Skip to content
Permalink
main
Switch branches/tags
Go to file
This commit update Elasticsearch chart to use security by default.

- Adds a new Secret template for Elasticsearch password with a
  randomized password if `secret.password` isn't defined.

- Adds instructions to retrieve the password in Elasticsearch chart
  deployment notes.

- Also, remove usage of `ELASTIC_USERNAME` variable because it
  don't seem to be supported anymore by Elasticsearch 

The other charts will be updated in follow-up PRs to use the proper
credentials

Relates to #1375
5 contributors

Users who have contributed to this file

@Crazybus @jmlrt @Conky5 @NorDroN @AhmedSamirAhmed
default: test
include ../../../helpers/examples.mk
RELEASE := helm-es-security
ELASTICSEARCH_IMAGE := docker.elastic.co/elasticsearch/elasticsearch:$(STACK_VERSION)
TIMEOUT := 1200s
install:
helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../
test: secrets install goss
purge:
kubectl delete secrets elastic-certificates elastic-certificate-pem elastic-certificate-crt|| true
helm del $(RELEASE)
pull-elasticsearch-image:
docker pull $(ELASTICSEARCH_IMAGE)
secrets:
docker rm -f elastic-helm-charts-certs || true
rm -f elastic-certificates.p12 elastic-certificate.pem elastic-certificate.crt elastic-stack-ca.p12 || true
docker run --name elastic-helm-charts-certs -i -w /tmp \
$(ELASTICSEARCH_IMAGE) \
/bin/sh -c " \
elasticsearch-certutil ca --out /tmp/elastic-stack-ca.p12 --pass '' && \
elasticsearch-certutil cert --name security-master --dns security-master --ca /tmp/elastic-stack-ca.p12 --pass '' --ca-pass '' --out /tmp/elastic-certificates.p12" && \
docker cp elastic-helm-charts-certs:/tmp/elastic-certificates.p12 ./ && \
docker rm -f elastic-helm-charts-certs && \
openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem && \
openssl x509 -outform der -in elastic-certificate.pem -out elastic-certificate.crt && \
kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 && \
kubectl create secret generic elastic-certificate-pem --from-file=elastic-certificate.pem && \
kubectl create secret generic elastic-certificate-crt --from-file=elastic-certificate.crt && \
rm -f elastic-certificates.p12 elastic-certificate.pem elastic-certificate.crt elastic-stack-ca.p12