in pkg/controller/agent/pod.go [516:571]
func getFleetSetupFleetEnvVars(client k8s.Client, fleetToken EnrollmentAPIKey, fleetCerts *certificates.CertificatesSecret) func(agent agentv1alpha1.Agent) (map[string]string, error) {
return func(agent agentv1alpha1.Agent) (map[string]string, error) {
fleetCfg := map[string]string{}
if agent.Spec.KibanaRef.IsDefined() {
fleetCfg[FleetEnroll] = "true"
}
// Agent in Fleet mode can run as a Fleet Server or as an Elastic Agent that connects to Fleet Server.
// Both cases are handled below and the presence of FleetServerRef indicates the latter case.
if agent.Spec.FleetServerEnabled { //nolint:nestif
fleetURL, err := association.ServiceURL(
client,
types.NamespacedName{Namespace: agent.Namespace, Name: HTTPServiceName(agent.Name)},
agent.Spec.HTTP.Protocol(),
"",
)
if err != nil {
return nil, err
}
fleetCfg[FleetURL] = fleetURL
if agent.Spec.HTTP.TLS.Enabled() && fleetCerts.HasCA() {
fleetCfg[FleetCA] = path.Join(FleetCertsMountPath, certificates.CAFileName)
}
// Fleet Server needs a policy ID to bootstrap itself unless a policy marked as default is used.
if agent.Spec.KibanaRef.IsDefined() && !fleetToken.isEmpty() {
fleetCfg[FleetServerPolicyID] = fleetToken.PolicyID
}
} else if agent.Spec.FleetServerRef.IsDefined() {
assoc, err := association.SingleAssociationOfType(agent.GetAssociations(), commonv1.FleetServerAssociationType)
if err != nil {
return nil, err
}
if assoc == nil {
return fleetCfg, nil
}
assocConf, err := assoc.AssociationConf()
if err != nil {
return nil, err
}
fleetURL := assocConf.GetURL()
fleetCfg[FleetURL] = fleetURL
if !strings.HasPrefix(fleetURL, "https://") {
fleetCfg[FleetInsecure] = "true"
}
if assocConf.GetCACertProvided() {
fleetCfg[FleetCA] = path.Join(certificatesDir(assoc), CAFileName)
}
}
return fleetCfg, nil
}
}