Security Attributes for Elastic-Operator

Elastic Stack Elasticsearch
1

Hi,

I want to close security recommendations for Kubernetes Cluster in Microsoft Defender for Cloud.

One of them is "Kubernetes clusters should disable automounting API credentials" and it can be solved by added "automountServiceAccountToken: false" for POD security "spec --> template --> spec"

spec:
  template:
    metadata:
    spec:
      automountServiceAccountToken: false

But when I am adding this value for the elastic-operator in elastic-system namespace, the pods give me CrashLoopBackOff status and that logs in below.

How can I solve this?

{"log.level":"info","log.logger":"manager","message":"maxprocs: Updating GOMAXPROCS=1: determined from CPU quota","service.version":"2.6.1+62f2e278","service.type":"eck","ecs.version":"1.4.0"}
{"log.level":"info","log.logger":"manager","message":"Setting default container registry","service.version":"2.6.1+62f2e278","service.type":"eck","ecs.version":"1.4.0","container_registry":"docker.elastic.co"}
{"log.level":"error","log.logger":"manager","message":"Failed to obtain client configuration","service.version":"2.6.1+62f2e278","service.type":"eck","ecs.version":"1.4.0","error":"invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable","errorCauses":[{"error":"no configuration has been provided, try setting KUBERNETES_MASTER environment variable"}],"error.stack_trace":"github.com/elastic/cloud-on-k8s/v2/cmd/manager.startOperator\n\t/go/src/github.com/elastic/cloud-on-k8s/cmd/manager/main.go:496\ngithub.com/elastic/cloud-on-k8s/v2/cmd/manager.doRun.func2\n\t/go/src/github.com/elastic/cloud-on-k8s/cmd/manager/main.go:382"}
{"log.level":"error","log.logger":"manager","message":"Operator stopped with error","service.version":"2.6.1+62f2e278","service.type":"eck","ecs.version":"1.4.0","error":"invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable","errorCauses":[{"error":"no configuration has been provided, try setting KUBERNETES_MASTER environment variable"}],"error.stack_trace":"github.com/elastic/cloud-on-k8s/v2/cmd/manager.doRun.func2\n\t/go/src/github.com/elastic/cloud-on-k8s/cmd/manager/main.go:384"}
{"log.level":"error","log.logger":"manager","message":"Shutting down due to error","service.version":"2.6.1+62f2e278","service.type":"eck","ecs.version":"1.4.0","error":"invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable","errorCauses":[{"error":"no configuration has been provided, try setting KUBERNETES_MASTER environment variable"}],"error.stack_trace":"github.com/elastic/cloud-on-k8s/v2/cmd/manager.doRun\n\t/go/src/github.com/elastic/cloud-on-k8s/cmd/manager/main.go:393\ngithub.com/spf13/cobra.(*Command).execute\n\t/go/pkg/mod/github.com/spf13/cobra@v1.6.1/command.go:916\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/go/pkg/mod/github.com/spf13/cobra@v1.6.1/command.go:1044\ngithub.com/spf13/cobra.(*Command).Execute\n\t/go/pkg/mod/github.com/spf13/cobra@v1.6.1/command.go:968\nmain.main\n\t/go/src/github.com/elastic/cloud-on-k8s/cmd/main.go:31\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:250"}
Error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.