From acae565a3a20e4b7fa5549544f4c30258b2f5d86 Mon Sep 17 00:00:00 2001 From: Kaise Cheng Date: Thu, 13 Jul 2023 17:06:45 +0100 Subject: [PATCH 01/13] add keystore init container --- pkg/controller/logstash/driver.go | 11 ++++- pkg/controller/logstash/keystore.go | 77 +++++++++++++++++++++++++++++ pkg/controller/logstash/pod.go | 7 +++ 3 files changed, 93 insertions(+), 2 deletions(-) create mode 100644 pkg/controller/logstash/keystore.go diff --git a/pkg/controller/logstash/driver.go b/pkg/controller/logstash/driver.go index fa806d3cb8..82d826be24 100644 --- a/pkg/controller/logstash/driver.go +++ b/pkg/controller/logstash/driver.go @@ -6,7 +6,6 @@ package logstash import ( "context" - "hash/fnv" "github.com/go-logr/logr" @@ -14,6 +13,7 @@ import ( "k8s.io/client-go/tools/record" logstashv1alpha1 "github.com/elastic/cloud-on-k8s/v2/pkg/apis/logstash/v1alpha1" + "github.com/elastic/cloud-on-k8s/v2/pkg/controller/common/keystore" "github.com/elastic/cloud-on-k8s/v2/pkg/controller/common/operator" "github.com/elastic/cloud-on-k8s/v2/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/v2/pkg/controller/common/tracing" @@ -35,7 +35,8 @@ type Params struct { Logstash logstashv1alpha1.Logstash Status logstashv1alpha1.LogstashStatus - OperatorParams operator.Parameters + OperatorParams operator.Parameters + KeystoreResources *keystore.Resources } // K8sClient returns the Kubernetes client. @@ -99,6 +100,12 @@ func internalReconcile(params Params) (*reconciler.Results, logstashv1alpha1.Log params.Logstash.Spec.VolumeClaimTemplates = volume.AppendDefaultPVCs(params.Logstash.Spec.VolumeClaimTemplates, params.Logstash.Spec.PodTemplate.Spec) + if keystoreResources, err := reconcileKeystore(params, configHash); err != nil { + return results.WithError(err), params.Status + } else if keystoreResources != nil { + params.KeystoreResources = keystoreResources + } + podTemplate, err := buildPodTemplate(params, configHash) if err != nil { return results.WithError(err), params.Status diff --git a/pkg/controller/logstash/keystore.go b/pkg/controller/logstash/keystore.go new file mode 100644 index 0000000000..ee5f8b982c --- /dev/null +++ b/pkg/controller/logstash/keystore.go @@ -0,0 +1,77 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License 2.0; +// you may not use this file except in compliance with the Elastic License 2.0. + +package logstash + +import ( + "hash" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + + logstashv1alpha1 "github.com/elastic/cloud-on-k8s/v2/pkg/apis/logstash/v1alpha1" + "github.com/elastic/cloud-on-k8s/v2/pkg/controller/common/keystore" + "github.com/elastic/cloud-on-k8s/v2/pkg/controller/logstash/volume" +) + +const ( + KeystorePassKey = "LOGSTASH_KEYSTORE_PASS" // #nosec G101 +) + +var ( + keystoreCommand = "/usr/share/logstash/bin/logstash-keystore" + initContainersParameters = keystore.InitContainerParameters{ + KeystoreCreateCommand: keystoreCommand + " create", + KeystoreAddCommand: keystoreCommand + ` add "$key" --stdin < "$filename"`, + SecureSettingsVolumeMountPath: keystore.SecureSettingsVolumeMountPath, + KeystoreVolumePath: volume.ConfigMountPath, + Resources: corev1.ResourceRequirements{ + Requests: map[corev1.ResourceName]resource.Quantity{ + corev1.ResourceMemory: resource.MustParse("1Gi"), + corev1.ResourceCPU: resource.MustParse("1000m"), + }, + Limits: map[corev1.ResourceName]resource.Quantity{ + corev1.ResourceMemory: resource.MustParse("1Gi"), + corev1.ResourceCPU: resource.MustParse("1000m"), + }, + }, + } + + DefaultKeystorePass = corev1.EnvVar{Name: KeystorePassKey, Value: "changeit"} +) + +func reconcileKeystore(params Params, configHash hash.Hash) (*keystore.Resources, error) { + if keystoreResources, err := keystore.ReconcileResources( + params.Context, + params, + ¶ms.Logstash, + logstashv1alpha1.Namer, + NewLabels(params.Logstash), + initContainersParameters, + ); err != nil { + return nil, err + } else if keystoreResources != nil { + _, _ = configHash.Write([]byte(keystoreResources.Version)) + keystoreResources.InitContainer.Env = append(keystoreResources.InitContainer.Env, getKeystorePass(params.Logstash)) + return keystoreResources, nil + } + + return nil, nil +} + +// getKeystorePass return env LOGSTASH_KEYSTORE_PASS from main container if sets +// otherwise, return default keystore password +func getKeystorePass(logstash logstashv1alpha1.Logstash) corev1.EnvVar { + for _, c := range logstash.Spec.PodTemplate.Spec.Containers { + if c.Name == logstashv1alpha1.LogstashContainerName { + for _, env := range c.Env { + if env.Name == KeystorePassKey { + return env + } + } + } + } + + return DefaultKeystorePass +} diff --git a/pkg/controller/logstash/pod.go b/pkg/controller/logstash/pod.go index e0ce15869d..55feaa8bcd 100644 --- a/pkg/controller/logstash/pod.go +++ b/pkg/controller/logstash/pod.go @@ -81,6 +81,13 @@ func buildPodTemplate(params Params, configHash hash.Hash32) (corev1.PodTemplate ports := getDefaultContainerPorts() + if params.KeystoreResources != nil { + builder = builder. + WithEnv(DefaultKeystorePass). + WithVolumes(params.KeystoreResources.Volume). + WithInitContainers(params.KeystoreResources.InitContainer) + } + builder = builder. WithResources(DefaultResources). WithLabels(labels). From aa5237dec65940711001bb1f186b25110b50030a Mon Sep 17 00:00:00 2001 From: Kaise Cheng Date: Fri, 14 Jul 2023 15:46:24 +0100 Subject: [PATCH 02/13] add keystore e2e --- test/e2e/logstash/keystore_test.go | 176 +++++++++++++++++++++++++++++ test/e2e/test/logstash/builder.go | 10 ++ 2 files changed, 186 insertions(+) create mode 100644 test/e2e/logstash/keystore_test.go diff --git a/test/e2e/logstash/keystore_test.go b/test/e2e/logstash/keystore_test.go new file mode 100644 index 0000000000..5cf0240490 --- /dev/null +++ b/test/e2e/logstash/keystore_test.go @@ -0,0 +1,176 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License 2.0; +// you may not use this file except in compliance with the Elastic License 2.0. + +//go:build logstash || e2e + +package logstash + +import ( + "testing" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + commonv1 "github.com/elastic/cloud-on-k8s/v2/pkg/apis/common/v1" + lsctrl "github.com/elastic/cloud-on-k8s/v2/pkg/controller/logstash" + "github.com/elastic/cloud-on-k8s/v2/test/e2e/test" + "github.com/elastic/cloud-on-k8s/v2/test/e2e/test/logstash" +) + +var ( + pipelineConfig = commonv1.Config{ + Data: map[string]interface{}{ + "pipeline.id": "main", + "config.string": ` +input { generator { count => 1 } } +filter { + if ("${HELLO:}" != "") { + mutate { add_tag => ["ok"] } + } +} +`, + }, + } + + request = logstash.Request{ + Name: "pipeline [main]", + Path: "/_node/stats/pipelines/main", + } + + want = logstash.Want{ + Match: map[string]string{ + "pipelines.main.plugins.filters.0.events.out": "1", + }, + } +) + +// TestKeystoreLogstash Logstash should resolve ${VAR} in pipelines.yml using keystore key value +func TestKeystoreLogstash(t *testing.T) { + secretName := "ls-keystore-secure-settings" + + secureSecret := corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secretName, + Namespace: test.Ctx().ManagedNamespace(0), + }, + StringData: map[string]string{ + "HELLO": "HALLO", + }, + } + + before := test.StepsFunc(func(k *test.K8sClient) test.StepList { + return test.StepList{}.WithStep(test.Step{ + Name: "Create secret for keystore", + Test: test.Eventually(func() error { + return k.CreateOrUpdateSecrets(secureSecret) + }), + }) + }) + + b := logstash.NewBuilder("test-keystore-with-default-pw"). + WithNodeCount(1). + WithSecureSettings(commonv1.SecretSource{SecretName: secretName}). + WithPipelines([]commonv1.Config{pipelineConfig}) + + steps := test.StepsFunc(func(k *test.K8sClient) test.StepList { + return test.StepList{ + b.CheckMetricsRequest(k, request, want), + test.Step{ + Name: "Delete secure secret", + Test: test.Eventually(func() error { + return k.DeleteSecrets(secureSecret) + }), + }, + } + }) + + test.Sequence(before, steps, b).RunSequential(t) +} + +// TestKeystoreWithPasswordLogstash Logstash with customized keystore password +// should resolve ${VAR} in pipelines.yml using keystore key value +func TestKeystoreWithPasswordLogstash(t *testing.T) { + secureSettingSecretName := "ls-keystore-pw-secure-settings" + + secureSecret := corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secureSettingSecretName, + Namespace: test.Ctx().ManagedNamespace(0), + }, + StringData: map[string]string{ + "HELLO": "HALLO", + }, + } + + passwordSecretName := "ls-keystore-pw" + + passwordSecret := corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: passwordSecretName, + Namespace: test.Ctx().ManagedNamespace(0), + }, + StringData: map[string]string{ + lsctrl.KeystorePassKey: "changed", + }, + } + + before := test.StepsFunc(func(k *test.K8sClient) test.StepList { + return test.StepList{}.WithStep(test.Step{ + Name: "Create secret for keystore", + Test: test.Eventually(func() error { + return k.CreateOrUpdateSecrets(secureSecret) + }), + }).WithStep(test.Step{ + Name: "Create secret for keystore password", + Test: test.Eventually(func() error { + return k.CreateOrUpdateSecrets(passwordSecret) + }), + }) + }) + + b := logstash.NewBuilder("test-keystore-with-default-pw"). + WithNodeCount(1). + WithPipelines([]commonv1.Config{pipelineConfig}). + WithSecureSettings(commonv1.SecretSource{SecretName: secureSettingSecretName}). + WithPodTemplate(corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "logstash", + Env: []corev1.EnvVar{ + { + Name: lsctrl.KeystorePassKey, + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{Name: passwordSecretName}, + Key: lsctrl.KeystorePassKey, + }, + }, + }, + }, + }, + }, + }, + }) + + steps := test.StepsFunc(func(k *test.K8sClient) test.StepList { + return test.StepList{ + b.CheckMetricsRequest(k, request, want), + test.Step{ + Name: "Delete secure secret", + Test: test.Eventually(func() error { + return k.DeleteSecrets(secureSecret) + }), + }, + test.Step{ + Name: "Delete keystore pw secret", + Test: test.Eventually(func() error { + return k.DeleteSecrets(passwordSecret) + }), + }, + } + }) + + test.Sequence(before, steps, b).RunSequential(t) +} diff --git a/test/e2e/test/logstash/builder.go b/test/e2e/test/logstash/builder.go index 5ef0b2b93d..1d8ec1ee83 100644 --- a/test/e2e/test/logstash/builder.go +++ b/test/e2e/test/logstash/builder.go @@ -190,6 +190,16 @@ func (b Builder) WithConfig(config map[string]interface{}) Builder { return b } +func (b Builder) WithSecureSettings(secretSource ...commonv1.SecretSource) Builder { + b.Logstash.Spec.SecureSettings = append(b.Logstash.Spec.SecureSettings, secretSource...) + return b +} + +func (b Builder) WithPodTemplate(podTemplate corev1.PodTemplateSpec) Builder { + b.Logstash.Spec.PodTemplate = podTemplate + return b +} + func (b Builder) Name() string { return b.Logstash.Name } From 94a6d22e108a763dd9cf1bfb841e324842062df6 Mon Sep 17 00:00:00 2001 From: Kaise Cheng Date: Fri, 14 Jul 2023 17:55:37 +0100 Subject: [PATCH 03/13] add comment --- pkg/controller/logstash/keystore.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/controller/logstash/keystore.go b/pkg/controller/logstash/keystore.go index ee5f8b982c..3af88e3f14 100644 --- a/pkg/controller/logstash/keystore.go +++ b/pkg/controller/logstash/keystore.go @@ -53,6 +53,7 @@ func reconcileKeystore(params Params, configHash hash.Hash) (*keystore.Resources return nil, err } else if keystoreResources != nil { _, _ = configHash.Write([]byte(keystoreResources.Version)) + // Logstash requires keystore password in environment variable keystoreResources.InitContainer.Env = append(keystoreResources.InitContainer.Env, getKeystorePass(params.Logstash)) return keystoreResources, nil } From 32b52c6c7538e1c0cb358577fcfe87bb177a0f3d Mon Sep 17 00:00:00 2001 From: Kaise Cheng Date: Fri, 14 Jul 2023 18:14:34 +0100 Subject: [PATCH 04/13] add comment --- pkg/controller/logstash/keystore.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controller/logstash/keystore.go b/pkg/controller/logstash/keystore.go index 3af88e3f14..6caabaaff9 100644 --- a/pkg/controller/logstash/keystore.go +++ b/pkg/controller/logstash/keystore.go @@ -53,7 +53,7 @@ func reconcileKeystore(params Params, configHash hash.Hash) (*keystore.Resources return nil, err } else if keystoreResources != nil { _, _ = configHash.Write([]byte(keystoreResources.Version)) - // Logstash requires keystore password in environment variable + // Logstash requires keystore password in environment variable to bypass the prompt keystoreResources.InitContainer.Env = append(keystoreResources.InitContainer.Env, getKeystorePass(params.Logstash)) return keystoreResources, nil } From e2112ac24306408f2c9a98ee6f0670cbaeea7abf Mon Sep 17 00:00:00 2001 From: Kaise Cheng Date: Wed, 19 Jul 2023 15:48:03 +0100 Subject: [PATCH 05/13] add doc --- .../logstash.asciidoc | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc index dcf9ee1fd6..67ad6f7709 100644 --- a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc @@ -646,6 +646,62 @@ spec: ---- <1> This will change the maximum and minimum heap size of the JVM on each pod to 2GB +[id="{p}-logstash-keystore"] +=== Setting keystore + +You can specify sensitive settings with Kubernetes secrets. ECK automatically injects these settings into the keystore on each Logstash before it starts Logstash. The ingestion process could extend the startup time of Logstash pod significantly. +The ECK operator continues to watch the secrets for changes and will restart Logstash pods when it detects a change. + +Logstash keystore requires a password in an environment variable called `LOGSTASH_KEYSTORE_PASS`. + +[source,yaml,subs="attributes,+macros,callouts"] +---- +apiVersion: v1 +kind: Secret +metadata: + name: logstash-keystore-pass +stringData: + LOGSTASH_KEYSTORE_PASS: changed <1> +--- +apiVersion: v1 +kind: Secret +metadata: + name: logstash-secure-settings +stringData: + HELLO: Hallo +--- +apiVersion: logstash.k8s.elastic.co/v1alpha1 +kind: Logstash +metadata: + name: logstash-sample +spec: + version: 8.8.0 + count: 1 + pipelines: + - pipeline.id: main + config.string: |- + input { exec { command => 'uptime' interval => 10 } } + filter { + if ("${HELLO:}" != "") { <2> + mutate { add_tag => ["awesome"] } + } + } + secureSettings: + - secretName: logstash-secure-settings + podTemplate: + spec: + containers: + - name: logstash + env: + - name: LOGSTASH_KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: logstash-keystore-pass + key: LOGSTASH_KEYSTORE_PASS +---- +<1> If no password is specified, ECK gives a default value "changeit" to `LOGSTASH_KEYSTORE_PASS` +<2> The syntax for referencing keys is identical to the syntax for environment variables + [id="{p}-logstash-scaling-logstash"] == Scaling Logstash From f76f5fbe43f23461b7e67aff5b0e6beb91826bd8 Mon Sep 17 00:00:00 2001 From: Kaise Cheng Date: Wed, 19 Jul 2023 18:49:09 +0100 Subject: [PATCH 06/13] update doc --- .../logstash.asciidoc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc index 67ad6f7709..1957f30dc0 100644 --- a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc @@ -649,10 +649,12 @@ spec: [id="{p}-logstash-keystore"] === Setting keystore -You can specify sensitive settings with Kubernetes secrets. ECK automatically injects these settings into the keystore on each Logstash before it starts Logstash. The ingestion process could extend the startup time of Logstash pod significantly. +You can specify sensitive settings with Kubernetes secrets. ECK automatically injects these settings into the keystore on each Logstash before it starts Logstash. The ECK operator continues to watch the secrets for changes and will restart Logstash pods when it detects a change. -Logstash keystore requires a password in an environment variable called `LOGSTASH_KEYSTORE_PASS`. +NOTE: For the technical preview, the use of settings in the Logstash keystore may impact startup time for Logstash Pods. Startup time will increase linearly for each entry added to the keystore, and this could extend startup time significantly. + +You can set keystore password by passing an environment variable called `LOGSTASH_KEYSTORE_PASS`. [source,yaml,subs="attributes,+macros,callouts"] ---- @@ -699,7 +701,7 @@ spec: name: logstash-keystore-pass key: LOGSTASH_KEYSTORE_PASS ---- -<1> If no password is specified, ECK gives a default value "changeit" to `LOGSTASH_KEYSTORE_PASS` +<1> The keystore password you set. <2> The syntax for referencing keys is identical to the syntax for environment variables [id="{p}-logstash-scaling-logstash"] From 8c78ee0c5773d18e829af0b696d54176c1c69555 Mon Sep 17 00:00:00 2001 From: Kaise Cheng Date: Wed, 19 Jul 2023 21:35:22 +0100 Subject: [PATCH 07/13] remove the default password of keystore --- pkg/controller/logstash/keystore.go | 18 +++++++++--------- pkg/controller/logstash/pod.go | 1 - test/e2e/logstash/keystore_test.go | 8 ++++---- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/pkg/controller/logstash/keystore.go b/pkg/controller/logstash/keystore.go index 6caabaaff9..65e861de14 100644 --- a/pkg/controller/logstash/keystore.go +++ b/pkg/controller/logstash/keystore.go @@ -20,7 +20,7 @@ const ( ) var ( - keystoreCommand = "/usr/share/logstash/bin/logstash-keystore" + keystoreCommand = "echo 'y' | /usr/share/logstash/bin/logstash-keystore" initContainersParameters = keystore.InitContainerParameters{ KeystoreCreateCommand: keystoreCommand + " create", KeystoreAddCommand: keystoreCommand + ` add "$key" --stdin < "$filename"`, @@ -37,8 +37,6 @@ var ( }, }, } - - DefaultKeystorePass = corev1.EnvVar{Name: KeystorePassKey, Value: "changeit"} ) func reconcileKeystore(params Params, configHash hash.Hash) (*keystore.Resources, error) { @@ -53,8 +51,11 @@ func reconcileKeystore(params Params, configHash hash.Hash) (*keystore.Resources return nil, err } else if keystoreResources != nil { _, _ = configHash.Write([]byte(keystoreResources.Version)) - // Logstash requires keystore password in environment variable to bypass the prompt - keystoreResources.InitContainer.Env = append(keystoreResources.InitContainer.Env, getKeystorePass(params.Logstash)) + // set keystore password in init container + if env := getKeystorePass(params.Logstash); env != nil { + keystoreResources.InitContainer.Env = append(keystoreResources.InitContainer.Env, *env) + } + return keystoreResources, nil } @@ -62,17 +63,16 @@ func reconcileKeystore(params Params, configHash hash.Hash) (*keystore.Resources } // getKeystorePass return env LOGSTASH_KEYSTORE_PASS from main container if sets -// otherwise, return default keystore password -func getKeystorePass(logstash logstashv1alpha1.Logstash) corev1.EnvVar { +func getKeystorePass(logstash logstashv1alpha1.Logstash) *corev1.EnvVar { for _, c := range logstash.Spec.PodTemplate.Spec.Containers { if c.Name == logstashv1alpha1.LogstashContainerName { for _, env := range c.Env { if env.Name == KeystorePassKey { - return env + return &env } } } } - return DefaultKeystorePass + return nil } diff --git a/pkg/controller/logstash/pod.go b/pkg/controller/logstash/pod.go index 55feaa8bcd..e7a716a448 100644 --- a/pkg/controller/logstash/pod.go +++ b/pkg/controller/logstash/pod.go @@ -83,7 +83,6 @@ func buildPodTemplate(params Params, configHash hash.Hash32) (corev1.PodTemplate if params.KeystoreResources != nil { builder = builder. - WithEnv(DefaultKeystorePass). WithVolumes(params.KeystoreResources.Volume). WithInitContainers(params.KeystoreResources.InitContainer) } diff --git a/test/e2e/logstash/keystore_test.go b/test/e2e/logstash/keystore_test.go index 5cf0240490..34384f694a 100644 --- a/test/e2e/logstash/keystore_test.go +++ b/test/e2e/logstash/keystore_test.go @@ -45,8 +45,8 @@ filter { } ) -// TestKeystoreLogstash Logstash should resolve ${VAR} in pipelines.yml using keystore key value -func TestKeystoreLogstash(t *testing.T) { +// TestLogstashKeystoreWithoutPassword Logstash should resolve ${VAR} in pipelines.yml using keystore key value +func TestLogstashKeystoreWithoutPassword(t *testing.T) { secretName := "ls-keystore-secure-settings" secureSecret := corev1.Secret{ @@ -88,9 +88,9 @@ func TestKeystoreLogstash(t *testing.T) { test.Sequence(before, steps, b).RunSequential(t) } -// TestKeystoreWithPasswordLogstash Logstash with customized keystore password +// TestLogstashKeystoreWithPassword Logstash with customized keystore password // should resolve ${VAR} in pipelines.yml using keystore key value -func TestKeystoreWithPasswordLogstash(t *testing.T) { +func TestLogstashKeystoreWithPassword(t *testing.T) { secureSettingSecretName := "ls-keystore-pw-secure-settings" secureSecret := corev1.Secret{ From 0dafa0ab28a7e289eb9c65dee789e99cb79f24ee Mon Sep 17 00:00:00 2001 From: kaisecheng <69120390+kaisecheng@users.noreply.github.com> Date: Wed, 19 Jul 2023 22:38:27 +0100 Subject: [PATCH 08/13] Update docs/orchestrating-elastic-stack-applications/logstash.asciidoc Co-authored-by: Rob Bavey --- docs/orchestrating-elastic-stack-applications/logstash.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc index 1957f30dc0..69acaa42a7 100644 --- a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc @@ -701,7 +701,7 @@ spec: name: logstash-keystore-pass key: LOGSTASH_KEYSTORE_PASS ---- -<1> The keystore password you set. +<1> Value of password to protect the Logstash keystore <2> The syntax for referencing keys is identical to the syntax for environment variables [id="{p}-logstash-scaling-logstash"] From f90278fb494c84b01650a158419221ae621d817f Mon Sep 17 00:00:00 2001 From: kaisecheng <69120390+kaisecheng@users.noreply.github.com> Date: Wed, 19 Jul 2023 22:38:41 +0100 Subject: [PATCH 09/13] Update docs/orchestrating-elastic-stack-applications/logstash.asciidoc Co-authored-by: Rob Bavey --- docs/orchestrating-elastic-stack-applications/logstash.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc index 69acaa42a7..c031a4048f 100644 --- a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc @@ -654,7 +654,7 @@ The ECK operator continues to watch the secrets for changes and will restart Log NOTE: For the technical preview, the use of settings in the Logstash keystore may impact startup time for Logstash Pods. Startup time will increase linearly for each entry added to the keystore, and this could extend startup time significantly. -You can set keystore password by passing an environment variable called `LOGSTASH_KEYSTORE_PASS`. +The Logstash Keystore can be password protected by setting an environment variable called `LOGSTASH_KEYSTORE_PASS`. See the https://www.elastic.co/guide/en/logstash/current/keystore.html#keystore-password[Logstash Keystore] documentation for details. [source,yaml,subs="attributes,+macros,callouts"] ---- From a66cc8af950572a24b4e69b9fb837553ae623cdd Mon Sep 17 00:00:00 2001 From: kaisecheng <69120390+kaisecheng@users.noreply.github.com> Date: Wed, 19 Jul 2023 22:38:46 +0100 Subject: [PATCH 10/13] Update pkg/controller/logstash/keystore.go Co-authored-by: Rob Bavey --- pkg/controller/logstash/keystore.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controller/logstash/keystore.go b/pkg/controller/logstash/keystore.go index 65e861de14..aaf7fe761e 100644 --- a/pkg/controller/logstash/keystore.go +++ b/pkg/controller/logstash/keystore.go @@ -62,7 +62,7 @@ func reconcileKeystore(params Params, configHash hash.Hash) (*keystore.Resources return nil, nil } -// getKeystorePass return env LOGSTASH_KEYSTORE_PASS from main container if sets +// getKeystorePass return env LOGSTASH_KEYSTORE_PASS from main container if set func getKeystorePass(logstash logstashv1alpha1.Logstash) *corev1.EnvVar { for _, c := range logstash.Spec.PodTemplate.Spec.Containers { if c.Name == logstashv1alpha1.LogstashContainerName { From cb30d3a7b996369b5c9923c72a3ba3129ce80331 Mon Sep 17 00:00:00 2001 From: Kaise Cheng Date: Thu, 20 Jul 2023 11:46:23 +0100 Subject: [PATCH 11/13] update doc --- .../logstash.