You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Deploy {{fleet-server}} on {{ecloud}}[add-fleet-server-cloud]
10
11
11
12
To use {{fleet}} for central management, a [{{fleet-server}}](/reference/fleet/fleet-server.md) must be running and accessible to your hosts.
12
13
@@ -39,20 +40,18 @@ This approach might *not* be right for you if you have restrictions on connectiv
39
40
40
41
For more information about hosting {{fleet-server}} on {{ece}}, refer to [](/deploy-manage/deploy/cloud-enterprise/manage-integrations-server.md).
41
42
42
-
43
43
::::{note}
44
44
The TLS certificates used to secure connections between {{agent}} and {{fleet-server}} are managed by {{ecloud}}. You do not need to create a private key or generate certificates.
45
45
::::
46
46
47
-
48
47
When {{es}} or {{fleet-server}} are deployed, components communicate over well-defined, pre-allocated ports. You may need to allow access to these ports. See the following table for default port assignments:
49
48
50
49
| Component communication | Default port |
51
50
| --- | --- |
52
-
|Elastic Agent → {{fleet-server}} | 443 |
53
-
|Elastic Agent → {{es}} | 443 |
54
-
|Elastic Agent → Logstash| 5044 |
55
-
|Elastic Agent → {{kib}} ({{fleet}}) | 443 |
51
+
|{{agent}} → {{fleet-server}} | 443 |
52
+
|{{agent}} → {{es}} | 443 |
53
+
|{{agent}} → {{ls}}| 5044 |
54
+
|{{agent}} → {{kib}} ({{fleet}}) | 443 |
56
55
| {{fleet-server}} → {{kib}} ({{fleet}}) | 443 |
57
56
| {{fleet-server}} → {{es}} | 443 |
58
57
@@ -61,7 +60,6 @@ If you do not specify the port for {{es}} as 443, the {{agent}} defaults to 9200
61
60
::::
62
61
63
62
64
-
65
63
## Setup [add-fleet-server-cloud-set-up]
66
64
67
65
To confirm that an {{integrations-server}} is available in your deployment:
@@ -80,7 +78,6 @@ Don’t see the agent? Make sure your deployment includes an {{integrations-serv
80
78
:::::
81
79
82
80
83
-
84
81
## Next steps [add-fleet-server-cloud-next]
85
82
86
83
Now you’re ready to add {{agent}}s to your host systems. To learn how, see [Install {{fleet}}-managed {{agent}}s](/reference/fleet/install-fleet-managed-elastic-agent.md).
# Deploy Fleet Server on Kubernetes [add-fleet-server-kubernetes]
10
+
# Deploy {{fleet-server}} on Kubernetes [add-fleet-server-kubernetes]
10
11
11
12
::::{note}
12
13
If your {{stack}} is orchestrated by [ECK](/deploy-manage/deploy/cloud-on-k8s.md), we recommend to deploy the {{fleet-server}} through the operator. That simplifies the process, as the operator automatically handles most of the resources configuration and setup steps.
@@ -29,7 +30,7 @@ You can deploy {{fleet-server}} on Kubernetes and manage it yourself. In this de
29
30
To deploy a {{fleet-server}} on Kubernetes and register it into {{fleet}} you will need the following details:
30
31
31
32
* The **Policy ID** of a {{fleet}} policy configured with the {{fleet-server}} integration.
32
-
* A **Service token**, used to authenticate {{fleet-server}} with Elasticsearch.
33
+
* A **Service token**, used to authenticate {{fleet-server}} with {{es}}.
33
34
* For outgoing traffic:
34
35
35
36
* The **{{es}} endpoint URL** where the {{fleet-server}} should connect to, configured also in the {{es}} output associated to the policy.
@@ -61,7 +62,6 @@ This document walks you through the complete setup process, organized into the f
61
62
* {{kib}} should be on the same minor version as {{es}}.
@@ -86,7 +86,6 @@ A {{fleet-server}} certificate is not required when installing the server using
86
86
87
87
::::
88
88
89
-
90
89
If your organization already uses the {{stack}}, you may have a CA certificate that could be used to generate the new cert for the {{fleet-server}}. If you do not have a CA certificate, refer to [Generate a custom certificate and private key for {{fleet-server}}](/reference/fleet/secure-connections.md#generate-fleet-server-certs) for an example to generate a CA and a server certificate using the `elasticsearch-certutil` tool.
91
90
92
91
::::{important}
@@ -95,7 +94,6 @@ Before creating the certificate, you need to know and plan in advance the [hostn
In this flow, {{fleet-server}} acts as the client and {{es}} acts as the HTTPS server. For the communication to succeed, {{fleet-server}} needs to trust the CA certificate used to sign the {{es}} certificate. If your {{es}} cluster uses certificates signed by a corporate CA or multiple intermediate CAs you will need to use them during the {{fleet-server}} setup.
@@ -105,7 +103,6 @@ If your {{es}} cluster is on Elastic Cloud or if it uses a certificate signed by
105
103
106
104
::::
107
105
108
-
109
106
In summary, you need:
110
107
111
108
* A **server certificate and key**, valid for the {{fleet-server}} URL. The CA used to sign this certificate will be needed by the {{agent}} clients and the {{fleet-server}} itself.
@@ -122,7 +119,7 @@ When {{es}} or {{fleet-server}} are deployed, components communicate over well-d
In Kubernetes environments, you can adapt these ports without modifying the listening ports of the {{fleet-server}} or other applications, as traffic is managed by Kubernetes `Services`. This guide includes an example where {{agent}}s connect to the {{fleet-server}} through port `443` instead of the default `8220`.
@@ -142,7 +139,6 @@ The `service token` required by the {{fleet-server}} is different from the `enro
142
139
143
140
::::
144
141
145
-
146
142
1. In {{kib}}, open **{{fleet}} → Settings** and ensure the **Elasticsearch output** that will be used by the {{fleet-server}} policy is correctly configured, paying special attention that:
147
143
148
144
* The **hosts** field includes a valid URL that will be reachable by the {{fleet-server}} Pod(s).
@@ -197,7 +193,6 @@ The `service token` required by the {{fleet-server}} is different from the `enro
197
193
When the {{fleet-server}} installation has succeeded, the **Confirm Connection** UI will show a **Connected** status.
@@ -207,8 +202,8 @@ To deploy {{fleet-server}} on Kubernetes and enroll it into {{fleet}} you need t
207
202
208
203
***Policy ID** of the {{fleet}} policy configured with the {{fleet-server}} integration.
209
204
***Service token**, that you can generate following the [{{fleet}} preparations](#add-fleet-server-kubernetes-preparations) or manually using the [{{es}}-service-tokens command](elasticsearch://reference/elasticsearch/command-line-tools/service-tokens-command.md).
210
-
***{{es}} endpoint URL**, configured in both the {{es}} output associated to the policy and in the Fleet Server as an environment variable.
211
-
***{{es}} CA certificate file**, configured in both the {{es}} output associated to the policy and in the Fleet Server.
205
+
***{{es}} endpoint URL**, configured in both the {{es}} output associated to the policy and in the {{fleet-server}} as an environment variable.
206
+
***{{es}} CA certificate file**, configured in both the {{es}} output associated to the policy and in the {{fleet-server}}.
212
207
* {{fleet-server}} **certificate and key** (for **Production** deployment mode only).
@@ -228,12 +223,12 @@ Adapt and change the suggested manifests and deployment strategy to your needs,
228
223
229
224
* CPU and memory `requests` and `limits`. Refer to [{{fleet-server}} scalability](/reference/fleet/fleet-server-scalability.md) for more information about {{fleet-server}} resources utilization.
230
225
* Scheduling configuration, such as `affinity rules` or `tolerations`, if needed in your environment.
231
-
* Number of replicas, to scale the Fleet Server horizontally.
226
+
* Number of replicas, to scale the {{fleet-server}} horizontally.
232
227
* Use an {{es}} CA fingerprint instead of a CA file.
233
228
* Configure other [Environment variables](/reference/fleet/agent-environment-variables.md).
1. Create the Secret for the {{fleet-server}} configuration.
239
234
@@ -558,7 +553,6 @@ The following issues may occur when {{fleet-server}} settings are missing or con
558
553
As a workaround, consider using `https://localhost:8220` as the `FLEET_URL`forthe {{fleet-server}} configuration, and ensure that `localhost` is includedin the certificate’s SAN.
559
554
560
555
561
-
562
556
## Next steps [add-fleet-server-kubernetes-next]
563
557
564
558
Now you’re ready to add {{agent}}s to your host systems. To learn how, refer to [Install {{fleet}}-managed {{agent}}s](/reference/fleet/install-fleet-managed-elastic-agent.md), or [Run {{agent}} on Kubernetes managed by {{fleet}}](/reference/fleet/running-on-kubernetes-managed-by-fleet.md) if your {{agent}}s will also run on Kubernetes.
Copy file name to clipboardExpand all lines: reference/fleet/add-fleet-server-mixed.md
+5-9Lines changed: 5 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ products:
6
6
- id: elastic-agent
7
7
---
8
8
9
-
# Deploy Fleet Server on-premises and Elasticsearch on Cloud[add-fleet-server-mixed]
9
+
# Deploy {{fleet-server}} on-premises and {{es}} on {{ecloud}}[add-fleet-server-mixed]
10
10
11
11
To use {{fleet}} for central management, a [{{fleet-server}}](/reference/fleet/fleet-server.md) must be running and accessible to your hosts.
12
12
@@ -44,7 +44,6 @@ To deploy a self-managed {{fleet-server}} on-premises to work with an {{ech}} de
44
44
For more information about hosting {{fleet-server}} on {{ece}}, refer to [](/deploy-manage/deploy/cloud-enterprise/manage-integrations-server.md).
45
45
46
46
47
-
48
47
## Prerequisites [add-fleet-server-mixed-prereq]
49
48
50
49
Before deploying, you need to:
@@ -64,17 +63,16 @@ This is not required when testing and iterating using the **Quick start** option
64
63
::::
65
64
66
65
67
-
68
66
### Default port assignments [default-port-assignments-mixed]
69
67
70
68
When {{es}} or {{fleet-server}} are deployed, components communicate over well-defined, pre-allocated ports. You may need to allow access to these ports. See the following table for default port assignments:
71
69
72
70
| Component communication | Default port |
73
71
| --- | --- |
74
-
|Elastic Agent → {{fleet-server}} | 8220 |
75
-
|Elastic Agent → {{es}} | 443 |
76
-
|Elastic Agent → Logstash| 5044 |
77
-
|Elastic Agent → {{kib}} ({{fleet}}) | 443 |
72
+
|{{agent}} → {{fleet-server}} | 8220 |
73
+
|{{agent}} → {{es}} | 443 |
74
+
|{{agent}} → {{ls}}| 5044 |
75
+
|{{agent}} → {{kib}} ({{fleet}}) | 443 |
78
76
| {{fleet-server}} → {{kib}} ({{fleet}}) | 443 |
79
77
| {{fleet-server}} → {{es}} | 443 |
80
78
@@ -83,7 +81,6 @@ If you do not specify the port for {{es}} as 443, the {{agent}} defaults to 9200
83
81
::::
84
82
85
83
86
-
87
84
## Create a {{fleet-server}} policy [fleet-server-create-policy]
88
85
89
86
First, create a {{fleet-server}} policy. The {{fleet-server}} policy manages and configures the {{agent}} running on the {{fleet-server}} host to launch a {{fleet-server}} process.
@@ -105,7 +102,6 @@ To create a {{fleet-server}} policy:
105
102
2. It’s recommended that you also enter the *Max agents* you intend to support with this {{fleet-server}}. This can also be modified at a later stage. This will allow the {{fleet-server}} to handle the load and frequency of updates being sent to the agent and ensure a smooth operation in a bursty environment.
@@ -70,17 +69,16 @@ This is not required when testing and iterating using the **Quick start** option
70
69
::::
71
70
72
71
73
-
74
72
### Default port assignments [default-port-assignments-on-prem]
75
73
76
74
When {{es}} or {{fleet-server}} are deployed, components communicate over well-defined, pre-allocated ports. You may need to allow access to these ports. Refer to the following table for default port assignments:
77
75
78
76
| Component communication | Default port |
79
77
| --- | --- |
80
-
|Elastic Agent → {{fleet-server}} | 8220 |
81
-
|Elastic Agent → {{es}} | 9200 |
82
-
|Elastic Agent → Logstash| 5044 |
83
-
|Elastic Agent → {{kib}} ({{fleet}}) | 5601 |
78
+
|{{agent}} → {{fleet-server}} | 8220 |
79
+
|{{agent}} → {{es}} | 9200 |
80
+
|{{agent}} → {{ls}}| 5044 |
81
+
|{{agent}} → {{kib}} ({{fleet}}) | 5601 |
84
82
| {{fleet-server}} → {{kib}} ({{fleet}}) | 5601 |
85
83
| {{fleet-server}} → {{es}} | 9200 |
86
84
@@ -89,7 +87,6 @@ Connectivity to {{kib}} on port 5601 is optional and not required at all times.
A {{fleet-server}} is an {{agent}} that is enrolled in a {{fleet-server}} policy. The policy configures the agent to operate in a special mode to serve as a {{fleet-server}} in your deployment.
@@ -135,7 +132,6 @@ To add a {{fleet-server}}:
135
132
136
133
::::
137
134
138
-
139
135
At the **Install Fleet Server to a centralized host** step, the `elastic-agent install` command installs an {{agent}} as a managed service and enrolls it in a {{fleet-server}} policy. For more {{fleet-server}} commands, refer to the [{{agent}} command reference](/reference/fleet/agent-command-reference.md).
140
136
141
137
5. If installation is successful, a confirmation indicates that {{fleet-server}} is set up and connected.
0 commit comments