Enable TLS path between Curator and Elasticsearch

Elasticsearch is TLS enabled.  Curator needs to be configured to use
cacert when communicating with Elasticsearch.

Change-Id: Ia78458516d6c8f975e478d85643dc4436b70b87c
This commit is contained in:
Lo, Chi (cl566n) 2021-08-10 10:00:06 -07:00 committed by Chi Lo
parent 67ac5da9ed
commit 09dfafbd6b
4 changed files with 10 additions and 1 deletions

View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.6.2 appVersion: v7.6.2
description: OpenStack-Helm ElasticSearch description: OpenStack-Helm ElasticSearch
name: elasticsearch name: elasticsearch
version: 0.2.10 version: 0.2.11
home: https://www.elastic.co/ home: https://www.elastic.co/
sources: sources:
- https://github.com/elastic/elasticsearch - https://github.com/elastic/elasticsearch

View File

@ -80,6 +80,7 @@ spec:
mountPath: /etc/config/action_file.yml mountPath: /etc/config/action_file.yml
subPath: action_file.yml subPath: action_file.yml
readOnly: true readOnly: true
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.elasticsearch.elasticsearch.internal "path" "/etc/elasticsearch/certs" "certs" tuple "ca.crt" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
volumes: volumes:
- name: pod-tmp - name: pod-tmp
emptyDir: {} emptyDir: {}
@ -93,4 +94,5 @@ spec:
secret: secret:
secretName: elastic-curator-etc secretName: elastic-curator-etc
defaultMode: 0444 defaultMode: 0444
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.elasticsearch.elasticsearch.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- end }} {{- end }}

View File

@ -144,6 +144,12 @@ conf:
key: /usr/share/elasticsearch/config/tls.key key: /usr/share/elasticsearch/config/tls.key
certificate: /usr/share/elasticsearch/config/tls.crt certificate: /usr/share/elasticsearch/config/tls.crt
certificate_authorities: ["/usr/share/elasticsearch/config/ca.crt"] certificate_authorities: ["/usr/share/elasticsearch/config/ca.crt"]
curator:
config:
client:
use_ssl: True
ssl_no_validate: False
certificate: '/etc/elasticsearch/certs/ca.crt'
manifests: manifests:
certificates: true certificates: true
... ...

View File

@ -20,4 +20,5 @@ elasticsearch:
- 0.2.8 Use full image ref for docker official images - 0.2.8 Use full image ref for docker official images
- 0.2.9 Removed repo verification check from helm-test - 0.2.9 Removed repo verification check from helm-test
- 0.2.10 Enable TLS path between Prometheus-elasticsearch-exporter and Elasticsearch - 0.2.10 Enable TLS path between Prometheus-elasticsearch-exporter and Elasticsearch
- 0.2.11 Enable TLS path between Curator and Elasticsearch
... ...