Elastic Agent on ECK with Fleet - How to provide an enrollment token within the CRD, so that Agents use the correct policy on startup?

Hi all,

I was wondering if it's possible/how to set the policy that an Elastic Agent on ECK uses when managed by fleet? I wasn't able to find anything in the ECK Elastic Agent Fleet docs that mentioned how to set the enrollment token of the policy I want the agent to use.

Hi @BenB196, thanks for your question.

For this we defer to Elastic Agent docs, but it is definitely possible. Just set FLEET_ENROLLMENT_TOKEN env variable to your token in the agent container of Elastic Agent, similar to below.

apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata: 
  name: elastic-agent
spec:
  version: 7.14.0
  kibanaRef:
    name: kibana
  fleetServerRef: 
    name: fleet-server
  mode: fleet
  daemonSet:
    podTemplate:
      spec:
        serviceAccountName: elastic-agent
        hostNetwork: true
        dnsPolicy: ClusterFirstWithHostNet
        automountServiceAccountToken: true
        securityContext:
          runAsUser: 0
        containers:
        - name: agent
          env:
          - name: FLEET_ENROLLMENT_TOKEN
            value: MDdVcHUzd0JqR2pzREhXRGRMT3U6VlRXQlNmZHJRXy0wR1BWZ05JeFdGUQ==

This assumes you have other resources set as in the System and Kubernetes integrations configuration example.

Let me know if you have any other questions on this.

Thanks,
David

Ahh, thanks @dkow I didn't even think about looking there.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.