From ecfd5b4b3e615462da4ec2f8d197611a154934b7 Mon Sep 17 00:00:00 2001 From: elasticmachine Date: Tue, 10 Dec 2024 23:55:56 +0000 Subject: [PATCH 1/7] [Release] update version --- version/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version/version.go b/version/version.go index e7ee30f5584..5d9a801ce80 100644 --- a/version/version.go +++ b/version/version.go @@ -4,5 +4,5 @@ package version -const defaultBeatVersion = "8.16.2" +const defaultBeatVersion = "8.16.3" const Agent = defaultBeatVersion From f682544ae1d2e487b68d8b906ed6bc5cb4bbcf77 Mon Sep 17 00:00:00 2001 From: julienlind Date: Tue, 17 Dec 2024 09:49:46 +0100 Subject: [PATCH 2/7] update k8s examples --- ...-managed-kubernetes-without-configmap.yaml | 305 +++++++++ ...andalone-kubernetes-without-configmap.yaml | 311 +++++++++ deploy/kubernetes/elastic_agent_manifest.ts | 624 +++++++++++++++++ deploy/kubernetes/elastic_agent_manifest.ts-e | 626 ++++++++++++++++++ 4 files changed, 1866 insertions(+) create mode 100644 deploy/kubernetes/elastic-agent-managed-kubernetes-without-configmap.yaml create mode 100644 deploy/kubernetes/elastic-agent-standalone-kubernetes-without-configmap.yaml create mode 100644 deploy/kubernetes/elastic_agent_manifest.ts create mode 100644 deploy/kubernetes/elastic_agent_manifest.ts-e diff --git a/deploy/kubernetes/elastic-agent-managed-kubernetes-without-configmap.yaml b/deploy/kubernetes/elastic-agent-managed-kubernetes-without-configmap.yaml new file mode 100644 index 00000000000..d8fdfc90fb7 --- /dev/null +++ b/deploy/kubernetes/elastic-agent-managed-kubernetes-without-configmap.yaml @@ -0,0 +1,305 @@ +# For more information https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-managed-by-fleet.html +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: elastic-agent + namespace: kube-system + labels: + app: elastic-agent +spec: + selector: + matchLabels: + app: elastic-agent + template: + metadata: + labels: + app: elastic-agent + spec: + # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. + # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: elastic-agent + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: elastic-agent + image: docker.elastic.co/beats/elastic-agent:VERSION + env: + # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode + - name: FLEET_ENROLL + value: "1" + # Set to true to communicate with Fleet with either insecure HTTP or unverified HTTPS + - name: FLEET_INSECURE + value: "false" + # Fleet Server URL to enroll the Elastic Agent into + # FLEET_URL can be found in Kibana, go to Management > Fleet > Settings + - name: FLEET_URL + value: "https://fleet-server:8220" + # Elasticsearch API key used to enroll Elastic Agents in Fleet (https://www.elastic.co/guide/en/fleet/current/fleet-enrollment-tokens.html#fleet-enrollment-tokens) + # If FLEET_ENROLLMENT_TOKEN is empty then KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed + - name: FLEET_ENROLLMENT_TOKEN + value: "token-id" + - name: KIBANA_HOST + value: "http://kibana:5601" + # The basic authentication username used to connect to Kibana and retrieve a service_token to enable Fleet + - name: KIBANA_FLEET_USERNAME + value: "elastic" + # The basic authentication password used to connect to Kibana and retrieve a service_token to enable Fleet + - name: KIBANA_FLEET_PASSWORD + value: "changeme" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. + # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html + - name: ELASTIC_NETINFO + value: "false" + securityContext: + runAsUser: 0 + # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) + # If you are using this integration, please uncomment these lines before applying. + #capabilities: + # add: + # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. + # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. + # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' + ######################################################################################## + # The following capabilities are needed for Universal Profiling. + # More fine graded capabilities are only available for newer Linux kernels. + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #procMount: "Unmasked" + #privileged: true + #capabilities: + # add: + # - SYS_ADMIN + resources: + limits: + memory: 1Gi + requests: + cpu: 100m + memory: 500Mi + volumeMounts: + - name: proc + mountPath: /hostfs/proc + readOnly: true + - name: cgroup + mountPath: /hostfs/sys/fs/cgroup + readOnly: true + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + - name: varlog + mountPath: /var/log + readOnly: true + - name: etc-full + mountPath: /hostfs/etc + readOnly: true + - name: var-lib + mountPath: /hostfs/var/lib + readOnly: true + - name: etc-mid + mountPath: /etc/machine-id + readOnly: true + - name: sys-kernel-debug + mountPath: /sys/kernel/debug + - name: elastic-agent-state + mountPath: /usr/share/elastic-agent/state + volumes: + - name: proc + hostPath: + path: /proc + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + - name: varlog + hostPath: + path: /var/log + # The following volumes are needed for Cloud Security Posture integration (cloudbeat) + # If you are not using this integration, then these volumes and the corresponding + # mounts can be removed. + - name: etc-full + hostPath: + path: /etc + - name: var-lib + hostPath: + path: /var/lib + # Mount /etc/machine-id from the host to determine host ID + # Needed for Kubernetes node autodiscovery + - name: etc-mid + hostPath: + path: /etc/machine-id + type: File + # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling + # If you are not using one of these integrations, then these volumes and the corresponding + # mounts can be removed. + - name: sys-kernel-debug + hostPath: + path: /sys/kernel/debug + # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state + # Update 'kube-system' with the namespace of your agent installation + - name: elastic-agent-state + hostPath: + path: /var/lib/elastic-agent-managed/kube-system/state + type: DirectoryOrCreate +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: ClusterRole + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: kube-system + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent-kubeadm-config + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: elastic-agent + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + - services + - configmaps + # Needed for cloudbeat + - serviceaccounts + - persistentvolumes + - persistentvolumeclaims + verbs: ["get", "list", "watch"] + # Enable this rule only if planing to use kubernetes_secrets provider + #- apiGroups: [""] + # resources: + # - secrets + # verbs: ["get"] + - apiGroups: ["extensions"] + resources: + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + - deployments + - replicasets + - daemonsets + verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + - apiGroups: [ "batch" ] + resources: + - jobs + - cronjobs + verbs: [ "get", "list", "watch" ] + # Needed for apiserver + - nonResourceURLs: + - "/metrics" + verbs: + - get + # Needed for cloudbeat + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: ["get", "list", "watch"] + # Needed for cloudbeat + - apiGroups: ["policy"] + resources: + - podsecuritypolicies + verbs: ["get", "list", "watch"] + - apiGroups: [ "storage.k8s.io" ] + resources: + - storageclasses + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent + # Should be the namespace where elastic-agent is running + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - configmaps + resourceNames: + - kubeadm-config + verbs: ["get"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elastic-agent + namespace: kube-system + labels: + k8s-app: elastic-agent +--- diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes-without-configmap.yaml b/deploy/kubernetes/elastic-agent-standalone-kubernetes-without-configmap.yaml new file mode 100644 index 00000000000..3de3386dd8f --- /dev/null +++ b/deploy/kubernetes/elastic-agent-standalone-kubernetes-without-configmap.yaml @@ -0,0 +1,311 @@ +# For more information refer https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-standalone.html +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: elastic-agent-standalone + namespace: kube-system + labels: + app: elastic-agent-standalone +spec: + selector: + matchLabels: + app: elastic-agent-standalone + template: + metadata: + labels: + app: elastic-agent-standalone + spec: + # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. + # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: elastic-agent-standalone + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + # Uncomment if using hints feature + #initContainers: + # - name: k8s-templates-downloader + # image: docker.elastic.co/beats/elastic-agent:VERSION + # command: ['bash'] + # args: + # - -c + # - >- + # mkdir -p /usr/share/elastic-agent/state/inputs.d && + # curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /usr/share/elastic-agent/state/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d" + # securityContext: + # runAsUser: 0 + # volumeMounts: + # - name: elastic-agent-state + # mountPath: /usr/share/elastic-agent/state + containers: + - name: elastic-agent-standalone + image: docker.elastic.co/beats/elastic-agent:VERSION + args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] + env: + # The API Key with access privilleges to connect to Elasticsearch. https://www.elastic.co/guide/en/fleet/current/grant-access-to-elasticsearch.html#create-api-key-standalone-agent + - name: API_KEY + value: "" + # The basic authentication username used to connect to Elasticsearch. Alternative to API_KEY access. + # This user needs the privileges required to publish events to Elasticsearch. + - name: ES_USERNAME + value: "elastic" + # The basic authentication password used to connect to Elasticsearch + - name: ES_PASSWORD + value: "changeme" + # The Elasticsearch host to communicate with + - name: ES_HOST + value: "" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. + # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html + - name: ELASTIC_NETINFO + value: "false" + securityContext: + runAsUser: 0 + # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) + # If you are using this integration, please uncomment these lines before applying. + #capabilities: + # add: + # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. + # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. + # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' + ######################################################################################## + # The following capabilities are needed for Universal Profiling. + # More fine graded capabilities are only available for newer Linux kernels. + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #procMount: "Unmasked" + #privileged: true + #capabilities: + # add: + # - SYS_ADMIN + resources: + limits: + memory: 1Gi + requests: + cpu: 100m + memory: 500Mi + volumeMounts: + - name: datastreams + mountPath: /etc/elastic-agent/agent.yml + readOnly: true + subPath: agent.yml + - name: proc + mountPath: /hostfs/proc + readOnly: true + - name: cgroup + mountPath: /hostfs/sys/fs/cgroup + readOnly: true + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + - name: varlog + mountPath: /var/log + readOnly: true + - name: etc-full + mountPath: /hostfs/etc + readOnly: true + - name: var-lib + mountPath: /hostfs/var/lib + readOnly: true + - name: sys-kernel-debug + mountPath: /sys/kernel/debug + - name: elastic-agent-state + mountPath: /usr/share/elastic-agent/state + volumes: + - name: datastreams + configMap: + defaultMode: 0644 + name: agent-node-datastreams + - name: proc + hostPath: + path: /proc + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + - name: varlog + hostPath: + path: /var/log + # The following volumes are needed for Cloud Security Posture integration (cloudbeat) + # If you are not using this integration, then these volumes and the corresponding + # mounts can be removed. + - name: etc-full + hostPath: + path: /etc + - name: var-lib + hostPath: + path: /var/lib + # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling + # If you are not using one of these integrations, then these volumes and the corresponding + # mounts can be removed. + - name: sys-kernel-debug + hostPath: + path: /sys/kernel/debug + # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state + # Update 'kube-system' with the namespace of your agent installation + - name: elastic-agent-state + hostPath: + path: /var/lib/elastic-agent-standalone/kube-system/state + type: DirectoryOrCreate +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: elastic-agent-standalone +subjects: + - kind: ServiceAccount + name: elastic-agent-standalone + namespace: kube-system +roleRef: + kind: ClusterRole + name: elastic-agent-standalone + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: kube-system + name: elastic-agent-standalone +subjects: + - kind: ServiceAccount + name: elastic-agent-standalone + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent-standalone + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: elastic-agent-standalone-kubeadm-config + namespace: kube-system +subjects: + - kind: ServiceAccount + name: elastic-agent-standalone + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent-standalone-kubeadm-config + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: elastic-agent-standalone + labels: + k8s-app: elastic-agent-standalone +rules: + - apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + - services + - configmaps + # Needed for cloudbeat + - serviceaccounts + - persistentvolumes + - persistentvolumeclaims + verbs: ["get", "list", "watch"] + # Enable this rule only if planing to use kubernetes_secrets provider + #- apiGroups: [""] + # resources: + # - secrets + # verbs: ["get"] + - apiGroups: ["extensions"] + resources: + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + - deployments + - replicasets + - daemonsets + verbs: ["get", "list", "watch"] + - apiGroups: ["batch"] + resources: + - jobs + - cronjobs + verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + # Needed for apiserver + - nonResourceURLs: + - "/metrics" + verbs: + - get + # Needed for cloudbeat + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: ["get", "list", "watch"] + # Needed for cloudbeat + - apiGroups: ["policy"] + resources: + - podsecuritypolicies + verbs: ["get", "list", "watch"] + - apiGroups: [ "storage.k8s.io" ] + resources: + - storageclasses + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent-standalone + # Should be the namespace where elastic-agent is running + namespace: kube-system + labels: + k8s-app: elastic-agent-standalone +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent-standalone-kubeadm-config + namespace: kube-system + labels: + k8s-app: elastic-agent-standalone +rules: + - apiGroups: [""] + resources: + - configmaps + resourceNames: + - kubeadm-config + verbs: ["get"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elastic-agent-standalone + namespace: kube-system + labels: + k8s-app: elastic-agent-standalone +--- diff --git a/deploy/kubernetes/elastic_agent_manifest.ts b/deploy/kubernetes/elastic_agent_manifest.ts new file mode 100644 index 00000000000..4bb6bad203e --- /dev/null +++ b/deploy/kubernetes/elastic_agent_manifest.ts @@ -0,0 +1,624 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const elasticAgentStandaloneManifest = `--- +# For more information refer https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-standalone.html +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: elastic-agent + namespace: kube-system + labels: + app: elastic-agent +spec: + selector: + matchLabels: + app: elastic-agent + template: + metadata: + labels: + app: elastic-agent + spec: + # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. + # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: elastic-agent + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + # Uncomment if using hints feature + #initContainers: + # - name: k8s-templates-downloader + # image: docker.elastic.co/beats/elastic-agent:VERSION + # command: ['bash'] + # args: + # - -c + # - >- + # mkdir -p /usr/share/elastic-agent/state/inputs.d && + # curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /usr/share/elastic-agent/state/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d" + # securityContext: + # runAsUser: 0 + # volumeMounts: + # - name: elastic-agent-state + # mountPath: /usr/share/elastic-agent/state + containers: + - name: elastic-agent + image: docker.elastic.co/beats/elastic-agent:VERSION + args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] + env: + # The API Key with access privilleges to connect to Elasticsearch. https://www.elastic.co/guide/en/fleet/current/grant-access-to-elasticsearch.html#create-api-key-standalone-agent + - name: API_KEY + # The basic authentication username used to connect to Elasticsearch. Alternative to API_KEY access. + # This user needs the privileges required to publish events to Elasticsearch. + - name: ES_USERNAME + value: "elastic" + # The basic authentication password used to connect to Elasticsearch + - name: ES_PASSWORD + value: "changeme" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. + # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html + - name: ELASTIC_NETINFO + value: "false" + securityContext: + runAsUser: 0 + # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) + # If you are using this integration, please uncomment these lines before applying. + #capabilities: + # add: + # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. + # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. + # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' + ######################################################################################## + # The following capabilities are needed for Universal Profiling. + # More fine graded capabilities are only available for newer Linux kernels. + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #procMount: "Unmasked" + #privileged: true + #capabilities: + # add: + # - SYS_ADMIN + resources: + limits: + memory: 1Gi + requests: + cpu: 100m + memory: 500Mi + volumeMounts: + - name: datastreams + mountPath: /etc/elastic-agent/agent.yml + readOnly: true + subPath: agent.yml + - name: proc + mountPath: /hostfs/proc + readOnly: true + - name: cgroup + mountPath: /hostfs/sys/fs/cgroup + readOnly: true + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + - name: varlog + mountPath: /var/log + readOnly: true + - name: etc-full + mountPath: /hostfs/etc + readOnly: true + - name: var-lib + mountPath: /hostfs/var/lib + readOnly: true + - name: sys-kernel-debug + mountPath: /sys/kernel/debug + - name: elastic-agent-state + mountPath: /usr/share/elastic-agent/state + volumes: + - name: datastreams + configMap: + defaultMode: 0644 + name: agent-node-datastreams + - name: proc + hostPath: + path: /proc + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + - name: varlog + hostPath: + path: /var/log + # The following volumes are needed for Cloud Security Posture integration (cloudbeat) + # If you are not using this integration, then these volumes and the corresponding + # mounts can be removed. + - name: etc-full + hostPath: + path: /etc + - name: var-lib + hostPath: + path: /var/lib + # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling + # If you are not using one of these integrations, then these volumes and the corresponding + # mounts can be removed. + - name: sys-kernel-debug + hostPath: + path: /sys/kernel/debug + # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state + # Update 'kube-system' with the namespace of your agent installation + - name: elastic-agent-state + hostPath: + path: /var/lib/elastic-agent/kube-system/state + type: DirectoryOrCreate +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: ClusterRole + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: kube-system + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent-kubeadm-config + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: elastic-agent + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + - services + - configmaps + # Needed for cloudbeat + - serviceaccounts + - persistentvolumes + - persistentvolumeclaims + verbs: ["get", "list", "watch"] + # Enable this rule only if planing to use kubernetes_secrets provider + #- apiGroups: [""] + # resources: + # - secrets + # verbs: ["get"] + - apiGroups: ["extensions"] + resources: + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + - deployments + - replicasets + - daemonsets + verbs: ["get", "list", "watch"] + - apiGroups: ["batch"] + resources: + - jobs + - cronjobs + verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + # Needed for apiserver + - nonResourceURLs: + - "/metrics" + verbs: + - get + # Needed for cloudbeat + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: ["get", "list", "watch"] + # Needed for cloudbeat + - apiGroups: ["policy"] + resources: + - podsecuritypolicies + verbs: ["get", "list", "watch"] + - apiGroups: [ "storage.k8s.io" ] + resources: + - storageclasses + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent + # Should be the namespace where elastic-agent is running + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - configmaps + resourceNames: + - kubeadm-config + verbs: ["get"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elastic-agent + namespace: kube-system + labels: + k8s-app: elastic-agent +--- +`; + +export const elasticAgentManagedManifest = `--- +# For more information https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-managed-by-fleet.html +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: elastic-agent + namespace: kube-system + labels: + app: elastic-agent +spec: + selector: + matchLabels: + app: elastic-agent + template: + metadata: + labels: + app: elastic-agent + spec: + # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. + # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: elastic-agent + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: elastic-agent + image: docker.elastic.co/beats/elastic-agent:VERSION + env: + # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode + - name: FLEET_ENROLL + value: "1" + # Set to true to communicate with Fleet with either insecure HTTP or unverified HTTPS + - name: FLEET_INSECURE + value: "false" + # Fleet Server URL to enroll the Elastic Agent into + # FLEET_URL can be found in Kibana, go to Management > Fleet > Settings + - name: FLEET_URL + value: "https://fleet-server:8220" + # Elasticsearch API key used to enroll Elastic Agents in Fleet (https://www.elastic.co/guide/en/fleet/current/fleet-enrollment-tokens.html#fleet-enrollment-tokens) + # If FLEET_ENROLLMENT_TOKEN is empty then KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed + - name: FLEET_ENROLLMENT_TOKEN + value: "token-id" + - name: KIBANA_HOST + value: "http://kibana:5601" + # The basic authentication username used to connect to Kibana and retrieve a service_token to enable Fleet + - name: KIBANA_FLEET_USERNAME + value: "elastic" + # The basic authentication password used to connect to Kibana and retrieve a service_token to enable Fleet + - name: KIBANA_FLEET_PASSWORD + value: "changeme" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. + # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html + - name: ELASTIC_NETINFO + value: "false" + securityContext: + runAsUser: 0 + # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) + # If you are using this integration, please uncomment these lines before applying. + #capabilities: + # add: + # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. + # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. + # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' + ######################################################################################## + # The following capabilities are needed for Universal Profiling. + # More fine graded capabilities are only available for newer Linux kernels. + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #procMount: "Unmasked" + #privileged: true + #capabilities: + # add: + # - SYS_ADMIN + resources: + limits: + memory: 1Gi + requests: + cpu: 100m + memory: 500Mi + volumeMounts: + - name: proc + mountPath: /hostfs/proc + readOnly: true + - name: cgroup + mountPath: /hostfs/sys/fs/cgroup + readOnly: true + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + - name: varlog + mountPath: /var/log + readOnly: true + - name: etc-full + mountPath: /hostfs/etc + readOnly: true + - name: var-lib + mountPath: /hostfs/var/lib + readOnly: true + - name: etc-mid + mountPath: /etc/machine-id + readOnly: true + - name: sys-kernel-debug + mountPath: /sys/kernel/debug + - name: elastic-agent-state + mountPath: /usr/share/elastic-agent/state + volumes: + - name: proc + hostPath: + path: /proc + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + - name: varlog + hostPath: + path: /var/log + # The following volumes are needed for Cloud Security Posture integration (cloudbeat) + # If you are not using this integration, then these volumes and the corresponding + # mounts can be removed. + - name: etc-full + hostPath: + path: /etc + - name: var-lib + hostPath: + path: /var/lib + # Mount /etc/machine-id from the host to determine host ID + # Needed for Kubernetes node autodiscovery + - name: etc-mid + hostPath: + path: /etc/machine-id + type: File + # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling + # If you are not using one of these integrations, then these volumes and the corresponding + # mounts can be removed. + - name: sys-kernel-debug + hostPath: + path: /sys/kernel/debug + # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state + # Update 'kube-system' with the namespace of your agent installation + - name: elastic-agent-state + hostPath: + path: /var/lib/elastic-agent-managed/kube-system/state + type: DirectoryOrCreate +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: ClusterRole + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: kube-system + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent-kubeadm-config + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: elastic-agent + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + - services + - configmaps + # Needed for cloudbeat + - serviceaccounts + - persistentvolumes + - persistentvolumeclaims + verbs: ["get", "list", "watch"] + # Enable this rule only if planing to use kubernetes_secrets provider + #- apiGroups: [""] + # resources: + # - secrets + # verbs: ["get"] + - apiGroups: ["extensions"] + resources: + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + - deployments + - replicasets + - daemonsets + verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + - apiGroups: [ "batch" ] + resources: + - jobs + - cronjobs + verbs: [ "get", "list", "watch" ] + # Needed for apiserver + - nonResourceURLs: + - "/metrics" + verbs: + - get + # Needed for cloudbeat + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: ["get", "list", "watch"] + # Needed for cloudbeat + - apiGroups: ["policy"] + resources: + - podsecuritypolicies + verbs: ["get", "list", "watch"] + - apiGroups: [ "storage.k8s.io" ] + resources: + - storageclasses + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent + # Should be the namespace where elastic-agent is running + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - configmaps + resourceNames: + - kubeadm-config + verbs: ["get"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elastic-agent + namespace: kube-system + labels: + k8s-app: elastic-agent +--- +`; diff --git a/deploy/kubernetes/elastic_agent_manifest.ts-e b/deploy/kubernetes/elastic_agent_manifest.ts-e new file mode 100644 index 00000000000..1b16dd3883c --- /dev/null +++ b/deploy/kubernetes/elastic_agent_manifest.ts-e @@ -0,0 +1,626 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const elasticAgentStandaloneManifest = `--- +# For more information refer https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-standalone.html +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: elastic-agent + namespace: kube-system + labels: + app: elastic-agent +spec: + selector: + matchLabels: + app: elastic-agent + template: + metadata: + labels: + app: elastic-agent + spec: + # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. + # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: elastic-agent + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + # Uncomment if using hints feature + #initContainers: + # - name: k8s-templates-downloader + # image: docker.elastic.co/beats/elastic-agent:VERSION + # command: ['bash'] + # args: + # - -c + # - >- + # mkdir -p /usr/share/elastic-agent/state/inputs.d && + # curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /usr/share/elastic-agent/state/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d" + # securityContext: + # runAsUser: 0 + # volumeMounts: + # - name: elastic-agent-state + # mountPath: /usr/share/elastic-agent/state + containers: + - name: elastic-agent + image: docker.elastic.co/beats/elastic-agent:VERSION + args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] + env: + # The API Key with access privilleges to connect to Elasticsearch. https://www.elastic.co/guide/en/fleet/current/grant-access-to-elasticsearch.html#create-api-key-standalone-agent + - name: API_KEY + value: "" + # The basic authentication username used to connect to Elasticsearch. Alternative to API_KEY access. + # This user needs the privileges required to publish events to Elasticsearch. + - name: ES_USERNAME + value: "elastic" + # The basic authentication password used to connect to Elasticsearch + - name: ES_PASSWORD + value: "changeme" + value: "" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. + # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html + - name: ELASTIC_NETINFO + value: "false" + securityContext: + runAsUser: 0 + # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) + # If you are using this integration, please uncomment these lines before applying. + #capabilities: + # add: + # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. + # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. + # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' + ######################################################################################## + # The following capabilities are needed for Universal Profiling. + # More fine graded capabilities are only available for newer Linux kernels. + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #procMount: "Unmasked" + #privileged: true + #capabilities: + # add: + # - SYS_ADMIN + resources: + limits: + memory: 1Gi + requests: + cpu: 100m + memory: 500Mi + volumeMounts: + - name: datastreams + mountPath: /etc/elastic-agent/agent.yml + readOnly: true + subPath: agent.yml + - name: proc + mountPath: /hostfs/proc + readOnly: true + - name: cgroup + mountPath: /hostfs/sys/fs/cgroup + readOnly: true + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + - name: varlog + mountPath: /var/log + readOnly: true + - name: etc-full + mountPath: /hostfs/etc + readOnly: true + - name: var-lib + mountPath: /hostfs/var/lib + readOnly: true + - name: sys-kernel-debug + mountPath: /sys/kernel/debug + - name: elastic-agent-state + mountPath: /usr/share/elastic-agent/state + volumes: + - name: datastreams + configMap: + defaultMode: 0644 + name: agent-node-datastreams + - name: proc + hostPath: + path: /proc + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + - name: varlog + hostPath: + path: /var/log + # The following volumes are needed for Cloud Security Posture integration (cloudbeat) + # If you are not using this integration, then these volumes and the corresponding + # mounts can be removed. + - name: etc-full + hostPath: + path: /etc + - name: var-lib + hostPath: + path: /var/lib + # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling + # If you are not using one of these integrations, then these volumes and the corresponding + # mounts can be removed. + - name: sys-kernel-debug + hostPath: + path: /sys/kernel/debug + # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state + # Update 'kube-system' with the namespace of your agent installation + - name: elastic-agent-state + hostPath: + path: /var/lib/elastic-agent/kube-system/state + type: DirectoryOrCreate +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: ClusterRole + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: kube-system + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent-kubeadm-config + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: elastic-agent + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + - services + - configmaps + # Needed for cloudbeat + - serviceaccounts + - persistentvolumes + - persistentvolumeclaims + verbs: ["get", "list", "watch"] + # Enable this rule only if planing to use kubernetes_secrets provider + #- apiGroups: [""] + # resources: + # - secrets + # verbs: ["get"] + - apiGroups: ["extensions"] + resources: + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + - deployments + - replicasets + - daemonsets + verbs: ["get", "list", "watch"] + - apiGroups: ["batch"] + resources: + - jobs + - cronjobs + verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + # Needed for apiserver + - nonResourceURLs: + - "/metrics" + verbs: + - get + # Needed for cloudbeat + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: ["get", "list", "watch"] + # Needed for cloudbeat + - apiGroups: ["policy"] + resources: + - podsecuritypolicies + verbs: ["get", "list", "watch"] + - apiGroups: [ "storage.k8s.io" ] + resources: + - storageclasses + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent + # Should be the namespace where elastic-agent is running + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - configmaps + resourceNames: + - kubeadm-config + verbs: ["get"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elastic-agent + namespace: kube-system + labels: + k8s-app: elastic-agent +--- +`; + +export const elasticAgentManagedManifest = `--- +# For more information https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-managed-by-fleet.html +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: elastic-agent + namespace: kube-system + labels: + app: elastic-agent +spec: + selector: + matchLabels: + app: elastic-agent + template: + metadata: + labels: + app: elastic-agent + spec: + # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. + # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: elastic-agent + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: elastic-agent + image: docker.elastic.co/beats/elastic-agent:VERSION + env: + # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode + - name: FLEET_ENROLL + value: "1" + # Set to true to communicate with Fleet with either insecure HTTP or unverified HTTPS + - name: FLEET_INSECURE + value: "false" + # Fleet Server URL to enroll the Elastic Agent into + # FLEET_URL can be found in Kibana, go to Management > Fleet > Settings + - name: FLEET_URL + value: "https://fleet-server:8220" + # Elasticsearch API key used to enroll Elastic Agents in Fleet (https://www.elastic.co/guide/en/fleet/current/fleet-enrollment-tokens.html#fleet-enrollment-tokens) + # If FLEET_ENROLLMENT_TOKEN is empty then KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed + - name: FLEET_ENROLLMENT_TOKEN + value: "token-id" + - name: KIBANA_HOST + value: "http://kibana:5601" + # The basic authentication username used to connect to Kibana and retrieve a service_token to enable Fleet + - name: KIBANA_FLEET_USERNAME + value: "elastic" + # The basic authentication password used to connect to Kibana and retrieve a service_token to enable Fleet + - name: KIBANA_FLEET_PASSWORD + value: "changeme" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. + # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html + - name: ELASTIC_NETINFO + value: "false" + securityContext: + runAsUser: 0 + # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) + # If you are using this integration, please uncomment these lines before applying. + #capabilities: + # add: + # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. + # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. + # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' + ######################################################################################## + # The following capabilities are needed for Universal Profiling. + # More fine graded capabilities are only available for newer Linux kernels. + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #procMount: "Unmasked" + #privileged: true + #capabilities: + # add: + # - SYS_ADMIN + resources: + limits: + memory: 1Gi + requests: + cpu: 100m + memory: 500Mi + volumeMounts: + - name: proc + mountPath: /hostfs/proc + readOnly: true + - name: cgroup + mountPath: /hostfs/sys/fs/cgroup + readOnly: true + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + - name: varlog + mountPath: /var/log + readOnly: true + - name: etc-full + mountPath: /hostfs/etc + readOnly: true + - name: var-lib + mountPath: /hostfs/var/lib + readOnly: true + - name: etc-mid + mountPath: /etc/machine-id + readOnly: true + - name: sys-kernel-debug + mountPath: /sys/kernel/debug + - name: elastic-agent-state + mountPath: /usr/share/elastic-agent/state + volumes: + - name: proc + hostPath: + path: /proc + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + - name: varlog + hostPath: + path: /var/log + # The following volumes are needed for Cloud Security Posture integration (cloudbeat) + # If you are not using this integration, then these volumes and the corresponding + # mounts can be removed. + - name: etc-full + hostPath: + path: /etc + - name: var-lib + hostPath: + path: /var/lib + # Mount /etc/machine-id from the host to determine host ID + # Needed for Kubernetes node autodiscovery + - name: etc-mid + hostPath: + path: /etc/machine-id + type: File + # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling + # If you are not using one of these integrations, then these volumes and the corresponding + # mounts can be removed. + - name: sys-kernel-debug + hostPath: + path: /sys/kernel/debug + # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state + # Update 'kube-system' with the namespace of your agent installation + - name: elastic-agent-state + hostPath: + path: /var/lib/elastic-agent-managed/kube-system/state + type: DirectoryOrCreate +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: ClusterRole + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: kube-system + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent-kubeadm-config + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: elastic-agent + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + - services + - configmaps + # Needed for cloudbeat + - serviceaccounts + - persistentvolumes + - persistentvolumeclaims + verbs: ["get", "list", "watch"] + # Enable this rule only if planing to use kubernetes_secrets provider + #- apiGroups: [""] + # resources: + # - secrets + # verbs: ["get"] + - apiGroups: ["extensions"] + resources: + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + - deployments + - replicasets + - daemonsets + verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + - apiGroups: [ "batch" ] + resources: + - jobs + - cronjobs + verbs: [ "get", "list", "watch" ] + # Needed for apiserver + - nonResourceURLs: + - "/metrics" + verbs: + - get + # Needed for cloudbeat + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: ["get", "list", "watch"] + # Needed for cloudbeat + - apiGroups: ["policy"] + resources: + - podsecuritypolicies + verbs: ["get", "list", "watch"] + - apiGroups: [ "storage.k8s.io" ] + resources: + - storageclasses + verbs: [ "get", "list", "watch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent + # Should be the namespace where elastic-agent is running + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - configmaps + resourceNames: + - kubeadm-config + verbs: ["get"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elastic-agent + namespace: kube-system + labels: + k8s-app: elastic-agent +--- +`; From 94e26b2f07b2f01e0174a8e9bbb2679a3335e4e4 Mon Sep 17 00:00:00 2001 From: julienlind Date: Tue, 17 Dec 2024 10:11:50 +0100 Subject: [PATCH 3/7] generate helm yaml files --- .../edot-collector/kube-stack/values.yaml | 2 +- .../examples/eck/rendered/manifest.yaml | 42 +++++++++---------- .../fleet-managed/rendered/manifest.yaml | 12 +++--- .../kubernetes-default/rendered/manifest.yaml | 36 ++++++++-------- .../rendered/manifest.yaml | 40 +++++++++--------- .../rendered/manifest.yaml | 12 +++--- .../rendered/manifest.yaml | 40 +++++++++--------- .../rendered/manifest.yaml | 6 +-- .../rendered/manifest.yaml | 12 +++--- .../user-cluster-role/rendered/manifest.yaml | 10 ++--- .../rendered/manifest.yaml | 30 ++++++------- deploy/helm/elastic-agent/values.yaml | 4 +- 12 files changed, 123 insertions(+), 123 deletions(-) diff --git a/deploy/helm/edot-collector/kube-stack/values.yaml b/deploy/helm/edot-collector/kube-stack/values.yaml index e12e9c27122..dc5fd8e0dc4 100644 --- a/deploy/helm/edot-collector/kube-stack/values.yaml +++ b/deploy/helm/edot-collector/kube-stack/values.yaml @@ -17,7 +17,7 @@ crds: defaultCRConfig: image: repository: "docker.elastic.co/beats/elastic-agent" - tag: "8.16.2" + tag: "8.16.3" targetAllocator: enabled: false # Enable/disable the Operator's Target allocator. # Refer to: https://github.com/open-telemetry/opentelemetry-operator/tree/main/cmd/otel-allocator diff --git a/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml index a92591daac3..26c99721a6e 100644 --- a/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic --- @@ -23,7 +23,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic --- @@ -37,7 +37,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic --- @@ -51,7 +51,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic stringData: @@ -103,7 +103,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic stringData: @@ -392,7 +392,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic stringData: @@ -569,7 +569,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic rules: @@ -693,7 +693,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic rules: @@ -926,7 +926,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic rules: @@ -1008,7 +1008,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic subjects: @@ -1029,7 +1029,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic subjects: @@ -1050,7 +1050,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic subjects: @@ -1072,11 +1072,11 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic spec: - version: 8.16.2 + version: 8.16.3 configRef: secretName: agent-pernode-example elasticsearchRefs: @@ -1100,7 +1100,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: @@ -1174,11 +1174,11 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic spec: - version: 8.16.2 + version: 8.16.3 configRef: secretName: agent-clusterwide-example elasticsearchRefs: @@ -1202,7 +1202,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: @@ -1242,11 +1242,11 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: eck.k8s.elastic.co/license: basic spec: - version: 8.16.2 + version: 8.16.3 configRef: secretName: agent-ksmsharded-example elasticsearchRefs: @@ -1311,7 +1311,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: diff --git a/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml index 84f7a9d087f..fe1c82666c0 100644 --- a/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/k8s/secret.yaml apiVersion: v1 @@ -21,7 +21,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -41,7 +41,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -147,7 +147,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-nginx-example @@ -167,7 +167,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -204,7 +204,7 @@ spec: value: "false" - name: FLEET_ENROLL value: "1" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent securityContext: diff --git a/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml index 48bb60455a0..16f61fc2aaa 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/service-account.yaml apiVersion: v1 @@ -21,7 +21,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/service-account.yaml apiVersion: v1 @@ -33,7 +33,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/k8s/secret.yaml apiVersion: v1 @@ -45,7 +45,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -102,7 +102,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -396,7 +396,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -578,7 +578,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -700,7 +700,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -931,7 +931,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -1011,7 +1011,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-clusterwide-example @@ -1030,7 +1030,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-ksmsharded-example @@ -1049,7 +1049,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-pernode-example @@ -1069,7 +1069,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1100,7 +1100,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: @@ -1188,7 +1188,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1219,7 +1219,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: @@ -1269,7 +1269,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1341,7 +1341,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: diff --git a/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml index 76952816306..05f3d93b10a 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/service-account.yaml apiVersion: v1 @@ -21,7 +21,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/service-account.yaml apiVersion: v1 @@ -33,7 +33,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/k8s/secret.yaml apiVersion: v1 @@ -45,7 +45,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -102,7 +102,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -396,7 +396,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -580,7 +580,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -702,7 +702,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -933,7 +933,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -1013,7 +1013,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-clusterwide-example @@ -1032,7 +1032,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-ksmsharded-example @@ -1051,7 +1051,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-pernode-example @@ -1071,7 +1071,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1102,7 +1102,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: @@ -1155,8 +1155,8 @@ spec: - args: - -c - mkdir -p /etc/elastic-agent/inputs.d && mkdir -p /etc/elastic-agent/inputs.d - && wget -O - https://github.com/elastic/elastic-agent/archive/v8.16.2.tar.gz - | tar xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-8.16.2/deploy/kubernetes/elastic-agent-standalone/templates.d" + && wget -O - https://github.com/elastic/elastic-agent/archive/v8.16.3.tar.gz + | tar xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-8.16.3/deploy/kubernetes/elastic-agent-standalone/templates.d" command: - sh image: busybox:1.36.1 @@ -1215,7 +1215,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1246,7 +1246,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: @@ -1296,7 +1296,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1368,7 +1368,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: diff --git a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml index f265751153e..c06b2d801ad 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/k8s/secret.yaml apiVersion: v1 @@ -21,7 +21,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -113,7 +113,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -193,7 +193,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-pernode-example @@ -213,7 +213,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -244,7 +244,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: diff --git a/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml index d96262a35b5..bd77acf5785 100644 --- a/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/service-account.yaml apiVersion: v1 @@ -21,7 +21,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/service-account.yaml apiVersion: v1 @@ -33,7 +33,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/k8s/secret.yaml apiVersion: v1 @@ -45,7 +45,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -128,7 +128,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -422,7 +422,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -606,7 +606,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -728,7 +728,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -959,7 +959,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -1039,7 +1039,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-clusterwide-example @@ -1058,7 +1058,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-ksmsharded-example @@ -1077,7 +1077,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-pernode-example @@ -1097,7 +1097,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1128,7 +1128,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: @@ -1171,8 +1171,8 @@ spec: - args: - -c - mkdir -p /etc/elastic-agent/inputs.d && mkdir -p /etc/elastic-agent/inputs.d - && wget -O - https://github.com/elastic/elastic-agent/archive/v8.16.2.tar.gz - | tar xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-8.16.2/deploy/kubernetes/elastic-agent-standalone/templates.d" + && wget -O - https://github.com/elastic/elastic-agent/archive/v8.16.3.tar.gz + | tar xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-8.16.3/deploy/kubernetes/elastic-agent-standalone/templates.d" command: - sh image: busybox:1.36.1 @@ -1231,7 +1231,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1262,7 +1262,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: @@ -1302,7 +1302,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1374,7 +1374,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: diff --git a/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml index 58f4689e6b8..17695c43ffc 100644 --- a/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -64,7 +64,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -93,7 +93,7 @@ spec: fieldPath: metadata.name - name: STATE_PATH value: /usr/share/elastic-agent/state - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent securityContext: diff --git a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml index 157cb0fdfd6..c0a81e2931a 100644 --- a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 --- # Source: elastic-agent/templates/agent/k8s/secret.yaml apiVersion: v1 @@ -21,7 +21,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -185,7 +185,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 rules: - apiGroups: [ "" ] # "" indicates the core API group resources: @@ -265,7 +265,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: agent-pernode-example @@ -285,7 +285,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -316,7 +316,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: diff --git a/deploy/helm/elastic-agent/examples/user-cluster-role/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/user-cluster-role/rendered/manifest.yaml index 8bfe7441e19..73461b66508 100644 --- a/deploy/helm/elastic-agent/examples/user-cluster-role/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/user-cluster-role/rendered/manifest.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: elastic-agent.k8s.elastic.co/preset: nginx elastic-agent.k8s.elastic.co/sa: nginx @@ -24,7 +24,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: elastic-agent.k8s.elastic.co/preset: nginx stringData: @@ -80,7 +80,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: elastic-agent.k8s.elastic.co/preset: nginx subjects: @@ -102,7 +102,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -132,7 +132,7 @@ spec: fieldPath: metadata.name - name: STATE_PATH value: /usr/share/elastic-agent/state - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent securityContext: diff --git a/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml index 5f277d25b24..fa9720f71b5 100644 --- a/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -66,7 +66,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -360,7 +360,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 stringData: agent.yml: |- @@ -542,7 +542,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: elastic-agent.k8s.elastic.co/cr: nginx rules: @@ -666,7 +666,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: elastic-agent.k8s.elastic.co/cr: nginx rules: @@ -899,7 +899,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 annotations: elastic-agent.k8s.elastic.co/cr: nginx rules: @@ -981,7 +981,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: user-sa-clusterWide @@ -1000,7 +1000,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: user-sa-ksmSharded @@ -1019,7 +1019,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 subjects: - kind: ServiceAccount name: user-sa-perNode @@ -1039,7 +1039,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1070,7 +1070,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: @@ -1158,7 +1158,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1189,7 +1189,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: @@ -1239,7 +1239,7 @@ metadata: helm.sh/chart: elastic-agent-0.0.1 app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example - app.kubernetes.io/version: 8.16.2 + app.kubernetes.io/version: 8.16.3 spec: selector: matchLabels: @@ -1311,7 +1311,7 @@ spec: value: /usr/share/elastic-agent/state - name: ELASTIC_NETINFO value: "false" - image: docker.elastic.co/beats/elastic-agent:8.16.2-SNAPSHOT + image: docker.elastic.co/beats/elastic-agent:8.16.3-SNAPSHOT imagePullPolicy: IfNotPresent name: agent resources: diff --git a/deploy/helm/elastic-agent/values.yaml b/deploy/helm/elastic-agent/values.yaml index 682bfd4cdbb..26ccd15a146 100644 --- a/deploy/helm/elastic-agent/values.yaml +++ b/deploy/helm/elastic-agent/values.yaml @@ -325,13 +325,13 @@ extraIntegrations: {} agent: # -- elastic-agent version # @section -- 6 - Elastic-Agent Configuration - version: 8.16.2 + version: 8.16.3 # -- image configuration # @section -- 6 - Elastic-Agent Configuration image: repository: docker.elastic.co/beats/elastic-agent pullPolicy: IfNotPresent - tag: "8.16.2-SNAPSHOT" + tag: "8.16.3-SNAPSHOT" # -- image pull secrets # @section -- 3 - Elastic-Agent Configuration imagePullSecrets: [] From 2beedde3aaba3850b7b5eb869298dbffc5db598f Mon Sep 17 00:00:00 2001 From: julienlind Date: Tue, 17 Dec 2024 10:14:02 +0100 Subject: [PATCH 4/7] update k8s --- deploy/kubernetes/elastic-agent-managed-kubernetes.yaml | 2 +- deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml b/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml index 6972c6aab76..4cc8ea598ad 100644 --- a/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml +++ b/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml @@ -27,7 +27,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:8.16.2 + image: docker.elastic.co/beats/elastic-agent:8.16.3 env: # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode - name: FLEET_ENROLL diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml index c043d392a79..c0425c66e3c 100644 --- a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml +++ b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml @@ -697,7 +697,7 @@ spec: # Uncomment if using hints feature #initContainers: # - name: k8s-templates-downloader - # image: docker.elastic.co/beats/elastic-agent:8.16.2 + # image: docker.elastic.co/beats/elastic-agent:8.16.3 # command: ['bash'] # args: # - -c @@ -709,7 +709,7 @@ spec: # mountPath: /etc/elastic-agent/inputs.d containers: - name: elastic-agent-standalone - image: docker.elastic.co/beats/elastic-agent:8.16.2 + image: docker.elastic.co/beats/elastic-agent:8.16.3 args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] env: # The API Key with access privilleges to connect to Elasticsearch. https://www.elastic.co/guide/en/fleet/current/grant-access-to-elasticsearch.html#create-api-key-standalone-agent From 9a4a0063759a0c4b5777dfbf4e798d1db0b3576b Mon Sep 17 00:00:00 2001 From: julienlind Date: Tue, 17 Dec 2024 10:16:31 +0100 Subject: [PATCH 5/7] clean up after mage:renderExamples --- ...