Remove cloud-defend from agent

changelog/fragments/1725913991-remove-cloud-defend.yaml

@@ -0,0 +1,4 @@
+kind: breaking-change
+summary: Remove cloud-defend from agent package
+component: elastic-agent
+pr: https://github.com/elastic/elastic-agent/pull/5481

deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml

@@ -65,14 +65,6 @@ spec:
               value: "false"
           securityContext:
             runAsUser: 0
-            # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
-            # If you are using this integration, please uncomment these lines before applying.
-            #capabilities:
-            #  add:
-            #    - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
-            #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
-            #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
-            ########################################################################################
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
@@ -141,8 +133,8 @@ spec:
           hostPath:
             path: /etc/machine-id
             type: File
-        # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
-        # If you are not using one of these integrations, then these volumes and the corresponding
+        # Needed for Universal Profiling
+        # If you are not using this integration, then these volumes and the corresponding
         # mounts can be removed.
         - name: sys-kernel-debug
           hostPath:

deploy/kubernetes/elastic-agent-kustomize/default/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml

@@ -72,14 +72,6 @@ spec:
               value: "false"
           securityContext:
             runAsUser: 0
-            # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
-            # If you are using this integration, please uncomment these lines before applying.
-            #capabilities:
-            #  add:
-            #    - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
-            #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
-            #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
-            ########################################################################################
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
@@ -147,8 +139,8 @@ spec:
         - name: var-lib
           hostPath:
             path: /var/lib
-        # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
-        # If you are not using one of these integrations, then these volumes and the corresponding
+        # Needed for Universal Profiling
+        # If you are not using this integration, then these volumes and the corresponding
         # mounts can be removed.
         - name: sys-kernel-debug
           hostPath:

deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml

@@ -65,14 +65,6 @@ spec:
               value: "false"
           securityContext:
             runAsUser: 0
-            # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
-            # If you are using this integration, please uncomment these lines before applying.
-            #capabilities:
-            #  add:
-            #    - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
-            #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
-            #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
-            ########################################################################################
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
@@ -141,8 +133,8 @@ spec:
           hostPath:
             path: /etc/machine-id
             type: File
-        # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
-        # If you are not using one of these integrations, then these volumes and the corresponding
+        # Needed for Universal Profiling
+        # If you are not using this integration, then these volumes and the corresponding
         # mounts can be removed.
         - name: sys-kernel-debug
           hostPath:

deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml

@@ -65,14 +65,6 @@ spec:
               value: "false"
           securityContext:
             runAsUser: 0
-            # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
-            # If you are using this integration, please uncomment these lines before applying.
-            #capabilities:
-            #  add:
-            #    - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
-            #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
-            #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
-            ########################################################################################
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
@@ -141,8 +133,8 @@ spec:
           hostPath:
             path: /etc/machine-id
             type: File
-        # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
-        # If you are not using one of these integrations, then these volumes and the corresponding
+        # Needed for Universal Profiling
+        # If you are not using this integration, then these volumes and the corresponding
         # mounts can be removed.
         - name: sys-kernel-debug
           hostPath:

deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/base/elastic-agent-standalone-daemonset.yaml

@@ -72,14 +72,6 @@ spec:
               value: "false"
           securityContext:
             runAsUser: 0
-            # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
-            # If you are using this integration, please uncomment these lines before applying.
-            #capabilities:
-            #  add:
-            #    - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
-            #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
-            #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
-            ########################################################################################
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
@@ -147,8 +139,8 @@ spec:
         - name: var-lib
           hostPath:
             path: /var/lib
-        # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
-        # If you are not using one of these integrations, then these volumes and the corresponding
+        # Needed for Universal Profiling
+        # If you are not using this integration, then these volumes and the corresponding
         # mounts can be removed.
         - name: sys-kernel-debug
           hostPath:

deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-standalone/extra/elastic-agent-standalone-statefulset.yaml

@@ -72,14 +72,6 @@ spec:
               value: "false"
           securityContext:
             runAsUser: 0
-            # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
-            # If you are using this integration, please uncomment these lines before applying.
-            #capabilities:
-            #  add:
-            #    - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
-            #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
-            #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
-            ########################################################################################
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
@@ -147,8 +139,8 @@ spec:
         - name: var-lib
           hostPath:
             path: /var/lib
-        # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
-        # If you are not using one of these integrations, then these volumes and the corresponding
+        # Needed for Universal Profiling
+        # If you are not using this integration, then these volumes and the corresponding
         # mounts can be removed.
         - name: sys-kernel-debug
           hostPath:

deploy/kubernetes/elastic-agent-managed-kubernetes.yaml

@@ -65,14 +65,6 @@ spec:
               value: "false"
           securityContext:
             runAsUser: 0
-            # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
-            # If you are using this integration, please uncomment these lines before applying.
-            #capabilities:
-            #  add:
-            #    - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
-            #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
-            #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
-            ########################################################################################
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
@@ -141,8 +133,8 @@ spec:
           hostPath:
             path: /etc/machine-id
             type: File
-        # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
-        # If you are not using one of these integrations, then these volumes and the corresponding
+        # Needed for Universal Profiling
+        # If you are not using this integration, then these volumes and the corresponding
         # mounts can be removed.
         - name: sys-kernel-debug
           hostPath:

deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-daemonset.yaml

@@ -65,14 +65,6 @@ spec:
               value: "false"
           securityContext:
             runAsUser: 0
-            # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
-            # If you are using this integration, please uncomment these lines before applying.
-            #capabilities:
-            #  add:
-            #    - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
-            #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
-            #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
-            ########################################################################################
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
@@ -141,8 +133,8 @@ spec:
           hostPath:
             path: /etc/machine-id
             type: File
-        # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
-        # If you are not using one of these integrations, then these volumes and the corresponding
+        # Needed for Universal Profiling
+        # If you are not using this integration, then these volumes and the corresponding
         # mounts can be removed.
         - name: sys-kernel-debug
           hostPath:

deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml

@@ -741,14 +741,6 @@ spec:
               value: "false"
           securityContext:
             runAsUser: 0
-            # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
-            # If you are using this integration, please uncomment these lines before applying.
-            #capabilities:
-            #  add:
-            #    - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
-            #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
-            #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
-            ########################################################################################
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
@@ -816,8 +808,8 @@ spec:
         - name: var-lib
           hostPath:
             path: /var/lib
-        # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
-        # If you are not using one of these integrations, then these volumes and the corresponding
+        # Needed for Universal Profiling
+        # If you are not using this integration, then these volumes and the corresponding
         # mounts can be removed.
         - name: sys-kernel-debug
           hostPath:

deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset.yaml

@@ -72,14 +72,6 @@ spec:
               value: "false"
           securityContext:
             runAsUser: 0
-            # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
-            # If you are using this integration, please uncomment these lines before applying.
-            #capabilities:
-            #  add:
-            #    - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
-            #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
-            #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
-            ########################################################################################
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
@@ -147,8 +139,8 @@ spec:
         - name: var-lib
           hostPath:
             path: /var/lib
-        # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
-        # If you are not using one of these integrations, then these volumes and the corresponding
+        # Needed for Universal Profiling
+        # If you are not using this integration, then these volumes and the corresponding
         # mounts can be removed.
         - name: sys-kernel-debug
           hostPath:

dev-tools/mage/checksums.go

@@ -144,26 +144,6 @@ func ChecksumsWithManifest(requiredPackage string, versionedFlatPath string, ver
 						log.Printf(">>>>>>> Calculated directory to copy: [%s]", dirToCopy)
 					}
 
-					// cloud-defend path exception
-					// When untarred, cloud defend untars to:
-					//    cloud-defend-8.14.0-arm64
-					// but the manifest (and most of this code) expects to be the same as
-					// the name in the manifest, which is:
-					//    cloud-defend-8.14.0-linux-x86_64
-					// So we have to do a bit of a transformation here
-					if strings.Contains(dirToCopy, "cloud-defend") {
-						if strings.Contains(dirToCopy, "x86_64") {
-							dirToCopy = fixCloudDefendDirPath(dirToCopy, componentVersion, "x86_64", "amd64")
-						}
-						if strings.Contains(dirToCopy, "arm64") {
-							// Not actually replacing the arch, but removing the "linux"
-							dirToCopy = fixCloudDefendDirPath(dirToCopy, componentVersion, "arm64", "arm64")
-						}
-						if mg.Verbose() {
-							log.Printf(">>>>>>> Adjusted cloud-defend directory to copy: [%s]", dirToCopy)
-						}
-					}
-
 					// Set copy options
 					options := copy.Options{
 						OnSymlink: func(_ string) copy.SymlinkAction {
@@ -263,18 +243,3 @@ func getComponentVersion(componentName string, requiredPackage string, component
 
 	return componentVersion
 }
-
-// This is a helper function for the cloud-defend package.
-// When it is untarred, it does not have the same dirname as the package name.
-// This adjusts for that and returns the actual path on disk for cloud-defend
-func fixCloudDefendDirPath(dirPath string, componentVersion string, expectedArch string, actualArch string) string {
-	fixedDirPath := dirPath
-
-	cloudDefendExpectedDirName := fmt.Sprintf("cloud-defend-%s-linux-%s", componentVersion, expectedArch)
-	cloudDefendActualDirName := fmt.Sprintf("cloud-defend-%s-%s", componentVersion, actualArch)
-	if strings.Contains(fixedDirPath, cloudDefendExpectedDirName) {
-		fixedDirPath = strings.ReplaceAll(fixedDirPath, cloudDefendExpectedDirName, cloudDefendActualDirName)
-	}
-
-	return fixedDirPath
-}

dev-tools/mage/pkgtypes.go

@@ -903,10 +903,7 @@ func addFileToZip(ar *zip.Writer, baseDir string, pkgFile PackageFile) error {
 
 // addFileToTar adds a file (or directory) to a tar archive.
 func addFileToTar(ar *tar.Writer, baseDir string, pkgFile PackageFile) error {
-	excludedFiles := []string{
-		"cloud-defend",
-		"cloud-defend.spec.yml",
-	}
+	excludedFiles := []string{}
 
 	return filepath.WalkDir(pkgFile.Source, func(path string, d fs.DirEntry, err error) error {
 		if err != nil {

dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl

@@ -31,7 +31,6 @@ RUN true && \
     chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/*beat && \
     (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/osquery* || true) && \
     (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/apm-server || true) && \
-    (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/cloud-defend || true) && \
     (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/endpoint-security || true) && \
     (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/fleet-server || true) && \
     (chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/pf-elastic-collector || true) && \