must also include both:* The DNS name for the related Kubernetes `Service`: `-es-remote-cluster.${POD_NAMESPACE}.svc` * The Pod DNS name: `${POD_NAME}.-es-.${POD_NAMESPACE}.svc` - - The following manifest is only provided to illustrate how these certificates can be configured in principle, using the trust-manager Bundle resource and cert-manager provisioned certificates: ```yaml diff --git a/deploy-manage/security/secure-http-communications.md b/deploy-manage/security/secure-http-communications.md index 933f4a529e..1f398c5253 100644 --- a/deploy-manage/security/secure-http-communications.md +++ b/deploy-manage/security/secure-http-communications.md @@ -20,6 +20,9 @@ mapped_urls: % - [ ] ./raw-migrated-files/cloud-on-k8s/cloud-on-k8s/k8s-custom-http-certificate.md % - [ ] ./raw-migrated-files/kibana/kibana/Security-production-considerations.md +% EEDUGON NOTE: security section might miss a section to secure the transport layer (not the HTTP). +% There we should integrate the content of https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-transport-settings.html which is currently in ECK (/deploy-manage) doc. + % Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc): $$$encrypt-kibana-browser$$$ diff --git a/deploy-manage/toc.yml b/deploy-manage/toc.yml index 472b7e41ae..db7101d2a4 100644 --- a/deploy-manage/toc.yml +++ b/deploy-manage/toc.yml @@ -291,7 +291,6 @@ toc: - file: deploy/cloud-on-k8s/k8s-kibana-plugins.md - file: deploy/cloud-on-k8s/customize-pods.md - file: deploy/cloud-on-k8s/manage-compute-resources.md - - file: deploy/cloud-on-k8s/tls-certificates.md - file: deploy/cloud-on-k8s/recipes.md - file: deploy/cloud-on-k8s/connect-to-external-elastic-resources.md - file: deploy/cloud-on-k8s/elastic-stack-configuration-policies.md From 9b9a81e0fb65cf3c0cb0e7bfae92863083c1c959 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Tue, 18 Feb 2025 10:23:46 +0100 Subject: [PATCH 62/70] HTTP TLS document removed and linked to security --- .../deploy/cloud-on-k8s/tls-certificates.md | 105 ------------------ 1 file changed, 105 deletions(-) delete mode 100644 deploy-manage/deploy/cloud-on-k8s/tls-certificates.md diff --git a/deploy-manage/deploy/cloud-on-k8s/tls-certificates.md b/deploy-manage/deploy/cloud-on-k8s/tls-certificates.md deleted file mode 100644 index 60a43182df..0000000000 --- a/deploy-manage/deploy/cloud-on-k8s/tls-certificates.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -navigation_title: HTTP TLS certificates -applies: - eck: all -mapped_pages: - - https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-tls-certificates.html ---- - -# HTTP TLS Certificates [k8s-tls-certificates] - -This section only covers TLS certificates for the HTTP layer. TLS certificates for the transport layer that are used for internal communications between Elasticsearch nodes are managed by ECK and cannot be changed. You can however set your own certificate authority for the [transport layer](transport-settings.md#k8s-transport-ca). - -## Default self-signed certificate [k8s-default-self-signed-certificate] - -By default, the operator manages a self-signed certificate with a custom CA for each resource. The CA, the certificate and the private key are each stored in a separate `Secret`. - -```sh -> kubectl get secret | grep es-http -hulk-es-http-ca-internal Opaque 2 28m -hulk-es-http-certs-internal Opaque 2 28m -hulk-es-http-certs-public Opaque 1 28m -``` - -The public certificate is stored in a secret named `-[es|kb|apm|ent|agent]-http-certs-public`. - -```sh -> kubectl get secret hulk-es-http-certs-public -o go-template='{{index .data "tls.crt" | base64decode }}' ------BEGIN CERTIFICATE----- -MIIDQDCCAiigAwIBAgIQHC4O/RWX15a3/P3upsm3djANBgkqhkiG9w0BAQsFADA6 -... -QLYL4zLEby3vRxq65+xofVBJAaM= ------END CERTIFICATE----- -``` - -### Reserve static IP and custom domain [k8s-static-ip-custom-domain] - -To use a custom domain name with the self-signed certificate, you can reserve a static IP and/or use an Ingress instead of a `LoadBalancer` `Service`. Whatever you use, your DNS must be added to the certificate SAN in the `spec.http.tls.selfSignedCertificate.subjectAltNames` section of your Elastic resource manifest. - -```yaml -spec: - http: - service: - spec: - type: LoadBalancer - tls: - selfSignedCertificate: - subjectAltNames: - - ip: 160.46.176.15 - - dns: hulk.example.com -``` - -## Setup your own certificate [k8s-setting-up-your-own-certificate] - -You can bring your own certificate to configure TLS to ensure that communication between HTTP clients and the Elastic Stack application is encrypted. - -Create a Kubernetes secret with: - -* `ca.crt`: CA certificate (optional if `tls.crt` was issued by a well-known CA). -* `tls.crt`: The certificate. -* `tls.key`: The private key to the first certificate in the certificate chain. - -::::{warning} -If your `tls.crt` is signed by an intermediate CA you may need both the Root CA and the intermediate CA combined within the `ca.crt` file depending on whether the Root CA is globally trusted. -:::: - - -```sh -kubectl create secret generic my-cert --from-file=ca.crt --from-file=tls.crt --from-file=tls.key -``` - -Alternatively you can also bring your own CA certificate including a private key and let ECK issue certificates with it. Any certificate SANs you have configured as decribed in [Reserve static IP and custom domain](#k8s-static-ip-custom-domain) will also be respected when issuing certificates with this CA certificate. - -Create a Kubernetes secret with: - -* `ca.crt`: CA certificate. -* `ca.key`: The private key to the CA certificate. - -```sh -kubectl create secret generic my-cert --from-file=ca.crt --from-file=ca.key -``` - -In both cases, you have to reference the secret name in the `http.tls.certificate` section of the resource manifest. - -```yaml -spec: - http: - tls: - certificate: - secretName: my-cert -``` - - -## Disable TLS [k8s-disable-tls] - -You can explicitly disable TLS for Kibana, APM Server, Enterprise Search and the HTTP layer of Elasticsearch. - -```yaml -spec: - http: - tls: - selfSignedCertificate: - disabled: true -``` - - From f1df23dc446f80b12a1d45554dc62e28fb54fc02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Tue, 18 Feb 2025 10:50:41 +0100 Subject: [PATCH 63/70] config docs simplified a bit --- .../deploy/cloud-on-k8s/accessing-services.md | 10 ++++----- .../cloud-on-k8s/configure-deployments.md | 21 +++---------------- .../elasticsearch-configuration.md | 13 ++++++------ .../cloud-on-k8s/kibana-configuration.md | 3 --- 4 files changed, 13 insertions(+), 34 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md index fc4ab8f5b5..46a9e237cc 100644 --- a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md +++ b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md @@ -9,12 +9,10 @@ mapped_urls: # Accessing services [k8s-accessing-elastic-services] -% removing internal link / anchor k8s-setting-up-your-own-certificate to see what fails +To provide access to {{es}}, {{kib}}, and, other Elastic Stack applications when applicable, ECK relies on [Kubernetes services](https://kubernetes.io/docs/concepts/services-networking/service/). All Elastic Stack resources deployed by the ECK operator are secured by default. The operator sets up basic authentication and TLS to encrypt network traffic to, from, and within your Elasticsearch cluster. -To provide access to {{es}} and {{kib}}, ECK creates standard Kubernetes services when orchestrating deployments. - This section explains how to access and customize the Kubernetes services and secrets created by ECK, covering topics such as: * [Retrieving the `elastic` user password for basic authentication](#k8s-authentication) @@ -23,10 +21,10 @@ This section explains how to access and customize the Kubernetes services and se For advanced use cases related to exposing and accessing orchestrated applications, see: -* [](./tls-certificates.md): Learn how to use the self-signed certificate generated by ECK or configure a custom certificate for the HTTP endpoint. -* [](./service-meshes.md): Connect ECK and your managed deployments to service mesh implementations such as `Istio` and `Linkerd`. +* [](/deploy-manage/security/secure-http-communications.md): Configuration options for the HTTP SSL certificates, including integration with certificate management systems such as [cert-manager](https://cert-manager.io/). +* [](./service-meshes.md): Connect ECK and your managed deployments to service mesh implementations such as [Istio](https://istio.io) and [Linkerd](https://linkerd.io). * [](./requests-routing-to-elasticsearch-nodes.md): Create custom services to expose different node types. -* [Use Ingress to expose {{es}} or {{kib}}](./managing-deployments-using-helm-chart.md#k8s-eck-stack-ingress): Helm based installation facilitates the creation of Ingress resources. +* [Use Ingress to expose {{es}} or {{kib}}](./managing-deployments-using-helm-chart.md#k8s-eck-stack-ingress): Helm based installation also facilitates the creation of Ingress resources. ## Retrieve the `elastic` user password [k8s-authentication] diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index d8058a56f1..051763ad1f 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -30,21 +30,6 @@ ECK also facilitates configuration and operation activities with advanced featur * [**Elastic Stack configuration policies**](elastic-stack-configuration-policies.md): Organize your {{es}} and {{kib}} configuration settings through `StackConfigPolicy` resources that can be referenced within your deployments. This helps to keep your manifests simplified. -## Other sections -% check this other sections with the same section on elasticsearch-configuration to decide what to do -Other sections of the Elastic documentation cover additional topics related to deployments configuration on ECK: - -**Security** - -% the two pages about HTTP TLS certificate should be merged into one and be placed on Security docs - * [**HTTP TLS certificates**](/deploy-manage/security/secure-http-communications.md): Use your own SSL/TLS certificates for the HTTP endpoint of {{es}} and {{kib}}. - - * Custom HTTP certificate -> TBD: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-custom-http-certificate.html - - * SAML authentication -> TBD: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-saml-authentication.html (this mixes Elasticsearch and Kibana) - - * [Users and roles] -> TBD Link to wherever this ends up: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-users-and-roles.html - -**Monitoring and Logging** - - * [**Stack monitoring**](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html): Use ECK to manage logs and metrics for your deployments. +::::{important} +Explore the [Security](/deploy-manage/security.md) section for configuration options such as user and role management, configuring security realms, securing HTTP communications, and more. +:::: diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md index 70910729be..bd30d9c98c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md @@ -32,21 +32,20 @@ Before deploying and running ECK in production, review the basic and advanced se * [Pod disruption budget](pod-disruption-budget.md): Integrate Kubernetes Pod disruption budgets in your cluster. * [Security Context](security-context.md): Kubernetes security context and kernel capabilities. * [Readiness probe](readiness-probe.md): Customize `readinessProbe` in certain use cases. -* [Pod PreStop hook](pod-prestop-hook.md) - -## Traffic handling - -* [HTTP access](./accessing-services.md): Configure the HTTP service of your cluster. -* [](./requests-routing-to-elasticsearch-nodes.md): Control the nodes receiving incoming traffic when using multiple `nodeSets` with different [node roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/node-roles-overview.html). +* [Pod PreStop hook](pod-prestop-hook.md): Prevent disruptions when terminating Elasticsearch Pods. ## TLS/SSL Certificates * [Secure HTTP communications](/deploy-manage/security/secure-http-communications.md): Customize the service and TLS certificates used for transport traffic. * [Transport settings](transport-settings.md): Customize the service and TLS certificates used for transport traffic. +## Traffic handling + +* [](./requests-routing-to-elasticsearch-nodes.md): Control the nodes receiving incoming traffic when using multiple `nodeSets` with different [node roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/node-roles-overview.html). + ## Other sections -In other sections of the documentation you can find also relevant information: +Other sections of the documentation also include relevant configuration options for your {{es}} cluster: * [Secure settings](/deploy-manage/security/secure-settings.md) diff --git a/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md b/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md index 61ef331e85..086b015f6d 100644 --- a/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md +++ b/deploy-manage/deploy/cloud-on-k8s/kibana-configuration.md @@ -31,6 +31,3 @@ The following sections describe how to customize a {{kib}} deployment to suit yo * [Autoscaling stateless applications](../../autoscaling/autoscaling-stateless-applications-on-eck.md): Use [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for {{kib}} or other stateless applications. - - - From eb879e128a7c879dec9475c8c8aed30de4df0c6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Tue, 18 Feb 2025 11:09:26 +0100 Subject: [PATCH 64/70] final refinements --- deploy-manage/deploy/cloud-on-k8s.md | 5 ++++- .../cloud-on-k8s/elasticsearch-deployment-quickstart.md | 6 +++--- .../deploy/cloud-on-k8s/kibana-instance-quickstart.md | 2 +- .../cloud-on-k8s/managing-deployments-using-helm-chart.md | 4 +++- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index 86a2a36cbf..51c178c9eb 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -12,6 +12,8 @@ mapped_urls: Built on the Kubernetes Operator pattern, {{eck}} (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. +## ECK overview + With Elastic Cloud on Kubernetes, you can streamline critical operations, such as: 1. Managing and monitoring multiple clusters @@ -32,7 +34,8 @@ Other sections of the documentation include the following important topics aroun - [Logging and Monitoring](../monitor.md): Configure stack monitoring and logs forwarding with the help of ECK. - [Remote Clusters](../remote-clusters.md): Configure remote clusters on ECK. - [](../tools.md): Add snapshot repositories to your {{es}} clusters for automatic snapshots. -- [Security](../security.md): Users and roles, built-in users, configure SSO authentication realms, and more. +- [Security](../security.md): Secure communications, manage HTTP certificates, or add secure settings to your applications. +- [Users and Roles](../users-roles.md): Configure authentication and authorization mechanisms, built-in users, external providers, and more. - [Autoscaling](../autoscaling.md): Learn how to use {{es}} autoscaling on ECK, or use Horizontal Pod Autoscaler functionality for stateless workloads. - [Licensing](../license/manage-your-license-in-eck.md): Manage licenses on ECK. diff --git a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md index a5b68f8216..8fa840bfce 100644 --- a/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md @@ -8,7 +8,7 @@ mapped_pages: # Deploy an Elasticsearch cluster [k8s-deploy-elasticsearch] -To deploy a simple [{{es}}](https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started.html)}] cluster specification, with one {{es}} node: +To deploy a simple [{{es}}](https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started.html) cluster specification, with one {{es}} node: ```yaml cat < Date: Tue, 18 Feb 2025 11:40:54 +0100 Subject: [PATCH 65/70] internal link added to secure communications for later review --- deploy-manage/security/secure-http-communications.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deploy-manage/security/secure-http-communications.md b/deploy-manage/security/secure-http-communications.md index 1f398c5253..43675d22b8 100644 --- a/deploy-manage/security/secure-http-communications.md +++ b/deploy-manage/security/secure-http-communications.md @@ -49,4 +49,6 @@ $$$csp-strict-mode$$$ $$$k8s-setting-up-your-own-certificate$$$ -$$$k8s-static-ip-custom-domain$$$ \ No newline at end of file +$$$k8s-static-ip-custom-domain$$$ + +$$$k8s-disable-tls$$$ \ No newline at end of file From d8f850d0e541ffa7103d5ccc02ce0975aad9d0ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Tue, 18 Feb 2025 16:55:32 +0100 Subject: [PATCH 66/70] Update deploy-manage/deploy/cloud-on-k8s/accessing-services.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/accessing-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md index 46a9e237cc..fe3608ee00 100644 --- a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md +++ b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md @@ -9,7 +9,7 @@ mapped_urls: # Accessing services [k8s-accessing-elastic-services] -To provide access to {{es}}, {{kib}}, and, other Elastic Stack applications when applicable, ECK relies on [Kubernetes services](https://kubernetes.io/docs/concepts/services-networking/service/). +To provide access to {{es}}, {{kib}}, and other {{stack}} applications when applicable, ECK relies on [Kubernetes services](https://kubernetes.io/docs/concepts/services-networking/service/). All Elastic Stack resources deployed by the ECK operator are secured by default. The operator sets up basic authentication and TLS to encrypt network traffic to, from, and within your Elasticsearch cluster. From c8f99ff4793972180e024ac3931fb8fcfcdd6abf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Tue, 18 Feb 2025 16:55:56 +0100 Subject: [PATCH 67/70] Update deploy-manage/deploy/cloud-on-k8s/accessing-services.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-on-k8s/accessing-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md index fe3608ee00..deb0a80869 100644 --- a/deploy-manage/deploy/cloud-on-k8s/accessing-services.md +++ b/deploy-manage/deploy/cloud-on-k8s/accessing-services.md @@ -41,7 +41,7 @@ Run the following command to obtain the password of the `elastic` user: Beware of copying this Secret as-is into a different namespace. Check [Common Problems: Owner References](../../../troubleshoot/deployments/cloud-on-k8s/common-problems.md#k8s-common-problems-owner-refs) for more information. :::: -For more information about handling users on ECK deployments refer to [ECK users and roles](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-users.md). +For more information about handling built-in users on ECK deployments, refer to [](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-users.md). ## Managing Kubernetes services [k8s-kubernetes-service] From 6e010b0d6e162e7b796d80ecd1d4f2208cb8a5cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Tue, 18 Feb 2025 16:56:14 +0100 Subject: [PATCH 68/70] Update deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- .../deploy/cloud-on-k8s/custom-configuration-files-plugins.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md b/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md index 141dbd4e20..1b966ab92c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md +++ b/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md @@ -76,7 +76,7 @@ spec: ### Note when using Istio [istio-note] -When using Istio, init containers do **not** have network access, as the Envoy sidecar that provides network connectivity is not started yet. In this scenario, custom containers are the best option. If custom containers are simply not a viable option, then it is possible to adjust the startup command for the elasticsearch container itself to run the plugin installation before starting Elasticsearch, as the following example describes. Note that this approach will require updating the startup command if it changes in the Elasticsearch image, which could potentially cause failures during upgrades. +When using Istio, init containers do **not** have network access, as the Envoy sidecar that provides network connectivity is not started yet. In this scenario, custom containers are the best option. If custom containers are simply not a viable option, then it is possible to adjust the startup command for the {{es}} container itself to run the plugin installation before starting {{es}}, as the following example describes. Note that this approach will require updating the startup command if it changes in the {{es}} image, which could potentially cause failures during upgrades. ```yaml spec: From 6e3aaa1c7822a0771ed64b5cb9e65ebd26a31a6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Tue, 18 Feb 2025 17:03:43 +0100 Subject: [PATCH 69/70] note with mixed security and users and roles updated --- deploy-manage/deploy/cloud-on-k8s/configure-deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md index 051763ad1f..ec4294b640 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md @@ -31,5 +31,5 @@ ECK also facilitates configuration and operation activities with advanced featur * [**Elastic Stack configuration policies**](elastic-stack-configuration-policies.md): Organize your {{es}} and {{kib}} configuration settings through `StackConfigPolicy` resources that can be referenced within your deployments. This helps to keep your manifests simplified. ::::{important} -Explore the [Security](/deploy-manage/security.md) section for configuration options such as user and role management, configuring security realms, securing HTTP communications, and more. +Explore the [Security](/deploy-manage/security.md) and [Users and roles](/deploy-manage/users-roles.md) sections to to learn more about how to secure and control access your deployments. :::: From 9315da5282fe46fc9a692a136d12ed8641c0876d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Tue, 18 Feb 2025 17:14:34 +0100 Subject: [PATCH 70/70] removed references to enterprise search --- deploy-manage/deploy/cloud-on-k8s.md | 4 +- .../deploy/cloud-on-k8s/air-gapped-install.md | 2 +- .../configure-validating-webhook.md | 2 +- .../cloud-on-k8s/deploy-eck-on-openshift.md | 4 -- .../install-using-yaml-manifest-quickstart.md | 2 +- deploy-manage/deploy/cloud-on-k8s/install.md | 4 +- .../k8s-openshift-anyuid-workaround.md | 3 +- .../cloud-on-k8s/manage-compute-resources.md | 3 +- .../deploy/cloud-on-k8s/manage-deployments.md | 2 +- .../deploy/cloud-on-k8s/network-policies.md | 47 ------------------- .../orchestrate-other-elastic-applications.md | 3 +- 11 files changed, 11 insertions(+), 65 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s.md b/deploy-manage/deploy/cloud-on-k8s.md index 51c178c9eb..46972c3211 100644 --- a/deploy-manage/deploy/cloud-on-k8s.md +++ b/deploy-manage/deploy/cloud-on-k8s.md @@ -10,7 +10,7 @@ mapped_urls: # Elastic Cloud on Kubernetes [k8s-overview] -Built on the Kubernetes Operator pattern, {{eck}} (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. +Built on the Kubernetes Operator pattern, {{eck}} (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch, Kibana, APM Server, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. ## ECK overview @@ -26,7 +26,7 @@ This section provides everything you need to install, configure, and manage Elas - [](./cloud-on-k8s/deploy-an-orchestrator.md): ECK installation methods and configuration options. Deploy ECK on managed Kubernetes platforms like GKE, AKS, and EKS, on self-managed Kubernetes clusters, on OpenShift, and even in air-gapped environments. - [](./cloud-on-k8s/manage-deployments.md): Handle {{es}} clusters and {{kib}} instances through ECK. -- [](./cloud-on-k8s/orchestrate-other-elastic-applications.md): Run APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. +- [](./cloud-on-k8s/orchestrate-other-elastic-applications.md): Run APM Server, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes. - [](./cloud-on-k8s/tools-apis.md): A collection of tools and APIs available in ECK based environments. Other sections of the documentation include the following important topics around ECK: diff --git a/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md b/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md index f9f5fe11ea..8d1e878aa6 100644 --- a/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md +++ b/deploy-manage/deploy/cloud-on-k8s/air-gapped-install.md @@ -88,7 +88,7 @@ Once the ECK operator image is copied internally, replace the original image nam ## Override the default container registry [k8s-container-registry-override] -When creating custom resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash), the operator defaults to using container images pulled from the `docker.elastic.co` registry. If you are in an environment where external network access is restricted, you can configure the operator to use a different default container registry by starting the operator with the `--container-registry` command-line flag. Check [*Configure ECK*](../../../deploy-manage/deploy/cloud-on-k8s/configure-eck.md) for more information on how to configure the operator using command-line flags and environment variables. +When creating custom resources (Elasticsearch, Kibana, APM Server, Beats, Elastic Agent, Elastic Maps Server, and Logstash), the operator defaults to using container images pulled from the `docker.elastic.co` registry. If you are in an environment where external network access is restricted, you can configure the operator to use a different default container registry by starting the operator with the `--container-registry` command-line flag. Check [*Configure ECK*](../../../deploy-manage/deploy/cloud-on-k8s/configure-eck.md) for more information on how to configure the operator using command-line flags and environment variables. The operator expects container images to be located at specific repositories in the default container registry. Make sure that your container images are stored in the right repositories and are tagged correctly with the Stack version number. For example, if your private registry is `my.registry` and you wish to deploy components from Stack version 8.16.1, the following image names should exist: diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md b/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md index 8880dd7983..fb35b29fe9 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md @@ -26,7 +26,7 @@ Validating webhooks are defined using a `ValidatingWebhookConfiguration` object When using the default `operator.yaml` manifest, ECK is installed with a `ValidatingWebhookConfiguration` configured as follows: -* Validate all known Elastic custom resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) on create and update. +* Validate all known Elastic custom resources (Elasticsearch, Kibana, APM Server, Beats, Elastic Agent, Elastic Maps Server, and Logstash) on create and update. * The operator itself is the webhook server — which is exposed through a service named `elastic-webhook-server` in the `elastic-system` namespace. * The operator generates a certificate for the webhook and stores it in a secret named `elastic-webhook-server-cert` in the `elastic-system` namespace. This certificate is automatically rotated by the operator when it is due to expire. diff --git a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md index 05f2f1e8e4..f9c67282f8 100644 --- a/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md +++ b/deploy-manage/deploy/cloud-on-k8s/deploy-eck-on-openshift.md @@ -17,10 +17,6 @@ This section shows how to run ECK on OpenShift. * [Grant privileged permissions to Beats](k8s-openshift-beats.md) * [Grant host access permission to Elastic Agent](k8s-openshift-agent.md) -::::{warning} -Some Docker images are incompatible with the `restricted` SCC. This is the case for the **APM Server before 7.9** and for **Enterprise Search 7.9 and 7.10**. You can use this [workaround](k8s-openshift-anyuid-workaround.md) to run those images with the `anyuid` SCC. -:::: - ## Before you begin [k8s-openshift-before-you-begin] 1. To run the instructions on this page, you must be a `system:admin` user or a user with the privileges to create Projects, CRDs, and RBAC resources at the cluster level. diff --git a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md index 79d4e6a28d..df39d205c8 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md +++ b/deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md @@ -15,7 +15,7 @@ To learn about other installation methods, refer to [](/deploy-manage/deploy/clo During the installation, the following components are installed or updated: -* `CustomResourceDefinition` objects for all supported resource types (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash). +* `CustomResourceDefinition` objects for all supported resource types (Elasticsearch, Kibana, APM Server, Beats, Elastic Agent, Elastic Maps Server, and Logstash). * `Namespace` named `elastic-system` to hold all operator resources. * `ServiceAccount`, `ClusterRole` and `ClusterRoleBinding` to allow the operator to manage resources throughout the cluster. * `ValidatingWebhookConfiguration` to validate Elastic custom resources on admission. diff --git a/deploy-manage/deploy/cloud-on-k8s/install.md b/deploy-manage/deploy/cloud-on-k8s/install.md index 99ff8898ba..4968136ce5 100644 --- a/deploy-manage/deploy/cloud-on-k8s/install.md +++ b/deploy-manage/deploy/cloud-on-k8s/install.md @@ -8,7 +8,7 @@ mapped_urls: # Install ECK [k8s-installing-eck] -Elastic Cloud on Kubernetes (ECK) is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) that helps you deploy and manage Elastic applications on Kubernetes, including Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash. +Elastic Cloud on Kubernetes (ECK) is a [Kubernetes operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) that helps you deploy and manage Elastic applications on Kubernetes, including Elasticsearch, Kibana, APM Server, Beats, Elastic Agent, Elastic Maps Server, and Logstash. ECK relies on a set of [Custom Resource Definitions (CRDs)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) to define how applications are deployed. CRDs are global resources, shared across the entire Kubernetes cluster, so installing them requires [specific permissions](../../../deploy-manage/deploy/cloud-on-k8s/required-rbac-permissions.md#k8s-eck-permissions-installing-crds). @@ -21,7 +21,7 @@ You can install multiple instances of ECK in the same Kubernetes cluster, but on :::: ::::{warning} -Deleting CRDs will trigger deletion of all custom resources (Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash) in all namespaces of the cluster, regardless of whether they are managed by a single operator or multiple operators. +Deleting CRDs will trigger deletion of all custom resources (Elasticsearch, Kibana, APM Server, Beats, Elastic Agent, Elastic Maps Server, and Logstash) in all namespaces of the cluster, regardless of whether they are managed by a single operator or multiple operators. :::: For a list of supported Kubernetes versions refer to [](../cloud-on-k8s.md#k8s-supported) diff --git a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-anyuid-workaround.md b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-anyuid-workaround.md index 257d16fb0b..bef18244fd 100644 --- a/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-anyuid-workaround.md +++ b/deploy-manage/deploy/cloud-on-k8s/k8s-openshift-anyuid-workaround.md @@ -7,7 +7,7 @@ mapped_pages: # Deploy Docker images with anyuid SCC [k8s-openshift-anyuid-workaround] -Starting with version 7.9, it is possible to run the APM Server with the `restricted` SCC. For APM versions older than 7.9 and Enterprise Search version 7.9, you can use this workaround which allows the Pod to run with the default `uid 1000` by assigning it to the `anyuid` SCC: +Starting with version 7.9, it is possible to run the APM Server with the `restricted` SCC. For APM versions older than 7.9, you can use this workaround which allows the Pod to run with the default `uid 1000` by assigning it to the `anyuid` SCC: 1. Create a service account to run the APM Server: @@ -71,7 +71,6 @@ Starting with version 7.9, it is possible to run the APM Server with the `restri kibana-sample-kb-97c6b6b8d-lqfd2 scc:restricted ``` - :::{important} Enterprise Search is not available in versions 9.0+. ::: \ No newline at end of file diff --git a/deploy-manage/deploy/cloud-on-k8s/manage-compute-resources.md b/deploy-manage/deploy/cloud-on-k8s/manage-compute-resources.md index a2e96a95e8..d0bdbe21ed 100644 --- a/deploy-manage/deploy/cloud-on-k8s/manage-compute-resources.md +++ b/deploy-manage/deploy/cloud-on-k8s/manage-compute-resources.md @@ -104,7 +104,7 @@ A [known Kubernetes issue](https://github.com/kubernetes/kubernetes/issues/51135 -### Set compute resources for Kibana, Enterprise Search, Elastic Maps Server, APM Server and Logstash [k8s-compute-resources-kibana-and-apm] +### Set compute resources for Kibana, Elastic Maps Server, APM Server and Logstash [k8s-compute-resources-kibana-and-apm] ```yaml apiVersion: kibana.k8s.elastic.co/v1 @@ -287,7 +287,6 @@ If `resources` is not defined in the specification of an object, then the operat | Beat | `300Mi` | `300Mi` | | Elastic Agent | `400Mi` | `400Mi` | | Elastic Maps Server | `200Mi` | `200Mi` | -| Enterprise Search | `4Gi` | `4Gi` | | Logstash | `2Gi` | `2Gi` | If the Kubernetes cluster is configured with [LimitRanges](https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/) that enforce a minimum memory constraint, they could interfere with the operator defaults and cause object creation to fail. diff --git a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md index fca7efe6ff..6e3f51aaec 100644 --- a/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md +++ b/deploy-manage/deploy/cloud-on-k8s/manage-deployments.md @@ -7,7 +7,7 @@ applies: This section provides detailed guidance on deploying, configuring, and managing Elasticsearch and Kibana within ECK. A **deployment** refers to an {{es}} cluster, optionally with one or more {{kib}} instances connected to it. ::::{tip} -This content focuses on Elasticsearch and Kibana deployments. To orchestrate other Elastic Stack applications such as APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash, refer to the [Orchestrating other Elastic Stack applications](./orchestrate-other-elastic-applications.md). +This content focuses on Elasticsearch and Kibana deployments. To orchestrate other Elastic Stack applications such as APM Server, Beats, Elastic Agent, Elastic Maps Server, and Logstash, refer to the [Orchestrating other Elastic Stack applications](./orchestrate-other-elastic-applications.md). :::: ## What You'll Learn diff --git a/deploy-manage/deploy/cloud-on-k8s/network-policies.md b/deploy-manage/deploy/cloud-on-k8s/network-policies.md index 1ee0174bf2..2c26e06330 100644 --- a/deploy-manage/deploy/cloud-on-k8s/network-policies.md +++ b/deploy-manage/deploy/cloud-on-k8s/network-policies.md @@ -274,53 +274,6 @@ spec: common.k8s.elastic.co/type: apm-server ``` - -## Isolating Enterprise Search [k8s-network-policies-enterprise-search-isolation] - -| | | -| --- | --- | -| Egress (outgoing) | * TCP port 9200 to {{es}} nodes in the namespace.
* UDP port 53 for DNS lookup.
| -| Ingress (incoming) | * TCP port 3002 from other pods in the namespace.
| - -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: eck-enterprise-search - namespace: team-a -spec: - egress: - - ports: - - port: 9200 - protocol: TCP - to: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch - - ports: - - port: 53 - protocol: UDP - ingress: - - from: - - namespaceSelector: - matchLabels: - eck.k8s.elastic.co/tenant: team-a - # [Optional] Allow ingress controller pods from the ingress-nginx namespace. - #- namespaceSelector: - # matchLabels: - # name: ingress-nginx - ports: - - port: 3002 - protocol: TCP - podSelector: - matchLabels: - common.k8s.elastic.co/type: enterprise-search -``` - - ## Isolating Beats [k8s-network-policies-beats-isolation] ::::{note} diff --git a/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md b/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md index a6634e5d51..2376f6ff08 100644 --- a/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md +++ b/deploy-manage/deploy/cloud-on-k8s/orchestrate-other-elastic-applications.md @@ -3,7 +3,7 @@ This section explains how to deploy and configure various Elastic Stack applications within Elastic Cloud on Kubernetes (ECK). ::::{tip} -This content applies to APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash applications. To orchestrate an {{es}} cluster or {{kib}}, refer to [](./manage-deployments.md). +This content applies to APM Server, Beats, Elastic Agent, Elastic Maps Server, and Logstash applications. To orchestrate an {{es}} cluster or {{kib}}, refer to [](./manage-deployments.md). :::: The following guides provide specific instructions for deploying and configuring each application on ECK: @@ -11,7 +11,6 @@ The following guides provide specific instructions for deploying and configuring * [Standalone Elastic Agent](standalone-elastic-agent.md) * [{{fleet}}-managed {{agent}}](fleet-managed-elastic-agent.md) * [Elastic Maps Server](elastic-maps-server.md) -* [Enterprise Search](enterprise-search.md) * [Beats](beats.md) * [{{ls}}](logstash.md)