Kubernetes standalone manifest: remove STATE_PATH, replace initcontainer image

[tetianakravchenko]

What does this PR do?

• remove STATE_PATH
• in case hints are used - inputs.d with all templates will be stored under /usr/share/elastic-agent/state
• replaced busybox image with the image used for the main container docker.elastic.co/beats/elastic-agent to avoid TLS errors

Why is it important?

• remove STATE_PATH - to use the default config location - /usr/share/elastic-agent/state, in this location hostPath is mounted to store the agent state
• replaced busybox - to remove extra dependency and use the same image that is already used for the main container. With the busybox:1.28 image I got this error wget: TLS error from peer (alert code 80): 80, after updating the image to the latest version (1.36) I still got wget: note: TLS certificate validation not implemented, even though it is not the error, but as suggested in this issue - TLS support docker-library/busybox#64 (comment) busybox shouldn't be used.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool
• I have added an integration test or an E2E test

Author's Checklist

• [ ]

How to test this PR locally

1. Deploy elastic-agent-standalon with uncommented hints related comments
2. deploy redis pod:

apiVersion: v1
kind: Pod
metadata:
  name: redis
  annotations:
    co.elastic.hints/package: redis
    co.elastic.hints/data_streams: info, key
    co.elastic.hints/host: '${kubernetes.pod.ip}:6379'
    co.elastic.hints/info.period: 5s
    co.elastic.hints/key.period: 5s
  labels:
    k8s-app: redis
    app: redis
spec:
  containers:
  - image: redis
    imagePullPolicy: IfNotPresent
    name: redis
    ports:
    - name: redis
      containerPort: 6379
      protocol: TCP

3. run to check templates are present:

kubectl exec -it elastic-agent-standalone-6bmrm bash
...
Defaulted container "elastic-agent-standalone" out of: elastic-agent-standalone, k8s-templates-downloader (init)
root@kind-control-plane:/usr/share/elastic-agent# ls state/inputs.d/
activemq.yml   checkpoint.yml      ....

4. check the /elastic-agent inspect -v --variables --variables-wait 2s

inspect.yaml.txt

Related issues

• Relates [Standalone manifest] use hostPath to store elastic-agent state #4611

Use cases

Screenshots

redis metrics are ingested:

Logs

Questions to ask yourself

• How are we going to support this in production?
• How are we going to measure its adoption?
• How are we going to debug this?
• What are the metrics I should take care of?
• ...

[mergify]

This pull request does not have a backport label. Could you fix it @tetianakravchenko? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

[tetianakravchenko]

reason: with busybox:1.28 error:

wget: TLS error from peer (alert code 80): 80
wget: error getting response: Connection reset by peer

with the latest busybox image:

Connecting to github.com (140.82.121.3:443)
wget: note: TLS certificate validation not implemented

it is not an error, see docker-library/busybox#64 but as suggested in this issue should be used image with openssl and ca-certificates.
Option would be to use an alpine image, but since docker.elastic.co/beats/elastic-agent has curl that can be used to download templates, I think it makes sense to remove extra image dependency

[gizas]

@tetianakravchenko can you provide here the outcome from inside elastic-agent?

/elastic-agent inspect -v --variables --variables-wait 2s

This way we would be sure that all config template files are part of agent policy

[gizas]

Also once this PR is merged we need to update instructions here https://www.elastic.co/guide/en/fleet/current/hints-annotations-autodiscovery.html#_configure_hints_autodiscovery

[tetianakravchenko]

@tetianakravchenko can you provide here the outcome from inside elastic-agent?

@gizas I've attached it in the description in How to test this PR locally

[tetianakravchenko]

Also once this PR is merged we need to update instructions here https://www.elastic.co/guide/en/fleet/current/hints-annotations-autodiscovery.html#_configure_hints_autodiscovery

@gizas I've opened this PR elastic/ingest-docs#1050 as a draft to not forget it

[gizas]

Minor in the 'How to test', first is the deploy redis and then the inspect

[tetianakravchenko]

/test

[tetianakravchenko]

/test

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube