Open merlixelastic opened 4 months ago
This item has been discussed on 3rd June with Julien & Pierre
Notable points:
Elastic Agent → Fleet
mean?Thanks for reporting this @merlixelastic and for the clarifications @lucabelluccini.
So I think we need to:
[ ] 1. Update the Deployment models page to cover the steps for setting up Fleet Server on Kubernetes.
[x] 2. Mention on that same page that managed Elastic Agent can be set up in ECK, with a link to the relevant docs. -> Opened docs PR: https://github.com/elastic/ingest-docs/pull/1176
[ ] 3. Update the default port assignments. It seems the only change needed is to remove the "Elastic Agent -> Fleet" entry. -> Opened docs PR: https://github.com/elastic/ingest-docs/pull/1177
@michel-laterman could you perhaps provide the steps for number 1? I have no idea about the K8s setup at all, so if you don't mind putting something in a draft document I'd be happy to port that into the Deployment models page.
@nimarezainia just for your awareness.
Regarding requirement 1, @nimarezainia and I discussed this and are thinking that we can update the Elastic Agent install instruction pages for Kubernetes and for Docker, to add the additional settings required to run agent as a Fleet Server. I've opened a PR with the proposed changes: https://github.com/elastic/ingest-docs/pull/1184
@michel-laterman I'm guessing a bit at what I think the settings are so please take a look and let us know if anything needs fixing. We would still need to document setting up certificates between Elastic Agent and Kibana, which I guess would best fit in Configure SSL/TLS for self-managed Fleet Servers.
We have documentation for container env vars that fleet-server uses during bootstrapping; however these are under the elastic-agent install instructions: https://www.elastic.co/guide/en/fleet/current/agent-environment-variables.html#env-prepare-kibana-for-fleet
I think we can re-organize some pages to make it more clear that we expect an end user to only deploy a fleet-server as an agent component and better utilize the agent installation instructions.
Additionally we should go over the env vars, i'm not certain if KIBANA_FLEET_SETUP
still applies to agents in containers anymore
Thanks @michel-laterman. I'll wait for your suggestions on this, as well as for https://github.com/elastic/ingest-docs/pull/1184 "Add Fleet Server install steps on K8s and Docker".
If/when the Elastic Agent install pages have everything required to install Fleet Server, we probably just need to mention that somewhere in the Deployment models section.
Regarding the KIBANA_FLEET*
env vars, please note we had users (see private issue created by Xavier) where the enrollment was failing.
Description
We discovered a scenario where deploying Elastic agent with Fleet server integration need to have certificate to connect to Kibana. This is setup apparently with variable KIBANA_CA or KIBANA_FLEET_CA. I believe the code (reference in resources below) is related to the installation of Elastic agent with Fleet server on Kubernetes or docker.
Resources
The code related to this is here
I'm not seeing mention of setting up certificate between Elastic agent to Kibana in our documentation here and there.
This was discovered when we investigated error:
Kibana fetch policy failed: http GET request to https://kibana-multi:5601/api/fleet/agent_policies fails: fail to execute the HTTP GET request: Get "https://kibana-multi:5601/api/fleet/agent_policies": x509: certificate signed by unknown authority.
Collaboration
TBD. The docs and product team will work together to determine the best path forward.
Point of contact.
Main contact: @merlixelastic
Stakeholders: @lucabelluccini