-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[elasticsearch] use security by default (#1384)
This commit update Elasticsearch chart to use security by default. - Adds a new Secret template for Elasticsearch password with a randomized password if `secret.password` isn't defined. - Adds instructions to retrieve the password in Elasticsearch chart deployment notes. - Also, remove usage of `ELASTIC_USERNAME` variable because it don't seem to be supported anymore by Elasticsearch The other charts will be updated in follow-up PRs to use the proper credentials Relates to elastic/helm-charts#1375
- Loading branch information
Showing
5 changed files
with
96 additions
and
49 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,8 @@ | ||
1. Watch all cluster members come up. | ||
$ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "elasticsearch.uname" . }} -w | ||
{{- if .Values.tests.enabled -}} | ||
2. Test cluster health using Helm test. | ||
2. Retrieve elastic user's password. | ||
$ kubectl get secrets --namespace={{ .Release.Namespace }} {{ template "elasticsearch.uname" . }}-credentials -ojsonpath='{.data.password}' | base64 -d | ||
{{- if .Values.tests.enabled }} | ||
3. Test cluster health using Helm test. | ||
$ helm --namespace={{ .Release.Namespace }} test {{ .Release.Name }} | ||
{{- end -}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
{{- if .Values.secret.enabled -}} | ||
{{- $passwordValue := (randAlphaNum 16) | b64enc | quote }} | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: {{ template "elasticsearch.uname" . }}-credentials | ||
labels: | ||
heritage: {{ .Release.Service | quote }} | ||
release: {{ .Release.Name | quote }} | ||
chart: "{{ .Chart.Name }}" | ||
app: "{{ template "elasticsearch.uname" . }}" | ||
{{- range $key, $value := .Values.labels }} | ||
{{ $key }}: {{ $value | quote }} | ||
{{- end }} | ||
type: Opaque | ||
data: | ||
username: {{ "elastic" | b64enc }} | ||
{{- if .Values.secret.password }} | ||
password: {{ .Values.secret.password | b64enc }} | ||
{{- else }} | ||
password: {{ $passwordValue }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters