From 5072b08949c5ee82dba606cb5253dcdef55512e2 Mon Sep 17 00:00:00 2001 From: Thibault Richard Date: Fri, 19 Jul 2019 17:35:51 +0200 Subject: [PATCH 1/5] Update persistent storage section --- docs/k8s-quickstart.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/k8s-quickstart.asciidoc b/docs/k8s-quickstart.asciidoc index 5fa9d21aa0..115ac996cb 100644 --- a/docs/k8s-quickstart.asciidoc +++ b/docs/k8s-quickstart.asciidoc @@ -267,11 +267,11 @@ EOF [float] [id="{p}-persistent-storage"] -=== Use persistent storage +=== Update persistent storage -Now that you have completed the quickstart, you can try out more features like using persistent storage. The cluster that you deployed in this quickstart uses a default persistent volume claim of 1GiB, without a storage class set. This means that the default storage class defined in the Kubernetes cluster is the one that will be provisioned. +Now that you have completed the quickstart, you can try out more features like tweaking persistent storage. The cluster that you deployed in this quickstart uses a default persistent volume claim of 1GiB, without a storage class set. This means that the default storage class defined in the Kubernetes cluster is the one that will be provisioned. -You can request a `PersistentVolumeClaim` in the cluster specification, to target any `PersistentVolume` class available in your Kubernetes cluster: +You can request a `PersistentVolumeClaim` with a larger size in the Elasticsearch specification or target any `PersistentVolume` class available in your Kubernetes cluster: [source,yaml] ---- From d45590a8bc43220f868745101b32a5667dd9d265 Mon Sep 17 00:00:00 2001 From: Thibault Richard Date: Fri, 19 Jul 2019 17:36:19 +0200 Subject: [PATCH 2/5] Update kibana localhost url to use https --- docs/k8s-quickstart.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/k8s-quickstart.asciidoc b/docs/k8s-quickstart.asciidoc index 115ac996cb..e97be4debe 100644 --- a/docs/k8s-quickstart.asciidoc +++ b/docs/k8s-quickstart.asciidoc @@ -230,7 +230,7 @@ Use `kubectl port-forward` to access Kibana from your local workstation: kubectl port-forward service/quickstart-kb-http 5601 ---- + -Open `http://localhost:5601` in your browser. +Open `https://localhost:5601` in your browser. + Login with the `elastic` user. Retrieve its password with: + From a04d042650970aa98b00539620be8a921cd852b0 Mon Sep 17 00:00:00 2001 From: Thibault Richard Date: Mon, 22 Jul 2019 12:22:33 +0200 Subject: [PATCH 3/5] Update k8s resources names in accessing-services doc --- docs/accessing-services.asciidoc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/accessing-services.asciidoc b/docs/accessing-services.asciidoc index 1c789edb0f..c0fdf5bf6c 100644 --- a/docs/accessing-services.asciidoc +++ b/docs/accessing-services.asciidoc @@ -25,7 +25,7 @@ To access Elasticsearch, Kibana or APM Server, the operator manages a default us [source,sh] ---- -> kubectl get secret hulk-elastic-user -o go-template='{{.data.elastic | base64decode }}' +> kubectl get secret hulk-es-elastic-user -o go-template='{{.data.elastic | base64decode }}' 42xyz42citsale42xyz42 ---- @@ -178,7 +178,7 @@ NAME=hulk kubectl get secret "$NAME-ca" -o go-template='{{index .data "ca.pem" | base64decode }}' > ca.pem PW=$(kubectl get secret "$NAME-elastic-user" -o go-template='{{.data.elastic | base64decode }}') -curl --cacert ca.pem -u elastic:$PW https://$NAME-es:9200/ +curl --cacert ca.pem -u elastic:$PW https://$NAME-es-http:9200/ ---- *Outside the Kubernetes cluster* @@ -191,11 +191,11 @@ curl --cacert ca.pem -u elastic:$PW https://$NAME-es:9200/ ---- NAME=hulk -kubectl get secret "$NAME-ca" -o go-template='{{index .data "ca.pem" | base64decode }}' > ca.pem -IP=$(kubectl get svc "$NAME-es" -o jsonpath='{.status.loadBalancer.ingress[].ip}') -PW=$(kubectl get secret "$NAME-elastic-user" -o go-template='{{.data.elastic | base64decode }}') +kubectl get secret "$NAME-es-http-certs-public" -o go-template='{{index .data "tls.crt" | base64decode }}' > tls.crt +IP=$(kubectl get svc "$NAME-es-http" -o jsonpath='{.status.loadBalancer.ingress[].ip}') +PW=$(kubectl get secret "$NAME-es-elastic-user" -o go-template='{{.data.elastic | base64decode }}') -curl --cacert ca.pem -u elastic:$PW https://$IP:9200/ +curl --cacert tls.crt -u elastic:$PW https://$IP:9200/ ---- Now you should get this message: From f0099851e8a970043116fdd3ce2cd9332de2a13a Mon Sep 17 00:00:00 2001 From: Thibault Richard Date: Mon, 22 Jul 2019 14:51:53 +0200 Subject: [PATCH 4/5] Mention SSL browser warning --- docs/k8s-quickstart.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/k8s-quickstart.asciidoc b/docs/k8s-quickstart.asciidoc index e97be4debe..e741a43bd6 100644 --- a/docs/k8s-quickstart.asciidoc +++ b/docs/k8s-quickstart.asciidoc @@ -230,7 +230,7 @@ Use `kubectl port-forward` to access Kibana from your local workstation: kubectl port-forward service/quickstart-kb-http 5601 ---- + -Open `https://localhost:5601` in your browser. +Open `https://localhost:5601` in your browser. Your browser will show a warning because the self-signed certificate configured by default is not verified by a third party certificate authority and not trusted by your browser. You can either configure a link:k8s-accessing-elastic-services.html#k8s-setting-up-your-own-certificate[valid certificate] or acknowledge the warning for the purposes of this quick start. + Login with the `elastic` user. Retrieve its password with: + From 21f67ae40c6bd986a89c653b776fdbc19257ec90 Mon Sep 17 00:00:00 2001 From: Thibault Richard Date: Mon, 22 Jul 2019 14:52:23 +0200 Subject: [PATCH 5/5] Fix bulleted list --- docs/accessing-services.asciidoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/accessing-services.asciidoc b/docs/accessing-services.asciidoc index c0fdf5bf6c..36ed44176d 100644 --- a/docs/accessing-services.asciidoc +++ b/docs/accessing-services.asciidoc @@ -141,8 +141,9 @@ spec: You can bring your own certificate to configure TLS to ensure that communication between HTTP clients and the cluster is encrypted. Create a Kubernetes secret with: -. tls.crt: the certificate (or a chain). -. tls.key: the private key to the first certificate in the certificate chain. + +- tls.crt: the certificate (or a chain). +- tls.key: the private key to the first certificate in the certificate chain. [source,sh] ----