-managed-kubernetes-without-configmap.yaml | 305 --------- ...andalone-kubernetes-without-configmap.yaml | 311 --------- deploy/kubernetes/elastic_agent_manifest.ts | 624 ----------------- deploy/kubernetes/elastic_agent_manifest.ts-e | 626 ------------------ 4 files changed, 1866 deletions(-) delete mode 100644 deploy/kubernetes/elastic-agent-managed-kubernetes-without-configmap.yaml delete mode 100644 deploy/kubernetes/elastic-agent-standalone-kubernetes-without-configmap.yaml delete mode 100644 deploy/kubernetes/elastic_agent_manifest.ts delete mode 100644 deploy/kubernetes/elastic_agent_manifest.ts-e diff --git a/deploy/kubernetes/elastic-agent-managed-kubernetes-without-configmap.yaml b/deploy/kubernetes/elastic-agent-managed-kubernetes-without-configmap.yaml deleted file mode 100644 index d8fdfc90fb7..00000000000 --- a/deploy/kubernetes/elastic-agent-managed-kubernetes-without-configmap.yaml +++ /dev/null @@ -1,305 +0,0 @@ -# For more information https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-managed-by-fleet.html -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: elastic-agent - namespace: kube-system - labels: - app: elastic-agent -spec: - selector: - matchLabels: - app: elastic-agent - template: - metadata: - labels: - app: elastic-agent - spec: - # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. - # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: elastic-agent - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - containers: - - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:VERSION - env: - # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode - - name: FLEET_ENROLL - value: "1" - # Set to true to communicate with Fleet with either insecure HTTP or unverified HTTPS - - name: FLEET_INSECURE - value: "false" - # Fleet Server URL to enroll the Elastic Agent into - # FLEET_URL can be found in Kibana, go to Management > Fleet > Settings - - name: FLEET_URL - value: "https://fleet-server:8220" - # Elasticsearch API key used to enroll Elastic Agents in Fleet (https://www.elastic.co/guide/en/fleet/current/fleet-enrollment-tokens.html#fleet-enrollment-tokens) - # If FLEET_ENROLLMENT_TOKEN is empty then KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed - - name: FLEET_ENROLLMENT_TOKEN - value: "token-id" - - name: KIBANA_HOST - value: "http://kibana:5601" - # The basic authentication username used to connect to Kibana and retrieve a service_token to enable Fleet - - name: KIBANA_FLEET_USERNAME - value: "elastic" - # The basic authentication password used to connect to Kibana and retrieve a service_token to enable Fleet - - name: KIBANA_FLEET_PASSWORD - value: "changeme" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. - # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html - - name: ELASTIC_NETINFO - value: "false" - securityContext: - runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## - # The following capabilities are needed for Universal Profiling. - # More fine graded capabilities are only available for newer Linux kernels. - # If you are using the Universal Profiling integration, please uncomment these lines before applying. - #procMount: "Unmasked" - #privileged: true - #capabilities: - # add: - # - SYS_ADMIN - resources: - limits: - memory: 1Gi - requests: - cpu: 100m - memory: 500Mi - volumeMounts: - - name: proc - mountPath: /hostfs/proc - readOnly: true - - name: cgroup - mountPath: /hostfs/sys/fs/cgroup - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - - name: varlog - mountPath: /var/log - readOnly: true - - name: etc-full - mountPath: /hostfs/etc - readOnly: true - - name: var-lib - mountPath: /hostfs/var/lib - readOnly: true - - name: etc-mid - mountPath: /etc/machine-id - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - - name: elastic-agent-state - mountPath: /usr/share/elastic-agent/state - volumes: - - name: proc - hostPath: - path: /proc - - name: cgroup - hostPath: - path: /sys/fs/cgroup - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: varlog - hostPath: - path: /var/log - # The following volumes are needed for Cloud Security Posture integration (cloudbeat) - # If you are not using this integration, then these volumes and the corresponding - # mounts can be removed. - - name: etc-full - hostPath: - path: /etc - - name: var-lib - hostPath: - path: /var/lib - # Mount /etc/machine-id from the host to determine host ID - # Needed for Kubernetes node autodiscovery - - name: etc-mid - hostPath: - path: /etc/machine-id - type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding - # mounts can be removed. - - name: sys-kernel-debug - hostPath: - path: /sys/kernel/debug - # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state - # Update 'kube-system' with the namespace of your agent installation - - name: elastic-agent-state - hostPath: - path: /var/lib/elastic-agent-managed/kube-system/state - type: DirectoryOrCreate ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: ClusterRole - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: kube-system - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent-kubeadm-config - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: elastic-agent - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - # Needed for cloudbeat - - serviceaccounts - - persistentvolumes - - persistentvolumeclaims - verbs: ["get", "list", "watch"] - # Enable this rule only if planing to use kubernetes_secrets provider - #- apiGroups: [""] - # resources: - # - secrets - # verbs: ["get"] - - apiGroups: ["extensions"] - resources: - - replicasets - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: - - statefulsets - - deployments - - replicasets - - daemonsets - verbs: ["get", "list", "watch"] - - apiGroups: - - "" - resources: - - nodes/stats - verbs: - - get - - apiGroups: [ "batch" ] - resources: - - jobs - - cronjobs - verbs: [ "get", "list", "watch" ] - # Needed for apiserver - - nonResourceURLs: - - "/metrics" - verbs: - - get - # Needed for cloudbeat - - apiGroups: ["rbac.authorization.k8s.io"] - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: ["get", "list", "watch"] - # Needed for cloudbeat - - apiGroups: ["policy"] - resources: - - podsecuritypolicies - verbs: ["get", "list", "watch"] - - apiGroups: [ "storage.k8s.io" ] - resources: - - storageclasses - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent - # Should be the namespace where elastic-agent is running - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: ["get", "create", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - configmaps - resourceNames: - - kubeadm-config - verbs: ["get"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: elastic-agent - namespace: kube-system - labels: - k8s-app: elastic-agent ---- diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes-without-configmap.yaml b/deploy/kubernetes/elastic-agent-standalone-kubernetes-without-configmap.yaml deleted file mode 100644 index 3de3386dd8f..00000000000 --- a/deploy/kubernetes/elastic-agent-standalone-kubernetes-without-configmap.yaml +++ /dev/null @@ -1,311 +0,0 @@ -# For more information refer https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-standalone.html -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: elastic-agent-standalone - namespace: kube-system - labels: - app: elastic-agent-standalone -spec: - selector: - matchLabels: - app: elastic-agent-standalone - template: - metadata: - labels: - app: elastic-agent-standalone - spec: - # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. - # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: elastic-agent-standalone - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - # Uncomment if using hints feature - #initContainers: - # - name: k8s-templates-downloader - # image: docker.elastic.co/beats/elastic-agent:VERSION - # command: ['bash'] - # args: - # - -c - # - >- - # mkdir -p /usr/share/elastic-agent/state/inputs.d && - # curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /usr/share/elastic-agent/state/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d" - # securityContext: - # runAsUser: 0 - # volumeMounts: - # - name: elastic-agent-state - # mountPath: /usr/share/elastic-agent/state - containers: - - name: elastic-agent-standalone - image: docker.elastic.co/beats/elastic-agent:VERSION - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - env: - # The API Key with access privilleges to connect to Elasticsearch. https://www.elastic.co/guide/en/fleet/current/grant-access-to-elasticsearch.html#create-api-key-standalone-agent - - name: API_KEY - value: "" - # The basic authentication username used to connect to Elasticsearch. Alternative to API_KEY access. - # This user needs the privileges required to publish events to Elasticsearch. - - name: ES_USERNAME - value: "elastic" - # The basic authentication password used to connect to Elasticsearch - - name: ES_PASSWORD - value: "changeme" - # The Elasticsearch host to communicate with - - name: ES_HOST - value: "" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. - # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html - - name: ELASTIC_NETINFO - value: "false" - securityContext: - runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## - # The following capabilities are needed for Universal Profiling. - # More fine graded capabilities are only available for newer Linux kernels. - # If you are using the Universal Profiling integration, please uncomment these lines before applying. - #procMount: "Unmasked" - #privileged: true - #capabilities: - # add: - # - SYS_ADMIN - resources: - limits: - memory: 1Gi - requests: - cpu: 100m - memory: 500Mi - volumeMounts: - - name: datastreams - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - - name: proc - mountPath: /hostfs/proc - readOnly: true - - name: cgroup - mountPath: /hostfs/sys/fs/cgroup - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - - name: varlog - mountPath: /var/log - readOnly: true - - name: etc-full - mountPath: /hostfs/etc - readOnly: true - - name: var-lib - mountPath: /hostfs/var/lib - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - - name: elastic-agent-state - mountPath: /usr/share/elastic-agent/state - volumes: - - name: datastreams - configMap: - defaultMode: 0644 - name: agent-node-datastreams - - name: proc - hostPath: - path: /proc - - name: cgroup - hostPath: - path: /sys/fs/cgroup - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: varlog - hostPath: - path: /var/log - # The following volumes are needed for Cloud Security Posture integration (cloudbeat) - # If you are not using this integration, then these volumes and the corresponding - # mounts can be removed. - - name: etc-full - hostPath: - path: /etc - - name: var-lib - hostPath: - path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding - # mounts can be removed. - - name: sys-kernel-debug - hostPath: - path: /sys/kernel/debug - # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state - # Update 'kube-system' with the namespace of your agent installation - - name: elastic-agent-state - hostPath: - path: /var/lib/elastic-agent-standalone/kube-system/state - type: DirectoryOrCreate ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: elastic-agent-standalone -subjects: - - kind: ServiceAccount - name: elastic-agent-standalone - namespace: kube-system -roleRef: - kind: ClusterRole - name: elastic-agent-standalone - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: kube-system - name: elastic-agent-standalone -subjects: - - kind: ServiceAccount - name: elastic-agent-standalone - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent-standalone - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: elastic-agent-standalone-kubeadm-config - namespace: kube-system -subjects: - - kind: ServiceAccount - name: elastic-agent-standalone - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent-standalone-kubeadm-config - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: elastic-agent-standalone - labels: - k8s-app: elastic-agent-standalone -rules: - - apiGroups: [""] - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - # Needed for cloudbeat - - serviceaccounts - - persistentvolumes - - persistentvolumeclaims - verbs: ["get", "list", "watch"] - # Enable this rule only if planing to use kubernetes_secrets provider - #- apiGroups: [""] - # resources: - # - secrets - # verbs: ["get"] - - apiGroups: ["extensions"] - resources: - - replicasets - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: - - statefulsets - - deployments - - replicasets - - daemonsets - verbs: ["get", "list", "watch"] - - apiGroups: ["batch"] - resources: - - jobs - - cronjobs - verbs: ["get", "list", "watch"] - - apiGroups: - - "" - resources: - - nodes/stats - verbs: - - get - # Needed for apiserver - - nonResourceURLs: - - "/metrics" - verbs: - - get - # Needed for cloudbeat - - apiGroups: ["rbac.authorization.k8s.io"] - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: ["get", "list", "watch"] - # Needed for cloudbeat - - apiGroups: ["policy"] - resources: - - podsecuritypolicies - verbs: ["get", "list", "watch"] - - apiGroups: [ "storage.k8s.io" ] - resources: - - storageclasses - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent-standalone - # Should be the namespace where elastic-agent is running - namespace: kube-system - labels: - k8s-app: elastic-agent-standalone -rules: - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: ["get", "create", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent-standalone-kubeadm-config - namespace: kube-system - labels: - k8s-app: elastic-agent-standalone -rules: - - apiGroups: [""] - resources: - - configmaps - resourceNames: - - kubeadm-config - verbs: ["get"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: elastic-agent-standalone - namespace: kube-system - labels: - k8s-app: elastic-agent-standalone ---- diff --git a/deploy/kubernetes/elastic_agent_manifest.ts b/deploy/kubernetes/elastic_agent_manifest.ts deleted file mode 100644 index 4bb6bad203e..00000000000 --- a/deploy/kubernetes/elastic_agent_manifest.ts +++ /dev/null @@ -1,624 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export const elasticAgentStandaloneManifest = `--- -# For more information refer https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-standalone.html -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: elastic-agent - namespace: kube-system - labels: - app: elastic-agent -spec: - selector: - matchLabels: - app: elastic-agent - template: - metadata: - labels: - app: elastic-agent - spec: - # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. - # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: elastic-agent - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - # Uncomment if using hints feature - #initContainers: - # - name: k8s-templates-downloader - # image: docker.elastic.co/beats/elastic-agent:VERSION - # command: ['bash'] - # args: - # - -c - # - >- - # mkdir -p /usr/share/elastic-agent/state/inputs.d && - # curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /usr/share/elastic-agent/state/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d" - # securityContext: - # runAsUser: 0 - # volumeMounts: - # - name: elastic-agent-state - # mountPath: /usr/share/elastic-agent/state - containers: - - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:VERSION - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - env: - # The API Key with access privilleges to connect to Elasticsearch. https://www.elastic.co/guide/en/fleet/current/grant-access-to-elasticsearch.html#create-api-key-standalone-agent - - name: API_KEY - # The basic authentication username used to connect to Elasticsearch. Alternative to API_KEY access. - # This user needs the privileges required to publish events to Elasticsearch. - - name: ES_USERNAME - value: "elastic" - # The basic authentication password used to connect to Elasticsearch - - name: ES_PASSWORD - value: "changeme" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. - # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html - - name: ELASTIC_NETINFO - value: "false" - securityContext: - runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## - # The following capabilities are needed for Universal Profiling. - # More fine graded capabilities are only available for newer Linux kernels. - # If you are using the Universal Profiling integration, please uncomment these lines before applying. - #procMount: "Unmasked" - #privileged: true - #capabilities: - # add: - # - SYS_ADMIN - resources: - limits: - memory: 1Gi - requests: - cpu: 100m - memory: 500Mi - volumeMounts: - - name: datastreams - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - - name: proc - mountPath: /hostfs/proc - readOnly: true - - name: cgroup - mountPath: /hostfs/sys/fs/cgroup - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - - name: varlog - mountPath: /var/log - readOnly: true - - name: etc-full - mountPath: /hostfs/etc - readOnly: true - - name: var-lib - mountPath: /hostfs/var/lib - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - - name: elastic-agent-state - mountPath: /usr/share/elastic-agent/state - volumes: - - name: datastreams - configMap: - defaultMode: 0644 - name: agent-node-datastreams - - name: proc - hostPath: - path: /proc - - name: cgroup - hostPath: - path: /sys/fs/cgroup - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: varlog - hostPath: - path: /var/log - # The following volumes are needed for Cloud Security Posture integration (cloudbeat) - # If you are not using this integration, then these volumes and the corresponding - # mounts can be removed. - - name: etc-full - hostPath: - path: /etc - - name: var-lib - hostPath: - path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding - # mounts can be removed. - - name: sys-kernel-debug - hostPath: - path: /sys/kernel/debug - # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state - # Update 'kube-system' with the namespace of your agent installation - - name: elastic-agent-state - hostPath: - path: /var/lib/elastic-agent/kube-system/state - type: DirectoryOrCreate ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: ClusterRole - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: kube-system - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent-kubeadm-config - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: elastic-agent - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - # Needed for cloudbeat - - serviceaccounts - - persistentvolumes - - persistentvolumeclaims - verbs: ["get", "list", "watch"] - # Enable this rule only if planing to use kubernetes_secrets provider - #- apiGroups: [""] - # resources: - # - secrets - # verbs: ["get"] - - apiGroups: ["extensions"] - resources: - - replicasets - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: - - statefulsets - - deployments - - replicasets - - daemonsets - verbs: ["get", "list", "watch"] - - apiGroups: ["batch"] - resources: - - jobs - - cronjobs - verbs: ["get", "list", "watch"] - - apiGroups: - - "" - resources: - - nodes/stats - verbs: - - get - # Needed for apiserver - - nonResourceURLs: - - "/metrics" - verbs: - - get - # Needed for cloudbeat - - apiGroups: ["rbac.authorization.k8s.io"] - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: ["get", "list", "watch"] - # Needed for cloudbeat - - apiGroups: ["policy"] - resources: - - podsecuritypolicies - verbs: ["get", "list", "watch"] - - apiGroups: [ "storage.k8s.io" ] - resources: - - storageclasses - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent - # Should be the namespace where elastic-agent is running - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: ["get", "create", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - configmaps - resourceNames: - - kubeadm-config - verbs: ["get"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: elastic-agent - namespace: kube-system - labels: - k8s-app: elastic-agent ---- -`; - -export const elasticAgentManagedManifest = `--- -# For more information https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-managed-by-fleet.html -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: elastic-agent - namespace: kube-system - labels: - app: elastic-agent -spec: - selector: - matchLabels: - app: elastic-agent - template: - metadata: - labels: - app: elastic-agent - spec: - # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. - # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: elastic-agent - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - containers: - - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:VERSION - env: - # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode - - name: FLEET_ENROLL - value: "1" - # Set to true to communicate with Fleet with either insecure HTTP or unverified HTTPS - - name: FLEET_INSECURE - value: "false" - # Fleet Server URL to enroll the Elastic Agent into - # FLEET_URL can be found in Kibana, go to Management > Fleet > Settings - - name: FLEET_URL - value: "https://fleet-server:8220" - # Elasticsearch API key used to enroll Elastic Agents in Fleet (https://www.elastic.co/guide/en/fleet/current/fleet-enrollment-tokens.html#fleet-enrollment-tokens) - # If FLEET_ENROLLMENT_TOKEN is empty then KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed - - name: FLEET_ENROLLMENT_TOKEN - value: "token-id" - - name: KIBANA_HOST - value: "http://kibana:5601" - # The basic authentication username used to connect to Kibana and retrieve a service_token to enable Fleet - - name: KIBANA_FLEET_USERNAME - value: "elastic" - # The basic authentication password used to connect to Kibana and retrieve a service_token to enable Fleet - - name: KIBANA_FLEET_PASSWORD - value: "changeme" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. - # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html - - name: ELASTIC_NETINFO - value: "false" - securityContext: - runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## - # The following capabilities are needed for Universal Profiling. - # More fine graded capabilities are only available for newer Linux kernels. - # If you are using the Universal Profiling integration, please uncomment these lines before applying. - #procMount: "Unmasked" - #privileged: true - #capabilities: - # add: - # - SYS_ADMIN - resources: - limits: - memory: 1Gi - requests: - cpu: 100m - memory: 500Mi - volumeMounts: - - name: proc - mountPath: /hostfs/proc - readOnly: true - - name: cgroup - mountPath: /hostfs/sys/fs/cgroup - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - - name: varlog - mountPath: /var/log - readOnly: true - - name: etc-full - mountPath: /hostfs/etc - readOnly: true - - name: var-lib - mountPath: /hostfs/var/lib - readOnly: true - - name: etc-mid - mountPath: /etc/machine-id - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - - name: elastic-agent-state - mountPath: /usr/share/elastic-agent/state - volumes: - - name: proc - hostPath: - path: /proc - - name: cgroup - hostPath: - path: /sys/fs/cgroup - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: varlog - hostPath: - path: /var/log - # The following volumes are needed for Cloud Security Posture integration (cloudbeat) - # If you are not using this integration, then these volumes and the corresponding - # mounts can be removed. - - name: etc-full - hostPath: - path: /etc - - name: var-lib - hostPath: - path: /var/lib - # Mount /etc/machine-id from the host to determine host ID - # Needed for Kubernetes node autodiscovery - - name: etc-mid - hostPath: - path: /etc/machine-id - type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding - # mounts can be removed. - - name: sys-kernel-debug - hostPath: - path: /sys/kernel/debug - # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state - # Update 'kube-system' with the namespace of your agent installation - - name: elastic-agent-state - hostPath: - path: /var/lib/elastic-agent-managed/kube-system/state - type: DirectoryOrCreate ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: ClusterRole - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: kube-system - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent-kubeadm-config - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: elastic-agent - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - # Needed for cloudbeat - - serviceaccounts - - persistentvolumes - - persistentvolumeclaims - verbs: ["get", "list", "watch"] - # Enable this rule only if planing to use kubernetes_secrets provider - #- apiGroups: [""] - # resources: - # - secrets - # verbs: ["get"] - - apiGroups: ["extensions"] - resources: - - replicasets - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: - - statefulsets - - deployments - - replicasets - - daemonsets - verbs: ["get", "list", "watch"] - - apiGroups: - - "" - resources: - - nodes/stats - verbs: - - get - - apiGroups: [ "batch" ] - resources: - - jobs - - cronjobs - verbs: [ "get", "list", "watch" ] - # Needed for apiserver - - nonResourceURLs: - - "/metrics" - verbs: - - get - # Needed for cloudbeat - - apiGroups: ["rbac.authorization.k8s.io"] - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: ["get", "list", "watch"] - # Needed for cloudbeat - - apiGroups: ["policy"] - resources: - - podsecuritypolicies - verbs: ["get", "list", "watch"] - - apiGroups: [ "storage.k8s.io" ] - resources: - - storageclasses - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent - # Should be the namespace where elastic-agent is running - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: ["get", "create", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - configmaps - resourceNames: - - kubeadm-config - verbs: ["get"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: elastic-agent - namespace: kube-system - labels: - k8s-app: elastic-agent ---- -`; diff --git a/deploy/kubernetes/elastic_agent_manifest.ts-e b/deploy/kubernetes/elastic_agent_manifest.ts-e deleted file mode 100644 index 1b16dd3883c..00000000000 --- a/deploy/kubernetes/elastic_agent_manifest.ts-e +++ /dev/null @@ -1,626 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export const elasticAgentStandaloneManifest = `--- -# For more information refer https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-standalone.html -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: elastic-agent - namespace: kube-system - labels: - app: elastic-agent -spec: - selector: - matchLabels: - app: elastic-agent - template: - metadata: - labels: - app: elastic-agent - spec: - # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. - # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: elastic-agent - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - # Uncomment if using hints feature - #initContainers: - # - name: k8s-templates-downloader - # image: docker.elastic.co/beats/elastic-agent:VERSION - # command: ['bash'] - # args: - # - -c - # - >- - # mkdir -p /usr/share/elastic-agent/state/inputs.d && - # curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /usr/share/elastic-agent/state/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d" - # securityContext: - # runAsUser: 0 - # volumeMounts: - # - name: elastic-agent-state - # mountPath: /usr/share/elastic-agent/state - containers: - - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:VERSION - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - env: - # The API Key with access privilleges to connect to Elasticsearch. https://www.elastic.co/guide/en/fleet/current/grant-access-to-elasticsearch.html#create-api-key-standalone-agent - - name: API_KEY - value: "" - # The basic authentication username used to connect to Elasticsearch. Alternative to API_KEY access. - # This user needs the privileges required to publish events to Elasticsearch. - - name: ES_USERNAME - value: "elastic" - # The basic authentication password used to connect to Elasticsearch - - name: ES_PASSWORD - value: "changeme" - value: "" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. - # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html - - name: ELASTIC_NETINFO - value: "false" - securityContext: - runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## - # The following capabilities are needed for Universal Profiling. - # More fine graded capabilities are only available for newer Linux kernels. - # If you are using the Universal Profiling integration, please uncomment these lines before applying. - #procMount: "Unmasked" - #privileged: true - #capabilities: - # add: - # - SYS_ADMIN - resources: - limits: - memory: 1Gi - requests: - cpu: 100m - memory: 500Mi - volumeMounts: - - name: datastreams - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - - name: proc - mountPath: /hostfs/proc - readOnly: true - - name: cgroup - mountPath: /hostfs/sys/fs/cgroup - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - - name: varlog - mountPath: /var/log - readOnly: true - - name: etc-full - mountPath: /hostfs/etc - readOnly: true - - name: var-lib - mountPath: /hostfs/var/lib - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - - name: elastic-agent-state - mountPath: /usr/share/elastic-agent/state - volumes: - - name: datastreams - configMap: - defaultMode: 0644 - name: agent-node-datastreams - - name: proc - hostPath: - path: /proc - - name: cgroup - hostPath: - path: /sys/fs/cgroup - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: varlog - hostPath: - path: /var/log - # The following volumes are needed for Cloud Security Posture integration (cloudbeat) - # If you are not using this integration, then these volumes and the corresponding - # mounts can be removed. - - name: etc-full - hostPath: - path: /etc - - name: var-lib - hostPath: - path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding - # mounts can be removed. - - name: sys-kernel-debug - hostPath: - path: /sys/kernel/debug - # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state - # Update 'kube-system' with the namespace of your agent installation - - name: elastic-agent-state - hostPath: - path: /var/lib/elastic-agent/kube-system/state - type: DirectoryOrCreate ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: ClusterRole - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: kube-system - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent-kubeadm-config - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: elastic-agent - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - # Needed for cloudbeat - - serviceaccounts - - persistentvolumes - - persistentvolumeclaims - verbs: ["get", "list", "watch"] - # Enable this rule only if planing to use kubernetes_secrets provider - #- apiGroups: [""] - # resources: - # - secrets - # verbs: ["get"] - - apiGroups: ["extensions"] - resources: - - replicasets - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: - - statefulsets - - deployments - - replicasets - - daemonsets - verbs: ["get", "list", "watch"] - - apiGroups: ["batch"] - resources: - - jobs - - cronjobs - verbs: ["get", "list", "watch"] - - apiGroups: - - "" - resources: - - nodes/stats - verbs: - - get - # Needed for apiserver - - nonResourceURLs: - - "/metrics" - verbs: - - get - # Needed for cloudbeat - - apiGroups: ["rbac.authorization.k8s.io"] - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: ["get", "list", "watch"] - # Needed for cloudbeat - - apiGroups: ["policy"] - resources: - - podsecuritypolicies - verbs: ["get", "list", "watch"] - - apiGroups: [ "storage.k8s.io" ] - resources: - - storageclasses - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent - # Should be the namespace where elastic-agent is running - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: ["get", "create", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - configmaps - resourceNames: - - kubeadm-config - verbs: ["get"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: elastic-agent - namespace: kube-system - labels: - k8s-app: elastic-agent ---- -`; - -export const elasticAgentManagedManifest = `--- -# For more information https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-managed-by-fleet.html -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: elastic-agent - namespace: kube-system - labels: - app: elastic-agent -spec: - selector: - matchLabels: - app: elastic-agent - template: - metadata: - labels: - app: elastic-agent - spec: - # Tolerations are needed to run Elastic Agent on Kubernetes control-plane nodes. - # Agents running on control-plane nodes collect metrics from the control plane components (scheduler, controller manager) of Kubernetes - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: elastic-agent - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - containers: - - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:VERSION - env: - # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode - - name: FLEET_ENROLL - value: "1" - # Set to true to communicate with Fleet with either insecure HTTP or unverified HTTPS - - name: FLEET_INSECURE - value: "false" - # Fleet Server URL to enroll the Elastic Agent into - # FLEET_URL can be found in Kibana, go to Management > Fleet > Settings - - name: FLEET_URL - value: "https://fleet-server:8220" - # Elasticsearch API key used to enroll Elastic Agents in Fleet (https://www.elastic.co/guide/en/fleet/current/fleet-enrollment-tokens.html#fleet-enrollment-tokens) - # If FLEET_ENROLLMENT_TOKEN is empty then KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed - - name: FLEET_ENROLLMENT_TOKEN - value: "token-id" - - name: KIBANA_HOST - value: "http://kibana:5601" - # The basic authentication username used to connect to Kibana and retrieve a service_token to enable Fleet - - name: KIBANA_FLEET_USERNAME - value: "elastic" - # The basic authentication password used to connect to Kibana and retrieve a service_token to enable Fleet - - name: KIBANA_FLEET_PASSWORD - value: "changeme" - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - # The following ELASTIC_NETINFO:false variable will disable the netinfo.enabled option of add-host-metadata processor. This will remove fields host.ip and host.mac. - # For more info: https://www.elastic.co/guide/en/beats/metricbeat/current/add-host-metadata.html - - name: ELASTIC_NETINFO - value: "false" - securityContext: - runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## - # The following capabilities are needed for Universal Profiling. - # More fine graded capabilities are only available for newer Linux kernels. - # If you are using the Universal Profiling integration, please uncomment these lines before applying. - #procMount: "Unmasked" - #privileged: true - #capabilities: - # add: - # - SYS_ADMIN - resources: - limits: - memory: 1Gi - requests: - cpu: 100m - memory: 500Mi - volumeMounts: - - name: proc - mountPath: /hostfs/proc - readOnly: true - - name: cgroup - mountPath: /hostfs/sys/fs/cgroup - readOnly: true - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - - name: varlog - mountPath: /var/log - readOnly: true - - name: etc-full - mountPath: /hostfs/etc - readOnly: true - - name: var-lib - mountPath: /hostfs/var/lib - readOnly: true - - name: etc-mid - mountPath: /etc/machine-id - readOnly: true - - name: sys-kernel-debug - mountPath: /sys/kernel/debug - - name: elastic-agent-state - mountPath: /usr/share/elastic-agent/state - volumes: - - name: proc - hostPath: - path: /proc - - name: cgroup - hostPath: - path: /sys/fs/cgroup - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: varlog - hostPath: - path: /var/log - # The following volumes are needed for Cloud Security Posture integration (cloudbeat) - # If you are not using this integration, then these volumes and the corresponding - # mounts can be removed. - - name: etc-full - hostPath: - path: /etc - - name: var-lib - hostPath: - path: /var/lib - # Mount /etc/machine-id from the host to determine host ID - # Needed for Kubernetes node autodiscovery - - name: etc-mid - hostPath: - path: /etc/machine-id - type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding - # mounts can be removed. - - name: sys-kernel-debug - hostPath: - path: /sys/kernel/debug - # Mount /var/lib/elastic-agent-managed/kube-system/state to store elastic-agent state - # Update 'kube-system' with the namespace of your agent installation - - name: elastic-agent-state - hostPath: - path: /var/lib/elastic-agent-managed/kube-system/state - type: DirectoryOrCreate ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: ClusterRole - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: kube-system - name: elastic-agent -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system -subjects: - - kind: ServiceAccount - name: elastic-agent - namespace: kube-system -roleRef: - kind: Role - name: elastic-agent-kubeadm-config - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: elastic-agent - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - nodes - - namespaces - - events - - pods - - services - - configmaps - # Needed for cloudbeat - - serviceaccounts - - persistentvolumes - - persistentvolumeclaims - verbs: ["get", "list", "watch"] - # Enable this rule only if planing to use kubernetes_secrets provider - #- apiGroups: [""] - # resources: - # - secrets - # verbs: ["get"] - - apiGroups: ["extensions"] - resources: - - replicasets - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: - - statefulsets - - deployments - - replicasets - - daemonsets - verbs: ["get", "list", "watch"] - - apiGroups: - - "" - resources: - - nodes/stats - verbs: - - get - - apiGroups: [ "batch" ] - resources: - - jobs - - cronjobs - verbs: [ "get", "list", "watch" ] - # Needed for apiserver - - nonResourceURLs: - - "/metrics" - verbs: - - get - # Needed for cloudbeat - - apiGroups: ["rbac.authorization.k8s.io"] - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: ["get", "list", "watch"] - # Needed for cloudbeat - - apiGroups: ["policy"] - resources: - - podsecuritypolicies - verbs: ["get", "list", "watch"] - - apiGroups: [ "storage.k8s.io" ] - resources: - - storageclasses - verbs: [ "get", "list", "watch" ] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent - # Should be the namespace where elastic-agent is running - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: ["get", "create", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: elastic-agent-kubeadm-config - namespace: kube-system - labels: - k8s-app: elastic-agent -rules: - - apiGroups: [""] - resources: - - configmaps - resourceNames: - - kubeadm-config - verbs: ["get"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: elastic-agent - namespace: kube-system - labels: - k8s-app: elastic-agent ---- -`; From c18900d719941eee05d240b6d31171e2587195a4 Mon Sep 17 00:00:00 2001 From: julienlind Date: Tue, 17 Dec 2024 10:22:07 +0100 Subject: [PATCH 6/7] update all k8s file release --- .../base/elastic-agent-managed-daemonset.yaml | 2 +- .../base/elastic-agent-standalone-daemonset.yaml | 4 ++-- .../base/elastic-agent-managed-daemonset.yaml | 2 +- .../extra/elastic-agent-managed-statefulset.yaml | 2 +- .../base/elastic-agent-standalone-daemonset.yaml | 4 ++-- .../extra/elastic-agent-standalone-statefulset.yaml | 4 ++-- .../ksm-hints/elastic-agent-standalone/kustomization.yaml | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml index cb71410294e..463bc62ac08 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml @@ -27,7 +27,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:8.16.2 + image: docker.elastic.co/beats/elastic-agent:8.16.3 env: # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode - name: FLEET_ENROLL diff --git a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml index 23855c496e2..72d8ff793c4 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml @@ -28,7 +28,7 @@ spec: # Uncomment if using hints feature #initContainers: # - name: k8s-templates-downloader - # image: docker.elastic.co/beats/elastic-agent:8.16.2 + # image: docker.elastic.co/beats/elastic-agent:8.16.3 # command: ['bash'] # args: # - -c @@ -40,7 +40,7 @@ spec: # mountPath: /etc/elastic-agent/inputs.d containers: - name: elastic-agent-standalone - image: docker.elastic.co/beats/elastic-agent:8.16.2 + image: docker.elastic.co/beats/elastic-agent:8.16.3 args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] env: # The API Key with access privilleges to connect to Elasticsearch. https://www.elastic.co/guide/en/fleet/current/grant-access-to-elasticsearch.html#create-api-key-standalone-agent diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml index c9eb98c2191..8b112811037 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml @@ -27,7 +27,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:8.16.2 + image: docker.elastic.co/beats/elastic-agent:8.16.3 env: # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode - name: FLEET_ENROLL diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml index 69044d7565e..7583b46df71 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml @@ -27,7 +27,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:8.16.2 + image: docker.elastic.co/beats/elastic-agent:8.16.3 env: # Set to 1 for enrollment into Fleet server. If not set, Elastic Agent is run in standalone mode - name: FLEET_ENROLL diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml index 7427ce5595c..8193a402ebe 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml @@ -28,7 +28,7 @@ spec: # Uncomment if using hints feature #initContainers: # - name: k8s-templates-downloader - # image: docker.elastic.co/beats/elastic-agent:8.16.2 + # image: docker.elastic.co/beats/elastic-agent:8.16.3 # command: ['bash'] # args: # - -c @@ -40,7 +40,7 @@ spec: # mountPath: /etc/elastic-agent/inputs.d containers: - name: elastic-agent-standalone - image: docker.elastic.co/beats/elastic-agent:8.16.2 + image: docker.elastic.co/beats/elastic-agent:8.16.3 args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] env: # The API Key with access privilleges to connect to Elasticsearch. https://www.elastic.co/guide/en/fleet/current/grant-access-to-elasticsearch.html#create-api-key-standalone-agent diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml index 6762d11fc22..0a342056c5a 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml @@ -28,7 +28,7 @@ spec: # Uncomment if using hints feature #initContainers: # - name: k8s-templates-downloader - # image: docker.elastic.co/beats/elastic-agent:8.16.2 + # image: docker.elastic.co/beats/elastic-agent:8.16.3 # command: ['bash'] # args: # - -c @@ -40,7 +40,7 @@ spec: # mountPath: /etc/elastic-agent/inputs.d containers: - name: elastic-agent-standalone - image: docker.elastic.co/beats/elastic-agent:8.16.2 + image: docker.elastic.co/beats/elastic-agent:8.16.3 args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] env: # The API Key with access privilleges to connect to Elasticsearch. https://www.elastic.co/guide/en/fleet/current/grant-access-to-elasticsearch.html#create-api-key-standalone-agent diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-hints/elastic-agent-standalone/kustomization.