[DOCS] Replace Docker Compose files and setup #81133
Comments
lockewritesdocs
added
>enhancement
>docs
elasticmachine
added
Team:Docs
|
Pinging @elastic/es-docs (Team:Docs) |
|
Pinging @elastic/es-delivery (Team:Delivery) |
elasticmachine
added
Team:Core/Infra
|
Pinging @elastic/es-core-infra (Team:Core/Infra) |
|
Pinging @elastic/es-security (Team:Security) |
|
I assumed with auto-security all this certificate generation stuff would be unnecessary now. Why would we still have to manually generate certs? |
Docker compose, along with other use cases where there is orchestration, has been out of scope on purpose for Security on by default, as we believe that in these use cases it makes sense to take care of certificate generation and configuration on the orchestration layer. The devised enrollment process for security on by default that is the basis of TLS auto-configuration for multi-node clusters assumes a set of manual actions in sequence and communication between joining and existing nodes and doesn't fit well with docker compose. |
|
Yes, we are considering future use of the enrollment flow in Docker Compose scenarios, but it's not part of this effort. Maybe @mgreau has feedback too. |
|
@lockewritesdocs in the gist I see that you modified the We don't want to provide a default password intentionally, to be sure that users set their own. If you strongly feel that we need that placeholder, we should modify checks so that the specific verbatim is not allowed. Another note is that the |
@bytebilly, yes, this is just in the gist. I only included it there, but would leave the passwords blank in the actual files we put in our docs so that the password checks you included will work if users try to start Docker Compose without a password in the
We can certainly add a variable for the |
|
Perfect, thanks! |
|
@bytebilly, I opened this PR to update the configuration: elastic/stack-docs#1906 |
Current state
In the current documentation for starting a multi-node cluster with Docker Compose, we use the following files:
instances.ymlfile to outline the nodes that will be created.envfile to hold environment variablescreate-certs.ymlfile to generate security certificatesdocker-compose.ymlfile for starting a multi-node cluster with TLS configured@bytebilly created a
docker-compose.ymlfile that incorporates the certificate generation scripts fromcreate-certs.yml, and eliminates the need for that file andinstances.yml. Also, users do not need to complete the enrollment flow for Kibana because the updated configuration handles this task.Proposed solution
We would like to replace the current files in the documentation with this updated
docker-compose.ymlfile, which requires only a single command to set up and provides a much more streamlined UX. I'm pinging a few teams for input so that we can determine if this is the optimal solution going forward.I created a gist that contains the updated
.envanddocker-compose.ymlfiles. To run this setup:.env, and enter a value forELASTIC_PASSWORDandKIBANA_PASSWORD.docker compose up -d.The included healthchecks in the updated
docker-compose.ymlfile should also resolve the issues in elastic/stack-docs#1846.The text was updated successfully, but these errors were encountered: