iac
/
docker-elk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
docker-elk/extensions/fleet/README.md

3.1 KiB
Raw Blame History

Fleet Server

Warning
This extension currently exists for preview purposes and should be considered EXPERIMENTAL. Expect regular changes to the default Fleet settings, both in the Elastic Agent and Kibana.

See Known Issues for a list of issues that need to be addressed before this extension can be considered functional.

Fleet provides central management capabilities for Elastic Agents via an API and web UI served by Kibana, with Elasticsearch acting as the communication layer. Fleet Server is the central component which allows connecting Elastic Agents to the Fleet.

Usage

To include Fleet Server in the stack, run Docker Compose from the root of the repository with an additional command line argument referencing the fleet-compose.yml file:

$ docker-compose -f docker-compose.yml -f extensions/fleet/fleet-compose.yml up

Configuring Fleet Server

Fleet Server — like any Elastic Agent — is configured via Agent Policies which can be either managed through the Fleet management UI in Kibana, or statically pre-configured inside the Kibana configuration file.

To ease the enrollment of Fleet Server in this extension, docker-elk comes with a pre-configured Agent Policy for Fleet Server defined inside kibana/config/kibana.yml.

Please refer to the following documentation page for more details about configuring Fleet Server through the Fleet management UI: Fleet UI Settings.

Known Issues

  • Every re-creation of the fleet-server container creates a duplicate agent in Fleet's central management.
  • Logs and metrics are only collected within the Fleet Server's container. Ultimately, we want to emulate the behaviour of the existing Metricsbeat and Filebeat extensions, and collect logs and metrics from all ELK containers out-of-the-box. Unfortunately, this kind of use-case isn't (yet) well supported by Fleet, and most advanced configurations currently require running Elastic Agents in standalone mode. (Relevant resource: Migrate from Beats to Elastic Agent)
  • The Elastic Agent auto-enrolls using the elastic super-user. With this approach, you do not need to generate a service token — either using the Fleet management UI or CLI utility — prior to starting this extension. However convenient that is, this approach does not follow security best practices, and we recommend generating a service token for Fleet Server instead.

See also

Fleet and Elastic Agent Guide