Created
November 30, 2023 17:05
-
-
Save pebrc/930b57bc69c0ad6d483ee86b17ad1acd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: kibana.k8s.elastic.co/v1 | |
kind: Kibana | |
metadata: | |
name: kibana | |
spec: | |
version: 8.10.4 | |
count: 1 | |
elasticsearchRef: | |
name: elasticsearch | |
config: | |
xpack.fleet.agents.elasticsearch.hosts: ["https://elasticsearch-es-http.default.svc:9200"] | |
xpack.fleet.agents.fleet_server.hosts: ["https://fleet-server-agent-http.server.svc:8220"] | |
xpack.fleet.packages: | |
- name: system | |
version: latest | |
- name: elastic_agent | |
version: latest | |
- name: fleet_server | |
version: latest | |
- name: kubernetes | |
version: latest | |
xpack.fleet.agentPolicies: | |
- name: Fleet Server on ECK policy | |
id: eck-fleet-server | |
namespace: default | |
monitoring_enabled: | |
- logs | |
- metrics | |
unenroll_timeout: 900 | |
package_policies: | |
- name: fleet_server-1 | |
id: fleet_server-1 | |
package: | |
name: fleet_server | |
- name: Elastic Agent on ECK policy | |
id: eck-agent | |
namespace: default | |
monitoring_enabled: | |
- logs | |
- metrics | |
unenroll_timeout: 900 | |
package_policies: | |
- package: | |
name: system | |
name: system-1 | |
- package: | |
name: kubernetes | |
name: kubernetes-1 | |
--- | |
apiVersion: elasticsearch.k8s.elastic.co/v1 | |
kind: Elasticsearch | |
metadata: | |
name: elasticsearch | |
spec: | |
version: 8.10.4 | |
nodeSets: | |
- name: default | |
count: 3 | |
config: | |
node.store.allow_mmap: false | |
--- | |
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
name: agents | |
--- | |
--- | |
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
name: server | |
--- | |
apiVersion: agent.k8s.elastic.co/v1alpha1 | |
kind: Agent | |
metadata: | |
name: fleet-server | |
namespace: server | |
spec: | |
version: 8.10.4 | |
kibanaRef: | |
name: kibana | |
namespace: default | |
elasticsearchRefs: | |
- name: elasticsearch | |
namespace: default | |
mode: fleet | |
fleetServerEnabled: true | |
policyID: eck-fleet-server | |
deployment: | |
replicas: 1 | |
podTemplate: | |
spec: | |
serviceAccountName: fleet-server | |
automountServiceAccountToken: true | |
securityContext: | |
runAsUser: 0 | |
--- | |
apiVersion: agent.k8s.elastic.co/v1alpha1 | |
kind: Agent | |
metadata: | |
name: elastic-agent | |
namespace: agents | |
spec: | |
version: 8.10.4 | |
kibanaRef: | |
name: kibana | |
namespace: default | |
fleetServerRef: | |
name: fleet-server | |
namespace: server | |
mode: fleet | |
policyID: eck-agent | |
daemonSet: | |
podTemplate: | |
spec: | |
serviceAccountName: elastic-agent | |
hostNetwork: true | |
dnsPolicy: ClusterFirstWithHostNet | |
automountServiceAccountToken: true | |
securityContext: | |
runAsUser: 0 | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: fleet-server | |
rules: | |
- apiGroups: [""] | |
resources: | |
- pods | |
- namespaces | |
- nodes | |
verbs: | |
- get | |
- watch | |
- list | |
- apiGroups: ["apps"] | |
resources: | |
- replicasets | |
verbs: | |
- get | |
- watch | |
- list | |
- apiGroups: ["batch"] | |
resources: | |
- jobs | |
verbs: | |
- get | |
- watch | |
- list | |
- apiGroups: ["coordination.k8s.io"] | |
resources: | |
- leases | |
verbs: | |
- get | |
- create | |
- update | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: fleet-server | |
namespace: server | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: fleet-server | |
subjects: | |
- kind: ServiceAccount | |
name: fleet-server | |
namespace: server | |
roleRef: | |
kind: ClusterRole | |
name: fleet-server | |
apiGroup: rbac.authorization.k8s.io | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: elastic-agent | |
rules: | |
- apiGroups: [""] | |
resources: | |
- pods | |
- nodes | |
- namespaces | |
- events | |
- services | |
- configmaps | |
verbs: | |
- get | |
- watch | |
- list | |
- apiGroups: ["coordination.k8s.io"] | |
resources: | |
- leases | |
verbs: | |
- get | |
- create | |
- update | |
- nonResourceURLs: | |
- "/metrics" | |
verbs: | |
- get | |
- apiGroups: ["extensions"] | |
resources: | |
- replicasets | |
verbs: | |
- "get" | |
- "list" | |
- "watch" | |
- apiGroups: | |
- "apps" | |
resources: | |
- statefulsets | |
- deployments | |
- replicasets | |
verbs: | |
- "get" | |
- "list" | |
- "watch" | |
- apiGroups: | |
- "" | |
resources: | |
- nodes/stats | |
verbs: | |
- get | |
- apiGroups: | |
- "batch" | |
resources: | |
- jobs | |
verbs: | |
- "get" | |
- "list" | |
- "watch" | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: elastic-agent | |
namespace: agents | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: elastic-agent | |
subjects: | |
- kind: ServiceAccount | |
name: elastic-agent | |
namespace: agents | |
roleRef: | |
kind: ClusterRole | |
name: elastic-agent | |
apiGroup: rbac.authorization.k8s.io | |
... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment