You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 22, 2024. It is now read-only.
New CRD StackConfigPolicy to declaratively configure multiple Elasticsearch clusters (elastic#6148)
New custom resource StackConfigPolicy to configure cluster settings, snapshot repositorires and lifecycle policies for a list of Elasticsearch clusters matching a labels selector.
```
apiVersion: stackconfigpolicy.k8s.elastic.co/v1alpha1
kind: StackConfigPolicy
metadata:
name: config-staging
namespace: elastic-system
spec:
resourceSelector:
matchLabels:
env: staging
elasticsearch:
clusterSettings:
indices.recovery.max_bytes_per_sec: "100mb"
snapshotRepositories:
backup:
type: gcs
settings:
bucket: "gcs-bucket"
snapshotLifecyclePolicies:
test-snapshots:
schedule: "0 1 2 3 4 ?"
name: "<staging-snap-{now/d}>"
repository: "backup"
config:
indices: ["*"]
ignore_unavailable: true
include_global_state: false
retention:
expire_after: "30d"
min_count: 1
max_count: 50
```
The namespaces used to find Elasticsearch clusters to configure depend on the StackConfigPolicy namespace. If it is the operator namespace, all namespaces managed by the operator are used, otherwise only the StackConfigPolicy namespace.
A new FileSettings Secret `<esName>-es-file-settings` owns by Elasticsearch is created empty and mounted as data volume by the Elasticsearch controller. The StackConfigPolicy controller soft owns the Secret and only updates it. On deletion, soft owned labels are used to find Secrets to reset.
For the SecureSettings Secrets defined in the StackConfigPolicy, the StackConfigPolicy controller writes the Secret namespaces and names in an annotation of the FileSettings Secret. The ES controller watches and reads the Secrets from that and merges their content with the user-provided Secrets of the Elasticsearch resource in the existing Secret `<esName>-es-secure-settings`.
description: StackConfigPolicy represents a StackConfigPolicy resource in
8947
+
a Kubernetes cluster.
8948
+
properties:
8949
+
apiVersion:
8950
+
description: 'APIVersion defines the versioned schema of this representation
8951
+
of an object. Servers should convert recognized schemas to the latest
8952
+
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
8953
+
type: string
8954
+
kind:
8955
+
description: 'Kind is a string value representing the REST resource this
8956
+
object represents. Servers may infer this from the endpoint the client
8957
+
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
8958
+
type: string
8959
+
metadata:
8960
+
type: object
8961
+
spec:
8962
+
properties:
8963
+
elasticsearch:
8964
+
properties:
8965
+
clusterSettings:
8966
+
description: ClusterSettings holds the Elasticsearch cluster settings
8967
+
(/_cluster/settings)
8968
+
type: object
8969
+
x-kubernetes-preserve-unknown-fields: true
8970
+
snapshotLifecyclePolicies:
8971
+
description: SnapshotLifecyclePolicies holds the Snapshot Lifecycle
8972
+
Policies settings (/_slm/policy)
8973
+
type: object
8974
+
x-kubernetes-preserve-unknown-fields: true
8975
+
snapshotRepositories:
8976
+
description: SnapshotRepositories holds the Snapshot Repositories
8977
+
settings (/_snapshot)
8978
+
type: object
8979
+
x-kubernetes-preserve-unknown-fields: true
8980
+
type: object
8981
+
resourceSelector:
8982
+
description: A label selector is a label query over a set of resources.
8983
+
The result of matchLabels and matchExpressions are ANDed. An empty
8984
+
label selector matches all objects. A null label selector matches
8985
+
no objects.
8986
+
properties:
8987
+
matchExpressions:
8988
+
description: matchExpressions is a list of label selector requirements.
8989
+
The requirements are ANDed.
8990
+
items:
8991
+
description: A label selector requirement is a selector that
8992
+
contains values, a key, and an operator that relates the key
8993
+
and values.
8994
+
properties:
8995
+
key:
8996
+
description: key is the label key that the selector applies
8997
+
to.
8998
+
type: string
8999
+
operator:
9000
+
description: operator represents a key's relationship to
9001
+
a set of values. Valid operators are In, NotIn, Exists
9002
+
and DoesNotExist.
9003
+
type: string
9004
+
values:
9005
+
description: values is an array of string values. If the
9006
+
operator is In or NotIn, the values array must be non-empty.
9007
+
If the operator is Exists or DoesNotExist, the values
9008
+
array must be empty. This array is replaced during a strategic
9009
+
merge patch.
9010
+
items:
9011
+
type: string
9012
+
type: array
9013
+
required:
9014
+
- key
9015
+
- operator
9016
+
type: object
9017
+
type: array
9018
+
matchLabels:
9019
+
additionalProperties:
9020
+
type: string
9021
+
description: matchLabels is a map of {key,value} pairs. A single
9022
+
{key,value} in the matchLabels map is equivalent to an element
9023
+
of matchExpressions, whose key field is "key", the operator
9024
+
is "In", and the values array contains only "value". The requirements
9025
+
are ANDed.
9026
+
type: object
9027
+
type: object
9028
+
x-kubernetes-map-type: atomic
9029
+
secureSettings:
9030
+
items:
9031
+
description: SecretSource defines a data source based on a Kubernetes
9032
+
Secret.
9033
+
properties:
9034
+
entries:
9035
+
description: Entries define how to project each key-value pair
9036
+
in the secret to filesystem paths. If not defined, all keys
9037
+
will be projected to similarly named paths in the filesystem.
9038
+
If defined, only the specified keys will be projected to the
9039
+
corresponding paths.
9040
+
items:
9041
+
description: KeyToPath defines how to map a key in a Secret
9042
+
object to a filesystem path.
9043
+
properties:
9044
+
key:
9045
+
description: Key is the key contained in the secret.
9046
+
type: string
9047
+
path:
9048
+
description: Path is the relative file path to map the
9049
+
key to. Path must not be an absolute file path and must
9050
+
not contain any ".." components.
9051
+
type: string
9052
+
required:
9053
+
- key
9054
+
type: object
9055
+
type: array
9056
+
secretName:
9057
+
description: SecretName is the name of the secret.
9058
+
type: string
9059
+
required:
9060
+
- secretName
9061
+
type: object
9062
+
type: array
9063
+
type: object
9064
+
status:
9065
+
properties:
9066
+
errors:
9067
+
description: Errors is the number of resources which have an incorrect
9068
+
configuration
9069
+
type: integer
9070
+
observedGeneration:
9071
+
description: ObservedGeneration is the most recent generation observed
9072
+
for this StackConfigPolicy.
9073
+
format: int64
9074
+
type: integer
9075
+
phase:
9076
+
description: Phase is the phase of the StackConfigPolicy.
9077
+
type: string
9078
+
ready:
9079
+
description: Ready is the number of resources successfully configured.
9080
+
type: integer
9081
+
readyCount:
9082
+
description: ReadyCount is a human representation of the number of
9083
+
resources successfully configured.
9084
+
type: string
9085
+
resources:
9086
+
description: Resources is the number of resources to be configured.
9087
+
type: integer
9088
+
resourcesStatuses:
9089
+
additionalProperties:
9090
+
description: ResourcePolicyStatus models the status of the policy
9091
+
for one resource to be configured.
9092
+
properties:
9093
+
currentVersion:
9094
+
format: int64
9095
+
type: integer
9096
+
error:
9097
+
properties:
9098
+
message:
9099
+
type: string
9100
+
version:
9101
+
format: int64
9102
+
type: integer
9103
+
type: object
9104
+
expectedVersion:
9105
+
format: int64
9106
+
type: integer
9107
+
phase:
9108
+
type: string
9109
+
type: object
9110
+
description: ResourcesStatuses holds the status for each resource
0 commit comments