Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not manage keystore if already initialized #3295

Merged
merged 3 commits into from
Jun 23, 2020
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pkg/controller/apmserver/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ var (
KeystoreCreateCommand: ApmServerBin + " keystore create --force",
KeystoreAddCommand: ApmServerBin + ` keystore add "$key" --stdin < "$filename"`,
SecureSettingsVolumeMountPath: keystore.SecureSettingsVolumeMountPath,
DataVolumePath: DataVolumePath,
KeystoreVolumePath: DataVolumePath,
Resources: corev1.ResourceRequirements{
Requests: map[corev1.ResourceName]resource.Quantity{
corev1.ResourceMemory: resource.MustParse("128Mi"),
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/beat/common/pod.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ func initContainerParameters(typ string) keystore.InitContainerParameters {
KeystoreCreateCommand: fmt.Sprintf("%s keystore create --force", typ),
KeystoreAddCommand: fmt.Sprintf(`cat "$filename" | %s keystore add "$key" --stdin --force`, typ),
SecureSettingsVolumeMountPath: keystore.SecureSettingsVolumeMountPath,
DataVolumePath: fmt.Sprintf(DataPathTemplate, typ),
KeystoreVolumePath: fmt.Sprintf(DataPathTemplate, typ),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also not your change, but typ is a typo of type, correct?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

type is a reserved word though, that's probably why it's typ.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typ is acceptable even I'm agree it's disturbing at the first glance. Alternative ideas: kind, beatType, specType, beatSpecType.

Resources: defaultResources,
}
}
Expand Down
21 changes: 13 additions & 8 deletions pkg/controller/common/keystore/initcontainer.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ const (
InitContainerName = "elastic-internal-init-keystore"
)

// InitContainerParameters helps to create a valid keystore init script for Kibana or the APM server.
// InitContainerParameters helps to create a valid keystore init script.
type InitContainerParameters struct {
// Where the user provided secured settings should be mounted
SecureSettingsVolumeMountPath string
// Where the data will be copied
DataVolumePath string
// Where the keystore file is created, it is the responsibility of the controller to create the volume
KeystoreVolumePath string
// Keystore add command
KeystoreAddCommand string
// Keystore create command
Expand All @@ -30,12 +30,19 @@ type InitContainerParameters struct {
Resources corev1.ResourceRequirements
}

// script is a small bash script to create a Kibana or APM keystore,
// script is a small bash script to create a the keystore,
barkbay marked this conversation as resolved.
Show resolved Hide resolved
// then add all entries from the secure settings secret volume into it.
const script = `#!/usr/bin/env bash

set -eux

keystore_initialized_flag={{ .KeystoreVolumePath }}/elastic-internal-init-keystore.ok

if [[ -f "${keystore_initialized_flag}" ]]; then
echo "Keystore already initialized."
exit 0
fi

echo "Initializing keystore."

# create a keystore in the default data path
Expand All @@ -49,6 +56,7 @@ for filename in {{ .SecureSettingsVolumeMountPath }}/*; do
{{ .KeystoreAddCommand }}
done

touch {{ .KeystoreVolumePath }}/elastic-internal-init-keystore.ok
echo "Keystore initialization successful."
`

Expand All @@ -58,7 +66,6 @@ var scriptTemplate = template.Must(template.New("").Parse(script))
// to load secure settings in a Keystore.
func initContainer(
secureSettingsSecret volume.SecretVolume,
volumePrefix string,
parameters InitContainerParameters,
) (corev1.Container, error) {
privileged := false
Expand All @@ -69,7 +76,7 @@ func initContainer(
}

return corev1.Container{
// Image will be inherited from pod template defaults Kibana Docker image
// Image will be inherited from pod template defaults
ImagePullPolicy: corev1.PullIfNotPresent,
Name: InitContainerName,
SecurityContext: &corev1.SecurityContext{
Expand All @@ -79,8 +86,6 @@ func initContainer(
VolumeMounts: []corev1.VolumeMount{
// access secure settings
secureSettingsSecret.VolumeMount(),
// write the keystore in the data volume
DataVolume(volumePrefix, parameters.DataVolumePath).VolumeMount(),
},
Resources: parameters.Resources,
}, nil
Expand Down
8 changes: 1 addition & 7 deletions pkg/controller/common/keystore/resources.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@
package keystore

import (
"strings"

corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
Expand Down Expand Up @@ -67,11 +65,7 @@ func NewResources(
}

// build an init container to create the keystore from the secure settings volume
initContainer, err := initContainer(
*secretVolume,
strings.ToLower(hasKeystore.GetObjectKind().GroupVersionKind().Kind),
initContainerParams,
)
initContainer, err := initContainer(*secretVolume, initContainerParams)
if err != nil {
return nil, err
}
Expand Down
15 changes: 9 additions & 6 deletions pkg/controller/common/keystore/resources_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ var (
KeystoreCreateCommand: "/keystore/bin/keystore create",
KeystoreAddCommand: `/keystore/bin/keystore add "$key" "$filename"`,
SecureSettingsVolumeMountPath: "/foo/secret",
DataVolumePath: "/bar/data",
KeystoreVolumePath: "/bar/data",
Resources: corev1.ResourceRequirements{
Requests: map[corev1.ResourceName]resource.Quantity{
corev1.ResourceMemory: resource.MustParse("128Mi"),
Expand Down Expand Up @@ -101,6 +101,13 @@ func TestResources(t *testing.T) {

set -eux

keystore_initialized_flag=/bar/data/elastic-internal-init-keystore.ok
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't necessarily your change but it seems odd we're not reusing the script constant here


if [[ -f "${keystore_initialized_flag}" ]]; then
echo "Keystore already initialized."
exit 0
fi

echo "Initializing keystore."

# create a keystore in the default data path
Expand All @@ -114,6 +121,7 @@ for filename in /foo/secret/*; do
/keystore/bin/keystore add "$key" "$filename"
done

touch /bar/data/elastic-internal-init-keystore.ok
echo "Keystore initialization successful."
`,
},
Expand All @@ -123,11 +131,6 @@ echo "Keystore initialization successful."
ReadOnly: true,
MountPath: "/mnt/elastic-internal/secure-settings",
},
{
Name: "kibana-data",
ReadOnly: false,
MountPath: "/bar/data",
},
},
SecurityContext: &corev1.SecurityContext{
Privileged: &varFalse,
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/elasticsearch/initcontainer/keystore.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ var KeystoreParams = keystore.InitContainerParameters{
KeystoreCreateCommand: KeystoreBinPath + " create",
KeystoreAddCommand: KeystoreBinPath + ` add-file "$key" "$filename"`,
SecureSettingsVolumeMountPath: keystore.SecureSettingsVolumeMountPath,
DataVolumePath: esvolume.ElasticsearchDataMountPath,
KeystoreVolumePath: esvolume.ConfigVolumeMountPath,
Resources: corev1.ResourceRequirements{
Requests: map[corev1.ResourceName]resource.Quantity{
corev1.ResourceMemory: resource.MustParse("196Mi"),
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/kibana/driver.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ var initContainersParameters = keystore.InitContainerParameters{
KeystoreCreateCommand: "/usr/share/kibana/bin/kibana-keystore create",
KeystoreAddCommand: `/usr/share/kibana/bin/kibana-keystore add "$key" --stdin < "$filename"`,
SecureSettingsVolumeMountPath: keystore.SecureSettingsVolumeMountPath,
DataVolumePath: DataVolumeMountPath,
KeystoreVolumePath: DataVolumeMountPath,
Resources: corev1.ResourceRequirements{
Requests: map[corev1.ResourceName]resource.Quantity{
corev1.ResourceMemory: resource.MustParse("128Mi"),
Expand Down