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-hints/elastic-agent-standalone/kustomization.yaml index 2110b6cd0ab..16f237d9f2b 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-hints/elastic-agent-standalone/kustomization.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-hints/elastic-agent-standalone/kustomization.yaml @@ -19,7 +19,7 @@ patches: spec: initContainers: - name: k8s-templates-downloader - image: docker.elastic.co/beats/elastic-agent:8.16.2 + image: docker.elastic.co/beats/elastic-agent:8.16.3 command: ['bash'] args: - -c From a6e991fa8728ef2846581ac1df5853fe345e01b6 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 18 Dec 2024 09:51:56 -0800 Subject: [PATCH 7/7] Update helm assets --- deploy/helm/elastic-agent/Chart.yaml | 4 +-- .../examples/eck/rendered/manifest.yaml | 30 +++++++++---------- .../fleet-managed/rendered/manifest.yaml | 10 +++---- .../kubernetes-default/rendered/manifest.yaml | 30 +++++++++---------- .../rendered/manifest.yaml | 30 +++++++++---------- .../rendered/manifest.yaml | 10 +++---- .../rendered/manifest.yaml | 30 +++++++++---------- .../rendered/manifest.yaml | 4 +-- .../rendered/manifest.yaml | 10 +++---- .../user-cluster-role/rendered/manifest.yaml | 8 ++--- .../rendered/manifest.yaml | 24 +++++++-------- 11 files changed, 95 insertions(+), 95 deletions(-) diff --git a/deploy/helm/elastic-agent/Chart.yaml b/deploy/helm/elastic-agent/Chart.yaml index 2e20d90a87a..8029c86d0ce 100644 --- a/deploy/helm/elastic-agent/Chart.yaml +++ b/deploy/helm/elastic-agent/Chart.yaml @@ -3,5 +3,5 @@ name: elastic-agent description: Elastic-Agent Helm Chart kubeVersion: ">= 1.27.0-0" type: application -appVersion: 8.16.2 -version: 8.16.2-beta +appVersion: 8.16.3 +version: 8.16.3-beta diff --git a/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml index 58fb70dc75b..af9357233cf 100644 --- a/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml @@ -6,7 +6,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -20,7 +20,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -34,7 +34,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -48,7 +48,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -100,7 +100,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -389,7 +389,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -566,7 +566,7 @@ kind: ClusterRole metadata: name: agent-clusterWide-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -690,7 +690,7 @@ kind: ClusterRole metadata: name: agent-ksmSharded-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -923,7 +923,7 @@ kind: ClusterRole metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1005,7 +1005,7 @@ kind: ClusterRoleBinding metadata: name: agent-clusterWide-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1026,7 +1026,7 @@ kind: ClusterRoleBinding metadata: name: agent-ksmSharded-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1047,7 +1047,7 @@ kind: ClusterRoleBinding metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1069,7 +1069,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1171,7 +1171,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1239,7 +1239,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 diff --git a/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml index f9ee8f889cd..f8628f87597 100644 --- a/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml @@ -6,7 +6,7 @@ metadata: name: agent-nginx-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -18,7 +18,7 @@ metadata: name: agent-nginx-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -38,7 +38,7 @@ kind: ClusterRole metadata: name: agent-nginx-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -144,7 +144,7 @@ kind: ClusterRoleBinding metadata: name: agent-nginx-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -164,7 +164,7 @@ metadata: name: agent-nginx-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 diff --git a/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml index 1ae58ab186b..f37352e4bb8 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml @@ -6,7 +6,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -18,7 +18,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -30,7 +30,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -42,7 +42,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -99,7 +99,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -393,7 +393,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -575,7 +575,7 @@ kind: ClusterRole metadata: name: agent-clusterWide-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -697,7 +697,7 @@ kind: ClusterRole metadata: name: agent-ksmSharded-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -928,7 +928,7 @@ kind: ClusterRole metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1008,7 +1008,7 @@ kind: ClusterRoleBinding metadata: name: agent-clusterWide-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1027,7 +1027,7 @@ kind: ClusterRoleBinding metadata: name: agent-ksmSharded-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1046,7 +1046,7 @@ kind: ClusterRoleBinding metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1066,7 +1066,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1185,7 +1185,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1266,7 +1266,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 diff --git a/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml index 48781953e22..f55c6b1f357 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml @@ -6,7 +6,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -18,7 +18,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -30,7 +30,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -42,7 +42,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -99,7 +99,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -393,7 +393,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -577,7 +577,7 @@ kind: ClusterRole metadata: name: agent-clusterWide-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -699,7 +699,7 @@ kind: ClusterRole metadata: name: agent-ksmSharded-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -930,7 +930,7 @@ kind: ClusterRole metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1010,7 +1010,7 @@ kind: ClusterRoleBinding metadata: name: agent-clusterWide-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1029,7 +1029,7 @@ kind: ClusterRoleBinding metadata: name: agent-ksmSharded-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1048,7 +1048,7 @@ kind: ClusterRoleBinding metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1068,7 +1068,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1212,7 +1212,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1293,7 +1293,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 diff --git a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml index 499828f41ed..20438dede68 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml @@ -6,7 +6,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -18,7 +18,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -110,7 +110,7 @@ kind: ClusterRole metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -190,7 +190,7 @@ kind: ClusterRoleBinding metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -210,7 +210,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 diff --git a/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml index e84276c9e0b..9629a5b7cec 100644 --- a/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml @@ -6,7 +6,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -18,7 +18,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -30,7 +30,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -42,7 +42,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -125,7 +125,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -419,7 +419,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -603,7 +603,7 @@ kind: ClusterRole metadata: name: agent-clusterWide-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -725,7 +725,7 @@ kind: ClusterRole metadata: name: agent-ksmSharded-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -956,7 +956,7 @@ kind: ClusterRole metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1036,7 +1036,7 @@ kind: ClusterRoleBinding metadata: name: agent-clusterWide-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1055,7 +1055,7 @@ kind: ClusterRoleBinding metadata: name: agent-ksmSharded-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1074,7 +1074,7 @@ kind: ClusterRoleBinding metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1094,7 +1094,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1228,7 +1228,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1299,7 +1299,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 diff --git a/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml index 6b1d5c34377..a5c56be6e03 100644 --- a/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml @@ -6,7 +6,7 @@ metadata: name: agent-nginx-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -61,7 +61,7 @@ metadata: name: agent-nginx-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 diff --git a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml index fc353756b13..a62a66f96c9 100644 --- a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml @@ -6,7 +6,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -18,7 +18,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -182,7 +182,7 @@ kind: ClusterRole metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -262,7 +262,7 @@ kind: ClusterRoleBinding metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -282,7 +282,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 diff --git a/deploy/helm/elastic-agent/examples/user-cluster-role/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/user-cluster-role/rendered/manifest.yaml index 9c5e743c8f2..65e9a880ad0 100644 --- a/deploy/helm/elastic-agent/examples/user-cluster-role/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/user-cluster-role/rendered/manifest.yaml @@ -6,7 +6,7 @@ metadata: name: agent-nginx-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -21,7 +21,7 @@ metadata: name: agent-nginx-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -77,7 +77,7 @@ kind: ClusterRoleBinding metadata: name: agent-nginx-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -99,7 +99,7 @@ metadata: name: agent-nginx-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 diff --git a/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml index 5cf8e166851..73c379400b6 100644 --- a/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/user-service-account/rendered/manifest.yaml @@ -6,7 +6,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -63,7 +63,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -357,7 +357,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -539,7 +539,7 @@ kind: ClusterRole metadata: name: agent-clusterWide-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -663,7 +663,7 @@ kind: ClusterRole metadata: name: agent-ksmSharded-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -896,7 +896,7 @@ kind: ClusterRole metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -978,7 +978,7 @@ kind: ClusterRoleBinding metadata: name: agent-clusterWide-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -997,7 +997,7 @@ kind: ClusterRoleBinding metadata: name: agent-ksmSharded-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1016,7 +1016,7 @@ kind: ClusterRoleBinding metadata: name: agent-perNode-example-default labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1036,7 +1036,7 @@ metadata: name: agent-pernode-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1155,7 +1155,7 @@ metadata: name: agent-clusterwide-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3 @@ -1236,7 +1236,7 @@ metadata: name: agent-ksmsharded-example namespace: "default" labels: - helm.sh/chart: elastic-agent-8.16.2-beta + helm.sh/chart: elastic-agent-8.16.3-beta app.kubernetes.io/name: elastic-agent app.kubernetes.io/instance: example app.kubernetes.io/version: 8.16.3