diff --git a/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml index c540a12e13c..97f1fd144fe 100644 --- a/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/eck/rendered/manifest.yaml @@ -1094,86 +1094,85 @@ spec: namespace: elastic-system daemonSet: podTemplate: - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: agent-pernode-example - volumes: - - hostPath: - path: /proc + containers: + - env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 1000Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - CHOWN + - SETPCAP + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /hostfs/proc name: proc - - hostPath: - path: /sys/fs/cgroup + readOnly: true + - mountPath: /hostfs/sys/fs/cgroup name: cgroup - - hostPath: - path: /var/lib/docker/containers + readOnly: true + - mountPath: /var/lib/docker/containers name: varlibdockercontainers - - hostPath: - path: /var/log + readOnly: true + - mountPath: /var/log name: varlog - - hostPath: - path: /etc + readOnly: true + - mountPath: /hostfs/etc name: etc-full - - hostPath: - path: /var/lib + readOnly: true + - mountPath: /hostfs/var/lib name: var-lib - containers: - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - CHOWN - - SETPCAP - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - resources: - limits: - memory: 1000Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - - mountPath: /var/lib/docker/containers - name: varlibdockercontainers - readOnly: true - - mountPath: /var/log - name: varlog - readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + readOnly: true + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: agent-pernode-example + volumes: + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys/fs/cgroup + name: cgroup + - hostPath: + path: /var/lib/docker/containers + name: varlibdockercontainers + - hostPath: + path: /var/log + name: varlog + - hostPath: + path: /etc + name: etc-full + - hostPath: + path: /var/lib + name: var-lib --- # Source: elastic-agent/templates/agent/eck/deployment.yaml apiVersion: agent.k8s.elastic.co/v1alpha1 @@ -1198,52 +1197,51 @@ spec: namespace: elastic-system deployment: podTemplate: - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true + containers: + - env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - CHOWN + - SETPCAP + - DAC_READ_SEARCH + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: null + dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux serviceAccountName: agent-clusterwide-example volumes: - - emptyDir: {} - name: agent-data - containers: - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - securityContext: - capabilities: - add: - - CHOWN - - SETPCAP - - DAC_READ_SEARCH - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + - emptyDir: {} + name: agent-data --- # Source: elastic-agent/templates/agent/eck/statefulset.yaml apiVersion: agent.k8s.elastic.co/v1alpha1 @@ -1268,90 +1266,89 @@ spec: namespace: elastic-system statefulSet: podTemplate: - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true + containers: + - args: + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: kube-state-metrics + ports: + - containerPort: 8080 + name: http-metrics + - containerPort: 8081 + name: telemetry + readinessProbe: + httpGet: + path: / + port: 8081 + initialDelaySeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + - env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - CHOWN + - SETPCAP + - DAC_READ_SEARCH + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: null + dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux serviceAccountName: agent-ksmsharded-example volumes: - - emptyDir: {} - name: agent-data - containers: - - args: - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry - readinessProbe: - httpGet: - path: / - port: 8081 - initialDelaySeconds: 5 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - securityContext: - capabilities: - add: - - CHOWN - - SETPCAP - - DAC_READ_SEARCH - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + - emptyDir: {} + name: agent-data diff --git a/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml index bb8491f8ea1..2d561a075cd 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-default/rendered/manifest.yaml @@ -1090,103 +1090,103 @@ spec: name: agent-pernode-example annotations: checksum/config: 53aa4ccc3e8557125fecf738e70722e2aaa1199ee79a823f684a9d4a296af7b0 - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: agent-pernode-example - volumes: - - hostPath: - path: /proc + containers: + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 1000Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - CHOWN + - SETPCAP + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /hostfs/proc name: proc - - hostPath: - path: /sys/fs/cgroup + readOnly: true + - mountPath: /hostfs/sys/fs/cgroup name: cgroup - - hostPath: - path: /var/lib/docker/containers + readOnly: true + - mountPath: /var/lib/docker/containers name: varlibdockercontainers - - hostPath: - path: /var/log + readOnly: true + - mountPath: /var/log name: varlog - - hostPath: - path: /etc + readOnly: true + - mountPath: /hostfs/etc name: etc-full - - hostPath: - path: /var/lib + readOnly: true + - mountPath: /hostfs/var/lib name: var-lib - - name: agent-data - hostPath: - - path: /etc/elastic-agent/default/agent-pernode-example/state - type: DirectoryOrCreate - - - name: config - secret: - defaultMode: 0444 - secretName: agent-pernode-example - containers: - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - CHOWN - - SETPCAP - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - resources: - limits: - memory: 1000Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - - mountPath: /var/lib/docker/containers - name: varlibdockercontainers - readOnly: true - - mountPath: /var/log - name: varlog - readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + readOnly: true + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: agent-pernode-example + volumes: + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys/fs/cgroup + name: cgroup + - hostPath: + path: /var/lib/docker/containers + name: varlibdockercontainers + - hostPath: + path: /var/log + name: varlog + - hostPath: + path: /etc + name: etc-full + - hostPath: + path: /var/lib + name: var-lib + - hostPath: + path: /etc/elastic-agent/default/agent-pernode-example/state + type: DirectoryOrCreate + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-pernode-example --- # Source: elastic-agent/templates/agent/k8s/deployment.yaml apiVersion: apps/v1 @@ -1210,64 +1210,65 @@ spec: name: agent-clusterwide-example annotations: checksum/config: 73527b0aad319ef33239ef3c862820c5ee5cafb42e2ce164049646791b69ec68 - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true + containers: + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - CHOWN + - SETPCAP + - DAC_READ_SEARCH + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux serviceAccountName: agent-clusterwide-example volumes: - - emptyDir: {} - name: agent-data - - - name: config - secret: - defaultMode: 0444 - secretName: agent-clusterwide-example - containers: - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - capabilities: - add: - - CHOWN - - SETPCAP - - DAC_READ_SEARCH - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + - emptyDir: {} + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-clusterwide-example --- # Source: elastic-agent/templates/agent/k8s/statefulset.yaml apiVersion: apps/v1 @@ -1291,102 +1292,103 @@ spec: name: agent-ksmsharded-example annotations: checksum/config: 4ec2b2ef4d3c5c103e79e47a45d4b3b4f9f774e85293f9a5b2d56556025f1d2d - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true + containers: + - args: + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: kube-state-metrics + ports: + - containerPort: 8080 + name: http-metrics + - containerPort: 8081 + name: telemetry + readinessProbe: + httpGet: + path: / + port: 8081 + initialDelaySeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - CHOWN + - SETPCAP + - DAC_READ_SEARCH + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux serviceAccountName: agent-ksmsharded-example volumes: - - emptyDir: {} - name: agent-data - - - name: config - secret: - defaultMode: 0444 - secretName: agent-ksmsharded-example - containers: - - args: - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry - readinessProbe: - httpGet: - path: / - port: 8081 - initialDelaySeconds: 5 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - capabilities: - add: - - CHOWN - - SETPCAP - - DAC_READ_SEARCH - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + - emptyDir: {} + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-ksmsharded-example diff --git a/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml index 8856569d153..4cba2f1384c 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-hints-autodiscover/rendered/manifest.yaml @@ -1092,128 +1092,128 @@ spec: name: agent-pernode-example annotations: checksum/config: 21fb7e317577410096de8d8e0fb03b32ad2e406b549f75085ae6907d38678e46 - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: agent-pernode-example - volumes: - - hostPath: - path: /proc + containers: + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 1000Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - CHOWN + - SETPCAP + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /hostfs/proc name: proc - - hostPath: - path: /sys/fs/cgroup + readOnly: true + - mountPath: /hostfs/sys/fs/cgroup name: cgroup - - hostPath: - path: /var/lib/docker/containers + readOnly: true + - mountPath: /var/lib/docker/containers name: varlibdockercontainers - - hostPath: - path: /var/log + readOnly: true + - mountPath: /var/log name: varlog - - hostPath: - path: /etc + readOnly: true + - mountPath: /hostfs/etc name: etc-full - - hostPath: - path: /var/lib + readOnly: true + - mountPath: /hostfs/var/lib name: var-lib - - emptyDir: {} + readOnly: true + - mountPath: /usr/share/elastic-agent/state/inputs.d name: external-inputs - - name: agent-data - hostPath: - - path: /etc/elastic-agent/default/agent-pernode-example/state - type: DirectoryOrCreate - - - name: config - secret: - defaultMode: 0444 - secretName: agent-pernode-example + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet initContainers: - - args: - - -c - - mkdir -p /etc/elastic-agent/inputs.d && mkdir -p /etc/elastic-agent/inputs.d && - wget -O - https://github.com/elastic/elastic-agent/archive/v8.16.0.tar.gz | tar - xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-8.16.0/deploy/kubernetes/elastic-agent-standalone/templates.d" - command: - - sh - image: busybox:1.36.1 - name: k8s-templates-downloader - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - volumeMounts: - - mountPath: /etc/elastic-agent/inputs.d - name: external-inputs - containers: - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - CHOWN - - SETPCAP - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - resources: - limits: - memory: 1000Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - - mountPath: /var/lib/docker/containers - name: varlibdockercontainers - readOnly: true - - mountPath: /var/log - name: varlog - readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - - mountPath: /usr/share/elastic-agent/state/inputs.d - name: external-inputs - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + - args: + - -c + - mkdir -p /etc/elastic-agent/inputs.d && mkdir -p /etc/elastic-agent/inputs.d + && wget -O - https://github.com/elastic/elastic-agent/archive/v8.16.0.tar.gz + | tar xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-8.16.0/deploy/kubernetes/elastic-agent-standalone/templates.d" + command: + - sh + image: busybox:1.36.1 + name: k8s-templates-downloader + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/elastic-agent/inputs.d + name: external-inputs + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: agent-pernode-example + volumes: + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys/fs/cgroup + name: cgroup + - hostPath: + path: /var/lib/docker/containers + name: varlibdockercontainers + - hostPath: + path: /var/log + name: varlog + - hostPath: + path: /etc + name: etc-full + - hostPath: + path: /var/lib + name: var-lib + - emptyDir: {} + name: external-inputs + - hostPath: + path: /etc/elastic-agent/default/agent-pernode-example/state + type: DirectoryOrCreate + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-pernode-example --- # Source: elastic-agent/templates/agent/k8s/deployment.yaml apiVersion: apps/v1 @@ -1237,64 +1237,65 @@ spec: name: agent-clusterwide-example annotations: checksum/config: 73527b0aad319ef33239ef3c862820c5ee5cafb42e2ce164049646791b69ec68 - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true + containers: + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - CHOWN + - SETPCAP + - DAC_READ_SEARCH + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux serviceAccountName: agent-clusterwide-example volumes: - - emptyDir: {} - name: agent-data - - - name: config - secret: - defaultMode: 0444 - secretName: agent-clusterwide-example - containers: - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - capabilities: - add: - - CHOWN - - SETPCAP - - DAC_READ_SEARCH - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + - emptyDir: {} + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-clusterwide-example --- # Source: elastic-agent/templates/agent/k8s/statefulset.yaml apiVersion: apps/v1 @@ -1318,102 +1319,103 @@ spec: name: agent-ksmsharded-example annotations: checksum/config: 4ec2b2ef4d3c5c103e79e47a45d4b3b4f9f774e85293f9a5b2d56556025f1d2d - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true + containers: + - args: + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: kube-state-metrics + ports: + - containerPort: 8080 + name: http-metrics + - containerPort: 8081 + name: telemetry + readinessProbe: + httpGet: + path: / + port: 8081 + initialDelaySeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - CHOWN + - SETPCAP + - DAC_READ_SEARCH + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux serviceAccountName: agent-ksmsharded-example volumes: - - emptyDir: {} - name: agent-data - - - name: config - secret: - defaultMode: 0444 - secretName: agent-ksmsharded-example - containers: - - args: - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry - readinessProbe: - httpGet: - path: / - port: 8081 - initialDelaySeconds: 5 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - capabilities: - add: - - CHOWN - - SETPCAP - - DAC_READ_SEARCH - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + - emptyDir: {} + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-ksmsharded-example diff --git a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml index 4dbf4a0a33b..74e4abfdc0e 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/kubernetes-only-logs/rendered/manifest.yaml @@ -228,100 +228,100 @@ spec: name: agent-pernode-example annotations: checksum/config: 4de2216224a483ae1355aeec668894f764edc48bd3481d8fbc65f67eedc1b336 - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: agent-pernode-example - volumes: - - hostPath: - path: /proc + containers: + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 1000Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - CHOWN + - SETPCAP + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /hostfs/proc name: proc - - hostPath: - path: /sys/fs/cgroup + readOnly: true + - mountPath: /hostfs/sys/fs/cgroup name: cgroup - - hostPath: - path: /var/lib/docker/containers + readOnly: true + - mountPath: /var/lib/docker/containers name: varlibdockercontainers - - hostPath: - path: /var/log + readOnly: true + - mountPath: /var/log name: varlog - - hostPath: - path: /etc + readOnly: true + - mountPath: /hostfs/etc name: etc-full - - hostPath: - path: /var/lib + readOnly: true + - mountPath: /hostfs/var/lib name: var-lib - - name: agent-data - hostPath: - - path: /etc/elastic-agent/default/agent-pernode-example/state - type: DirectoryOrCreate - - - name: config - secret: - defaultMode: 0444 - secretName: agent-pernode-example - containers: - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - CHOWN - - SETPCAP - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - resources: - limits: - memory: 1000Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - - mountPath: /var/lib/docker/containers - name: varlibdockercontainers - readOnly: true - - mountPath: /var/log - name: varlog - readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + readOnly: true + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: agent-pernode-example + volumes: + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys/fs/cgroup + name: cgroup + - hostPath: + path: /var/lib/docker/containers + name: varlibdockercontainers + - hostPath: + path: /var/log + name: varlog + - hostPath: + path: /etc + name: etc-full + - hostPath: + path: /var/lib + name: var-lib + - hostPath: + path: /etc/elastic-agent/default/agent-pernode-example/state + type: DirectoryOrCreate + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-pernode-example diff --git a/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml index 6a45a8d65ab..f7a75a96718 100644 --- a/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/multiple-integrations/rendered/manifest.yaml @@ -1118,118 +1118,118 @@ spec: name: agent-pernode-example annotations: checksum/config: 21fb7e317577410096de8d8e0fb03b32ad2e406b549f75085ae6907d38678e46 - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: agent-pernode-example - volumes: - - hostPath: - path: /proc + containers: + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 1000Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /hostfs/proc name: proc - - hostPath: - path: /sys/fs/cgroup + readOnly: true + - mountPath: /hostfs/sys/fs/cgroup name: cgroup - - hostPath: - path: /var/lib/docker/containers + readOnly: true + - mountPath: /var/lib/docker/containers name: varlibdockercontainers - - hostPath: - path: /var/log + readOnly: true + - mountPath: /var/log name: varlog - - hostPath: - path: /etc + readOnly: true + - mountPath: /hostfs/etc name: etc-full - - hostPath: - path: /var/lib + readOnly: true + - mountPath: /hostfs/var/lib name: var-lib - - emptyDir: {} + readOnly: true + - mountPath: /usr/share/elastic-agent/state/inputs.d name: external-inputs - - name: agent-data - hostPath: - - path: /etc/elastic-agent/default/agent-pernode-example/state - type: DirectoryOrCreate - - - name: config - secret: - defaultMode: 0444 - secretName: agent-pernode-example + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet initContainers: - - args: - - -c - - mkdir -p /etc/elastic-agent/inputs.d && mkdir -p /etc/elastic-agent/inputs.d && - wget -O - https://github.com/elastic/elastic-agent/archive/v8.16.0.tar.gz | tar - xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-8.16.0/deploy/kubernetes/elastic-agent-standalone/templates.d" - command: - - sh - image: busybox:1.36.1 - name: k8s-templates-downloader - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - volumeMounts: - - mountPath: /etc/elastic-agent/inputs.d - name: external-inputs - containers: - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - runAsUser: 0 - resources: - limits: - memory: 1000Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - - mountPath: /var/lib/docker/containers - name: varlibdockercontainers - readOnly: true - - mountPath: /var/log - name: varlog - readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - - mountPath: /usr/share/elastic-agent/state/inputs.d - name: external-inputs - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + - args: + - -c + - mkdir -p /etc/elastic-agent/inputs.d && mkdir -p /etc/elastic-agent/inputs.d + && wget -O - https://github.com/elastic/elastic-agent/archive/v8.16.0.tar.gz + | tar xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-8.16.0/deploy/kubernetes/elastic-agent-standalone/templates.d" + command: + - sh + image: busybox:1.36.1 + name: k8s-templates-downloader + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/elastic-agent/inputs.d + name: external-inputs + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: agent-pernode-example + volumes: + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys/fs/cgroup + name: cgroup + - hostPath: + path: /var/lib/docker/containers + name: varlibdockercontainers + - hostPath: + path: /var/log + name: varlog + - hostPath: + path: /etc + name: etc-full + - hostPath: + path: /var/lib + name: var-lib + - emptyDir: {} + name: external-inputs + - hostPath: + path: /etc/elastic-agent/default/agent-pernode-example/state + type: DirectoryOrCreate + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-pernode-example --- # Source: elastic-agent/templates/agent/k8s/deployment.yaml apiVersion: apps/v1 @@ -1253,54 +1253,55 @@ spec: name: agent-clusterwide-example annotations: checksum/config: b04d7965af8739293cd90e352c59d1240473f56febd9aded16ba766d77f90b5f - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true + containers: + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux serviceAccountName: agent-clusterwide-example volumes: - - emptyDir: {} - name: agent-data - - - name: config - secret: - defaultMode: 0444 - secretName: agent-clusterwide-example - containers: - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - runAsUser: 0 - resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + - emptyDir: {} + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-clusterwide-example --- # Source: elastic-agent/templates/agent/k8s/statefulset.yaml apiVersion: apps/v1 @@ -1324,92 +1325,93 @@ spec: name: agent-ksmsharded-example annotations: checksum/config: 4ec2b2ef4d3c5c103e79e47a45d4b3b4f9f774e85293f9a5b2d56556025f1d2d - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true + containers: + - args: + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: kube-state-metrics + ports: + - containerPort: 8080 + name: http-metrics + - containerPort: 8081 + name: telemetry + readinessProbe: + httpGet: + path: / + port: 8081 + initialDelaySeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 800Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet nodeSelector: kubernetes.io/os: linux serviceAccountName: agent-ksmsharded-example volumes: - - emptyDir: {} - name: agent-data - - - name: config - secret: - defaultMode: 0444 - secretName: agent-ksmsharded-example - containers: - - args: - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry - readinessProbe: - httpGet: - path: / - port: 8081 - initialDelaySeconds: 5 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - runAsUser: 0 - resources: - limits: - memory: 800Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + - emptyDir: {} + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-ksmsharded-example diff --git a/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml index ab90e92cb03..a1533ba74af 100644 --- a/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/nginx-custom-integration/rendered/manifest.yaml @@ -216,44 +216,44 @@ spec: name: agent-nginx-example annotations: checksum/config: 4b3a03273d11151ee0f8bbdc8e235f8b6d2b344e09dedc632ae6f7f9e8e0ef34 - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true + containers: + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet serviceAccountName: agent-nginx-example volumes: - - name: agent-data - hostPath: - - path: /etc/elastic-agent/default/agent-nginx-example/state - type: DirectoryOrCreate - - - name: config - secret: - defaultMode: 0444 - secretName: agent-nginx-example - containers: - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - runAsUser: 0 - volumeMounts: - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" + - hostPath: + path: /etc/elastic-agent/default/agent-nginx-example/state + type: DirectoryOrCreate + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-nginx-example diff --git a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml index 73b4c5bd2f0..4c27615a0c5 100644 --- a/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml +++ b/deploy/helm/elastic-agent/examples/system-custom-auth-paths/rendered/manifest.yaml @@ -300,100 +300,100 @@ spec: name: agent-pernode-example annotations: checksum/config: 39e00ed2a77861d6ce0f1436c373284c3651db4325dbe5d25300677203cfdca7 - spec: - dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: agent-pernode-example - volumes: - - hostPath: - path: /proc + containers: + - args: + - -c + - /etc/elastic-agent/agent.yml + - -e + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: /usr/share/elastic-agent/state + - name: ELASTIC_NETINFO + value: "false" + image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT + imagePullPolicy: IfNotPresent + name: agent + resources: + limits: + memory: 1000Mi + requests: + cpu: 100m + memory: 400Mi + securityContext: + capabilities: + add: + - DAC_READ_SEARCH + - CHOWN + - SETPCAP + - SYS_PTRACE + drop: + - ALL + privileged: false + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /hostfs/proc name: proc - - hostPath: - path: /sys/fs/cgroup + readOnly: true + - mountPath: /hostfs/sys/fs/cgroup name: cgroup - - hostPath: - path: /var/lib/docker/containers + readOnly: true + - mountPath: /var/lib/docker/containers name: varlibdockercontainers - - hostPath: - path: /var/log + readOnly: true + - mountPath: /var/log name: varlog - - hostPath: - path: /etc + readOnly: true + - mountPath: /hostfs/etc name: etc-full - - hostPath: - path: /var/lib + readOnly: true + - mountPath: /hostfs/var/lib name: var-lib - - name: agent-data - hostPath: - - path: /etc/elastic-agent/default/agent-pernode-example/state - type: DirectoryOrCreate - - - name: config - secret: - defaultMode: 0444 - secretName: agent-pernode-example - containers: - - name: agent - imagePullPolicy: IfNotPresent - image: "docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT" - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - securityContext: - capabilities: - add: - - DAC_READ_SEARCH - - CHOWN - - SETPCAP - - SYS_PTRACE - drop: - - ALL - privileged: false - runAsGroup: 1000 - runAsUser: 1000 - resources: - limits: - memory: 1000Mi - requests: - cpu: 100m - memory: 400Mi - volumeMounts: - - mountPath: /hostfs/proc - name: proc - readOnly: true - - mountPath: /hostfs/sys/fs/cgroup - name: cgroup - readOnly: true - - mountPath: /var/lib/docker/containers - name: varlibdockercontainers - readOnly: true - - mountPath: /var/log - name: varlog - readOnly: true - - mountPath: /hostfs/etc - name: etc-full - readOnly: true - - mountPath: /hostfs/var/lib - name: var-lib - readOnly: true - - name: agent-data - mountPath: /usr/share/elastic-agent/state - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - - name: ELASTIC_NETINFO - value: "false" + readOnly: true + - mountPath: /usr/share/elastic-agent/state + name: agent-data + - mountPath: /etc/elastic-agent/agent.yml + name: config + readOnly: true + subPath: agent.yml + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: agent-pernode-example + volumes: + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys/fs/cgroup + name: cgroup + - hostPath: + path: /var/lib/docker/containers + name: varlibdockercontainers + - hostPath: + path: /var/log + name: varlog + - hostPath: + path: /etc + name: etc-full + - hostPath: + path: /var/lib + name: var-lib + - hostPath: + path: /etc/elastic-agent/default/agent-pernode-example/state + type: DirectoryOrCreate + name: agent-data + - name: config + secret: + defaultMode: 292 + secretName: agent-pernode-example diff --git a/deploy/helm/elastic-agent/templates/agent/eck/_pod_template.tpl b/deploy/helm/elastic-agent/templates/agent/eck/_pod_template.tpl deleted file mode 100644 index a1bb5e946d1..00000000000 --- a/deploy/helm/elastic-agent/templates/agent/eck/_pod_template.tpl +++ /dev/null @@ -1,89 +0,0 @@ -{{- define "elasticagent.engine.eck.podTemplate" }} -{{- $ := index . 0 -}} -{{- $presetVal := index . 1 -}} -{{- $agentName := index . 2 }} - spec: - dnsPolicy: ClusterFirstWithHostNet - {{- with ($presetVal).hostNetwork }} - hostNetwork: {{ . }} - {{- end }} - {{- with ($presetVal).hostPID }} - hostPID: {{ . }} - {{- end }} - automountServiceAccountToken: true - {{- with ($presetVal).nodeSelector }} - nodeSelector: - {{- . | toYaml | nindent 10 }} - {{- end }} - serviceAccountName: {{ $agentName }} - {{- with ($presetVal).affinity }} - affinity: - {{- . | toYaml | nindent 10 }} - {{- end }} - {{- with ($presetVal).tolerations }} - tolerations: - {{- . | toYaml | nindent 10 }} - {{- end }} - {{- with ($presetVal).topologySpreadConstraints }} - topologySpreadConstraints: - {{- . | toYaml | nindent 10 }} - {{- end }} - volumes: - {{- with ($presetVal).extraVolumes }} - {{- . | toYaml | nindent 10 }} - {{- end }} - {{- with ($presetVal).initContainers }} - initContainers: - {{- . | toYaml | nindent 10 }} - {{- end }} - {{- with $.Values.agent.imagePullSecrets }} - imagePullSecrets: - {{- . | toYaml | nindent 10 }} - {{- end }} - containers: - {{- with ($presetVal).extraContainers }} - {{- . | toYaml | nindent 10 }} - {{- end }} - - name: agent - {{- with $.Values.agent.image.pullPolicy }} - imagePullPolicy: {{ . }} - {{- end }} - {{- if $.Values.agent.image.tag }} - image: "{{ $.Values.agent.image.repository }}:{{ $.Values.agent.image.tag }}" - {{- else }} - image: "{{ $.Values.agent.image.repository }}:{{ $.Values.agent.version }}" - {{- end }} - {{- with ($presetVal).securityContext }} - securityContext: - {{- . | toYaml | nindent 14 }} - {{- end }} - {{- with ($presetVal).resources }} - resources: - {{- . | toYaml | nindent 14 }} - {{- end }} - volumeMounts: - {{- with ($presetVal).extraVolumeMounts }} - {{- . | toYaml | nindent 14 }} - {{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - {{- with ($presetVal).extraEnvs }} - {{- . | toYaml | nindent 14 }} - {{- end }} - {{- if eq $.Values.agent.fleet.enabled false }} - {{- with ($presetVal).outputs }} - {{- range $outputName, $outputVal := . -}} - {{- (include (printf "elasticagent.output.