-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Add support for output and Fleet Server proxies on Serverless #165672
Comments
Pinging @elastic/fleet (Team:Fleet) |
cc @nimarezainia please review |
I'm not following what this is exactly saying that? the user shouldn't be allowed to change the host settings, they should only be allowed to add a proxy definition.Which are already mentioned.
I had this as feedback elsewhere for serverless. Why do we allow this? In serverless there will be a default Fleet Server/Service that is configured. I can't think of a use case where we would have multiple. If that is correct then the drop down in the policy to select a Fleet Server is also not required. In serverless all of this is fixed. I also added Kafka to the logstash description above. it would need the same treatment. thanks again. |
reading the description again. Just to clarify: is the suggestion that if the user wants to add a proxy to ES or Fleet Server, they should add a new output or FS and then be allowed t modify the proxy settings. the host setings are still locked. Is this correct? |
Yes that's the suggestion. Today we couple these things together. A FS host config is a list of FS URLs + an optional proxy configuration. So it's a bit roundabout to choose a proxy, you have to create a new FS host config that has a proxy selected. We could consider implementing this differently and more specifically for Serverless where instead we just allow choosing a proxy from the Agent policy for FS connections. I think the output UX makes sense still though. |
This is not true today in serverless, we allow to edit some fields for default preconfigured output with the
Does it make sense to add some extra/code complexity for serverless for that feature? it seems to me that feature is already for advanced user, if we can reuse Fleet server hosts for that it will probably make things easier to implement maintain. |
Proposed Implementation plan We can have a special behavior on serverless based on the value of For serverless we should do the following changes: OutputsUIWhen adding/editing a new output of type
API
Setup preconfiguration
Fleet server hostsAPI
UIWhen adding/editing a new fleet server host:
Setup preconfiguration
|
I would also like to avoid this complexity which sees the behavior divergence between serverless and non-serverless. |
For use cases that have multiple different networks and different unique proxies all forwarding to the same project, I suppose the above change as described is required. |
Hi, the following implementation is ready for testing in #175315:
Just looking at the preconfiguration now: is it known whether the default output/fleet server hosts can change (per @nchaulet's comment)? |
I don't see any reason why the default output/fleet server hosts would change in Serverless, at least this never was something we faced up until today. |
Closes #165672 ### Summary This PR adds support for custom output and Fleet server hosts with proxies in serverless mode: - Proxies are re-enabled in serverless. - It is possible to add custom Fleet server hosts in serverless, with the constraint that the host URL must match the Elasticsearch URL of the default host. - New Elasticsearch outputs must also have the default host URL. ### Testing The below requirements should be tested in serverless mode for observability and security project types: ```sh # elasticsearch yarn es serverless --kill # kibana: one of yarn serverless-oblt yarn serverless-security ```⚠️ In addition, stateful mode should **not** be affected by any of these changes. #### Config In order to test this change, you will need the following configuration to mirror a serverless setup. Create a `serverless.dev.yml` if you don't have one already and set a project id (this is required for Fleet's `cloud.isServerlessEnabled` to correctly be `true`): ```yaml xpack.cloud.serverless.project_id: test-123 ``` In `kibana.devl.yml`, make sure the default Fleet server hosts and default output have the expected ids: ```yaml xpack.fleet.fleetServerHosts: - id: default-fleet-server name: Default Fleet server is_default: true host_urls: ['https://host.docker.internal:8220'] xpack.fleet.outputs: - id: es-default-output name: Default output type: elasticsearch is_default: true is_default_monitoring: true hosts: ['https://host.docker.internal:9200'] ``` #### Requirements - [ ] User can create proxy configurations in the Fleet UI and API. - [ ] User can create new Fleet server host via the UI - The Fleet Server Hosts dropdown is disabled and set to the default host URL - [ ] User can create new Fleet server host via the API - The request should succeed if the host URL is set the the default one - Otherwise the request should fail - [ ] User can add a proxy config to the Fleet server host config - [ ] User can select a custom Fleet Server host configuration from the Agent policy settings page - [ ] User can create new Fleet Elasticsearch output via the UI - The Hosts dropdown is disabled and set to the default Elasticsearch URL - [ ] User can create new Fleet Elasticsearch output via the API - The request should succeed if the host URL is set the the default one - Otherwise the request should fail - [ ] User can add a proxy config to the Elasticsearch output - [ ] User can select a custom Elasticsearch output configuration from the Agent policy settings page - [ ] User can create a custom Logstash output with proxy - [ ] User can create a custom Kafka output with proxy ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### Screenshots Fleet settings (proxies available): ![Screenshot 2024-02-02 at 17 21 05](https://github.com/elastic/kibana/assets/23701614/e94d3dfa-0467-48d0-9c99-c0288dfbba92) ![Screenshot 2024-02-02 at 17 21 15](https://github.com/elastic/kibana/assets/23701614/eb815d25-0e4c-497f-899a-036a89a0d126) Adding and editing a Fleet server host: ![Screenshot 2024-02-05 at 11 54 04](https://github.com/elastic/kibana/assets/23701614/2ad713fd-7992-4285-8605-1841ab7f56ef) ![Screenshot 2024-02-02 at 17 22 00](https://github.com/elastic/kibana/assets/23701614/dae30411-b023-4a3c-bba2-427dd3b8cd2a) Adding and editing an Elasticsearch output: ![Screenshot 2024-02-02 at 17 22 23](https://github.com/elastic/kibana/assets/23701614/cd6bdb90-d68a-4cf8-a1aa-34cf0eddc978) ![Screenshot 2024-02-02 at 17 22 38](https://github.com/elastic/kibana/assets/23701614/3a9c8f04-2586-4e3a-afd4-7a192245bc15) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@elastic/fleet-qasource-external As this is a serverless change, it should be part of the next weekly release. |
Thank you for the update @jillguyonnet Further, we will test this once next serverless build is available. |
…c#175315) Closes elastic#165672 ### Summary This PR adds support for custom output and Fleet server hosts with proxies in serverless mode: - Proxies are re-enabled in serverless. - It is possible to add custom Fleet server hosts in serverless, with the constraint that the host URL must match the Elasticsearch URL of the default host. - New Elasticsearch outputs must also have the default host URL. ### Testing The below requirements should be tested in serverless mode for observability and security project types: ```sh # elasticsearch yarn es serverless --kill # kibana: one of yarn serverless-oblt yarn serverless-security ```⚠️ In addition, stateful mode should **not** be affected by any of these changes. #### Config In order to test this change, you will need the following configuration to mirror a serverless setup. Create a `serverless.dev.yml` if you don't have one already and set a project id (this is required for Fleet's `cloud.isServerlessEnabled` to correctly be `true`): ```yaml xpack.cloud.serverless.project_id: test-123 ``` In `kibana.devl.yml`, make sure the default Fleet server hosts and default output have the expected ids: ```yaml xpack.fleet.fleetServerHosts: - id: default-fleet-server name: Default Fleet server is_default: true host_urls: ['https://host.docker.internal:8220'] xpack.fleet.outputs: - id: es-default-output name: Default output type: elasticsearch is_default: true is_default_monitoring: true hosts: ['https://host.docker.internal:9200'] ``` #### Requirements - [ ] User can create proxy configurations in the Fleet UI and API. - [ ] User can create new Fleet server host via the UI - The Fleet Server Hosts dropdown is disabled and set to the default host URL - [ ] User can create new Fleet server host via the API - The request should succeed if the host URL is set the the default one - Otherwise the request should fail - [ ] User can add a proxy config to the Fleet server host config - [ ] User can select a custom Fleet Server host configuration from the Agent policy settings page - [ ] User can create new Fleet Elasticsearch output via the UI - The Hosts dropdown is disabled and set to the default Elasticsearch URL - [ ] User can create new Fleet Elasticsearch output via the API - The request should succeed if the host URL is set the the default one - Otherwise the request should fail - [ ] User can add a proxy config to the Elasticsearch output - [ ] User can select a custom Elasticsearch output configuration from the Agent policy settings page - [ ] User can create a custom Logstash output with proxy - [ ] User can create a custom Kafka output with proxy ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### Screenshots Fleet settings (proxies available): ![Screenshot 2024-02-02 at 17 21 05](https://github.com/elastic/kibana/assets/23701614/e94d3dfa-0467-48d0-9c99-c0288dfbba92) ![Screenshot 2024-02-02 at 17 21 15](https://github.com/elastic/kibana/assets/23701614/eb815d25-0e4c-497f-899a-036a89a0d126) Adding and editing a Fleet server host: ![Screenshot 2024-02-05 at 11 54 04](https://github.com/elastic/kibana/assets/23701614/2ad713fd-7992-4285-8605-1841ab7f56ef) ![Screenshot 2024-02-02 at 17 22 00](https://github.com/elastic/kibana/assets/23701614/dae30411-b023-4a3c-bba2-427dd3b8cd2a) Adding and editing an Elasticsearch output: ![Screenshot 2024-02-02 at 17 22 23](https://github.com/elastic/kibana/assets/23701614/cd6bdb90-d68a-4cf8-a1aa-34cf0eddc978) ![Screenshot 2024-02-02 at 17 22 38](https://github.com/elastic/kibana/assets/23701614/3a9c8f04-2586-4e3a-afd4-7a192245bc15) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
We have revalidated these changes on latest 8.13.0 Serverless environment and had below observations: Proxy Used: Observations:
Further as per discussion under elastic/elastic-agent#2992, we are not able to test our squid proxy with Logstash output. Build details: Please let us know if we are missing any scenario to be covered. Thanks! |
Thank you, that is awesome. Did you test the API as well or only the UI? For visibility, the two bugs I found on my end are addressed in #176728 and should be fixed in the next release. |
@jillguyonnet We tested while adding from the UI only, could you please confirm if we need to test adding through API? |
@amolnater-qasource Yes, that'd be great, thank you. |
We have revalidated the Fleet Settings on serverless environment through API and had below observations: Observations:
Please let us know if we are missing any scenario to be covered. Thanks! |
Hi @amolnater-qasource Thank you very much for testing!
The output API was fixed in #176728. I just re-tested to Fleet Server host API and I am able to update without passing the host URLs:
Could you confirm if you observed anything different? Thanks |
Thank you for the update, we were not aware about a new serverless build availability and covered the testing on the same build shared under #165672 (comment). We have revalidated this issue on the latest serverless environment and found it fixed now.
Build details: Thanks! |
…c#175315) Closes elastic#165672 ### Summary This PR adds support for custom output and Fleet server hosts with proxies in serverless mode: - Proxies are re-enabled in serverless. - It is possible to add custom Fleet server hosts in serverless, with the constraint that the host URL must match the Elasticsearch URL of the default host. - New Elasticsearch outputs must also have the default host URL. ### Testing The below requirements should be tested in serverless mode for observability and security project types: ```sh # elasticsearch yarn es serverless --kill # kibana: one of yarn serverless-oblt yarn serverless-security ```⚠️ In addition, stateful mode should **not** be affected by any of these changes. #### Config In order to test this change, you will need the following configuration to mirror a serverless setup. Create a `serverless.dev.yml` if you don't have one already and set a project id (this is required for Fleet's `cloud.isServerlessEnabled` to correctly be `true`): ```yaml xpack.cloud.serverless.project_id: test-123 ``` In `kibana.devl.yml`, make sure the default Fleet server hosts and default output have the expected ids: ```yaml xpack.fleet.fleetServerHosts: - id: default-fleet-server name: Default Fleet server is_default: true host_urls: ['https://host.docker.internal:8220'] xpack.fleet.outputs: - id: es-default-output name: Default output type: elasticsearch is_default: true is_default_monitoring: true hosts: ['https://host.docker.internal:9200'] ``` #### Requirements - [ ] User can create proxy configurations in the Fleet UI and API. - [ ] User can create new Fleet server host via the UI - The Fleet Server Hosts dropdown is disabled and set to the default host URL - [ ] User can create new Fleet server host via the API - The request should succeed if the host URL is set the the default one - Otherwise the request should fail - [ ] User can add a proxy config to the Fleet server host config - [ ] User can select a custom Fleet Server host configuration from the Agent policy settings page - [ ] User can create new Fleet Elasticsearch output via the UI - The Hosts dropdown is disabled and set to the default Elasticsearch URL - [ ] User can create new Fleet Elasticsearch output via the API - The request should succeed if the host URL is set the the default one - Otherwise the request should fail - [ ] User can add a proxy config to the Elasticsearch output - [ ] User can select a custom Elasticsearch output configuration from the Agent policy settings page - [ ] User can create a custom Logstash output with proxy - [ ] User can create a custom Kafka output with proxy ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### Screenshots Fleet settings (proxies available): ![Screenshot 2024-02-02 at 17 21 05](https://github.com/elastic/kibana/assets/23701614/e94d3dfa-0467-48d0-9c99-c0288dfbba92) ![Screenshot 2024-02-02 at 17 21 15](https://github.com/elastic/kibana/assets/23701614/eb815d25-0e4c-497f-899a-036a89a0d126) Adding and editing a Fleet server host: ![Screenshot 2024-02-05 at 11 54 04](https://github.com/elastic/kibana/assets/23701614/2ad713fd-7992-4285-8605-1841ab7f56ef) ![Screenshot 2024-02-02 at 17 22 00](https://github.com/elastic/kibana/assets/23701614/dae30411-b023-4a3c-bba2-427dd3b8cd2a) Adding and editing an Elasticsearch output: ![Screenshot 2024-02-02 at 17 22 23](https://github.com/elastic/kibana/assets/23701614/cd6bdb90-d68a-4cf8-a1aa-34cf0eddc978) ![Screenshot 2024-02-02 at 17 22 38](https://github.com/elastic/kibana/assets/23701614/3a9c8f04-2586-4e3a-afd4-7a192245bc15) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
…c#175315) Closes elastic#165672 ### Summary This PR adds support for custom output and Fleet server hosts with proxies in serverless mode: - Proxies are re-enabled in serverless. - It is possible to add custom Fleet server hosts in serverless, with the constraint that the host URL must match the Elasticsearch URL of the default host. - New Elasticsearch outputs must also have the default host URL. ### Testing The below requirements should be tested in serverless mode for observability and security project types: ```sh # elasticsearch yarn es serverless --kill # kibana: one of yarn serverless-oblt yarn serverless-security ```⚠️ In addition, stateful mode should **not** be affected by any of these changes. #### Config In order to test this change, you will need the following configuration to mirror a serverless setup. Create a `serverless.dev.yml` if you don't have one already and set a project id (this is required for Fleet's `cloud.isServerlessEnabled` to correctly be `true`): ```yaml xpack.cloud.serverless.project_id: test-123 ``` In `kibana.devl.yml`, make sure the default Fleet server hosts and default output have the expected ids: ```yaml xpack.fleet.fleetServerHosts: - id: default-fleet-server name: Default Fleet server is_default: true host_urls: ['https://host.docker.internal:8220'] xpack.fleet.outputs: - id: es-default-output name: Default output type: elasticsearch is_default: true is_default_monitoring: true hosts: ['https://host.docker.internal:9200'] ``` #### Requirements - [ ] User can create proxy configurations in the Fleet UI and API. - [ ] User can create new Fleet server host via the UI - The Fleet Server Hosts dropdown is disabled and set to the default host URL - [ ] User can create new Fleet server host via the API - The request should succeed if the host URL is set the the default one - Otherwise the request should fail - [ ] User can add a proxy config to the Fleet server host config - [ ] User can select a custom Fleet Server host configuration from the Agent policy settings page - [ ] User can create new Fleet Elasticsearch output via the UI - The Hosts dropdown is disabled and set to the default Elasticsearch URL - [ ] User can create new Fleet Elasticsearch output via the API - The request should succeed if the host URL is set the the default one - Otherwise the request should fail - [ ] User can add a proxy config to the Elasticsearch output - [ ] User can select a custom Elasticsearch output configuration from the Agent policy settings page - [ ] User can create a custom Logstash output with proxy - [ ] User can create a custom Kafka output with proxy ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### Screenshots Fleet settings (proxies available): ![Screenshot 2024-02-02 at 17 21 05](https://github.com/elastic/kibana/assets/23701614/e94d3dfa-0467-48d0-9c99-c0288dfbba92) ![Screenshot 2024-02-02 at 17 21 15](https://github.com/elastic/kibana/assets/23701614/eb815d25-0e4c-497f-899a-036a89a0d126) Adding and editing a Fleet server host: ![Screenshot 2024-02-05 at 11 54 04](https://github.com/elastic/kibana/assets/23701614/2ad713fd-7992-4285-8605-1841ab7f56ef) ![Screenshot 2024-02-02 at 17 22 00](https://github.com/elastic/kibana/assets/23701614/dae30411-b023-4a3c-bba2-427dd3b8cd2a) Adding and editing an Elasticsearch output: ![Screenshot 2024-02-02 at 17 22 23](https://github.com/elastic/kibana/assets/23701614/cd6bdb90-d68a-4cf8-a1aa-34cf0eddc978) ![Screenshot 2024-02-02 at 17 22 38](https://github.com/elastic/kibana/assets/23701614/3a9c8f04-2586-4e3a-afd4-7a192245bc15) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Hi Team, We have setup mitmproxy with logstash output on self-managed 8.13.0-SNAPSHOT:
Mitmproxy with logstash Logs: Build details: Please let us know if we are missing anything here or anything else is required from our end. Thanks |
Hi @amolnater-qasource, thank you for trying out mitmproxy 👍 So it seems we cannot test Logstash outputs for the scope of this change, correct? If so, then I suppose there is nothing else to test, at least while this issue persist. |
…c#175315) Closes elastic#165672 ### Summary This PR adds support for custom output and Fleet server hosts with proxies in serverless mode: - Proxies are re-enabled in serverless. - It is possible to add custom Fleet server hosts in serverless, with the constraint that the host URL must match the Elasticsearch URL of the default host. - New Elasticsearch outputs must also have the default host URL. ### Testing The below requirements should be tested in serverless mode for observability and security project types: ```sh # elasticsearch yarn es serverless --kill # kibana: one of yarn serverless-oblt yarn serverless-security ```⚠️ In addition, stateful mode should **not** be affected by any of these changes. #### Config In order to test this change, you will need the following configuration to mirror a serverless setup. Create a `serverless.dev.yml` if you don't have one already and set a project id (this is required for Fleet's `cloud.isServerlessEnabled` to correctly be `true`): ```yaml xpack.cloud.serverless.project_id: test-123 ``` In `kibana.devl.yml`, make sure the default Fleet server hosts and default output have the expected ids: ```yaml xpack.fleet.fleetServerHosts: - id: default-fleet-server name: Default Fleet server is_default: true host_urls: ['https://host.docker.internal:8220'] xpack.fleet.outputs: - id: es-default-output name: Default output type: elasticsearch is_default: true is_default_monitoring: true hosts: ['https://host.docker.internal:9200'] ``` #### Requirements - [ ] User can create proxy configurations in the Fleet UI and API. - [ ] User can create new Fleet server host via the UI - The Fleet Server Hosts dropdown is disabled and set to the default host URL - [ ] User can create new Fleet server host via the API - The request should succeed if the host URL is set the the default one - Otherwise the request should fail - [ ] User can add a proxy config to the Fleet server host config - [ ] User can select a custom Fleet Server host configuration from the Agent policy settings page - [ ] User can create new Fleet Elasticsearch output via the UI - The Hosts dropdown is disabled and set to the default Elasticsearch URL - [ ] User can create new Fleet Elasticsearch output via the API - The request should succeed if the host URL is set the the default one - Otherwise the request should fail - [ ] User can add a proxy config to the Elasticsearch output - [ ] User can select a custom Elasticsearch output configuration from the Agent policy settings page - [ ] User can create a custom Logstash output with proxy - [ ] User can create a custom Kafka output with proxy ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### Screenshots Fleet settings (proxies available): ![Screenshot 2024-02-02 at 17 21 05](https://github.com/elastic/kibana/assets/23701614/e94d3dfa-0467-48d0-9c99-c0288dfbba92) ![Screenshot 2024-02-02 at 17 21 15](https://github.com/elastic/kibana/assets/23701614/eb815d25-0e4c-497f-899a-036a89a0d126) Adding and editing a Fleet server host: ![Screenshot 2024-02-05 at 11 54 04](https://github.com/elastic/kibana/assets/23701614/2ad713fd-7992-4285-8605-1841ab7f56ef) ![Screenshot 2024-02-02 at 17 22 00](https://github.com/elastic/kibana/assets/23701614/dae30411-b023-4a3c-bba2-427dd3b8cd2a) Adding and editing an Elasticsearch output: ![Screenshot 2024-02-02 at 17 22 23](https://github.com/elastic/kibana/assets/23701614/cd6bdb90-d68a-4cf8-a1aa-34cf0eddc978) ![Screenshot 2024-02-02 at 17 22 38](https://github.com/elastic/kibana/assets/23701614/3a9c8f04-2586-4e3a-afd4-7a192245bc15) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
In https://github.com/elastic/ingest-dev/issues/1530 we disabled support for configuring proxies on output and Fleet Server connections for Serverless projects.
Now that we know more about the requirements, we need to bring this support back. We need to allow users to configure a proxy for Elastic Agent to communicate with both Elasticsearch and Fleet Server hosted in Serverless. We are not bring back support for on-premise Fleet Server hosts or custom URLs for Fleet Server or Elasticsearch.
Requirements
How to handle preconfigured outputs and Fleet Server hosts
We current preconfigure an ES output and Fleet Server host in Kibana configuration. These are not editable today. To avoid any issues in the future, I think we should keep this behavior and not allow any edits to the preconfigured output or Fleet server host config.
So if a user wants to use a proxy they have to create a new output or FS host config. We should allow them to set this new output or FS host config as the default. The default setting is the only aspect that the user should be able to override about the preconfigured output and FS configs.
The text was updated successfully, but these errors were encountered: