draft

Author: amirbenun

CONTRIBUTING.md

@@ -0,0 +1,8 @@
+# Todo delete before merge to elastic/beats
+FROM debian
+RUN apt-get update
+RUN apt-get install -y ca-certificates
+COPY ./cloudbeat /cloudbeat
+COPY ./cloudbeat.yml /cloudbeat.yml
+ENTRYPOINT ["/cloudbeat"]
+CMD ["-e", "-d", "'*'"]

Dockerfile

@@ -0,0 +1,11 @@
+# Todo delete before merge to elastic/beats
+FROM golang
+RUN go install github.com/go-delve/delve/cmd/dlv@latest
+RUN apt-get update
+RUN apt-get install -y ca-certificates
+EXPOSE 40000
+EXPOSE 8080
+COPY ./cloudbeat /cloudbeat
+COPY ./cloudbeat.yml /cloudbeat.yml
+ENTRYPOINT ["/go/bin/dlv", "--listen=:40000", "--headless=true", "--api-version=2", "--wd=/", "exec", "/cloudbeat"]
+CMD ["--", "-e", "-d", "'*'"]

Dockerfile.debug

@@ -0,0 +1,51 @@
+# Todo delete before merge to elastic/beats
+create-kind-cluster:
+  kind create cluster --config deploy/k8s/kind/kind-config.yaml
+
+install-kind:
+  brew install kind
+
+setup-env: install-kind create-kind-cluster
+
+load-cloudbeat-image:
+  kind load docker-image cloudbeat:latest --name kind-mono
+
+load-agent-image:
+  kind load docker-image docker.elastic.co/beats/elastic-agent:8.1.0-SNAPSHOT --name kind-mono
+
+build-cloudbeat:
+  GOOS=linux go build -v && docker build -t cloudbeat .
+
+deploy-cloudbeat:
+  kubectl delete -f deploy/k8s/cloudbeat-ds.yaml -n kube-system & kubectl apply -f deploy/k8s/cloudbeat-ds.yaml -n kube-system
+
+build-deploy-cloudbeat: build-cloudbeat load-cloudbeat-image deploy-cloudbeat
+
+build-cloudbeat-debug:
+  GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -gcflags "all=-N -l" && docker build -f Dockerfile.debug -t cloudbeat .
+
+deploy-cloudbeat-debug:
+  kubectl delete -f deploy/k8s/cloudbeat-ds-debug.yaml -n kube-system & kubectl apply -f deploy/k8s/cloudbeat-ds-debug.yaml -n kube-system
+
+build-deploy-cloudbeat-debug: build-cloudbeat-debug load-cloudbeat-image deploy-cloudbeat-debug
+
+logs-cloudbeat:
+  kubectl logs -f --selector="k8s-app=cloudbeat" -n kube-system
+
+package-agent:
+  cd ../x-pack/elastic-agent & DEV=true SNAPSHOT=true PLATFORMS=linux/amd64 TYPES=docker mage -v package
+
+deploy-agent:
+  kubectl delete -f deploy/k8s/fleet-managed-agent.yaml -n kube-system & kubectl apply -f deploy/k8s//fleet-managed-agent.yaml -n kube-system
+
+build-deploy-agent: package-agent load-agent-image deploy-agent
+
+build-kibana-docker:
+  node scripts/build --docker-images --skip-docker-ubi --skip-docker-centos -v
+
+elastic-stack-up:
+  elastic-package stack up --version=8.1.0-SNAPSHOT
+
+elastic-stack-down:
+  elastic-package stack down
+

JUSTFILE

@@ -0,0 +1,13 @@
+Copyright (c) {year} Eyal Kraft
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

LICENSE.txt

@@ -0,0 +1,41 @@
+BEAT_NAME=cloudbeat
+BEAT_PATH=github.com/elastic/beats/v7/cloudbeat
+BEAT_GOPATH=$(firstword $(subst :, ,${GOPATH}))
+SYSTEM_TESTS=false
+TEST_ENVIRONMENT=false
+ES_BEATS_IMPORT_PATH=github.com/elastic/beats/v7
+ES_BEATS?=$(shell go list -m -f '{{.Dir}}' ${ES_BEATS_IMPORT_PATH})
+LIBBEAT_MAKEFILE=$(ES_BEATS)/libbeat/scripts/Makefile
+GOPACKAGES=$(shell go list ${BEAT_PATH}/... | grep -v /tools)
+GOBUILD_FLAGS=-i -ldflags "-X ${ES_BEATS_IMPORT_PATH}/libbeat/version.buildTime=$(NOW) -X ${ES_BEATS_IMPORT_PATH}/libbeat/version.commit=$(COMMIT_ID)"
+MAGE_IMPORT_PATH=github.com/magefile/mage
+NO_COLLECT=true
+CHECK_HEADERS_DISABLED=true
+
+# Path to the libbeat Makefile
+-include $(LIBBEAT_MAKEFILE)
+
+.PHONY: copy-vendor
+copy-vendor:
+	mage vendorUpdate
+
+delete-pod:
+	kubectl delete pod cloudbeat-demo
+
+build-docker:
+	GOOS=linux go build && docker build -t cloudbeat .
+
+docker-image-load-minikube: build-docker
+	minikube image load cloudbeat:latest
+
+docker-image-load-kind: build-docker
+	kind load docker-image docker.elastic.co/beats/elastic-agent:8.1.0-SNAPSHOT --name single-host
+
+deploy-cloudbeat:
+	kubectl apply -f deploy/k8s/cloudbeat-ds.yaml -n kube-system
+
+deploy-pod: delete-pod build-docker docker-image-load-minikube
+	kubectl apply -f pod.yml
+
+build-deploy-docker: build-docker docker-image-load-kind deploy-cloudbeat
+

Makefile

@@ -0,0 +1,5 @@
+cloudbeat
+Copyright {year} Eyal Kraft
+
+This product includes software developed by The Apache Software
+Foundation (http://www.apache.org/).

NOTICE.txt

@@ -0,0 +1,232 @@
+# POC Documentation
+
+I generated this repo using the [beats development guide](https://www.elastic.co/guide/en/beats/devguide/current/newbeat-generate.html).
+The kube-api call is based on the [k8s go-client example](https://github.com/kubernetes/client-go/tree/master/examples/in-cluster-client-configuration).
+
+The interesting files are:
+* `beater/cloudbeat.go` - the beats logic
+* `cloudbeat.yml` - the beats config
+* `Dockerfile` - runs the beat dockerized with debug flags
+* `JUSTFILE` - just commander file
+
+
+## Table of contents
+- [POC Documentation](#poc-documentation)
+  - [Table of contents](#table-of-contents)
+  - [Prerequisites](#prerequisites)
+  - [Running Cloudbeat (without the agent)](#running-cloudbeat-without-the-agent)
+    - [Clean up](#clean-up)
+    - [Remote Debugging](#remote-debugging)
+- [{Beat}](#beat)
+  - [Getting Started with {Beat}](#getting-started-with-beat)
+    - [Requirements](#requirements)
+    - [Init Project](#init-project)
+    - [Build](#build)
+    - [Run](#run)
+    - [Test](#test)
+    - [Update](#update)
+    - [Cleanup](#cleanup)
+    - [Clone](#clone)
+  - [Packaging](#packaging)
+  - [Build Elastic-Agent Docker with pre-packaged cloudbeat](#build-elastic-agent-docker-with-pre-packaged-cloudbeat)
+
+
+## Prerequisites
+**Please make sure that you run the following instructions within the `cloudbeat` directory.**
+1. [Just command runner](https://github.com/casey/just)
+2. Elasticsearch with the default username & password (`elastic` & `changeme`) running on the default port (`http://localhost:9200`)
+3. Kibana with running on the default port (`http://localhost:5601`)
+4. Setup the local env:
+
+```zsh
+cd cloudbeat & just setup-env
+```
+
+## Running Cloudbeat (without the agent)
+
+Build & deploy cloudbeat:
+
+```zsh
+just build-deploy-cloudbeat
+```
+
+To validate check the logs:
+
+```zsh
+kubectl logs -f --selector="k8s-app=cloudbeat"  -n kube-system
+```
+
+Now go and check out the data on your Kibana! Make sure to add a kibana dataview `logs-k8s_cis.result-*`
+
+note: when changing the fields kibana will reject events dent from the cloudbeat for not matching the existing scheme. make sure to delete the index when changing the event fields in your code.
+
+### Clean up
+
+To stop this example and clean up the pod, run:
+```zsh
+kubectl delete -f deploy/k8s/cloudbeat-ds.yaml -n kube-system
+```
+### Remote Debugging
+
+Build & Deploy remote debug docker:
+
+```zsh
+just build-deploy-cloudbeat-debug
+```
+
+After running the pod, expose the relevant ports:
+```zsh
+kubectl port-forward ${pod-name} -n kube-system 40000:40000 8080:8080
+```
+
+The app will wait for the debugger to connect before starting
+
+```zsh
+just logs-cloudbeat
+```
+
+Use your favorite IDE to connect to the debugger on `localhost:40000` (for example [Goland](https://www.jetbrains.com/help/go/attach-to-running-go-processes-with-debugger.html#step-3-create-the-remote-run-debug-configuration-on-the-client-computer))
+
+# {Beat}
+
+Welcome to {Beat}.
+
+Ensure that this folder is at the following location:
+`${GOPATH}/src/github.com/elastic/beats/v7/cloudbeat`
+
+## Getting Started with {Beat}
+
+### Requirements
+
+* [Golang](https://golang.org/dl/) 1.7
+
+### Init Project
+To get running with {Beat} and also install the
+dependencies, run the following command:
+
+```
+make update
+```
+
+It will create a clean git history for each major step. Note that you can always rewrite the history if you wish before pushing your changes.
+
+To push {Beat} in the git repository, run the following commands:
+
+```
+git remote set-url origin https://github.com/elastic/beats/v7/cloudbeat
+git push origin master
+```
+
+For further development, check out the [beat developer guide](https://www.elastic.co/guide/en/beats/libbeat/current/new-beat.html).
+
+### Build
+
+To build the binary for {Beat} run the command below. This will generate a binary
+in the same directory with the name cloudbeat.
+
+```
+make
+```
+
+
+### Run
+
+To run {Beat} with debugging output enabled, run:
+
+```
+./cloudbeat -c cloudbeat.yml -e -d "*"
+```
+
+### Test
+
+To test {Beat}, run the following command:
+
+```
+make testsuite
+```
+
+alternatively:
+```
+make unit-tests
+make system-tests
+make integration-tests
+make coverage-report
+```
+
+The test coverage is reported in the folder `./build/coverage/`
+
+### Update
+
+Each beat has a template for the mapping in elasticsearch and a documentation for the fields
+which is automatically generated based on `fields.yml` by running the following command.
+
+```
+make update
+```
+
+
+### Cleanup
+
+To clean  {Beat} source code, run the following command:
+
+```
+make fmt
+```
+
+To clean up the build directory and generated artifacts, run:
+
+```
+make clean
+```
+
+
+### Clone
+
+To clone {Beat} from the git repository, run the following commands:
+
+```
+mkdir -p ${GOPATH}/src/github.com/elastic/beats/v7/cloudbeat
+git clone https://github.com/elastic/beats/v7/cloudbeat ${GOPATH}/src/github.com/elastic/beats/v7/cloudbeat
+```
+
+
+For further development, check out the [beat developer guide](https://www.elastic.co/guide/en/beats/libbeat/current/new-beat.html).
+
+
+## Packaging
+
+The beat frameworks provides tools to crosscompile and package your beat for different platforms. This requires [docker](https://www.docker.com/) and vendoring as described above. To build packages of your beat, run the following command:
+
+```
+make release
+```
+
+This will fetch and create all images required for the build process. The whole process to finish can take several minutes.
+
+## Build Elastic-Agent Docker with pre-packaged cloudbeat
+
+
+**1.Build Elastic-Agent Docker**
+
+1. Access the Elastic-Agent dir
+```
+$ cd x-pack/elastic-agent
+```
+2. Build & deploy the elastic-agent docker( You might need to increase docker engine resources on your docker-engine)
+```
+$ just build-deploy-agent # It takes a while on the first execution.
+```
+3. Once command is finished, Verify the agent is running on your machine
+
+```zsh
+$ kubectl get po --selector="app=elastic-agent" --all-namespaces -o wide
+
+NAMESPACE     NAME                  READY   STATUS    RESTARTS   AGE    IP           NODE                      NOMINATED NODE   READINESS GATES
+kube-system   elastic-agent-9fpdz   1/1     Running   0          5h8m   172.20.0.2   kind-mono-control-plane   <none>           <none>
+
+
+```
+
+Note: Check the jusfile for all available commands for build or deploy `$ just --summary`
+</br>
+

README.md

@@ -0,0 +1,21 @@
+################### {Beat} Configuration Example #########################
+
+############################# {Beat} ######################################
+
+cloudbeat:
+  # Defines how often an event is sent to the output
+  period: 30s
+  files: [
+      "/hostfs/etc/kubernetes/scheduler.conf",
+      "/hostfs/etc/kubernetes/controller-manager.conf",
+      "/hostfs/etc/kubernetes/admin.conf",
+      "/hostfs/etc/kubernetes/kubelet.conf",
+      "/hostfs/etc/kubernetes/manifests/etcd.yaml",
+      "/hostfs/etc/kubernetes/manifests/kube-apiserver.yaml",
+      "/hostfs/etc/kubernetes/manifests/kube-controller-manager.yaml",
+      "/hostfs/etc/kubernetes/manifests/kube-scheduler.yaml",
+      "/hostfs/etc/systemd/system/kubelet.service.d/10-kubeadm.conf",
+      "/hostfs/var/lib/kubelet/config.yaml",
+      "/hostfs/var/lib/etcd",
+      "/hostfs/etc/kubernetes/pki"
+  ]