Add kibana 8.13 image (chainguard-images#2699)

images/kibana/README.md

@@ -0,0 +1,36 @@
+<!--monopod:start-->
+# kibana
+| | |
+| - | - |
+| **OCI Reference** | `cgr.dev/chainguard/kibana` |
+
+
+* [View Image in Chainguard Academy](https://edu.chainguard.dev/chainguard/chainguard-images/reference/kibana/overview/)
+* [View Image Catalog](https://console.enforce.dev/images/catalog) for a full list of available tags.
+* [Contact Chainguard](https://www.chainguard.dev/chainguard-images) for enterprise support, SLAs, and access to older tags.*
+
+---
+<!--monopod:end-->
+
+<!--overview:start-->
+Your window into the Elastic Stack.
+<!--overview:end-->
+
+<!--getting:start-->
+## Download this Image
+The image is available on `cgr.dev`:
+
+```
+docker pull cgr.dev/chainguard/kibana:latest
+```
+<!--getting:end-->
+
+<!--compatibility:start-->
+## Compatibility Notes
+
+Note that Kibana only supports running the same major version as its backend Elasticsearch container, so be sure to run 8.x Kibana with an 8.x version of Elasticsearch. See the [Kibana Guide](https://www.elastic.co/guide/en/kibana/master/setup.html#elasticsearch-version) for more details.
+<!--compatibility:end-->
+
+<!--body:start-->
+For details on how to run Kibana, refer to the Elastic documentation on [Installing Kibana with Docker](https://www.elastic.co/guide/en/kibana/master/docker.html).
+<!--body:end-->

images/kibana/config/main.tf

@@ -0,0 +1,61 @@
+terraform {
+  required_providers {
+    apko = { source = "chainguard-dev/apko" }
+  }
+}
+
+variable "extra_packages" {
+  description = "The additional packages to install."
+  default     = ["kibana", "tini", "bash", "busybox"]
+}
+
+variable "extra_repositories" {
+  description = "The additional repositores to install from (e.g. extras)."
+  default     = ["https://packages.cgr.dev/extras"]
+}
+
+variable "extra_keyring" {
+  description = "The additional keys to use (e.g. extras)."
+  default     = ["https://packages.cgr.dev/extras/chainguard-extras.rsa.pub"]
+}
+
+variable "environment" {
+  description = "Additional environment variables to set"
+  default     = {}
+  type        = map(string)
+}
+
+module "accts" {
+  source = "../../../tflib/accts"
+  # kibana expects to run as this user
+  run-as = 1000
+  uid    = 1000
+  gid    = 1000
+  name   = "kibana"
+}
+
+output "config" {
+  value = jsonencode({
+    contents = {
+      packages     = var.extra_packages
+      repositories = var.extra_repositories
+      keyring      = var.extra_keyring
+    }
+    paths = [
+      {
+        path        = "/usr/share/kibana",
+        type        = "directory",
+        recursive   = true,
+        uid         = module.accts.block.run-as,
+        gid         = module.accts.block.run-as,
+        permissions = 493,
+      }
+    ]
+    accounts    = module.accts.block
+    environment = var.environment
+    entrypoint = {
+      command = "/sbin/tini -g --"
+    }
+    cmd = "/usr/share/kibana/bin/kibana"
+  })
+}

images/kibana/main.tf

@@ -0,0 +1,38 @@
+variable "target_repository" {
+  description = "The docker repo into which the image and attestations should be published."
+}
+
+module "versions" {
+  source  = "../../tflib/versions"
+  package = "kibana"
+}
+
+module "config" {
+  for_each = module.versions.versions
+  source   = "./config"
+}
+
+module "versioned" {
+  for_each          = module.versions.versions
+  source            = "../../tflib/publisher"
+  name              = basename(path.module)
+  target_repository = var.target_repository
+  config            = module.config[each.key].config
+  build-dev         = true
+  main_package      = each.value.main
+  update-repo       = each.value.is_latest
+}
+
+module "test-versioned" {
+  for_each = module.versions.versions
+  source   = "./tests"
+  digest   = module.versioned[each.key].image_ref
+}
+
+module "tagger" {
+  source     = "../../tflib/tagger"
+  depends_on = [module.test-versioned]
+  tags = merge(
+    [for v in module.versioned : v.latest_tag_map]...
+  )
+}

images/kibana/metadata.yaml

@@ -0,0 +1,13 @@
+name: kibana
+image: cgr.dev/chainguard/kibana
+logo: https://storage.googleapis.com/chainguard-academy/logos/kibana.svg
+endoflife: ""
+console_summary: ""
+short_description: Your window into the Elastic Stack.
+compatibility_notes: "Note that Kibana only supports running the same major version as its backend Elasticsearch container, so be sure to run 8.x Kibana with an 8.x version of Elasticsearch. See the [Kibana Guide](https://www.elastic.co/guide/en/kibana/master/setup.html#elasticsearch-version) for more details."
+readme_file: README.md
+upstream_url: https://github.com/elastic/kibana
+keywords:
+  - application
+  - observability
+  - metrics

images/kibana/tests/main.tf

@@ -0,0 +1,132 @@
+terraform {
+  required_providers {
+    oci       = { source = "chainguard-dev/oci" }
+    imagetest = { source = "chainguard-dev/imagetest" }
+  }
+}
+
+locals {
+  namespace = "kibana"
+  parsed    = provider::oci::parse(var.digest)
+}
+
+variable "digest" {
+  description = "The image digest to run tests over."
+}
+
+data "imagetest_inventory" "this" {}
+
+resource "imagetest_harness_k3s" "this" {
+  name      = "eck-operator"
+  inventory = data.imagetest_inventory.this
+
+  sandbox = {
+    envs = {
+      IMAGE : "${var.digest}"
+    }
+  }
+}
+
+module "helm" {
+  source = "../../../tflib/imagetest/helm"
+
+  name = "eck-operator"
+
+  repo  = "https://helm.elastic.co"
+  chart = "eck-operator"
+
+  values = {
+    image = {
+      repository = "cgr.dev/chainguard/eck-operator"
+      tag        = "latest"
+    }
+  }
+}
+
+resource "imagetest_feature" "basic" {
+  name        = "Basic"
+  description = "Install ECK operator and add Kibana"
+  harness     = imagetest_harness_k3s.this
+
+  steps = [
+    {
+      name = "Helm install ECK"
+      cmd  = module.helm.install_cmd
+    },
+    {
+      name = "Wait for elastic-operator sts"
+      cmd  = "kubectl rollout status --watch --timeout=60s sts/elastic-operator"
+    },
+    {
+      name = "Add Elasticsearch pod"
+      cmd  = <<EOT
+        cat <<EOF | kubectl apply -f -
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  name: quickstart
+spec:
+  version: 8.13.4
+  nodeSets:
+  - name: default
+    count: 1
+    config:
+      node.store.allow_mmap: false
+EOF
+EOT
+    },
+    {
+      name = "Add Kibana pod"
+      cmd  = <<EOT
+        cat <<EOF | kubectl apply -f -
+apiVersion: kibana.k8s.elastic.co/v1
+kind: Kibana
+metadata:
+  name: quickstart
+spec:
+  version: 8.13.4
+  count: 1
+  elasticsearchRef:
+    name: quickstart
+EOF
+EOT
+    },
+    {
+      name  = "Scale down kibana deployment"
+      cmd   = "kubectl scale --replicas=0 deployment/quickstart-kb"
+      retry = { attempts = 3, delay = "5s" }
+    },
+    {
+      name = "Use our Kibana image and scale up"
+      cmd  = <<EOF
+        kubectl set image deployment/quickstart-kb kibana=$IMAGE
+        kubectl scale --replicas=1 deployment/quickstart-kb
+      EOF
+    },
+    {
+      name = "Wait for deployment to settle"
+      cmd  = "kubectl rollout status --watch --timeout=300s deployment/quickstart-kb"
+    },
+    {
+      name = "Get tools"
+      cmd  = "apk add curl jq"
+    },
+    {
+      name = "Port forward to Kibana"
+      cmd  = "kubectl port-forward svc/quickstart-kb-http 5601&"
+    },
+    {
+      name  = "Check Kibana dashboard is enabled via API"
+      cmd   = <<EOF
+        PASSWORD=$(kubectl get secret quickstart-es-elastic-user -o json |jq -r ".data .elastic" |base64 -d)
+        curl -sk https://localhost:5601/api/features -u elastic:$PASSWORD |jq '.[] |select(.id=="dashboard")'        
+      EOF
+      retry = { attempts = 5, delay = "10s" }
+    },
+    {
+      name  = "Look for active log"
+      cmd   = "kubectl logs deployment/quickstart-kb |grep 'Kibana is now available'"
+      retry = { attempts = 5, delay = "10s" }
+    }
+  ]
+}