From 5c0db112608dcb56e3c2a9baa4ca905c11f0ea8c Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Wed, 28 Jun 2023 03:58:20 -0500 Subject: [PATCH] Update kubernetes templates for elastic-agent (#159939) Automated by https://fleet-ci.elastic.co/job/elastic-agent/job/elastic-agent-mbp/job/main/1100/ --------- Co-authored-by: obscloudnativemonitoring Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> --- .../server/services/elastic_agent_manifest.ts | 44 +++++++++++++++++-- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/elastic_agent_manifest.ts b/x-pack/plugins/fleet/server/services/elastic_agent_manifest.ts index 4fd489b5bbebd..63691b878eaa7 100644 --- a/x-pack/plugins/fleet/server/services/elastic_agent_manifest.ts +++ b/x-pack/plugins/fleet/server/services/elastic_agent_manifest.ts @@ -77,6 +77,15 @@ spec: # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' + ######################################################################################## + # The following capabilities are needed for Universal Profiling. + # More fine graded capabilities are only available for newer Linux kernels. + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #procMount: "Unmasked" + #privileged: true + #capabilities: + # add: + # - SYS_ADMIN resources: limits: memory: 700Mi @@ -113,6 +122,9 @@ spec: mountPath: /sys/kernel/debug - name: elastic-agent-state mountPath: /usr/share/elastic-agent/state + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #- name: universal-profiling-cache + # mountPath: /var/cache/Elastic volumes: - name: datastreams configMap: @@ -142,8 +154,8 @@ spec: - name: var-lib hostPath: path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) - # If you are not using this integration, then these volumes and the corresponding + # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling + # If you are not using one of these integrations, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: @@ -154,6 +166,12 @@ spec: hostPath: path: /var/lib/elastic-agent/kube-system/state type: DirectoryOrCreate + # Mount required for Universal Profiling. + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #- name: universal-profiling-cache + # hostPath: + # path: /var/cache/Elastic + # type: DirectoryOrCreate --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -380,6 +398,15 @@ spec: # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' + ######################################################################################## + # The following capabilities are needed for Universal Profiling. + # More fine graded capabilities are only available for newer Linux kernels. + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #procMount: "Unmasked" + #privileged: true + #capabilities: + # add: + # - SYS_ADMIN resources: limits: memory: 700Mi @@ -412,6 +439,9 @@ spec: mountPath: /sys/kernel/debug - name: elastic-agent-state mountPath: /usr/share/elastic-agent/state + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #- name: universal-profiling-cache + # mountPath: /var/cache/Elastic volumes: - name: proc hostPath: @@ -440,8 +470,8 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) - # If you are not using this integration, then these volumes and the corresponding + # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling + # If you are not using one of these integrations, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: @@ -452,6 +482,12 @@ spec: hostPath: path: /var/lib/elastic-agent-managed/kube-system/state type: DirectoryOrCreate + # Mount required for Universal Profiling. + # If you are using the Universal Profiling integration, please uncomment these lines before applying. + #- name: universal-profiling-cache + # hostPath: + # path: /var/cache/Elastic + # type: DirectoryOrCreate --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding