openstack/openstack-helm-infra
Code Issues Proposed changes

Enable TLS path between Prometheus-elasticsearch-exporter and Elasticsearch

Browse Source 
Elasticsearch is TLS enabled.  Prometheus-elasticsearch-exporter
needs to be configured to use cacert when communicating with Elasticsearch.

Change-Id: I4a87226fed541777df78733f3650363859ff01b8
This commit is contained in:
Lo, Chi (cl566n) 2021-08-05 14:39:09 -07:00
parent 8d00380469
commit 830df06628
4 changed files with 7 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
elasticsearch/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.6.2 appVersion: v7.6.2
description: OpenStack-Helm ElasticSearch description: OpenStack-Helm ElasticSearch
name: elasticsearch name: elasticsearch
version: 0.2.9 version: 0.2.10
home: https://www.elastic.co/ home: https://www.elastic.co/
sources: sources:
- https://github.com/elastic/elasticsearch - https://github.com/elastic/elasticsearch

15
elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml
View File

@ -73,18 +73,11 @@ spec:
{{- if .Values.conf.prometheus_elasticsearch_exporter.es.snapshots }} {{- if .Values.conf.prometheus_elasticsearch_exporter.es.snapshots }}
- '--es.snapshots' - '--es.snapshots'
{{- end }} {{- end }}
{{- if .Values.conf.prometheus_elasticsearch_exporter.es.ssl_skip_verify }} {{- if .Values.manifests.certificates }}
- '--es.ca=/tmp/elasticsearch/certs/ca.crt'
{{- else }}
- '--es.ssl-skip-verify' - '--es.ssl-skip-verify'
{{- end }} {{- end }}
{{- if .Values.conf.prometheus_elasticsearch_exporter.es.ca }}
- '--es.ca={{ .Values.conf.prometheus_elasticsearch_exporter.es.ca }}'
{{- end }}
{{- if .Values.conf.prometheus_elasticsearch_exporter.es.client_private_key }}
- '--es.client-private-key={{ .Values.conf.prometheus_elasticsearch_exporter.es.client_private_key }}'
{{- end }}
{{- if .Values.conf.prometheus_elasticsearch_exporter.es.client_cert }}
- '--es.client-cert={{ .Values.conf.prometheus_elasticsearch_exporter.es.client_cert }}'
{{- end }}
env: env:
- name: ELASTICSEARCH_URI - name: ELASTICSEARCH_URI
valueFrom: valueFrom:
@ -102,7 +95,9 @@ spec:
volumeMounts: volumeMounts:
- name: pod-tmp - name: pod-tmp
mountPath: /tmp mountPath: /tmp
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.elasticsearch.elasticsearch.internal "path" "/tmp/elasticsearch/certs" "certs" tuple "ca.crt" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes: volumes:
- name: pod-tmp - name: pod-tmp
emptyDir: {} emptyDir: {}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.elasticsearch.elasticsearch.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }} {{- end }}

4
elasticsearch/values.yaml
View File

@ -743,10 +743,6 @@ conf:
indices_settings: true indices_settings: true
shards: true shards: true
snapshots: true snapshots: true
ssl_skip_verify: true
ca: null
client_private_key: null
client_cert: null
api_objects: {} api_objects: {}
# Fill this map with API objects to create once Elasticsearch is deployed # Fill this map with API objects to create once Elasticsearch is deployed

1
releasenotes/notes/elasticsearch.yaml
View File

@ -19,4 +19,5 @@ elasticsearch:
- 0.2.7 Get connection option from values.yaml - 0.2.7 Get connection option from values.yaml
- 0.2.8 Use full image ref for docker official images - 0.2.8 Use full image ref for docker official images
- 0.2.9 Removed repo verification check from helm-test - 0.2.9 Removed repo verification check from helm-test
- 0.2.10 Enable TLS path between Prometheus-elasticsearch-exporter and Elasticsearch
... ...