Mount /etc directory in Kubernetes DaemonSet manifests. (#1382) (#1395)

Changes made to files like `/etc/passwd` using Linux tools like
`useradd` are not reflected in the mounted file on the Agent,
because the tool replaces the file instead of changing it
in-place.

Mounting the parent directory solves this problem.

(cherry picked from commit 90c2c00)

Co-authored-by: Yash Tewari <[email protected]>

deploy/kubernetes/elastic-agent-managed-kubernetes.yaml

@@ -83,21 +83,12 @@ spec:
             - name: varlog
               mountPath: /var/log
               readOnly: true
-            - name: etc-kubernetes
-              mountPath: /hostfs/etc/kubernetes
+            - name: etc-full
+              mountPath: /hostfs/etc
               readOnly: true
             - name: var-lib
               mountPath: /hostfs/var/lib
               readOnly: true
-            - name: passwd
-              mountPath: /hostfs/etc/passwd
-              readOnly: true
-            - name: group
-              mountPath: /hostfs/etc/group
-              readOnly: true
-            - name: etcsysmd
-              mountPath: /hostfs/etc/systemd
-              readOnly: true
             - name: etc-mid
               mountPath: /etc/machine-id
               readOnly: true
@@ -114,26 +105,15 @@ spec:
         - name: varlog
           hostPath:
             path: /var/log
-        # Needed for cloudbeat
-        - name: etc-kubernetes
+        # The following volumes are needed for Cloud Security Posture integration (cloudbeat)
+        # If you are not using this integration, then these volumes and the corresponding
+        # mounts can be removed.
+        - name: etc-full
           hostPath:
-            path: /etc/kubernetes
-        # Needed for cloudbeat
+            path: /etc
         - name: var-lib
           hostPath:
             path: /var/lib
-        # Needed for cloudbeat
-        - name: passwd
-          hostPath:
-            path: /etc/passwd
-        # Needed for cloudbeat
-        - name: group
-          hostPath:
-            path: /etc/group
-        # Needed for cloudbeat
-        - name: etcsysmd
-          hostPath:
-            path: /etc/systemd
         # Mount /etc/machine-id from the host to determine host ID
         # Needed for Elastic Security integration
         - name: etc-mid

deploy/kubernetes/elastic-agent-managed/elastic-agent-managed-daemonset.yaml

@@ -83,21 +83,12 @@ spec:
             - name: varlog
               mountPath: /var/log
               readOnly: true
-            - name: etc-kubernetes
-              mountPath: /hostfs/etc/kubernetes
+            - name: etc-full
+              mountPath: /hostfs/etc
               readOnly: true
             - name: var-lib
               mountPath: /hostfs/var/lib
               readOnly: true
-            - name: passwd
-              mountPath: /hostfs/etc/passwd
-              readOnly: true
-            - name: group
-              mountPath: /hostfs/etc/group
-              readOnly: true
-            - name: etcsysmd
-              mountPath: /hostfs/etc/systemd
-              readOnly: true
             - name: etc-mid
               mountPath: /etc/machine-id
               readOnly: true
@@ -114,26 +105,15 @@ spec:
         - name: varlog
           hostPath:
             path: /var/log
-        # Needed for cloudbeat
-        - name: etc-kubernetes
+        # The following volumes are needed for Cloud Security Posture integration (cloudbeat)
+        # If you are not using this integration, then these volumes and the corresponding
+        # mounts can be removed.
+        - name: etc-full
           hostPath:
-            path: /etc/kubernetes
-        # Needed for cloudbeat
+            path: /etc
         - name: var-lib
           hostPath:
             path: /var/lib
-        # Needed for cloudbeat
-        - name: passwd
-          hostPath:
-            path: /etc/passwd
-        # Needed for cloudbeat
-        - name: group
-          hostPath:
-            path: /etc/group
-        # Needed for cloudbeat
-        - name: etcsysmd
-          hostPath:
-            path: /etc/systemd
         # Mount /etc/machine-id from the host to determine host ID
         # Needed for Elastic Security integration
         - name: etc-mid

deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml

@@ -722,21 +722,12 @@ spec:
             - name: varlog
               mountPath: /var/log
               readOnly: true
-            - name: etc-kubernetes
-              mountPath: /hostfs/etc/kubernetes
+            - name: etc-full
+              mountPath: /hostfs/etc
               readOnly: true
             - name: var-lib
               mountPath: /hostfs/var/lib
               readOnly: true
-            - name: passwd
-              mountPath: /hostfs/etc/passwd
-              readOnly: true
-            - name: group
-              mountPath: /hostfs/etc/group
-              readOnly: true
-            - name: etcsysmd
-              mountPath: /hostfs/etc/systemd
-              readOnly: true
       volumes:
         - name: datastreams
           configMap:
@@ -757,26 +748,15 @@ spec:
         - name: varlog
           hostPath:
             path: /var/log
-        # Needed for cloudbeat
-        - name: etc-kubernetes
+        # The following volumes are needed for Cloud Security Posture integration (cloudbeat)
+        # If you are not using this integration, then these volumes and the corresponding
+        # mounts can be removed.
+        - name: etc-full
           hostPath:
-            path: /etc/kubernetes
-        # Needed for cloudbeat
+            path: /etc
         - name: var-lib
           hostPath:
             path: /var/lib
-        # Needed for cloudbeat
-        - name: passwd
-          hostPath:
-            path: /etc/passwd
-        # Needed for cloudbeat
-        - name: group
-          hostPath:
-            path: /etc/group
-        # Needed for cloudbeat
-        - name: etcsysmd
-          hostPath:
-            path: /etc/systemd
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset.yaml

@@ -94,21 +94,12 @@ spec:
             - name: varlog
               mountPath: /var/log
               readOnly: true
-            - name: etc-kubernetes
-              mountPath: /hostfs/etc/kubernetes
+            - name: etc-full
+              mountPath: /hostfs/etc
               readOnly: true
             - name: var-lib
               mountPath: /hostfs/var/lib
               readOnly: true
-            - name: passwd
-              mountPath: /hostfs/etc/passwd
-              readOnly: true
-            - name: group
-              mountPath: /hostfs/etc/group
-              readOnly: true
-            - name: etcsysmd
-              mountPath: /hostfs/etc/systemd
-              readOnly: true
       volumes:
         - name: datastreams
           configMap:
@@ -129,23 +120,12 @@ spec:
         - name: varlog
           hostPath:
             path: /var/log
-        # Needed for cloudbeat
-        - name: etc-kubernetes
+        # The following volumes are needed for Cloud Security Posture integration (cloudbeat)
+        # If you are not using this integration, then these volumes and the corresponding
+        # mounts can be removed.
+        - name: etc-full
           hostPath:
-            path: /etc/kubernetes
-        # Needed for cloudbeat
+            path: /etc
         - name: var-lib
           hostPath:
             path: /var/lib
-        # Needed for cloudbeat
-        - name: passwd
-          hostPath:
-            path: /etc/passwd
-        # Needed for cloudbeat
-        - name: group
-          hostPath:
-            path: /etc/group
-        # Needed for cloudbeat
-        - name: etcsysmd
-          hostPath:
-            path: /etc/systemd