Hide the Elasticsearch field in CRDs #1653
Comments
charith-elastic
added
discuss
charith-elastic
changed the title
Elasticsearch field in CRDs
We already had that and removed it again because CRDs are too user visible and we did not want to give that implementation detail so much room. See #747 for example |
|
@pebrc My understanding from looking at #747 is that previously we required users to explicitly create an association object to create the link between stack products. That is indeed too much to ask from users. However, what I am suggesting is that the association object should be created and managed solely by the operator as a way to manage its internal state. Typical users should not even be aware that it exists. The flow would be pretty much that same as what we have right now but instead of using the |
|
Another option might be to use annotations to store the required information. |
I think my concern is that CRDs are very visible see as an example https://operatorhub.io/operator/elastic-cloud-eck We would 'leak' these implementation details by making it a CRD. cloud-on-k8s/pkg/controller/kibanaassociation/association_controller.go Lines 299 to 302 in cca8fa1 Looking at the implementation of the Kibana association controller, it seems that the association controller itself is already using conventions to determine what to configure in the |
|
It is certainly possible to use conventions for discovering related K8S objects but that won't extend to things like URLs. The naming PR I am currently working on has highlighted some edge cases surrounding names so my preference right now is to not rely on naming and use annotations to store the information instead. Some of the information we need such as references to secrets are Kubernetes specific and will not fit in the |
|
I am OK with using annotations, but I am not following the argument regarding unspecified edge cases around naming here. If the association controller calls As to how to solve the indirection between the two resources: annotations are an option the other is a secret/config map containing the necessary configuration which again could be discovered by convention or a label (we are already doing that for the CA certs and user/pw, there is even an argument for consolidating everything in one secret maybe). |
From the discussion over at #1141 we came to the realisation that the
Elasticsearchfield in the Kibana and APM CRDs should not be user configurable. This is because a user who wishes to configure access to an external Elasticsearch cluster should be using the native configuration options provided by Kibana and APM products.The operators still use the
Elasticsearchfield to store information about the association with Elasticsearch. There are several options we can consider here:BackendElasticsearchandElasticsearchOutputobjects.Elasticsearchfield private so that it doesn't appear in the generated CRD spec (Kubebuilder does not seem to have an annotation to hide a field) and add methods to the parent object to allow the operators to read and modify the field.The text was updated successfully, but these errors were encountered: