Fleet Server does not come up - ECK

Elastic Stack Elastic Agent
1

My problem is similar to below.
Failed to deploy fleet-server via eck in kubernetes.

My K8S Environment:
kubectl version command output is here.

clientVersion:
  buildDate: "2022-08-23T17:44:59Z"
  compiler: gc
  gitCommit: a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2
  gitTreeState: clean
  gitVersion: v1.25.0
  goVersion: go1.19
  major: "1"
  minor: "25"
  platform: darwin/arm64
kustomizeVersion: v4.5.7
serverVersion:
  buildDate: "2023-04-12T12:08:36Z"
  compiler: gc
  gitCommit: 49433308be5b958856b6949df02b716e0a7cf0a3
  gitTreeState: clean
  gitVersion: v1.24.13
  goVersion: go1.19.8
  major: "1"
  minor: "24"
  platform: linux/amd64

What works?
When I use the recipes : Configuration Examples | Elastic Cloud on Kubernetes [2.8] | Elastic. Everything beautifully works as expected. (this creates ServiceAccount/ClusterRole/ClusterRoleBinding/Kibana/Elasticsearch/Elastic-agent in Fleet Mode (deployment) and elastic-agent (in demon set)

What does not work?
We have a very well working dev/production environment setup in our K8S environment
Elasticsearch/kibana/logstash/filebeat/metricbeat/ElasticAPM and it works very well.

Target:
We want to move to Fleet. And we are not able to move to Fleet (existing kibana/elasticsearch clusters)

So as a part of this: I created ClusterRole/ServiceAccount/ClusterRoleBinding.

  • wanted to start elastic-agent in Fleet mode (for fleet server)
  • made changes in kibana (xpack.fleet) as per the recipies (including policies).
    Further changes/additions (running elastic agent in daemonset)- withheld.

Expectation:
Elastic-Agent in Fleet mode is supposed to establish connection to kibana (kibanaRef) and elasticsearch (elasticsearchRef). And then start the fleet-server.

What happens:
Elastic_agent in fleet mode

  • establishes connection to elasticsearch (same cluster/ same namespace)
  • Not able to establish connection to kibana (same clsuter/ same namespace).

What has been tried?
Increase the log level/ verbosity in ECK to manage only my namespace for some hints.
Not able to make out much.

When I go to kibana, and start fleetserver .. it does not go beyond step 3.

Status of Agent/ Fleet is like below:

metadata:
  annotations:
    association.k8s.elastic.co/es-conf-1095366406: >-
      {"authSecretName":"fleet-server-elksdev-elk-dev-agent-user","authSecretKey":"token","isServiceAccount":true,"caCertProvided":true,"caSecretName":"fleet-server-agent-es-elksdev-elk-dev-ca","url":"https://elk-dev-es-http.elksdev.svc:9200","version":"8.5.2"}

### removed some ###
status:
  elasticsearchAssociationsStatus:
    elksdev/elk-dev: Established
  kibanaAssociationStatus: Pending
  observedGeneration: 15
spec:
  deployment:
    podTemplate:
      metadata:
        creationTimestamp: null
      spec:
        automountServiceAccountToken: true
        containers: null
        securityContext:
          runAsUser: 0
        serviceAccountName: elastic-agent
    replicas: 1
    strategy: {}
  elasticsearchRefs:
    - name: elk-dev
  fleetServerEnabled: true
  fleetServerRef: {}
  http:
    service:
      metadata: {}
      spec: {}
    tls:
      certificate: {}
  kibanaRef:
    name: kibana-dev
  mode: fleet
  policyID: eck-fleet-server
  version: 8.5.2

In successful 'installation / recipe provided by elasticsearch', in metadata of fleet-server I get associations for both the elasticsearch and kibana. And in my installation I get only metadata of fleet-server

apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata:
  annotations:
    association.k8s.elastic.co/es-conf-1095366406: >-
      {"authSecretName":"fleet-server-elksdev-elk-dev-agent-user","authSecretKey":"token","isServiceAccount":true,"caCertProvided":true,"caSecretName":"fleet-server-agent-es-elksdev-elk-dev-ca","url":"https://elk-dev-es-http.elksdev.svc:9200","version":"8.5.2"}

What Help is needed?
In the recipie installation of kibana/elastic/fleet-server, things work
When we want to introduce fleet server, things do not work (association not found to kibana)

What should we do OR how should we proceed.

2

kubectl get elasticsearch -n elksdev
NAME HEALTH NODES VERSION PHASE AGE
elk-dev green 3 8.5.2 Ready 2y334d

kubectl get agent -n elksdev
NAME HEALTH AVAILABLE EXPECTED VERSION AGE
fleet-server 33h

kubectl get kibana -n elksdev
NAME HEALTH NODES VERSION AGE
kibana-dev green 2 8.5.2 2y334d

eck operator
docker.elastic.co/eck/eck-operator:2.7.0

3

Hi VVetsa, are you seeing any error messages when you try to start Fleet Server?

4

@Julia_Bardi

I am trying to attach some two logs files.

  1. from eck operator. It does say association error.
  2. from kibana logs, it is apparaent that some issues are there during fleet installation, you can have a look at them. It does talk about kubernetes 1.29.2 uninstallation. I believe this is not an issue as downloadable recipes does work w/o any issue.
5

image
image1207×849 80.4 KB

Just around the same time... I got below error.
image

After above error, I reduced the spec.count of kibana from 2 to 1 and I am giving info.

image
image1300×179 38.5 KB

Logs are present here..
FleetLogToElastic-V1.zip

Let me know if you are not able to access the logs.

this is not a air gapped environment..

6

Thanks, I could access logs.

The saved object tag conflict should be fixed in 8.5.1: [Fleet] Integration installation issues in multi-space Kibana environment · Issue #143388 · elastic/kibana · GitHub, I don't see that in the logs.
Seeing this different saved object error:

[2023-07-24T09:31:06.477+00:00][WARN ][plugins.fleet] Failure to install package [kubernetes]: [Error: Encountered 2 errors creating saved objects: [{"type":"index-pattern","id":"logs-*","error":{"type":"ambiguous_conflict","destinations":[{"id":"4b2fb331-e483-41f9-9d6c-28131087fcfe","title":"logs-*","updatedAt":"2023-07-20T20:14:21.339Z"},{"id":"2280fcf6-845b-49c5-be15-29a02a1662e9","title":"logs-*","updatedAt":"2023-07-20T20:14:21.206Z"}]}},{"type":"index-pattern","id":"metrics-*","error":{"type":"ambiguous_conflict","destinations":[{"id":"16634797-5b5e-493d-84cf-b05b76bd0816","title":"metrics-*","updatedAt":"2023-07-20T20:14:21.339Z"},{"id":"56054ba5-7b32-4e0f-b4e6-b46d7f16ccc4","title":"metrics-*","updatedAt":"2023-07-20T20:14:21.206Z"}]}}]]

You could try to delete those conflicting index patterns manually and try to reinstall the kubernetes package.
Though the errors with the integration might not be related to the failing Fleet Server install.

I got some help from our ECK team, here are the suggestions:
There is this error that could be the cause:

  56 "Failed to find referenced backend elksdev/: Elasticsearch.elasticsearch.k8s.elastic.co \"\" not found"

Which seems to indicate that the elasticsearchRef has a namespace elksdev but no name.

Have you defined an elastisearchRef in your Kibana resource? Are you using an ES not managed by ECK (doc)?
We have a recipe here to define it for Fleet Server: https://github.com/elastic/cloud-on-k8s/blob/df2672b3e86b41d130952cf8b996b4610a47ff5d/config/recipes/elastic-agent/fleet-kubernetes-integration.yaml#L8-L9

To go further, please open an SDH with an eck-diagnostics.

7

@Julia_Bardi

Thanks for reply. I guess, I need to work. Thanks for pointers. I will upload my manifests soon.

we have some manifests that use legacy way of providing authentication information.

My kibana is: 8.5.2 and ECK is : eck-operator:2.7.0 / elasticSearch is 8.5.2

Regards
Vinod

8

@Julia_Bardi

Some of the things happened:

  • I upgraded kibana/elasticsearch to 8.8.2 / kept agents (fleet and demonset) at 8.5.2

  • Followed your instructions... (in fact, I was going through CRD for Kibana to fill details)..

  • my kibana was having references of elasticsearch in spec.config.elasticsearch...... and spec.elasticSearchRef was having name as '' (empty).

  • I will try to tune my kibana configuration as per the standard recipe that you have shown. Question: Is it not possible to use spec.config.elasticsearch* keys/properties instead of spec.elasticSearchRef

  • I cleaned the ambiguous logs-* and metrics-* manually.

  • After a hours... I realised that fleet-server is up... :smiley:

I will reproduce this in other dev landscapes.

**On UI, I got following error, hope it is benign. **
Please let me know your thoughts explicitly.

Nevertheless, in next few days, I will close the ticket... (once I reproduce the fleet installation activity) but again thank you

image
image1236×1019 103 KB

9

We discovered an issue in 8.8.x that causes this error, it will be fixed in 8.9.1: [Fleet] [Kibana] Integrations fail to upgrade or (un)/(re)-install when using multiple Kibana Spaces · Issue #161804 · elastic/kibana · GitHub

As a workaround, you could try to delete the conflicting object (Tag: fleet-managed-default) and try to install the kubernetes integration again.

10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.