This repository has been archived by the owner on May 28, 2024. It is now read-only.
forked from elastic/helm-charts
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[elasticsearch] use security by default
This commit update Elasticsearch chart to use security by default. - Adds a new Secret templates for Elasticsearch credentials with a randomized password if password value isn't defined. - Adds instructions to retrieve credentials in Elasticsearch chart deployment notes. The other charts will be updated in follow-up PRs to use the proper credentials Relates to elastic#1375
- Loading branch information
Showing
13 changed files
with
156 additions
and
68 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,9 @@ | ||
1. Watch all cluster members come up. | ||
$ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "elasticsearch.uname" . }} -w | ||
{{- if .Values.tests.enabled -}} | ||
2. Test cluster health using Helm test. | ||
2. Retrieve credentials. | ||
$ kubectl get secrets --namespace={{ .Release.Namespace }} {{ template "elasticsearch.uname" . }}-credentials -ojsonpath='{.data.username}' | base64 -d | ||
$ kubectl get secrets --namespace={{ .Release.Namespace }} {{ template "elasticsearch.uname" . }}-credentials -ojsonpath='{.data.password}' | base64 -d | ||
{{- if .Values.tests.enabled }} | ||
3. Test cluster health using Helm test. | ||
$ helm --namespace={{ .Release.Namespace }} test {{ .Release.Name }} | ||
{{- end -}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
{{- if .Values.secret.enabled -}} | ||
{{- $passwordValue := (randAlphaNum 16) | b64enc | quote }} | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: {{ template "elasticsearch.uname" . }}-credentials | ||
labels: | ||
heritage: {{ .Release.Service | quote }} | ||
release: {{ .Release.Name | quote }} | ||
chart: "{{ .Chart.Name }}" | ||
app: "{{ template "elasticsearch.uname" . }}" | ||
{{- range $key, $value := .Values.labels }} | ||
{{ $key }}: {{ $value | quote }} | ||
{{- end }} | ||
type: Opaque | ||
data: | ||
username: {{ .Values.secret.username | b64enc}} | ||
{{- if .Values.secret.password }} | ||
password: {{ .Values.secret.password | b64enc }} | ||
{{- else }} | ||
password: {{ $passwordValue }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.