[kibana] Make service account configurable, create one by default, modify help… #208
Conversation
|
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually? |
…ers.tpl Signed-off-by: Naseem <naseemkullah@gmail.com>
naseemkullah
force-pushed
the
kibana-sa
branch
2 times, most recently
from
2e56ee1 to
9e36c71
Compare
Signed-off-by: Naseem <naseemkullah@gmail.com>
| @@ -54,6 +54,9 @@ helm install --name kibana elastic/kibana --set imageTag=7.3.0 | |||
| | `serverHost` | The [`server.host`](https://www.elastic.co/guide/en/kibana/current/settings.html) Kibana setting. This is set explicitly so that the default always matches what comes with the docker image. | `0.0.0.0` | | |||
| | `healthCheckPath` | The path used for the readinessProbe to check that Kibana is ready. If you are setting `server.basePath` you will also need to update this to `/${basePath}/app/kibana` | `/app/kibana` | | |||
| | `kibanaConfig` | Allows you to add any config files in `/usr/share/kibana/config/` such as `kibana.yml`. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` | | |||
| | `managedServiceAccount.create` | Create service account | `true` | | |||
| | `managedServiceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `` | | |||
| | `serviceAccount` | Allows you to overwrite the "default" [serviceAccount](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) for the pod | `[]` | | |||
There was a problem hiding this comment.
This is a duplicate line since it is already in the readme
Co-Authored-By: Michael Russell <Crazybus@users.noreply.github.com>
naseemkullah
force-pushed
the
kibana-sa
branch
from
081cc1b to
8ca8936
Compare
naseemkullah
force-pushed
the
kibana-sa
branch
from
8ca8936 to
5b319b6
Compare
|
jenkins test this please |
|
Hi @naseemkullah, |
|
Hi @jmlrt just a small note with regards to #265, if I understand correctly the rbac key also creates a service account, according to helm documentation it is better to have these created under separate keys: https://helm.sh/docs/chart_best_practices/#yaml-configuration |
|
Hi @naseemkullah, sorry for the very late answer. Thanks for your link. Also following Helm Best Practices is important, our main priority with these Helm charts are "ensuring that we don't introduce any breaking changes so upgrading from a version of the chart to a newer shouldn't break running Helm releases" (we'll have to add some one day, but we prefer not currently) and "ensuring that we provide consistency between all our charts (Elasticsearch, Kibana, Logstash, Filebeat and Metricbeat) so that a user shouldn't have different ways to do something in one chart or another". As #265 was merged before for Elasticsearch, we prefer not change our way to manage RBAC and PSP unless we find some way to do it which won't break for existing users during |
|
Very well @jmlrt, thanks for the explanation! Closing. |
…ers.tpl
Signed-off-by: Naseem naseemkullah@gmail.com
${CHART}/tests/*.py${CHART}/examples/*/test/goss.yaml