Peter Brachwitz

The underlying functionality is actually in Kibana not in the ECK operator, so it would be good to know which version of Kibana is affected. Can those of you that...

After doing a bit of research I believe has been previously reported in https://github.com/elastic/kibana/issues/111401 and summarised in https://github.com/elastic/kibana/issues/190333

ECK OLM packages are currently not compatible with OLM v1 because ECK uses webhooks https://operator-framework.github.io/operator-controller/project/olmv1_limitations/ If we wanted to repackage ECK for OLMv1 we would have to disable those.

Kibana is orchestrated slightly differently from Elasticsearch: 1. it uses Deployments instead of StatefulSets 2. during version upgrades we need to use the [Recreate deployment strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#recreate-deployment) type because Kibana does...

> Do you think there are security-conscious users who would prefer the init container pattern (short-lived elevated privileges) over a continuously running agent container with CAP_NET_RAW and CAP_CHOWN? Or am...

> > The agent container needs CAP_SETPCAP and CAP_CHOWN capabilities [...] > > [...] > > I'm wondering if there's still value in the init container approach for some users...

@pkoutsovasilis what is you recommendation? We should keep the recipe around because there **is** value in having instructions how to run agent without privilege escalation?

Cross-posting from the original issue here. But I think mTLS already works today. At least for Kibana and ES. I have not tested other stack components like Agent or Beats....

``` setup.template.settings: index.number_of_shards: 0

@rhr323 I don't think we have any evidence of an ECK bug for the issue reported here. We have not been able to reproduce the issue so far. We are...