IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Env Provider Kubernetes LeaderElection Provider »
Elastic Docs Fleet and Elastic Agent Guide [8.6] Configure standalone Elastic Agents Providers

Kubernetes Secrets Provider

edit

Kubernetes Secrets Provider

edit

Provides access to the Kubernetes Secrets API.

The provider needs a kubeconfig file to establish connection to the Kubernetes API. It can automatically reach the API if it’s run in an InCluster environment (Elastic Agent runs as pod).

providers.kubernetes_secrets:
  #kube_config: /Users/elastic-agent/.kube/config

Reference the Kubernetes Secrets variable as ${kubernetes_secrets.default.somesecret.value}, where default is the namespace of the Secret, somesecret is the name of the Secret and value the field of the Secret to access.

If you run agent on Kubernetes, the proper rule in the ClusterRole is required to provide access to the Elastic Agent pod in the Secrets API:

- apiGroups: [""]
  resources:
    - secrets
  verbs: ["get"]

The above rule will give permission to Elastic Agent pod to access Kubernetes Secrets API. Anyone who has access to the Elastic Agent pod (kubectl exec for example) will also have access to the Kubernetes Secrets API. This allows access to a specific secret, regardless of the namespace that it belongs to. This option should be carefully considered.

« Env Provider Kubernetes LeaderElection Provider »