diff --git a/docs/en/ingest-management/elastic-agent/configuration/env/container-envs.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/env/container-envs.asciidoc index 74d9e4cda..a7dd71154 100644 --- a/docs/en/ingest-management/elastic-agent/configuration/env/container-envs.asciidoc +++ b/docs/en/ingest-management/elastic-agent/configuration/env/container-envs.asciidoc @@ -66,8 +66,6 @@ Settings used to prepare the {fleet} plugin in {kib}. |=== | Settings | Description -include::shared-env.asciidoc[tag=kibana-fleet-setup] - include::shared-env.asciidoc[tag=kibana-fleet-host] include::shared-env.asciidoc[tag=kibana-fleet-username] @@ -98,6 +96,12 @@ include::shared-env.asciidoc[tag=fleet-server-elasticsearch-host] include::shared-env.asciidoc[tag=fleet-server-elasticsearch-ca] +include::shared-env.asciidoc[tag=fleet-server-es-cert] + +include::shared-env.asciidoc[tag=fleet-server-es-cert-key] + +include::shared-env.asciidoc[tag=fleet-server-insecure-http] + include::shared-env.asciidoc[tag=fleet-server-service-token] include::shared-env.asciidoc[tag=fleet-server-service-token-path] @@ -116,8 +120,14 @@ include::shared-env.asciidoc[tag=fleet-server-cert-key] include::shared-env.asciidoc[tag=fleet-server-cert-key-passphrase] +include::shared-env.asciidoc[tag=fleet-server-client-auth] + include::shared-env.asciidoc[tag=fleet-server-es-ca-trusted-fingerprint] +include::shared-env.asciidoc[tag=fleet-daemon-timeout] + +include::shared-env.asciidoc[tag=fleet-server-timeout] + |=== [discrete] @@ -133,10 +143,16 @@ Settings used to enroll an {agent} into a {fleet-server}. |=== | Settings | Description +include::shared-env.asciidoc[tag=elastic-agent-cert] + +include::shared-env.asciidoc[tag=elastic-agent-cert-key] + include::shared-env.asciidoc[tag=elastic-agent-tag] include::shared-env.asciidoc[tag=fleet-enroll] +include::shared-env.asciidoc[tag=fleet-force] + include::shared-env.asciidoc[tag=fleet-url] include::shared-env.asciidoc[tag=fleet-enrollment-token] diff --git a/docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc index 3a6174dfb..b1346fe71 100644 --- a/docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc +++ b/docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc @@ -17,30 +17,37 @@ OPTIONAL INFO AND EXAMPLE // ============================================================================= -// tag::elastic-agent-tag[] +// tag::elastic-agent-cert[] | -[id="env-{type}-elastic-agent-tag"] -`ELASTIC_AGENT_TAGS` +[id="env-{type}-elastic-agent-cert"] +`ELASTIC_AGENT_CERT` -| (string) A comma-separated list of tags to apply to {fleet}-managed {agent}s. -You can use these tags to filter the list of agents in {fleet}. +| (string) The path to the mutual TLS client certificate that {agent} will use to connect to {fleet-server}. -// end::elastic-agent-tag[] +// end::elastic-agent-cert[] // ============================================================================= -// tag::kibana-fleet-setup[] +// tag::elastic-agent-cert-key[] | -[id="env-{type}-kibana-fleet-setup"] -`KIBANA_FLEET_SETUP` +[id="env-{type}-elastic-agent-cert-key"] +`ELASTIC_AGENT_CERT_KEY` -| (int) Set to `1` to enable {fleet} setup. -Enabling {fleet} is required before {fleet-server} will start. -When this action is not performed, a user must manually log in to {kib} and visit the {fleet} page to enable setup. +| (string) The path to the mutual TLS private key that {agent} will use to connect to {fleet-server}. -*Default:* none +// end::elastic-agent-cert-key[] + +// ============================================================================= -// end::kibana-fleet-setup[] +// tag::elastic-agent-tag[] +| +[id="env-{type}-elastic-agent-tag"] +`ELASTIC_AGENT_TAGS` + +| (string) A comma-separated list of tags to apply to {fleet}-managed {agent}s. +You can use these tags to filter the list of agents in {fleet}. + +// end::elastic-agent-tag[] // ============================================================================= @@ -105,6 +112,20 @@ contains your CA's certificate. // ============================================================================= +// tag::fleet-force[] +| +[id="env-{type}-fleet-force"] +`FLEET_FORCE` + +| (bool) Set to `true` to force overwrite of the current {agent} configuration without prompting for confirmation. +This flag is helpful when using automation software or scripted deployments. + +*Default:* `false` + +// end::fleet-force[] + +// ============================================================================= + // tag::fleet-server-enable[] | [id="env-{type}-fleet-server-enable"] @@ -273,6 +294,21 @@ Overrides the port defined in the policy. // ============================================================================= +// tag::fleet-server-client-auth[] +| +[id="env-{type}-fleet-server-client-auth"] +`FLEET_SERVER_CLIENT_AUTH` + +| (string) One of `none`, `optional`, or `required`. +{fleet-server}'s client authentication option for client mTLS connections. +If `optional` or `required` is specified, client certificates are verified using CAs. + +*Default:* `none` + +// end::fleet-server-client-auth[] + +// ============================================================================= + // tag::fleet-server-es-ca-trusted-fingerprint[] | [id="env-{type}-fleet-server-es-ca-trusted-fingerprint"] @@ -288,6 +324,68 @@ by {agent} for communication. This flag is required when using self-signed certi // ============================================================================= +// tag::fleet-server-es-cert[] +| +[id="env-{type}-fleet-server-es-cert"] +`FLEET_SERVER_ES_CERT` + +| (string) The path to the mutual TLS client certificate that {fleet-server} will use to connect to {es}. + +*Default:* `""` + +// end::fleet-server-es-cert[] + +// ============================================================================= + +// tag::fleet-server-es-cert-key[] +| +[id="env-{type}-fleet-server-es-cert-key"] +`FLEET_SERVER_ES_CERT_KEY` + +| (string) The path to the mutual TLS private key that {fleet-server} will use to connect to {es}. + +*Default:* `""` + +// end::fleet-server-es-cert-key[] + +// ============================================================================= + +// tag::fleet-server-insecure-http[] +| +[id="env-{type}-fleet-server-insecure-http"] +`FLEET_SERVER_INSECURE_HTTP` + +| (bool) When `true`, {fleet-server} is exposed over insecure or unverified HTTP. +Setting this to `true` is not recommended. + +*Default:* `false` + +// end::fleet-server-insecure-http[] + +// ============================================================================= + +// tag::fleet-daemon-timeout[] +| +[id="env-{type}-fleet-daemon-timeout"] +`FLEET_DAEMON_TIMEOUT` + +| (duration) Set to indicate how long {fleet-server} will wait during the bootstrap process for {elastic-agent}. + +// end::fleet-daemon-timeout[] + +// ============================================================================= + +// tag::fleet-server-timeout[] +| +[id="env-{type}-fleet-server-timeout"] +`FLEET_SERVER_TIMEOUT` + +| (duration) Set to indicate how long {agent} will wait for {fleet-server} to check in as healthy. + +// end::fleet-server-timeout[] + +// ============================================================================= + // tag::fleet-enroll[] | [id="env-{type}-fleet-enroll"]