-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability for users to download EPR image with a subset of integrations #724
Comments
It will use the Package Registry base image (just the application) and let use select (with checkboxes?) integrations they like to have.
|
I don't think we should allow users to create any combination of images. This will require a complex build system and will make support cases more complex as it is not clear what registry is exactly used. I would also challenge if this is really the flexibility users want. Instead we should offer a 2, max 3 variants for users.
If someone runs his own registry, one thing that can always be done is running the minimal version and "mount" the necessary packages in. What exactly is the security concern around the packages? If an admin does not want the users to install certain packages this could also be solved on the Fleet side to have an "allow list" of packages or similar. Then it would be a feature that everyone can use. |
Come on, nobody will play with mounting packages if they are deploying on the Kubernetes cluster. BTW baking it on their own = we do not support it (unless you will use a creator tool we deliver) |
It's not just about security. Elastic stack admins want to have an understanding of and control over what packages are hosted and used for various reasons. "Allow list" on the Fleet side is a great idea but that would not reduce the size of the image which would be a more critical requirement now that we are planning to host ML packages too. In my opinion, either we should provide a few supported variants as @ruflin mentioned or we should provide a creator tool as @mtojek explained. |
I would love to see this. A good solution for this might be to take the grafana route: Something like:
And then the resulting image is a much smaller image with only the desired integrations. |
Today, the boxed distribution of EPR for air-gapped environments contains all the integrations. In some cases, admins of Elastic deployments may want to ignore some integrations due to security concerns or the size of the EPR image. The ask here is to add support for “streamlined” EPR builds where we let the customer select which integrations and versions they need to host offline/air-gapped.
The text was updated successfully, but these errors were encountered: