Use skaffold to run agent in k8s (#2738)

* Build agent docker image and deploy with skaffold

* add docs

* Update docs/local-k8s-testing.md

Co-authored-by: Tiago Queiroz <contato@tiago.eti.br>

---------

Co-authored-by: Tiago Queiroz <contato@tiago.eti.br>

Author: pchila

.dockerignore

@@ -0,0 +1,5 @@
+build/
+deploy/
+.ogc_cache/
+.agent_testing/
+data/

Dockerfile.skaffold

@@ -0,0 +1,27 @@
+ARG GO_VERSION=1.19.9
+ARG crossbuild_image="docker.elastic.co/beats-dev/golang-crossbuild"
+ARG AGENT_VERSION=8.9.0-SNAPSHOT
+ARG AGENT_IMAGE="docker.elastic.co/beats/elastic-agent"
+
+
+FROM ${crossbuild_image}:${GO_VERSION}-main-debian8 as build
+ARG DEV="true"
+ARG SNAPSHOT="true"
+RUN go install github.com/magefile/mage@v1.15.0
+WORKDIR /elastic-agent/
+COPY go.mod go.sum /elastic-agent/
+RUN go mod download
+COPY . /elastic-agent/
+RUN mage golangcrossBuild
+RUN git rev-parse HEAD | cut -c 1-6 > .build_hash.txt
+
+
+FROM ${AGENT_IMAGE}:${AGENT_VERSION}
+
+
+COPY --from=build /elastic-agent/build/golang-crossbuild/elastic-agent-linux-amd64 /usr/share/elastic-agent/elastic-agent
+COPY --from=build /elastic-agent/.build_hash.txt /usr/share/elastic-agent/.build_hash.txt.new
+RUN mv /usr/share/elastic-agent/data/elastic-agent-$(cat /usr/share/elastic-agent/.build_hash.txt| cut -c 1-6) /usr/share/elastic-agent/data/elastic-agent-$(cat /usr/share/elastic-agent/.build_hash.txt.new| cut -c 1-6) && \
+ln -s -f /usr/share/elastic-agent/data/elastic-agent-$(cat /usr/share/elastic-agent/.build_hash.txt.new| cut -c 1-6)/elastic-agent /usr/share/elastic-agent/elastic-agent &&\
+mv /usr/share/elastic-agent/.build_hash.txt /usr/share/elastic-agent/.build_hash.txt.old && \
+mv /usr/share/elastic-agent/.build_hash.txt.new /usr/share/elastic-agent/.build_hash.txt 

deploy/skaffold/.env.example

@@ -0,0 +1,10 @@
+# insert your connection parameters here and save it as .env before running skaffold commands
+
+# managed elastic agent vars
+FLEET_URL=https://<fleet host>:443
+FLEET_ENROLLMENT_TOKEN=<enrollment token>
+
+# standalone elastic agent vars
+ES_HOST=https://<elasticsearch host>:443
+ES_USERNAME=elastic
+ES_PASSWORD=changeme

deploy/skaffold/.gitignore

@@ -0,0 +1,2 @@
+elastic-agent-kubernetes.yaml
+.env

deploy/skaffold/kustomization.yaml

@@ -0,0 +1,41 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+
+resources:
+- elastic-agent-kubernetes.yaml
+
+patches:
+- path: patches/elastic-agent-standalone-entrypoint.yaml
+  target:
+    group: apps
+    version: v1
+    kind: DaemonSet
+    name: elastic-agent-standalone
+
+- path: patches/elastic-agent-managed-entrypoint.yaml
+  target:
+    group: apps
+    version: v1
+    kind: DaemonSet
+    name: elastic-agent
+
+- path: patches/fleet-env-vars.yaml
+  target:
+    group: apps
+    version: v1
+    kind: DaemonSet
+    name: elastic-agent
+
+- path: patches/elasticsearch-env-vars.yaml
+  target:
+    group: apps
+    version: v1
+    kind: DaemonSet
+    name: elastic-agent-standalone
+
+configMapGenerator:
+  - name: fleet-es-configmap
+    namespace: kube-system
+    envs:
+      - .env

deploy/skaffold/patches/elastic-agent-managed-entrypoint.yaml

@@ -0,0 +1,12 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: elastic-agent
+spec:
+  template:
+    spec:
+      containers:
+        - name: elastic-agent
+          command:
+            - /usr/share/elastic-agent/elastic-agent
+          args: ["container", "-e"]

deploy/skaffold/patches/elastic-agent-standalone-entrypoint.yaml

@@ -0,0 +1,12 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: elastic-agent-standalone
+spec:
+  template:
+    spec:
+      containers:
+        - name: elastic-agent-standalone
+          command:
+            - /usr/share/elastic-agent/elastic-agent
+          args: ["container", "-c", "/etc/elastic-agent/agent.yml", "-e"]

deploy/skaffold/patches/elasticsearch-env-vars.yaml

@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: elastic-agent-standalone
+spec:
+  template:
+    spec:
+      containers:
+        - name: elastic-agent-standalone
+          env:
+            - name: ES_USERNAME
+              value: ""
+              valueFrom:
+                configMapKeyRef:
+                  name: fleet-es-configmap
+                  key: ES_USERNAME
+            # The basic authentication password used to connect to Elasticsearch
+            - name: ES_PASSWORD
+              value: ""
+              valueFrom:
+                configMapKeyRef:
+                  name: fleet-es-configmap
+                  key: ES_PASSWORD
+            # The Elasticsearch host to communicate with
+            - name: ES_HOST
+              value: ""
+              valueFrom:
+                configMapKeyRef:
+                  name: fleet-es-configmap
+                  key: ES_HOST

deploy/skaffold/patches/fleet-env-vars.yaml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: elastic-agent
+spec:
+  template:
+    spec:
+      containers:
+        - name: elastic-agent
+          env:
+            - name: FLEET_URL
+              value: ""
+              valueFrom:
+                configMapKeyRef:
+                  name: fleet-es-configmap
+                  key: FLEET_URL
+            # Elasticsearch API key used to enroll Elastic Agents in Fleet (https://www.elastic.co/guide/en/fleet/current/fleet-enrollment-tokens.html#fleet-enrollment-tokens)
+            # If FLEET_ENROLLMENT_TOKEN is empty then KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed
+            - name: FLEET_ENROLLMENT_TOKEN
+              value: ""
+              valueFrom:
+                configMapKeyRef:
+                  name: fleet-es-configmap
+                  key: FLEET_ENROLLMENT_TOKEN
+            # - name: KIBANA_HOST
+            #   value: "$(KIBANA_HOST)"
+            # # The basic authentication username used to connect to Kibana and retrieve a service_token to enable Fleet
+            # - name: KIBANA_FLEET_USERNAME
+            #   value: "$(KIBANA_FLEET_USERNAME)"
+            # # The basic authentication password used to connect to Kibana and retrieve a service_token to enable Fleet
+            # - name: KIBANA_FLEET_PASSWORD
+            #   value: "$(KIBANA_FLEET_PASSWORD)"

docs/local-k8s-testing.md

@@ -0,0 +1,120 @@
+# Run/Test local build of agent on k8s cluster
+
+## Prerequisites
+
+- Install [skaffold](https://skaffold.dev/docs/install/)
+- Install [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
+- Install a local k8s distribution and create a cluster:
+    - [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
+    - [k3d](https://k3d.io/v5.5.1/#installation)
+    - [minikube](https://minikube.sigs.k8s.io/docs/start/) (not tested)
+
+## Quickstart (the hard way)
+
+#### Standalone or managed mode
+There are 2 distinct profiles available (pretty self-explanatory):
+- `elastic-agent-standalone`
+- `elastic-agent-managed`
+
+One of those profiles must always be specified in a skaffold command (using the `-p` or `--profile` option), for sake of brevity we are gonna list only examples with standalone profile
+
+### Prepare environment variables
+In order to run agent on a local k8s cluster we need to set some environment variables in `deploy/skaffold/.env` (we can use `.env.example`). Those environment variables must point to a running elastic stack installation.
+
+#### Standalone mode
+```shell
+# standalone elastic agent vars
+ES_HOST=https://<elasticsearch host>:443
+ES_USERNAME=elastic
+ES_PASSWORD=changeme
+```
+
+#### Managed mode
+```shell
+# managed elastic agent vars
+FLEET_URL=https://<fleet host>:443
+FLEET_ENROLLMENT_TOKEN=<enrollment token>
+```
+
+### Run agent 
+
+In order to just deploy agent on your local cluster, open a terminal and then execute
+
+
+```shell
+skaffold run -p elastic-agent-standalone
+```
+and the output should be something similar to this:
+```shell
+Generating tags...
+ ...
+Checking cache...
+ - docker.elastic.co/beats/elastic-agent: Found Locally
+Starting test...
+Starting pre-render hooks...
+Completed pre-render hooks
+Tags used in deployment:
+ ...
+Starting deploy...
+ ...
+ - serviceaccount/elastic-agent-standalone created
+ - role.rbac.authorization.k8s.io/elastic-agent-standalone created
+ - role.rbac.authorization.k8s.io/elastic-agent-standalone-kubeadm-config created
+ - clusterrole.rbac.authorization.k8s.io/elastic-agent-standalone created
+ - rolebinding.rbac.authorization.k8s.io/elastic-agent-standalone created
+ - rolebinding.rbac.authorization.k8s.io/elastic-agent-standalone-kubeadm-config created
+ - clusterrolebinding.rbac.authorization.k8s.io/elastic-agent-standalone created
+ - configmap/agent-node-datastreams created
+ - configmap/fleet-es-configmap-95bb9gfkkt created
+ - daemonset.apps/elastic-agent-standalone created
+Waiting for deployments to stabilize...
+Deployments stabilized in 14.411071ms
+You can also run [skaffold run --tail] to get the logs
+```
+
+Once you are done, remove the deployments with:
+```shell
+skaffold delete  -p elastic-agent-standalone
+```
+
+
+### Debug agent
+The elastic agent can be debugged by connecting a debugger client to the debugger port (forwarded automatically on localhost).
+
+If we run the command below (the `--tail=false` is there only to disable the streaming of logs on stdout):
+```shell
+skaffold debug -p elastic-agent-standalone --tail=false
+```
+we should have something similar to the output below
+
+```shell
+Generating tags...
+ ...
+Checking cache...
+ ...
+Starting pre-render hooks...
+Completed pre-render hooks
+Tags used in deployment:
+ ...
+Starting deploy...
+Loading images into kind cluster nodes...
+ ...
+Images loaded in 35.802479ms
+ ... <a bunch of k8s resources created>
+Waiting for deployments to stabilize...
+Deployments stabilized in 7.654873ms
+Listing files to watch...
+ - docker.elastic.co/beats/elastic-agent
+Press Ctrl+C to exit
+Not watching for changes...
+WARN[0003] unable to get owner from reference: {apps/v1 DaemonSet elastic-agent-standalone 0c579ec4-319a-4e85-99ec-c409260cb6ce 0xc000f950a0 0xc000f950a1}  subtask=-1 task=DevLoop
+Port forwarding pod/elastic-agent-standalone-lgr9d in namespace kube-system, remote port 56268 -> http://127.0.0.1:56268
+```
+The last line of the output tells us where to connect our debugger ;)
+(it's always 56268 unless that port is busy, in which case skaffold will try to increment it until it finds one that can be bound).
+The debug session will continue until we hit `Ctrl+C` to stop the debug and start the cleanup
+
+## Quickstart (the easy way)
+
+Check [Google cloud code extension](https://cloud.google.com/code/docs) to do away with the terminal and to have Run/Debug configuration directly in your IDE (if supported)
+

skaffold.yaml

@@ -0,0 +1,57 @@
+apiVersion: skaffold/v4beta5
+kind: Config
+metadata:
+  name: elastic-agent
+build:
+  local:
+    push: false
+    useBuildkit: false
+    useDockerCLI: true
+  artifacts:
+    - image: docker.elastic.co/beats/elastic-agent
+      docker:
+        dockerfile: Dockerfile.skaffold
+        noCache: false
+        pullParent: false
+        squash: false
+profiles:
+  - name: elastic-agent-standalone
+    manifests:
+      kustomize:
+        paths: ["deploy/skaffold"]
+      hooks:
+        before:
+          - host:
+              os: ["linux", "macos"]
+              command:
+              - cp
+              - deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml
+              - deploy/skaffold/elastic-agent-kubernetes.yaml
+          - host:
+              os: ["windows"]
+              command:
+              - copy
+              - /Y
+              - deploy\kubernetes\elastic-agent-standalone-kubernetes.yaml
+              - deploy\skaffold\elastic-agent-kubernetes.yaml
+  - name: elastic-agent-managed
+    manifests:
+      kustomize:
+        paths: ["deploy/skaffold"]
+      hooks:
+        before:
+          - host:
+              os: ["linux", "macos"]
+              command:
+              - cp
+              - deploy/kubernetes/elastic-agent-managed-kubernetes.yaml
+              - deploy/skaffold/elastic-agent-kubernetes.yaml
+          - host:
+              os: ["windows"]
+              command:
+              - copy
+              - /Y
+              - deploy\kubernetes\elastic-agent-managed-kubernetes.yaml
+              - deploy\skaffold\elastic-agent-kubernetes.yaml
+deploy:
+  kubectl: {}