Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite snapshot documentation and add CSP specific setups #5969

Merged
merged 7 commits into from
Sep 22, 2022
Merged

Rewrite snapshot documentation and add CSP specific setups #5969

merged 7 commits into from
Sep 22, 2022

Conversation

pebrc
Copy link
Collaborator

@pebrc pebrc commented Aug 23, 2022
edited
Loading

This refactors the existing snapshot documentation a bit removing obsolete sections (e.g. the cron job bit)
Adding new sections illustrating how to configure snapshot repositories on GCP and AWS using the CSP-specific IAM/service account integration on offer.
Adding a section about S3-compatible object stores and how to establish trust via a custom JVM trust store.

Fixes #5230
Fixes #5652

@pebrc pebrc changed the title Rewrite snapshot documentation and and CSP specific setups Rewrite snapshot documentation and add CSP specific setups Aug 23, 2022
@pebrc pebrc added the >docs Documentation label Aug 23, 2022
@pebrc pebrc requested a review from alaudazzi August 23, 2022 13:44
@barkbay barkbay self-assigned this Sep 7, 2022
naemono
naemono reviewed Sep 7, 2022
View reviewed changes
docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Outdated Show resolved Hide resolved
docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Outdated Show resolved Hide resolved
docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Outdated Show resolved Hide resolved
docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc

== Periodic snapshots with a CronJob
The AWS IAM roles for service accounts feature allows you to give Elasticsearch restricted access to a S3 bucket without having to expose and store AWS credentials directly in Elasticsearch. This requires you to run the ECK operator on Amazon's EKS offering and an https://www.elastic.co/guide/en/elasticsearch/reference/8.1/repository-s3.html#iam-kubernetes-service-accounts[Elasticsearch cluster running at least version 8.1].
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this feature really allowing ES to impersonate an AWS IAM role, and therefore restrict access to an S3 Bucket?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically yes, but I wanted to highlight the use case for it from the Elastic Stack side

docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Outdated Show resolved Hide resolved
docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Outdated Show resolved Hide resolved
barkbay
barkbay reviewed Sep 7, 2022
View reviewed changes
Copy link
Contributor

@barkbay barkbay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IRSA failed with a Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; when I try to create the snapshot repository, might be a PEBCAK error 🤷

docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Outdated Show resolved Hide resolved
docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Show resolved Hide resolved
docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Outdated Show resolved Hide resolved
@barkbay barkbay removed their assignment Sep 7, 2022
alaudazzi
alaudazzi approved these changes Sep 13, 2022
View reviewed changes
Copy link
Contributor

@alaudazzi alaudazzi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a few minor editing suggestions, otherwise LGTM.

docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Outdated Show resolved Hide resolved
docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Outdated Show resolved Hide resolved
docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Outdated Show resolved Hide resolved
docs/orchestrating-elastic-stack-applications/elasticsearch/snapshots.asciidoc Outdated Show resolved Hide resolved
@thbkrkr thbkrkr added the v2.5.0 label Sep 13, 2022
pebrc and others added 3 commits September 19, 2022 10:55
@pebrc @alaudazzi
@naemono @barkbay
Apply suggestions from code review
ff1ee3f 
Co-authored-by: Arianna Laudazzi <46651782+alaudazzi@users.noreply.github.com>
Co-authored-by: Michael Montgomery <mmontg1@gmail.com>
Co-authored-by: Michael Morello <michael.morello@gmail.com>
@pebrc
input from code review
2f55f02
@pebrc
input from code review
0a50033
@pebrc pebrc merged commit 255cdd1 into elastic:main Sep 22, 2022
fantapsody pushed a commit to fantapsody/cloud-on-k8s that referenced this pull request Feb 7, 2023
@pebrc @alaudazzi
@naemono @barkbay @fantapsody
Rewrite snapshot documentation and add CSP specific setups (elastic#5969
95a4fe4 
)

Co-authored-by: Arianna Laudazzi <46651782+alaudazzi@users.noreply.github.com>
Co-authored-by: Michael Montgomery <mmontg1@gmail.com>
Co-authored-by: Michael Morello <michael.morello@gmail.com>
@wortmanb wortmanb mentioned this pull request Jul 17, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@naemono naemono naemono left review comments

@barkbay barkbay barkbay left review comments

@alaudazzi alaudazzi alaudazzi approved these changes

Assignees
No one assigned
Labels
>docs Documentation v2.5.0
Projects
None yet
Milestone
No milestone
5 participants
@pebrc @barkbay @naemono @alaudazzi @thbkrkr