-
Notifications
You must be signed in to change notification settings - Fork 719
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify supported Elasticsearch distribution during license reconciliation #4920
Verify supported Elasticsearch distribution during license reconciliation #4920
Conversation
a6f654c
to
2fc7825
Compare
currentLicense, err := clusterClient.GetLicense(ctx) | ||
if err != nil { | ||
// 4xx is not supported, except 404 which may happen if the master node is generating a new cluster state | ||
unsupportedElasticsearch := esclient.Is4xx(err) && !esclient.IsNotFound(err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we handle 401/403 separately? In case a user misconfigured auth realms and locks us out? We could have a separate warning saying something like: "Unable to verify Elasticsearch license due to lack of privileges, check your security configuration"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, let's make sure we don't lock the cluster down for these errors.
c66ee57
to
88cdf5e
Compare
88cdf5e
to
ec9237d
Compare
Jenkins test this please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Found a few nits but otherwise LGTM 👍
This commit makes ECK more strict against ES license reconciliation errors to verify that it is managing a supported Elasticsearch distribution.
This produces events:
And logs: