Skip to content

Commit

Permalink
US-563606-1: Upgrade ES Server Version 7.10.2 to 7.17.9 for Internal …
Browse files Browse the repository at this point in the history 
…Elasticsearch (#647)

* US-563606-1: Upgrade ES Server Default Version

* Updated Makefile to update certs in case of TLS

* Updated make file for external secrets update

* Removed legacy flag

* Updated README file.

* Updated Readme

* Updated Readme

* Update comment to explain es helm & server version

* Lint changes

* Updated Readme and Make file

* Lint fixes

* Lint fixes

---------

Co-authored-by: MadhuriArugula <[email protected]>
  • Loading branch information
@bhowd1 @MadhuriArugula
bhowd1 and MadhuriArugula authored Oct 27, 2023
1 parent 0200cd3 commit f8737ef
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 6 deletions.
12 changes: 12 additions & 0 deletions charts/backingservices/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,15 @@ purge-es-secrets:

external-es-secrets:
kubectl create secret generic srs-certificates --from-file=$(PATH_TO_CERTIFICATE) --namespace=$(NAMESPACE)

purge-srs-secrets:
kubectl delete secrets srs-certificates --namespace=$(NAMESPACE) || true

purge-secrets: purge-es-secrets
make purge-srs-secrets

update-secrets: purge-secrets
make es-prerequisite

update-external-es-secrets: purge-srs-secrets
make external-es-secrets
24 changes: 22 additions & 2 deletions charts/backingservices/charts/srs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ To deploy Pega Platform with the SRS backing service, the SRS helm chart require
| `deploymentName` | Specify the name of your SRS cluster. Your deployment creates resources prefixed with this string. This is also the service name for the SRS. |
| `srsRuntime` | Use this section to define specific resource configuration options like image, replica count, cpu and memory resource settings in the SRS. |
| `busybox` | When provisioning an internally managed Elasticsearch cluster, you can customize the location and pull policy of the Alpine image used during the deployment process by specifying `busybox.image` and `busybox.imagePullPolicy`. |
| `elasticsearch` | Define the elasticsearch cluster configurations. The [Elasticsearch](https://github.com/helm/charts/tree/master/stable/elasticsearch/values.yaml) chart defines the values for Elasticsearch provisioning in the SRS cluster. For internally provisioned Elasticsearch the default version is set to `7.10.2`. Set the `elasticsearch.imageTag` parameter in values.yaml to `7.16.3` to use this supported version in the SRS cluster. |
| `elasticsearch` | Define the elasticsearch cluster configurations. The [Elasticsearch](https://github.com/helm/charts/tree/master/stable/elasticsearch/values.yaml) chart defines the values for Elasticsearch provisioning in the SRS cluster. For internally provisioned Elasticsearch the default version is set to `7.17.9`. Set the `elasticsearch.imageTag` parameter in values.yaml to `7.16.3` to use this supported version in the SRS cluster. |
| `k8sProvider` | Specify your Kubernetes provider name. Supported values are [`eks`, `aks`, `minikube`, `gke`, `openshift`, `pks`]..

### Enabling security between SRS and Elasticsearch
Expand All @@ -78,7 +78,7 @@ make external-es-secrets NAMESPACE=pegabackingservices ELASTICSEARCH_VERSION=7.1
| `tls` | Set to `true` to enable the SRS service to authenticate to your organization's available Elasticsearch service. |
| `esCredentials.username` | Enter the username for your available Elasticsearch service. This username value must match the values you set in the connection info section of esCredentials. |
| `esCredentials.password` | Enter the required password for your available Elasticsearch service. This password value must match the values you set in the connection info section of esCredentials. |
| `srsStorage.provisionInternalESCluster` | <ul><li>Set to false to disable this parameter and connect to your available Elasticsearch service from the SRS cluster. Disabling this setting requires you to provide connectivity details to your organization's external Elasticsearch service along with an appropriate TLS certificate with which you authenticate with the service. To pass the required certificate to the cluster using a secrets file, run the command, `$ make external-es-secrets NAMESPACE=<NAMESPACE_USED_FOR_DEPLOYMENT> ELASTICSEARCH_VERSION=<ELASTICSEARCH_VERSION> PATH_TO_CERTIFICATE=<PATH_TO_CERTS>`. </li><li>where NAMESPACE references your deployment namespace of the SRS cluster, `ELASTICSEARCH_VERSION` matches the Elasticsearch version you want to use, and `PATH_TO_CERTIFICATE` points to the location where you copied the required certificates on your location machine.</li></ul> |
| `srsStorage.provisionInternalESCluster` | <ul><li>Set to false to disable this parameter and connect to your available Elasticsearch service from the SRS cluster. Disabling this setting requires you to provide connectivity details to your organization's external Elasticsearch service along with an appropriate TLS certificate with which you authenticate with the service. To pass the required certificate to the cluster using a secrets file, run the command, `$ make external-es-secrets NAMESPACE=<NAMESPACE_USED_FOR_DEPLOYMENT> ELASTICSEARCH_VERSION=<ELASTICSEARCH_VERSION> PATH_TO_CERTIFICATE=<PATH_TO_CERTS>`. </li><li>where NAMESPACE references your deployment namespace of the SRS cluster, `ELASTICSEARCH_VERSION` matches the Elasticsearch version you want to use, and `PATH_TO_CERTIFICATE` points to the location where you copied the required certificates on your location machine.</li><li>Use the following Make command to update the SRS and External Elasticsearch certificates: `$ make update-external-es-secrets NAMESPACE=<NAMESPACE_OF EXISTING_DEPLOYMENT> PATH_TO_CERTIFICATE=<PATH_TO_THE_UPDATED_CERTIFICATES>`.</li></ul> |
| `domain` | Enter the DNS entry associated with your external Elasticsearch service. |

Note: Only .p12 and .jks certificates are supported.
Expand Down Expand Up @@ -157,3 +157,23 @@ srs:
requireInternetAccess: false

```
### Steps to upgrade SRS (with Internal Elasticsearch) to Kubernetes Cluster Version >=1.25

To support SRS on Kubernetes version >=1.25 you need to use Elasticsearch server version 7.17.9. If you are using an earlier version (7.10.2 or 7.16.3) of Elasticsearch in your deployment, to upgrade to 7.17.9, you need to perform the following steps:
1. Get the latest backingservices Helm chart which supports `k8s version >=1.25`.
2. Update the SRS and Elasticsearch certificates by running the following Make command:
```bash
make update-secrets NAMESPACE=<NAMESPACE_OF EXISTING_DEPLOYMENT> ELASTICSEARCH_VERSION=7.17.9
```
3. To use Elasticsearch version 7.17.9, inspect the values.yaml file from the latest backingservices helm chart and confirm if the imageTag parameter in the values.yaml file is same as in the example below:
```yaml
elasticsearch:
imageTag: 7.17.9
```
4. Upgrade your deployment using the following Helm command:
```bash
helm upgrade backingservices pega/backingservices --version <CHART_VERSION> --namespace <NAMESPACE_OF EXISTING_DEPLOYMENT> --values <YAML_FILE_WITH_ES_IMAGE_TAG_CHANGES>
```
5. Verify that the Elasticsearch pods status is Running.
6. Restart the old SRS pods and verify that the status of the new pods is Running.
7. Verify all pods are running and working as expected.
3 changes: 2 additions & 1 deletion charts/backingservices/requirements.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@
# NOTE: For kubernetes version >=1.25 or Elasticsearch version 7.17.9,
# use 7.17.3 for the elasticsearch 'version' parameter below (for Elasticsearch version 7.17.9, you will still use 7.17.9 in the backingservices values.yaml).
# To disable deploying Elasticsearch in SRS, set the 'srs.srsStorage.provisionInternalESCluster' parameter in backingservices values.yaml to false.
# The dependencies.version parameter refers to the Elastcisearch Helm chart version, not Elasticsearch server version.
dependencies:
- name: elasticsearch
version: "7.10.2"
version: "7.17.3"
repository: https://helm.elastic.co/
condition: srs.srsStorage.provisionInternalESCluster
- name: constellation
Expand Down
7 changes: 4 additions & 3 deletions charts/backingservices/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,9 +80,10 @@ constellation:
# based on helm charts defined at https://github.com/elastic/helm-charts/tree/master/elasticsearch and may be modified
# as per runtime and storage requirements.
elasticsearch:
# for internally provisioned elasticsearch version is set to 7.10.2. Use this imageTag configuration to update it to 7.16.3 or
# 7.17.9 if required. However, we strongly recommend to use version 7.17.9.
imageTag: 7.10.2
# For internally provisioned Elasticsearch server, the imageTag parameter is set by default to 7.17.9, which is the recommended Elasticsearch server version
# for k8s version >= 1.25.
# Use this parameter to change it to 7.10.2 or 7.16.3 for k8s version < 1.25 and make sure to update the Elasticsearch helm chart version in requirements.yaml.
imageTag: 7.17.9
# Permit co-located instances for solitary minikube virtual machines.
antiAffinity: "soft"
# Shrink default JVM heap.
Expand Down

0 comments on commit f8737ef

Please sign in to comment.