elastic / elastic-agent

Elastic Agent Architecture and Internals • Agent architecture • Component spec files • Policy configuration Official Documentation See https://www.elastic.co/guide/en/fleet/current/index.html. The source files for the official Elastic Agent documentation are currently stored in the ingest-docs repository. Contributing See CONTRIBUTING.md. Developing The following are exclusively focused on getting developers started building code for Elastic Agent. Development Installations > :warning: Development installations are not officially supported and are intended for Elastic Agent developers. If you are an Elastic employee, you already have an Information Security managed Elastic Agent installed on your machine for endpoint protection. This prevents you from installing the Elastic Agent a second time for development without using a VM or Docker container. To eliminate this point of friction, Elastic Agent has a development mode that permits installing the Elastic Agent on your machine a second time: Using the option will install the agent in an isolated agent directory in the chosen base path. Development agents enrolled in Fleet will have the tag added automatically. Using the default base path on MacOS you will see: The command in the shell is replaced with to interact with the development agent: The primary restriction of installations is that they cannot run Elastic Defend. Defend requires the agent to be in the default path, the same restrictions applies for the option. All other integrations should be usable provided conflicting configurations are changed ahead of time. For example two agents cannot bind to the same to expose their monitoring servers. Test Framework In addition to standard Go tests, changes to the Elastic Agent are always installed and tested on cross-platform virtual machines. For details on writing and running tests see the Test Framework Developer Guide. Changelog The changelog for the Elastic Agent is generated and maintained using the elastic-agent-changelog-tool. Read the installation and usage instructions to get started. The changelog tool produces fragment files that are consolidated to generate a changelog for each release. Each PR containing a change with user impact (new feature, bug fix, etc.) must contain a changelog fragment describing the change. There is a GitHub action in CI that will fail if a PR does not contain a changelog fragment. For PRs that should not have a changelog entry, use the "skip-changelog" label to bypass this check. A simple example of a changelog fragment is below for reference: Packaging Prerequisites: • Running once after cloning or pulling the beats submodule for the first time. • installed mage • Docker • beats to pre-exist in the parent folder of the local Git repository checkout if, and only if, packaging with to package the beats as well • elastic-agent-changelog-tool to add changelog fragments for changelog generation To build a local version of the agent for development, run the command below. The following platforms are supported: • darwin/amd64 • darwin/arm64 • linux/amd64 • linux/arm64 • windows/amd64 The resulting package will be produced in the build/distributions directory. The version is controlled by the value in version.go. To install the agent extract the package and run the install command: For basic use the agent binary can be run directly, with the command. Packaging for other architectures When packaging for an architecture different than the host machine, you might face the following error: If that happens, enable is to enable an execution of different multi-architecture containers by QEMU and binfmt_misc: Docker Running Elastic Agent in a docker container is a common use case. To build the Elastic Agent and create a docker image run the following command: If you are in the 7.13 branch, this will create the image in your local environment. Now you can use this to for example test this container with the stack in elastic-package: Please note that the docker container is built in standard, 'service', 'cloud' and 'complete' variants. The variants technical specificities can be found here. • The 'service' variant contains python libs and connectors that allows it to collect data using search_connectors. • The 'cloud' variant is the one used for ESS deployment. • The 'complete' variant contains extra files, like the chromium browser, that are too large for the standard variant which allows this docker image to run Synthetics. Testing Elastic Agent on Kubernetes Prerequisites • create kubernetes cluster using kind, check here for details • deploy kube-state-metrics, check here for details • deploy required infrastructure: • for elastic agent in standalone mode: EK stack or use elastic cloud, check here for details • for managed mode: use elastic cloud or bring up the stack on docker and then connect docker network with kubernetes kind nodes: • Build elastic-agent: Use environmental variables and to specify PLATFORMS variable accordingly. eg. • Build docker image: • Load this image in your kind cluster: • Deploy agent with that image: • download all-in-ome manifest for elastic-agent in standalone or managed mode, change version if needed • Modify downloaded manifest: • change image name to the one, that was created in the previous step and add : • set environment variables accordingly to the used setup. Elastic-agent in standalone mode: set , , . Elastic-agent in managed mode: set and . • create • Check status of elastic-agent: Testing on Elastic Cloud Elastic employees can create an Elastic Cloud deployment with a locally built Elastic Agent, by pushing images to an internal Docker repository. The images will be based on the SNAPSHOT images with the version defined in . Prerequisite to running following commands is having installed and running from within . Running a shorthand in will build Agent, tag the docker image correctly, push it to the repository and deploy to Elasti…