search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.63k stars 8.22k forks source link

[Fleet] Expose and act on Elastic Agent capabilities #98899

Open ruflin opened 3 years ago

ruflin commented 3 years ago

The Elastic Agent allows to limit the capabilities an agent supports through a capabilities.yml file. This might look as following for example:

capabilities:
- rule: allow
  input: fleet-server
- rule: allow
  input: apm-server
- rule: deny
  input: "*"

The above content means only the apm-server and fleet-server input are allowed to run. This means, any integration that uses an other input will not work at all or only partially.

Currently any integration can be added to a policy. But if a policy contains one or multiple Elastic Agents with reduced capabilities, it should be visible in the UI that the integration will not run. It should be discussed how this is exposed in the UI and the API, what happens if not all Elastic Agents in a policy have the same capabilities, what happens if the capabilities of an Agent change etc.

The second part of this issue is around exposing / showing these capabilities. A user should be able to see the capabilities an Elastic Agent has in the UI / API of Fleet.

elasticmachine commented 3 years ago

Pinging @elastic/fleet (Team:Fleet)