Skip to content

Fleet managed Elastic Agent installation with Helm Chart missing topics #1531

New issue
New issue
Closed
elastic/docs-content
#1370
Closed
Fleet managed Elastic Agent installation with Helm Chart missing topics#1531
elastic/docs-content
#1370
Assignees
eedugon
Labels
Team:Docsrequest
@eedugon

Description

@eedugon
eedugon
opened on Dec 11, 2024

Description

There are 2 topics that are missing in the document https://www.elastic.co/guide/en/fleet/current/example-kubernetes-fleet-managed-agent-helm.html:

  • Explain that --set agent.fleet.insecure=true will be needed in some cases.
  • Explain that kube-state-metrics should be installed separately (as it's not installed by the helm chart in this mode).

** Insecure flag explanation **

When following the document we suggest a command like:

helm install demo ./deploy/helm/elastic-agent \
--set agent.fleet.enabled=true \
--set agent.fleet.url=https://fleet-svc.default.svc \
--set agent.fleet.token=TTg1NHNaTUJoNkpaNzE4R3IzeGg6WXo2MUxSakJTNmVvZUE3d212V0JGUQ== \
--set agent.fleet.preset=perNode

The previous only works when the Fleet Server HTPS certificate is signed by a publicly trusted CA.

If the Fleet Server certificate is signed by a corporate / private CA or if the fleet server was created in quick start mode (which creates a self-signed certificate), the previous won't work as the Elastic Agents won't be able to talk to the Fleet Server for enrollment.

The solution would be to add --set agent.fleet.insecure=true to the previous command.

We should add a comment and disclaimer in the docs about it.

Also note that the recommended solution for the case of a Fleet Server using a private CA would be to provide the Elastic Agents the CA during the installation, and not the insecure flag. But that's still not supported by the helm chart (issue created to support this: elastic/elastic-agent#6285).

** kube-state-metrics explanation **

In the doc, when we ask the user to configure and add in Kibana the kubernetes integration with default values we should indicate that the integration expects KSM to be installed and available in a specific endpoint. We should add that to the doc with a link to KSM.

@pkoutsovasilis , let us know if you agree on this or if it would make sense to have a flag to automatically install KSM also on this "fleet managed -> perNode" installation.

I will be able to work on this and raise a PR soon if you like, @kilfoyle

Resources

N/A

Collaboration

Please choose a preferred collaboration model.

Point of contact.

Main contact: @eedugon

Stakeholders: @kilfoyle / @pkoutsovasilis

Metadata

Metadata

Assignees

Labels

Team:Docsrequest

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions