Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

[elasticsearch] SSL by default #1519

Merged
merged 49 commits into from
Feb 8, 2022
Merged

[elasticsearch] SSL by default #1519

merged 49 commits into from
Feb 8, 2022

Conversation

framsouza
Copy link
Contributor

Fix #1443

This PR add ssl configuration by default in our helm chart. The SSL certs are generated by helm.

@framsouza
Adding support to Ingress networking.k8s.io/v1
3219977
@framsouza
Adjusting ES service name
ca298fd
@framsouza
Removing ingress typo & adjusting python test
1caaa02
@framsouza
Adjusting python tests to use the new ingress version
4b2b7bf
@framsouza
fixing conflict
2611e28
@framsouza
fixing conflict
3843441
@framsouza
Merge branch 'elastic-master'
1391790
@framsouza
Adding support to kubernetes ingress v1 & ClassName
af7de17
@framsouza
Adding reformatted files
10ee16d
@framsouza
Merge branch 'elastic:master' into master
6407ff9
@framsouza
fixing conflict
aefb05e
@framsouza
Adding ClassName & Pathtype on ingress settings
eb96b28
@framsouza
Merge branch 'elastic:master' into master
027448f
@framsouza
Performing syntax adjustments and removing comments
a6be99c
@framsouza
Merge branch 'elastic:main' into main
795095a
@framsouza
Merge branch 'elastic:main' into main
851231c
@framsouza
Merge branch 'elastic:main' into main
bdd089b
@framsouza
Merge branch 'elastic:main' into main
2ec90eb
@framsouza
Merge branch 'elastic:main' into main
5134bfa
@framsouza
Merge branch 'main' of github.com:elastic/helm-charts into main
3178450
@framsouza
Adding ssl to be used by default
45b00b4
jmlrt
jmlrt reviewed Dec 22, 2021
View reviewed changes
elasticsearch/values.yaml Outdated Show resolved Hide resolved
jmlrt
jmlrt suggested changes Dec 22, 2021
View reviewed changes
Copy link
Member

@jmlrt jmlrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some improvements to do but this is really good 👍🏻

elasticsearch/templates/secret-cert.yaml Outdated Show resolved Hide resolved
@jmlrt
Copy link
Member

jmlrt commented Dec 22, 2021

Also https://github.com/elastic/helm-charts/tree/main/elasticsearch#how-to-deploy-clusters-with-security-authentication-and-tls-enabled should be updated to mention that certs are created by default but you can provide your own certs using the example in https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/security

jmlrt
jmlrt suggested changes Dec 22, 2021
View reviewed changes
elasticsearch/values.yaml Outdated Show resolved Hide resolved
@framsouza framsouza requested a review from jmlrt January 5, 2022 11:22
@jmlrt
Copy link
Member

jmlrt commented Jan 5, 2022

jenkins test this please

jmlrt
jmlrt suggested changes Jan 5, 2022
View reviewed changes
elasticsearch/templates/statefulset.yaml Outdated Show resolved Hide resolved
jmlrt
jmlrt suggested changes Jan 5, 2022
View reviewed changes
Copy link
Member

@jmlrt jmlrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://devops-ci.elastic.co/job/elastic+helm-charts+pull-request+integration-elasticsearch/1250/ES_SUITE=multi,KUBERNETES_VERSION=1.19,label=docker&&virtual/console is failing because the data and client Helm releases are creating their own secret cert instead of mounting the one created by the master release.

I think that data and client values for this test should be updated with:

createCert: false
secretMounts:
  - name: elastic-certificates
    secretName: multi-master-certs
    path: /usr/share/elasticsearch/config/certs

jmlrt
jmlrt suggested changes Jan 5, 2022
View reviewed changes
apm-server/examples/default/test/goss.yaml Outdated Show resolved Hide resolved
@framsouza framsouza requested a review from jmlrt January 6, 2022 09:06
@framsouza
Copy link
Contributor Author

checking

jmlrt
jmlrt suggested changes Jan 17, 2022
View reviewed changes
logstash/examples/default/test/goss.yaml Outdated Show resolved Hide resolved
apm-server/examples/default/test/goss.yaml Outdated Show resolved Hide resolved
apm-server/examples/upgrade/test/goss.yaml Outdated Show resolved Hide resolved
logstash/examples/default/test/goss.yaml Outdated Show resolved Hide resolved
logstash/examples/elasticsearch/test/goss.yaml Outdated Show resolved Hide resolved
logstash/examples/security/test/goss.yaml Outdated Show resolved Hide resolved
logstash/examples/upgrade/test/goss.yaml Outdated Show resolved Hide resolved
logstash/examples/upgrade/test/goss.yaml Outdated Show resolved Hide resolved
elasticsearch/examples/multi/data.yaml Show resolved Hide resolved
elasticsearch/examples/multi/client.yaml Show resolved Hide resolved
jmlrt
jmlrt approved these changes Feb 8, 2022
View reviewed changes
Copy link
Member

@jmlrt jmlrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM⛴

@jmlrt
Copy link
Member

jmlrt commented Feb 8, 2022

Elasticsearch tests are successful 🎉
Thank you @framsouza for your work on this PR 👍🏻

As discussed, we'll merge this PR and fix the tests for the other charts in dedicated follow-up PRs.

@jmlrt jmlrt merged commit 147f317 into elastic:main Feb 8, 2022
@jmlrt jmlrt mentioned this pull request Sep 7, 2022
Merged
@jmlrt jmlrt added the v8.5.1 label Nov 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ebuildy ebuildy ebuildy left review comments

@jmlrt jmlrt jmlrt approved these changes

@jkakavas jkakavas Awaiting requested review from jkakavas

Assignees
No one assigned
Labels
breaking change elasticsearch enhancement New feature or request v8.5.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[elasticsearch] Readiness probe is failing again with 8.0.0-SNAPSHOT and default config
3 participants
@framsouza @jmlrt @ebuildy