[Fleet] Hosted agent policies #93504
Assignees
Labels
Team:Fleet
Team label for Observability Data Collection Fleet team
Comments
mostlyjason
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
|
I think we should change the saved object Do we want to make this change in 7.12 (already at BC3) or make a migration in 7.13? It's after 7.12 FF but just asking if we want to get it in "right" from the beginning. |
|
@jfsiii hold off on any changes for this issue right now. Its still work in progress. I have an open question to @ruflin about whether this should really be a called an Elastic Cloud type policy, since some of the requirements seem specific to Elastic Cloud and do not apply to generic use cases like K8s. |
|
What means "user can create externally managed agent policies" in this context? Through the UI or API? I would consider this only an API feature. As it is managed externally through the API anyways, I don't think we need to expose this. |
mostlyjason
changed the title
|
Closing this one because its superseded by other docs and issues |
|
@mostlyjason can you link to the relevant issues so anyone subscribing here can follow up? |
|
Sure here you go
|
7 tasks
jfsiii
pushed a commit
that referenced
this issue
Apr 16, 2021
## Summary ### What this PR _does_ change - [x] Replace all UI & API instances of "managed policy" with "hosted agent policy" #93504 - [x] Replace all UI & API instances of "unmanaged policy" with "regular agent policy" #93504 - [x] Update most variable names containing `managed` to `hosted` <details><summary>screenshots</summary> <img width="489" alt="Screen Shot 2021-04-15 at 10 54 01 AM" src="https://user-images.githubusercontent.com/57655/114898051-cac35980-9ddf-11eb-9c55-3fb5c0211c63.png"> <img width="339" alt="Screen Shot 2021-04-15 at 11 40 47 AM" src="https://user-images.githubusercontent.com/57655/114898053-cac35980-9ddf-11eb-8c60-3459aed3db6c.png"> <img width="714" alt="Screen Shot 2021-04-15 at 11 40 59 AM" src="https://user-images.githubusercontent.com/57655/114898054-cac35980-9ddf-11eb-912a-623eba9c3860.png"> </details> ### What this PR _does not_ change - [ ] The `is_managed` property of the agent policy saved object* - [ ] The updated error messages in #92591 <details><summary>*why not change the <code>is_managed</code> property?</summary> <p>Changing the property will require a migration from 7.12. That's not a problem, but we haven't decided on <a href="https://github.com/elastic/kibana/issues/93504#issuecomment-790060997">a new name/approach</a> yet. Rather than update to <code>is_hosted: boolean</code> now and potentially something like <code>managed_by: enum</code> later, we'll update it when we have a decision. <p><strong>TL;DR:</strong> It's a trivial update to make later and a minuscule amount of debt to pay until then. Less than cost of doing it twice. </details> ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Apr 16, 2021
…c#97287) ## Summary ### What this PR _does_ change - [x] Replace all UI & API instances of "managed policy" with "hosted agent policy" elastic#93504 - [x] Replace all UI & API instances of "unmanaged policy" with "regular agent policy" elastic#93504 - [x] Update most variable names containing `managed` to `hosted` <details><summary>screenshots</summary> <img width="489" alt="Screen Shot 2021-04-15 at 10 54 01 AM" src="https://user-images.githubusercontent.com/57655/114898051-cac35980-9ddf-11eb-9c55-3fb5c0211c63.png"> <img width="339" alt="Screen Shot 2021-04-15 at 11 40 47 AM" src="https://user-images.githubusercontent.com/57655/114898053-cac35980-9ddf-11eb-8c60-3459aed3db6c.png"> <img width="714" alt="Screen Shot 2021-04-15 at 11 40 59 AM" src="https://user-images.githubusercontent.com/57655/114898054-cac35980-9ddf-11eb-912a-623eba9c3860.png"> </details> ### What this PR _does not_ change - [ ] The `is_managed` property of the agent policy saved object* - [ ] The updated error messages in elastic#92591 <details><summary>*why not change the <code>is_managed</code> property?</summary> <p>Changing the property will require a migration from 7.12. That's not a problem, but we haven't decided on <a href="https://github.com/elastic/kibana/issues/93504#issuecomment-790060997">a new name/approach</a> yet. Rather than update to <code>is_hosted: boolean</code> now and potentially something like <code>managed_by: enum</code> later, we'll update it when we have a decision. <p><strong>TL;DR:</strong> It's a trivial update to make later and a minuscule amount of debt to pay until then. Less than cost of doing it twice. </details> ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
kibanamachine
added a commit
that referenced
this issue
Apr 16, 2021
#97346) ## Summary ### What this PR _does_ change - [x] Replace all UI & API instances of "managed policy" with "hosted agent policy" #93504 - [x] Replace all UI & API instances of "unmanaged policy" with "regular agent policy" #93504 - [x] Update most variable names containing `managed` to `hosted` <details><summary>screenshots</summary> <img width="489" alt="Screen Shot 2021-04-15 at 10 54 01 AM" src="https://user-images.githubusercontent.com/57655/114898051-cac35980-9ddf-11eb-9c55-3fb5c0211c63.png"> <img width="339" alt="Screen Shot 2021-04-15 at 11 40 47 AM" src="https://user-images.githubusercontent.com/57655/114898053-cac35980-9ddf-11eb-8c60-3459aed3db6c.png"> <img width="714" alt="Screen Shot 2021-04-15 at 11 40 59 AM" src="https://user-images.githubusercontent.com/57655/114898054-cac35980-9ddf-11eb-912a-623eba9c3860.png"> </details> ### What this PR _does not_ change - [ ] The `is_managed` property of the agent policy saved object* - [ ] The updated error messages in #92591 <details><summary>*why not change the <code>is_managed</code> property?</summary> <p>Changing the property will require a migration from 7.12. That's not a problem, but we haven't decided on <a href="https://github.com/elastic/kibana/issues/93504#issuecomment-790060997">a new name/approach</a> yet. Rather than update to <code>is_hosted: boolean</code> now and potentially something like <code>managed_by: enum</code> later, we'll update it when we have a decision. <p><strong>TL;DR:</strong> It's a trivial update to make later and a minuscule amount of debt to pay until then. Less than cost of doing it twice. </details> ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: John Schulz <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
In most cases Fleet provides full central management for Elastic Agents. However, in some use cases, the infrastructure for Elastic Agents is managed outside of Fleet. Examples include ESS and K8s where these platforms are responsible for the creation of containers/pods for Elastic agent. They specify when agents are created, upgraded, or removed, and this would conflict with Fleet. For example, the container image would determine which version of the agent is running. To upgrade the agent, the user would update the image version.
Solution
We'll create a new type of agent policy called a "hosted agent policy". It will restrict the user from performing lifecycle actions that would be done by the hosting solution instead. Those actions include the ability to unenroll agents, upgrade them or reassign them because they are typically defined at the container or pod level.
However, the user can still configure the agent policies, including adding integrations or configuring the inputs. Fleet will sync the agent policy updates to the agents. If a container is recreated later, the agent policy is still stored within Fleet and can be applied to the agent when it starts.
Policies that are not hosted are just called "regular" policies, and they are default kind of policy.
User experience
WIth in the API, the user should be prevented from performing the above actions. API actions that are unpermitted for single agents should fail with an error. Bulk actions should apply the action to the subset of permitted agents, similar to how the ES bulk API works. For example, this allows the user to bulk select and upgrade every agent they are able to. The ones that remain on the old version, the user will have to upgrade them in the hosting solution.
Within the UI, the user ideally should not be able to execute unpermitted actions. We can disable the action buttons in those cases. For the bulk actions, we can show a screen that displays the number of permitted agents that the action applies to.
Phases
Related issues
The text was updated successfully, but these errors were encountered: