-
Notifications
You must be signed in to change notification settings - Fork 719
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update the way to add settings in the ES keystore #1377
Update the way to add settings in the ES keystore #1377
Conversation
This fixes an issue where the repository-gcs plugin fails if the setting gcs.client.default.credentials_file is not a compacted JSON and is added using `elasticsearch-keystore add key --stdin`.
✔️ --- PASS: TestUpdateESSecureSettings (597.24s) |
Jenkins test this please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -46,7 +46,7 @@ import ( | |||
// initContainerParams is used to generate the init container that will load the secure settings into a keystore | |||
var initContainerParams = keystore.InitContainerParameters{ | |||
KeystoreCreateCommand: "/usr/share/elasticsearch/bin/elasticsearch-keystore create", | |||
KeystoreAddCommand: "/usr/share/elasticsearch/bin/elasticsearch-keystore add", | |||
KeystoreAddCommand: "/usr/share/elasticsearch/bin/elasticsearch-keystore add-file", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe KeystoreAddFileCommand
for explicitness?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
InitContainerParameters
is used between ES, Kibana and APM Server, so we have to stay a bit abstract.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right 👍
Do we want to include this in 0.9? (My take: yes.) |
Agreed. We should backport it |
This fixes an issue where the repository-gcs plugin fails if the setting gcs.client.default.credentials_file is not a compacted JSON and is added using `elasticsearch-keystore add key --stdin`. Since the secure settings are now in a Secret and each key of a Secret is mounted in a container as files I think we can safely change the way elasticsearch-keystore is called to add settings.
This fixes an issue where the repository-gcs plugin fails if the setting gcs.client.default.credentials_file is not a compacted JSON and is added using `elasticsearch-keystore add key --stdin`. Since the secure settings are now in a Secret and each key of a Secret is mounted in a container as files I think we can safely change the way elasticsearch-keystore is called to add settings.
This fixes an issue where the
repository-gcs
plugin fails if thesetting
gcs.client.default.credentials_file
is not a compacted JSONand is added using
elasticsearch-keystore add key --stdin
.Since the secure settings are now in a Secret and each key of a Secret is mounted in a container as files I think we can safely change the way
elasticsearch-keystore
is called to add settings.Fixes #1349.