We are looking at depoying fleet server within our ECK env. We're currently using ECK 1.8 and ELK 7.15.1. When I deploy Fleet the pod just continuously crashes with the below logs
Performing setup of Fleet in Kibana
Policy selected for enrollment:
Error: invalid argument "tcp://10.233.110.49:8220" for "--fleet-server-port" flag: strconv.ParseUint: parsing "tcp://10.233.110.49:8220": invalid syntax
Usage:
elastic-agent enroll [flags]
Flags:
-p, --ca-sha256 string Comma separated list of certificate authorities hash pins used for certificate verifications
-a, --certificate-authorities string Comma separated list of root certificate for server verifications
--delay-enroll Delays enrollment to occur on first start of the Elastic Agent service
-t, --enrollment-token string Enrollment token to use to enroll Agent into Fleet
--fleet-server-cert string Certificate to use for exposed Fleet Server HTTPS endpoint
--fleet-server-cert-key string Private key to use for exposed Fleet Server HTTPS endpoint
--fleet-server-es string Start and run a Fleet Server along side this Elastic Agent connecting to the provided elasticsearch
--fleet-server-es-ca string Path to certificate authority to use with communicate with elasticsearch
--fleet-server-host string Fleet Server HTTP binding host (overrides the policy)
--fleet-server-insecure-http Expose Fleet Server over HTTP (not recommended; insecure)
--fleet-server-policy string Start and run a Fleet Server on this specific policy
--fleet-server-port uint16 Fleet Server HTTP binding port (overrides the policy)
--fleet-server-service-token string Service token to use for communication with elasticsearch
-f, --force Force overwrite the current and do not prompt for confirmation
--header strings Headers used in communication with elasticsearch
-h, --help help for enroll
-i, --insecure Allow insecure connection to fleet-server
--proxy-disabled Disable proxy support including environment variables
--proxy-header strings Proxy headers used with CONNECT request
--proxy-url string Configures the proxy url
--staging string Configures agent to download artifacts from a staging build
--url string URL to enroll Agent into Fleet
Global Flags:
-c, --c string Configuration file, relative to path.config (default "elastic-agent.yml")
-d, --d string Enable certain debug selectors
-e, --e Log to stderr and disable syslog/file output
--environment environmentVar set environment being ran in (default default)
--path.config string Config path is the directory Agent looks for its config file (default "/usr/share/elastic-agent")
--path.downloads string Downloads path contains binaries Agent downloads (default "")
--path.home string Agent root path (default "/usr/share/elastic-agent")
--path.install string Install path contains binaries Agent extracts (default "")
--path.logs string Logs path contains Agent log output (default "/usr/share/elastic-agent")
-v, --v Log at INFO level
invalid argument "tcp://10.233.110.49:8220" for "--fleet-server-port" flag: strconv.ParseUint: parsing "tcp://10.233.110.49:8220": invalid syntax
Error: enrollment failed: exit status 1
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/7.15/fleet-troubleshooting.html
We use an Ansible playbook to deploy all teh ECK resources. We currently deploy Elastic, then Kibana, then Fleet server last.
The Jinja template used to deploy Fleet server is
apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata:
name: fleet-server
namespace: default
spec:
version: {{ docker_versions.elastic_7_version }}
# image: beats/elastic-agent:{{ docker_versions.elastic_7_version }}
http:
tls:
certificate:
secretName: fleet-server-certificate
kibanaRef:
name: xxx
elasticsearchRefs:
- name: xxx
mode: fleet
fleetServerEnabled: true
deployment:
replicas: 1
podTemplate:
spec:
securityContext:
runAsUser: 0
Kibana:
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: xxx
spec:
version: {{ docker_versions.elastic_7_version }}
image: kibana/kibana:{{ docker_versions.elastic_7_version }}
http:
tls:
certificate:
secretName: kibana-certificate
count: 1
elasticsearchRef:
name: "xxx"
config:
monitoring.ui.container.elasticsearch.enabled: false
xpack.reporting.enabled: true
elasticsearch.requestTimeout: 100000
elasticsearch.shardTimeout: 0
xpack.fleet.agents.elasticsearch.host: "https://xxx-es-http.default.svc:9200"
xpack.fleet.agents.fleet_server.hosts:
- "https://fleet-server-agent-http.default.svc:8220"
- "https://fleet-server.{{ kit_domain }}:8220"
monitoring.kibana.collection.interval: 30000
elasticsearch.ssl.certificateAuthorities: /etc/ssl/certs/container/ca.crt
map.emsUrl: "https://elastic-maps-server.{{ kit_domain }}"
server.publicBaseUrl: "https://kibana.{{ kit_domain }}"
secureSettings:
- secretName: kibana-key-secret-settings
- secretName: kibana-alert-secret-settings
podTemplate:
spec:
containers:
- name: kibana
env:
- name: ELASTICSEARCH_HOSTS
value: https://{{ elastic_fqdn }}:{{ elastic_port }}
- name: NEWSFEED_ENABLED
value: "false"
- name: NODE_OPTIONS
value: "--max-old-space-size={{ (kibana_memory * 1024 / 2) | int }}"
- name: SERVER_MAXPAYLOAD
value: "2097152"
resources:
requests:
memory: {{ kibana_memory }}Gi
cpu: {{ kibana_cpu }}
volumeMounts:
- name: webca
mountPath: /etc/ssl/certs/container
readOnly: true
volumes:
- name: webca
secret:
defaultMode: 420
optional: false
secretName: webca-certificate
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: role
operator: In
values:
- server
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
common.k8s.elastic.co/type: "kibana"