Add missing environment variables for container setup (elastic#1354)

kilfoyle · web-flow · commit 98d9db9d9b42 · 2024-10-07T16:11:36.000-04:00
* Add missing environment variables for container setup

* Add more missing settings

* fixup

* fixup

* fixup

* fixup

* Remove FLEET_HEADER &amp; FLEET_KIBANA_HEADER
diff --git a/docs/en/ingest-management/elastic-agent/configuration/env/container-envs.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/env/container-envs.asciidoc
@@ -68,8 +68,6 @@ Settings used to prepare the {fleet} plugin in {kib}.
 |===
 | Settings | Description
 
-include::shared-env.asciidoc[tag=kibana-fleet-setup]
-
 include::shared-env.asciidoc[tag=kibana-fleet-host]
 
 include::shared-env.asciidoc[tag=kibana-fleet-username]
@@ -100,6 +98,12 @@ include::shared-env.asciidoc[tag=fleet-server-elasticsearch-host]
 
 include::shared-env.asciidoc[tag=fleet-server-elasticsearch-ca]
 
+include::shared-env.asciidoc[tag=fleet-server-es-cert]
+
+include::shared-env.asciidoc[tag=fleet-server-es-cert-key]
+
+include::shared-env.asciidoc[tag=fleet-server-insecure-http]
+
 include::shared-env.asciidoc[tag=fleet-server-service-token]
 
 include::shared-env.asciidoc[tag=fleet-server-service-token-path]
@@ -118,8 +122,14 @@ include::shared-env.asciidoc[tag=fleet-server-cert-key]
 
 include::shared-env.asciidoc[tag=fleet-server-cert-key-passphrase]
 
+include::shared-env.asciidoc[tag=fleet-server-client-auth]
+
 include::shared-env.asciidoc[tag=fleet-server-es-ca-trusted-fingerprint]
 
+include::shared-env.asciidoc[tag=fleet-daemon-timeout]
+
+include::shared-env.asciidoc[tag=fleet-server-timeout]
+
 |===
 
 [discrete]
@@ -135,10 +145,16 @@ Settings used to enroll an {agent} into a {fleet-server}.
 |===
 | Settings | Description
 
+include::shared-env.asciidoc[tag=elastic-agent-cert]
+
+include::shared-env.asciidoc[tag=elastic-agent-cert-key]
+
 include::shared-env.asciidoc[tag=elastic-agent-tag]
 
 include::shared-env.asciidoc[tag=fleet-enroll]
 
+include::shared-env.asciidoc[tag=fleet-force]
+
 include::shared-env.asciidoc[tag=fleet-url]
 
 include::shared-env.asciidoc[tag=fleet-enrollment-token]
diff --git a/docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc
@@ -17,30 +17,37 @@ OPTIONAL INFO AND EXAMPLE
 
 // =============================================================================
 
-// tag::elastic-agent-tag[]
+// tag::elastic-agent-cert[]
 |
-[id="env-{type}-elastic-agent-tag"]
-`ELASTIC_AGENT_TAGS`
+[id="env-{type}-elastic-agent-cert"]
+`ELASTIC_AGENT_CERT`
 
-| (string) A comma-separated list of tags to apply to {fleet}-managed {agent}s.
-You can use these tags to filter the list of agents in {fleet}.
+| (string) The path to the mutual TLS client certificate that {agent} will use to connect to {fleet-server}.
 
-// end::elastic-agent-tag[]
+// end::elastic-agent-cert[]
 
 // =============================================================================
 
-// tag::kibana-fleet-setup[]
+// tag::elastic-agent-cert-key[]
 |
-[id="env-{type}-kibana-fleet-setup"]
-`KIBANA_FLEET_SETUP`
+[id="env-{type}-elastic-agent-cert-key"]
+`ELASTIC_AGENT_CERT_KEY`
 
-| (int) Set to `1` to enable {fleet} setup.
-Enabling {fleet} is required before {fleet-server} will start.
-When this action is not performed, a user must manually log in to {kib} and visit the {fleet} page to enable setup.
+| (string) The path to the mutual TLS private key that {agent} will use to connect to {fleet-server}.
 
-*Default:* none
+// end::elastic-agent-cert-key[]
+
+// =============================================================================
 
-// end::kibana-fleet-setup[]
+// tag::elastic-agent-tag[]
+|
+[id="env-{type}-elastic-agent-tag"]
+`ELASTIC_AGENT_TAGS`
+
+| (string) A comma-separated list of tags to apply to {fleet}-managed {agent}s.
+You can use these tags to filter the list of agents in {fleet}.
+
+// end::elastic-agent-tag[]
 
 // =============================================================================
 
@@ -105,6 +112,20 @@ contains your CA's certificate.
 
 // =============================================================================
 
+// tag::fleet-force[]
+|
+[id="env-{type}-fleet-force"]
+`FLEET_FORCE`
+
+| (bool) Set to `true` to force overwrite of the current {agent} configuration without prompting for confirmation.
+This flag is helpful when using automation software or scripted deployments.
+
+*Default:* `false`
+
+// end::fleet-force[]
+
+// =============================================================================
+
 // tag::fleet-server-enable[]
 |
 [id="env-{type}-fleet-server-enable"]
@@ -273,6 +294,21 @@ Overrides the port defined in the policy.
 
 // =============================================================================
 
+// tag::fleet-server-client-auth[]
+|
+[id="env-{type}-fleet-server-client-auth"]
+`FLEET_SERVER_CLIENT_AUTH`
+
+| (string) One of `none`, `optional`, or `required`.
+{fleet-server}'s client authentication option for client mTLS connections.
+If `optional` or `required` is specified, client certificates are verified using CAs.
+
+*Default:* `none`
+
+// end::fleet-server-client-auth[]
+
+// =============================================================================
+
 // tag::fleet-server-es-ca-trusted-fingerprint[]
 |
 [id="env-{type}-fleet-server-es-ca-trusted-fingerprint"]
@@ -288,6 +324,68 @@ by {agent} for communication. This flag is required when using self-signed certi
 
 // =============================================================================
 
+// tag::fleet-server-es-cert[]
+|
+[id="env-{type}-fleet-server-es-cert"]
+`FLEET_SERVER_ES_CERT`
+
+| (string) The path to the mutual TLS client certificate that {fleet-server} will use to connect to {es}.
+
+*Default:* `""`
+
+// end::fleet-server-es-cert[]
+
+// =============================================================================
+
+// tag::fleet-server-es-cert-key[]
+|
+[id="env-{type}-fleet-server-es-cert-key"]
+`FLEET_SERVER_ES_CERT_KEY`
+
+| (string) The path to the mutual TLS private key that {fleet-server} will use to connect to {es}.
+
+*Default:* `""`
+
+// end::fleet-server-es-cert-key[]
+
+// =============================================================================
+
+// tag::fleet-server-insecure-http[]
+|
+[id="env-{type}-fleet-server-insecure-http"]
+`FLEET_SERVER_INSECURE_HTTP`
+
+| (bool) When `true`, {fleet-server} is exposed over insecure or unverified HTTP.
+Setting this to `true` is not recommended.
+
+*Default:* `false`
+
+// end::fleet-server-insecure-http[]
+
+// =============================================================================
+
+// tag::fleet-daemon-timeout[]
+|
+[id="env-{type}-fleet-daemon-timeout"]
+`FLEET_DAEMON_TIMEOUT`
+
+| (duration) Set to indicate how long {fleet-server} will wait during the bootstrap process for {elastic-agent}.
+
+// end::fleet-daemon-timeout[]
+
+// =============================================================================
+
+// tag::fleet-server-timeout[]
+|
+[id="env-{type}-fleet-server-timeout"]
+`FLEET_SERVER_TIMEOUT`
+
+| (duration) Set to indicate how long {agent} will wait for {fleet-server} to check in as healthy.
+
+// end::fleet-server-timeout[]
+
+// =============================================================================
+
 // tag::fleet-enroll[]
 |
 [id="env-{type}-fleet-enroll"]
