-
Notifications
You must be signed in to change notification settings - Fork 73
Fleet Server on kubernetes document proposal #1518
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
55 commits
Select commit
Hold shift + click to select a range
4468d69
fleet server on kubernetes draft added
eedugon 553f290
widget tabs and a lot of other changes
eedugon 49521cc
Fleet Host URL info updated
eedugon 6f3eb8a
extra updates
eedugon b40c67f
bmorelli suggestions and other minor changes
eedugon 2b8f544
replicas commented
eedugon 507b596
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes-co…
eedugon e1967ca
k8s service example changed
eedugon b576c7d
Merge remote-tracking branch 'eedugon/fleet_server_k8s_install' into …
eedugon 97e5ee3
yaml block fixed for attributes
eedugon 178b444
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon f0af11d
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon b50b4a1
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 5d4478c
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 7415f79
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 56e4b58
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon e9c3350
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon dfc5229
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 4972370
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 3c09c35
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon a0f72ea
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 488b264
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon b320624
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon ec99099
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 83d29d6
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 9134518
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 0de808f
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon ecf1274
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon ddc9584
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 074adf8
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon ed66ac6
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon c178866
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 68d8cac
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon e1b665a
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon cffac6a
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon e520127
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 7b2ce21
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 3213815
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 5afa358
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon bc30b64
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon f8f0f5e
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon d3f5975
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 86cd96c
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 2b86587
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 3f5836f
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 8bcc19b
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon d2b55e5
structure updated
eedugon 23163bd
attributes reviewed and other changes
eedugon a45eb4d
applied Lara's suggestions
eedugon 3d3f7cb
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon 7793c03
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes.as…
eedugon f5f3840
latest suggestions by David
eedugon b20b950
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes-co…
eedugon c206951
Update docs/en/ingest-management/fleet/add-fleet-server-kubernetes-co…
eedugon 4c9fc91
production mode tested and changes applied
eedugon File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
209 changes: 209 additions & 0 deletions
209
docs/en/ingest-management/fleet/add-fleet-server-kubernetes-content.asciidoc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,209 @@ | ||
| // tag::quickstart-secret[] | ||
| The following command assumes you have the {es} CA available as a local file. | ||
| + | ||
| [source, shell] | ||
| ------------------------------------------------------------ | ||
| kubectl create secret generic fleet-server-ssl \ | ||
| --from-file=es-ca.crt=<PATH_TO_ES_CA_CERT_FILE> | ||
| ------------------------------------------------------------ | ||
| + | ||
| -- | ||
| When running the command, substitute the following values: | ||
|
|
||
| * `<PATH_TO_ES_CA_CERT_FILE>` with your local file containing the {es} CA(s). | ||
| -- | ||
| + | ||
| If you prefer to obtain a *yaml manifest* of the Secret to create, append `--dry-run=client -o=yaml` to the command and save the output to a file. | ||
| // end::quickstart-secret[] | ||
|
|
||
| // *************************************************** | ||
| // *************************************************** | ||
|
|
||
| // tag::production-secret[] | ||
| The following command assumes you have the {es} CA and the {fleet-server} certificate, key and CA available as local files. | ||
| + | ||
| [source, shell] | ||
| ------------------------------------------------------------ | ||
| kubectl create secret generic fleet-server-ssl \ | ||
| --from-file=es-ca.crt=<PATH_TO_ES_CA_CERT_FILE> \ | ||
| --from-file=fleet-ca.crt=<PATH_TO_FLEET_CA_CERT_FILE> \ | ||
| --from-file=fleet-server.crt=<PATH_TO_FLEET_SERVER_CERT> \ | ||
| --from-file=fleet-server.key=<PATH_TO_FLEET_SERVER_CERT_KEY> \ | ||
| --from-literal=fleet_url='<FLEET_URL>' | ||
| ------------------------------------------------------------ | ||
| + | ||
| -- | ||
| When running the command, substitute the following values: | ||
|
|
||
| * `<PATH_TO_ES_CA_CERT_FILE>` with your local file containing the {es} CA(s). | ||
| * `<PATH_TO_FLEET_CA_CERT_FILE>` with your local file containing the {fleet-server} CA. | ||
| * `<PATH_TO_FLEET_SERVER_CERT>` with your local file containing the server TLS certificate for the {fleet-server}. | ||
| * `<PATH_TO_FLEET_SERVER_CERT_KEY>` with your local file containing the server TLS key for the {fleet-server}. | ||
| * `<FLEET_URL>` with the URL that points to the {fleet-server}, for example `https://fleet-svc`. This URL will be used by the {fleet-server} during its bootstrap, and its hostname must be included in the server certificate’s x509 Subject Alternative Name (SAN) list. | ||
| -- | ||
| + | ||
| If you prefer to obtain a *yaml manifest* of the Secret to create, append `--dry-run=client -o=yaml` to the command and save the output to a file. | ||
| // end::production-secret[] | ||
|
|
||
| // *************************************************** | ||
| // *************************************************** | ||
|
|
||
| // tag::quickstart-deployment[] | ||
| ["source","yaml",subs="attributes"] | ||
| ------------------------------------------------------------ | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: fleet-svc | ||
| spec: | ||
| type: ClusterIP | ||
| selector: | ||
| app: fleet-server | ||
| ports: | ||
| - port: 443 | ||
| protocol: TCP | ||
| targetPort: 8220 | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: fleet-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: fleet-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: fleet-server | ||
| spec: | ||
| automountServiceAccountToken: false | ||
| containers: | ||
| - name: elastic-agent | ||
| image: docker.elastic.co/beats/elastic-agent:{version} | ||
| env: | ||
| - name: FLEET_SERVER_ENABLE | ||
| value: "true" | ||
| - name: FLEET_SERVER_ELASTICSEARCH_HOST | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: elastic_endpoint | ||
| - name: FLEET_SERVER_SERVICE_TOKEN | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: elastic_service_token | ||
| - name: FLEET_SERVER_POLICY_ID | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: fleet_policy_id | ||
| - name: ELASTICSEARCH_CA | ||
pkoutsovasilis marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| value: /mnt/certs/es-ca.crt | ||
| ports: | ||
| - containerPort: 8220 | ||
| protocol: TCP | ||
| resources: {} | ||
| volumeMounts: | ||
| - name: certs | ||
| mountPath: /mnt/certs | ||
| readOnly: true | ||
| volumes: | ||
| - name: certs | ||
| secret: | ||
| defaultMode: 420 | ||
| optional: false | ||
| secretName: fleet-server-ssl | ||
| ------------------------------------------------------------ | ||
| // end::quickstart-deployment[] | ||
|
|
||
| // *************************************************** | ||
| // *************************************************** | ||
|
|
||
| // tag::production-deployment[] | ||
| ["source","yaml",subs="attributes"] | ||
| ------------------------------------------------------------ | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: fleet-svc | ||
| spec: | ||
| type: ClusterIP | ||
| selector: | ||
| app: fleet-server | ||
| ports: | ||
| - port: 443 | ||
| protocol: TCP | ||
| targetPort: 8220 | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: fleet-server | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: fleet-server | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: fleet-server | ||
| spec: | ||
| automountServiceAccountToken: false | ||
| containers: | ||
| - name: elastic-agent | ||
| image: docker.elastic.co/beats/elastic-agent:{version} | ||
| env: | ||
| - name: FLEET_SERVER_ENABLE | ||
| value: "true" | ||
| - name: FLEET_SERVER_ELASTICSEARCH_HOST | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: elastic_endpoint | ||
| - name: FLEET_SERVER_SERVICE_TOKEN | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: elastic_service_token | ||
| - name: FLEET_SERVER_POLICY_ID | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-config | ||
| key: fleet_policy_id | ||
| - name: ELASTICSEARCH_CA | ||
| value: /mnt/certs/es-ca.crt | ||
| - name: FLEET_SERVER_CERT | ||
| value: /mnt/certs/fleet-server.crt | ||
| - name: FLEET_SERVER_CERT_KEY | ||
| value: /mnt/certs/fleet-server.key | ||
eedugon marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| - name: FLEET_CA | ||
| value: /mnt/certs/fleet-ca.crt | ||
| - name: FLEET_URL | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: fleet-server-ssl | ||
| key: fleet_url | ||
| - name: FLEET_SERVER_TIMEOUT | ||
| value: '60s' | ||
| - name: FLEET_SERVER_PORT | ||
| value: '8220' | ||
| ports: | ||
| - containerPort: 8220 | ||
| protocol: TCP | ||
| resources: {} | ||
| volumeMounts: | ||
| - name: certs | ||
| mountPath: /mnt/certs | ||
| readOnly: true | ||
| volumes: | ||
| - name: certs | ||
| secret: | ||
| defaultMode: 420 | ||
| optional: false | ||
| secretName: fleet-server-ssl | ||
| ------------------------------------------------------------ | ||
| // end::production-deployment[] | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.