You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@norrietaylor based on our conversation this change of the container.image.hash.all field would affect your team. Could you please bring in someone from the team to validate this proposal and agree on the changes?
@ChrsMark, sorry for the late reply. This slipped through the cracks.
The first step will be to ensure the change is made in the ECS repository. Once that is complete, we can make code changes to the integrations. The plan is to make the Kibana dashboard backward-compatible for both variants of the data model.
@ChrsMark, will you be submitting a change to ECS?
We will need help from @kfirpeled and his team to make the change in Kibana.
I will find resources from my team to make the agent changes for both cloud-defend and Endpoint.
Summary
We need ensure that ECS is aligned with Otel's semantic conventions. In open-telemetry/semantic-conventions#48 it's been discussed how the
container.image.*
fields will be aligned with the OCI spec.This is proposes the same that has been proposed at open-telemetry/semantic-conventions#48 (comment).
Also related to open-telemetry/semantic-conventions#72.
Motivation:
The motivation for this is to achieve allignment with Otel semantic conventions and more importantly with the OCI spec.
Detailed Design:
Copying the proposal that affects ECS from open-telemetry/semantic-conventions#48 (comment):
container.image.id: string
container.image.hash.all: string[]
tocontainer.image.digest: string[]
Docker ✅
This is aligned with Docker where an inspect of an image would give sth like the following:
OCI manifest ✅
This is also aligned with https://github.com/opencontainers/image-spec/blob/main/manifest.md which indicates that there are multiple
digest
s out of the many layers an image is built.k8s ✅
At the same time it's also aligned with what
k8s
report as I mention in my examples at open-telemetry/semantic-conventions#48 (comment) and according to the k8s docs:Example:
CRI ✅
The the Container Runtime Interface (CRI) of k8s also (as expected :)) follow the OCI spec and hence this proposal is alligned with this one too: https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1234-L1238
Example:
@norrietaylor based on our conversation this change of the
container.image.hash.all
field would affect your team. Could you please bring in someone from the team to validate this proposal and agree on the changes?cc: @mlunadia @AlexanderWert
The text was updated successfully, but these errors were encountered: