Add missing environment variables for container setup (#1354) (#1372)

* Add missing environment variables for container setup * Add more missing settings * fixup * fixup * fixup * fixup * Remove FLEET_HEADER & FLEET_KIBANA_HEADER (cherry picked from commit 98d9db9) Co-authored-by: David Kilfoyle <[email protected]>
elastic · Oct 8, 2024 · d226c26 · d226c26
1 parent b788e09
commit d226c26
Show file tree

Hide file tree

Showing 2 changed files with 130 additions and 16 deletions.
diff --git a/docs/en/ingest-management/elastic-agent/configuration/env/container-envs.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/env/container-envs.asciidoc
@@ -66,8 +66,6 @@ Settings used to prepare the {fleet} plugin in {kib}.
 |===
 | Settings | Description
 
-include::shared-env.asciidoc[tag=kibana-fleet-setup]
-
 include::shared-env.asciidoc[tag=kibana-fleet-host]
 
 include::shared-env.asciidoc[tag=kibana-fleet-username]
@@ -98,6 +96,12 @@ include::shared-env.asciidoc[tag=fleet-server-elasticsearch-host]
 
 include::shared-env.asciidoc[tag=fleet-server-elasticsearch-ca]
 
+include::shared-env.asciidoc[tag=fleet-server-es-cert]
+
+include::shared-env.asciidoc[tag=fleet-server-es-cert-key]
+
+include::shared-env.asciidoc[tag=fleet-server-insecure-http]
+
 include::shared-env.asciidoc[tag=fleet-server-service-token]
 
 include::shared-env.asciidoc[tag=fleet-server-service-token-path]
@@ -116,8 +120,14 @@ include::shared-env.asciidoc[tag=fleet-server-cert-key]
 
 include::shared-env.asciidoc[tag=fleet-server-cert-key-passphrase]
 
+include::shared-env.asciidoc[tag=fleet-server-client-auth]
+
 include::shared-env.asciidoc[tag=fleet-server-es-ca-trusted-fingerprint]
 
+include::shared-env.asciidoc[tag=fleet-daemon-timeout]
+
+include::shared-env.asciidoc[tag=fleet-server-timeout]
+
 |===
 
 [discrete]
@@ -133,10 +143,16 @@ Settings used to enroll an {agent} into a {fleet-server}.
 |===
 | Settings | Description
 
+include::shared-env.asciidoc[tag=elastic-agent-cert]
+
+include::shared-env.asciidoc[tag=elastic-agent-cert-key]
+
 include::shared-env.asciidoc[tag=elastic-agent-tag]
 
 include::shared-env.asciidoc[tag=fleet-enroll]
 
+include::shared-env.asciidoc[tag=fleet-force]
+
 include::shared-env.asciidoc[tag=fleet-url]
 
 include::shared-env.asciidoc[tag=fleet-enrollment-token]

diff --git a/docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc
@@ -17,30 +17,37 @@ OPTIONAL INFO AND EXAMPLE
 
 // =============================================================================
 
-// tag::elastic-agent-tag[]
+// tag::elastic-agent-cert[]
 |
-[id="env-{type}-elastic-agent-tag"]
-`ELASTIC_AGENT_TAGS`
+[id="env-{type}-elastic-agent-cert"]
+`ELASTIC_AGENT_CERT`
 
-| (string) A comma-separated list of tags to apply to {fleet}-managed {agent}s.
-You can use these tags to filter the list of agents in {fleet}.
+| (string) The path to the mutual TLS client certificate that {agent} will use to connect to {fleet-server}.
 
-// end::elastic-agent-tag[]
+// end::elastic-agent-cert[]
 
 // =============================================================================
 
-// tag::kibana-fleet-setup[]
+// tag::elastic-agent-cert-key[]
 |
-[id="env-{type}-kibana-fleet-setup"]
-`KIBANA_FLEET_SETUP`
+[id="env-{type}-elastic-agent-cert-key"]
+`ELASTIC_AGENT_CERT_KEY`
 
-| (int) Set to `1` to enable {fleet} setup.
-Enabling {fleet} is required before {fleet-server} will start.
-When this action is not performed, a user must manually log in to {kib} and visit the {fleet} page to enable setup.
+| (string) The path to the mutual TLS private key that {agent} will use to connect to {fleet-server}.
 
-*Default:* none
+// end::elastic-agent-cert-key[]
+
+// =============================================================================
 
-// end::kibana-fleet-setup[]
+// tag::elastic-agent-tag[]
+|
+[id="env-{type}-elastic-agent-tag"]
+`ELASTIC_AGENT_TAGS`
+
+| (string) A comma-separated list of tags to apply to {fleet}-managed {agent}s.
+You can use these tags to filter the list of agents in {fleet}.
+
+// end::elastic-agent-tag[]
 
 // =============================================================================
 
@@ -105,6 +112,20 @@ contains your CA's certificate.
 
 // =============================================================================
 
+// tag::fleet-force[]
+|
+[id="env-{type}-fleet-force"]
+`FLEET_FORCE`
+
+| (bool) Set to `true` to force overwrite of the current {agent} configuration without prompting for confirmation.
+This flag is helpful when using automation software or scripted deployments.
+
+*Default:* `false`
+
+// end::fleet-force[]
+
+// =============================================================================
+
 // tag::fleet-server-enable[]
 |
 [id="env-{type}-fleet-server-enable"]
@@ -273,6 +294,21 @@ Overrides the port defined in the policy.
 
 // =============================================================================
 
+// tag::fleet-server-client-auth[]
+|
+[id="env-{type}-fleet-server-client-auth"]
+`FLEET_SERVER_CLIENT_AUTH`
+
+| (string) One of `none`, `optional`, or `required`.
+{fleet-server}'s client authentication option for client mTLS connections.
+If `optional` or `required` is specified, client certificates are verified using CAs.
+
+*Default:* `none`
+
+// end::fleet-server-client-auth[]
+
+// =============================================================================
+
 // tag::fleet-server-es-ca-trusted-fingerprint[]
 |
 [id="env-{type}-fleet-server-es-ca-trusted-fingerprint"]
@@ -288,6 +324,68 @@ by {agent} for communication. This flag is required when using self-signed certi
 
 // =============================================================================
 
+// tag::fleet-server-es-cert[]
+|
+[id="env-{type}-fleet-server-es-cert"]
+`FLEET_SERVER_ES_CERT`
+
+| (string) The path to the mutual TLS client certificate that {fleet-server} will use to connect to {es}.
+
+*Default:* `""`
+
+// end::fleet-server-es-cert[]
+
+// =============================================================================
+
+// tag::fleet-server-es-cert-key[]
+|
+[id="env-{type}-fleet-server-es-cert-key"]
+`FLEET_SERVER_ES_CERT_KEY`
+
+| (string) The path to the mutual TLS private key that {fleet-server} will use to connect to {es}.
+
+*Default:* `""`
+
+// end::fleet-server-es-cert-key[]
+
+// =============================================================================
+
+// tag::fleet-server-insecure-http[]
+|
+[id="env-{type}-fleet-server-insecure-http"]
+`FLEET_SERVER_INSECURE_HTTP`
+
+| (bool) When `true`, {fleet-server} is exposed over insecure or unverified HTTP.
+Setting this to `true` is not recommended.
+
+*Default:* `false`
+
+// end::fleet-server-insecure-http[]
+
+// =============================================================================
+
+// tag::fleet-daemon-timeout[]
+|
+[id="env-{type}-fleet-daemon-timeout"]
+`FLEET_DAEMON_TIMEOUT`
+
+| (duration) Set to indicate how long {fleet-server} will wait during the bootstrap process for {elastic-agent}.
+
+// end::fleet-daemon-timeout[]
+
+// =============================================================================
+
+// tag::fleet-server-timeout[]
+|
+[id="env-{type}-fleet-server-timeout"]
+`FLEET_SERVER_TIMEOUT`
+
+| (duration) Set to indicate how long {agent} will wait for {fleet-server} to check in as healthy.
+
+// end::fleet-server-timeout[]
+
+// =============================================================================
+
 // tag::fleet-enroll[]
 |
 [id="env-{type}-fleet-enroll"]