diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml index 4118e2d4e80c..1f74fed1f335 100644 --- a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml +++ b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml @@ -629,6 +629,11 @@ rules: - events - pods verbs: ["get", "list", "watch"] + # Enable this rule only if planing to use kubernetes_secrets provider + #- apiGroups: [""] + # resources: + # - secrets + # verbs: ["get"] - apiGroups: ["extensions"] resources: - replicasets diff --git a/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-role.yaml b/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-role.yaml index dcf2b4a5ff29..13b3554b83cc 100644 --- a/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-role.yaml +++ b/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-role.yaml @@ -12,6 +12,11 @@ rules: - events - pods verbs: ["get", "list", "watch"] + # Enable this rule only if planing to use kubernetes_secrets provider + #- apiGroups: [""] + # resources: + # - secrets + # verbs: ["get"] - apiGroups: ["extensions"] resources: - replicasets diff --git a/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets.go b/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets.go index 4af00bc766e5..5588a546a295 100644 --- a/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets.go +++ b/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets.go @@ -47,6 +47,9 @@ func ContextProviderBuilder(logger *logger.Logger, c *config.Config) (corecomp.C func (p *contextProviderK8sSecrets) Fetch(key string) (string, bool) { // key = "kubernetes_secrets.somenamespace.somesecret.value" + if p.client == nil { + return "", false + } tokens := strings.Split(key, ".") if len(tokens) > 0 && tokens[0] != "kubernetes_secrets" { return "", false