x-google-marketplace: schemaVersion: v2 applicationApiVersion: v1beta1 publishedVersion: '8.17.0' publishedVersionMetadata: releaseNote: >- See Elastic Agent Release notes at https://www.elastic.co/guide/en/fleet/current/release-notes-8.17.0.html releaseTypes: - Feature recommended: true images: '': properties: image: type: FULL imageTag: type: TAG # Need for cluster-scoped permissions for the deployer. # See https://github.com/GoogleCloudPlatform/marketplace-k8s-app-tools/blob/master/docs/schema.md#deployerserviceaccount deployerServiceAccount: description: > List clusterrolebindings, clusterroles ... roles: - type: ClusterRole rulesType: CUSTOM rules: - apiGroups: ['rbac.authorization.k8s.io'] resources: ['clusterrolebindings', 'clusterroles'] verbs: ['get', 'list'] properties: # All service accounts need to be defined as parameters in schema.yaml # See https://github.com/GoogleCloudPlatform/marketplace-k8s-app-tools/blob/master/docs/schema.md#type-service_account agentServiceAccount: type: string title: Agent Service Account description: "Service Account used by the Elastic Agent. Do not change from 'default'." default: elastic-agent x-google-marketplace: type: SERVICE_ACCOUNT serviceAccount: description: > Agent Service Account: elastic-agent roles: # https://github.com/elastic/elastic-agent/blob/f26b0eb53fa5b08c23a3145156cd4a245ad04f32/deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-role.yaml#L1 - type: ClusterRole rulesType: CUSTOM rules: - apiGroups: [""] resources: - nodes - namespaces - events - pods - services - configmaps - serviceaccounts - persistentvolumes - persistentvolumeclaims verbs: ["get", "list", "watch"] # Enable this rule only if planing to use kubernetes_secrets provider #- apiGroups: [""] # resources: # - secrets # verbs: ["get"] - apiGroups: ["extensions"] resources: - replicasets verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: - statefulsets - deployments - replicasets - daemonsets verbs: ["get", "list", "watch"] - apiGroups: - "" resources: - nodes/stats verbs: - get - apiGroups: [ "batch" ] resources: - jobs - cronjobs verbs: [ "get", "list", "watch" ] # required for apiserver # nonResourceURLs is not supported by this schema: https://github.com/GoogleCloudPlatform/marketplace-k8s-app-tools/blob/b309eb922897ec4b11356dd975941e20b51ae16c/marketplace/deployer_util/config_helper.py#L981 # - nonResourceURLs: # - "/metrics" # verbs: # - get # - apiGroups: ["rbac.authorization.k8s.io"] # resources: # - clusterrolebindings # - clusterroles # - rolebindings # - roles # verbs: ["get", "list", "watch"] - apiGroups: ["policy"] resources: - podsecuritypolicies verbs: ["get", "list", "watch"] # https://github.com/elastic/elastic-agent/blob/f26b0eb53fa5b08c23a3145156cd4a245ad04f32/deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-role.yaml#L64 - type: Role rulesType: CUSTOM rules: - apiGroups: - coordination.k8s.io resources: - leases verbs: ["get", "create", "update"] # https://github.com/elastic/elastic-agent/blob/f26b0eb53fa5b08c23a3145156cd4a245ad04f32/deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-role.yaml#L79 - type: Role rulesType: CUSTOM rules: - apiGroups: [""] resources: - configmaps resourceNames: - kubeadm-config verbs: ["get"] name: type: string title: Agent Instance Name description: Agent Instance Name default: elastic-agent x-google-marketplace: type: NAME namespace: type: string title: Agent Namespace description: "Namespace the agent will be deployed to. Do not change from 'default'." default: kube-system x-google-marketplace: type: NAMESPACE FLEET_URL: type: string title: Fleet server URL description: "Fleet server URL, can be found in Kibana->Management->Fleet->Settings." FLEET_ENROLLMENT_TOKEN: type: string title: Fleet enrollment token description: "A Fleet enrollment token is an Elasticsearch API key to enroll one or more Elastic Agents in Fleet. See: https://www.elastic.co/guide/en/fleet/current/fleet-enrollment-tokens.html." cpuResurceRequest: type: string title: Container Resource Request - CPU description: Container Resource Request - CPU. Ex. 100m. See https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html#_minimum_requirements default: 100m memoryResurceRequest: type: string title: Container Resource Request - Memory description: Container Resource Request - Memory. Ex. 200Mi. See https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html#_minimum_requirements default: 200Mi required: - name - namespace - agentServiceAccount