Created
November 30, 2023 17:05
-
-
Save pebrc/930b57bc69c0ad6d483ee86b17ad1acd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: kibana.k8s.elastic.co/v1 | |
| kind: Kibana | |
| metadata: | |
| name: kibana | |
| spec: | |
| version: 8.10.4 | |
| count: 1 | |
| elasticsearchRef: | |
| name: elasticsearch | |
| config: | |
| xpack.fleet.agents.elasticsearch.hosts: ["https://elasticsearch-es-http.default.svc:9200"] | |
| xpack.fleet.agents.fleet_server.hosts: ["https://fleet-server-agent-http.server.svc:8220"] | |
| xpack.fleet.packages: | |
| - name: system | |
| version: latest | |
| - name: elastic_agent | |
| version: latest | |
| - name: fleet_server | |
| version: latest | |
| - name: kubernetes | |
| version: latest | |
| xpack.fleet.agentPolicies: | |
| - name: Fleet Server on ECK policy | |
| id: eck-fleet-server | |
| namespace: default | |
| monitoring_enabled: | |
| - logs | |
| - metrics | |
| unenroll_timeout: 900 | |
| package_policies: | |
| - name: fleet_server-1 | |
| id: fleet_server-1 | |
| package: | |
| name: fleet_server | |
| - name: Elastic Agent on ECK policy | |
| id: eck-agent | |
| namespace: default | |
| monitoring_enabled: | |
| - logs | |
| - metrics | |
| unenroll_timeout: 900 | |
| package_policies: | |
| - package: | |
| name: system | |
| name: system-1 | |
| - package: | |
| name: kubernetes | |
| name: kubernetes-1 | |
| --- | |
| apiVersion: elasticsearch.k8s.elastic.co/v1 | |
| kind: Elasticsearch | |
| metadata: | |
| name: elasticsearch | |
| spec: | |
| version: 8.10.4 | |
| nodeSets: | |
| - name: default | |
| count: 3 | |
| config: | |
| node.store.allow_mmap: false | |
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: agents | |
| --- | |
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: server | |
| --- | |
| apiVersion: agent.k8s.elastic.co/v1alpha1 | |
| kind: Agent | |
| metadata: | |
| name: fleet-server | |
| namespace: server | |
| spec: | |
| version: 8.10.4 | |
| kibanaRef: | |
| name: kibana | |
| namespace: default | |
| elasticsearchRefs: | |
| - name: elasticsearch | |
| namespace: default | |
| mode: fleet | |
| fleetServerEnabled: true | |
| policyID: eck-fleet-server | |
| deployment: | |
| replicas: 1 | |
| podTemplate: | |
| spec: | |
| serviceAccountName: fleet-server | |
| automountServiceAccountToken: true | |
| securityContext: | |
| runAsUser: 0 | |
| --- | |
| apiVersion: agent.k8s.elastic.co/v1alpha1 | |
| kind: Agent | |
| metadata: | |
| name: elastic-agent | |
| namespace: agents | |
| spec: | |
| version: 8.10.4 | |
| kibanaRef: | |
| name: kibana | |
| namespace: default | |
| fleetServerRef: | |
| name: fleet-server | |
| namespace: server | |
| mode: fleet | |
| policyID: eck-agent | |
| daemonSet: | |
| podTemplate: | |
| spec: | |
| serviceAccountName: elastic-agent | |
| hostNetwork: true | |
| dnsPolicy: ClusterFirstWithHostNet | |
| automountServiceAccountToken: true | |
| securityContext: | |
| runAsUser: 0 | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: fleet-server | |
| rules: | |
| - apiGroups: [""] | |
| resources: | |
| - pods | |
| - namespaces | |
| - nodes | |
| verbs: | |
| - get | |
| - watch | |
| - list | |
| - apiGroups: ["apps"] | |
| resources: | |
| - replicasets | |
| verbs: | |
| - get | |
| - watch | |
| - list | |
| - apiGroups: ["batch"] | |
| resources: | |
| - jobs | |
| verbs: | |
| - get | |
| - watch | |
| - list | |
| - apiGroups: ["coordination.k8s.io"] | |
| resources: | |
| - leases | |
| verbs: | |
| - get | |
| - create | |
| - update | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: fleet-server | |
| namespace: server | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: fleet-server | |
| subjects: | |
| - kind: ServiceAccount | |
| name: fleet-server | |
| namespace: server | |
| roleRef: | |
| kind: ClusterRole | |
| name: fleet-server | |
| apiGroup: rbac.authorization.k8s.io | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: elastic-agent | |
| rules: | |
| - apiGroups: [""] | |
| resources: | |
| - pods | |
| - nodes | |
| - namespaces | |
| - events | |
| - services | |
| - configmaps | |
| verbs: | |
| - get | |
| - watch | |
| - list | |
| - apiGroups: ["coordination.k8s.io"] | |
| resources: | |
| - leases | |
| verbs: | |
| - get | |
| - create | |
| - update | |
| - nonResourceURLs: | |
| - "/metrics" | |
| verbs: | |
| - get | |
| - apiGroups: ["extensions"] | |
| resources: | |
| - replicasets | |
| verbs: | |
| - "get" | |
| - "list" | |
| - "watch" | |
| - apiGroups: | |
| - "apps" | |
| resources: | |
| - statefulsets | |
| - deployments | |
| - replicasets | |
| verbs: | |
| - "get" | |
| - "list" | |
| - "watch" | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes/stats | |
| verbs: | |
| - get | |
| - apiGroups: | |
| - "batch" | |
| resources: | |
| - jobs | |
| verbs: | |
| - "get" | |
| - "list" | |
| - "watch" | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: elastic-agent | |
| namespace: agents | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: elastic-agent | |
| subjects: | |
| - kind: ServiceAccount | |
| name: elastic-agent | |
| namespace: agents | |
| roleRef: | |
| kind: ClusterRole | |
| name: elastic-agent | |
| apiGroup: rbac.authorization.k8s.io | |
| ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment