Merge branch 'master' into arm-suppport

* master:
  Support fleet-server-service-token (elastic#1096)
  fix: use wider selector for ARM workers (elastic#1103)
  feat: bootstrap fleet-server for the deployment of regular elastic-agents (elastic#1078)
  fix: use proper variable name (elastic#1102)
  fix: branch_specifier is needed (elastic#1097)
  Move kubernetes/kubectl/kind code to internal project layout (elastic#1092)
  fix: update JJBB with proper values (elastic#1093)
  feat: support building centos/debian Docker images in multiplatform format (elastic#1091)
  Kubernetes autodiscover suite (elastic#1064)

.ci/.e2e-tests.yaml

@@ -18,9 +18,6 @@ SUITES:
       - name: "Fleet"
         pullRequestFilter: " && ~debian"
         tags: "fleet_mode_agent"
-      - name: "Fleet Server"
-        pullRequestFilter: " && ~debian"
-        tags: "fleet_server"
       - name: "Endpoint Integration"
         pullRequestFilter: " && ~debian"
         tags: "agent_endpoint_integration"
@@ -63,3 +60,13 @@ SUITES:
         tags: "integrations && redisenterprise"
       - name: "vSphere"
         tags: "integrations && vsphere"
+  - suite: "kubernetes-autodiscover"
+    platforms:
+      - "ubuntu-18.04"
+    scenarios:
+      - name: "kubernetes autodiscover with filebeat"
+        tags: "kubernetes-autodiscover && filebeat"
+      - name: "kubernetes autodiscover with heartbeat"
+        tags: "kubernetes-autodiscover && heartbeat"
+      - name: "kubernetes autodiscover with metricbeat"
+        tags: "kubernetes-autodiscover && metricbeat"

.ci/Jenkinsfile

@@ -50,8 +50,8 @@ pipeline {
     string(name: 'STACK_VERSION', defaultValue: '8.0.0-SNAPSHOT', description: 'SemVer version of the stack to be used for the tests.')
     string(name: 'HELM_CHART_VERSION', defaultValue: '7.11.2', description: 'SemVer version of Helm chart to be used.')
     string(name: 'HELM_VERSION', defaultValue: '3.5.2', description: 'SemVer version of Helm to be used.')
-    string(name: 'HELM_KIND_VERSION', defaultValue: '0.10.0', description: 'SemVer version of Kind to be used.')
-    string(name: 'HELM_KUBERNETES_VERSION', defaultValue: '1.18.2', description: 'SemVer version of Kubernetes to be used.')
+    string(name: 'KIND_VERSION', defaultValue: '0.10.0', description: 'SemVer version of Kind to be used.')
+    string(name: 'KUBERNETES_VERSION', defaultValue: '1.18.2', description: 'SemVer version of Kubernetes to be used.')
     string(name: 'GITHUB_CHECK_NAME', defaultValue: '', description: 'Name of the GitHub check to be updated. Only if this build is triggered from another parent stream.')
     string(name: 'GITHUB_CHECK_REPO', defaultValue: '', description: 'Name of the GitHub repo to be updated. Only if this build is triggered from another parent stream.')
     string(name: 'GITHUB_CHECK_SHA1', defaultValue: '', description: 'Git SHA for the Beats upstream project (branch or PR)')
@@ -76,8 +76,8 @@ pipeline {
         FORCE_SKIP_PRESUBMIT = "${params.forceSkipPresubmit}"
         HELM_CHART_VERSION = "${params.HELM_CHART_VERSION.trim()}"
         HELM_VERSION = "${params.HELM_VERSION.trim()}"
-        HELM_KIND_VERSION = "${params.HELM_KIND_VERSION.trim()}"
-        HELM_KUBERNETES_VERSION = "${params.HELM_KUBERNETES_VERSION.trim()}"
+        KIND_VERSION = "${params.KIND_VERSION.trim()}"
+        KUBERNETES_VERSION = "${params.KUBERNETES_VERSION.trim()}"
         LOG_LEVEL = "${params.LOG_LEVEL.trim()}"
         TIMEOUT_FACTOR = "${params.TIMEOUT_FACTOR.trim()}"
       }

