Enable RUM on APM

Probably an easy one here.

I need to enable RUM in our APM deployment but it doesn't seem to be working. If I exec into the pod it actually doesn't look like any of my settings are set so I'm not even sure if I'm looking in the right place to verify the settings. But APM is working except for RUM. Can you tell me possibly what is wrong with my deployment?

apiVersion: apm.k8s.elastic.co/v1
kind: ApmServer
metadata:
  name: eck
  namespace: elastic-system
spec:
  version: 7.6.2
  count: 1
  config:
    apm-server:
      rum:
        enabled: true
    output:
      elasticsearch:
        hosts: ["https://[redacted] :9200"]
        username: elastic
        password: [redacted] 
        protocol: "http"
        ssl.certificate_authorities: ["/usr/share/apm-server/config/elasticsearch-ca/tls.crt"]
  podTemplate:
    spec:
      tolerations:
        - key: elasticsearch
          operator: Exists
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/hostname
                operator: In
                values:
                - [redacted]    
      containers:
      - name: apm-server
        volumeMounts:
        - mountPath: /usr/share/apm-server/config/elasticsearch-ca
          name: elasticsearch-ca
          readOnly: true
      volumes:
      - name: elasticsearch-ca
        secret:
          defaultMode: 420
          optional: false
          secretName: [redacted] 

I don't see an obvious mistake in your manifest. In fact I tried it (after removing the tolerations and affinity attributes) and it worked fine. RUM was enabled and I was able to send events through the intake.

You want to look at /usr/share/apm-server/config/config-secret/apm-server.yml inside the container to see the generated config. Or if you don't want to exec into the container you can simply inspect the config secret ECK creates:

kubectl get secret eck-apm-config -n elastic-system  -o go-template='{{index .data "apm-server.yml" | base64decode}}'

Unrelated, but I noticed that you are using the elastic-system namespace. While there is no strong technical reason that forbids you from doing that, we generally consider this namespace owned by the ECK operator itself for internal purposes and don't recommend deploying workloads into that namespace.

Sure enough, I was looking in the wrong place. It does look like it's enabled. Also didn't think about the trick with the secret. Seems kinda obvious now that I think about it. Learn something new every day. I'll focus my attentions more client side now to see if I can discover why I'm not getting data.

Unrelated, but I noticed that you are using the elastic-system namespace. While there is no strong technical reason that forbids you from doing that, we generally consider this namespace owned by the ECK operator itself for internal purposes and don't recommend deploying workloads into that namespace.

I did that out of convenience. I like looking at everything related in one place, and that's where the operator pod went so I just put everything else elastic related there as well. That said, we have no strong affinity for running everything elastic in that namespace and I can change it. Thanks for the tips! Always appreciative of the advice I receive here!