Fleet Server Deployment on kubernetes

Hello ,

I wanted to install Fleet server on the AKS cluster , but I got the following errror , would you please help me to solve this issue?

Error:
message: Application: fleet-server--7.17.0[]: State changed to FAILED: Error - x509: certificate is valid for elastic.dev.mydomain.com, not elasticsearch-es-http.default.svc - type: 'ERROR' - sub_type: 'FAILED'

ELastic YAML :

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elasticsearch
spec:
  secureSettings:
  - secretName: es-snapshot-secret #secret for repository
  version: 7.17.0
  nodeSets:
  - name: default
    count: 3
    config:
      # most Elasticsearch configuration parameters are possible to set, e.g: node.attr.attr_name: attr_value
      node.roles: ["master", "data", "ingest", "ml"]
      # this allows ES to run on nodes even if their vm.max_map_count has not been increased, at a performance cost
      node.store.allow_mmap: false
      path.repo: ["/"]
    podTemplate:
      metadata:
        labels:
          app: elasticsearch
      spec:
        initContainers:
        - name: sysctl
          securityContext:
            privileged: true
          command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
        - name: install-plugin
          command:
          - sh
          - -c
          - |
            bin/elasticsearch-plugin install --batch  repository-azure    
        - name: add-azure-keys
          env:
          - name: AZURE_ACCESS_ACCOUNT
            valueFrom:
              secretKeyRef:
                name: es-azure-snapshot-secret
                key: azure.client.default.account
          - name: AZURE_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: es-azure-snapshot-secret
                key: azure.client.default.key  
          command:
          - sh
          - -c
          - |
            echo $AZURE_ACCESS_ACCOUNT | bin/elasticsearch-keystore add --stdin --force azure.client.default.account
            echo $AZURE_ACCESS_KEY | bin/elasticsearch-keystore add --stdin --force  azure.client.default.key                            
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path.
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 4Gi
  http:
    tls:
      certificate:
        secretName: elastic-tls           
---


apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
    annotations:
        kubernetes.io/ingress.class: nginx
        cert-manager.io/issuer: "letsencrypt"
        ingress.kubernetes.io/force-ssl-redirect: "true"
        nginx.ingress.kubernetes.io/backend-protocol: HTTPS       
    name: elastic-ingress
    namespace: default
spec:
    rules:
        - host: elastic.dev.mydomain.com
          http:
              paths:
                  - path: /
                    pathType: Prefix
                    backend:
                        service:
                            name: elasticsearch-es-http
                            port:
                                number: 9200
    tls:
        - hosts:
              - elastic.dev.mydomain.com
          secretName: elastic-tls

Fleet Agent Yaml:




apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata:
  name: fleet-agent

spec:
  version: 7.17.0
  elasticsearchRefs:
    - name: elasticsearch   
  mode: fleet
  fleetServerEnabled: true
  http:
    service:
      spec:
         type: ClusterIP
  daemonSet:
    podTemplate:
      spec:
        automountServiceAccountToken: true
        serviceAccountName: elastic-agent
        mode: fleet
---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: elastic-agent
rules:
- apiGroups: [""] # "" indicates the core API group
  resources:
  - namespaces
  - pods
  - nodes
  - nodes/metrics
  - nodes/proxy
  - nodes/stats
  - events
  - configmaps
  - services
  - endpoints
  - deployments
  verbs:
  - get
  - watch
  - list
- nonResourceURLs:
  - /metrics
  verbs:
  - get
  - watch
  - list
- apiGroups: ["coordination.k8s.io"]
  #
  # at the HTTP level, the name of the resource for accessing Job
  # objects is "jobs"
  resources:
  - leases
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: elastic-agent
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: elastic-agent
subjects:
- kind: ServiceAccount
  name: elastic-agent
  namespace: default
roleRef:
  kind: ClusterRole
  name: elastic-agent
  apiGroup: rbac.authorization.k8s.io

Duplicate of Cannot deploy Fleet Server with a secure elasticsearch on k8s · Issue #5888 · elastic/cloud-on-k8s · GitHub where this was answered.