Overview

IBM® Automation Elasticsearch uses the Elastic License 2.0 (ELv2) basic license.

Elasticsearch is an operational data store that also provides a custom security plug-in to enable basic authentication and a proxy sidecar for Transport Layer Security (TLS) capability.

The ibm-elastic-operator-controller-manager deployment provides the Elasticsearch APIs.

Prerequisites

The IBM Automation Elasticsearch service needs the following components:

Connection details for Elasticsearch

The Elasticsearch.status.endpoints section returns connection details, such as the Secret with the administrator credentials, and the internal and external endpoints, when you request for them. Following is an example section from the Elasticsearch CR:

apiVersion: elastic.automation.ibm.com/v1beta1
kind: Elasticsearch
...
status:
  endpoints:
    - authentication:
        secret:
          secretName: iaf-system-elasticsearch-es-default-user
        type: BasicSecret
      caSecret:
        key: ca.crt
        secretName: [automationbase-name]-automationbase-ab-ca
      name: iaf-system-es
      scope: External
      type: API
      uri: 'https://iaf-system-es-iaf.apps.iaf-test2.cp.fyre.ibm.com'
    - authentication:
        secret:
          secretName: iaf-system-elasticsearch-es-default-user
        type: BasicSecret
      caSecret:
        key: ca.crt
        secretName: automationbase-sample-automationbase-ab-ca
      name: iaf-system-elasticsearch-es
      scope: Internal
      type: API
      uri: 'https://iaf-system-elasticsearch-es.iaf:9200'

Storage

A ReadWriteOnce (RWO) PersistentVolume (PV) is needed for Elasticsearch. If you do not specify a storage class in the spec.elasticsearch.nodegroupspecs[].storage.class section, the default StorageClass that you set for your cluster is used.

Example ElasticSearch CR

An ElasticSearch CR with status is shown in the following example:

apiVersion: elastic.automation.ibm.com/v1beta1
kind: Elasticsearch
metadata:
  name: iaf-system
  namespace: iaf
spec:
  license:
    accept: true
  nodegroupspecs:
    - name: master-data
      replicas: 3
      storage:
        type: persistent-claim
      template:
        pod:
          spec: {}
  tls:
    caSecret:
      key: ca.crt
      secretName: automationbase-sample-automationbase-ab-ca
    issuerRef:
      name: automationbase-sample-automationbase-ab-issuer
  version: v2
status:
  adminAuthSecretName: iaf-system-elasticsearch-es-default-user
  conditions:
    - lastTransitionTime: '2022-11-11T16:37:54Z'
      message: Elasticsearch successfully installed
      reason: Installed
      status: 'True'
      type: Ready
    - lastTransitionTime: '2022-11-10T17:04:05Z'
      message: 'Health: GREEN, DataNodes: 3'
      reason: Passed
      status: 'True'
      type: Healthy
    - lastTransitionTime: '2022-09-20T16:14:11Z'
      message: Default credentials to be updated for security reasons
      reason: Generated
      status: 'False'
      type: SecureCreds
  endpoints:
    - authentication:
        secret:
          secretName: iaf-system-elasticsearch-es-default-user
        type: BasicSecret
      caSecret:
        key: ca.crt
        secretName: automationbase-sample-automationbase-ab-ca
      name: iaf-system-es
      scope: External
      type: API
      uri: 'https://iaf-system-es-iaf.apps.iaf-test2.cp.fyre.ibm.com'
    - authentication:
        secret:
          secretName: iaf-system-elasticsearch-es-default-user
        type: BasicSecret
      caSecret:
        key: ca.crt
        secretName: automationbase-sample-automationbase-ab-ca
      name: iaf-system-elasticsearch-es
      scope: Internal
      type: API
      uri: 'https://iaf-system-elasticsearch-es.iaf:9200'
  managedResources:
    - 'certificate:iaf/iaf-system-elasticsearch-es-client-cert'
    - 'configmap:iaf/iaf-system-elasticsearch-es'
    - 'networkpolicy:iaf/iaf-system-elasticsearch-es'
    - 'route:iaf/iaf-system-es'
    - 'secret:iaf/iaf-system-elasticsearch-es-default-user'
    - 'service:iaf/iaf-system-elasticsearch-es'
    - 'service:iaf/iaf-system-elasticsearch-es-headless'
    - 'serviceaccount:iaf/iaf-system-elasticsearch-es'
    - 'statefulset:iaf/iaf-system-elasticsearch-es-master-data'
  nodeGroups:
    - name: master-data
  versions:
    available:
      channels:
        - name: v2
        - name: v2.0
        - name: v1
        - name: v1.2
        - name: v1.1
        - name: v1.0
      versions:
        - name: 2.0.11
        - name: 2.0.10
        - name: 2.0.9
        - name: 2.0.8
        - name: 2.0.7
        - name: 2.0.6
        - name: 2.0.5
        - name: 2.0.4
        - name: 2.0.3
        - name: 2.0.2
        - name: 2.0.1
        - name: 2.0.0
        - name: 1.2.1
        - name: 1.2.0
        - name: 1.1.0
        - name: 1.0.0
    reconciled: 2.0.11