Use Kustomize to build elastic-agent manifests for both managed and standalone more

[gsantoro]

What does this PR do?

Use Kustomize to simplify building manifest for elastic-agent both for managed and standalone mode.

Why is it important?

This PR reduces the amount of boiler plate code needed to build manifests for elastic-agent. Some enhancements:

• we can also install kube-state-metrics just by adding an extra resource github.com/kubernetes/kube-state-metrics?ref=main to common/kustomization.yml
• most of the resources (aka roles, role-binding, service accounts, cluster-role, cluster-role binding) are exactly the same for both standalone and managed mode. This reduces massively the amount of duplication.
• some resources (like config maps and extra roles and role bindings) are only necessary in standalone mode. There is no need to duplicates them in both mode
• it makes possible to customise environment variables without changing the manifests . Default values for those environment variables are provided in .env files under dev-tools/kubernetes/base//.env (added to git) while custom values are under dev-tools/kubernetes/overlays//.env (those should not be under git. that's why they are added to .gitignore).
• namespace references are only present in kustomization.yml files. It is easier to deploy all resources to a separate namespace
• overlays can be used to customize the docker image tag of the elastic-agent without changing the manifest parts
• Common resources have generic names so that you can use prefixes specific to the mode you want to deploy (eg. elastic-agent-standalone- or elastic-agent-managed). This enables to deploy standalone and managed agents side by side.
• comments in manifest parts are removed in the final manifest
• yaml code is pretty formatted when the final manifest is generated

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool

Author's Checklist

• You can deploy elastic-agent in both standalone and managed modes

How to test this PR locally

Related issues

• Closes Use Kustomize.io to build elastic-agent manifests for k8s #1668

Use cases

Screenshots

Logs

[mergify]

This pull request does not have a backport label. Could you fix it @gsantoro? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-01-17T16:28:02.524+0000

• Duration: 18 min 18 sec

Test stats 🧪

Test	Results
Failed	0
Passed	4825
Skipped	13
Total	4838

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages.

• run integration tests : Run the Elastic Agent Integration tests.

• run end-to-end tests : Generate the packages and run the E2E Tests.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[gizas]

I think following part can also be splitted to multilple overalys.

We want to have needed mounts for observability and extra ones that imposed from security

[gsantoro]

do you mind elaborate a bit more on the topic. I vaguely recollect some suggestions from the security team but I wouldn't know how to change this part of the manifest

[gizas]

I would suggest to put namespace as variable here

[gsantoro]

I don't think you can use a variable from an .env file in the kustomization.yml file (which is where I set the namespace for all the resources)

[gizas]

Can we have as boolean on/off options the ability to install kube state metrics here?
By default to be on

[gsantoro]

I don't think so. This env file is only used to create a configmap and I don't think we can use an env variable from a configmap to decide if we want to add a manifest based on that. We could use an overlay with an extra resource to install or not the kube-state-metrics

[gizas]

But then we will need to edit the kustomize.yaml.

Maybe we can think that we can provide diffrent kustomzation files ?
eg kustomize-ksmenabled, kustomize-ksmdisabled?

[gsantoro]

yes, I believe we have to go that way. Different overlays for different behaviours

[gizas]

1st Option:
A tool worth looking:
https://carvel.dev/ytt/
So we would like to provide some basic YAML templating and then kustomize installation.

2nd Option:
Maybe our new MAKEFILE that we can run and produce specific kustomize folders and run as oneliner command?

[gsantoro]

I heard about ytt but it seemed way too complicated compared to kustomize. Should we create another issue with the list of requirements before diving into ytt?

[gizas]

Summarising some small comments from relevant slack commnication:

For first iteration of this effort:

• Only default elastic-agent managed and standalone scenarios to be implemented. Any extra scenarios to be defined in extra stories
• Include installation of KSM as part of the resources file. We would like ideally the UX to be that with one command to install all needed resources
• Namespace and toggle option of KSM installation to be provided
• Correlation between our manifest files with specific KSM by default. I guess this also be an env variable which can be overrided if user wants on runtime

Extra stories:

• Documentation story - TBD
• Story to add this functionality to kibana TBD
• Alighnement with main https://github.com/elastic/observability-dev/issues/2410

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	98.305% (58/59)	👍
Files	69.268% (142/205)	👍
Classes	69.231% (270/390)	👍
Methods	54.047% (828/1532)	👍
Lines	39.229% (9001/22945)	👎 -0.031
Conditionals	100.0% (0/0)	💚

[ChrsMark]

Just out of curiosity, why all these settings are commented out?

[gsantoro]

they are mostly left there for documentation. We should address them (one way or another) in the next update about on this topic.

[ChrsMark]

But when those vars should be uncommented?

[gsantoro]

I have created this PR to fix this