-
-
Save charith-elastic/12010683e9948d10b878942c14560c51 to your computer and use it in GitHub Desktop.
ECK manifest generator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ------------------------------------------------------------------------------------------- | |
| $ bin/eck manifest | |
| Utilities for generating an installation manifest for ECK | |
| Usage: | |
| eck manifest [command] | |
| Available Commands: | |
| generate Generate ECK manifests | |
| options List manifest options | |
| versions List available distribution versions | |
| Flags: | |
| -h, --help help for manifest | |
| Use "eck manifest [command] --help" for more information about a command. | |
| ------------------------------------------------------------------------------------------- | |
| $ bin/eck manifest generate --help | |
| Generates a manifest for installing ECK. | |
| There are two pre-defined profiles for installing ECK. The "global" profile installs ECK with access to the | |
| whole Kubernetes cluster. The "restricted" profile installs ECK restricted to a single (or several) namespaces. | |
| The generated manifest can be customized using the "--set" flag(s). Use the "options" command to list all | |
| available configuration options. The behaviour of this flag is identical to how the Helm "--set" flag | |
| operates (https://helm.sh/docs/intro/using_helm/). | |
| By default, the operator is installed into the "elastic-system" namespace. This can be overridden by setting the | |
| "operator.namespace" option. | |
| Global operator: | |
| $ eck manifest generate | |
| Global operator with the validation webhook disabled: | |
| $ eck manifest generate --set=config.webhook.enabled=false | |
| Global operator with resource memory limit increased to 300Mi and CPU limit increased to 2: | |
| $ eck manifest generate --set=operator.resources.limits.cpu=2,operator.resources.limits.memory=300Mi | |
| Restricted operator without CRDs, managing the "elastic-system" namespace: | |
| $ eck manifest generate --profile=restricted --exclude-crds | |
| Restricted operator installed to and managing the single namespace named "namespacex": | |
| $ eck manifest generate --profile=restricted --set=operator.namespace=namespacex --set=config.managedNamespaces='{namespacex}' | |
| Restricted operator managing "elastic-system", "nsa" and "nsb": | |
| $ eck manifest generate --profile=restricted --set=config.managedNamespaces='{elastic-system, nsa, nsb}' | |
| Restricted operator with tracing configured: | |
| $ eck manifest generate --profile=restricted --set=config.tracing.enabled=true --set=config.tracing.config.ELASTIC_APM_SERVER_URL=http://apm:8200 | |
| Usage: | |
| eck manifest generate [flags] | |
| Flags: | |
| --exclude-crds Exclude CRDs from generated manifest | |
| -h, --help help for generate | |
| --profile string Operator profile (global, restricted) (default "global") | |
| --set stringArray Set additional options | |
| --version string Distribution version (default "1.1.0") | |
| ------------------------------------------------------------------------------------------- | |
| $ bin/eck manifest options | |
| operator: | |
| name: elastic-operator | |
| namespace: elastic-system | |
| version: 1.1.0-bc0 | |
| selectorLabels: | |
| control-plane: elastic-operator | |
| image: | |
| repository: docker.elastic.co/eck/eck-operator | |
| pullPolicy: IfNotPresent | |
| resources: | |
| limits: | |
| cpu: 1 | |
| memory: 150Mi | |
| requests: | |
| cpu: 100m | |
| memory: 50Mi | |
| config: | |
| createClusterResources: true | |
| managedNamespaces: [] | |
| logVerbosity: 0 | |
| metricsPort: 0 | |
| containerRegistry: docker.elastic.co | |
| maxConcurrentReconciles: 3 | |
| tracing: | |
| enabled: false | |
| config: | |
| ELASTIC_APM_SERVER_URL: http://localhost:8200 | |
| ELASTIC_APM_SERVER_TIMEOUT: 30s | |
| ca: | |
| validity: 8760h | |
| rotateBefore: 24h | |
| certificates: | |
| validity: 8760h | |
| rotateBefore: 24h | |
| refs: | |
| enforceRBAC: false | |
| webhook: | |
| enabled: true | |
| manageCerts: true | |
| certsDir: "/tmp/k8s-webhook-server/serving-certs" | |
| secret: elastic-webhook-server-cert | |
| name: elastic-webhook.k8s.elastic.co | |
| serviceName: elastic-webhook-server | |
| ------------------------------------------------------------------------------------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Output of `bin/eck manifest generate --exclude-crds` | |
| --- | |
| # Source: eck/templates/namespace.yaml | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: elastic-system | |
| --- | |
| # Source: eck/templates/service-account.yaml | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: elastic-operator | |
| namespace: elastic-system | |
| --- | |
| # Source: eck/templates/webhook.yaml | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: "elastic-webhook-server-cert" | |
| namespace: elastic-system | |
| --- | |
| # Source: eck/templates/cluster-role.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: elastic-operator | |
| rules: | |
| - apiGroups: | |
| - "authorization.k8s.io" | |
| resources: | |
| - subjectaccessreviews | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods | |
| - endpoints | |
| - events | |
| - persistentvolumeclaims | |
| - secrets | |
| - services | |
| - configmaps | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - deployments | |
| - statefulsets | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - policy | |
| resources: | |
| - poddisruptionbudgets | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - elasticsearch.k8s.elastic.co | |
| resources: | |
| - elasticsearches | |
| - elasticsearches/status | |
| - elasticsearches/finalizers | |
| - enterpriselicenses | |
| - enterpriselicenses/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - kibana.k8s.elastic.co | |
| resources: | |
| - kibanas | |
| - kibanas/status | |
| - kibanas/finalizers | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - apm.k8s.elastic.co | |
| resources: | |
| - apmservers | |
| - apmservers/status | |
| - apmservers/finalizers | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - enterprisesearch.k8s.elastic.co | |
| resources: | |
| - enterprisesearches | |
| - enterprisesearches/status | |
| - enterprisesearches/finalizers | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - admissionregistration.k8s.io | |
| resources: | |
| - mutatingwebhookconfigurations | |
| - validatingwebhookconfigurations | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| --- | |
| # Source: eck/templates/cluster-role.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: "elastic-operator-view" | |
| labels: | |
| rbac.authorization.k8s.io/aggregate-to-view: "true" | |
| rbac.authorization.k8s.io/aggregate-to-edit: "true" | |
| rbac.authorization.k8s.io/aggregate-to-admin: "true" | |
| rules: | |
| - apiGroups: ["elasticsearch.k8s.elastic.co"] | |
| resources: ["elasticsearches"] | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: ["apm.k8s.elastic.co"] | |
| resources: ["apmservers"] | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: ["kibana.k8s.elastic.co"] | |
| resources: ["kibanas"] | |
| verbs: ["get", "list", "watch"] | |
| --- | |
| # Source: eck/templates/cluster-role.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: "elastic-operator-edit" | |
| labels: | |
| rbac.authorization.k8s.io/aggregate-to-edit: "true" | |
| rbac.authorization.k8s.io/aggregate-to-admin: "true" | |
| rules: | |
| - apiGroups: ["elasticsearch.k8s.elastic.co"] | |
| resources: ["elasticsearches"] | |
| verbs: ["create", "delete", "deletecollection", "patch", "update"] | |
| - apiGroups: ["apm.k8s.elastic.co"] | |
| resources: ["apmservers"] | |
| verbs: ["create", "delete", "deletecollection", "patch", "update"] | |
| - apiGroups: ["kibana.k8s.elastic.co"] | |
| resources: ["kibanas"] | |
| verbs: ["create", "delete", "deletecollection", "patch", "update"] | |
| --- | |
| # Source: eck/templates/managed-ns-role-bindings.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: elastic-operator | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: elastic-operator | |
| subjects: | |
| - kind: ServiceAccount | |
| name: elastic-operator | |
| namespace: elastic-system | |
| --- | |
| # Source: eck/templates/operator-role-binding.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| name: elastic-operator | |
| namespace: elastic-system | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: elastic-operator | |
| subjects: | |
| - kind: ServiceAccount | |
| name: elastic-operator | |
| namespace: elastic-system | |
| --- | |
| # Source: eck/templates/webhook.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: elastic-webhook-server | |
| namespace: elastic-system | |
| spec: | |
| ports: | |
| - name: https | |
| port: 443 | |
| targetPort: 9443 | |
| selector: | |
| control-plane: elastic-operator | |
| --- | |
| # Source: eck/templates/statefulset.yaml | |
| apiVersion: apps/v1 | |
| kind: StatefulSet | |
| metadata: | |
| name: elastic-operator | |
| namespace: elastic-system | |
| labels: | |
| control-plane: elastic-operator | |
| spec: | |
| selector: | |
| matchLabels: | |
| control-plane: elastic-operator | |
| serviceName: elastic-operator | |
| template: | |
| metadata: | |
| annotations: | |
| # Rename the fields "error" to "error.message" and "source" to "event.source" | |
| # This is to avoid a conflict with the ECS "error" and "source" documents. | |
| "co.elastic.logs/raw": "[{\"type\":\"container\",\"json.keys_under_root\":true,\"paths\":[\"/var/log/containers/*${data.kubernetes.container.id}.log\"],\"processors\":[{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"error\",\"to\":\"_error\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_error\",\"to\":\"error.message\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"source\",\"to\":\"_source\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_source\",\"to\":\"event.source\"}]}}]}]" | |
| labels: | |
| control-plane: elastic-operator | |
| spec: | |
| terminationGracePeriodSeconds: 10 | |
| serviceAccountName: elastic-operator | |
| containers: | |
| - image: "docker.elastic.co/eck/eck-operator:1.1.0-bc0" | |
| imagePullPolicy: IfNotPresent | |
| name: manager | |
| args: | |
| - "manager" | |
| - "--log-verbosity=0" | |
| - "--metrics-port=0" | |
| - "--container-registry=docker.elastic.co" | |
| - "--max-concurrent-reconciles=3" | |
| - "--ca-cert-validity=8760h" | |
| - "--ca-cert-rotate-before=24h" | |
| - "--cert-validity=8760h" | |
| - "--cert-rotate-before=24h" | |
| - "--enable-webhook" | |
| env: | |
| - name: OPERATOR_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: OPERATOR_IMAGE | |
| value: "docker.elastic.co/eck/eck-operator:1.1.0-bc0" | |
| - name: WEBHOOK_SECRET | |
| value: "elastic-webhook-server-cert" | |
| resources: | |
| limits: | |
| cpu: 1 | |
| memory: 150Mi | |
| requests: | |
| cpu: 100m | |
| memory: 50Mi | |
| ports: | |
| - containerPort: 9443 | |
| name: https-webhook | |
| protocol: TCP | |
| volumeMounts: | |
| - mountPath: /tmp/k8s-webhook-server/serving-certs | |
| name: cert | |
| readOnly: true | |
| volumes: | |
| - name: cert | |
| secret: | |
| defaultMode: 420 | |
| secretName: "elastic-webhook-server-cert" | |
| --- | |
| # Source: eck/templates/webhook.yaml | |
| apiVersion: admissionregistration.k8s.io/v1beta1 | |
| kind: ValidatingWebhookConfiguration | |
| metadata: | |
| name: elastic-webhook.k8s.elastic.co | |
| webhooks: | |
| - clientConfig: | |
| caBundle: Cg== | |
| service: | |
| name: elastic-webhook-server | |
| namespace: elastic-system | |
| path: /validate-apm-k8s-elastic-co-v1-apmserver | |
| failurePolicy: Ignore | |
| name: elastic-apm-validation-v1.k8s.elastic.co | |
| rules: | |
| - apiGroups: | |
| - apm.k8s.elastic.co | |
| apiVersions: | |
| - v1 | |
| operations: | |
| - CREATE | |
| - UPDATE | |
| resources: | |
| - apmservers | |
| - clientConfig: | |
| caBundle: Cg== | |
| service: | |
| name: elastic-webhook-server | |
| namespace: elastic-system | |
| path: /validate-apm-k8s-elastic-co-v1beta1-apmserver | |
| failurePolicy: Ignore | |
| name: elastic-apm-validation-v1beta1.k8s.elastic.co | |
| rules: | |
| - apiGroups: | |
| - apm.k8s.elastic.co | |
| apiVersions: | |
| - v1beta1 | |
| operations: | |
| - CREATE | |
| - UPDATE | |
| resources: | |
| - apmservers | |
| - clientConfig: | |
