Enable TLS path between Prometheus-elasticsearch-exporter and Elasticsearch

Elasticsearch is TLS enabled. Prometheus-elasticsearch-exporter needs to be configured to use cacert when communicating with Elasticsearch. Change-Id: I4a87226fed541777df78733f3650363859ff01b8
2021-08-05 14:39:09 -07:00 · 2021-08-05 14:39:09 -07:00 · 830df06628
commit 830df06628
parent 8d00380469
4 changed files with 7 additions and 15 deletions
--- a/elasticsearch/Chart.yaml
+++ b/elasticsearch/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v7.6.2
 description: OpenStack-Helm ElasticSearch
 name: elasticsearch
-version: 0.2.9
+version: 0.2.10
 home: https://www.elastic.co/
 sources:
  - https://github.com/elastic/elasticsearch
--- a/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml
+++ b/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml
@ -73,18 +73,11 @@ spec:
            {{- if .Values.conf.prometheus_elasticsearch_exporter.es.snapshots }}
            - '--es.snapshots'
            {{- end }}
-            {{- if .Values.conf.prometheus_elasticsearch_exporter.es.ssl_skip_verify }}
+            {{- if .Values.manifests.certificates }}
+            - '--es.ca=/tmp/elasticsearch/certs/ca.crt'
+            {{- else }}
            - '--es.ssl-skip-verify'
            {{- end }}
-            {{- if .Values.conf.prometheus_elasticsearch_exporter.es.ca }}
-            - '--es.ca={{ .Values.conf.prometheus_elasticsearch_exporter.es.ca }}'
-            {{- end }}
-            {{- if .Values.conf.prometheus_elasticsearch_exporter.es.client_private_key }}
-            - '--es.client-private-key={{ .Values.conf.prometheus_elasticsearch_exporter.es.client_private_key }}'
-            {{- end }}
-            {{- if .Values.conf.prometheus_elasticsearch_exporter.es.client_cert }}
-            - '--es.client-cert={{ .Values.conf.prometheus_elasticsearch_exporter.es.client_cert }}'
-            {{- end }}
          env:
            - name: ELASTICSEARCH_URI
              valueFrom:
@ -102,7 +95,9 @@ spec:
          volumeMounts:
            - name: pod-tmp
              mountPath: /tmp
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.elasticsearch.elasticsearch.internal "path" "/tmp/elasticsearch/certs" "certs" tuple "ca.crt" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
      volumes:
        - name: pod-tmp
          emptyDir: {}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.elasticsearch.elasticsearch.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
 {{- end }}
--- a/elasticsearch/values.yaml
+++ b/elasticsearch/values.yaml
@ -743,10 +743,6 @@ conf:
      indices_settings: true
      shards: true
      snapshots: true
-      ssl_skip_verify: true
-      ca: null
-      client_private_key: null
-      client_cert: null

  api_objects: {}
    # Fill this map with API objects to create once Elasticsearch is deployed
--- a/releasenotes/notes/elasticsearch.yaml
+++ b/releasenotes/notes/elasticsearch.yaml
@ -19,4 +19,5 @@ elasticsearch:
  - 0.2.7 Get connection option from values.yaml
  - 0.2.8 Use full image ref for docker official images
  - 0.2.9 Removed repo verification check from helm-test
+  - 0.2.10 Enable TLS path between Prometheus-elasticsearch-exporter and Elasticsearch
 ...