Merge master - with conflicts fixed #1266
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add a config section to the APM server configuration * APM: Add support for keystore * Factorize ElasticsearchAuthSettings
* Update dev setup doc + fix GKE bootstrap script * Update wording of container registry authentication
* Update gke-cluster.sh * Implement cleanup for unused disks in GCP * Update Makefile * Update CI jobs to do proper cleanup
This aims at counteracting the difference between JSON centric serialization and the use of YAML as the serialization format in canonical config. If not normalizing numeric values like 1 will differ when comparing configs as JSON deserializes integer numbers to float64 and YAML to uint64.
* Update Jenkinsfile * Simplify notOnlyDocs() * Update Jenkinsfile
* Update makefile's to support snapshots * Add snapshot releases to Jenkins pipelines * Cleanup * Rename RELEASE to USE_ELASTIC_DOCKER_REGISTRY * Update Jenkinsfile
EKS users must explicitly enable communication from the k8s control plane and nodes port 443 in order for the control plane to reach the validating webhook. Should help with elastic#896.
* Add implementation * Update makefile's * Update Makefile * Rename Jenkisnfile * Fix review comments * Update e2e-custom.yml * Update e2e-custom.yml * Return deploy-all-in-one to normal
The operator only works with the official ES distributions to enable the security available with the basic (free), gold and platinum licenses in order to ensure that all clusters launched are secured by default. A check is done in the prepare-fs script by looking at the existence of the Elastic License. If not present, the script exit with a custom exit code. Then the ES reconcilation loop sends an event of type warning if it detects that a prepare-fs init container terminated with this exit code.
…c#1210) Add documentation for the `updateStrategy` section of the Elasticsearch spec. It documents how (and why) `changeBudget` and `groups` are used by ECK, and how both settings can be specified by the user.
The compression level is no longer set to 5 by default because the default settings for APM Server have been removed (845f8ac). Instead we check that the compression level is undefined and that the Elasticsearch host is defined in the APM configuration.
* Add initial description for setting virtual memory * Update elasticsearch-spec.asciidoc
We decided to: 1. Remove the process-manager (major concerns: additional complexity and non-standard way of doing k8s things) 2. Rely on StatefulSets in the long-term, to benefit from the StatefulSet way of handling rolling upgrades. As a result, this full-cluster-restart through annotations feature is deprecated. Let's remove it. RIP :)
…stic#1212) * Add tool to check for images * Update Makefile and Jenkins pipeline * Add license headers * Remove tool * Update Makefile
Issuer CN for http: http-randomString -> clusterName-http Issuer CN for transport: transport-randomString -> clusterName-transport Cert CN: clusterName.default.es.local -> clusterName-es-http.default.es.local Subject alt names: none -> clusterName-es-http clusterName.default.es.local -> clusterName-es-http.default.es.local elasticsearch-sample.default.es.local -> elasticsearch-sample-es-http.default.es.local elasticsearch-sample-es-http.default.svc (same) elasticsearch-sample-es-http.default (same)
* Add linter config and fix simple lint warnings [WIP] Automatic fixes Simple changes * Fix test failure * Ignore stutters and remove dead code * Fix return type order * Fix logic bugs * Fix mixed access levels and letter case issues * Add lint to CI task list * CR: make error message clearer * Add golangci-lint to the CI Docker image * CR: Spacing above error handler block and return * Rebase and fix warnings from new commits to master * Rebase and fix merge conflict
E2e test to cover SAN usage and cert verification in 5 steps: - Create an ES cluster with a load balancer HTTP service - Retrieve the ES CA certificate - Eventually retrieve the ES load balancer public IP - Check that ES is not reachable with cert verification (error contains x509: cannot validate certificate) - Add the load balancer IP to the SAN and update the ES definition - Check that ES is reachable with cert verification (and returns 401)
* Make keystore package reusable for Elastisearch * Remove the keystore updater run by the process manager * Update e2e tests * Use common keystore package for Elasticsearch * Rename the keystore init container * Reuse dynamic pod env vars in init container defaults
* Respect TLSOptions for apm server * add e2e test for non-TLS mode
* Remove the process manager * Update ADR status to rejected * Remove operator image var and flag
With many conflicts fixed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.