apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: name: fleet-server namespace: elastic-system spec: version: 8.8.0 kibanaRef: name: kibana namespace: elastic-system elasticsearchRefs: - name: elasticsearch namespace: elastic-system mode: fleet fleetServerEnabled: true policyID: eck-fleet-server deployment: replicas: 1 podTemplate: metadata: labels: app.kubernetes.io/name: fleet-server app.kubernetes.io/version: "8.8.0" app.kubernetes.io/component: "agent" app.kubernetes.io/part-of: "elk" spec: containers: - name: agent resources: requests: memory: 512Mi cpu: 250m ephemeral-storage: 10Gi limits: memory: 512Mi cpu: 250m ephemeral-storage: 10Gi volumes: - name: "agent-data" ephemeral: volumeClaimTemplate: spec: accessModes: ["ReadWriteOnce"] storageClassName: "standard-rwo" resources: requests: storage: 10Gi serviceAccountName: fleet-server automountServiceAccountToken: true securityContext: runAsUser: 0 --- apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: name: elastic-agent namespace: kube-system spec: version: 8.8.0 kibanaRef: name: kibana namespace: elastic-system fleetServerRef: name: fleet-server namespace: elastic-system mode: fleet policyID: eck-agent daemonSet: podTemplate: metadata: labels: app.kubernetes.io/name: agent app.kubernetes.io/version: "8.8.0" app.kubernetes.io/component: "agent" app.kubernetes.io/part-of: "elk" spec: volumes: - name: "agent-data" ephemeral: volumeClaimTemplate: spec: accessModes: ["ReadWriteOnce"] storageClassName: "standard-rwo" resources: requests: storage: 10Gi containers: - name: agent resources: requests: cpu: 100m memory: 400Mi ephemeral-storage: 100Mi limits: cpu: 100m memory: 400Mi ephemeral-storage: 100Mi serviceAccountName: elastic-agent automountServiceAccountToken: true securityContext: runAsUser: 0 --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: fleet-server rules: - apiGroups: [""] resources: - pods - namespaces - nodes verbs: - get - watch - list - apiGroups: ["coordination.k8s.io"] resources: - leases verbs: - get - create - update --- apiVersion: v1 kind: ServiceAccount metadata: name: fleet-server namespace: elastic-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: fleet-server subjects: - kind: ServiceAccount name: fleet-server namespace: elastic-system roleRef: kind: ClusterRole name: fleet-server apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: elastic-agent rules: - apiGroups: [""] resources: - pods - nodes - namespaces - events - services - configmaps verbs: - get - watch - list - apiGroups: ["coordination.k8s.io"] resources: - leases verbs: - get - create - update - nonResourceURLs: - "/metrics" verbs: - get - apiGroups: ["extensions"] resources: - replicasets verbs: - "get" - "list" - "watch" - apiGroups: - "apps" resources: - statefulsets - deployments - replicasets - daemonsets verbs: - "get" - "list" - "watch" - apiGroups: - "" resources: - nodes/stats verbs: - get - apiGroups: - "batch" resources: - jobs - cronjobs verbs: - "get" - "list" - "watch" --- apiVersion: v1 kind: ServiceAccount metadata: name: elastic-agent namespace: elastic-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: elastic-agent subjects: - kind: ServiceAccount name: elastic-agent namespace: elastic-system roleRef: kind: ClusterRole name: elastic-agent apiGroup: rbac.authorization.k8s.io