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc index c031a4048f..8f05db21c5 100644 --- a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc @@ -378,7 +378,7 @@ The Logstash ECK operator creates a user called `eck_logstash_user_role` when an } ``` -You can <<{p}-users-and-roles,update user permissions>> to include more indices if the Elasticsearch plugin is expected to use indices other than the default. See the <<{p}-logstash-configuration-custom-index, Logstash configuration with a custom index>> sample configuration that creates a user that writes to a custom index. +You can <<{p}-users-and-roles,update user permissions>> to include more indices if the Elasticsearch plugin is expected to use indices other than the default. Check out <<{p}-logstash-configuration-custom-index, Logstash configuration with a custom index>> sample configuration that creates a user that writes to a custom index. -- This example demonstrates how to create a Logstash deployment that connects to @@ -654,7 +654,7 @@ The ECK operator continues to watch the secrets for changes and will restart Log NOTE: For the technical preview, the use of settings in the Logstash keystore may impact startup time for Logstash Pods. Startup time will increase linearly for each entry added to the keystore, and this could extend startup time significantly. -The Logstash Keystore can be password protected by setting an environment variable called `LOGSTASH_KEYSTORE_PASS`. See the https://www.elastic.co/guide/en/logstash/current/keystore.html#keystore-password[Logstash Keystore] documentation for details. +The Logstash Keystore can be password protected by setting an environment variable called `LOGSTASH_KEYSTORE_PASS`. Check out https://www.elastic.co/guide/en/logstash/current/keystore.html#keystore-password[Logstash Keystore] documentation for details. [source,yaml,subs="attributes,+macros,callouts"] ---- From f67720b12c99798cf35b2ec961f380c589223e82 Mon Sep 17 00:00:00 2001 From: kaisecheng <69120390+kaisecheng@users.noreply.github.com> Date: Thu, 3 Aug 2023 20:01:00 +0100 Subject: [PATCH 12/13] Update docs/orchestrating-elastic-stack-applications/logstash.asciidoc Co-authored-by: Peter Brachwitz --- docs/orchestrating-elastic-stack-applications/logstash.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc index 8f05db21c5..e40f1704f5 100644 --- a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc @@ -649,7 +649,7 @@ spec: [id="{p}-logstash-keystore"] === Setting keystore -You can specify sensitive settings with Kubernetes secrets. ECK automatically injects these settings into the keystore on each Logstash before it starts Logstash. +You can specify sensitive settings with Kubernetes secrets. ECK automatically injects these settings into the keystore before it starts Logstash. The ECK operator continues to watch the secrets for changes and will restart Logstash pods when it detects a change. NOTE: For the technical preview, the use of settings in the Logstash keystore may impact startup time for Logstash Pods. Startup time will increase linearly for each entry added to the keystore, and this could extend startup time significantly. From ac64cfdad045cf8de36792a2fbc11d581defe09d Mon Sep 17 00:00:00 2001 From: kaisecheng <69120390+kaisecheng@users.noreply.github.com> Date: Thu, 3 Aug 2023 20:13:26 +0100 Subject: [PATCH 13/13] Update docs/orchestrating-elastic-stack-applications/logstash.asciidoc Co-authored-by: Peter Brachwitz --- docs/orchestrating-elastic-stack-applications/logstash.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc index e40f1704f5..a95f45469f 100644 --- a/docs/orchestrating-elastic-stack-applications/logstash.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/logstash.asciidoc @@ -650,7 +650,7 @@ spec: === Setting keystore You can specify sensitive settings with Kubernetes secrets. ECK automatically injects these settings into the keystore before it starts Logstash. -The ECK operator continues to watch the secrets for changes and will restart Logstash pods when it detects a change. +The ECK operator continues to watch the secrets for changes and will restart Logstash Pods when it detects a change. NOTE: For the technical preview, the use of settings in the Logstash keystore may impact startup time for Logstash Pods. Startup time will increase linearly for each entry added to the keystore, and this could extend startup time significantly.