Add cluster spec to enable/disable ssl #64
Conversation
gianrubio
force-pushed
the
disable-ssl
branch
3 times, most recently
from
0c68c7e to
c395d0d
Compare
|
Hey @gianrubio I merged your change and pushed new image tag: |
gianrubio
force-pushed
the
disable-ssl
branch
2 times, most recently
from
9a173d4 to
03ce723
Compare
pkg/k8sutil/k8sutil.go
Outdated
| @@ -752,6 +761,12 @@ func (k *K8sutil) CreateClientMasterDeployment(deploymentType, baseImage string, | |||
| }, | |||
| } | |||
|
|
|||
| // disable secrets volume mount when ssl is not enabled | |||
There was a problem hiding this comment.
@stevesloka I'm not really happy with this part of the code. Any thoughts are welcome.
There was a problem hiding this comment.
I think the idea is you won't need the volume when TLS is disabled. You could add the volumes to the object after it's created if needed. Meaning, if TLS enabled, then add the volume, but by default it won't be there.
There was a problem hiding this comment.
So your recommendation is to remove this code or keep it? Do you have more suggestions for this PR?
There was a problem hiding this comment.
@stevesloka friendly ping
There was a problem hiding this comment.
@gianrubio sorry for the delay on this. I think the cleaner way is to not bring in the secret volume if we don't need unless you think that muddy's the code. So when the statefulsets / deployments are created, we can decide to add the secret volume or not.
We'll need to add this check to the piece where certs are auto-generated since that's been recently added.
gianrubio
force-pushed
the
disable-ssl
branch
2 times, most recently
from
cec8def to
818e476
Compare
|
@stevesloka sorry fot the delay, could you review again? |
gianrubio
changed the title
|
Hey @gianrubio, I should have merged this before I did the CRD refactor. It looks like there are conflicts now. Would you mind fixing those conflicts? I can then test it all out and we can get this merged. |
gianrubio
force-pushed
the
disable-ssl
branch
3 times, most recently
from
7848d9d to
eb5db0f
Compare
|
@stevesloka please review again |
|
Do you think this is still a good feature given we have auto gen'd certs now? If so I'm fine, just curious your thoughts. Would you mind one last rebase, the error PR I merged has caused a bunch. Thanks! |
gianrubio
force-pushed
the
disable-ssl
branch
from
eb5db0f to
0694360
Compare
|
Rebased, ready to merge! |
gianrubio
force-pushed
the
disable-ssl
branch
from
35b5593 to
af8089b
Compare
|
I was just testing through this, wanted to see if you got the same. I'm getting an error when it's generating certs: |
|
Are you running the controller in your machine or in a container? |
|
I was running locally on my mac. I did have the directories, when I switch back to master branch it all worked. I'll try again on my linux box and see if I can come up with what's different. |
|
What's the status on this? I'd like to have an option to disable ssl as I terminate ssl on my ingress and don't need to re-encrypt for kubernetes service? |
|
I would like to disable ssl and use official elastic search image. Is it possible? |
|
The official ES images won't have the required kubernetes plugin, so no. |
|
replaced by #161 |
@stevesloka I'm waiting the merge on upmc-enterprises/docker-elasticsearch-kubernetes#1
Close #5 #99