From 4b51116aa0ba5a55a9e149b46974da4d97182b2a Mon Sep 17 00:00:00 2001 From: Karl Godard Date: Mon, 21 Nov 2022 08:48:00 -0800 Subject: [PATCH 1/9] Added a spec for new cloud_defend beat. --- internal/pkg/agent/application/monitoring/v1_monitor.go | 4 ++-- pkg/component/load_test.go | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/internal/pkg/agent/application/monitoring/v1_monitor.go b/internal/pkg/agent/application/monitoring/v1_monitor.go index 8aa7f58d1ca..4353201f998 100644 --- a/internal/pkg/agent/application/monitoring/v1_monitor.go +++ b/internal/pkg/agent/application/monitoring/v1_monitor.go @@ -54,8 +54,8 @@ const ( ) var ( - supportedComponents = []string{"filebeat", "metricbeat", "apm-server", "auditbeat", "cloudbeat", "endpoint-security", "fleet-server", "heartbeat", "osquerybeat", "packetbeat"} - supportedBeatsComponents = []string{"filebeat", "metricbeat", "apm-server", "auditbeat", "cloudbeat", "heartbeat", "osquerybeat", "packetbeat"} + supportedComponents = []string{"filebeat", "metricbeat", "apm-server", "auditbeat", "cloudbeat", "cloud-defend", "endpoint-security", "fleet-server", "heartbeat", "osquerybeat", "packetbeat"} + supportedBeatsComponents = []string{"filebeat", "metricbeat", "apm-server", "auditbeat", "cloudbeat", "cloud-defend", "heartbeat", "osquerybeat", "packetbeat"} ) // Beats monitor is providing V1 monitoring support. diff --git a/pkg/component/load_test.go b/pkg/component/load_test.go index f9d88ebba26..2133655d75f 100644 --- a/pkg/component/load_test.go +++ b/pkg/component/load_test.go @@ -59,6 +59,10 @@ func TestLoadSpec_Components(t *testing.T) { Name: "Cloudbeat", Path: "cloudbeat.spec.yml", }, + { + Name: "Cloud Defend", + Path: "cloud-defend.spec.yml", + }, { Name: "Endpoint Security", Path: "endpoint-security.spec.yml", From 2e39c39ce57617f45059fa5ad50d74e99da7bbb2 Mon Sep 17 00:00:00 2001 From: Karl Godard Date: Mon, 21 Nov 2022 08:54:23 -0800 Subject: [PATCH 2/9] Added a spec for new cloud_defend beat. --- specs/cloud-defend.spec.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 specs/cloud-defend.spec.yml diff --git a/specs/cloud-defend.spec.yml b/specs/cloud-defend.spec.yml new file mode 100644 index 00000000000..901eb7d16d8 --- /dev/null +++ b/specs/cloud-defend.spec.yml @@ -0,0 +1,14 @@ +version: 2 +inputs: + - name: cloud_defend + description: "Cloud defend for containers" + platforms: &platforms + - container/amd64 + - container/arm64 + outputs: &outputs + - elasticsearch + command: + args: &args + - "run" + - "--fleet-managed" + - "--process-managed" From bcb65f06b9737576dd6b0971f2a7c847429ef031 Mon Sep 17 00:00:00 2001 From: Karl Godard Date: Mon, 21 Nov 2022 09:11:23 -0800 Subject: [PATCH 3/9] added changelog --- .../1669049916-CHANGELOG.asciidoc.yaml | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 changelog/fragments/1669049916-CHANGELOG.asciidoc.yaml diff --git a/changelog/fragments/1669049916-CHANGELOG.asciidoc.yaml b/changelog/fragments/1669049916-CHANGELOG.asciidoc.yaml new file mode 100644 index 00000000000..5951a427f83 --- /dev/null +++ b/changelog/fragments/1669049916-CHANGELOG.asciidoc.yaml @@ -0,0 +1,31 @@ +# Kind can be one of: +# - breaking-change: a change to previously-documented behavior +# - deprecation: functionality that is being removed in a later release +# - bug-fix: fixes a problem in a previous version +# - enhancement: extends functionality but does not break or fix existing behavior +# - feature: new functionality +# - known-issue: problems that we are aware of in a given version +# - security: impacts on the security of a product or a user’s deployment. +# - upgrade: important information for someone upgrading from a prior version +# - other: does not fit into any of the other categories +kind: feature + +# Change summary; a 80ish characters long description of the change. +summary: Adds support for a new beat for container drift prevention. + +# Long description; in case the summary is not enough to describe the change +# this field accommodate a description without length limits. +#description: + +# Affected component; a word indicating the component this changeset affects. +component: cloud-defend + +# PR number; optional; the PR number that added the changeset. +# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added. +# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number. +# Please provide it if you are adding a fragment for a different PR. +pr: 1764 + +# Issue number; optional; the GitHub issue related to this changeset (either closes or is part of). +# If not present is automatically filled by the tooling with the issue linked to the PR number. +#issue: 1234 From cecec7fa0c6dc4eb3bd0cbb030324cb15226233b Mon Sep 17 00:00:00 2001 From: Karl Godard Date: Mon, 21 Nov 2022 10:03:10 -0800 Subject: [PATCH 4/9] readded default env vars to spec --- specs/cloud-defend.spec.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/specs/cloud-defend.spec.yml b/specs/cloud-defend.spec.yml index 901eb7d16d8..a74d1382cdf 100644 --- a/specs/cloud-defend.spec.yml +++ b/specs/cloud-defend.spec.yml @@ -9,6 +9,16 @@ inputs: - elasticsearch command: args: &args + - "-E" + - "logging.level=debug" + - "-E" + - "management.enabled=true" + - "-E" + - "setup.ilm.enabled=false" + - "-E" + - "setup.template.enabled=false" + - "-E" + - "gc_percent=${CLOUDDEFEND_GOGC:100}" - "run" - "--fleet-managed" - "--process-managed" From a34df5da44d853b2fbc23700858f4f1c0d577633 Mon Sep 17 00:00:00 2001 From: Karl Godard Date: Mon, 21 Nov 2022 10:33:27 -0800 Subject: [PATCH 5/9] removed default beat env vars --- specs/cloud-defend.spec.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/specs/cloud-defend.spec.yml b/specs/cloud-defend.spec.yml index a74d1382cdf..901eb7d16d8 100644 --- a/specs/cloud-defend.spec.yml +++ b/specs/cloud-defend.spec.yml @@ -9,16 +9,6 @@ inputs: - elasticsearch command: args: &args - - "-E" - - "logging.level=debug" - - "-E" - - "management.enabled=true" - - "-E" - - "setup.ilm.enabled=false" - - "-E" - - "setup.template.enabled=false" - - "-E" - - "gc_percent=${CLOUDDEFEND_GOGC:100}" - "run" - "--fleet-managed" - "--process-managed" From d662cec60b8a473ab5cf110679f2488f01a27377 Mon Sep 17 00:00:00 2001 From: Karl Godard Date: Mon, 21 Nov 2022 15:00:10 -0800 Subject: [PATCH 6/9] Update internal/pkg/agent/application/monitoring/v1_monitor.go Co-authored-by: Craig MacKenzie --- internal/pkg/agent/application/monitoring/v1_monitor.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/pkg/agent/application/monitoring/v1_monitor.go b/internal/pkg/agent/application/monitoring/v1_monitor.go index 4353201f998..79c9574bfc0 100644 --- a/internal/pkg/agent/application/monitoring/v1_monitor.go +++ b/internal/pkg/agent/application/monitoring/v1_monitor.go @@ -55,7 +55,7 @@ const ( var ( supportedComponents = []string{"filebeat", "metricbeat", "apm-server", "auditbeat", "cloudbeat", "cloud-defend", "endpoint-security", "fleet-server", "heartbeat", "osquerybeat", "packetbeat"} - supportedBeatsComponents = []string{"filebeat", "metricbeat", "apm-server", "auditbeat", "cloudbeat", "cloud-defend", "heartbeat", "osquerybeat", "packetbeat"} + supportedBeatsComponents = []string{"filebeat", "metricbeat", "apm-server", "auditbeat", "cloudbeat", "heartbeat", "osquerybeat", "packetbeat"} ) // Beats monitor is providing V1 monitoring support. From 1d08eca67d71f058346702dadbeec8007b8e66d8 Mon Sep 17 00:00:00 2001 From: Karl Godard Date: Mon, 21 Nov 2022 15:02:36 -0800 Subject: [PATCH 7/9] updated changelog description. --- changelog/fragments/1669049916-CHANGELOG.asciidoc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog/fragments/1669049916-CHANGELOG.asciidoc.yaml b/changelog/fragments/1669049916-CHANGELOG.asciidoc.yaml index 5951a427f83..6582f2404a6 100644 --- a/changelog/fragments/1669049916-CHANGELOG.asciidoc.yaml +++ b/changelog/fragments/1669049916-CHANGELOG.asciidoc.yaml @@ -11,7 +11,7 @@ kind: feature # Change summary; a 80ish characters long description of the change. -summary: Adds support for a new beat for container drift prevention. +summary: Adds support for a new executable used to prevent container drift. # Long description; in case the summary is not enough to describe the change # this field accommodate a description without length limits. From d38e018c84a7954f1ed394e6bd07df20ce754643 Mon Sep 17 00:00:00 2001 From: Karl Godard Date: Tue, 29 Nov 2022 10:41:56 -0800 Subject: [PATCH 8/9] fixed merge issue --- internal/pkg/agent/application/monitoring/v1_monitor.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/internal/pkg/agent/application/monitoring/v1_monitor.go b/internal/pkg/agent/application/monitoring/v1_monitor.go index 7a757211909..2a7efc8e9f3 100644 --- a/internal/pkg/agent/application/monitoring/v1_monitor.go +++ b/internal/pkg/agent/application/monitoring/v1_monitor.go @@ -56,8 +56,6 @@ const ( var ( supportedComponents = []string{"filebeat", "metricbeat", "apm-server", "auditbeat", "cloudbeat", "cloud-defend", "endpoint-security", "fleet-server", "heartbeat", "osquerybeat", "packetbeat"} supportedBeatsComponents = []string{"filebeat", "metricbeat", "apm-server", "fleet-server", "auditbeat", "cloudbeat", "heartbeat", "osquerybeat", "packetbeat"} - - supportedBeatsComponents = []string{"filebeat", "metricbeat", "apm-server", "auditbeat", "cloudbeat", "heartbeat", "osquerybeat", "packetbeat"} ) // BeatsMonitor is providing V1 monitoring support for metrics and logs for endpoint-security only. From 42a1f47e8168c21bfc4e7dd735a41a276d9ae768 Mon Sep 17 00:00:00 2001 From: Karl Godard Date: Tue, 29 Nov 2022 10:44:47 -0800 Subject: [PATCH 9/9] lint fix --- internal/pkg/agent/application/monitoring/v1_monitor.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/pkg/agent/application/monitoring/v1_monitor.go b/internal/pkg/agent/application/monitoring/v1_monitor.go index 2a7efc8e9f3..77d6525f59e 100644 --- a/internal/pkg/agent/application/monitoring/v1_monitor.go +++ b/internal/pkg/agent/application/monitoring/v1_monitor.go @@ -55,7 +55,7 @@ const ( var ( supportedComponents = []string{"filebeat", "metricbeat", "apm-server", "auditbeat", "cloudbeat", "cloud-defend", "endpoint-security", "fleet-server", "heartbeat", "osquerybeat", "packetbeat"} - supportedBeatsComponents = []string{"filebeat", "metricbeat", "apm-server", "fleet-server", "auditbeat", "cloudbeat", "heartbeat", "osquerybeat", "packetbeat"} + supportedBeatsComponents = []string{"filebeat", "metricbeat", "apm-server", "fleet-server", "auditbeat", "cloudbeat", "heartbeat", "osquerybeat", "packetbeat"} ) // BeatsMonitor is providing V1 monitoring support for metrics and logs for endpoint-security only.