Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Cloud Security] Default CSPM integration to use Agentless as the setup technology. #205965

Merged
merged 12 commits into from
Jan 15, 2025
Merged

[Cloud Security] Default CSPM integration to use Agentless as the setup technology. #205965

merged 12 commits into from
Jan 15, 2025

Conversation

seanrathier
Copy link
Contributor

@seanrathier seanrathier commented Jan 8, 2025
edited by kibanamachine
Loading

Summary

This PR prepares Fleet to default the agent deployment option to Agentless.

Key Changes:

  1. Default Agent Deployment Mode: Simplified the process to set the default agent deployment mode to Agentless for Fleet extensions like CSPM and common extensions like Asset Inventory
  2. Agentless and Package Policy State: Enabled the creation of agentless and package policy state upon loading the agentless-enable integration. This change is required if Agentless is the default option
  3. Efficiency Improvements:

These changes allow the agentless integration to default to Agentless deployment and improve the performance of the Fleet setup.

Depends on elastic/package-spec#850
Depends on elastic/package-registry#1263

Closes

Checklist

Reviewers should verify this PR satisfies this list as well.

  • Unit or functional tests were updated or added to match the most common scenarios
  • The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines

@seanrathier seanrathier force-pushed the default-cspm-agentless branch from 5f73293 to 5adad08 Compare January 9, 2025 01:13
@seanrathier seanrathier force-pushed the default-cspm-agentless branch from fe67912 to d449e9a Compare January 10, 2025 14:08
@seanrathier seanrathier self-assigned this Jan 10, 2025
@seanrathier seanrathier added Team:Cloud Security Cloud Security team related backport:prev-minor Backport to (9.0) the previous minor version (i.e. one version back from main) release_note:skip Skip the PR/issue when compiling release notes ci:project-deploy-security Create a Security Serverless Project labels Jan 10, 2025
@seanrathier seanrathier marked this pull request as ready for review January 10, 2025 14:55
@seanrathier seanrathier requested review from a team as code owners January 10, 2025 14:55
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security)

@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Jan 10, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

Omolola-Akinleye
Omolola-Akinleye reviewed Jan 10, 2025
View reviewed changes
Copy link
Contributor

@Omolola-Akinleye Omolola-Akinleye left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks Awesome! Just few suggestions and comments to understand if there side effects.

@Omolola-Akinleye
Copy link
Contributor

After testing the PR in Build's security deployment, the default option is still Agent-based.

@seanrathier seanrathier mentioned this pull request Jan 13, 2025
Closed
5 tasks
@seanrathier
Copy link
Contributor Author

After testing the PR in Build's security deployment, the default option is still Agent-based.

@Omolola-Akinleye, it is intentionally still defaulting to agent-based. This PR is in preparation for the changes and can be merged today.

When we merge the following we will have agentless as the default selected option

  1. package spec change to allow is_default
  2. Fleet changes to support the is_default setting
  3. Change the CSPM and Asset Inventory integrations

I could have easily set the default selected value in the CSPM Fleet extension code, however, I would like us not to drift too far from the Fleet platform so that when the time comes to use the Fleet UI we will not be in a "super bad spot".

juliaElastic
juliaElastic approved these changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@juliaElastic juliaElastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@seanrathier seanrathier enabled auto-merge (squash) January 15, 2025 15:05
@Omolola-Akinleye
Copy link
Contributor

LGTM! Okay got it sorry for the confusion

@elasticmachine
Copy link
Contributor

elasticmachine commented Jan 15, 2025
edited
Loading

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
cloudSecurityPosture 520.7KB 520.8KB +98.0B
fleet 1.7MB 1.7MB -170.0B
total -72.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
fleet 170.8KB 170.9KB +108.0B
Unknown metric groups

ESLint disabled line counts

id before after diff
fleet 48 45 -3

Total ESLint disabled count

id before after diff
fleet 60 57 -3

History

cc @seanrathier

@seanrathier seanrathier merged commit c30212f into elastic:main Jan 15, 2025
8 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/12793380996

@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
8.x Backport failed because of merge conflicts

Manual backport

To create the backport manually run:

node scripts/backport --pr 205965

Questions ?

Please refer to the Backport tool documentation

@seanrathier seanrathier mentioned this pull request Jan 16, 2025
Merged
@seanrathier
Copy link
Contributor Author

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

seanrathier added a commit to seanrathier/kibana that referenced this pull request Jan 16, 2025
@seanrathier
[Cloud Security] Default CSPM integration to use Agentless as the set…
f9fc626 
…up technology. (elastic#205965)

(cherry picked from commit c30212f)

# Conflicts:
#	x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts
@seanrathier
Copy link
Contributor Author

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

seanrathier added a commit to seanrathier/kibana that referenced this pull request Jan 16, 2025
@seanrathier
[Cloud Security] Default CSPM integration to use Agentless as the set…
bf0bcc0 
…up technology. (elastic#205965)

(cherry picked from commit c30212f)

# Conflicts:
#	x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts
@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jan 16, 2025
@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

1 similar comment
@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@seanrathier
Copy link
Contributor Author

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

seanrathier added a commit to seanrathier/kibana that referenced this pull request Jan 20, 2025
@seanrathier
[Cloud Security] Default CSPM integration to use Agentless as the set…
0e2f5c0 
…up technology. (elastic#205965)

(cherry picked from commit c30212f)

# Conflicts:
#	x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 205965 locally

seanrathier added a commit to seanrathier/kibana that referenced this pull request Jan 21, 2025
@seanrathier
[Cloud Security] Default CSPM integration to use Agentless as the set…
03b4fcc 
…up technology. (elastic#205965)

(cherry picked from commit c30212f)

# Conflicts:
#	x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts
@seanrathier
Copy link
Contributor Author

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

seanrathier added a commit that referenced this pull request Jan 22, 2025
@seanrathier
[8.x] [Cloud Security] Default CSPM integration to use Agentless as t…
3f65476 
…he setup technology. (#205965) (#206985)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Cloud Security] Default CSPM integration to use Agentless as the
setup technology.
(#205965)](#205965)

<!--- Backport version: 9.6.4 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT
[{"author":{"name":"seanrathier","email":"sean.rathier@gmail.com"},"sourceCommit":{"committedDate":"2025-01-15T17:07:02Z","message":"[Cloud
Security] Default CSPM integration to use Agentless as the setup
technology.
(#205965)","sha":"c30212f9c0d091bd2564592ac21a6ef2f30368c8","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","Team:Cloud
Security","backport:prev-minor","ci:project-deploy-security"],"title":"[Cloud
Security] Default CSPM integration to use Agentless as the setup
technology.","number":205965,"url":"https://github.com/elastic/kibana/pull/205965","mergeCommit":{"message":"[Cloud
Security] Default CSPM integration to use Agentless as the setup
technology.
(#205965)","sha":"c30212f9c0d091bd2564592ac21a6ef2f30368c8"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/205965","number":205965,"mergeCommit":{"message":"[Cloud
Security] Default CSPM integration to use Agentless as the setup
technology.
(#205965)","sha":"c30212f9c0d091bd2564592ac21a6ef2f30368c8"}}]}]
BACKPORT-->
@kibanamachine kibanamachine added v8.18.0 and removed backport missing Added to PRs automatically when the are determined to be missing a backport. labels Jan 22, 2025
viduni94 pushed a commit to viduni94/kibana that referenced this pull request Jan 23, 2025
@seanrathier @viduni94
[Cloud Security] Default CSPM integration to use Agentless as the set…
a8d3d77 
…up technology. (elastic#205965)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Omolola-Akinleye Omolola-Akinleye Omolola-Akinleye approved these changes

@juliaElastic juliaElastic juliaElastic approved these changes

Assignees

@seanrathier seanrathier

Labels
backport:prev-minor Backport to (9.0) the previous minor version (i.e. one version back from main) ci:project-deploy-security Create a Security Serverless Project release_note:skip Skip the PR/issue when compiling release notes Team:Cloud Security Cloud Security team related Team:Fleet Team label for Observability Data Collection Fleet team v8.18.0 v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@seanrathier @elasticmachine @Omolola-Akinleye @kibanamachine @juliaElastic