string | |
| [className](./kibana-plugin-core-public.overlaymodalopenoptions.classname.md) | string | |
| [closeButtonAriaLabel](./kibana-plugin-core-public.overlaymodalopenoptions.closebuttonarialabel.md) | string | |
+| [maxWidth](./kibana-plugin-core-public.overlaymodalopenoptions.maxwidth.md) | boolean | number | string | |
diff --git a/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.embeddablestatetransfer.cleareditorstate.md b/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.embeddablestatetransfer.cleareditorstate.md
index 034f9c70e389f..d5a8ec311df31 100644
--- a/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.embeddablestatetransfer.cleareditorstate.md
+++ b/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.embeddablestatetransfer.cleareditorstate.md
@@ -9,7 +9,7 @@ Clears the [editor state](./kibana-plugin-plugins-embeddable-public.embeddableed
Signature:
```typescript
-clearEditorState(appId: string): void;
+clearEditorState(appId?: string): void;
```
## Parameters
diff --git a/src/core/public/overlays/modal/modal_service.tsx b/src/core/public/overlays/modal/modal_service.tsx
index ecc80b8b6aa04..1f96e00fef0f8 100644
--- a/src/core/public/overlays/modal/modal_service.tsx
+++ b/src/core/public/overlays/modal/modal_service.tsx
@@ -101,6 +101,7 @@ export interface OverlayModalOpenOptions {
className?: string;
closeButtonAriaLabel?: string;
'data-test-subj'?: string;
+ maxWidth?: boolean | number | string;
}
interface StartDeps {
diff --git a/src/core/public/public.api.md b/src/core/public/public.api.md
index f646972a20f8d..8ee530f5a04e8 100644
--- a/src/core/public/public.api.md
+++ b/src/core/public/public.api.md
@@ -979,6 +979,8 @@ export interface OverlayModalOpenOptions {
className?: string;
// (undocumented)
closeButtonAriaLabel?: string;
+ // (undocumented)
+ maxWidth?: boolean | number | string;
}
// @public
diff --git a/src/dev/build/tasks/os_packages/create_os_package_tasks.ts b/src/dev/build/tasks/os_packages/create_os_package_tasks.ts
index e18460d65a3d0..e37a61582c6a8 100644
--- a/src/dev/build/tasks/os_packages/create_os_package_tasks.ts
+++ b/src/dev/build/tasks/os_packages/create_os_package_tasks.ts
@@ -54,15 +54,13 @@ export const CreateDockerCentOS: Task = {
async run(config, log, build) {
await runDockerGenerator(config, log, build, {
- ubi: false,
- context: false,
architecture: 'x64',
+ context: false,
image: true,
});
await runDockerGenerator(config, log, build, {
- ubi: false,
- context: false,
architecture: 'aarch64',
+ context: false,
image: true,
});
},
@@ -74,9 +72,9 @@ export const CreateDockerUBI: Task = {
async run(config, log, build) {
if (!build.isOss()) {
await runDockerGenerator(config, log, build, {
- ubi: true,
- context: false,
architecture: 'x64',
+ context: false,
+ ubi: true,
image: true,
});
}
@@ -88,7 +86,6 @@ export const CreateDockerContexts: Task = {
async run(config, log, build) {
await runDockerGenerator(config, log, build, {
- ubi: false,
context: true,
image: false,
});
@@ -99,6 +96,11 @@ export const CreateDockerContexts: Task = {
context: true,
image: false,
});
+ await runDockerGenerator(config, log, build, {
+ ironbank: true,
+ context: true,
+ image: false,
+ });
}
},
};
diff --git a/src/dev/build/tasks/os_packages/docker_generator/bundle_dockerfiles.ts b/src/dev/build/tasks/os_packages/docker_generator/bundle_dockerfiles.ts
index 7eeeaebe6e4be..a633e919cc5db 100644
--- a/src/dev/build/tasks/os_packages/docker_generator/bundle_dockerfiles.ts
+++ b/src/dev/build/tasks/os_packages/docker_generator/bundle_dockerfiles.ts
@@ -7,18 +7,18 @@
*/
import { resolve } from 'path';
+import { readFileSync } from 'fs';
import { ToolingLog } from '@kbn/dev-utils';
+import Mustache from 'mustache';
import { compressTar, copyAll, mkdirp, write, Config } from '../../../lib';
import { dockerfileTemplate } from './templates';
import { TemplateContext } from './template_context';
export async function bundleDockerFiles(config: Config, log: ToolingLog, scope: TemplateContext) {
- log.info(
- `Generating kibana${scope.imageFlavor}${scope.ubiImageFlavor} docker build context bundle`
- );
- const dockerFilesDirName = `kibana${scope.imageFlavor}${scope.ubiImageFlavor}-${scope.version}-docker-build-context`;
+ log.info(`Generating kibana${scope.imageFlavor} docker build context bundle`);
+ const dockerFilesDirName = `kibana${scope.imageFlavor}-${scope.version}-docker-build-context`;
const dockerFilesBuildDir = resolve(scope.dockerBuildDir, dockerFilesDirName);
const dockerFilesOutputDir = config.resolveFromTarget(`${dockerFilesDirName}.tar.gz`);
@@ -38,6 +38,17 @@ export async function bundleDockerFiles(config: Config, log: ToolingLog, scope:
// dockerfiles folder
await copyAll(resolve(scope.dockerBuildDir, 'bin'), resolve(dockerFilesBuildDir, 'bin'));
await copyAll(resolve(scope.dockerBuildDir, 'config'), resolve(dockerFilesBuildDir, 'config'));
+ if (scope.ironbank) {
+ await copyAll(resolve(scope.dockerBuildDir), resolve(dockerFilesBuildDir), {
+ select: ['LICENSE'],
+ });
+ const templates = ['hardening_manifest.yml', 'README.md'];
+ for (const template of templates) {
+ const file = readFileSync(resolve(__dirname, 'templates/ironbank', template));
+ const output = Mustache.render(file.toString(), scope);
+ await write(resolve(dockerFilesBuildDir, template), output);
+ }
+ }
// Compress dockerfiles dir created inside
// docker build dir as output it as a target
diff --git a/src/dev/build/tasks/os_packages/docker_generator/resources/bin/kibana-docker b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
similarity index 100%
rename from src/dev/build/tasks/os_packages/docker_generator/resources/bin/kibana-docker
rename to src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
diff --git a/src/dev/build/tasks/os_packages/docker_generator/resources/ironbank/LICENSE b/src/dev/build/tasks/os_packages/docker_generator/resources/ironbank/LICENSE
new file mode 100644
index 0000000000000..632c3abe22e9b
--- /dev/null
+++ b/src/dev/build/tasks/os_packages/docker_generator/resources/ironbank/LICENSE
@@ -0,0 +1,280 @@
+ELASTIC LICENSE AGREEMENT
+
+PLEASE READ CAREFULLY THIS ELASTIC LICENSE AGREEMENT (THIS "AGREEMENT"), WHICH
+CONSTITUTES A LEGALLY BINDING AGREEMENT AND GOVERNS ALL OF YOUR USE OF ALL OF
+THE ELASTIC SOFTWARE WITH WHICH THIS AGREEMENT IS INCLUDED ("ELASTIC SOFTWARE")
+THAT IS PROVIDED IN OBJECT CODE FORMAT, AND, IN ACCORDANCE WITH SECTION 2 BELOW,
+CERTAIN OF THE ELASTIC SOFTWARE THAT IS PROVIDED IN SOURCE CODE FORMAT. BY
+INSTALLING OR USING ANY OF THE ELASTIC SOFTWARE GOVERNED BY THIS AGREEMENT, YOU
+ARE ASSENTING TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE
+WITH SUCH TERMS AND CONDITIONS, YOU MAY NOT INSTALL OR USE THE ELASTIC SOFTWARE
+GOVERNED BY THIS AGREEMENT. IF YOU ARE INSTALLING OR USING THE SOFTWARE ON
+BEHALF OF A LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE THE ACTUAL
+AUTHORITY TO AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT ON BEHALF OF
+SUCH ENTITY.
+
+Posted Date: April 20, 2018
+
+This Agreement is entered into by and between Elasticsearch BV ("Elastic") and
+You, or the legal entity on behalf of whom You are acting (as applicable,
+"You").
+
+1. OBJECT CODE END USER LICENSES, RESTRICTIONS AND THIRD PARTY OPEN SOURCE
+SOFTWARE
+
+ 1.1 Object Code End User License. Subject to the terms and conditions of
+ Section 1.2 of this Agreement, Elastic hereby grants to You, AT NO CHARGE and
+ for so long as you are not in breach of any provision of this Agreement, a
+ License to the Basic Features and Functions of the Elastic Software.
+
+ 1.2 Reservation of Rights; Restrictions. As between Elastic and You, Elastic
+ and its licensors own all right, title and interest in and to the Elastic
+ Software, and except as expressly set forth in Sections 1.1, and 2.1 of this
+ Agreement, no other license to the Elastic Software is granted to You under
+ this Agreement, by implication, estoppel or otherwise. You agree not to: (i)
+ reverse engineer or decompile, decrypt, disassemble or otherwise reduce any
+ Elastic Software provided to You in Object Code, or any portion thereof, to
+ Source Code, except and only to the extent any such restriction is prohibited
+ by applicable law, (ii) except as expressly permitted in this Agreement,
+ prepare derivative works from, modify, copy or use the Elastic Software Object
+ Code or the Commercial Software Source Code in any manner; (iii) except as
+ expressly permitted in Section 1.1 above, transfer, sell, rent, lease,
+ distribute, sublicense, loan or otherwise transfer, Elastic Software Object
+ Code, in whole or in part, to any third party; (iv) use Elastic Software
+ Object Code for providing time-sharing services, any software-as-a-service,
+ service bureau services or as part of an application services provider or
+ other service offering (collectively, "SaaS Offering") where obtaining access
+ to the Elastic Software or the features and functions of the Elastic Software
+ is a primary reason or substantial motivation for users of the SaaS Offering
+ to access and/or use the SaaS Offering ("Prohibited SaaS Offering"); (v)
+ circumvent the limitations on use of Elastic Software provided to You in
+ Object Code format that are imposed or preserved by any License Key, or (vi)
+ alter or remove any Marks and Notices in the Elastic Software. If You have any
+ question as to whether a specific SaaS Offering constitutes a Prohibited SaaS
+ Offering, or are interested in obtaining Elastic's permission to engage in
+ commercial or non-commercial distribution of the Elastic Software, please
+ contact elastic_license@elastic.co.
+
+ 1.3 Third Party Open Source Software. The Commercial Software may contain or
+ be provided with third party open source libraries, components, utilities and
+ other open source software (collectively, "Open Source Software"), which Open
+ Source Software may have applicable license terms as identified on a website
+ designated by Elastic. Notwithstanding anything to the contrary herein, use of
+ the Open Source Software shall be subject to the license terms and conditions
+ applicable to such Open Source Software, to the extent required by the
+ applicable licensor (which terms shall not restrict the license rights granted
+ to You hereunder, but may contain additional rights). To the extent any
+ condition of this Agreement conflicts with any license to the Open Source
+ Software, the Open Source Software license will govern with respect to such
+ Open Source Software only. Elastic may also separately provide you with
+ certain open source software that is licensed by Elastic. Your use of such
+ Elastic open source software will not be governed by this Agreement, but by
+ the applicable open source license terms.
+
+2. COMMERCIAL SOFTWARE SOURCE CODE
+
+ 2.1 Limited License. Subject to the terms and conditions of Section 2.2 of
+ this Agreement, Elastic hereby grants to You, AT NO CHARGE and for so long as
+ you are not in breach of any provision of this Agreement, a limited,
+ non-exclusive, non-transferable, fully paid up royalty free right and license
+ to the Commercial Software in Source Code format, without the right to grant
+ or authorize sublicenses, to prepare Derivative Works of the Commercial
+ Software, provided You (i) do not hack the licensing mechanism, or otherwise
+ circumvent the intended limitations on the use of Elastic Software to enable
+ features other than Basic Features and Functions or those features You are
+ entitled to as part of a Subscription, and (ii) use the resulting object code
+ only for reasonable testing purposes.
+
+ 2.2 Restrictions. Nothing in Section 2.1 grants You the right to (i) use the
+ Commercial Software Source Code other than in accordance with Section 2.1
+ above, (ii) use a Derivative Work of the Commercial Software outside of a
+ Non-production Environment, in any production capacity, on a temporary or
+ permanent basis, or (iii) transfer, sell, rent, lease, distribute, sublicense,
+ loan or otherwise make available the Commercial Software Source Code, in whole
+ or in part, to any third party. Notwithstanding the foregoing, You may
+ maintain a copy of the repository in which the Source Code of the Commercial
+ Software resides and that copy may be publicly accessible, provided that you
+ include this Agreement with Your copy of the repository.
+
+3. TERMINATION
+
+ 3.1 Termination. This Agreement will automatically terminate, whether or not
+ You receive notice of such Termination from Elastic, if You breach any of its
+ provisions.
+
+ 3.2 Post Termination. Upon any termination of this Agreement, for any reason,
+ You shall promptly cease the use of the Elastic Software in Object Code format
+ and cease use of the Commercial Software in Source Code format. For the
+ avoidance of doubt, termination of this Agreement will not affect Your right
+ to use Elastic Software, in either Object Code or Source Code formats, made
+ available under the Apache License Version 2.0.
+
+ 3.3 Survival. Sections 1.2, 2.2. 3.3, 4 and 5 shall survive any termination or
+ expiration of this Agreement.
+
+4. DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY
+
+ 4.1 Disclaimer of Warranties. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE
+ LAW, THE ELASTIC SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
+ AND ELASTIC AND ITS LICENSORS MAKE NO WARRANTIES WHETHER EXPRESSED, IMPLIED OR
+ STATUTORY REGARDING OR RELATING TO THE ELASTIC SOFTWARE. TO THE MAXIMUM EXTENT
+ PERMITTED UNDER APPLICABLE LAW, ELASTIC AND ITS LICENSORS SPECIFICALLY
+ DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ PURPOSE AND NON-INFRINGEMENT WITH RESPECT TO THE ELASTIC SOFTWARE, AND WITH
+ RESPECT TO THE USE OF THE FOREGOING. FURTHER, ELASTIC DOES NOT WARRANT RESULTS
+ OF USE OR THAT THE ELASTIC SOFTWARE WILL BE ERROR FREE OR THAT THE USE OF THE
+ ELASTIC SOFTWARE WILL BE UNINTERRUPTED.
+
+ 4.2 Limitation of Liability. IN NO EVENT SHALL ELASTIC OR ITS LICENSORS BE
+ LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT OR INDIRECT DAMAGES,
+ INCLUDING, WITHOUT LIMITATION, FOR ANY LOSS OF PROFITS, LOSS OF USE, BUSINESS
+ INTERRUPTION, LOSS OF DATA, COST OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY
+ SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND, IN CONNECTION WITH
+ OR ARISING OUT OF THE USE OR INABILITY TO USE THE ELASTIC SOFTWARE, OR THE
+ PERFORMANCE OF OR FAILURE TO PERFORM THIS AGREEMENT, WHETHER ALLEGED AS A
+ BREACH OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN IF ELASTIC
+ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+5. MISCELLANEOUS
+
+ This Agreement completely and exclusively states the entire agreement of the
+ parties regarding the subject matter herein, and it supersedes, and its terms
+ govern, all prior proposals, agreements, or other communications between the
+ parties, oral or written, regarding such subject matter. This Agreement may be
+ modified by Elastic from time to time, and any such modifications will be
+ effective upon the "Posted Date" set forth at the top of the modified
+ Agreement. If any provision hereof is held unenforceable, this Agreement will
+ continue without said provision and be interpreted to reflect the original
+ intent of the parties. This Agreement and any non-contractual obligation
+ arising out of or in connection with it, is governed exclusively by Dutch law.
+ This Agreement shall not be governed by the 1980 UN Convention on Contracts
+ for the International Sale of Goods. All disputes arising out of or in
+ connection with this Agreement, including its existence and validity, shall be
+ resolved by the courts with jurisdiction in Amsterdam, The Netherlands, except
+ where mandatory law provides for the courts at another location in The
+ Netherlands to have jurisdiction. The parties hereby irrevocably waive any and
+ all claims and defenses either might otherwise have in any such action or
+ proceeding in any of such courts based upon any alleged lack of personal
+ jurisdiction, improper venue, forum non conveniens or any similar claim or
+ defense. A breach or threatened breach, by You of Section 2 may cause
+ irreparable harm for which damages at law may not provide adequate relief, and
+ therefore Elastic shall be entitled to seek injunctive relief without being
+ required to post a bond. You may not assign this Agreement (including by
+ operation of law in connection with a merger or acquisition), in whole or in
+ part to any third party without the prior written consent of Elastic, which
+ may be withheld or granted by Elastic in its sole and absolute discretion.
+ Any assignment in violation of the preceding sentence is void. Notices to
+ Elastic may also be sent to legal@elastic.co.
+
+6. DEFINITIONS
+
+ The following terms have the meanings ascribed:
+
+ 6.1 "Affiliate" means, with respect to a party, any entity that controls, is
+ controlled by, or which is under common control with, such party, where
+ "control" means ownership of at least fifty percent (50%) of the outstanding
+ voting shares of the entity, or the contractual right to establish policy for,
+ and manage the operations of, the entity.
+
+ 6.2 "Basic Features and Functions" means those features and functions of the
+ Elastic Software that are eligible for use under a Basic license, as set forth
+ at https://www.elastic.co/subscriptions, as may be modified by Elastic from
+ time to time.
+
+ 6.3 "Commercial Software" means the Elastic Software Source Code in any file
+ containing a header stating the contents are subject to the Elastic License or
+ which is contained in the repository folder labeled "x-pack", unless a LICENSE
+ file present in the directory subtree declares a different license.
+
+ 6.4 "Derivative Work of the Commercial Software" means, for purposes of this
+ Agreement, any modification(s) or enhancement(s) to the Commercial Software,
+ which represent, as a whole, an original work of authorship.
+
+ 6.5 "License" means a limited, non-exclusive, non-transferable, fully paid up,
+ royalty free, right and license, without the right to grant or authorize
+ sublicenses, solely for Your internal business operations to (i) install and
+ use the applicable Features and Functions of the Elastic Software in Object
+ Code, and (ii) permit Contractors and Your Affiliates to use the Elastic
+ software as set forth in (i) above, provided that such use by Contractors must
+ be solely for Your benefit and/or the benefit of Your Affiliates, and You
+ shall be responsible for all acts and omissions of such Contractors and
+ Affiliates in connection with their use of the Elastic software that are
+ contrary to the terms and conditions of this Agreement.
+
+ 6.6 "License Key" means a sequence of bytes, including but not limited to a
+ JSON blob, that is used to enable certain features and functions of the
+ Elastic Software.
+
+ 6.7 "Marks and Notices" means all Elastic trademarks, trade names, logos and
+ notices present on the Documentation as originally provided by Elastic.
+
+ 6.8 "Non-production Environment" means an environment for development, testing
+ or quality assurance, where software is not used for production purposes.
+
+ 6.9 "Object Code" means any form resulting from mechanical transformation or
+ translation of Source Code form, including but not limited to compiled object
+ code, generated documentation, and conversions to other media types.
+
+ 6.10 "Source Code" means the preferred form of computer software for making
+ modifications, including but not limited to software source code,
+ documentation source, and configuration files.
+
+ 6.11 "Subscription" means the right to receive Support Services and a License
+ to the Commercial Software.
+
+
+GOVERNMENT END USER ADDENDUM TO THE ELASTIC LICENSE AGREEMENT
+
+ This ADDENDUM TO THE ELASTIC LICENSE AGREEMENT (this "Addendum") applies
+only to U.S. Federal Government, State Government, and Local Government
+entities ("Government End Users") of the Elastic Software. This Addendum is
+subject to, and hereby incorporated into, the Elastic License Agreement,
+which is being entered into as of even date herewith, by Elastic and You (the
+"Agreement"). This Addendum sets forth additional terms and conditions
+related to Your use of the Elastic Software. Capitalized terms not defined in
+this Addendum have the meaning set forth in the Agreement.
+
+ 1. LIMITED LICENSE TO DISTRIBUTE (DSOP ONLY). Subject to the terms and
+conditions of the Agreement (including this Addendum), Elastic grants the
+Department of Defense Enterprise DevSecOps Initiative (DSOP) a royalty-free,
+non-exclusive, non-transferable, limited license to reproduce and distribute
+the Elastic Software solely through a software distribution repository
+controlled and managed by DSOP, provided that DSOP: (i) distributes the
+Elastic Software complete and unmodified, inclusive of the Agreement
+(including this Addendum) and (ii) does not remove or alter any proprietary
+legends or notices contained in the Elastic Software.
+
+ 2. CHOICE OF LAW. The choice of law and venue provisions set forth shall
+prevail over those set forth in Section 5 of the Agreement.
+
+ "For U.S. Federal Government Entity End Users. This Agreement and any
+ non-contractual obligation arising out of or in connection with it, is
+ governed exclusively by U.S. Federal law. To the extent permitted by
+ federal law, the laws of the State of Delaware (excluding Delaware choice
+ of law rules) will apply in the absence of applicable federal law.
+
+ For State and Local Government Entity End Users. This Agreement and any
+ non-contractual obligation arising out of or in connection with it, is
+ governed exclusively by the laws of the state in which you are located
+ without reference to conflict of laws. Furthermore, the Parties agree that
+ the Uniform Computer Information Transactions Act or any version thereof,
+ adopted by any state in any form ('UCITA'), shall not apply to this
+ Agreement and, to the extent that UCITA is applicable, the Parties agree to
+ opt out of the applicability of UCITA pursuant to the opt-out provision(s)
+ contained therein."
+
+ 3. ELASTIC LICENSE MODIFICATION. Section 5 of the Agreement is hereby
+amended to replace
+
+ "This Agreement may be modified by Elastic from time to time, and any
+ such modifications will be effective upon the "Posted Date" set forth at
+ the top of the modified Agreement."
+
+ with:
+
+ "This Agreement may be modified by Elastic from time to time; provided,
+ however, that any such modifications shall apply only to Elastic Software
+ that is installed after the "Posted Date" set forth at the top of the
+ modified Agreement."
+
+V100820.0
diff --git a/src/dev/build/tasks/os_packages/docker_generator/run.ts b/src/dev/build/tasks/os_packages/docker_generator/run.ts
index 18c04b0428afa..21d2582f205f3 100644
--- a/src/dev/build/tasks/os_packages/docker_generator/run.ts
+++ b/src/dev/build/tasks/os_packages/docker_generator/run.ts
@@ -12,6 +12,7 @@ import { promisify } from 'util';
import { ToolingLog } from '@kbn/dev-utils';
+import { branch } from '../../../../../../package.json';
import { write, copyAll, mkdirp, exec, Config, Build } from '../../../lib';
import * as dockerTemplates from './templates';
import { TemplateContext } from './template_context';
@@ -30,21 +31,26 @@ export async function runDockerGenerator(
architecture?: string;
context: boolean;
image: boolean;
- ubi: boolean;
+ ubi?: boolean;
+ ironbank?: boolean;
}
) {
// UBI var config
const baseOSImage = flags.ubi ? 'docker.elastic.co/ubi8/ubi-minimal:latest' : 'centos:8';
const ubiVersionTag = 'ubi8';
- const ubiImageFlavor = flags.ubi ? `-${ubiVersionTag}` : '';
+
+ let imageFlavor = '';
+ if (flags.ubi) imageFlavor += `-${ubiVersionTag}`;
+ if (flags.ironbank) imageFlavor += '-ironbank';
+ if (build.isOss()) imageFlavor += '-oss';
// General docker var config
const license = build.isOss() ? 'ASL 2.0' : 'Elastic License';
- const imageFlavor = build.isOss() ? '-oss' : '';
const imageTag = 'docker.elastic.co/kibana/kibana';
const version = config.getBuildVersion();
const artifactArchitecture = flags.architecture === 'aarch64' ? 'aarch64' : 'x86_64';
- const artifactPrefix = `kibana${imageFlavor}-${version}-linux`;
+ const artifactFlavor = build.isOss() ? '-oss' : '';
+ const artifactPrefix = `kibana${artifactFlavor}-${version}-linux`;
const artifactTarball = `${artifactPrefix}-${artifactArchitecture}.tar.gz`;
const artifactsDir = config.resolveFromTarget('.');
const dockerBuildDate = new Date().toISOString();
@@ -52,26 +58,27 @@ export async function runDockerGenerator(
const dockerBuildDir = config.resolveFromRepo(
'build',
'kibana-docker',
- build.isOss() ? `oss` : `default${ubiImageFlavor}`
+ build.isOss() ? `oss` : `default${imageFlavor}`
);
const imageArchitecture = flags.architecture === 'aarch64' ? '-aarch64' : '';
const dockerTargetFilename = config.resolveFromTarget(
- `kibana${imageFlavor}${ubiImageFlavor}-${version}-docker-image${imageArchitecture}.tar.gz`
+ `kibana${imageFlavor}-${version}-docker-image${imageArchitecture}.tar.gz`
);
const scope: TemplateContext = {
artifactPrefix,
artifactTarball,
imageFlavor,
version,
+ branch,
license,
artifactsDir,
imageTag,
dockerBuildDir,
dockerTargetFilename,
baseOSImage,
- ubiImageFlavor,
dockerBuildDate,
ubi: flags.ubi,
+ ironbank: flags.ironbank,
architecture: flags.architecture,
revision: config.getBuildSha(),
};
@@ -107,10 +114,17 @@ export async function runDockerGenerator(
// in order to build the docker image accordingly the dockerfile defined
// under templates/kibana_yml.template/js
await copyAll(
- config.resolveFromRepo('src/dev/build/tasks/os_packages/docker_generator/resources'),
+ config.resolveFromRepo('src/dev/build/tasks/os_packages/docker_generator/resources/base'),
dockerBuildDir
);
+ if (flags.ironbank) {
+ await copyAll(
+ config.resolveFromRepo('src/dev/build/tasks/os_packages/docker_generator/resources/ironbank'),
+ dockerBuildDir
+ );
+ }
+
// Build docker image into the target folder
// In order to do this we just call the file we
// created from the templates/build_docker_sh.template.js
diff --git a/src/dev/build/tasks/os_packages/docker_generator/template_context.ts b/src/dev/build/tasks/os_packages/docker_generator/template_context.ts
index 845d0449437ba..9c9949c9f57ea 100644
--- a/src/dev/build/tasks/os_packages/docker_generator/template_context.ts
+++ b/src/dev/build/tasks/os_packages/docker_generator/template_context.ts
@@ -9,6 +9,7 @@
export interface TemplateContext {
artifactPrefix: string;
artifactTarball: string;
+ branch: string;
imageFlavor: string;
version: string;
license: string;
@@ -17,10 +18,10 @@ export interface TemplateContext {
dockerBuildDir: string;
dockerTargetFilename: string;
baseOSImage: string;
- ubiImageFlavor: string;
dockerBuildDate: string;
usePublicArtifact?: boolean;
- ubi: boolean;
+ ubi?: boolean;
+ ironbank?: boolean;
revision: string;
architecture?: string;
}
diff --git a/src/dev/build/tasks/os_packages/docker_generator/templates/Dockerfile b/src/dev/build/tasks/os_packages/docker_generator/templates/base/Dockerfile
similarity index 100%
rename from src/dev/build/tasks/os_packages/docker_generator/templates/Dockerfile
rename to src/dev/build/tasks/os_packages/docker_generator/templates/base/Dockerfile
diff --git a/src/dev/build/tasks/os_packages/docker_generator/templates/build_docker_sh.template.ts b/src/dev/build/tasks/os_packages/docker_generator/templates/build_docker_sh.template.ts
index 89e6cc1040a02..05b9b4d100c53 100644
--- a/src/dev/build/tasks/os_packages/docker_generator/templates/build_docker_sh.template.ts
+++ b/src/dev/build/tasks/os_packages/docker_generator/templates/build_docker_sh.template.ts
@@ -16,7 +16,6 @@ function generator({
version,
dockerTargetFilename,
baseOSImage,
- ubiImageFlavor,
architecture,
}: TemplateContext) {
return dedent(`
@@ -54,10 +53,10 @@ function generator({
retry_docker_pull ${baseOSImage}
- echo "Building: kibana${imageFlavor}${ubiImageFlavor}-docker"; \\
- docker build -t ${imageTag}${imageFlavor}${ubiImageFlavor}:${version} -f Dockerfile . || exit 1;
+ echo "Building: kibana${imageFlavor}-docker"; \\
+ docker build -t ${imageTag}${imageFlavor}:${version} -f Dockerfile . || exit 1;
- docker save ${imageTag}${imageFlavor}${ubiImageFlavor}:${version} | gzip -c > ${dockerTargetFilename}
+ docker save ${imageTag}${imageFlavor}:${version} | gzip -c > ${dockerTargetFilename}
exit 0
`);
diff --git a/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.ts b/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.ts
index 01a45a4809431..e668299a3acc3 100755
--- a/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.ts
+++ b/src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.ts
@@ -13,10 +13,10 @@ import Mustache from 'mustache';
import { TemplateContext } from '../template_context';
function generator(options: TemplateContext) {
- const template = readFileSync(resolve(__dirname, './Dockerfile'));
+ const dir = options.ironbank ? 'ironbank' : 'base';
+ const template = readFileSync(resolve(__dirname, dir, './Dockerfile'));
return Mustache.render(template.toString(), {
- packageManager: options.ubiImageFlavor ? 'microdnf' : 'yum',
- tiniBin: options.architecture === 'aarch64' ? 'tini-arm64' : 'tini-amd64',
+ packageManager: options.ubi ? 'microdnf' : 'yum',
...options,
});
}
diff --git a/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/Dockerfile b/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/Dockerfile
new file mode 100644
index 0000000000000..6893883bf16a4
--- /dev/null
+++ b/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/Dockerfile
@@ -0,0 +1,77 @@
+################################################################################
+# Build stage 0
+# Extract Kibana and make various file manipulations.
+################################################################################
+ARG BASE_REGISTRY=registry1.dsop.io
+ARG BASE_IMAGE=redhat/ubi/ubi8
+ARG BASE_TAG=8.3
+
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as prep_files
+
+RUN yum update --setopt=tsflags=nodocs -y && \
+ yum install -y tar gzip && \
+ yum clean all
+
+RUN mkdir /usr/share/kibana
+WORKDIR /usr/share/kibana
+COPY --chown=1000:0 {{artifactTarball}} .
+RUN tar --strip-components=1 -zxf {{artifactTarball}}
+
+# Ensure that group permissions are the same as user permissions.
+# This will help when relying on GID-0 to run Kibana, rather than UID-1000.
+# OpenShift does this, for example.
+# REF: https://docs.openshift.org/latest/creating_images/guidelines.html
+RUN chmod -R g=u /usr/share/kibana
+
+
+################################################################################
+# Build stage 1
+# Copy prepared files from the previous stage and complete the image.
+################################################################################
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+EXPOSE 5601
+
+RUN yum update --setopt=tsflags=nodocs -y && \
+ yum install -y fontconfig freetype shadow-utils nss && \
+ yum clean all
+
+COPY LICENSE /licenses/elastic-kibana
+
+# Add a dumb init process
+COPY tini /bin/tini
+RUN chmod +x /bin/tini
+
+# Noto Fonts
+RUN mkdir /usr/share/fonts/local
+COPY NotoSansCJK-Regular.ttc /usr/share/fonts/local/NotoSansCJK-Regular.ttc
+RUN fc-cache -v
+
+# Bring in Kibana from the initial stage.
