[Kubernetes] Add kustomize template for hints auto discover (#5643)

* Add template for hints * Create fragment * fixing comments for provider * removing container_logs * Remove root capabilites from initcontainer * Update kustomize patches for hints * Update changelog fragment * Update configmap for standalone agent --------- Co-authored-by: Andrew Gizas <andreas.gkizas@elastic.co>
elastic · Oct 14, 2024 · eedce01 · eedce01
1 parent d6da7eb
commit eedce01
Show file tree

Hide file tree

Showing 11 changed files with 813 additions and 31 deletions.
diff --git a/changelog/fragments/1727790202-kustomize-templates-with-hints.yaml b/changelog/fragments/1727790202-kustomize-templates-with-hints.yaml
@@ -0,0 +1,32 @@
+# Kind can be one of:
+# - breaking-change: a change to previously-documented behavior
+# - deprecation: functionality that is being removed in a later release
+# - bug-fix: fixes a problem in a previous version
+# - enhancement: extends functionality but does not break or fix existing behavior
+# - feature: new functionality
+# - known-issue: problems that we are aware of in a given version
+# - security: impacts on the security of a product or a user’s deployment.
+# - upgrade: important information for someone upgrading from a prior version
+# - other: does not fit into any of the other categories
+kind: feature
+
+# Change summary; a 80ish characters long description of the change.
+summary: Kustomize template to enables hints based autodiscovery by default when deploying standalone elastic-agent into a Kubernetes cluster. Remove root privileges of init container.
+
+# Long description; in case the summary is not enough to describe the change
+# this field accommodate a description without length limits.
+# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment.
+#description:
+
+# Affected component; usually one of "elastic-agent", "fleet-server", "filebeat", "metricbeat", "auditbeat", "all", etc.
+component: elastic-agent
+
+# PR URL; optional; the PR number that added the changeset.
+# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added.
+# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number.
+# Please provide it if you are adding a fragment for a different PR.
+pr: https://github.com/elastic/elastic-agent/pull/5643
+
+# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of).
+# If not present is automatically filled by the tooling with the issue linked to the PR number.
+#issue: https://github.com/owner/repo/1234
diff --git a/deploy/kubernetes/Makefile b/deploy/kubernetes/Makefile
@@ -15,6 +15,7 @@ ELASTIC_AGENT_BRANCH=update-k8s-templates-$(shell date "+%Y%m%d%H%M%S")
 KUSTOMIZE=elastic-agent-kustomize
 KUSTOMIZE_DEFAULT=elastic-agent-kustomize/default
 KUSTOMIZE_KSM_AUTOSHARDING=elastic-agent-kustomize/ksm-autosharding
+KUSTOMIZE_KSM_HINTS=elastic-agent-kustomize/ksm-hints
 
 # variable for processor for elastic-agent-standalone
 define ELASTIC_PROCESSOR
@@ -117,6 +118,15 @@ $(ALL):
 	@for f in $(shell ls $@/*.yaml | grep -v elastic-agent-standalone-daemonset-configmap); do \
 		cp -r $$f  $(KUSTOMIZE_KSM_AUTOSHARDING)/$@/base; \
 	done
+
+	@echo "Generating $@ kustomize-ksm-hints files"
+	@for f in $(shell ls elastic-agent-standalone/*.yaml | grep elastic-agent-standalone-daemonset-configmap.yaml); do \
+		cp -r $$f  $(KUSTOMIZE_KSM_HINTS)/elastic-agent-standalone; \
+	done
+	sed -i.bak -e "s/#hints.enabled/hints.enabled/g" -e "s/#hints.default_container_logs/hints.default_container_logs/g" $(KUSTOMIZE_KSM_HINTS)/elastic-agent-standalone/elastic-agent-standalone-daemonset-configmap.yaml
+	sed -i.bak -e "/- id: container-log/,/- \/var\/log\/containers/d" $(KUSTOMIZE_KSM_HINTS)/elastic-agent-standalone/elastic-agent-standalone-daemonset-configmap.yaml
+	rm $(KUSTOMIZE_KSM_HINTS)/elastic-agent-standalone/elastic-agent-standalone-daemonset-configmap.yaml.bak 
+	sed -e "s/%VERSION%/${BEAT_VERSION}/g" -e "s/%BRANCH%/${BRANCH_VERSION}/g"  $(KUSTOMIZE_KSM_HINTS)/elastic-agent-standalone/kustomization.yaml.original > $(KUSTOMIZE_KSM_HINTS)/elastic-agent-standalone/kustomization.yaml
 
 	mkdir -p $(KUSTOMIZE_KSM_AUTOSHARDING)/$@/extra/
 	sed -e "s/%VERSION%/${BEAT_VERSION}/g" -e "s/%BRANCH%/${BRANCH_VERSION}/g" -e "/name: elastic-agent-state/,+1 s/^/#/" -e "/path: \/var\/lib\/$@\/kube-system\/state/,+1 s/^/#/" $@/$@-daemonset.yaml > $(KUSTOMIZE_KSM_AUTOSHARDING)/$@/base/$@-daemonset.yaml

diff --git a/deploy/kubernetes/elastic-agent-kustomize/default/README.md b/deploy/kubernetes/elastic-agent-kustomize/default/README.md
@@ -39,7 +39,7 @@ Users can use following commands:
 Managed Elastic Agent:
 
 ```bash
-❯ kubectl https://github.com/elastic/elastic-agent/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-maanged\?ref\=main | sed -e "s/JUVOUk9MTE1FTlRfVE9LRU4l/base64_ENCODED_ENROLLMENT_TOKEN/g" -e "s/%FLEET_URL%/https:\/\/localhost:9200/g" | kubectl apply -f-
+❯ kubectl kustomize https://github.com/elastic/elastic-agent/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-maanged\?ref\=main | sed -e "s/JUVOUk9MTE1FTlRfVE9LRU4l/base64_ENCODED_ENROLLMENT_TOKEN/g" -e "s/%FLEET_URL%/https:\/\/localhost:9200/g" | kubectl apply -f-
 
 ```
 

diff --git a/...t-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml b/...t-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml
@@ -33,13 +33,11 @@ spec:
       #    args:
       #      - -c
       #      - >-
-      #        mkdir -p /usr/share/elastic-agent/state/inputs.d &&
-      #        curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /usr/share/elastic-agent/state/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d"
-      #    securityContext:
-      #      runAsUser: 0
+      #        mkdir -p /etc/elastic-agent/inputs.d &&
+      #        curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d"
       #    volumeMounts:
-      #      - name: elastic-agent-state
-      #        mountPath: /usr/share/elastic-agent/state
+      #      - name: external-inputs
+      #        mountPath: /etc/elastic-agent/inputs.d
       containers:
         - name: elastic-agent-standalone
           image: docker.elastic.co/beats/elastic-agent:9.0.0
@@ -113,6 +111,9 @@ spec:
               mountPath: /sys/kernel/debug
             - name: elastic-agent-state
               mountPath: /usr/share/elastic-agent/state
+            # Uncomment if using hints feature
+            # - name: external-inputs
+            #   mountPath: /usr/share/elastic-agent/state/inputs.d
       volumes:
         - name: datastreams
           configMap:
@@ -151,3 +152,6 @@ spec:
           hostPath:
             path: /var/lib/elastic-agent-standalone/kube-system/state
             type: DirectoryOrCreate
+        # Uncomment if using hints feature
+        # - name: external-inputs
+        #   emptyDir: {}
diff --git a/...ze/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml b/...ze/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml
@@ -33,13 +33,11 @@ spec:
       #    args:
       #      - -c
       #      - >-
-      #        mkdir -p /usr/share/elastic-agent/state/inputs.d &&
-      #        curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /usr/share/elastic-agent/state/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d"
-      #    securityContext:
-      #      runAsUser: 0
+      #        mkdir -p /etc/elastic-agent/inputs.d &&
+      #        curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d"
       #    volumeMounts:
-#      #      - name: elastic-agent-state
-#      #        mountPath: /usr/share/elastic-agent/state
+      #      - name: external-inputs
+      #        mountPath: /etc/elastic-agent/inputs.d
       containers:
         - name: elastic-agent-standalone
           image: docker.elastic.co/beats/elastic-agent:9.0.0
@@ -113,6 +111,9 @@ spec:
               mountPath: /sys/kernel/debug
 #            - name: elastic-agent-state
 #              mountPath: /usr/share/elastic-agent/state
+            # Uncomment if using hints feature
+            # - name: external-inputs
+            #   mountPath: /usr/share/elastic-agent/state/inputs.d
       volumes:
         - name: datastreams
           configMap:
@@ -151,3 +152,6 @@ spec:
 #          hostPath:
 #            path: /var/lib/elastic-agent-standalone/kube-system/state
 #            type: DirectoryOrCreate
+        # Uncomment if using hints feature
+        # - name: external-inputs
+        #   emptyDir: {}
diff --git a/...ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml b/...ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml
@@ -33,13 +33,11 @@ spec:
       #    args:
       #      - -c
       #      - >-
-      #        mkdir -p /usr/share/elastic-agent/state/inputs.d &&
-      #        curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /usr/share/elastic-agent/state/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d"
-      #    securityContext:
-      #      runAsUser: 0
+      #        mkdir -p /etc/elastic-agent/inputs.d &&
+      #        curl -sL https://github.com/elastic/elastic-agent/archive/9.0.tar.gz | tar xz -C /etc/elastic-agent/inputs.d --strip=5 "elastic-agent-9.0/deploy/kubernetes/elastic-agent-standalone/templates.d"
       #    volumeMounts:
-#      #      - name: elastic-agent-state
-#      #        mountPath: /usr/share/elastic-agent/state
+      #      - name: external-inputs
+      #        mountPath: /etc/elastic-agent/inputs.d
       containers:
         - name: elastic-agent-standalone
           image: docker.elastic.co/beats/elastic-agent:9.0.0
@@ -113,6 +111,9 @@ spec:
               mountPath: /sys/kernel/debug
 #            - name: elastic-agent-state
 #              mountPath: /usr/share/elastic-agent/state
+            # Uncomment if using hints feature
+            # - name: external-inputs
+            #   mountPath: /usr/share/elastic-agent/state/inputs.d
       volumes:
         - name: datastreams
           configMap:
@@ -151,3 +152,6 @@ spec:
 #          hostPath:
 #            path: /var/lib/elastic-agent-standalone/kube-system/state
 #            type: DirectoryOrCreate
+        # Uncomment if using hints feature
+        # - name: external-inputs
+        #   emptyDir: {}