github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update kubernetes templates for elastic-agent (#199403)

Browse source 
Automated by https://buildkite.com/elastic/elastic-agent/builds/13883

Co-authored-by: elasticmachine <elasticmachine@elastic.co>
This commit is contained in:
elastic-vault-github-plugin-prod[bot] 2024-11-08 15:44:37 +00:00 committed by GitHub
parent 619f330aa9
commit 186bf6a6e1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 28 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

68
x-pack/plugins/fleet/server/services/elastic_agent_manifest.ts
View file

@ -13,15 +13,15 @@ metadata:
name: elastic-agent
namespace: kube-system
labels:
app: elastic-agent
app.kubernetes.io/name: elastic-agent
spec:
selector:
matchLabels:
app: elastic-agent
app.kubernetes.io/name: elastic-agent
template:
metadata:
labels:
app: elastic-agent
app.kubernetes.io/name: elastic-agent
spec:
# Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes.
# Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes
@ -41,13 +41,11 @@ spec:
# args:
# - -c
# - >-
# mkdir -p /usr/share/elastic-agent/state/inputs.d &&
# curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /usr/share/elastic-agent/state/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d"
# securityContext:
# runAsUser: 0
# mkdir -p /etc/elastic-agent/inputs.d &&
# curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d"
# volumeMounts:
# - name: elastic-agent-state
# mountPath: /usr/share/elastic-agent/state
# - name: external-inputs
# mountPath: /etc/elastic-agent/inputs.d
containers:
- name: elastic-agent
image: docker.elastic.co/beats/elastic-agent:VERSION
@ -76,14 +74,6 @@ spec:
value: "false"
securityContext:
runAsUser: 0
# The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
# If you are using this integration, please uncomment these lines before applying.
#capabilities:
# add:
# - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
# - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
# - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
########################################################################################
# The following capabilities are needed for Universal Profiling.
# More fine graded capabilities are only available for newer Linux kernels.
# If you are using the Universal Profiling integration, please uncomment these lines before applying.
@ -125,6 +115,9 @@ spec:
mountPath: /sys/kernel/debug
- name: elastic-agent-state
mountPath: /usr/share/elastic-agent/state
# Uncomment if using hints feature
# - name: external-inputs
# mountPath: /usr/share/elastic-agent/state/inputs.d
volumes:
- name: datastreams
configMap:
@ -151,8 +144,8 @@ spec:
- name: var-lib
hostPath:
path: /var/lib
# Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
# If you are not using one of these integrations, then these volumes and the corresponding
# Needed for Universal Profiling
# If you are not using this integration, then these volumes and the corresponding
# mounts can be removed.
- name: sys-kernel-debug
hostPath:
@ -163,6 +156,9 @@ spec:
hostPath:
path: /var/lib/elastic-agent/kube-system/state
type: DirectoryOrCreate
# Uncomment if using hints feature
# - name: external-inputs
# emptyDir: {}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@ -210,7 +206,7 @@ kind: ClusterRole
metadata:
name: elastic-agent
labels:
k8s-app: elastic-agent
app.kubernetes.io/name: elastic-agent
rules:
- apiGroups: [""]
resources:
@ -282,7 +278,7 @@ metadata:
# Should be the namespace where elastic-agent is running
namespace: kube-system
labels:
k8s-app: elastic-agent
app.kubernetes.io/name: elastic-agent
rules:
- apiGroups:
- coordination.k8s.io
@ -296,7 +292,7 @@ metadata:
name: elastic-agent-kubeadm-config
namespace: kube-system
labels:
k8s-app: elastic-agent
app.kubernetes.io/name: elastic-agent
rules:
- apiGroups: [""]
resources:
@ -311,7 +307,7 @@ metadata:
name: elastic-agent
namespace: kube-system
labels:
k8s-app: elastic-agent
app.kubernetes.io/name: elastic-agent
---
`;
@ -323,15 +319,15 @@ metadata:
name: elastic-agent
namespace: kube-system
labels:
app: elastic-agent
app.kubernetes.io/name: elastic-agent
spec:
selector:
matchLabels:
app: elastic-agent
app.kubernetes.io/name: elastic-agent
template:
metadata:
labels:
app: elastic-agent
app.kubernetes.io/name: elastic-agent
spec:
# Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes.
# Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes
@ -383,14 +379,6 @@ spec:
value: "false"
securityContext:
runAsUser: 0
# The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
# If you are using this integration, please uncomment these lines before applying.
#capabilities:
# add:
# - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
# - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
# - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
########################################################################################
# The following capabilities are needed for Universal Profiling.
# More fine graded capabilities are only available for newer Linux kernels.
# If you are using the Universal Profiling integration, please uncomment these lines before applying.
@ -459,8 +447,8 @@ spec:
hostPath:
path: /etc/machine-id
type: File
# Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
# If you are not using one of these integrations, then these volumes and the corresponding
# Needed for Universal Profiling
# If you are not using this integration, then these volumes and the corresponding
# mounts can be removed.
- name: sys-kernel-debug
hostPath:
@ -518,7 +506,7 @@ kind: ClusterRole
metadata:
name: elastic-agent
labels:
k8s-app: elastic-agent
app.kubernetes.io/name: elastic-agent
rules:
- apiGroups: [""]
resources:
@ -590,7 +578,7 @@ metadata:
# Should be the namespace where elastic-agent is running
namespace: kube-system
labels:
k8s-app: elastic-agent
app.kubernetes.io/name: elastic-agent
rules:
- apiGroups:
- coordination.k8s.io
@ -604,7 +592,7 @@ metadata:
name: elastic-agent-kubeadm-config
namespace: kube-system
labels:
k8s-app: elastic-agent
app.kubernetes.io/name: elastic-agent
rules:
- apiGroups: [""]
resources:
@ -619,6 +607,6 @@ metadata:
name: elastic-agent
namespace: kube-system
labels:
k8s-app: elastic-agent
app.kubernetes.io/name: elastic-agent
---
`;