- Hermit by Cashapp
- Elasticsearch with the default username & password (
elastic&changeme) running on the default port (http://localhost:9200) - Kibana with running on the default port (
http://localhost:5601) - Install and configure Elastic-Package (you may need to authenticate)
- Set up the local env:
- Install & activate hermit
curl -fsSL https://github.com/cashapp/hermit/releases/download/stable/install.sh | /bin/bash. ./bin/activate-hermit - Run setup env recipe
just setup-env
Note This will download and install hermit into
~/bin. You should add this to your$PATHif it isn't already. Also consider to review documentation for automatic shell & IDE integration for your setup of choice.
Load the elastic stack environment variables.
eval "$(elastic-package stack shellinit)"Build & deploy cloudbeat:
just build-deploy-cloudbeatExport AWS creds as env vars, kustomize will use these to populate your cloudbeat deployment.
$ export AWS_ACCESS_KEY="<YOUR_AWS_KEY>" AWS_SECRET_ACCESS_KEY="<YOUR_AWS_SECRET>"Set your default cluster to your EKS cluster
kubectl config use-context your-eks-clusterDeploy cloudbeat on your EKS cluster
just deploy-eks-cloudbeatIf you need to change the default values in the configuration(ES_HOST, ES_PORT, ES_USERNAME, ES_PASSWORD), you can also create the deployment file yourself.
Vanilla
just create-vanilla-deployment-fileEKS
just create-eks-deployment-fileTo validate check the logs:
just logs-cloudbeatNow go and check out the data on your Kibana!
To stop this example and clean up the pod, run:
just delete-cloudbeatBuild & Deploy remote debug docker:
just build-deploy-cloudbeat-debugAfter running the pod, expose the relevant ports:
just expose-portsThe app will wait for the debugger to connect before starting
just logs-cloudbeatUse your favorite IDE to connect to the debugger on localhost:40000 (for example Goland)
Skaffold is a CLI tool that enables continuous development for K8s applications. Skaffold will initiate a file-system watcher and will continuously deploy cloudbeat to a local or remote K8s cluster. The skaffold workflows are defined in the skaffold.yml file. Kustomize is used to overlay different config options. (current are cloudbeat vanilla & EKS)
Skaffold will initiate a watcher to build and re-deploy Cloudbeat every time a go file is saved and output logs to stdout
skaffold devExport AWS creds as env vars, Skaffold & kustomize will use these to populate your k8s deployment.
$ export AWS_ACCESS_KEY="<YOUR_AWS_KEY>" AWS_SECRET_ACCESS_KEY="<YOUR_AWS_SECRET>"A skaffold profile is configured for EKS, it can be activated via the following options
Specify the profile name using the -p flag
skaffold -p eks devexport the activation var prior to skaffold invocation, then proceed as usual.
export SKF_MODE="CB_EKS"
skaffold devSkaffold supports one-off commands (no continuous watcher) if you wish to build or deploy just once.
skaffold build
skaffold deployFull CLI reference can be found here
Cloudbeat is only supported on managed elastic-agents. It means, that in order to run the setup, you will be required to have a Kibana running. Create an agent policy and install the CSP integration. Now, when adding a new agent, you will get the K8s deployment instructions of elastic-agent.
Update cloudbeat settings on a running elastic-agent can be done by running the script. The script still requires a second step of trigerring the agent to re-run cloudbeat. This can be done on Fleet UI by changing the agent log level. Another option is through CLI on the agent by running
kill -9 `pidof cloudbeat`
To update your local configuration of cloudbeat and control it, use
mage configIn order to control the policy type you can pass the following environment variable
POLICY_TYPE=cloudbeat/cis_eks mage configThe default POLICY_TYPE is set to cloudbeat/cis_k8s on _meta/config/cloudbeat.common.yml.tmpl
see pre-commit package
- Install the package
brew install pre-commit - Then run
pre-commit install - Finally
pre-commit run --all-files --verbose
see editorconfig package
Cloudbeat has a various sets of tests. This guide should help to understand how the different test suites work, how they are used and how new tests are added.
In general there are two major test suites:
- Unit tests written in Go
- Integration tests written in Python
The tests written in Go use the Go Testing package. The tests written in Python depend on pytest and require a compiled and executable binary from the Go code. The python test run a beat with a specific config and params and either check if the output is as expected or if the correct things show up in the logs.
Integration tests in Beats are tests which require an external system like Elasticsearch to test if the integration with this service works as expected. Beats provides in its testsuite docker containers and docker-compose files to start these environments but a developer can run the required services also locally.
Cloudbeat uses mockery as its mocking test framework.
Mockery provides an easy way to generate mocks for golang interfaces.
Some tests use the new expecter interface the library provides. For example, given an interface such as
type Requester interface {
Get(path string) (string, error)
}You can use the type-safe expecter interface as such:
requesterMock := Requester{}
requesterMock.EXPECT().Get("some path").Return("result", nil)
requesterMock.EXPECT().
Get(mock.Anything).
Run(func(path string) { fmt.Println(path, "was called") }).
// Can still use return functions by getting the embedded mock.Call
Call.Return(func(path string) string { return "result for " + path }, nil)Notes
- Place the test in the same package as the code it meant to test.
- File name should be aligned with the convention
original_file_mock. For example: ecr_provider -> ecr_provider_mock.
Command example:
mockery --name=<interface_name> --with-expecter --case underscore --inpackage --recursive