I'm trying to set up an all-in-one docker compose configuration for the Elastic Stack consisting of Elastic Search, Kibana, APM (I know it's being deprecated as a stand-alone service; for the time being this is for backwards compatibility) and Elastic Agent as Fleet Server.
To that end I'm setting up the following ENV variables for the elastic-agent image:
environment:
- KIBANA_HOST=https://kibana:5601
- KIBANA_CA=/certs/ca/ca.crt
- KIBANA_USERNAME=elastic
- KIBANA_PASSWORD=${ELASTIC_PASSWORD}
- ELASTICSEARCH_HOST=https://elastic-search:9200
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=${ELASTIC_PASSWORD}
- ELASTICSEARCH_CA=/certs/ca/ca.crt
- KIBANA_FLEET_SETUP=true
- KIBANA_FLEET_CA=/certs/ca/ca.crt
- FLEET_SERVER_ENABLE=true
- FLEET_SERVER_HOST=0.0.0.0
- FLEET_SERVER_PORT=8220
# - FLEET_SERVER_CERT=/certs/fleet-server/fleet-server.crt
# - FLEET_SERVER_CERT_KEY=/certs/fleet-server/fleet-server.key
The last 2 variables have been deliberately commented. When the agent is started using the variables as they are currently (i.e. WITHOUT specifying the custom certificate files), then it fires up nicely and registers as a Fleet Server. However a self-signed certificate seems to be used (sort of to be expected, given that no certificate is provided in the configuration).
Alas if I uncomment the additional 2 lines to specify the certificate then the agent fails to start with the error:
Error: url is required when a certificate is provided
However, if I add FLEET_URL variable (which seems to be what the error suggests) then the fleet will also fail as it then seem to attempt to register WITH that fleet-server URL (i.e. with itself, which at this point is incorrect).
I can't shake the feeling there's either a bug (unlikely) or I'm missing some fundamental understanding of what a Fleet Server is supposed to be... Can someone point me at the right track, please?