From 9876d1a7e07edef3f8fe78db7787bf14d5d5be5d Mon Sep 17 00:00:00 2001 From: Michael Russell Date: Tue, 21 May 2019 10:49:29 +0200 Subject: [PATCH 1/2] 7.1.0 release and promotion to beta status --- CHANGELOG.md | 29 +++++++++++++++++++ README.md | 2 +- elasticsearch/Chart.yaml | 4 +-- elasticsearch/README.md | 12 ++++---- elasticsearch/examples/6.x/test/goss.yaml | 2 +- elasticsearch/examples/6.x/values.yaml | 2 +- elasticsearch/examples/default/test/goss.yaml | 2 +- elasticsearch/examples/oss/test/goss.yaml | 2 +- elasticsearch/examples/upgrade/test/goss.yaml | 2 +- elasticsearch/values.yaml | 2 +- filebeat/Chart.yaml | 4 +-- filebeat/README.md | 12 ++++---- filebeat/examples/6.x/test/goss.yaml | 2 +- filebeat/examples/6.x/values.yaml | 2 +- filebeat/examples/default/test/goss.yaml | 4 +-- filebeat/examples/oss/test/goss.yaml | 2 +- filebeat/examples/security/test/goss.yaml | 2 +- filebeat/values.yaml | 2 +- helpers/bumper.py | 4 +-- kibana/Chart.yaml | 4 +-- kibana/README.md | 12 ++++---- kibana/examples/6.x/test/goss.yaml | 2 +- kibana/examples/6.x/values.yml | 2 +- kibana/examples/default/test/goss.yaml | 2 +- kibana/values.yaml | 2 +- 25 files changed, 73 insertions(+), 44 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5aaa4a98b..27674b795 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,34 @@ ## Unreleased - XXXX/XX/XX +### Metricbeat (WIP) + +* [#128](https://github.com/elastic/helm-charts/pull/128) - @Crazybus - Add ci jobs for metricbeat +* [#127](https://github.com/elastic/helm-charts/pull/127) - @Crazybus - WIP add metricbeat chart + +--- +## 7.1.0 - 2019/05/21 + +* 7.1.0 as the default stack version +* Promotion from alpha to beta status +* Filebeat chart added + +### Elasticsearch + +* [#119](https://github.com/elastic/helm-charts/pull/119) - @kimxogus - Wait for new master election before stopping the pod to prevent master status being temporarily lost during rolling upgrades #63 +* [#109](https://github.com/elastic/helm-charts/pull/109) - @lancespeelmon - Add support for k8s priorityclass + +### Kibana + +* [#109](https://github.com/elastic/helm-charts/pull/109) - @lancespeelmon - Add support for k8s priorityclass +* [#134](https://github.com/elastic/helm-charts/pull/134) - @Crazybus - Explicitly set the targetPort to the defined http port + +### Filebeat + +* [#117](https://github.com/elastic/helm-charts/pull/117) - @tylerjl - Add initial filebeat chart +* [#122](https://github.com/elastic/helm-charts/pull/122) - @Crazybus - Add ci jobs for filebeat +* [#121](https://github.com/elastic/helm-charts/pull/121) - @Crazybus - Add integration tests and other tweaks +* [#129](https://github.com/elastic/helm-charts/pull/129) - @tylerjl - Add usage notes for filebeat + --- ## 7.0.1-alpha1 - 2019/05/01 diff --git a/README.md b/README.md index 4032e0d79..bceddafa8 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+master.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) -This functionality is in alpha status and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but alpha features are not subject to the support SLA of official GA features. +This functionality is in beta status and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but beta features are not subject to the support SLA of official GA features. ## Charts diff --git a/elasticsearch/Chart.yaml b/elasticsearch/Chart.yaml index cde8e2beb..fa959b280 100755 --- a/elasticsearch/Chart.yaml +++ b/elasticsearch/Chart.yaml @@ -4,8 +4,8 @@ maintainers: - email: helm-charts@elastic.co name: Elastic name: elasticsearch -version: 7.0.1-alpha1 -appVersion: 7.0.1 +version: 7.1.0 +appVersion: 7.1.0 sources: - https://github.com/elastic/elasticsearch icon: https://helm.elastic.co/icons/elasticsearch.png diff --git a/elasticsearch/README.md b/elasticsearch/README.md index 7a7afa693..e9d14b490 100644 --- a/elasticsearch/README.md +++ b/elasticsearch/README.md @@ -1,6 +1,6 @@ # Elasticsearch Helm Chart -This functionality is in alpha status and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but alpha features are not subject to the support SLA of official GA features. +This functionality is in beta status and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but beta features are not subject to the support SLA of official GA features. This helm chart is a lightweight way to configure and run our official [Elasticsearch docker image](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html) @@ -33,7 +33,7 @@ If you currently have a cluster deployed with the [helm/charts stable](https://g ``` * Install it ``` - helm install --name elasticsearch elastic/elasticsearch --version 7.0.1-alpha1 + helm install --name elasticsearch elastic/elasticsearch --version 7.1.0 ``` ## Compatibility @@ -42,14 +42,14 @@ This chart is tested with the latest supported versions. The currently tested ve | 5.x | 6.x | 7.x | | ------ | ----- | ----- | -| 5.6.16 | 6.7.2 | 7.0.1 | +| 5.6.16 | 6.8.0 | 7.1.0 | Examples of installing older major versions can be found in the [examples](./examples) directory. -While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.0.1` of Elasticsearch it would look like this: +While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.1.0` of Elasticsearch it would look like this: ``` -helm install --name elasticsearch elastic/elasticsearch --version 7.0.1-alpha1 --set imageTag=7.0.1 +helm install --name elasticsearch elastic/elasticsearch --version 7.1.0 --set imageTag=7.1.0 ``` @@ -71,7 +71,7 @@ helm install --name elasticsearch elastic/elasticsearch --version 7.0.1-alpha1 - | `extraInitContainers` | Additional init containers to be passed to the `tpl` function | | | `secretMounts` | Allows you easily mount a secret as a file inside the statefulset. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `[]` | | `image` | The Elasticsearch docker image | `docker.elastic.co/elasticsearch/elasticsearch` | -| `imageTag` | The Elasticsearch docker image tag | `7.0.1` | +| `imageTag` | The Elasticsearch docker image tag | `7.1.0` | | `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` | | `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Elasticsearch pods | `{}` | | `esJavaOpts` | [Java options](https://www.elastic.co/guide/en/elasticsearch/reference/current/jvm-options.html) for Elasticsearch. This is where you should configure the [jvm heap size](https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html) | `-Xmx1g -Xms1g` | diff --git a/elasticsearch/examples/6.x/test/goss.yaml b/elasticsearch/examples/6.x/test/goss.yaml index 7b8bc7225..f06a0853e 100644 --- a/elasticsearch/examples/6.x/test/goss.yaml +++ b/elasticsearch/examples/6.x/test/goss.yaml @@ -11,7 +11,7 @@ http: status: 200 timeout: 2000 body: - - '"number" : "6.7.2"' + - '"number" : "6.8.0"' - '"cluster_name" : "six"' - '"name" : "six-master-0"' - 'You Know, for Search' diff --git a/elasticsearch/examples/6.x/values.yaml b/elasticsearch/examples/6.x/values.yaml index cab3dee21..67bc5d833 100644 --- a/elasticsearch/examples/6.x/values.yaml +++ b/elasticsearch/examples/6.x/values.yaml @@ -1,5 +1,5 @@ --- clusterName: "six" -imageTag: "6.7.2" +imageTag: "6.8.0" esMajorVersion: 6 diff --git a/elasticsearch/examples/default/test/goss.yaml b/elasticsearch/examples/default/test/goss.yaml index 7c89993af..29e29dd98 100644 --- a/elasticsearch/examples/default/test/goss.yaml +++ b/elasticsearch/examples/default/test/goss.yaml @@ -21,7 +21,7 @@ http: status: 200 timeout: 2000 body: - - '"number" : "7.0.1"' + - '"number" : "7.1.0"' - '"cluster_name" : "elasticsearch"' - '"name" : "elasticsearch-master-0"' - 'You Know, for Search' diff --git a/elasticsearch/examples/oss/test/goss.yaml b/elasticsearch/examples/oss/test/goss.yaml index e87a97a2c..305b16a45 100644 --- a/elasticsearch/examples/oss/test/goss.yaml +++ b/elasticsearch/examples/oss/test/goss.yaml @@ -11,7 +11,7 @@ http: status: 200 timeout: 2000 body: - - '"number" : "7.0.1"' + - '"number" : "7.1.0"' - '"cluster_name" : "oss"' - '"name" : "oss-master-0"' - 'You Know, for Search' diff --git a/elasticsearch/examples/upgrade/test/goss.yaml b/elasticsearch/examples/upgrade/test/goss.yaml index 44e68c8a3..95ad14304 100644 --- a/elasticsearch/examples/upgrade/test/goss.yaml +++ b/elasticsearch/examples/upgrade/test/goss.yaml @@ -11,7 +11,7 @@ http: status: 200 timeout: 2000 body: - - '"number" : "7.0.1"' + - '"number" : "7.1.0"' - '"cluster_name" : "upgrade"' - '"name" : "upgrade-master-0"' - 'You Know, for Search' diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index a3d1da947..af8c6e1ff 100755 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -43,7 +43,7 @@ secretMounts: [] # path: /usr/share/elasticsearch/config/certs image: "docker.elastic.co/elasticsearch/elasticsearch" -imageTag: "7.0.1" +imageTag: "7.1.0" imagePullPolicy: "IfNotPresent" podAnnotations: {} diff --git a/filebeat/Chart.yaml b/filebeat/Chart.yaml index 58b80fe37..7596ab7f8 100755 --- a/filebeat/Chart.yaml +++ b/filebeat/Chart.yaml @@ -4,8 +4,8 @@ maintainers: - email: helm-charts@elastic.co name: Elastic name: filebeat -version: 7.0.1-alpha1 -appVersion: 7.0.1 +version: 7.1.0 +appVersion: 7.1.0 sources: - https://github.com/elastic/beats icon: https://helm.elastic.co/icons/filebeat.png diff --git a/filebeat/README.md b/filebeat/README.md index db2e973f1..ad0ccfce9 100644 --- a/filebeat/README.md +++ b/filebeat/README.md @@ -1,6 +1,6 @@ # Filebeat Helm Chart -This functionality is in alpha status and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but alpha features are not subject to the support SLA of official GA features. +This functionality is in beta status and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but beta features are not subject to the support SLA of official GA features. This helm chart is a lightweight way to configure and run our official [Filebeat docker image](https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html). @@ -21,7 +21,7 @@ This helm chart is a lightweight way to configure and run our official [Filebeat ``` * Install it ``` - helm install --name filebeat elastic/filebeat --version 7.0.1-alpha1 + helm install --name filebeat elastic/filebeat --version 7.1.0 ``` ## Compatibility @@ -30,14 +30,14 @@ This chart is tested with the latest supported versions. The currently tested ve | 5.x | 6.x | 7.x | | ------ | ----- | ----- | -| 5.6.16 | 6.7.2 | 7.0.1 | +| 5.6.16 | 6.8.0 | 7.1.0 | Examples of installing older major versions can be found in the [examples](./examples) directory. -While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.0.1` of Filebeat it would look like this: +While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.1.0` of Filebeat it would look like this: ``` -helm install --name filebeat elastic/filebeat --version 7.0.1-alpha1 --set imageTag=7.0.1 +helm install --name filebeat elastic/filebeat --version 7.1.0 --set imageTag=7.1.0 ``` @@ -50,7 +50,7 @@ helm install --name filebeat elastic/filebeat --version 7.0.1-alpha1 --set image | `extraVolumes` | Any extra volumes to define for the pod | `[]` | | `hostPathRoot` | Fully-qualified [hostPath](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) that will be used to persist Filebeat registry data | `/var/lib` | | `image` | The Filebeat docker image | `docker.elastic.co/beats/filebeat` | -| `imageTag` | The Filebeat docker image tag | `7.0.1` | +| `imageTag` | The Filebeat docker image tag | `7.1.0` | | `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` | | `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` | | `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles. | `true` | diff --git a/filebeat/examples/6.x/test/goss.yaml b/filebeat/examples/6.x/test/goss.yaml index 2bb599461..045673ce1 100644 --- a/filebeat/examples/6.x/test/goss.yaml +++ b/filebeat/examples/6.x/test/goss.yaml @@ -18,4 +18,4 @@ http: status: 200 timeout: 2000 body: - - 'filebeat-6.7.2' + - 'filebeat-6.8.0' diff --git a/filebeat/examples/6.x/values.yaml b/filebeat/examples/6.x/values.yaml index cc8084b1e..6daa49eef 100644 --- a/filebeat/examples/6.x/values.yaml +++ b/filebeat/examples/6.x/values.yaml @@ -1,4 +1,4 @@ -imageTag: 6.7.2 +imageTag: 6.8.0 extraEnvs: - name: ELASTICSEARCH_HOSTS diff --git a/filebeat/examples/default/test/goss.yaml b/filebeat/examples/default/test/goss.yaml index 1db4632b6..dcd9017bb 100644 --- a/filebeat/examples/default/test/goss.yaml +++ b/filebeat/examples/default/test/goss.yaml @@ -29,7 +29,7 @@ http: status: 200 timeout: 2000 body: - - 'filebeat-7.0.1' + - 'filebeat-7.1.0' file: /usr/share/filebeat/filebeat.yml: @@ -44,4 +44,4 @@ command: exit-status: 0 stdout: - 'elasticsearch: http://elasticsearch-master:9200' - - 'version: 7.0.1' + - 'version: 7.1.0' diff --git a/filebeat/examples/oss/test/goss.yaml b/filebeat/examples/oss/test/goss.yaml index ca06f4b57..fc43e5d28 100644 --- a/filebeat/examples/oss/test/goss.yaml +++ b/filebeat/examples/oss/test/goss.yaml @@ -19,4 +19,4 @@ http: status: 200 timeout: 2000 body: - - 'filebeat-7.0.1' + - 'filebeat-7.1.0' diff --git a/filebeat/examples/security/test/goss.yaml b/filebeat/examples/security/test/goss.yaml index 2c7ce2c11..b41c847d4 100644 --- a/filebeat/examples/security/test/goss.yaml +++ b/filebeat/examples/security/test/goss.yaml @@ -3,7 +3,7 @@ http: status: 200 timeout: 2000 body: - - 'filebeat-7.0.1' + - 'filebeat-7.1.0' allow-insecure: true username: '{{ .Env.ELASTICSEARCH_USERNAME }}' password: '{{ .Env.ELASTICSEARCH_PASSWORD }}' diff --git a/filebeat/values.yaml b/filebeat/values.yaml index 0d105179b..a49d13282 100755 --- a/filebeat/values.yaml +++ b/filebeat/values.yaml @@ -34,7 +34,7 @@ extraVolumes: [] hostPathRoot: /var/lib image: "docker.elastic.co/beats/filebeat" -imageTag: "7.0.1" +imageTag: "7.1.0" imagePullPolicy: "IfNotPresent" imagePullSecrets: [] diff --git a/helpers/bumper.py b/helpers/bumper.py index 36d35c748..f79341700 100755 --- a/helpers/bumper.py +++ b/helpers/bumper.py @@ -9,8 +9,8 @@ versions = { 5: '5.6.16', - 6: '6.7.2', - 7: '7.0.1', + 6: '6.8.0', + 7: '7.1.0', } file_patterns = [ diff --git a/kibana/Chart.yaml b/kibana/Chart.yaml index d695c8e94..ace954179 100755 --- a/kibana/Chart.yaml +++ b/kibana/Chart.yaml @@ -4,8 +4,8 @@ maintainers: - email: helm-charts@elastic.co name: Elastic name: kibana -version: 7.0.1-alpha1 -appVersion: 7.0.1 +version: 7.1.0 +appVersion: 7.1.0 sources: - https://github.com/elastic/kibana icon: https://helm.elastic.co/icons/kibana.png diff --git a/kibana/README.md b/kibana/README.md index 39bc676ef..0e14afb1a 100644 --- a/kibana/README.md +++ b/kibana/README.md @@ -1,6 +1,6 @@ # Kibana Helm Chart -This functionality is in alpha status and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but alpha features are not subject to the support SLA of official GA features. +This functionality is in beta status and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but beta features are not subject to the support SLA of official GA features. This helm chart is a lightweight way to configure and run our official [Kibana docker image](https://www.elastic.co/guide/en/kibana/current/docker.html) @@ -17,7 +17,7 @@ This helm chart is a lightweight way to configure and run our official [Kibana d ``` * Install it ``` - helm install --name kibana elastic/kibana --version 7.0.1-alpha1 + helm install --name kibana elastic/kibana --version 7.1.0 ``` ## Compatibility @@ -26,14 +26,14 @@ This chart is tested with the latest supported versions. The currently tested ve | 5.x | 6.x | 7.x | | ------ | ----- | ----- | -| 5.6.16 | 6.7.2 | 7.0.1 | +| 5.6.16 | 6.8.0 | 7.1.0 | Examples of installing older major versions can be found in the [examples](./examples) directory. -While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.0.1` of Kibana it would look like this: +While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.1.0` of Kibana it would look like this: ``` -helm install --name kibana elastic/kibana --version 7.0.1-alpha1 --set imageTag=7.0.1 +helm install --name kibana elastic/kibana --version 7.1.0 --set imageTag=7.1.0 ``` ## Configuration @@ -46,7 +46,7 @@ helm install --name kibana elastic/kibana --version 7.0.1-alpha1 --set imageTag= | `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` | | `secretMounts` | Allows you easily mount a secret as a file inside the deployment. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `[]` | | `image` | The Kibana docker image | `docker.elastic.co/kibana/kibana` | -| `imageTag` | The Kibana docker image tag | `7.0.1` | +| `imageTag` | The Kibana docker image tag | `7.1.0` | | `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` | | `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the statefulset | `requests.cpu: 100m`
`requests.memory: 2Gi`
`limits.cpu: 1000m`
`limits.memory: 2Gi` | | `protocol` | The protocol that will be used for the readinessProbe. Change this to `https` if you have `server.ssl.enabled: true` set | `http` | diff --git a/kibana/examples/6.x/test/goss.yaml b/kibana/examples/6.x/test/goss.yaml index 9d928df66..2cd3ab0ce 100644 --- a/kibana/examples/6.x/test/goss.yaml +++ b/kibana/examples/6.x/test/goss.yaml @@ -3,7 +3,7 @@ http: status: 200 timeout: 2000 body: - - '"number":"6.7.2"' + - '"number":"6.8.0"' http://localhost:5601/app/kibana: status: 200 diff --git a/kibana/examples/6.x/values.yml b/kibana/examples/6.x/values.yml index 8548e9a81..92edf70fa 100644 --- a/kibana/examples/6.x/values.yml +++ b/kibana/examples/6.x/values.yml @@ -1,4 +1,4 @@ --- -imageTag: 6.7.2 +imageTag: 6.8.0 elasticsearchHosts: "http://six-master:9200" diff --git a/kibana/examples/default/test/goss.yaml b/kibana/examples/default/test/goss.yaml index 225826c0a..0e298f24b 100644 --- a/kibana/examples/default/test/goss.yaml +++ b/kibana/examples/default/test/goss.yaml @@ -3,7 +3,7 @@ http: status: 200 timeout: 2000 body: - - '"number":"7.0.1"' + - '"number":"7.1.0"' http://localhost:5601/app/kibana: status: 200 diff --git a/kibana/values.yaml b/kibana/values.yaml index 5f44f1cda..c6f3e9402 100755 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -21,7 +21,7 @@ secretMounts: [] # path: /usr/share/elasticsearch/config/certs image: "docker.elastic.co/kibana/kibana" -imageTag: "7.0.1" +imageTag: "7.1.0" imagePullPolicy: "IfNotPresent" resources: From 08eb9aa0faecc82828baef40e3f8842d4e20afbb Mon Sep 17 00:00:00 2001 From: Michael Russell Date: Tue, 21 May 2019 11:47:06 +0200 Subject: [PATCH 2/2] Use basic license for security example --- elasticsearch/README.md | 10 ++-------- elasticsearch/examples/security/Makefile | 11 ++--------- elasticsearch/examples/security/security.yml | 3 --- elasticsearch/examples/security/test/goss.yaml | 2 +- 4 files changed, 5 insertions(+), 21 deletions(-) diff --git a/elasticsearch/README.md b/elasticsearch/README.md index e9d14b490..f8024616e 100644 --- a/elasticsearch/README.md +++ b/elasticsearch/README.md @@ -128,11 +128,9 @@ make A cluster with X-Pack security enabled * Generate SSL certificates following the [official docs]( https://www.elastic.co/guide/en/elasticsearch/reference/6.7/configuring-tls.html#node-certificates) -* Make sure you have a copy of your [license](https://www.elastic.co/subscriptions) handy. -* Create Kubernetes secrets for authentication credentials, X-Pack license and certificates +* Create Kubernetes secrets for authentication credentials and certificates ``` - kubectl create secret generic elastic-credentials --from-literal=password=changeme --from-literal=username=elastic - kubectl create secret generic elastic-license --from-file=license.json + kubectl create secret generic elastic-credentials --from-literal=password=changeme --from-literal=username=elastic kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 ``` * Deploy! @@ -145,10 +143,6 @@ A cluster with X-Pack security enabled kubectl exec -ti $(kubectl get pods -l release=helm-es-security -o name | awk -F'/' '{ print $NF }' | head -n 1) bash ``` -* Install the X-Pack license - ``` - curl -XPUT 'http://localhost:9200/_xpack/license' -H "Content-Type: application/json" -d @/usr/share/elasticsearch/config/license/license.json - ``` * Test that authentication is now enabled ``` curl 'http://localhost:9200/' # This one will fail diff --git a/elasticsearch/examples/security/Makefile b/elasticsearch/examples/security/Makefile index bd389bb42..881908c07 100644 --- a/elasticsearch/examples/security/Makefile +++ b/elasticsearch/examples/security/Makefile @@ -5,25 +5,18 @@ include ../../../helpers/examples.mk RELEASE := helm-es-security install: - # This starts a command in the background to install the license once the cluster has formed - until kubectl exec -ti security-master-0 -- curl --fail -k -XPUT 'https://security-master-headless:9200/_xpack/license' -H "Content-Type: application/json" -d @/usr/share/elasticsearch/config/license/license.json > /dev/null 2>&1 ; do sleep 5; done & \ helm upgrade --wait --timeout=600 --install --values ./security.yml $(RELEASE) ../../ ; \ purge: helm del --purge $(RELEASE) -license: - kubectl exec -ti security-master-0 -- curl --fail -k -XPUT 'https://security-master-headless:9200/_xpack/license' -H "Content-Type: application/json" -d @/usr/share/elasticsearch/config/license/license.json - test: secrets install goss secrets: - kubectl delete secrets elastic-credentials elastic-license elastic-certificates elastic-certificate-pem || true && \ - vault read -field=value secret/devops-ci/helm-charts/elasticsearch/security/license > license.json && \ + kubectl delete secrets elastic-credentials elastic-certificates elastic-certificate-pem || true && \ vault read -field=value secret/devops-ci/helm-charts/elasticsearch/security/certificates | base64 --decode > elastic-certificates.p12 && \ vault read -field=value secret/devops-ci/helm-charts/elasticsearch/security/certificate-pem | base64 --decode > elastic-certificate.pem && \ kubectl create secret generic elastic-credentials --from-literal=password=changeme --from-literal=username=elastic && \ - kubectl create secret generic elastic-license --from-file=license.json && \ kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 && \ kubectl create secret generic elastic-certificate-pem --from-file=elastic-certificate.pem && \ - rm -f license.json elastic-certificates.p12 elastic-certificate.pem + rm -f elastic-certificates.p12 elastic-certificate.pem diff --git a/elasticsearch/examples/security/security.yml b/elasticsearch/examples/security/security.yml index baf5d3756..04d932caa 100644 --- a/elasticsearch/examples/security/security.yml +++ b/elasticsearch/examples/security/security.yml @@ -36,6 +36,3 @@ secretMounts: - name: elastic-certificates secretName: elastic-certificates path: /usr/share/elasticsearch/config/certs - - name: elastic-license - secretName: elastic-license - path: /usr/share/elasticsearch/config/license diff --git a/elasticsearch/examples/security/test/goss.yaml b/elasticsearch/examples/security/test/goss.yaml index 6a4841af7..a2777635c 100644 --- a/elasticsearch/examples/security/test/goss.yaml +++ b/elasticsearch/examples/security/test/goss.yaml @@ -29,7 +29,7 @@ http: password: '{{ .Env.ELASTIC_PASSWORD }}' body: - 'active' - - 'platinum' + - 'basic' file: /usr/share/elasticsearch/config/elasticsearch.yml: