From cc6ecaaf3d38cb170fb2853b577be78b22cc2a96 Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Mon, 9 Sep 2024 13:21:53 -0700 Subject: [PATCH 1/8] Remove cloud-defend from agent cloud-defend will be removed from the next major release. This removes cloud-defend from agent, by removing it from packaging scripts and from template kubernetes files. --- .../base/elastic-agent-managed-daemonset.yaml | 12 ++----- .../elastic-agent-standalone-daemonset.yaml | 12 ++----- .../base/elastic-agent-managed-daemonset.yaml | 12 ++----- .../elastic-agent-standalone-daemonset.yaml | 12 ++----- .../elastic-agent-standalone-statefulset.yaml | 12 ++----- .../elastic-agent-managed-kubernetes.yaml | 12 ++----- .../elastic-agent-managed-daemonset.yaml | 12 ++----- .../elastic-agent-standalone-kubernetes.yaml | 12 ++----- .../elastic-agent-standalone-daemonset.yaml | 12 ++----- dev-tools/mage/checksums.go | 35 ------------------- dev-tools/mage/manifest/manifest.go | 1 - dev-tools/mage/pkgtypes.go | 5 +-- .../docker/Dockerfile.elastic-agent.tmpl | 1 - .../agent-statefulset.yaml | 14 -------- pkg/testing/testdata/build-manifest.json | 30 ---------------- 15 files changed, 19 insertions(+), 175 deletions(-) diff --git a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml index 7acb6daa304..fa042adac5f 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml @@ -65,14 +65,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -141,8 +133,8 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml index d9f9b223319..0b306b97618 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml @@ -72,14 +72,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -147,8 +139,8 @@ spec: - name: var-lib hostPath: path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml index 59d380ba96a..039004e155e 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml @@ -65,14 +65,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -141,8 +133,8 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml index 61820609119..fa84f66496f 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml @@ -72,14 +72,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -147,8 +139,8 @@ spec: - name: var-lib hostPath: path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml index 4b0c505029e..e2af58910af 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml @@ -72,14 +72,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -147,8 +139,8 @@ spec: - name: var-lib hostPath: path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml b/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml index 4e5a117e55d..28c7c1e02ea 100644 --- a/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml +++ b/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml @@ -65,14 +65,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -141,8 +133,8 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-daemonset.yaml b/deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-daemonset.yaml index 61939c5a72b..00eb812eb1b 100644 --- a/deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-daemonset.yaml @@ -65,14 +65,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -141,8 +133,8 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml index 87957234c3f..77dc1445cce 100644 --- a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml +++ b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml @@ -741,14 +741,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -816,8 +808,8 @@ spec: - name: var-lib hostPath: path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset.yaml b/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset.yaml index 908ac0124f5..a8263199683 100644 --- a/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset.yaml @@ -72,14 +72,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -147,8 +139,8 @@ spec: - name: var-lib hostPath: path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/dev-tools/mage/checksums.go b/dev-tools/mage/checksums.go index fbe262f48a6..edfa43efe6d 100644 --- a/dev-tools/mage/checksums.go +++ b/dev-tools/mage/checksums.go @@ -144,26 +144,6 @@ func ChecksumsWithManifest(requiredPackage string, versionedFlatPath string, ver log.Printf(">>>>>>> Calculated directory to copy: [%s]", dirToCopy) } - // cloud-defend path exception - // When untarred, cloud defend untars to: - // cloud-defend-8.14.0-arm64 - // but the manifest (and most of this code) expects to be the same as - // the name in the manifest, which is: - // cloud-defend-8.14.0-linux-x86_64 - // So we have to do a bit of a transformation here - if strings.Contains(dirToCopy, "cloud-defend") { - if strings.Contains(dirToCopy, "x86_64") { - dirToCopy = fixCloudDefendDirPath(dirToCopy, componentVersion, "x86_64", "amd64") - } - if strings.Contains(dirToCopy, "arm64") { - // Not actually replacing the arch, but removing the "linux" - dirToCopy = fixCloudDefendDirPath(dirToCopy, componentVersion, "arm64", "arm64") - } - if mg.Verbose() { - log.Printf(">>>>>>> Adjusted cloud-defend directory to copy: [%s]", dirToCopy) - } - } - // Set copy options options := copy.Options{ OnSymlink: func(_ string) copy.SymlinkAction { @@ -263,18 +243,3 @@ func getComponentVersion(componentName string, requiredPackage string, component return componentVersion } - -// This is a helper function for the cloud-defend package. -// When it is untarred, it does not have the same dirname as the package name. -// This adjusts for that and returns the actual path on disk for cloud-defend -func fixCloudDefendDirPath(dirPath string, componentVersion string, expectedArch string, actualArch string) string { - fixedDirPath := dirPath - - cloudDefendExpectedDirName := fmt.Sprintf("cloud-defend-%s-linux-%s", componentVersion, expectedArch) - cloudDefendActualDirName := fmt.Sprintf("cloud-defend-%s-%s", componentVersion, actualArch) - if strings.Contains(fixedDirPath, cloudDefendExpectedDirName) { - fixedDirPath = strings.ReplaceAll(fixedDirPath, cloudDefendExpectedDirName, cloudDefendActualDirName) - } - - return fixedDirPath -} diff --git a/dev-tools/mage/manifest/manifest.go b/dev-tools/mage/manifest/manifest.go index 94a521ae369..1ebc0c857e8 100644 --- a/dev-tools/mage/manifest/manifest.go +++ b/dev-tools/mage/manifest/manifest.go @@ -98,7 +98,6 @@ var ExpectedBinaries = map[string]BinarySpec{ "agentbeat": {Name: "beats", Platforms: AllPlatforms}, "apm-server": {Name: "apm-server", Platforms: []Platform{{"linux", "x86_64"}, {"linux", "arm64"}, {"windows", "x86_64"}, {"darwin", "x86_64"}}}, "cloudbeat": {Name: "cloudbeat", Platforms: []Platform{{"linux", "x86_64"}, {"linux", "arm64"}}}, - "cloud-defend": {Name: "cloud-defend", Platforms: []Platform{{"linux", "x86_64"}, {"linux", "arm64"}}}, "endpoint-security": {Name: "endpoint-dev", Platforms: AllPlatforms}, "fleet-server": {Name: "fleet-server", Platforms: AllPlatforms}, "pf-elastic-collector": {Name: "prodfiler", Platforms: []Platform{{"linux", "x86_64"}, {"linux", "arm64"}}}, diff --git a/dev-tools/mage/pkgtypes.go b/dev-tools/mage/pkgtypes.go index 976cca075ed..46e7d8f3b19 100644 --- a/dev-tools/mage/pkgtypes.go +++ b/dev-tools/mage/pkgtypes.go @@ -899,10 +899,7 @@ func addFileToZip(ar *zip.Writer, baseDir string, pkgFile PackageFile) error { // addFileToTar adds a file (or directory) to a tar archive. func addFileToTar(ar *tar.Writer, baseDir string, pkgFile PackageFile) error { - excludedFiles := []string{ - "cloud-defend", - "cloud-defend.spec.yml", - } + excludedFiles := []string{} return filepath.WalkDir(pkgFile.Source, func(path string, d fs.DirEntry, err error) error { if err != nil { diff --git a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl index 0e04c3f9ebd..ff5556651fa 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl @@ -31,7 +31,6 @@ RUN true && \ chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/*beat && \ (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/osquery* || true) && \ (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/apm-server || true) && \ - (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/cloud-defend || true) && \ (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/endpoint-security || true) && \ (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/fleet-server || true) && \ (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/pf-elastic-collector || true) && \ diff --git a/docs/manifests/kustomize-autosharding/elastic-agent-kustomize/agent-statefulset.yaml b/docs/manifests/kustomize-autosharding/elastic-agent-kustomize/agent-statefulset.yaml index 178e0a74eef..a2f548950d0 100644 --- a/docs/manifests/kustomize-autosharding/elastic-agent-kustomize/agent-statefulset.yaml +++ b/docs/manifests/kustomize-autosharding/elastic-agent-kustomize/agent-statefulset.yaml @@ -64,13 +64,6 @@ spec: fieldPath: metadata.name securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' resources: limits: memory: 1400Mi @@ -130,10 +123,3 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) - # If you are not using this integration, then these volumes and the corresponding - # mounts can be removed. - - name: sys-kernel-debug - hostPath: - path: /sys/kernel/debug - diff --git a/pkg/testing/testdata/build-manifest.json b/pkg/testing/testdata/build-manifest.json index 450dab61ac8..0646fdd7e01 100644 --- a/pkg/testing/testdata/build-manifest.json +++ b/pkg/testing/testdata/build-manifest.json @@ -4357,36 +4357,6 @@ }, "dependencies": [] }, - "cloud-defend": { - "branch": "main", - "commit_hash": "27215867e613177b0ca57d0357c421c646fac0b5", - "commit_url": "https://github.com/elastic/cloud-defend/commits/27215867e613177b0ca57d0357c421c646fac0b5", - "external_artifacts_manifest_url": "https://artifacts-snapshot.elastic.co/cloud-defend/8.13.0-b12322fc/manifest-8.13.0-SNAPSHOT.json", - "build_duration_seconds": 0, - "packages": { - "cloud-defend-8.13.0-SNAPSHOT-linux-x86_64.tar.gz": { - "url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-x86_64.tar.gz", - "sha_url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-x86_64.tar.gz.sha512", - "asc_url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-x86_64.tar.gz.asc", - "type": "tar", - "architecture": "x86_64", - "os": [ - "linux" - ] - }, - "cloud-defend-8.13.0-SNAPSHOT-linux-arm64.tar.gz": { - "url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-arm64.tar.gz", - "sha_url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-arm64.tar.gz.sha512", - "asc_url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-arm64.tar.gz.asc", - "type": "tar", - "architecture": "arm64", - "os": [ - "linux" - ] - } - }, - "dependencies": [] - }, "beats": { "branch": "main", "commit_hash": "d4d2ddce3230f21f01a19afdb836626f7b0af4b5", From 74d5f08d29adfc6da52013e02bbee68e417ccc9b Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Mon, 9 Sep 2024 13:35:15 -0700 Subject: [PATCH 2/8] add changelog --- changelog/fragments/1725913991-remove-cloud-defend.yaml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 changelog/fragments/1725913991-remove-cloud-defend.yaml diff --git a/changelog/fragments/1725913991-remove-cloud-defend.yaml b/changelog/fragments/1725913991-remove-cloud-defend.yaml new file mode 100644 index 00000000000..ddbc4371301 --- /dev/null +++ b/changelog/fragments/1725913991-remove-cloud-defend.yaml @@ -0,0 +1,4 @@ +kind: breaking-change +summary: Remove cloud-defend from agent package +component: elastic-agent +pr: https://github.com/elastic/elastic-agent/pull/5481 From 875f0474b82b0b58793a27b042aaee281c589d46 Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Tue, 10 Sep 2024 17:12:47 -0700 Subject: [PATCH 3/8] fix typo --- .../extra/elastic-agent-standalone-statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml index e2af58910af..c78603f0bcf 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml @@ -140,7 +140,7 @@ spec: hostPath: path: /var/lib # Needed for Universal Profiling - # If you are not using integration, then these volumes and the corresponding + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: From 2e65b9023617f86064a0dc4c55e773301eb9bda4 Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Thu, 12 Sep 2024 10:53:30 -0700 Subject: [PATCH 4/8] update template --- .../extra/elastic-agent-managed-statefulset.yaml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml index dcaf2c3095a..99c670750ff 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml @@ -65,14 +65,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -141,8 +133,8 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: From 778d6b311a51c226f6e58e6ea5c902c29476edb8 Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Mon, 9 Sep 2024 13:21:53 -0700 Subject: [PATCH 5/8] Remove cloud-defend from agent cloud-defend will be removed from the next major release. This removes cloud-defend from agent, by removing it from packaging scripts and from template kubernetes files. --- .../base/elastic-agent-managed-daemonset.yaml | 12 ++----- .../elastic-agent-standalone-daemonset.yaml | 12 ++----- .../base/elastic-agent-managed-daemonset.yaml | 12 ++----- .../elastic-agent-standalone-daemonset.yaml | 12 ++----- .../elastic-agent-standalone-statefulset.yaml | 12 ++----- .../elastic-agent-managed-kubernetes.yaml | 12 ++----- .../elastic-agent-managed-daemonset.yaml | 12 ++----- .../elastic-agent-standalone-kubernetes.yaml | 12 ++----- .../elastic-agent-standalone-daemonset.yaml | 12 ++----- dev-tools/mage/checksums.go | 35 ------------------- dev-tools/mage/pkgtypes.go | 5 +-- .../docker/Dockerfile.elastic-agent.tmpl | 1 - .../agent-statefulset.yaml | 14 -------- pkg/testing/testdata/build-manifest.json | 30 ---------------- 14 files changed, 19 insertions(+), 174 deletions(-) diff --git a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml index 9de04903069..b3b7b022191 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml @@ -65,14 +65,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -141,8 +133,8 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml index c1de6c0c11a..0143252f5af 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml @@ -72,14 +72,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -147,8 +139,8 @@ spec: - name: var-lib hostPath: path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml index 2d67eac1407..265622e840c 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml @@ -65,14 +65,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -141,8 +133,8 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml index 9dcd7672a6d..ce51b27197e 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml @@ -72,14 +72,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -147,8 +139,8 @@ spec: - name: var-lib hostPath: path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml index dd211a8cbd4..540a23cb59b 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml @@ -72,14 +72,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -147,8 +139,8 @@ spec: - name: var-lib hostPath: path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml b/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml index cae617b3af6..bcedc76eda1 100644 --- a/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml +++ b/deploy/kubernetes/elastic-agent-managed-kubernetes.yaml @@ -65,14 +65,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -141,8 +133,8 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-daemonset.yaml b/deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-daemonset.yaml index 61939c5a72b..00eb812eb1b 100644 --- a/deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-daemonset.yaml @@ -65,14 +65,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -141,8 +133,8 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml index 30073bd2f02..cd64c859294 100644 --- a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml +++ b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml @@ -741,14 +741,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -816,8 +808,8 @@ spec: - name: var-lib hostPath: path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset.yaml b/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset.yaml index 908ac0124f5..a8263199683 100644 --- a/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset.yaml +++ b/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset.yaml @@ -72,14 +72,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -147,8 +139,8 @@ spec: - name: var-lib hostPath: path: /var/lib - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: diff --git a/dev-tools/mage/checksums.go b/dev-tools/mage/checksums.go index 318974be8d7..7ffba30b80f 100644 --- a/dev-tools/mage/checksums.go +++ b/dev-tools/mage/checksums.go @@ -144,26 +144,6 @@ func ChecksumsWithManifest(requiredPackage string, versionedFlatPath string, ver log.Printf(">>>>>>> Calculated directory to copy: [%s]", dirToCopy) } - // cloud-defend path exception - // When untarred, cloud defend untars to: - // cloud-defend-8.14.0-arm64 - // but the manifest (and most of this code) expects to be the same as - // the name in the manifest, which is: - // cloud-defend-8.14.0-linux-x86_64 - // So we have to do a bit of a transformation here - if strings.Contains(dirToCopy, "cloud-defend") { - if strings.Contains(dirToCopy, "x86_64") { - dirToCopy = fixCloudDefendDirPath(dirToCopy, componentVersion, "x86_64", "amd64") - } - if strings.Contains(dirToCopy, "arm64") { - // Not actually replacing the arch, but removing the "linux" - dirToCopy = fixCloudDefendDirPath(dirToCopy, componentVersion, "arm64", "arm64") - } - if mg.Verbose() { - log.Printf(">>>>>>> Adjusted cloud-defend directory to copy: [%s]", dirToCopy) - } - } - // Set copy options options := copy.Options{ OnSymlink: func(_ string) copy.SymlinkAction { @@ -263,18 +243,3 @@ func getComponentVersion(componentName string, requiredPackage string, component return componentVersion } - -// This is a helper function for the cloud-defend package. -// When it is untarred, it does not have the same dirname as the package name. -// This adjusts for that and returns the actual path on disk for cloud-defend -func fixCloudDefendDirPath(dirPath string, componentVersion string, expectedArch string, actualArch string) string { - fixedDirPath := dirPath - - cloudDefendExpectedDirName := fmt.Sprintf("cloud-defend-%s-linux-%s", componentVersion, expectedArch) - cloudDefendActualDirName := fmt.Sprintf("cloud-defend-%s-%s", componentVersion, actualArch) - if strings.Contains(fixedDirPath, cloudDefendExpectedDirName) { - fixedDirPath = strings.ReplaceAll(fixedDirPath, cloudDefendExpectedDirName, cloudDefendActualDirName) - } - - return fixedDirPath -} diff --git a/dev-tools/mage/pkgtypes.go b/dev-tools/mage/pkgtypes.go index 884666e9a22..b6b2ad8a11b 100644 --- a/dev-tools/mage/pkgtypes.go +++ b/dev-tools/mage/pkgtypes.go @@ -899,10 +899,7 @@ func addFileToZip(ar *zip.Writer, baseDir string, pkgFile PackageFile) error { // addFileToTar adds a file (or directory) to a tar archive. func addFileToTar(ar *tar.Writer, baseDir string, pkgFile PackageFile) error { - excludedFiles := []string{ - "cloud-defend", - "cloud-defend.spec.yml", - } + excludedFiles := []string{} return filepath.WalkDir(pkgFile.Source, func(path string, d fs.DirEntry, err error) error { if err != nil { diff --git a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl index 990ba461e9e..67aed9f174e 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl @@ -31,7 +31,6 @@ RUN true && \ chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/*beat && \ (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/osquery* || true) && \ (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/apm-server || true) && \ - (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/cloud-defend || true) && \ (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/endpoint-security || true) && \ (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/fleet-server || true) && \ (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/pf-elastic-collector || true) && \ diff --git a/docs/manifests/kustomize-autosharding/elastic-agent-kustomize/agent-statefulset.yaml b/docs/manifests/kustomize-autosharding/elastic-agent-kustomize/agent-statefulset.yaml index 178e0a74eef..a2f548950d0 100644 --- a/docs/manifests/kustomize-autosharding/elastic-agent-kustomize/agent-statefulset.yaml +++ b/docs/manifests/kustomize-autosharding/elastic-agent-kustomize/agent-statefulset.yaml @@ -64,13 +64,6 @@ spec: fieldPath: metadata.name securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' resources: limits: memory: 1400Mi @@ -130,10 +123,3 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) - # If you are not using this integration, then these volumes and the corresponding - # mounts can be removed. - - name: sys-kernel-debug - hostPath: - path: /sys/kernel/debug - diff --git a/pkg/testing/testdata/build-manifest.json b/pkg/testing/testdata/build-manifest.json index 450dab61ac8..0646fdd7e01 100644 --- a/pkg/testing/testdata/build-manifest.json +++ b/pkg/testing/testdata/build-manifest.json @@ -4357,36 +4357,6 @@ }, "dependencies": [] }, - "cloud-defend": { - "branch": "main", - "commit_hash": "27215867e613177b0ca57d0357c421c646fac0b5", - "commit_url": "https://github.com/elastic/cloud-defend/commits/27215867e613177b0ca57d0357c421c646fac0b5", - "external_artifacts_manifest_url": "https://artifacts-snapshot.elastic.co/cloud-defend/8.13.0-b12322fc/manifest-8.13.0-SNAPSHOT.json", - "build_duration_seconds": 0, - "packages": { - "cloud-defend-8.13.0-SNAPSHOT-linux-x86_64.tar.gz": { - "url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-x86_64.tar.gz", - "sha_url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-x86_64.tar.gz.sha512", - "asc_url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-x86_64.tar.gz.asc", - "type": "tar", - "architecture": "x86_64", - "os": [ - "linux" - ] - }, - "cloud-defend-8.13.0-SNAPSHOT-linux-arm64.tar.gz": { - "url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-arm64.tar.gz", - "sha_url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-arm64.tar.gz.sha512", - "asc_url": "https://snapshots.elastic.co/8.13.0-l5snflwr/downloads/cloud-defend/cloud-defend-8.13.0-SNAPSHOT-linux-arm64.tar.gz.asc", - "type": "tar", - "architecture": "arm64", - "os": [ - "linux" - ] - } - }, - "dependencies": [] - }, "beats": { "branch": "main", "commit_hash": "d4d2ddce3230f21f01a19afdb836626f7b0af4b5", From e7aa4976a96c503533c7038a0c0a9ddd38460aac Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Mon, 9 Sep 2024 13:35:15 -0700 Subject: [PATCH 6/8] add changelog --- changelog/fragments/1725913991-remove-cloud-defend.yaml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 changelog/fragments/1725913991-remove-cloud-defend.yaml diff --git a/changelog/fragments/1725913991-remove-cloud-defend.yaml b/changelog/fragments/1725913991-remove-cloud-defend.yaml new file mode 100644 index 00000000000..ddbc4371301 --- /dev/null +++ b/changelog/fragments/1725913991-remove-cloud-defend.yaml @@ -0,0 +1,4 @@ +kind: breaking-change +summary: Remove cloud-defend from agent package +component: elastic-agent +pr: https://github.com/elastic/elastic-agent/pull/5481 From 2e0c6ad8734bc625ce3a250f3172fcd072a1007f Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Tue, 10 Sep 2024 17:12:47 -0700 Subject: [PATCH 7/8] fix typo --- .../extra/elastic-agent-standalone-statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml index 540a23cb59b..f04fe8bafdf 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml @@ -140,7 +140,7 @@ spec: hostPath: path: /var/lib # Needed for Universal Profiling - # If you are not using integration, then these volumes and the corresponding + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: From 77d5aa79ae2d3ee5f575f788bcc88765d74d1ced Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Thu, 12 Sep 2024 10:53:30 -0700 Subject: [PATCH 8/8] update template --- .../extra/elastic-agent-managed-statefulset.yaml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml index dcaf2c3095a..99c670750ff 100644 --- a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml +++ b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml @@ -65,14 +65,6 @@ spec: value: "false" securityContext: runAsUser: 0 - # The following capabilities are needed for 'Defend for containers' integration (cloud-defend) - # If you are using this integration, please uncomment these lines before applying. - #capabilities: - # add: - # - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps. - # - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations. - # - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock' - ######################################################################################## # The following capabilities are needed for Universal Profiling. # More fine graded capabilities are only available for newer Linux kernels. # If you are using the Universal Profiling integration, please uncomment these lines before applying. @@ -141,8 +133,8 @@ spec: hostPath: path: /etc/machine-id type: File - # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling - # If you are not using one of these integrations, then these volumes and the corresponding + # Needed for Universal Profiling + # If you are not using this integration, then these volumes and the corresponding # mounts can be removed. - name: sys-kernel-debug hostPath: