-
Notifications
You must be signed in to change notification settings - Fork 165
ECH/ECK remote clusters doc is incorrect for trust.yml #1647
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is confusing to let the customer to enter a value, <kubernetes-namespace>.es.local
, and have it corrected afterwards (because of the issue with the wizard) in the trust.yml
file with another value *.node.<cluster-name>.<kubernetes-namespace>.es.local
, rather than:
- not selecting
trust clusters whose CN follow the Elastic pattern
so that no misleading value is added to thetrust.yml
file, - later on, after downloading the
trust.yml
file, add the definitive correct value (*.node.<cluster-name>.<kubernetes-namespace>.es.local
).
Both solutions are ok that said. The proposed solution has the advantage to be easier to amend once the wizard has been fix
@jeanfabrice , thanks! I think your proposal would simplify the process also, so let me apply a few changes and share them with you. Update: I have a concern of your proposal:
![]() But what about @naemono , would you please help us to determine if that part of the section can be left empty or if it's better to provide a cc: @pebrc |
@jeanfabrice : As mentioned in private, your proposal won't work, as ECH needs the So I'm leaving the procedure as it is, as I have fully tested it a few times and remote cluster functionality works fine in both directions. In summary: The select trusted clusters section cannot be left empty |
🔍 Preview links for changed docs: 🔔 The preview site may take up to 3 minutes to finish building. These links will become live once it completes. |
@shainaraskas : I'm pinging you for reviewing. Nothing urgent. This PR fixes a bug that we had in the original procedure. Anyway we should soon add to this document the procedure using API Keys for this use case (as that's feasible now but still not documented). But that should be done at a later stage. @pebrc : Feel free to give your thoughts, the procedure has been tested using the exact yamls provided in the doc and all works fine. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
really nice. nitpicks only
This guide uses TLS certificates to secure remote cluster connections and follows a similar approach to [Access clusters of a self-managed environment](ec-remote-cluster-self-managed.md). | ||
|
||
### Establish trust in the {{ech}} cluster [ec_establish_trust_in_the_elasticsearch_service_cluster] | ||
### Establish trust in the ECH cluster [ec_establish_trust_in_the_elasticsearch_service_cluster] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick: an intro sentence before a procedure is nice
Co-authored-by: shainaraskas <[email protected]>
@shainaraskas : would you do a final review here? I've applied the suggestions you mentioned:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good to me
Preview:
Summary of changes:
Fixes #1378
Relates to private cloud issue https://github.com/elastic/cloud/issues/141360
Closes #1378