.ci/build-docker-images.groovy

@@ -0,0 +1,102 @@
+#!/usr/bin/env groovy
+
+@Library('apm@current') _
+
+pipeline {
+  agent { label 'ubuntu-20' }
+  environment {
+    REPO = 'e2e-testing'
+    BASE_DIR = "src/github.com/elastic/${env.REPO}"
+    DOCKER_REGISTRY = 'docker.elastic.co'
+    DOCKER_ELASTIC_SECRET = 'secret/observability-team/ci/docker-registry/prod'
+    HOME = "${env.WORKSPACE}"
+    NOTIFY_TO = credentials('notify-to')
+    PIPELINE_LOG_LEVEL = 'INFO'
+    JOB_GIT_CREDENTIALS = "f6c7695a-671e-4f4f-a331-acdce44ff9ba"
+  }
+  options {
+    timeout(time: 1, unit: 'HOURS')
+    buildDiscarder(logRotator(numToKeepStr: '20', artifactNumToKeepStr: '20'))
+    timestamps()
+    ansiColor('xterm')
+    disableResume()
+    durabilityHint('PERFORMANCE_OPTIMIZED')
+    rateLimitBuilds(throttle: [count: 60, durationName: 'hour', userBoost: true])
+    quietPeriod(10)
+  }
+  parameters {
+    string(name: 'BRANCH_SPECIFIER', defaultValue: 'master', description: 'It would not be defined on the first build, see JENKINS-41929.')
+  }
+  triggers {
+    cron 'H H(4-5) * * 1-5'
+  }
+  stages {
+    stage('Checkout') {
+      environment {
+        // Parameters will be empty for the very first build, setting an environment variable
+        // with the same name will workaround the issue. see JENKINS-41929
+        BRANCH_SPECIFIER = "${params?.BRANCH_SPECIFIER}"
+      }
+      steps {
+        deleteDir()
+        gitCheckout(basedir: "${BASE_DIR}",
+          branch: "${env.BRANCH_SPECIFIER}",
+          repo: "https://github.com/elastic/${REPO}.git",
+          credentialsId: "${JOB_GIT_CREDENTIALS}"
+        )
+        stash allowEmpty: true, name: 'source', useDefaultExcludes: false
+      }
+    }
+    stage('Build AMD Docker images'){
+      agent { label 'ubuntu-20 && immutable && docker' }
+      environment {
+        HOME = "${env.WORKSPACE}/${BASE_DIR}"
+      }
+      steps {
+        deleteDir()
+        unstash 'source'
+        dockerLogin(secret: "${DOCKER_ELASTIC_SECRET}", registry: "${DOCKER_REGISTRY}")
+        dir("${BASE_DIR}") {
+          withEnv(["ARCH=amd64"]) {
+            sh(label: 'Build AMD images', script: '.ci/scripts/build-docker-images.sh')
+          }
+        }
+      }
+    }
+    stage('Build ARM Docker images'){
+      agent { label 'arm' }
+      environment {
+        HOME = "${env.WORKSPACE}/${BASE_DIR}"
+      }
+      steps {
+        deleteDir()
+        unstash 'source'
+        dockerLogin(secret: "${DOCKER_ELASTIC_SECRET}", registry: "${DOCKER_REGISTRY}")
+        dir("${BASE_DIR}") {
+          withEnv(["ARCH=arm64"]) {
+            sh(label: 'Build ARM images', script: '.ci/scripts/build-docker-images.sh')
+          }
+        }
+      }
+    }
+    stage('Push multiplatform manifest'){
+      agent { label 'ubuntu-20 && immutable && docker' }
+      environment {
+        HOME = "${env.WORKSPACE}/${BASE_DIR}"
+      }
+      steps {
+        deleteDir()
+        unstash 'source'
+        dockerLogin(secret: "${DOCKER_ELASTIC_SECRET}", registry: "${DOCKER_REGISTRY}")
+        dir("${BASE_DIR}") {
+          sh(label: 'Push multiplatform manifest', script: '.ci/scripts/push-multiplatform-manifest.sh')
+        }
+      }
+    }
+  }
+  post {
+    cleanup {
+      notifyBuildResult()
+    }
+  }
+}

.ci/docker/centos-systemd/Dockerfile

@@ -0,0 +1,18 @@
+FROM centos:7
+
+ENV container docker
+
+LABEL maintainer="manuel.delapena@elastic.co"
+
+RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
+rm -f /lib/systemd/system/multi-user.target.wants/*;\
+rm -f /etc/systemd/system/*.wants/*;\
+rm -f /lib/systemd/system/local-fs.target.wants/*; \
+rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+rm -f /lib/systemd/system/basic.target.wants/*;\
+rm -f /lib/systemd/system/anaconda.target.wants/*;
+
+VOLUME [ "/sys/fs/cgroup" ]
+
+CMD ["/usr/sbin/init"]

.ci/docker/debian-systemd/Dockerfile

@@ -0,0 +1,141 @@
+# This file is part of docker-debian-systemd.
+#
+# Copyright (c)
+#   2018-2019 Alexander Haase <ahaase@alexhaase.de>
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+# This image bases on the regular Debian image. By default the 'latest' tag
+# (pointing to the current stable release) of the parent image will be used.
+# However, an alternate parent tag may be set by defining the 'TAG' build
+# argument to a specific Debian release, e.g. 'stretch' or 'buster'.
+ARG  TAG=latest
+FROM debian:${TAG}
+LABEL maintainer="manuel.delapena@elastic.co"
+
+# Configure the debconf frontend.
+#
+# This image doesn't include whiptail, dialog, nor the readline perl module.
+# Therefore, the debconf frontend will be set to 'teletype' to avoid error
+# messages about no dialog frontend could be found.
+RUN echo 'debconf debconf/frontend select teletype' | debconf-set-selections
+
+
+# Install the necessary packages.
+#
+# In addition to the regular Debian base image, a BASIC set of packages from the
+# Debian minimal configuration will be installed. After all packages have been
+# installed, the apt caches and some log files will be removed to minimize the
+# image.
+#
+# NOTE: An upgrade will be performed to include updates and security fixes of
+#       installed packages that received updates in the Debian repository after
+#       the upstream image has been created.
+#
+# NOTE: No syslog daemon will be installed, as systemd's journald should fit
+#       most needs. Please file an issue if you think this should be changed.
+RUN apt-get update
+RUN apt-get dist-upgrade -y
+RUN apt-get install -y --no-install-recommends \
+        systemd      \
+        systemd-sysv \
+        cron         \
+        anacron
+
+RUN apt-get clean
+RUN rm -rf                        \
+    /var/lib/apt/lists/*          \
+    /var/log/alternatives.log     \
+    /var/log/apt/history.log      \
+    /var/log/apt/term.log         \
+    /var/log/dpkg.log
+
+
+# Configure systemd.
+#
+# For running systemd inside a Docker container, some additional tweaks are
+# required. For a detailed list see:
+#
+# https://developers.redhat.com/blog/2016/09/13/ \
+#   running-systemd-in-a-non-privileged-container/
+#
+# Additional tweaks will be applied in the final image below.
+
+# To avoid ugly warnings when running this image on a host running systemd, the
+# following units will be masked.
+#
+# NOTE: This will not remove ALL warnings in all Debian releases, but seems to
+#       work for stretch.
+RUN systemctl mask --   \
+    dev-hugepages.mount \
+    sys-fs-fuse-connections.mount
+
+# The machine-id should be generated when creating the container. This will be
+# done automatically if the file is not present, so let's delete it.
+RUN rm -f           \
+    /etc/machine-id \
+    /var/lib/dbus/machine-id
+
+
+
+
+# Build the final image.
+#
+# To get a minimal image without deleted files in intermediate layers, the
+# contents of the image previously built will be copied into a second version of
+# the parent image.
+#
+# NOTE: This method requires buildkit, as the differ of buildkit will copy
+#       changed files only and we'll get a minimal image with just the changed
+#       files in a single new layer.
+#
+# NOTE: All settings related to the image's environment (e.g. CMD, ENV and
+#       VOLUME settings) need to be set in the following image definition to be
+#       used by child images and containers.
+
+FROM debian:${TAG}
+COPY --from=0 / /
+
+
+# Configure systemd.
+#
+# For running systemd inside a Docker container, some additional tweaks are
+# required. Some of them have already been applied above.
+#
+# The 'container' environment variable tells systemd that it's running inside a
+# Docker container environment.
+ENV container docker
+
+# A different stop signal is required, so systemd will initiate a shutdown when
+# running 'docker stop <container>'.
+STOPSIGNAL SIGRTMIN+3
+
+# The host's cgroup filesystem need's to be mounted (read-only) in the
+# container. '/run', '/run/lock' and '/tmp' need to be tmpfs filesystems when
+# running the container without 'CAP_SYS_ADMIN'.
+#
+# NOTE: For running Debian stretch, 'CAP_SYS_ADMIN' still needs to be added, as
+#       stretch's version of systemd is not recent enough. Buster will run just
+#       fine without 'CAP_SYS_ADMIN'.
+VOLUME [ "/sys/fs/cgroup", "/run", "/run/lock", "/tmp" ]
+
+# As this image should run systemd, the default command will be changed to start
+# the init system. CMD will be preferred in favor of ENTRYPOINT, so one may
+# override it when creating the container to e.g. to run a bash console instead.
+CMD [ "/sbin/init" ]

.ci/jobs/build-docker-images.yml

@@ -0,0 +1,20 @@
+---
+- job:
+    name: e2e-tests/build-docker-images
+    display-name: E2E Tests Docker images
+    description: Job to pre-build docker images used in E2E tests.
+    view: Beats
+    project-type: pipeline
+    pipeline-scm:
+      script-path: .ci/build-docker-images.groovy
+      scm:
+        - git:
+            url: git@github.com:elastic/e2e-testing.git
+            refspec: +refs/heads/*:refs/remotes/origin/*
+            wipe-workspace: true
+            name: origin
+            shallow-clone: true
+            credentials-id: f6c7695a-671e-4f4f-a331-acdce44ff9ba
+            reference-repo: /var/lib/jenkins/.git-references/e2e-testing.git
+            branches:
+              - master

.ci/scripts/build-docker-images.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+## Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+## or more contributor license agreements. Licensed under the Elastic License;
+## you may not use this file except in compliance with the Elastic License.
+
+set -euxo pipefail
+
+ARCH="${ARCH:-amd64}"
+
+readonly ELASTIC_REGISTRY="docker.elastic.co"
+readonly OBSERVABILITY_CI_REGISTRY="${ELASTIC_REGISTRY}/observability-ci"
+
+main() {
+  _build_and_push "centos-systemd"
+  _build_and_push "debian-systemd"
+}
+
+_build_and_push() {
+  local image="${1}"
+
+  local platformSpecificImage="${OBSERVABILITY_CI_REGISTRY}/${image}-${ARCH}:latest"
+
+  docker build -t ${platformSpecificImage} .ci/docker/${image}
+
+  docker push ${platformSpecificImage}
+}
+
+main "$@"

.ci/scripts/install-helm-test-dependencies.sh

@@ -10,8 +10,8 @@ set -euxo pipefail
 #
 # Parameters:
 #   - HELM_VERSION - that's the Helm version which will be installed and enabled.
-#   - HELM_KIND_VERSION - that's the Kind version which will be installed and enabled.
-#   - HELM_KUBERNETES_VERSION - that's the Kubernetes version which will be installed and enabled.
+#   - KIND_VERSION - that's the Kind version which will be installed and enabled.
+#   - KUBERNETES_VERSION - that's the Kubernetes version which will be installed and enabled.
 #
 
 GOARCH=${GOARCH:-"amd64"}
@@ -20,20 +20,20 @@ HOME=${HOME:?$MSG}
 
 HELM_VERSION="${HELM_VERSION:-"3.5.2"}"
 HELM_TAR_GZ_FILE="helm-v${HELM_VERSION}-linux-${GOARCH}.tar.gz"
-HELM_KIND_VERSION="v${HELM_KIND_VERSION:-"0.10.0"}"
-HELM_KUBERNETES_VERSION="${HELM_KUBERNETES_VERSION:-"1.18.2"}"
+KIND_VERSION="v${KIND_VERSION:-"0.10.0"}"
+KUBERNETES_VERSION="${KUBERNETES_VERSION:-"1.18.2"}"
 
 HELM_CMD="${HOME}/bin/helm"
 KBC_CMD="${HOME}/bin/kubectl"
 
 # Install kind as a Go binary
-GOARCH=${GOARCH} GO111MODULE="on" go get sigs.k8s.io/kind@${HELM_KIND_VERSION}
+GOARCH=${GOARCH} GO111MODULE="on" go get sigs.k8s.io/kind@${KIND_VERSION}
 
 mkdir -p "${HOME}/bin" "${HOME}/.kube"
 touch "${HOME}/.kube/config"
 
 # Install kubectl
-curl -sSLo "${KBC_CMD}" "https://storage.googleapis.com/kubernetes-release/release/v${HELM_KUBERNETES_VERSION}/bin/linux/${GOARCH}/kubectl"
+curl -sSLo "${KBC_CMD}" "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/${GOARCH}/kubectl"
 chmod +x "${KBC_CMD}"
 ${KBC_CMD} version --client