Enable TLS path between Curator and Elasticsearch

Elasticsearch is TLS enabled. Curator needs to be configured to use cacert when communicating with Elasticsearch. Change-Id: Ia78458516d6c8f975e478d85643dc4436b70b87c
2021-08-10 10:00:06 -07:00 · 2021-08-10 10:00:06 -07:00 · 09dfafbd6b
commit 09dfafbd6b
parent 67ac5da9ed
4 changed files with 10 additions and 1 deletions
--- a/elasticsearch/Chart.yaml
+++ b/elasticsearch/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v7.6.2
 description: OpenStack-Helm ElasticSearch
 name: elasticsearch
-version: 0.2.10
+version: 0.2.11
 home: https://www.elastic.co/
 sources:
  - https://github.com/elastic/elasticsearch
--- a/elasticsearch/templates/cron-job-curator.yaml
+++ b/elasticsearch/templates/cron-job-curator.yaml
@ -80,6 +80,7 @@ spec:
                  mountPath: /etc/config/action_file.yml
                  subPath: action_file.yml
                  readOnly: true
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.elasticsearch.elasticsearch.internal "path" "/etc/elasticsearch/certs" "certs" tuple "ca.crt" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
          volumes:
            - name: pod-tmp
              emptyDir: {}
@ -93,4 +94,5 @@ spec:
              secret:
                secretName: elastic-curator-etc
                defaultMode: 0444
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.elasticsearch.elasticsearch.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
 {{- end }}
--- a/elasticsearch/values_overrides/tls.yaml
+++ b/elasticsearch/values_overrides/tls.yaml
@ -144,6 +144,12 @@ conf:
              key: /usr/share/elasticsearch/config/tls.key
              certificate: /usr/share/elasticsearch/config/tls.crt
              certificate_authorities: ["/usr/share/elasticsearch/config/ca.crt"]
+  curator:
+    config:
+      client:
+        use_ssl: True
+        ssl_no_validate: False
+        certificate: '/etc/elasticsearch/certs/ca.crt'
 manifests:
  certificates: true
 ...
--- a/releasenotes/notes/elasticsearch.yaml
+++ b/releasenotes/notes/elasticsearch.yaml
@ -20,4 +20,5 @@ elasticsearch:
  - 0.2.8 Use full image ref for docker official images
  - 0.2.9 Removed repo verification check from helm-test
  - 0.2.10 Enable TLS path between Prometheus-elasticsearch-exporter and Elasticsearch
+  - 0.2.11 Enable TLS path between Curator and Elasticsearch
 ...