%s.preset.envvars" ($outputVal).type) (list $ $outputName $outputVal)) | nindent 14 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/deploy/helm/elastic-agent/templates/agent/eck/_pod_template.yaml b/deploy/helm/elastic-agent/templates/agent/eck/_pod_template.yaml new file mode 100644 index 00000000000..7272a9417ff --- /dev/null +++ b/deploy/helm/elastic-agent/templates/agent/eck/_pod_template.yaml @@ -0,0 +1,92 @@ +{{- define "elasticagent.engine.eck.podTemplate" }} +{{- $ := index . 0 -}} +{{- $presetVal := index . 1 -}} +{{- $agentName := index . 2 }} +apiVersion: v1 +kind: PodTemplate +template: + spec: + dnsPolicy: ClusterFirstWithHostNet + {{- with ($presetVal).hostNetwork }} + hostNetwork: {{ . }} + {{- end }} + {{- with ($presetVal).hostPID }} + hostPID: {{ . }} + {{- end }} + automountServiceAccountToken: true + {{- with ($presetVal).nodeSelector }} + nodeSelector: + {{- . | toYaml | nindent 6 }} + {{- end }} + serviceAccountName: {{ $agentName }} + {{- with ($presetVal).affinity }} + affinity: + {{- . | toYaml | nindent 6 }} + {{- end }} + {{- with ($presetVal).tolerations }} + tolerations: + {{- . | toYaml | nindent 6 }} + {{- end }} + {{- with ($presetVal).topologySpreadConstraints }} + topologySpreadConstraints: + {{- . | toYaml | nindent 6 }} + {{- end }} + volumes: + {{- with ($presetVal).extraVolumes }} + {{- . | toYaml | nindent 6 }} + {{- end }} + {{- with ($presetVal).initContainers }} + initContainers: + {{- . | toYaml | nindent 6 }} + {{- end }} + {{- with $.Values.agent.imagePullSecrets }} + imagePullSecrets: + {{- . | toYaml | nindent 6 }} + {{- end }} + containers: + {{- with ($presetVal).extraContainers }} + {{- . | toYaml | nindent 6 }} + {{- end }} + - name: agent + {{- with $.Values.agent.image.pullPolicy }} + imagePullPolicy: {{ . }} + {{- end }} + {{- if $.Values.agent.image.tag }} + image: "{{ $.Values.agent.image.repository }}:{{ $.Values.agent.image.tag }}" + {{- else }} + image: "{{ $.Values.agent.image.repository }}:{{ $.Values.agent.version }}" + {{- end }} + {{- with ($presetVal).securityContext }} + securityContext: + {{- . | toYaml | nindent 10 }} + {{- end }} + {{- with ($presetVal).resources }} + resources: + {{- . | toYaml | nindent 10 }} + {{- end }} + volumeMounts: + {{- with ($presetVal).extraVolumeMounts }} + {{- . | toYaml | nindent 10 }} + {{- end }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: "/usr/share/elastic-agent/state" + {{- with ($presetVal).extraEnvs }} + {{- . | toYaml | nindent 10 }} + {{- end }} + {{- if eq $.Values.agent.fleet.enabled false }} + {{- with ($presetVal).outputs }} + {{- range $outputName, $outputVal := . -}} + {{- (include (printf "elasticagent.output.%s.preset.envvars" ($outputVal).type) (list $ $outputName $outputVal)) | nindent 14 }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/deploy/helm/elastic-agent/templates/agent/eck/daemonset.yaml b/deploy/helm/elastic-agent/templates/agent/eck/daemonset.yaml index d66079206d5..6e86e9c9c6a 100644 --- a/deploy/helm/elastic-agent/templates/agent/eck/daemonset.yaml +++ b/deploy/helm/elastic-agent/templates/agent/eck/daemonset.yaml @@ -2,6 +2,7 @@ {{- range $presetName, $presetVal := $.Values.agent.presets -}} {{- if and (eq ($presetVal).mode "daemonset") (eq $.Values.agent.engine "eck") -}} {{- $agentName := include "elasticagent.preset.fullname" (list $ $presetName) -}} +{{- $podTemplateResource := include "elasticagent.engine.eck.podTemplate" (list $ $presetVal $agentName) | fromYaml -}} apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: @@ -34,7 +35,7 @@ spec: {{- end }} daemonSet: podTemplate: -{{ include "elasticagent.engine.eck.podTemplate" (list $ $presetVal $agentName) }} +{{- toYaml ($podTemplateResource).template | nindent 6 }} --- {{- end -}} {{- end }} diff --git a/deploy/helm/elastic-agent/templates/agent/eck/deployment.yaml b/deploy/helm/elastic-agent/templates/agent/eck/deployment.yaml index da7e08fc9c4..5ab95d88367 100644 --- a/deploy/helm/elastic-agent/templates/agent/eck/deployment.yaml +++ b/deploy/helm/elastic-agent/templates/agent/eck/deployment.yaml @@ -2,6 +2,7 @@ {{- range $presetName, $presetVal := $.Values.agent.presets -}} {{- if and (eq ($presetVal).mode "deployment") (eq $.Values.agent.engine "eck") -}} {{- $agentName := include "elasticagent.preset.fullname" (list $ $presetName) -}} +{{- $podTemplateResource := include "elasticagent.engine.eck.podTemplate" (list $ $presetVal $agentName) | fromYaml -}} apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: @@ -37,7 +38,7 @@ spec: replicas: {{ . }} {{- end }} podTemplate: -{{ include "elasticagent.engine.eck.podTemplate" (list $ $presetVal $agentName) }} +{{- toYaml ($podTemplateResource).template | nindent 6 }} --- {{- end -}} {{- end }} diff --git a/deploy/helm/elastic-agent/templates/agent/eck/statefulset.yaml b/deploy/helm/elastic-agent/templates/agent/eck/statefulset.yaml index eabf33cbe5b..02ea89d169a 100644 --- a/deploy/helm/elastic-agent/templates/agent/eck/statefulset.yaml +++ b/deploy/helm/elastic-agent/templates/agent/eck/statefulset.yaml @@ -2,6 +2,7 @@ {{- range $presetName, $presetVal := $.Values.agent.presets -}} {{- if and (eq ($presetVal).mode "statefulset") (eq $.Values.agent.engine "eck") -}} {{- $agentName := include "elasticagent.preset.fullname" (list $ $presetName) -}} +{{- $podTemplateResource := include "elasticagent.engine.eck.podTemplate" (list $ $presetVal $agentName) | fromYaml -}} apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: @@ -37,7 +38,7 @@ spec: replicas: {{ . }} {{- end }} podTemplate: -{{ include "elasticagent.engine.eck.podTemplate" (list $ $presetVal $agentName) }} +{{- toYaml ($podTemplateResource).template | nindent 6 }} --- {{- end -}} {{- end }} diff --git a/deploy/helm/elastic-agent/templates/agent/k8s/_pod_template.tpl b/deploy/helm/elastic-agent/templates/agent/k8s/_pod_template.tpl deleted file mode 100644 index 1c8688736b2..00000000000 --- a/deploy/helm/elastic-agent/templates/agent/k8s/_pod_template.tpl +++ /dev/null @@ -1,137 +0,0 @@ -{{- define "elasticagent.engine.k8s.podTemplate" }} -{{- $ := index . 0 -}} -{{- $presetVal := index . 1 -}} -{{- $agentName := index . 2 }} - spec: - dnsPolicy: ClusterFirstWithHostNet - {{- with ($presetVal).hostNetwork }} - hostNetwork: {{ . }} - {{- end }} - {{- with ($presetVal).hostPID }} - hostPID: {{ . }} - {{- end }} - automountServiceAccountToken: true - {{- with ($presetVal).nodeSelector }} - nodeSelector: - {{- . | toYaml | nindent 8 }} - {{- end }} - serviceAccountName: {{ $agentName }} - {{- with ($presetVal).affinity }} - affinity: - {{- . | toYaml | nindent 8 }} - {{- end }} - {{- with ($presetVal).tolerations }} - tolerations: - {{- . | toYaml | nindent 8 }} - {{- end }} - {{- with ($presetVal).topologySpreadConstraints }} - topologySpreadConstraints: - {{- . | toYaml | nindent 8 }} - {{- end }} - volumes: - {{- $definedAgentStateVolume := false -}} - {{- with ($presetVal).extraVolumes }} - {{- . | toYaml | nindent 8 }} - {{- range $idx, $volume := . -}} - {{- if eq $definedAgentStateVolume false -}} - {{- if eq ($volume).name "agent-data" -}} - {{- $definedAgentStateVolume = true}} - {{- end -}} - {{- end -}} - {{- end -}} - {{- end }} - {{- if eq $definedAgentStateVolume false }} - - name: agent-data - hostPath: - {{- if eq $.Values.agent.fleet.enabled true }} - {{/* different state hostPath for managed agents */}} - path: /etc/elastic-agent/{{$.Release.Namespace}}/{{$agentName}}-managed/state - {{- else }} - {{/* different state hostPath for standalone agents */}} - path: /etc/elastic-agent/{{$.Release.Namespace}}/{{$agentName}}/state - {{- end }} - type: DirectoryOrCreate - {{- end }} - {{- if eq $.Values.agent.fleet.enabled false }} - {{/* standalone mode so config is static */}} - - name: config - secret: - defaultMode: 0444 - secretName: {{ $agentName }} - {{- end }} - {{- with ($presetVal).initContainers }} - initContainers: - {{- . | toYaml | nindent 8 }} - {{- end }} - {{- with $.Values.agent.imagePullSecrets }} - imagePullSecrets: - {{- . | toYaml | nindent 8 }} - {{- end }} - containers: - {{- with ($presetVal).extraContainers }} - {{- . | toYaml | nindent 8 }} - {{- end }} - - name: agent - {{- with $.Values.agent.image.pullPolicy }} - imagePullPolicy: {{ . }} - {{- end }} - {{- if $.Values.agent.image.tag }} - image: "{{ $.Values.agent.image.repository }}:{{ $.Values.agent.image.tag }}" - {{- else }} - image: "{{ $.Values.agent.image.repository }}:{{ $.Values.agent.version }}" - {{- end }} - {{- if eq $.Values.agent.fleet.enabled false }} - args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] - {{- end }} - {{- with ($presetVal).securityContext }} - securityContext: - {{- . | toYaml | nindent 12 }} - {{- end }} - {{- with ($presetVal).resources }} - resources: - {{- . | toYaml | nindent 12 }} - {{- end }} - volumeMounts: - {{- $definedAgentStateVolumeMount := false -}} - {{- with ($presetVal).extraVolumeMounts }} - {{- . | toYaml | nindent 12 }} - {{- range $idx, $volumeMount := . -}} - {{- if eq $definedAgentStateVolumeMount false -}} - {{- if eq ($volumeMount).name "agent-data" -}} - {{- $definedAgentStateVolumeMount = true}} - {{- end -}} - {{- end -}} - {{- end -}} - {{- end }} - {{- if eq $definedAgentStateVolumeMount false }} - - name: agent-data - mountPath: /usr/share/elastic-agent/state - {{- end }} - {{- if eq $.Values.agent.fleet.enabled false }} - - name: config - mountPath: /etc/elastic-agent/agent.yml - readOnly: true - subPath: agent.yml - {{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: STATE_PATH - value: "/usr/share/elastic-agent/state" - {{- with ($presetVal).extraEnvs }} - {{- . | toYaml | nindent 12 }} - {{- end }} - {{- if eq $.Values.agent.fleet.enabled false }} - {{- with ($presetVal).outputs }} - {{- range $outputName, $outputVal := . -}} - {{- (include (printf "elasticagent.output.%s.preset.envvars" ($outputVal).type) (list $ $outputName $outputVal)) | nindent 12 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/deploy/helm/elastic-agent/templates/agent/k8s/_pod_template.yaml b/deploy/helm/elastic-agent/templates/agent/k8s/_pod_template.yaml new file mode 100644 index 00000000000..3b471f9e37e --- /dev/null +++ b/deploy/helm/elastic-agent/templates/agent/k8s/_pod_template.yaml @@ -0,0 +1,140 @@ +{{- define "elasticagent.engine.k8s.podTemplate" }} +{{- $ := index . 0 -}} +{{- $presetVal := index . 1 -}} +{{- $agentName := index . 2 }} +apiVersion: v1 +kind: PodTemplate +template: + spec: + dnsPolicy: ClusterFirstWithHostNet + {{- with ($presetVal).hostNetwork }} + hostNetwork: {{ . }} + {{- end }} + {{- with ($presetVal).hostPID }} + hostPID: {{ . }} + {{- end }} + automountServiceAccountToken: true + {{- with ($presetVal).nodeSelector }} + nodeSelector: + {{- . | toYaml | nindent 6 }} + {{- end }} + serviceAccountName: {{ $agentName }} + {{- with ($presetVal).affinity }} + affinity: + {{- . | toYaml | nindent 6 }} + {{- end }} + {{- with ($presetVal).tolerations }} + tolerations: + {{- . | toYaml | nindent 6 }} + {{- end }} + {{- with ($presetVal).topologySpreadConstraints }} + topologySpreadConstraints: + {{- . | toYaml | nindent 6 }} + {{- end }} + volumes: + {{- $definedAgentStateVolume := false -}} + {{- with ($presetVal).extraVolumes }} + {{- . | toYaml | nindent 6 }} + {{- range $idx, $volume := . -}} + {{- if eq $definedAgentStateVolume false -}} + {{- if eq ($volume).name "agent-data" -}} + {{- $definedAgentStateVolume = true}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end }} + {{- if eq $definedAgentStateVolume false }} + - name: agent-data + hostPath: + {{- if eq $.Values.agent.fleet.enabled true }} + {{/* different state hostPath for managed agents */}} + path: /etc/elastic-agent/{{$.Release.Namespace}}/{{$agentName}}-managed/state + {{- else }} + {{/* different state hostPath for standalone agents */}} + path: /etc/elastic-agent/{{$.Release.Namespace}}/{{$agentName}}/state + {{- end }} + type: DirectoryOrCreate + {{- end }} + {{- if eq $.Values.agent.fleet.enabled false }} + {{/* standalone mode so config is static */}} + - name: config + secret: + defaultMode: 0444 + secretName: {{ $agentName }} + {{- end }} + {{- with $.Values.agent.imagePullSecrets }} + imagePullSecrets: + {{- . | toYaml | nindent 8 }} + {{- end }} + {{- with ($presetVal).initContainers }} + initContainers: + {{- . | toYaml | nindent 6 }} + {{- end }} + containers: + {{- with ($presetVal).extraContainers }} + {{- . | toYaml | nindent 6 }} + {{- end }} + - name: agent + {{- with $.Values.agent.image.pullPolicy }} + imagePullPolicy: {{ . }} + {{- end }} + {{- if $.Values.agent.image.tag }} + image: "{{ $.Values.agent.image.repository }}:{{ $.Values.agent.image.tag }}" + {{- else }} + image: "{{ $.Values.agent.image.repository }}:{{ $.Values.agent.version }}" + {{- end }} + {{- if eq $.Values.agent.fleet.enabled false }} + args: ["-c", "/etc/elastic-agent/agent.yml", "-e"] + {{- end }} + {{- with ($presetVal).securityContext }} + securityContext: + {{- . | toYaml | nindent 10 }} + {{- end }} + {{- with ($presetVal).resources }} + resources: + {{- . | toYaml | nindent 10 }} + {{- end }} + volumeMounts: + {{- $definedAgentStateVolumeMount := false -}} + {{- with ($presetVal).extraVolumeMounts }} + {{- . | toYaml | nindent 10}} + {{- range $idx, $volumeMount := . -}} + {{- if eq $definedAgentStateVolumeMount false -}} + {{- if eq ($volumeMount).name "agent-data" -}} + {{- $definedAgentStateVolumeMount = true}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end }} + {{- if eq $definedAgentStateVolumeMount false }} + - name: agent-data + mountPath: /usr/share/elastic-agent/state + {{- end }} + {{- if eq $.Values.agent.fleet.enabled false }} + - name: config + mountPath: /etc/elastic-agent/agent.yml + readOnly: true + subPath: agent.yml + {{- end }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STATE_PATH + value: "/usr/share/elastic-agent/state" + {{- with ($presetVal).extraEnvs }} + {{- . | toYaml | nindent 10}} + {{- end }} + {{- if eq $.Values.agent.fleet.enabled false }} + {{- with ($presetVal).outputs }} + {{- range $outputName, $outputVal := . -}} + {{- (include (printf "elasticagent.output.%s.preset.envvars" ($outputVal).type) (list $ $outputName $outputVal)) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/deploy/helm/elastic-agent/templates/agent/k8s/daemonset.yaml b/deploy/helm/elastic-agent/templates/agent/k8s/daemonset.yaml index 63516b689c9..653038b2403 100644 --- a/deploy/helm/elastic-agent/templates/agent/k8s/daemonset.yaml +++ b/deploy/helm/elastic-agent/templates/agent/k8s/daemonset.yaml @@ -2,6 +2,7 @@ {{- range $presetName, $presetVal := $.Values.agent.presets -}} {{- if and (eq ($presetVal).mode "daemonset") (eq $.Values.agent.engine "k8s") -}} {{- $agentName := include "elasticagent.preset.fullname" (list $ $presetName) -}} +{{- $podTemplateResource := include "elasticagent.engine.k8s.podTemplate" (list $ $presetVal $agentName) | fromYaml -}} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -25,7 +26,7 @@ spec: {{- with ($presetVal).annotations }} {{- toYaml . | nindent 8 }} {{- end }} -{{ include "elasticagent.engine.k8s.podTemplate" (list $ $presetVal $agentName) }} +{{- toYaml ($podTemplateResource).template | nindent 4 }} --- {{- end -}} {{- end }} diff --git a/deploy/helm/elastic-agent/templates/agent/k8s/deployment.yaml b/deploy/helm/elastic-agent/templates/agent/k8s/deployment.yaml index fe7f2d76502..8cfc3f7e144 100644 --- a/deploy/helm/elastic-agent/templates/agent/k8s/deployment.yaml +++ b/deploy/helm/elastic-agent/templates/agent/k8s/deployment.yaml @@ -2,6 +2,7 @@ {{- range $presetName, $presetVal := $.Values.agent.presets -}} {{- if and (eq ($presetVal).mode "deployment") (eq $.Values.agent.engine "k8s") -}} {{- $agentName := include "elasticagent.preset.fullname" (list $ $presetName) -}} +{{- $podTemplateResource := include "elasticagent.engine.k8s.podTemplate" (list $ $presetVal $agentName) | fromYaml -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -25,7 +26,7 @@ spec: {{- with ($presetVal).annotations }} {{- toYaml . | nindent 8 }} {{- end }} -{{ include "elasticagent.engine.k8s.podTemplate" (list $ $presetVal $agentName) }} +{{- toYaml ($podTemplateResource).template | nindent 4 }} --- {{- end -}} {{- end }} diff --git a/deploy/helm/elastic-agent/templates/agent/k8s/statefulset.yaml b/deploy/helm/elastic-agent/templates/agent/k8s/statefulset.yaml index de9ae85d6a2..3a661df490d 100644 --- a/deploy/helm/elastic-agent/templates/agent/k8s/statefulset.yaml +++ b/deploy/helm/elastic-agent/templates/agent/k8s/statefulset.yaml @@ -2,6 +2,7 @@ {{- range $presetName, $presetVal := $.Values.agent.presets -}} {{- if and (eq ($presetVal).mode "statefulset") (eq $.Values.agent.engine "k8s") -}} {{- $agentName := include "elasticagent.preset.fullname" (list $ $presetName) -}} +{{- $podTemplateResource := include "elasticagent.engine.k8s.podTemplate" (list $ $presetVal $agentName) | fromYaml -}} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -25,7 +26,7 @@ spec: {{- with ($presetVal).annotations }} {{- toYaml . | nindent 8 }} {{- end }} -{{ include "elasticagent.engine.k8s.podTemplate" (list $ $presetVal $agentName) }} +{{- toYaml ($podTemplateResource).template | nindent 4 }} --- {{- end -}} {{- end }}