Deploy a Kibana instance #12
Assignees
Comments
sebgl
added a commit
that referenced
this issue
Mar 10, 2020
Automatically rotate the Pod if: - the ent search config changes - the ent search TLS certs change - the referenced Elasticsearch certs change This is done through hashing them all and using that hash as a label in the podTemplate.
sebgl
added a commit
that referenced
this issue
Mar 13, 2020
Introduce the EnterpriseSearch CRD and controller in ECK. It seems to be working fine so far but has not been extensively tested. To be used, it requires the image field to be set with a valid Docker image. This is obviously work in progress, since: parts of the controller should be refactored to share common code with APMServer and Kibana most of the association controller should be refactored to share common code with APMServer and Kibana there are 0 unit tests (mostly because I wanted to go fast in the prototype phase, and because many unit tests should be written along with the refactoring above) there are 0 E2E tests it is missing a few features (podDisruptionBudget, secret config refs, version upgrade handling, etc.) --- Built from many commits: * Add Enterprise Search CRD * Add the Enterprise Search controller - minimal deployment ok * Add a working minimal Enterprise Search sample * Reconcile a configuration secret instead of env vars (#2) This is cleaner, more similar to what we do for other resources, and avoids leaking secrets in Pod environment variables. Note that Pods do not get automatically rotated when config changes so far. * Setup the EnterpriseSearch - Elasticsearch association controller This is heavily based on the APMServer association controller. Would largely benefit from some common refactoring in the future. * Patch the EnterpriseSearch CRD to fix the subresources I don't know why this isn't there in the first place. I plan to investigate in the future, but for now this is required to perform status updates. * Label Pods with a hash of the config for auto rotation (#4) We want Pods to be rotated with the new config. * Reuse the JAVA_OPTS const (#5) * Setup a readiness probe for smooth deployment rotation (#6) Let's query /swiftype-app-version which seems to be the default out there. The initial bootstrap is pretty slow so I set an InitialDelaySeconds of 60sec. * Generate the default enterprise_search user in a secret (#7) I *think* this user can end up being useful if Elasticsearch is down hence the native realm cannot be used. * Strip out private Docker image from default sample (#8) * Fix EnterpriseSearch CRD generation (#9) This fixes CRD generation following a rebase on master. * Use self-signed TLS certificates by default (#10) Generate self-signed certificates for Enterprise Search and enable TLS encryption by default. This can be disabled in the EnterpriseSearch spec, and user-provided certificates can be used instead. * Switch http/https protocol in readiness probe and config (#11) Depending on the TLS spec, let's use the correct protocol: http or https. * Inject a hash of TLS certs for pod rotation (#12) Automatically rotate the Pod if: - the ent search config changes - the ent search TLS certs change - the referenced Elasticsearch certs change This is done through hashing them all and using that hash as a label in the podTemplate. * Cleanup the code files (#13) * Minor cosmetic housekeeping * goimports files * Add missing license headers * Fix linter warnings * Add api docs * Struct comments improvements * Regenerate CRDs and api docs * Fixes from PR review * Rely on the global scheme.Scheme * Setup RBAC for Enterprise Search
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use a deployment for now to do that.
The text was updated successfully, but these errors were encountered: