diff --git a/eck/eck-ror-bootstrap.sh b/docker-envs/eck/eck-ror-bootstrap.sh similarity index 100% rename from eck/eck-ror-bootstrap.sh rename to docker-envs/eck/eck-ror-bootstrap.sh diff --git a/eck/eck-ror-cleanup.sh b/docker-envs/eck/eck-ror-cleanup.sh similarity index 100% rename from eck/eck-ror-cleanup.sh rename to docker-envs/eck/eck-ror-cleanup.sh diff --git a/eck/kind-cluster/bootstrap-eck.sh b/docker-envs/eck/kind-cluster/bootstrap-eck.sh similarity index 100% rename from eck/kind-cluster/bootstrap-eck.sh rename to docker-envs/eck/kind-cluster/bootstrap-eck.sh diff --git a/eck/kind-cluster/kind-cluster-config.yml b/docker-envs/eck/kind-cluster/kind-cluster-config.yml similarity index 100% rename from eck/kind-cluster/kind-cluster-config.yml rename to docker-envs/eck/kind-cluster/kind-cluster-config.yml diff --git a/eck/kind-cluster/ror/es-np.yml b/docker-envs/eck/kind-cluster/ror/es-np.yml similarity index 100% rename from eck/kind-cluster/ror/es-np.yml rename to docker-envs/eck/kind-cluster/ror/es-np.yml diff --git a/docker-envs/eck/kind-cluster/ror/es.yml b/docker-envs/eck/kind-cluster/ror/es.yml new file mode 100644 index 0000000000..8854660745 --- /dev/null +++ b/docker-envs/eck/kind-cluster/ror/es.yml @@ -0,0 +1,86 @@ +apiVersion: elasticsearch.k8s.elastic.co/v1 +kind: Elasticsearch +metadata: + name: quickstart +spec: + version: 8.11.3 + nodeSets: + - name: default + count: 2 + podTemplate: + spec: + securityContext: + runAsUser: 1000 + containers: + - name: elasticsearch + env: + - name: INTERNAL_USR_PASS + valueFrom: + secretKeyRef: + name: quickstart-es-internal-users + key: elastic-internal + - name: INTERNAL_PROBE_PASS + valueFrom: + secretKeyRef: + name: quickstart-es-internal-users + key: elastic-internal-probe + - name: KIBANA_SERVICE_ACCOUNT_TOKEN + valueFrom: + secretKeyRef: + name: quickstart-kibana-user + key: token + - name: ES_JAVA_OPTS + value: -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8888 + volumeMounts: + - name: elasticsearch-modules + mountPath: /usr/share/elasticsearch/modules + - name: elasticsearch-lib + mountPath: /usr/share/elasticsearch/lib + - name: config-ror + mountPath: /usr/share/elasticsearch/config/readonlyrest.yml + subPath: readonlyrest.yml + - name: config-log4j2 + mountPath: /usr/share/elasticsearch/config/log4j2.properties + subPath: log4j2.properties + initContainers: + - name: sysctl + securityContext: + runAsUser: 0 + privileged: true + command: [ 'sh', '-c', 'sysctl -w vm.max_map_count=262144' ] + - name: install-ror-es-plugin + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + command: + - "/bin/bash" + - "-c" + - | + set -e + + /usr/share/elasticsearch/bin/elasticsearch-plugin install --batch "https://api.beshu.tech/download/es?edition=es&esVersion=$ES_VERSION&email=eck-example%40readonlyrest.com" + /usr/share/elasticsearch/jdk/bin/java -jar /usr/share/elasticsearch/plugins/readonlyrest/ror-tools.jar patch + + cp -r /usr/share/elasticsearch/modules /target/usr/share/elasticsearch + cp -r /usr/share/elasticsearch/lib /target/usr/share/elasticsearch + env: + - name: ES_VERSION + valueFrom: + fieldRef: + fieldPath: metadata.labels['elasticsearch.k8s.elastic.co/version'] + volumeMounts: + - name: elasticsearch-modules + mountPath: /target/usr/share/elasticsearch/modules + - name: elasticsearch-lib + mountPath: /target/usr/share/elasticsearch/lib + volumes: + - name: elasticsearch-modules + emptyDir: { } + - name: elasticsearch-lib + emptyDir: { } + - name: config-ror + configMap: + name: config-readonlyrest.yml + - name: config-log4j2 + configMap: + name: config-log4j2.properties.yml \ No newline at end of file diff --git a/eck/kind-cluster/ror/kbn-np.yml b/docker-envs/eck/kind-cluster/ror/kbn-np.yml similarity index 100% rename from eck/kind-cluster/ror/kbn-np.yml rename to docker-envs/eck/kind-cluster/ror/kbn-np.yml diff --git a/docker-envs/eck/kind-cluster/ror/kbn.yml b/docker-envs/eck/kind-cluster/ror/kbn.yml new file mode 100644 index 0000000000..9f0dfee879 --- /dev/null +++ b/docker-envs/eck/kind-cluster/ror/kbn.yml @@ -0,0 +1,68 @@ +apiVersion: kibana.k8s.elastic.co/v1 +kind: Kibana +metadata: + name: quickstart +spec: + version: 8.11.3 + count: 2 + elasticsearchRef: + name: quickstart + config: + readonlyrest_kbn.store_sessions_in_index: true + readonlyrest_kbn.cookiePass: "12345678901234567890123456789012345678901234567890" + readonlyrest_kbn.logLevel: "info" + podTemplate: + spec: + securityContext: + runAsUser: 1000 + containers: + - name: kibana + volumeMounts: + - name: kibana-plugins + mountPath: /usr/share/kibana/plugins + - name: kibana-node-modules-kbn + mountPath: /usr/share/kibana/node_modules/@kbn + - name: kibana-src + mountPath: /usr/share/kibana/src + - name: kibana-xpack-plugins + mountPath: /usr/share/kibana/x-pack/plugins + initContainers: + - name: install-ror-kbn-plugin + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + command: + - "/bin/bash" + - "-c" + - | + set -e + + /usr/share/kibana/bin/kibana-plugin install "https://api.beshu.tech/download/kbn?esVersion=$KBN_VERSION&edition=kbn_universal&email=eck-example%40readonlyrest.com" + /usr/share/kibana/node/bin/node /usr/share/kibana/plugins/readonlyrestkbn/ror-tools.js patch + + cp -r /usr/share/kibana/node_modules/@kbn /target/usr/share/kibana/node_modules + cp -r /usr/share/kibana/src /target/usr/share/kibana + cp -r /usr/share/kibana/x-pack/plugins /target/usr/share/kibana/x-pack + env: + - name: KBN_VERSION + valueFrom: + fieldRef: + fieldPath: metadata.labels['kibana.k8s.elastic.co/version'] + volumeMounts: + - name: kibana-plugins + mountPath: /usr/share/kibana/plugins + - name: kibana-node-modules-kbn + mountPath: /target/usr/share/kibana/node_modules/@kbn + - name: kibana-src + mountPath: /target/usr/share/kibana/src + - name: kibana-xpack-plugins + mountPath: /target/usr/share/kibana/x-pack/plugins + volumes: + - name: kibana-plugins + emptyDir: { } + - name: kibana-node-modules-kbn + emptyDir: { } + - name: kibana-src + emptyDir: { } + - name: kibana-xpack-plugins + emptyDir: { } diff --git a/eck/kind-cluster/ror/log4j2.properties.yml b/docker-envs/eck/kind-cluster/ror/log4j2.properties.yml similarity index 98% rename from eck/kind-cluster/ror/log4j2.properties.yml rename to docker-envs/eck/kind-cluster/ror/log4j2.properties.yml index adb8ebfe34..347dd9d2df 100644 --- a/eck/kind-cluster/ror/log4j2.properties.yml +++ b/docker-envs/eck/kind-cluster/ror/log4j2.properties.yml @@ -4,7 +4,7 @@ data: status=error logger.action.name=org.elasticsearch.action - logger.action.level=debug + logger.action.level=info appender.console.type=Console appender.console.name=console appender.console.layout.type=PatternLayout @@ -19,7 +19,7 @@ data: appender.rolling.policies.time.type=TimeBasedTriggeringPolicy appender.rolling.policies.time.interval=1 appender.rolling.policies.time.modulate=true - rootLogger.level=debug + rootLogger.level=info rootLogger.appenderRef.console.ref=console rootLogger.appenderRef.rolling.ref=rolling appender.deprecation_rolling.type=RollingFile @@ -72,4 +72,4 @@ data: kind: ConfigMap metadata: - name: log4j2-config \ No newline at end of file + name: config-log4j2.properties.yml \ No newline at end of file diff --git a/eck/kind-cluster/ror/ror-initial-config.yml b/docker-envs/eck/kind-cluster/ror/ror-initial-config.yml similarity index 91% rename from eck/kind-cluster/ror/ror-initial-config.yml rename to docker-envs/eck/kind-cluster/ror/ror-initial-config.yml index d71eb05282..785646711e 100644 --- a/eck/kind-cluster/ror/ror-initial-config.yml +++ b/docker-envs/eck/kind-cluster/ror/ror-initial-config.yml @@ -26,8 +26,9 @@ data: type: allow auth_key: "user1:test" indices: ["kibana_sample*"] - kibana_access: ro + kibana: + access: ro kind: ConfigMap metadata: - name: ror-config + name: config-readonlyrest.yml diff --git a/eck/readme.md b/docker-envs/eck/readme.md similarity index 100% rename from eck/readme.md rename to docker-envs/eck/readme.md diff --git a/eck/images/Dockerfile-es b/eck/images/Dockerfile-es deleted file mode 100644 index 59b796baeb..0000000000 --- a/eck/images/Dockerfile-es +++ /dev/null @@ -1,5 +0,0 @@ -FROM docker.elastic.co/elasticsearch/elasticsearch:8.11.1 -RUN bin/elasticsearch-plugin install --batch "https://api.beshu.tech/download/es?esVersion=8.11.1&pluginVersion=1.53.0&email=eck-example%40readonlyrest.com" -USER root -RUN /usr/share/elasticsearch/jdk/bin/java -jar /usr/share/elasticsearch/plugins/readonlyrest/ror-tools.jar patch -USER 1000 \ No newline at end of file diff --git a/eck/images/Dockerfile-kbn b/eck/images/Dockerfile-kbn deleted file mode 100644 index ce6543ad8d..0000000000 --- a/eck/images/Dockerfile-kbn +++ /dev/null @@ -1,3 +0,0 @@ -FROM docker.elastic.co/kibana/kibana:8.11.1 -RUN bin/kibana-plugin install "https://api.beshu.tech/download/kbn?esVersion=8.11.1&pluginVersion=1.53.0&edition=kbn_universal&email=eck-example%40readonlyrest.com" -RUN node/bin/node plugins/readonlyrestkbn/ror-tools.js patch \ No newline at end of file diff --git a/eck/images/build-ror-es-image.sh b/eck/images/build-ror-es-image.sh deleted file mode 100755 index b73fff37c9..0000000000 --- a/eck/images/build-ror-es-image.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash -e - -docker buildx build --platform=linux/arm64,linux/amd64 --push -t coutopl/es_8.11.1_ror_1.53.0:latest -f Dockerfile-es . \ No newline at end of file diff --git a/eck/images/build-ror-kbn-image.sh b/eck/images/build-ror-kbn-image.sh deleted file mode 100755 index bc902b1e52..0000000000 --- a/eck/images/build-ror-kbn-image.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash -e - -docker buildx build --platform=linux/arm64,linux/amd64 --push -t coutopl/kbn_8.11.1_ror_1.53.0:latest -f Dockerfile-kbn . diff --git a/eck/kind-cluster/ror/es-debug-service.yml b/eck/kind-cluster/ror/es-debug-service.yml deleted file mode 100644 index c2ec83b5c8..0000000000 --- a/eck/kind-cluster/ror/es-debug-service.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: es-debug-service -spec: - selector: - common.k8s.elastic.co/type: elasticsearch - elasticsearch.k8s.elastic.co/cluster-name: quickstart - ports: - - protocol: TCP - port: 8888 - targetPort: 8888 \ No newline at end of file diff --git a/eck/kind-cluster/ror/es.yml b/eck/kind-cluster/ror/es.yml deleted file mode 100644 index 9a4e67661e..0000000000 --- a/eck/kind-cluster/ror/es.yml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: elasticsearch.k8s.elastic.co/v1 -kind: Elasticsearch -metadata: - name: quickstart -spec: - version: 8.11.1 - image: coutopl/es_8.11.1_ror_1.53.0 - nodeSets: - - name: default - count: 1 - podTemplate: - spec: - securityContext: - runAsUser: 1000 - containers: - - name: elasticsearch - resources: - limits: - memory: 2048Mi - cpu: 1 - env: - - name: INTERNAL_USR_PASS - valueFrom: - secretKeyRef: - name: quickstart-es-internal-users - key: elastic-internal - - name: INTERNAL_PROBE_PASS - valueFrom: - secretKeyRef: - name: quickstart-es-internal-users - key: elastic-internal-probe - - name: KIBANA_SERVICE_ACCOUNT_TOKEN - valueFrom: - secretKeyRef: - name: quickstart-kibana-user - key: token - - name: ES_JAVA_OPTS - value: -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8888 - volumeMounts: - - name: config - mountPath: /usr/share/elasticsearch/config/readonlyrest.yml - subPath: readonlyrest.yml - - name: config2 - mountPath: /usr/share/elasticsearch/config/log4j2.properties - subPath: log4j2.properties - initContainers: - - name: sysctl - securityContext: - privileged: true - command: [ 'sh', '-c', 'sysctl -w vm.max_map_count=262144' ] - volumes: - - name: config - configMap: - name: ror-config - - name: config2 - configMap: - name: log4j2-config diff --git a/eck/kind-cluster/ror/kbn.yml b/eck/kind-cluster/ror/kbn.yml deleted file mode 100644 index 443c3d1261..0000000000 --- a/eck/kind-cluster/ror/kbn.yml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: kibana.k8s.elastic.co/v1 -kind: Kibana -metadata: - name: quickstart -spec: - version: 8.11.1 - image: coutopl/kbn_8.11.1_ror_1.53.0 - count: 1 - elasticsearchRef: - name: quickstart - config: - readonlyrest_kbn.cookiePass: "12345678901234567890123456789012345678901234567890" - readonlyrest_kbn.logLevel: "trace" - podTemplate: - spec: - securityContext: - runAsUser: 1000 - containers: - - name: kibana - resources: - requests: - memory: 2048Mi - cpu: 2 \ No newline at end of file diff --git a/eck/todo.md b/eck/todo.md deleted file mode 100644 index fd3303a08c..0000000000 --- a/eck/todo.md +++ /dev/null @@ -1,5 +0,0 @@ -TODO: -1. ECK - KBN in HA mode -2. ECK - install plugins using init containers, not images with embedded ROR -3. script - improvements (more user friendly) -4. documentation diff --git a/ror-tools/src/main/scala/tech/beshu/ror/tools/RorToolsApp.scala b/ror-tools/src/main/scala/tech/beshu/ror/tools/RorToolsApp.scala index a9686bc5df..1c5f742510 100644 --- a/ror-tools/src/main/scala/tech/beshu/ror/tools/RorToolsApp.scala +++ b/ror-tools/src/main/scala/tech/beshu/ror/tools/RorToolsApp.scala @@ -25,6 +25,9 @@ import scala.util.Try object RorToolsApp { + // todo: + // 1. option: return success when already patched/unpatched + // 2. restore backup when fails to patch def main(args: Array[String]): Unit = { OParser .parse(parser, args, Config(Command.Verify(None)))