| caBundle: Cg== | |
| service: | |
| name: elastic-webhook-server | |
| namespace: elastic-system | |
| path: /validate-elasticsearch-k8s-elastic-co-v1-elasticsearch | |
| failurePolicy: Ignore | |
| name: elastic-es-validation-v1.k8s.elastic.co | |
| rules: | |
| - apiGroups: | |
| - elasticsearch.k8s.elastic.co | |
| apiVersions: | |
| - v1 | |
| operations: | |
| - CREATE | |
| - UPDATE | |
| resources: | |
| - elasticsearches | |
| - clientConfig: | |
| caBundle: Cg== | |
| service: | |
| name: elastic-webhook-server | |
| namespace: elastic-system | |
| path: /validate-elasticsearch-k8s-elastic-co-v1beta1-elasticsearch | |
| failurePolicy: Ignore | |
| name: elastic-es-validation-v1beta1.k8s.elastic.co | |
| rules: | |
| - apiGroups: | |
| - elasticsearch.k8s.elastic.co | |
| apiVersions: | |
| - v1beta1 | |
| operations: | |
| - CREATE | |
| - UPDATE | |
| resources: | |
| - elasticsearches | |
| - clientConfig: | |
| caBundle: Cg== | |
| service: | |
| name: elastic-webhook-server | |
| namespace: elastic-system | |
| path: /validate-kibana-k8s-elastic-co-v1-kibana | |
| failurePolicy: Ignore | |
| name: elastic-kb-validation-v1.k8s.elastic.co | |
| rules: | |
| - apiGroups: | |
| - kibana.k8s.elastic.co | |
| apiVersions: | |
| - v1 | |
| operations: | |
| - CREATE | |
| - UPDATE | |
| resources: | |
| - kibanas | |
| - clientConfig: | |
| caBundle: Cg== | |
| service: | |
| name: elastic-webhook-server | |
| namespace: elastic-system | |
| path: /validate-kibana-k8s-elastic-co-v1beta1-kibana | |
| failurePolicy: Ignore | |
| name: elastic-kb-validation-v1beta1.k8s.elastic.co | |
| rules: | |
| - apiGroups: | |
| - kibana.k8s.elastic.co | |
| apiVersions: | |
| - v1beta1 | |
| operations: | |
| - CREATE | |
| - UPDATE | |
| resources: | |
| - kibanas |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Output of `bin/eck manifest generate --profile=restricted --exclude-crds --set=operator.namespace=eck1 --set=config.managedNamespaces='{eck1,eck2}'` | |
| --- | |
| # Source: eck/templates/namespace.yaml | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: eck1 | |
| --- | |
| # Source: eck/templates/service-account.yaml | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: elastic-operator | |
| namespace: eck1 | |
| --- | |
| # Source: eck/templates/managed-ns-role-bindings.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: | |
| name: elastic-operator | |
| namespace: eck1 | |
| rules: | |
| - apiGroups: | |
| - "authorization.k8s.io" | |
| resources: | |
| - subjectaccessreviews | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods | |
| - endpoints | |
| - events | |
| - persistentvolumeclaims | |
| - secrets | |
| - services | |
| - configmaps | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - deployments | |
| - statefulsets | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - policy | |
| resources: | |
| - poddisruptionbudgets | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - elasticsearch.k8s.elastic.co | |
| resources: | |
| - elasticsearches | |
| - elasticsearches/status | |
| - elasticsearches/finalizers | |
| - enterpriselicenses | |
| - enterpriselicenses/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - kibana.k8s.elastic.co | |
| resources: | |
| - kibanas | |
| - kibanas/status | |
| - kibanas/finalizers | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - apm.k8s.elastic.co | |
| resources: | |
| - apmservers | |
| - apmservers/status | |
| - apmservers/finalizers | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - enterprisesearch.k8s.elastic.co | |
| resources: | |
| - enterprisesearches | |
| - enterprisesearches/status | |
| - enterprisesearches/finalizers | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - admissionregistration.k8s.io | |
| resources: | |
| - mutatingwebhookconfigurations | |
| - validatingwebhookconfigurations | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| --- | |
| # Source: eck/templates/managed-ns-role-bindings.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: | |
| name: elastic-operator | |
| namespace: eck2 | |
| rules: | |
| - apiGroups: | |
| - "authorization.k8s.io" | |
| resources: | |
| - subjectaccessreviews | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods | |
| - endpoints | |
| - events | |
| - persistentvolumeclaims | |
| - secrets | |
| - services | |
| - configmaps | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - deployments | |
| - statefulsets | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - policy | |
| resources: | |
| - poddisruptionbudgets | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - elasticsearch.k8s.elastic.co | |
| resources: | |
| - elasticsearches | |
| - elasticsearches/status | |
| - elasticsearches/finalizers | |
| - enterpriselicenses | |
| - enterpriselicenses/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - kibana.k8s.elastic.co | |
| resources: | |
| - kibanas | |
| - kibanas/status | |
| - kibanas/finalizers | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - apm.k8s.elastic.co | |
| resources: | |
| - apmservers | |
| - apmservers/status | |
| - apmservers/finalizers | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - enterprisesearch.k8s.elastic.co | |
| resources: | |
| - enterprisesearches | |
| - enterprisesearches/status | |
| - enterprisesearches/finalizers | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - admissionregistration.k8s.io | |
| resources: | |
| - mutatingwebhookconfigurations | |
| - validatingwebhookconfigurations | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| --- | |
| # Source: eck/templates/managed-ns-role-bindings.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| name: elastic-operator | |
| namespace: eck1 | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: elastic-operator | |
| subjects: | |
| - kind: ServiceAccount | |
| name: elastic-operator | |
| namespace: eck1 | |
| --- | |
| # Source: eck/templates/managed-ns-role-bindings.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| name: elastic-operator | |
| namespace: eck2 | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: elastic-operator | |
| subjects: | |
| - kind: ServiceAccount | |
| name: elastic-operator | |
| namespace: eck1 | |
| --- | |
| # Source: eck/templates/statefulset.yaml | |
| apiVersion: apps/v1 | |
| kind: StatefulSet | |
| metadata: | |
| name: elastic-operator | |
| namespace: eck1 | |
| labels: | |
| control-plane: elastic-operator | |
| spec: | |
| selector: | |
| matchLabels: | |
| control-plane: elastic-operator | |
| serviceName: elastic-operator | |
| template: | |
| metadata: | |
| annotations: | |
| # Rename the fields "error" to "error.message" and "source" to "event.source" | |
| # This is to avoid a conflict with the ECS "error" and "source" documents. | |
| "co.elastic.logs/raw": "[{\"type\":\"container\",\"json.keys_under_root\":true,\"paths\":[\"/var/log/containers/*${data.kubernetes.container.id}.log\"],\"processors\":[{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"error\",\"to\":\"_error\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_error\",\"to\":\"error.message\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"source\",\"to\":\"_source\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_source\",\"to\":\"event.source\"}]}}]}]" | |
| labels: | |
| control-plane: elastic-operator | |
| spec: | |
| terminationGracePeriodSeconds: 10 | |
| serviceAccountName: elastic-operator | |
| containers: | |
| - image: "docker.elastic.co/eck/eck-operator:1.1.0-bc0" | |
| imagePullPolicy: IfNotPresent | |
| name: manager | |
| args: | |
| - "manager" | |
| - "--log-verbosity=0" | |
| - "--metrics-port=0" | |
| - "--container-registry=docker.elastic.co" | |
| - "--max-concurrent-reconciles=3" | |
| - "--ca-cert-validity=8760h" | |
| - "--ca-cert-rotate-before=24h" | |
| - "--cert-validity=8760h" | |
| - "--cert-rotate-before=24h" | |
| - "--namespaces=eck1,eck2" | |
| env: | |
| - name: OPERATOR_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: OPERATOR_IMAGE | |
| value: "docker.elastic.co/eck/eck-operator:1.1.0-bc0" | |
| resources: | |
| limits: | |
| cpu: 1 | |
| memory: 150Mi | |
| requests: | |
| cpu: 100m | |
| memory: 50Mi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment