Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add missing kube-api resources from managed agent manifest #381

Merged
merged 6 commits into from
May 10, 2022

Conversation

oren-zohar
Copy link
Contributor

What does this PR do?

In order for cloudbeat kube-api fetcher to work properly, we need to update the agent-managed manifest with permissions related to kube-api resources.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@oren-zohar oren-zohar requested a review from a team as a code owner April 27, 2022 15:59
@oren-zohar oren-zohar requested review from aleksmaus and narph and removed request for a team April 27, 2022 15:59
@mergify
Copy link
Contributor

mergify bot commented Apr 27, 2022

This pull request does not have a backport label. Could you fix it @oren-zohar? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

@oren-zohar oren-zohar added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label Apr 27, 2022
@elasticmachine
Copy link
Contributor

elasticmachine commented Apr 27, 2022

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-05-10T10:12:14.729+0000

  • Duration: 20 min 37 sec

Test stats 🧪

Test Results
Failed 0
Passed 3849
Skipped 21
Total 3870

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages.

  • run integration tests : Run the Elastic Agent Integration tests.

  • run end-to-end tests : Generate the packages and run the E2E Tests.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@ph ph requested review from ChrsMark and blakerouse April 27, 2022 19:09
@ph
Copy link
Contributor

ph commented Apr 27, 2022

@blakerouse or @ChrsMark Can you take a look?

@blakerouse
Copy link
Contributor

I am going to have to defer to @ChrsMark, I do not know why it would need those permissions. Being that its related to that data-plane and not the control-plane (as Elastic Agent doesn't need that information for the the kubernetes dynamic input service).

@elasticmachine
Copy link
Contributor

elasticmachine commented May 4, 2022

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 95.652% (66/69) 👍
Files 69.524% (146/210) 👍
Classes 69.194% (292/422) 👍
Methods 52.493% (800/1524) 👍
Lines 38.726% (8596/22197) 👎 -0.005
Conditionals 100.0% (0/0) 💚

Copy link
Member

@ChrsMark ChrsMark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We had a chat with @tonymeehan and it seems that we can proceed with this one for now and follow-up on documenting in detail why these permissions are needed and what happens if someone disable them. I think the most suitable place for this would be https://www.elastic.co/guide/en/fleet/master/running-on-kubernetes-managed-by-fleet.html.

Another thing that we need to think of is how we treat changes in those manifests and more specifically if a change in those manifests can be considered a breaking change for users. My perspective is that so far we didn't treat those manifests the similar way we do with core codebase regarding breaking changes which means that we can remove/update specs/settings even if that breaks things.

@oren-zohar
Copy link
Contributor Author

@ChrsMark I opened an issue to track the documentation part. Merging is blocked for me so if you can please grant me merging rights or merge it yourself that would be great.

Copy link
Member

@ChrsMark ChrsMark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR would require some extra changes so as to be merged:

  1. I see that only the managed version is updated. Is this intentional? I would suggest ensuring same level of roles/permissions in both standalone and managed.
  2. Files in https://github.com/elastic/elastic-agent/tree/main/deploy/kubernetes/elastic-agent-standalone and https://github.com/elastic/elastic-agent/tree/main/deploy/kubernetes/elastic-agent-managed should be updated too properly. Actually changes should take place first in these files and then running make all at top level should update the full files too. This should had been catched by our CI here, since it was like this in Beats repo. @narph do you know why this is not happening here?

Copy link
Member

@ChrsMark ChrsMark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good. However we need to make sure that process of updating these files is robust by using make all and that CI will ensure that no inconsistencies exist (cc: @narph )

@@ -1,4 +1,4 @@
:stack-version: 8.0.0
:stack-version: 8.2.0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@narph it seems that this was needed so as to the make all to generate the proper final manifests. Could you verify this please? Also we need to figure out why the CI didn't complain about the previous commits.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this pr #417 should update version and add check in CI

@ChrsMark ChrsMark merged commit 63b682f into elastic:main May 10, 2022
@oren-zohar oren-zohar deleted the managed-manifest-update branch May 10, 2022 12:14
v1v added a commit to v1v/elastic-agent that referenced this pull request May 18, 2022
…use-orka

* 'main' of github.com:elastic/elastic-agent: (23 commits)
  [Automation] Update go release version to 1.17.10 (elastic#432)
  [Automation] Update elastic stack version to 8.3.0-4149272f for testing (elastic#435)
  [Automation] Update elastic stack version to 8.3.0-19aba912 for testing (elastic#430)
  Add extra k8s resources in clusterRole (elastic#424)
  [Automation] Update elastic stack version to 8.3.0-8ee1196f for testing (elastic#422)
  [Automation] Update elastic stack version to 8.3.0-53513548 for testing (elastic#421)
  Add tags option during enroll/install (elastic#336)
  validate kubernetes templates in .CI (elastic#417)
  add missing kube-api resources from managed agent manifest (elastic#381)
  Create snyk-scan.yml (elastic#397)
  [Automation] Update elastic stack version to 8.3.0-d380914f for testing (elastic#414)
  [Automation] Update elastic stack version to 8.3.0-5c1ff35f for testing (elastic#413)
  [Automation] Update elastic stack version to 8.3.0-6ba9f710 for testing (elastic#410)
  [Automation] Update elastic stack version to 8.3.0-a1c5cfff for testing (elastic#406)
  [Automation] Update elastic stack version to 8.3.0-7f585873 for testing (elastic#401)
  [Automation] Update elastic stack version to 8.3.0-0b6ea9f2 for testing (elastic#399)
  ci: enable coverage (elastic#377)
  Remove last dependencies on beats repo (elastic#387)
  Remove dependency on libbeat (elastic#344)
  [Automation] Update elastic stack version to 8.3.0-cb2ce38c for testing (elastic#383)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-skip Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants