Compare revisions

Kirby Liu · Kirby Liu · RENOVATE_BOT · Zach Callahan · Zach Callahan · 4c30c0fd
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,38 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

 ---
+
+## [1.19.0-bb.0] - 2024-09-26
+
+### Changed
+
+Updated ElasticSearch-Kibana to 1.19.0:
+
+- ironbank/elastic/elasticsearch/elasticsearch updated from 8.14.3 to 8.15.1
+
+  Upstream Release Notes:
+
+  - [8.15.1](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/release-notes-8.15.1.html)
+  - [8.15.0](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/release-notes-8.15.0.html)
+
+- ironbank/elastic/kibana/kibana updated from 8.14.3 to 8.15.1
+
+  Upstream Release Notes:
+
+  - [8.15.1](https://www.elastic.co/guide/en/kibana/8.15/release-notes-8.15.1.html)
+  - [8.15.0](https://www.elastic.co/guide/en/kibana/8.15/release-notes-8.15.0.html)
+
+- ironbank/opensource/kubernetes/kubectl updated from v1.29.6 to v1.30.5
+
+## [1.18.0-bb.5] - 2024-09-25
+
+### Changed
+
+- Reverted changes made from 1.18.0-bb.3
+  - Renabled Elasticsearch selfSignedCertificate
+  - Changed mtls to SIMPLE in the Destination Rule
+  - Disable Elasticsearch virtual service by default
+
 ## [1.18.0-bb.4] - 2024-09-17

 ### Added
@@ -24,7 +56,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Fix bug in prometheus subchart that errored when trying to parse podLabels
 - Ran a fresh helm dependency update to sync the subchart archive to the copy in deps

-
 ## [1.18.0-bb.1] - 2024-08-13

 ### Changed

--- a/README.md
+++ b/README.md
 <!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
 # elasticsearch-kibana

-![Version: 1.18.0-bb.4](https://img.shields.io/badge/Version-1.18.0--bb.4-informational?style=flat-square) ![AppVersion: 8.14.3](https://img.shields.io/badge/AppVersion-8.14.3-informational?style=flat-square)
+![Version: 1.19.0-bb.0](https://img.shields.io/badge/Version-1.19.0--bb.0-informational?style=flat-square) ![AppVersion: 8.15.1](https://img.shields.io/badge/AppVersion-8.15.1-informational?style=flat-square)

 Configurable Deployment of Elasticsearch and Kibana Custom Resources Wrapped Inside a Helm Chart.

-## Upstream Release Notes
+### Upstream Release Notes

-This package has no upstream release note links on file. Please add some to [chart/Chart.yaml](chart/Chart.yaml) under `annotations.bigbang.dev/upstreamReleaseNotesMarkdown`.
-Example:
-```yaml
-annotations:
-  bigbang.dev/upstreamReleaseNotesMarkdown: |
-    - [Find our upstream chart's CHANGELOG here](https://link-goes-here/CHANGELOG.md)
-    - [and our upstream application release notes here](https://another-link-here/RELEASE_NOTES.md)
-```
+This chart has no upstream and is maintained entirely by the Big Bang team. It is
+(usually) updated any time new versions of elasticsearch and kibana are released
+upstream. The changelog for both can be found at the following places:
+
+- [Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/es-release-notes.html)
+- [Kibana](https://www.elastic.co/guide/en/kibana/current/release-notes.html)

 ## Learn More
 * [Application Overview](docs/overview.md)
@@ -46,9 +44,9 @@ helm install elasticsearch-kibana chart/
 | autoRollingUpgrade.enabled | bool | `false` | Enable BigBang specific autoRollingUpgrade support |
 | imagePullPolicy | string | `"IfNotPresent"` | Pull Policy for all non-init containers in this package. |
 | fluentbit | object | `{"enabled":false}` | Toggle for networkpolicies to allow fluentbit ingress |
-| kibana.version | string | `"8.14.3"` | Kibana version |
+| kibana.version | string | `"8.15.1"` | Kibana version |
 | kibana.image.repository | string | `"registry1.dso.mil/ironbank/elastic/kibana/kibana"` | Kibana image repository |
-| kibana.image.tag | string | `"8.14.3"` | Kibana image tag |
+| kibana.image.tag | string | `"8.15.1"` | Kibana image tag |
 | kibana.host | string | `""` | Kibana Ingress Host Value. Only required if not using Istio for ingress. |
 | kibana.count | int | `3` | Number of Kibana replicas |
 | kibana.serviceAccountName | string | `"logging-kibana"` | Name for serviceAccount to use, will be autocreated. |
@@ -67,9 +65,9 @@ helm install elasticsearch-kibana chart/
 | kibana.nodeSelector | object | `{}` | Kibana nodeSelector |
 | kibana.lifecycle | object | `{}` | Kibana lifecycle |
 | kibana.agents | object | `{}` | Kibana Elastic Agent / Fleet Server configuration https://www.elastic.co/guide/en/cloud-on-k8s/2.7/k8s-elastic-agent-fleet-quickstart.html |
-| elasticsearch.version | string | `"8.14.3"` | Elasticsearch version |
+| elasticsearch.version | string | `"8.15.1"` | Elasticsearch version |
 | elasticsearch.image.repository | string | `"registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch"` | Elasticsearch image repository |
-| elasticsearch.image.tag | string | `"8.14.3"` | Elasticsearch image tag |
+| elasticsearch.image.tag | string | `"8.15.1"` | Elasticsearch image tag |
 | elasticsearch.imagePullSecrets | list | `[]` | Elasticsearch imagePullSecrets |
 | elasticsearch.serviceAccountName | string | `"logging-elasticsearch"` | Name for serviceAccount to use, will be autocreated. |
 | elasticsearch.serviceAccountAnnotations | object | `{}` | Annotations for the elasticsearch service account. |
@@ -109,7 +107,7 @@ helm install elasticsearch-kibana chart/
 | elasticsearch.data.resources | object | `{"limits":{"cpu":1,"memory":"4Gi"},"requests":{"cpu":1,"memory":"4Gi"}}` | Elasticsearch data pod resources |
 | elasticsearch.data.heap.min | string | `"2g"` | Elasticsearch data Java heap Xms setting |
 | elasticsearch.data.heap.max | string | `"2g"` | Elasticsearch data Java heap Xmx setting |
-| elasticsearch.ingest.enabled | bool | `false` | Enable ingest specific Elasticsearch pods |
+| elasticsearch.ingest.enabled | bool | `true` | Enable ingest specific Elasticsearch pods |
 | elasticsearch.ingest.initContainers | list | `[]` | initContainers |
 | elasticsearch.ingest.securityContext | object | `{"fsGroup":1000,"runAsGroup":1000,"runAsUser":1000}` | Set securityContext for elasticsearch ingest node sets |
 | elasticsearch.ingest.containersecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
@@ -189,7 +187,7 @@ helm install elasticsearch-kibana chart/
 | istio.hardened.elasticsearch.principals[0] | string | `"cluster.local/ns/logging/sa/logging-elasticsearch"` |  |
 | istio.mtls | object | `{"mode":"STRICT"}` | Default EK peer authentication       |
 | istio.mtls.mode | string | `"STRICT"` | STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic |
-| istio.elasticsearch.enabled | bool | `false` | Toggle virtualService creation |
+| istio.elasticsearch.enabled | bool | `true` | Toggle virtualService creation |
 | istio.elasticsearch.annotations | object | `{}` | Annotations for controls the gateway used/attached to the virtualService |
 | istio.elasticsearch.labels | object | `{}` | Labels for virtualService |
 | istio.elasticsearch.gateways | list | `["istio-system/main"]` | Gateway(s) to apply virtualService routes to. |
@@ -248,6 +246,9 @@ helm install elasticsearch-kibana chart/
 | bbtests.scripts.image | string | `"registry1.dso.mil/ironbank/stedolan/jq:1.7"` | image to use for script based tests |
 | bbtests.scripts.envs | object | `{"desired_version":"{{ .Values.elasticsearch.version }}","elasticsearch_host":"https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc.cluster.local:9200"}` | ENVs added to script test pods |
 | bbtests.scripts.secretEnvs | list | `[{"name":"ELASTIC_PASSWORD","valueFrom":{"secretKeyRef":{"key":"elastic","name":"logging-ek-es-elastic-user"}}}]` | ENVs added to script test pods from existing secrets |
+| waitJob.enabled | bool | `true` |  |
+| waitJob.scripts.image | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.5"` |  |
+| waitJob.permissions.resources[0] | string | `"elasticsearch-kibana"` |  |

 ## Contributing


--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
 apiVersion: v2
 name: elasticsearch-kibana
 description: Configurable Deployment of Elasticsearch and Kibana Custom Resources Wrapped Inside a Helm Chart.
-version: 1.18.0-bb.4
-appVersion: 8.14.3
+version: 1.19.0-bb.0
+appVersion: 8.15.1
 dependencies:
  - name: gluon
    version: 0.5.4
@@ -14,13 +14,20 @@ dependencies:
    alias: metrics
 annotations:
  bigbang.dev/applicationVersions: |
-    - Kibana: 8.14.3
-    - Elasticsearch: 8.14.3
+    - Kibana: 8.15.1
+    - Elasticsearch: 8.15.1
+  bigbang.dev/upstreamReleaseNotesMarkdown: |
+    This chart has no upstream and is maintained entirely by the Big Bang team. It is 
+    (usually) updated any time new versions of elasticsearch and kibana are released
+    upstream. The changelog for both can be found at the following places:
+
+    - [Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/es-release-notes.html)
+    - [Kibana](https://www.elastic.co/guide/en/kibana/current/release-notes.html)
  helm.sh/images: |
    - name: kibana
-      image: registry1.dso.mil/ironbank/elastic/kibana/kibana:8.14.3
+      image: registry1.dso.mil/ironbank/elastic/kibana/kibana:8.15.1
    - name: elasticsearch
-      image: registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch:8.14.3
+      image: registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch:8.15.1
    - name: base
      image: registry1.dso.mil/ironbank/big-bang/base:2.1.0
    - name: script-tests
@@ -30,4 +37,4 @@ annotations:
      condition: metrics.enabled
      image: registry1.dso.mil/ironbank/opensource/bitnami/elasticsearch-exporter:1.7.0
    - name: kubectl
-      image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.29.6
+      image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.5
--- a/chart/templates/bigbang/destination-rules/elasticsearch-dr.yaml
+++ b/chart/templates/bigbang/destination-rules/elasticsearch-dr.yaml
@@ -8,5 +8,5 @@ spec:
  host: {{ .Release.Name }}-es-http
  trafficPolicy:
    tls:
-      mode: ISTIO_MUTUAL
+      mode: SIMPLE
 {{- end }}
\ No newline at end of file
--- a/chart/templates/bigbang/upgrade-job.yaml
+++ b/chart/templates/bigbang/upgrade-job.yaml
@@ -156,6 +156,9 @@ spec:
              elif [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.version}') == 8.13.* ]] && [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.spec.version}') == 8.14.* ]]; then
                export ES_DESIRED_VERSION="8.14.*"
                export ROLLING_UPGRADE="true"
+              elif [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.version}') == 8.14.* ]] && [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.spec.version}') == 8.15.* ]]; then
+                export ES_DESIRED_VERSION="8.15.*"
+                export ROLLING_UPGRADE="true"
              fi

              if [[ "$ROLLING_UPGRADE" == "true" ]]; then

--- a/chart/templates/elasticsearch.yaml
+++ b/chart/templates/elasticsearch.yaml
@@ -6,12 +6,7 @@ metadata:
 spec:
  version: {{ .Values.elasticsearch.version }}
  image: {{ .Values.elasticsearch.image.repository }}:{{ .Values.elasticsearch.image.tag }}
-  {{ if .Values.istio.enabled }}
-  http:
-    tls:
-      selfSignedCertificate:
-        disabled: true
-  {{- end }}
+  
  {{- if .Values.sso.enabled }}
  secureSettings:
    - secretName: sso-secret
@@ -39,7 +34,7 @@ spec:
      node.roles: ["master"]
      node.store.allow_mmap: true
      xpack.ml.enabled: {{ $.Values.elasticsearch.ml.enabled }}
-      xpack.security.authc.token.enabled: {{ not $.Values.istio.enabled }}
+      xpack.security.authc.token.enabled: true
      {{- if $.Values.sso.enabled }}
      {{ include "oidc" $ | indent 6 }}
      {{- end }}
@@ -144,7 +139,7 @@ spec:
      node.roles: ["data", "ingest"]
      node.store.allow_mmap: true
      xpack.ml.enabled: {{ $.Values.elasticsearch.ml.enabled }}
-      xpack.security.authc.token.enabled: {{ not $.Values.istio.enabled }}
+      xpack.security.authc.token.enabled: true
      {{- if $.Values.sso.enabled }}
      {{ include "oidc" $ | indent 6 }}
      {{- end }}
@@ -253,7 +248,7 @@ spec:
      node.roles: ["ingest"]
      node.store.allow_mmap: true
      xpack.ml.enabled: {{ $.Values.elasticsearch.ml.enabled }}
-      xpack.security.authc.token.enabled: {{ not $.Values.istio.enabled }}
+      xpack.security.authc.token.enabled: true
      {{- if $.Values.sso.enabled }}
      {{ include "oidc" $ | indent 6 }}
      {{- end }}
@@ -357,7 +352,7 @@ spec:
      node.roles: ["ml"]
      xpack.ml.enabled: {{ $.Values.elasticsearch.ml.enabled }}
      node.store.allow_mmap: true
-      xpack.security.authc.token.enabled: {{ not $.Values.istio.enabled }}
+      xpack.security.authc.token.enabled: true
      {{- if $.Values.sso.enabled }}
      {{ include "oidc" $ | indent 6 }}
      {{- end }}
@@ -463,7 +458,7 @@ spec:
      index.store.type: mmapfs
      node.store.allow_mmap: true
      xpack.ml.enabled: {{ $.Values.elasticsearch.ml.enabled }}
-      xpack.security.authc.token.enabled: {{ not $.Values.istio.enabled }}
+      xpack.security.authc.token.enabled: true
      {{- if $.Values.sso.enabled }}
      {{ include "oidc" $ | indent 6 }}
      {{- end }}

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -14,12 +14,12 @@ fluentbit:

 kibana:
  # -- Kibana version
-  version: 8.14.3
+  version: 8.15.1
  image:
    # -- Kibana image repository
    repository: registry1.dso.mil/ironbank/elastic/kibana/kibana
    # -- Kibana image tag
-    tag: 8.14.3
+    tag: 8.15.1

  # -- Kibana Ingress Host Value.
  # Only required if not using Istio for ingress.
@@ -158,12 +158,12 @@ kibana:

 elasticsearch:
  # -- Elasticsearch version
-  version: 8.14.3
+  version: 8.15.1
  image:
    # -- Elasticsearch image repository
    repository: registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch
    # -- Elasticsearch image tag
-    tag: 8.14.3
+    tag: 8.15.1

  # -- Elasticsearch imagePullSecrets
  imagePullSecrets: []
@@ -767,7 +767,7 @@ istio:
    mode: STRICT
  elasticsearch:
    # -- Toggle virtualService creation
-    enabled: true
+    enabled: false
    # -- Annotations for controls the gateway used/attached to the virtualService
    annotations: {}
    # -- Labels for virtualService
@@ -953,7 +953,7 @@ bbtests:
 waitJob:
  enabled: true
  scripts:
-    image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.29.6
+    image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.5
  permissions:
    resources:
     - elasticsearch-kibana
No results found