[Fleet] Discuss: Auto create policy for fleet-server #90408
Comments
ruflin
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
|
@nchaulet @blakerouse @scunningham @mostlyjason Would be great to get your feedback on this. Mainly a brain dump for now so we have a place to track it. |
|
Okay another naming discussion! I get that "Fleet policy" means that its for running Fleet server. One disadvantage of calling this a "Fleet policy" is that our entire app is called "Fleet" so it could be interpreted as a policy for anything in the Fleet app. It sounds like the requirements for the name are:
This is interesting and would allow us to have more specific names like "Elastic Cloud agents". However, it means our docs may be slightly more complicated because we won't have a uniform default name for everyone. "Centralized agents" could be an option because it indicates that is not meant to be applied to endpoints. Its the agents that are centralized, not the policy itself. Also, it works for both self-managed clusters and cloud. Curious to hear suggestions / input from others |
|
This policy is not only created in Cloud but also for every other setup. But agree, it most cases it is likely to be "centralized". Should we skip the |
|
To be consistent with the other policy we bootstrap ( I'm not sure if that is the official term we've landed on after reading across various issues and docs. I think we've been inconsistent in how we refer to these "Managed policies". I've seen us refer to them as "Centralized policies" or "Centralized agent policies" in other places. So whatever the word it is, i'd propose |
|
I am good with your suggestion and dropping Agent. Default centralized policy |
|
After more discussion, I think we should adapt our criteria. Using a different name for this policy on cloud would help users clearly identify the agents running on cloud. This is helpful to identify the relevant agents when the user needs to troubleshoot a problem with their agents on cloud. It also helps them identify which policy to use when adding integrations on the cloud. We had some discussion with Cloud and APM about the naming for the policy on cloud deployments. We're considering a few options:
I like Elastic Cloud agent policy because it most clearly identifies the agents on Elastic Cloud. It also differentiates agents on Elastic Cloud from other clouds and hosting environments. This name also indicates that is for more than just Fleet Server, but any integration they want to run on Elastic Cloud. For example, it will include APM server as well. For self-managed clusters, I like the current name of Default Fleet Server policy. Users will know what a Fleet Server is because they just set one up. I like that better than "Default centralized policy" because users may not know what "centralized" means. Also, we don't know whether users will want to add other centralized integrations to it. There is no requirement to run other integrations like APM server in this use case. We should prioritize clarity of onboarding for this audience. Curious to hear your thoughts @mukeshelastic @ph |
|
@mukeshelastic and I discussed this in our 1:1 and he is on board with "Elastic Cloud agent policy" and "Default Fleet Server policy" |
|
I am OK with "Elastic Cloud agent policy" and "Default Fleet Server policy" |
|
This means the |
|
@ruflin yes |
|
Great it seems like we have input from enough folks so let's call the names decided. They will be "Elastic Cloud agent policy" and "Default Fleet Server policy" |
|
Going to close this issue as the fleet-server policy is already auto created. In case of further naming discussion, lets take this separate. |
With elastic/beats#23865 the staring of fleet-server is implemented. In the future to use manage Elastic Agents a fleet-server is required. Fleet should already have a policy setup with the fleet-server integration inside. We should not require the user to manually setup. This issue is to discuss how this policy should exactly look and be named.
The
fleet-servershould not be part of theDefault Policyas this might be the policy that is used by default on all edge machines. Instead aFleetpolicy (name TBD) is required. ThisFleetpolicy by default contains the integration for thefleet-server.I'm suggestion that the
Fleetserver policy is created when setting up the stack for the first time and logging into Kibana. This is the same as Default Policy. But I suggest there is an additional API endpoint to trigger this setup, something like/api/fleet/fleet-policy-setup. The reason for an additional endpoint is that variables could be passed to modify the setup and potentially additional code can be built into the simple API endpoint.The additional code can become useful to detect which environment we are running in like k8s, Cloud or on prem. Based on what the detected environment is it is possible to create the policy and fleet-server integration with different settings.
To make the enrollement into the
Fleetpolicy simpler, should it have a fixedpolicy_id?The text was updated successfully, but these errors were encountered: