Improve Openshift documentation #17867
Conversation
Signed-off-by: chrismark <[email protected]>
ChrsMark
added
docs
review
[zube]: In Review
Team:Platforms
|
Pinging @elastic/integrations-platforms (Team:Platforms) |
| @@ -85,6 +85,7 @@ data: | |||
| #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt | |||
| - module: kubernetes | |||
| metricsets: | |||
| # Not supported on Openshift | |||
There was a problem hiding this comment.
Being this would make the module line have no metricsets enabled, would it be better to place this above - module: kubernetes.
Say something along the lines of:
Currently not support on Openshift, comment out section.
| securityContext: | ||
| runAsUser: 0 | ||
| privileged: true | ||
| ----- |
There was a problem hiding this comment.
Would it be good to place this inside of the DaemonSet commented out, that way it can be quickly commented out.
There was a problem hiding this comment.
actually, would it be possible to use the oc patch command to streamline adding this?
There was a problem hiding this comment.
@blakerouse we already have it
(and some for Fileveat).@exekias it is possible with oc -n kube-system patch ds metricbeat -p '{"spec": {"template": {"spec": {"containers": [{"name": "metricbeat", "securityContext": {"privileged": true, "runAsUser": 0}}]}}}}' but it will restart the pods of the DS. Is this really wanted?
There was a problem hiding this comment.
yeah, by looking at the command and restart behavior, sounds like uncommenting may actually be cleaner
Signed-off-by: chrismark <[email protected]>
Signed-off-by: chrismark <[email protected]>
Signed-off-by: chrismark <[email protected]>
| - ${VALID_CA} | ||
| ----- | ||
| NOTE: `VALID_CA` can be any CA that is valid so as to reach out the Kubelet API, |
There was a problem hiding this comment.
Nit. Use a different format for this, so it doesn't look like an environment variable that should be defined somewhere.
| - ${VALID_CA} | |
| ----- | |
| NOTE: `VALID_CA` can be any CA that is valid so as to reach out the Kubelet API, | |
| - /path/to/kubelet-service-ca.crt | |
| ----- | |
| NOTE: `kubelet-service-ca.crt` can be any CA bundle that contains the issuer of the certificate used in the Kubeler API, |
| for instance `/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt`. According to each specific installation | ||
| of Openshift this can be found either in `secrets` or in `configmaps`. | ||
| For instance, in case of using Openshift installer[https://github.com/openshift/installer/blob/master/docs/user/gcp/install.md] |
There was a problem hiding this comment.
Nit. Reorganize it a little bit to more explicitly mention where this can be found. It could be nice to explicitly say where this CA can be found depending on the installation method.
| for instance `/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt`. According to each specific installation | |
| of Openshift this can be found either in `secrets` or in `configmaps`. | |
| For instance, in case of using Openshift installer[https://github.com/openshift/installer/blob/master/docs/user/gcp/install.md] | |
| According to each specific installation of Openshift this can be found either in `secrets` or in `configmaps`. | |
| In some installations it can be available as part of the service account secret, in `/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt`. | |
| In case of using Openshift installer[https://github.com/openshift/installer/blob/master/docs/user/gcp/install.md] |
Signed-off-by: chrismark <[email protected]>
Signed-off-by: chrismark <[email protected]>
ChrsMark
added
needs_backport
ChrsMark
removed
the
needs_backport
(cherry picked from commit c46268a)
What does this PR do?
Adds required information for Openshift compatibility.
Why is it important?
In order to have updated docs regarding Openshift support.