From f755dbf0ae5b6bb4783f3e4c4d560698eadcc078 Mon Sep 17 00:00:00 2001 From: Liam Thompson Date: Mon, 16 Dec 2024 11:46:09 +0100 Subject: [PATCH 1/6] [DOCS] Mention Wolfi hardened option in Docker docs --- docs/reference/setup/install/docker.asciidoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/reference/setup/install/docker.asciidoc b/docs/reference/setup/install/docker.asciidoc index 8694d7f5b46c6..4e64bae00e104 100644 --- a/docs/reference/setup/install/docker.asciidoc +++ b/docs/reference/setup/install/docker.asciidoc @@ -54,6 +54,17 @@ docker pull {docker-image} ---- // REVIEWED[DEC.10.24] -- ++ +[TIP] +==== +Alternatively, you can use the hardened https://wolfi.dev/[Wolfi] image for additional security. +Using Wolfi images requires Docker version 20.10.10 or higher. + +[source,sh,subs="attributes"] +---- +docker pull docker.elastic.co/elasticsearch/elasticsearch-wolfi:{version} +---- +==== . Optional: Install https://docs.sigstore.dev/cosign/system_config/installation/[Cosign] for your From e8c3daf2628f7e1e3c63abe6c9f2116f14decce8 Mon Sep 17 00:00:00 2001 From: Liam Thompson Date: Tue, 17 Dec 2024 15:48:13 +0100 Subject: [PATCH 2/6] Make Wolfi info more prominent --- docs/reference/setup/install/docker.asciidoc | 26 +++++++++++--------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/docs/reference/setup/install/docker.asciidoc b/docs/reference/setup/install/docker.asciidoc index 4e64bae00e104..5472e6b3d4e54 100644 --- a/docs/reference/setup/install/docker.asciidoc +++ b/docs/reference/setup/install/docker.asciidoc @@ -25,6 +25,21 @@ TIP: This setup doesn't run multiple {es} nodes or {kib} by default. To create a multi-node cluster with {kib}, use Docker Compose instead. See <>. +[[docker-wolfi-hardened-image]] +===== Hardened Docker images + +You can also use the hardened https://wolfi.dev/[Wolfi] image for additional security. +Using Wolfi images requires Docker version 20.10.10 or higher. + +To use the Wolfi image, append `-wolfi` to the image tag in the Docker command. + +For example: + +[source,sh,subs="attributes"] +---- +docker pull {wolfi-docker-image} +---- + ===== Start a single-node cluster . Install Docker. Visit https://docs.docker.com/get-docker/[Get Docker] to @@ -54,17 +69,6 @@ docker pull {docker-image} ---- // REVIEWED[DEC.10.24] -- -+ -[TIP] -==== -Alternatively, you can use the hardened https://wolfi.dev/[Wolfi] image for additional security. -Using Wolfi images requires Docker version 20.10.10 or higher. - -[source,sh,subs="attributes"] ----- -docker pull docker.elastic.co/elasticsearch/elasticsearch-wolfi:{version} ----- -==== . Optional: Install https://docs.sigstore.dev/cosign/system_config/installation/[Cosign] for your From 4453c2ee08b1176862718d0f014cea1e41ff7382 Mon Sep 17 00:00:00 2001 From: Liam Thompson Date: Tue, 17 Dec 2024 15:48:37 +0100 Subject: [PATCH 3/6] Add Wolfi docker image variable --- docs/Versions.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/Versions.asciidoc b/docs/Versions.asciidoc index bdb0704fcd880..08cbf1d34dd17 100644 --- a/docs/Versions.asciidoc +++ b/docs/Versions.asciidoc @@ -9,6 +9,8 @@ include::{docs-root}/shared/versions/stack/{source_branch}.asciidoc[] :docker-repo: docker.elastic.co/elasticsearch/elasticsearch :docker-image: {docker-repo}:{version} +:wolfi-docker-repo: docker.elastic.co/elasticsearch/elasticsearch-wolfi +:wolfi-docker-image: {wolfi-docker-repo}:{version} :kib-docker-repo: docker.elastic.co/kibana/kibana :kib-docker-image: {kib-docker-repo}:{version} :plugin_url: https://artifacts.elastic.co/downloads/elasticsearch-plugins From 190da2e411854bdae377d107ec92f2e9a7b79fd5 Mon Sep 17 00:00:00 2001 From: Liam Thompson Date: Tue, 17 Dec 2024 15:51:28 +0100 Subject: [PATCH 4/6] Somebody already added that variable --- docs/Versions.asciidoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/Versions.asciidoc b/docs/Versions.asciidoc index 08cbf1d34dd17..f2e61861bd3a6 100644 --- a/docs/Versions.asciidoc +++ b/docs/Versions.asciidoc @@ -9,8 +9,7 @@ include::{docs-root}/shared/versions/stack/{source_branch}.asciidoc[] :docker-repo: docker.elastic.co/elasticsearch/elasticsearch :docker-image: {docker-repo}:{version} -:wolfi-docker-repo: docker.elastic.co/elasticsearch/elasticsearch-wolfi -:wolfi-docker-image: {wolfi-docker-repo}:{version} +:docker-wolfi-image: {docker-repo}-wolfi:{version} :kib-docker-repo: docker.elastic.co/kibana/kibana :kib-docker-image: {kib-docker-repo}:{version} :plugin_url: https://artifacts.elastic.co/downloads/elasticsearch-plugins From d10500d24b7c4a3cca22afd131eb2790b50b1751 Mon Sep 17 00:00:00 2001 From: Liam Thompson Date: Tue, 17 Dec 2024 15:51:57 +0100 Subject: [PATCH 5/6] Ditto --- docs/reference/setup/install/docker.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/setup/install/docker.asciidoc b/docs/reference/setup/install/docker.asciidoc index 5472e6b3d4e54..f3576db0c786c 100644 --- a/docs/reference/setup/install/docker.asciidoc +++ b/docs/reference/setup/install/docker.asciidoc @@ -37,7 +37,7 @@ For example: [source,sh,subs="attributes"] ---- -docker pull {wolfi-docker-image} +docker pull {docker-wolfi-image} ---- ===== Start a single-node cluster From f34538fdb61781f1927b7c2a2765cd20cd3daa80 Mon Sep 17 00:00:00 2001 From: Liam Thompson Date: Tue, 17 Dec 2024 16:17:20 +0100 Subject: [PATCH 6/6] Ok this file was updated in meantime but tidying it up a bit anyway --- docs/reference/setup/install/docker.asciidoc | 6 ------ 1 file changed, 6 deletions(-) diff --git a/docs/reference/setup/install/docker.asciidoc b/docs/reference/setup/install/docker.asciidoc index de675b4519691..f3576db0c786c 100644 --- a/docs/reference/setup/install/docker.asciidoc +++ b/docs/reference/setup/install/docker.asciidoc @@ -70,12 +70,6 @@ docker pull {docker-image} // REVIEWED[DEC.10.24] -- -Alternatevely, you can use the Wolfi based image. Using Wolfi based images requires Docker version 20.10.10 or superior. -[source,sh,subs="attributes"] ----- -docker pull {docker-wolfi-image} ----- - . Optional: Install https://docs.sigstore.dev/cosign/system_config/installation/[Cosign] for your environment. Then use Cosign to verify the {es} image's signature.