From 9fd4c0d19b540a5a52f9a4f2036e9153b9849fd6 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Thu, 2 Sep 2021 19:02:16 +0200 Subject: [PATCH 1/6] Use embed in internal profile --- .../_static/Dockerfile.package-registry | 5 ++ .../docker-compose-snapshot.yml} | 24 +----- internal/profile/_static/kibana_config.yml | 17 ++++ internal/profile/_static/package_registry.yml | 5 ++ internal/profile/static.go | 78 +++++++++++++++++++ internal/profile/static_kibana_config_yml.go | 38 --------- .../static_package_registry_config_yml.go | 27 ------- .../static_package_registry_dockerfile.go | 32 -------- 8 files changed, 106 insertions(+), 120 deletions(-) create mode 100644 internal/profile/_static/Dockerfile.package-registry rename internal/profile/{static_snapshot_yml.go => _static/docker-compose-snapshot.yml} (82%) create mode 100644 internal/profile/_static/kibana_config.yml create mode 100644 internal/profile/_static/package_registry.yml create mode 100644 internal/profile/static.go delete mode 100644 internal/profile/static_kibana_config_yml.go delete mode 100644 internal/profile/static_package_registry_config_yml.go delete mode 100644 internal/profile/static_package_registry_dockerfile.go diff --git a/internal/profile/_static/Dockerfile.package-registry b/internal/profile/_static/Dockerfile.package-registry new file mode 100644 index 0000000000..2e4ebe4904 --- /dev/null +++ b/internal/profile/_static/Dockerfile.package-registry @@ -0,0 +1,5 @@ +FROM __BASE_IMAGE__ + +ARG PROFILE +COPY profiles/${PROFILE}/stack/package-registry.config.yml /package-registry/config.yml +COPY stack/development/ /packages/development diff --git a/internal/profile/static_snapshot_yml.go b/internal/profile/_static/docker-compose-snapshot.yml similarity index 82% rename from internal/profile/static_snapshot_yml.go rename to internal/profile/_static/docker-compose-snapshot.yml index 889ec128f9..f4316c9ae9 100644 --- a/internal/profile/static_snapshot_yml.go +++ b/internal/profile/_static/docker-compose-snapshot.yml @@ -1,17 +1,4 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package profile - -import ( - "path/filepath" -) - -// SnapshotFile is the docker-compose snapshot.yml file name -const SnapshotFile configFile = "snapshot.yml" - -const snapshotYml = `version: '2.3' +version: '2.3' services: elasticsearch: image: "${ELASTICSEARCH_IMAGE_REF}" @@ -139,12 +126,3 @@ services: elastic-agent: condition: service_healthy ` - -// newSnapshotFile returns a Managed Config -func newSnapshotFile(_ string, profilePath string) (*simpleFile, error) { - return &simpleFile{ - name: string(SnapshotFile), - path: filepath.Join(profilePath, profileStackPath, string(SnapshotFile)), - body: snapshotYml, - }, nil -} diff --git a/internal/profile/_static/kibana_config.yml b/internal/profile/_static/kibana_config.yml new file mode 100644 index 0000000000..ef36ef4841 --- /dev/null +++ b/internal/profile/_static/kibana_config.yml @@ -0,0 +1,17 @@ +server.name: kibana +server.host: "0.0.0.0" + +elasticsearch.hosts: [ "http://elasticsearch:9200" ] +elasticsearch.username: elastic +elasticsearch.password: changeme + +xpack.monitoring.ui.container.elasticsearch.enabled: true + +xpack.fleet.enabled: true +xpack.fleet.registryUrl: "http://package-registry:8080" +xpack.fleet.agents.enabled: true +xpack.fleet.agents.elasticsearch.host: "http://elasticsearch:9200" +xpack.fleet.agents.fleet_server.hosts: ["http://fleet-server:8220"] + +xpack.encryptedSavedObjects.encryptionKey: "12345678901234567890123456789012" +` diff --git a/internal/profile/_static/package_registry.yml b/internal/profile/_static/package_registry.yml new file mode 100644 index 0000000000..ed56090f02 --- /dev/null +++ b/internal/profile/_static/package_registry.yml @@ -0,0 +1,5 @@ +package_paths: + - /packages/development + - /packages/production + - /packages/staging + - /packages/snapshot diff --git a/internal/profile/static.go b/internal/profile/static.go new file mode 100644 index 0000000000..9a1e402812 --- /dev/null +++ b/internal/profile/static.go @@ -0,0 +1,78 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package profile + +import ( + _ "embed" + "path/filepath" + "strings" +) + +// SnapshotFile is the docker-compose snapshot.yml file name +const SnapshotFile configFile = "snapshot.yml" + +//go:embed _static/docker-compose-snapshot.yml +var snapshotYml string + +// newSnapshotFile returns a Managed Config +func newSnapshotFile(_ string, profilePath string) (*simpleFile, error) { + return &simpleFile{ + name: string(SnapshotFile), + path: filepath.Join(profilePath, profileStackPath, string(SnapshotFile)), + body: snapshotYml, + }, nil +} + +// KibanaConfigFile is the main kibana config file +const KibanaConfigFile configFile = "kibana.config.yml" + +//go:embed _static/kibana_config.yml +var kibanaConfigYml string + +// newKibanaConfig returns a Managed Config +func newKibanaConfig(_ string, profilePath string) (*simpleFile, error) { + return &simpleFile{ + name: string(KibanaConfigFile), + path: filepath.Join(profilePath, profileStackPath, string(KibanaConfigFile)), + body: kibanaConfigYml, + }, nil +} + +// PackageRegistryConfigFile is the config file for the Elastic Package registry +const PackageRegistryConfigFile configFile = "package-registry.config.yml" + +//go:embed _static/package_registry.yml +var packageRegistryConfigYml string + +// newPackageRegistryConfig returns a Managed Config +func newPackageRegistryConfig(_ string, profilePath string) (*simpleFile, error) { + + return &simpleFile{ + name: string(PackageRegistryConfigFile), + path: filepath.Join(profilePath, profileStackPath, string(PackageRegistryConfigFile)), + body: packageRegistryConfigYml, + }, nil +} + +// PackageRegistryBaseImage is the base Docker image of the Elastic Package Registry. +const PackageRegistryBaseImage = "docker.elastic.co/package-registry/distribution:snapshot" + +// PackageRegistryDockerfileFile is the dockerfile for the Elastic package registry +const PackageRegistryDockerfileFile configFile = "Dockerfile.package-registry" + +//go:embed _static/Dockerfile.package-registry +var packageRegistryDockerfileTmpl string +var packageRegistryDockerfile = strings.Replace(packageRegistryDockerfileTmpl, + "__BASE_IMAGE__", PackageRegistryBaseImage, -1) + +// newPackageRegistryDockerfile returns a new config for the package-registry +func newPackageRegistryDockerfile(_ string, profilePath string) (*simpleFile, error) { + return &simpleFile{ + name: string(PackageRegistryDockerfileFile), + path: filepath.Join(profilePath, profileStackPath, string(PackageRegistryDockerfileFile)), + body: packageRegistryDockerfile, + }, nil + +} diff --git a/internal/profile/static_kibana_config_yml.go b/internal/profile/static_kibana_config_yml.go deleted file mode 100644 index 28287e271c..0000000000 --- a/internal/profile/static_kibana_config_yml.go +++ /dev/null @@ -1,38 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package profile - -import "path/filepath" - -const kibanaConfigYml = ` -server.name: kibana -server.host: "0.0.0.0" - -elasticsearch.hosts: [ "http://elasticsearch:9200" ] -elasticsearch.username: elastic -elasticsearch.password: changeme - -xpack.monitoring.ui.container.elasticsearch.enabled: true - -xpack.fleet.enabled: true -xpack.fleet.registryUrl: "http://package-registry:8080" -xpack.fleet.agents.enabled: true -xpack.fleet.agents.elasticsearch.host: "http://elasticsearch:9200" -xpack.fleet.agents.fleet_server.hosts: ["http://fleet-server:8220"] - -xpack.encryptedSavedObjects.encryptionKey: "12345678901234567890123456789012" -` - -// KibanaConfigFile is the main kibana config file -const KibanaConfigFile configFile = "kibana.config.yml" - -// newKibanaConfig returns a Managed Config -func newKibanaConfig(_ string, profilePath string) (*simpleFile, error) { - return &simpleFile{ - name: string(KibanaConfigFile), - path: filepath.Join(profilePath, profileStackPath, string(KibanaConfigFile)), - body: kibanaConfigYml, - }, nil -} diff --git a/internal/profile/static_package_registry_config_yml.go b/internal/profile/static_package_registry_config_yml.go deleted file mode 100644 index dd3fc0d195..0000000000 --- a/internal/profile/static_package_registry_config_yml.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package profile - -import "path/filepath" - -const packageRegistryConfigYml = `package_paths: - - /packages/development - - /packages/production - - /packages/staging - - /packages/snapshot -` - -// PackageRegistryConfigFile is the config file for the Elastic Package registry -const PackageRegistryConfigFile configFile = "package-registry.config.yml" - -// newPackageRegistryConfig returns a Managed Config -func newPackageRegistryConfig(_ string, profilePath string) (*simpleFile, error) { - - return &simpleFile{ - name: string(PackageRegistryConfigFile), - path: filepath.Join(profilePath, profileStackPath, string(PackageRegistryConfigFile)), - body: packageRegistryConfigYml, - }, nil -} diff --git a/internal/profile/static_package_registry_dockerfile.go b/internal/profile/static_package_registry_dockerfile.go deleted file mode 100644 index e702ba93a6..0000000000 --- a/internal/profile/static_package_registry_dockerfile.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package profile - -import ( - "path/filepath" -) - -// PackageRegistryBaseImage is the base Docker image of the Elastic Package Registry. -const PackageRegistryBaseImage = "docker.elastic.co/package-registry/distribution:snapshot" - -// PackageRegistryDockerfileFile is the dockerfile for the Elastic package registry -const PackageRegistryDockerfileFile configFile = "Dockerfile.package-registry" - -const packageRegistryDockerfile = `FROM ` + PackageRegistryBaseImage + ` - -ARG PROFILE -COPY profiles/${PROFILE}/stack/package-registry.config.yml /package-registry/config.yml -COPY stack/development/ /packages/development -` - -// newPackageRegistryDockerfile returns a new config for the package-registry -func newPackageRegistryDockerfile(_ string, profilePath string) (*simpleFile, error) { - return &simpleFile{ - name: string(PackageRegistryDockerfileFile), - path: filepath.Join(profilePath, profileStackPath, string(PackageRegistryDockerfileFile)), - body: packageRegistryDockerfile, - }, nil - -} From e4c49e95bc91f20c70c97c728f154c5882d6f175 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Thu, 2 Sep 2021 19:29:49 +0200 Subject: [PATCH 2/6] Use embed for install static files --- .../_static/Dockerfile.terraform_deployer | 7 +++++++ .../install/_static/kibana_healthcheck.sh | 7 +++++++ .../install/_static/terraform_deployer.yml | 10 ++++++++++ .../terraform_deployer_run.sh} | 8 +------- internal/install/static.go | 19 +++++++++++++++++++ .../install/static_kibana_healthcheck_sh.go | 13 ------------- .../static_terraform_deployer_dockerfile.go | 13 ------------- .../install/static_terraform_deployer_yml.go | 16 ---------------- 8 files changed, 44 insertions(+), 49 deletions(-) create mode 100644 internal/install/_static/Dockerfile.terraform_deployer create mode 100644 internal/install/_static/kibana_healthcheck.sh create mode 100644 internal/install/_static/terraform_deployer.yml rename internal/install/{static_terraform_deployer_run.go => _static/terraform_deployer_run.sh} (53%) create mode 100644 internal/install/static.go delete mode 100644 internal/install/static_kibana_healthcheck_sh.go delete mode 100644 internal/install/static_terraform_deployer_dockerfile.go delete mode 100644 internal/install/static_terraform_deployer_yml.go diff --git a/internal/install/_static/Dockerfile.terraform_deployer b/internal/install/_static/Dockerfile.terraform_deployer new file mode 100644 index 0000000000..9f58051ec9 --- /dev/null +++ b/internal/install/_static/Dockerfile.terraform_deployer @@ -0,0 +1,7 @@ +FROM hashicorp/terraform:light +ENV TF_IN_AUTOMATION=true +HEALTHCHECK --timeout=3s CMD sh -c "[ -f /tmp/tf-applied ]" +ADD run.sh / +WORKDIR /workspace +ENTRYPOINT sh /run.sh +` diff --git a/internal/install/_static/kibana_healthcheck.sh b/internal/install/_static/kibana_healthcheck.sh new file mode 100644 index 0000000000..837a2f1568 --- /dev/null +++ b/internal/install/_static/kibana_healthcheck.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e + +curl -s -f http://127.0.0.1:5601/login | grep kbn-injected-metadata 2>&1 >/dev/null +curl -s -f -u elastic:changeme "http://elasticsearch:9200/_cat/indices/.security-*?h=health" | grep -v red +` diff --git a/internal/install/_static/terraform_deployer.yml b/internal/install/_static/terraform_deployer.yml new file mode 100644 index 0000000000..063bc40541 --- /dev/null +++ b/internal/install/_static/terraform_deployer.yml @@ -0,0 +1,10 @@ +version: '2.3' +services: + terraform: + build: . + tty: true + environment: + - TF_VAR_TEST_RUN_ID=${TF_VAR_TEST_RUN_ID:-detached} + volumes: + - ${TF_DIR}:/stage +` diff --git a/internal/install/static_terraform_deployer_run.go b/internal/install/_static/terraform_deployer_run.sh similarity index 53% rename from internal/install/static_terraform_deployer_run.go rename to internal/install/_static/terraform_deployer_run.sh index 4d2b643bf1..3a4d35456c 100644 --- a/internal/install/static_terraform_deployer_run.go +++ b/internal/install/_static/terraform_deployer_run.sh @@ -1,10 +1,4 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package install - -const terraformDeployerRun = `#!sh +#!sh set -euxo pipefail diff --git a/internal/install/static.go b/internal/install/static.go new file mode 100644 index 0000000000..20ad26ec63 --- /dev/null +++ b/internal/install/static.go @@ -0,0 +1,19 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package install + +import _ "embed" + +//go:embed _static/kibana_healthcheck.sh +var kibanaHealthcheckSh string + +//go:embed _static/Dockerfile.terraform_deployer +var terraformDeployerDockerfile string + +//go:embed _static/terraform_deployer.yml +var terraformDeployerYml string + +//go:embed _static/terraform_deployer_run.sh +var terraformDeployerRun string diff --git a/internal/install/static_kibana_healthcheck_sh.go b/internal/install/static_kibana_healthcheck_sh.go deleted file mode 100644 index 77f07efe0d..0000000000 --- a/internal/install/static_kibana_healthcheck_sh.go +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package install - -const kibanaHealthcheckSh = `#!/bin/bash - -set -e - -curl -s -f http://127.0.0.1:5601/login | grep kbn-injected-metadata 2>&1 >/dev/null -curl -s -f -u elastic:changeme "http://elasticsearch:9200/_cat/indices/.security-*?h=health" | grep -v red -` diff --git a/internal/install/static_terraform_deployer_dockerfile.go b/internal/install/static_terraform_deployer_dockerfile.go deleted file mode 100644 index 91b320e0ee..0000000000 --- a/internal/install/static_terraform_deployer_dockerfile.go +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package install - -const terraformDeployerDockerfile = `FROM hashicorp/terraform:light -ENV TF_IN_AUTOMATION=true -HEALTHCHECK --timeout=3s CMD sh -c "[ -f /tmp/tf-applied ]" -ADD run.sh / -WORKDIR /workspace -ENTRYPOINT sh /run.sh -` diff --git a/internal/install/static_terraform_deployer_yml.go b/internal/install/static_terraform_deployer_yml.go deleted file mode 100644 index 1bc8704f18..0000000000 --- a/internal/install/static_terraform_deployer_yml.go +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package install - -const terraformDeployerYml = `version: '2.3' -services: - terraform: - build: . - tty: true - environment: - - TF_VAR_TEST_RUN_ID=${TF_VAR_TEST_RUN_ID:-detached} - volumes: - - ${TF_DIR}:/stage -` From 0d2cbe45e2d6a46712de46d900b6262b162f5bcf Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Thu, 2 Sep 2021 19:33:14 +0200 Subject: [PATCH 3/6] Rename file --- .../{docker-compose-snapshot.yml => docker-compose-stack.yml} | 0 internal/profile/static.go | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename internal/profile/_static/{docker-compose-snapshot.yml => docker-compose-stack.yml} (100%) diff --git a/internal/profile/_static/docker-compose-snapshot.yml b/internal/profile/_static/docker-compose-stack.yml similarity index 100% rename from internal/profile/_static/docker-compose-snapshot.yml rename to internal/profile/_static/docker-compose-stack.yml diff --git a/internal/profile/static.go b/internal/profile/static.go index 9a1e402812..7bc218a8a3 100644 --- a/internal/profile/static.go +++ b/internal/profile/static.go @@ -13,7 +13,7 @@ import ( // SnapshotFile is the docker-compose snapshot.yml file name const SnapshotFile configFile = "snapshot.yml" -//go:embed _static/docker-compose-snapshot.yml +//go:embed _static/docker-compose-stack.yml var snapshotYml string // newSnapshotFile returns a Managed Config From efd036023466cb5a0f7e654af7d4e481373c04d2 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Thu, 2 Sep 2021 19:58:17 +0200 Subject: [PATCH 4/6] Embed elastic agent manifest --- .../elastic-agent-managed.yaml.tmpl | 212 ++++++++++++++++++ .../system/servicedeployer/kubernetes.go | 82 ++----- 2 files changed, 226 insertions(+), 68 deletions(-) create mode 100644 internal/testrunner/runners/system/servicedeployer/elastic-agent-managed.yaml.tmpl diff --git a/internal/testrunner/runners/system/servicedeployer/elastic-agent-managed.yaml.tmpl b/internal/testrunner/runners/system/servicedeployer/elastic-agent-managed.yaml.tmpl new file mode 100644 index 0000000000..9dc962776d --- /dev/null +++ b/internal/testrunner/runners/system/servicedeployer/elastic-agent-managed.yaml.tmpl @@ -0,0 +1,212 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: elastic-agent + namespace: kube-system + labels: + app: elastic-agent +spec: + selector: + matchLabels: + app: elastic-agent + template: + metadata: + labels: + app: elastic-agent + spec: + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: elastic-agent + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: elastic-agent + image: {{ .elasticAgentImage }} + env: + - name: FLEET_ENROLL + value: "1" + # Set to true in case of insecure or unverified HTTP + - name: FLEET_INSECURE + value: "true" + # The ip:port pair of fleet server + - name: FLEET_URL + value: {{ .fleetURL }} + # If left empty KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed + - name: FLEET_ENROLLMENT_TOKEN + value: "" + - name: KIBANA_HOST + value: "http://kibana:5601" + - name: KIBANA_FLEET_USERNAME + value: "elastic" + - name: KIBANA_FLEET_PASSWORD + value: "changeme" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + securityContext: + runAsUser: 0 + resources: + limits: + memory: 500Mi + requests: + cpu: 100m + memory: 200Mi + volumeMounts: + - name: proc + mountPath: /hostfs/proc + readOnly: true + - name: cgroup + mountPath: /hostfs/sys/fs/cgroup + readOnly: true + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + - name: varlog + mountPath: /var/log + readOnly: true + volumes: + - name: proc + hostPath: + path: /proc + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + - name: varlog + hostPath: + path: /var/log +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: ClusterRole + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: kube-system + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: Role + name: elastic-agent-kubeadm-config + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: elastic-agent + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + - services + - configmaps + verbs: ["get", "list", "watch"] + # Enable this rule only if planing to use kubernetes_secrets provider + #- apiGroups: [""] + # resources: + # - secrets + # verbs: ["get"] + - apiGroups: ["extensions"] + resources: + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + - deployments + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + - apiGroups: [ "batch" ] + resources: + - jobs + verbs: [ "get", "list", "watch" ] + # required for apiserver + - nonResourceURLs: + - "/metrics" + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent + # should be the namespace where elastic-agent is running + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: elastic-agent-kubeadm-config + namespace: kube-system + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - configmaps + resourceNames: + - kubeadm-config + verbs: ["get"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elastic-agent + namespace: kube-system + labels: + k8s-app: elastic-agent +--- diff --git a/internal/testrunner/runners/system/servicedeployer/kubernetes.go b/internal/testrunner/runners/system/servicedeployer/kubernetes.go index 646234fd39..80f1418943 100644 --- a/internal/testrunner/runners/system/servicedeployer/kubernetes.go +++ b/internal/testrunner/runners/system/servicedeployer/kubernetes.go @@ -5,14 +5,12 @@ package servicedeployer import ( - "fmt" - "io" - "net/http" + "bytes" + _ "embed" "os" "path/filepath" - "regexp" "strings" - "time" + "text/template" "github.com/pkg/errors" @@ -22,8 +20,6 @@ import ( "github.com/elastic/elastic-package/internal/logger" ) -const elasticAgentManagedYamlURL = "https://raw.githubusercontent.com/elastic/beats/7.x/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml" - // KubernetesServiceDeployer is responsible for deploying resources in the Kubernetes cluster. type KubernetesServiceDeployer struct { definitionsDir string @@ -163,75 +159,25 @@ func installElasticAgentInCluster() error { return nil } -// downloadElasticAgentManagedYAML will download a url from a path and return the response body. -func downloadElasticAgentManagedYAML(url string) ([]byte, error) { - // Get the data - resp, err := http.Get(url) - if err != nil { - return nil, errors.Wrapf(err, "failed to get file from URL %s", url) - } - defer resp.Body.Close() - - b, err := io.ReadAll(resp.Body) - if err != nil { - return nil, errors.Wrap(err, "failed to read response body") - } - - logger.Debugf("status code when downloading elastic-agent-managed-kubernetes.yaml is %d", resp.StatusCode) - if resp.StatusCode != 200 { - return nil, fmt.Errorf("downloading failed due to status code %d, resp body: %s", resp.StatusCode, string(b)) - } - return b, nil -} +//go:embed elastic-agent-managed.yaml.tmpl +var elasticAgentManagedYamlTmpl string -// getElasticAgentYAML retrieves elastic-agent-managed.yaml from upstream and modifies the file as needed -// to run locally. func getElasticAgentYAML() ([]byte, error) { appConfig, err := install.Configuration() if err != nil { return nil, errors.Wrap(err, "can't read application configuration") } - logger.Debugf("downloading elastic-agent-managed-kubernetes.yaml from %s", elasticAgentManagedYamlURL) - // retry downloading elastic agent manifest for 5 times (sleep 10 seconds between each try) in case of error - elasticAgentManagedYaml, err := retryDownloadElasticAgentManagedYAML(elasticAgentManagedYamlURL, 5, 10, - downloadElasticAgentManagedYAML) + tmpl := template.Must(template.New("elastic-agent.yml").Parse(elasticAgentManagedYamlTmpl)) + + var elasticAgentYaml bytes.Buffer + err = tmpl.Execute(&elasticAgentYaml, map[string]string{ + "fleetURL": "http://fleet-server:8220", + "elasticAgentImage": appConfig.DefaultStackImageRefs().ElasticAgent, + }) if err != nil { - return nil, errors.Wrapf(err, "downloading failed for file from source %s", elasticAgentManagedYamlURL) + return nil, errors.Wrap(err, "can't generate elastic agent manifest") } - // Set regex to match fleet url from yaml file - fleetURLRegex := regexp.MustCompile("http(s){0,1}:\\/\\/fleet-server:(\\d+)") - // Replace fleet url - elasticAgentManagedYaml = fleetURLRegex.ReplaceAll(elasticAgentManagedYaml, []byte("http://fleet-server:8220")) - - // Set regex to match image name from yaml file - imageRegex := regexp.MustCompile("docker.elastic.co/beats/elastic-agent:\\d.+") - // Replace image name - elasticAgentManagedYaml = imageRegex.ReplaceAll(elasticAgentManagedYaml, []byte(appConfig.DefaultStackImageRefs().ElasticAgent)) - - return elasticAgentManagedYaml, nil -} - -// retryDownloadElasticAgentManagedYAML retries downloading elastic agent managed manifest for x attempts -// until there is no error and bytes of the file are more than 2000. -func retryDownloadElasticAgentManagedYAML(url string, attempts int, sleep time.Duration, f func(string) ([]byte, error)) ( - elasticAgentManagedYaml []byte, err error) { - for i := 0; i < attempts; i++ { - if i > 0 { - logger.Debugf("retrying download attempt %d", i+1) - time.Sleep(sleep * time.Second) - } - elasticAgentManagedYaml, err = f(url) - if err == nil { - logger.Debugf("downloaded %d bytes", len(elasticAgentManagedYaml)) - if len(elasticAgentManagedYaml) > 2000 { - return elasticAgentManagedYaml, nil - } - err = fmt.Errorf("bytes downloaded should be more than 2000 but where: %d", len(elasticAgentManagedYaml)) - logger.Debugf("failed because %s", err) - } - } - return nil, - errors.Wrapf(err, "failed after %d unsuccessful attempts of downloading elastic-agent-managed-kubernetes.yaml", attempts) + return elasticAgentYaml.Bytes(), nil } From 4d9927e7d09673c5002d091a517e323e388c4c5d Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Thu, 2 Sep 2021 20:11:35 +0200 Subject: [PATCH 5/6] Remove quotes --- internal/install/_static/Dockerfile.terraform_deployer | 1 - internal/install/_static/kibana_healthcheck.sh | 1 - internal/install/_static/terraform_deployer.yml | 1 - internal/install/_static/terraform_deployer_run.sh | 1 - internal/profile/_static/docker-compose-stack.yml | 1 - internal/profile/_static/kibana_config.yml | 1 - 6 files changed, 6 deletions(-) diff --git a/internal/install/_static/Dockerfile.terraform_deployer b/internal/install/_static/Dockerfile.terraform_deployer index 9f58051ec9..acb0afb03e 100644 --- a/internal/install/_static/Dockerfile.terraform_deployer +++ b/internal/install/_static/Dockerfile.terraform_deployer @@ -4,4 +4,3 @@ HEALTHCHECK --timeout=3s CMD sh -c "[ -f /tmp/tf-applied ]" ADD run.sh / WORKDIR /workspace ENTRYPOINT sh /run.sh -` diff --git a/internal/install/_static/kibana_healthcheck.sh b/internal/install/_static/kibana_healthcheck.sh index 837a2f1568..72c96bd731 100644 --- a/internal/install/_static/kibana_healthcheck.sh +++ b/internal/install/_static/kibana_healthcheck.sh @@ -4,4 +4,3 @@ set -e curl -s -f http://127.0.0.1:5601/login | grep kbn-injected-metadata 2>&1 >/dev/null curl -s -f -u elastic:changeme "http://elasticsearch:9200/_cat/indices/.security-*?h=health" | grep -v red -` diff --git a/internal/install/_static/terraform_deployer.yml b/internal/install/_static/terraform_deployer.yml index 063bc40541..356415e454 100644 --- a/internal/install/_static/terraform_deployer.yml +++ b/internal/install/_static/terraform_deployer.yml @@ -7,4 +7,3 @@ services: - TF_VAR_TEST_RUN_ID=${TF_VAR_TEST_RUN_ID:-detached} volumes: - ${TF_DIR}:/stage -` diff --git a/internal/install/_static/terraform_deployer_run.sh b/internal/install/_static/terraform_deployer_run.sh index 3a4d35456c..5d2455685d 100644 --- a/internal/install/_static/terraform_deployer_run.sh +++ b/internal/install/_static/terraform_deployer_run.sh @@ -22,4 +22,3 @@ echo "Terraform definitions applied." set +x while true; do sleep 1; done # wait for ctrl-c -` diff --git a/internal/profile/_static/docker-compose-stack.yml b/internal/profile/_static/docker-compose-stack.yml index f4316c9ae9..d4c7180d4f 100644 --- a/internal/profile/_static/docker-compose-stack.yml +++ b/internal/profile/_static/docker-compose-stack.yml @@ -125,4 +125,3 @@ services: depends_on: elastic-agent: condition: service_healthy -` diff --git a/internal/profile/_static/kibana_config.yml b/internal/profile/_static/kibana_config.yml index ef36ef4841..d0bec7c25d 100644 --- a/internal/profile/_static/kibana_config.yml +++ b/internal/profile/_static/kibana_config.yml @@ -14,4 +14,3 @@ xpack.fleet.agents.elasticsearch.host: "http://elasticsearch:9200" xpack.fleet.agents.fleet_server.hosts: ["http://fleet-server:8220"] xpack.encryptedSavedObjects.encryptionKey: "12345678901234567890123456789012" -` From 1543ed48b90b1719b4310fffe3812e8419624095 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Thu, 2 Sep 2021 21:13:35 +0200 Subject: [PATCH 6/6] Embed kube-state-metrics yaml --- ...ta.go => kube-state-metrics-multiple.yaml} | 80 +------------------ .../kubectl/kube-state-metrics-single.yaml | 69 ++++++++++++++++ internal/kubectl/kubectl_apply_test.go | 7 ++ 3 files changed, 77 insertions(+), 79 deletions(-) rename internal/kubectl/{kubectl_apply_testdata.go => kube-state-metrics-multiple.yaml} (87%) create mode 100644 internal/kubectl/kube-state-metrics-single.yaml diff --git a/internal/kubectl/kubectl_apply_testdata.go b/internal/kubectl/kube-state-metrics-multiple.yaml similarity index 87% rename from internal/kubectl/kubectl_apply_testdata.go rename to internal/kubectl/kube-state-metrics-multiple.yaml index eed686ae36..38ab73e701 100644 --- a/internal/kubectl/kubectl_apply_testdata.go +++ b/internal/kubectl/kube-state-metrics-multiple.yaml @@ -1,81 +1,4 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package kubectl - -const singleDefinitionFile = `apiVersion: v1 -kind: Service -metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"kube-state-metrics","app.kubernetes.io/version":"2.0.0-rc.1"},"name":"kube-state-metrics","namespace":"kube-system"},"spec":{"clusterIP":"None","ports":[{"name":"http-metrics","port":8080,"targetPort":"http-metrics"},{"name":"telemetry","port":8081,"targetPort":"telemetry"}],"selector":{"app.kubernetes.io/name":"kube-state-metrics"}}} - creationTimestamp: "2021-04-13T10:50:22Z" - labels: - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: 2.0.0-rc.1 - managedFields: - - apiVersion: v1 - fieldsType: FieldsV1 - fieldsV1: - f:metadata: - f:annotations: - .: {} - f:kubectl.kubernetes.io/last-applied-configuration: {} - f:labels: - .: {} - f:app.kubernetes.io/name: {} - f:app.kubernetes.io/version: {} - f:spec: - f:clusterIP: {} - f:ports: - .: {} - k:{"port":8080,"protocol":"TCP"}: - .: {} - f:name: {} - f:port: {} - f:protocol: {} - f:targetPort: {} - k:{"port":8081,"protocol":"TCP"}: - .: {} - f:name: {} - f:port: {} - f:protocol: {} - f:targetPort: {} - f:selector: - .: {} - f:app.kubernetes.io/name: {} - f:sessionAffinity: {} - f:type: {} - manager: kubectl - operation: Update - time: "2021-04-13T10:50:22Z" - name: kube-state-metrics - namespace: kube-system - resourceVersion: "630" - uid: 12a3a777-97bf-476d-9a96-4c9265bdb7d9 -spec: - clusterIP: None - clusterIPs: - - None - ports: - - name: http-metrics - port: 8080 - protocol: TCP - targetPort: http-metrics - - name: telemetry - port: 8081 - protocol: TCP - targetPort: telemetry - selector: - app.kubernetes.io/name: kube-state-metrics - sessionAffinity: None - type: ClusterIP -status: - loadBalancer: {} -` - -const multipleDefinitionFiles = `apiVersion: v1 +apiVersion: v1 items: - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -584,4 +507,3 @@ items: loadBalancer: {} kind: List metadata: {} -` diff --git a/internal/kubectl/kube-state-metrics-single.yaml b/internal/kubectl/kube-state-metrics-single.yaml new file mode 100644 index 0000000000..ab112155cf --- /dev/null +++ b/internal/kubectl/kube-state-metrics-single.yaml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"kube-state-metrics","app.kubernetes.io/version":"2.0.0-rc.1"},"name":"kube-state-metrics","namespace":"kube-system"},"spec":{"clusterIP":"None","ports":[{"name":"http-metrics","port":8080,"targetPort":"http-metrics"},{"name":"telemetry","port":8081,"targetPort":"telemetry"}],"selector":{"app.kubernetes.io/name":"kube-state-metrics"}}} + creationTimestamp: "2021-04-13T10:50:22Z" + labels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.0.0-rc.1 + managedFields: + - apiVersion: v1 + fieldsType: FieldsV1 + fieldsV1: + f:metadata: + f:annotations: + .: {} + f:kubectl.kubernetes.io/last-applied-configuration: {} + f:labels: + .: {} + f:app.kubernetes.io/name: {} + f:app.kubernetes.io/version: {} + f:spec: + f:clusterIP: {} + f:ports: + .: {} + k:{"port":8080,"protocol":"TCP"}: + .: {} + f:name: {} + f:port: {} + f:protocol: {} + f:targetPort: {} + k:{"port":8081,"protocol":"TCP"}: + .: {} + f:name: {} + f:port: {} + f:protocol: {} + f:targetPort: {} + f:selector: + .: {} + f:app.kubernetes.io/name: {} + f:sessionAffinity: {} + f:type: {} + manager: kubectl + operation: Update + time: "2021-04-13T10:50:22Z" + name: kube-state-metrics + namespace: kube-system + resourceVersion: "630" + uid: 12a3a777-97bf-476d-9a96-4c9265bdb7d9 +spec: + clusterIP: None + clusterIPs: + - None + ports: + - name: http-metrics + port: 8080 + protocol: TCP + targetPort: http-metrics + - name: telemetry + port: 8081 + protocol: TCP + targetPort: telemetry + selector: + app.kubernetes.io/name: kube-state-metrics + sessionAffinity: None + type: ClusterIP +status: + loadBalancer: {} diff --git a/internal/kubectl/kubectl_apply_test.go b/internal/kubectl/kubectl_apply_test.go index c800a5322e..13c84f1d12 100644 --- a/internal/kubectl/kubectl_apply_test.go +++ b/internal/kubectl/kubectl_apply_test.go @@ -5,12 +5,19 @@ package kubectl import ( + _ "embed" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) +//go:embed kube-state-metrics-single.yaml +var singleDefinitionFile string + +//go:embed kube-state-metrics-multiple.yaml +var multipleDefinitionFiles string + func TestExtractResources_singleDefinition(t *testing.T) { r, err := extractResources([]byte(singleDefinitionFile)) require.NoError(t, err)