Configure ECK

edit

ECK can be configured using either command line flags or environment variables.

Flag Default Description

auto-port-forward

false

Enables automatic port forwarding to allow running the operator outside the cluster. For dev use only as it exposes k8s resources on ephemeral ports to localhost.

ca-cert-rotate-before

24h

Duration representing how long before expiration CA certificates should be re-issued.

ca-cert-validity

8760h

Duration representing the validity period of a generated CA certificate.

cert-rotate-before

24h

Duration representing how long before expiration TLS certificates should be re-issued.

cert-validity

8760h

Duration representing the validity period of a generated TLS certificate.

container-registry

docker.elastic.co

Container registry to use for pulling Elastic Stack container images.

debug-http-listen

localhost:6060

Listen address for the debug HTTP server. Only available in development mode.

development

false

Enable development mode. Only available as a CLI flag.

enable-tracing

false

Enable APM tracing in the operator process. Use environment variables to configure APM server URL, credentials, and so on. See Apm Go Agent reference for details.

enable-webhook

false

Enables a validating webhook server in the operator process.

enforce-rbac-on-refs

false

Enables restrictions on cross-namespace resource association through RBAC.

log-verbosity

0

Verbosity level of logs. -2=Error, -1=Warn, 0=Info, 0 and above=Debug.

manage-webhook-certs

true

Enables automatic webhook certificate management.

max-concurrent-reconciles

3

Maximum number of concurrent reconciles per controller (Elasticsearch, Kibana, APM Server). Affects the ability of the operator to process changes concurrently.

metrics-port

0

Prometheus metrics port. Set to 0 to disable the metrics endpoint.

namespaces

""

Namespaces in which this operator should manage resources. Accepts multiple comma-separated values. Defaults to all namespaces if empty or unspecified.

operator-namespace

""

Namespace the operator runs in. Required.

webhook-pods-label

""

Label used to select pods running the webhook server.

webhook-secret

""

K8s secret mounted into the path designated by webhook-cert-dir to be used for webhook certificates.

webhook-cert-dir

"{TempDir}/k8s-webhook-server/serving-certs"

Path to the directory that contains the webhook server key and certificate.

Unless noted otherwise, environment variables can be used instead of flags to configure the operator as well. Simply convert the flag name to upper case and replace any dashes (-) with underscores (_). For example, the log-verbosity flag can be set by an environment variable named LOG_VERBOSITY.

Duration values should be specified as numeric values suffixed by the time unit. For example, a duration of 10 hours should be specified as 10h. Acceptable time unit suffixes are:

Suffix Unit

ms

Milliseconds

s

Seconds

m

Minutes

h

Hours

Edit the elastic-operator StatefulSet to change any of the flag values. Enable ECK debug logs illustrates how to change the log level of the operator using this method.