In the case this operator is being used without the Cluster Logging Operator or Jaeger Operator:
-
the namespace where the Elasticsearch cluster will be deployed into needs to be created. By default our make targets use
openshift-logging
, however they can be overridden by settingDEPLOYMENT_NAMESPACE
. -
certificates must be provided in the form of a secret where the name matches the pattern
<elasticsearch_cr_name>-secret
. For the convenience of local development the make targetdeploy-example-secret
can be used to do this.
To build a local Elasticsearch Operator image and deploy the example CR you can use:
make deploy-example
Alternatively, if you just want to deploy the Elasticsearch Operator and provide your own CR afterwards you can use:
make deploy
There is an example CR provided in the hack
directory that can be created with:
oc create -f hack/cr.yaml
The operator is designed to work with quay.io/openshift/origin-logging-elasticsearch6
image. To use
a different image, edit manifests/image-references
before deployment, or edit the environment variable in the Elasticsearch Operator csv after deployment. e.g. oc edit csv -n openshift-operators-redhat elasticsearch-operator.v4.6.0
.
Storage is configurable per individual node type. Possible configuration options:
- Empty directory
- PersistentVolume generated by StorageClass (if storage class is left off the cluster default is used)
Decide how many nodes you want to run.
Obtain the CA cert from Elasticsearch.
oc extract secret/elasticsearch --to=. --keys=admin-ca
Create a re-encrypt route.
In the Re-encrypt termination example, use the contents of the file admin-ca
for spec.tls.destinationCACertificate.
You do not need to set the spec.tls.key, spec.tls.certificate and spec.tls.caCertificate parameters shown in the example.
Kubernetes TBD+ and OpenShift TBD+ are supported.
- SSL-secured deployment (using Opendistro)
- Insecure deployment (requires different image)
- Index per tenant
- Elasticsearch 6.x support
- Master role
- Client role
- Data role
- Clientdata role
- Clientdatamaster role
- Prometheus monitoring
- Status monitoring
- Rolling restarts
In a real deployment OpenShift monitoring will be installed. However for testing purposes, you should install the monitoring CRDs:
make deploy
To run the e2e tests run:
make test-e2e-olm
This assumes:
- the Elasticsearch Operator pod is already deployed and running
- the Elasticsearch Operator Registry pod is already deployed and running
You should first ensure that you have podman
available.
To test on an OKD cluster, you can run:
make deploy
To remove created API objects:
make uninstall
You must first oc login api.ci.openshift.org
. You'll need these credentials in order
to pull images from the UBI registry.
The image build process for UBI based images uses a private yum repo. In order to use the private yum repo, you will need access to https://github.com/openshift/release/blob/master/ci-operator/infra/openshift/release-controller/repos/ocp-4.1-default.repo and https://github.com/openshift/shared-secrets/blob/master/mirror/ops-mirror.pem Note that the latter is private and requires special permission to access.
The best approach is to clone these repos under $GOPATH/src/github.com/openshift
which the build scripts will pick up automatically. If you do not, the build script
will attempt to clone them to a temporary directory.
If you have a local clone of origin-aggregated-logging
under $GOPATH/github.com/openshift/origin-aggregated-logging
you can use its hack/get-cluster-run-tests.sh
to build the logging, elasticsearch-operator, and cluster-logging-operator images; deploy a 4.x cluster;
push the images to the cluster; deploy logging; and launch the logging CI tests.
You'll need podman
in addition to docker
.
If you used the new openshift-installer
, it creates a user named kubeadmin
with the password in the file installer/auth/kubeadmin_password
.
If you already built the image with make image
, then it will not be built
again until a change is detected in a prerequisite file (defined in the
Makefile) You need oc login
to the cluster before pushing the image to the
register.
oc login --token=<token> --server=https://api.<cluster>:6443
# Or oc login -u kubeadmin -p <password>, if using openshift installer
make deploy-image
The elasticsearch operator relies on operator-sdk
to scaffold and generate code and
manifests.
To upgrade the generated code to a new operator-sdk version, we need to follow the
instructions in operator-sdk's migration guide.
In addition, we must ensure that the k8s dependencies in the operator's go.mod
match the selected version of operator-sdk. For example, for operator-sdk v0.19.x,
check the k8s dependencies:
As a result, we can determine the versions of the k8s dependencies in the operator's go.mod
.
# Generate Go code, CRD, ...
make generate
# Generate bundle directory
make bundle