+COPY --from=prep_files --chown=1000:0 /usr/share/kibana /usr/share/kibana
+WORKDIR /usr/share/kibana
+RUN ln -s /usr/share/kibana /opt/kibana
+
+ENV ELASTIC_CONTAINER true
+ENV PATH=/usr/share/kibana/bin:$PATH
+
+# Set some Kibana configuration defaults.
+COPY --chown=1000:0 config/kibana.yml /usr/share/kibana/config/kibana.yml
+
+# Add the launcher/wrapper script. It knows how to interpret environment
+# variables and translate them to Kibana CLI options.
+COPY --chown=1000:0 scripts/kibana-docker /usr/local/bin/
+
+# Remove the suid bit everywhere to mitigate "Stack Clash"
+RUN find / -xdev -perm -4000 -exec chmod u-s {} +
+
+# Provide a non-root user to run the process.
+RUN groupadd --gid 1000 kibana && \
+ useradd --uid 1000 --gid 1000 -G 0 \
+ --home-dir /usr/share/kibana --no-create-home \
+ kibana
+
+ENTRYPOINT ["/bin/tini", "--"]
+
+CMD ["/usr/local/bin/kibana-docker"]
+
+HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 http://localhost:5601 || exit 1
diff --git a/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/README.md b/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/README.md
new file mode 100644
index 0000000000000..d297d135149f4
--- /dev/null
+++ b/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/README.md
@@ -0,0 +1,39 @@
+# Kibana
+
+**Kibana** lets you visualize your Elasticsearch data and navigate the Elastic Stack,
+so you can do anything from learning why you're getting paged at 2:00 a.m. to
+understanding the impact rain might have on your quarterly numbers.
+
+For more information about Kibana, please visit
+https://www.elastic.co/products/kibana.
+
+### Installation instructions
+
+Please follow the documentation on [running Kibana on Docker](https://www.elastic.co/guide/en/kibana/{{branch}}/docker.html).
+
+### Where to file issues and PRs
+
+- [Issues](https://github.com/elastic/kibana/issues)
+- [PRs](https://github.com/elastic/kibana/pulls)
+
+### DoD Restrictions
+
+Due to the [NODE-SECURITY-1184](https://www.npmjs.com/advisories/1184) issue, Kibana users should not use the `ALL_PROXY` environment variable to specify a proxy when installing Kibana plugins with the kibana-plugin command line application.
+
+### Where to get help
+
+- [Kibana Discuss Forums](https://discuss.elastic.co/c/kibana)
+- [Kibana Documentation](https://www.elastic.co/guide/en/kibana/current/index.html)
+
+### Still need help?
+
+You can learn more about the Elastic Community and also understand how to get more help
+visiting [Elastic Community](https://www.elastic.co/community).
+
+This software is governed by the [Elastic
+License](https://github.com/elastic/elasticsearch/blob/{{branch}}/licenses/ELASTIC-LICENSE.txt),
+and includes the full set of [free
+features](https://www.elastic.co/subscriptions).
+
+View the detailed release notes
+[here](https://www.elastic.co/guide/en/elasticsearch/reference/{{branch}}/es-release-notes.html).
diff --git a/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yml b/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yml
new file mode 100644
index 0000000000000..8de5ac2973358
--- /dev/null
+++ b/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yml
@@ -0,0 +1,58 @@
+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: 'elastic/kibana/kibana'
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+ - '{{version}}'
+ - 'latest'
+
+# Build args passed to Dockerfile ARGs
+args:
+ BASE_IMAGE: 'redhat/ubi/ubi8'
+ BASE_TAG: '8.3'
+
+# Docker image labels
+labels:
+ org.opencontainers.image.title: 'kibana'
+ org.opencontainers.image.description: 'Your window into the Elastic Stack.'
+ org.opencontainers.image.licenses: 'Elastic License'
+ org.opencontainers.image.url: 'https://www.elastic.co/products/kibana'
+ org.opencontainers.image.vendor: 'Elastic'
+ org.opencontainers.image.version: '{{version}}'
+ # mil.dso.ironbank.image.keywords: ""
+ # mil.dso.ironbank.image.type: "commercial"
+ mil.dso.ironbank.product.name: 'Kibana'
+
+# List of resources to make available to the offline build context
+resources:
+ - filename: kibana-{{version}}-linux-x86_64.tar.gz
+ url: {dashboardCopyToDashboardAction.getDescription()}
+{LICENSE_CALLOUT_DESCRIPTION}
+{SHARED_EMPTY_DESCRIPTION}
} - /> -{SHARED_EMPTY_DESCRIPTION}
} + /> +{LICENSE_CALLOUT_DESCRIPTION}
-{contentText}
{value}
+