- Fleet and Elastic Agent Guide: other versions:
- Fleet and Elastic Agent overview
- Beats and Elastic Agent capabilities
- Quick starts
- Migrate from Beats to Elastic Agent
- Set up Fleet Server
- Install Elastic Agents
- Install Fleet-managed Elastic Agents
- Install standalone Elastic Agents (advanced users)
- Install Elastic Agents in a containerized environment
- Installation layout
- Air-gapped environments
- Use a proxy server with Elastic Agent and Fleet
- Uninstall Elastic Agents from edge hosts
- Start and stop Elastic Agents on edge hosts
- Secure connections
- Manage Elastic Agents in Fleet
- Manage integrations
- Configure standalone Elastic Agents
- Command reference
- Troubleshoot
- Release notes
Kubernetes Secrets Provider
editKubernetes Secrets Provider
editProvides access to the Kubernetes Secrets API.
The provider needs a kubeconfig
file to establish connection to the Kubernetes API.
It can automatically reach the API if it’s run in an InCluster environment (Elastic Agent runs as pod).
providers.kubernetes_secrets: #kube_config: /Users/elastic-agent/.kube/config
Reference the Kubernetes Secrets variable as ${kubernetes_secrets.default.somesecret.value}
,
where default
is the namespace of the Secret, somesecret
is the name of the Secret and value
the field
of the Secret to access.
If you run agent on Kubernetes, the proper rule in the ClusterRole
is required to provide access to the Elastic Agent pod in the Secrets API:
- apiGroups: [""] resources: - secrets verbs: ["get"]
The above rule will give permission to Elastic Agent pod to access Kubernetes Secrets API.
Anyone who has access to the Elastic Agent pod (kubectl exec
for example) will also have
access to the Kubernetes Secrets API. This allows access to a specific secret, regardless of the namespace that it belongs to.
This option should be carefully considered.