keep things up to date

bindiego · bindiego · commit 60f02f91b413 · 2023-01-15T21:15:15.000+08:00
diff --git a/bin/demo.sh b/bin/demo.sh
@@ -3,16 +3,16 @@
 # Author: Bin Wu <binwu@google.com>
 
 pwd=`pwd`
-cluster_name=elk-demo
+cluster_name=elastic-demo
 region=asia-east1
 # zone=asia-east1-a
 project_id=du-hast-mich
 default_pool=default-pool
 nodes_per_zone=5 # per zone
 machine_type=e2-standard-2
 release_channel=None # None -> static, e.g. rapid, regular, stable
-gke_version=1.24.5-gke.600
-eck_version=2.4.0
+gke_version=1.25.5-gke.1500
+eck_version=2.6.1
 es_cluster_name=dingo-demo
 
 __create_gke() {
diff --git a/bin/gke.sh b/bin/gke.sh
@@ -11,8 +11,8 @@ default_pool=default-pool
 nodes_per_zone=6 # per zone
 machine_type=n2-standard-8
 release_channel=None # None -> static, e.g. rapid, regular, stable
-gke_version=1.24.5-gke.600
-eck_version=2.4.0
+gke_version=1.25.5-gke.1500
+eck_version=2.6.1
 __usage() {
     echo "Usage: ./bin/gke.sh {create|(delete,del,d)|scale|fix}"
 }
diff --git a/conf/crds.yaml b/conf/crds.yaml
diff --git a/conf/operator.yaml b/conf/operator.yaml
@@ -14,7 +14,7 @@ metadata:
   namespace: elastic-system
   labels:
     control-plane: elastic-operator
-    app.kubernetes.io/version: "2.4.0"
+    app.kubernetes.io/version: "2.6.1"
 ---
 # Source: eck-operator/templates/webhook.yaml
 apiVersion: v1
@@ -24,7 +24,7 @@ metadata:
   namespace: elastic-system
   labels:
     control-plane: elastic-operator
-    app.kubernetes.io/version: "2.4.0"
+    app.kubernetes.io/version: "2.6.1"
 ---
 # Source: eck-operator/templates/configmap.yaml
 apiVersion: v1
@@ -34,27 +34,9 @@ metadata:
   namespace: elastic-system
   labels:
     control-plane: elastic-operator
-    app.kubernetes.io/version: "2.4.0"
+    app.kubernetes.io/version: "2.6.1"
 data:
-  eck.yaml: |-
-    log-verbosity: 0
-    metrics-port: 0
-    container-registry: docker.elastic.co
-    max-concurrent-reconciles: 3
-    ca-cert-validity: 8760h
-    ca-cert-rotate-before: 24h
-    cert-validity: 8760h
-    cert-rotate-before: 24h
-    exposed-node-labels: [topology.kubernetes.io/.*,failure-domain.beta.kubernetes.io/.*]
-    set-default-security-context: auto-detect
-    kube-client-timeout: 60s
-    elasticsearch-client-timeout: 180s
-    disable-telemetry: false
-    distribution-channel: all-in-one
-    validate-storage-class: true
-    enable-webhook: true
-    webhook-name: elastic-webhook.k8s.elastic.co
-    enable-leader-election: true
+  eck.yaml: "log-verbosity: 0\nmetrics-port: 0\ncontainer-registry: docker.elastic.co\ncontainer-suffix: \nmax-concurrent-reconciles: 3\nca-cert-validity: 8760h\nca-cert-rotate-before: 24h\ncert-validity: 8760h\ncert-rotate-before: 24h\nexposed-node-labels: [topology.kubernetes.io/.*,failure-domain.beta.kubernetes.io/.*]\nset-default-security-context: auto-detect\nkube-client-timeout: 60s\nelasticsearch-client-timeout: 180s\ndisable-telemetry: false\ndistribution-channel: all-in-one\nvalidate-storage-class: true\nenable-webhook: true\nwebhook-name: elastic-webhook.k8s.elastic.co\nenable-leader-election: true\nelasticsearch-observation-interval: 10s"
 ---
 # Source: eck-operator/templates/cluster-roles.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -63,7 +45,7 @@ metadata:
   name: elastic-operator
   labels:
     control-plane: elastic-operator
-    app.kubernetes.io/version: "2.4.0"
+    app.kubernetes.io/version: "2.6.1"
 rules:
 - apiGroups:
   - "authorization.k8s.io"
@@ -151,6 +133,19 @@ rules:
   - create
   - update
   - patch
+- apiGroups:
+  - autoscaling.k8s.elastic.co
+  resources:
+  - elasticsearchautoscalers
+  - elasticsearchautoscalers/status
+  - elasticsearchautoscalers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
 - apiGroups:
   - kibana.k8s.elastic.co
   resources:
@@ -229,6 +224,19 @@ rules:
   - create
   - update
   - patch
+- apiGroups:
+  - stackconfigpolicy.k8s.elastic.co
+  resources:
+  - stackconfigpolicies
+  - stackconfigpolicies/status
+  - stackconfigpolicies/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
 - apiGroups:
   - storage.k8s.io
   resources:
@@ -268,11 +276,14 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     control-plane: elastic-operator
-    app.kubernetes.io/version: "2.4.0"
+    app.kubernetes.io/version: "2.6.1"
 rules:
 - apiGroups: ["elasticsearch.k8s.elastic.co"]
   resources: ["elasticsearches"]
   verbs: ["get", "list", "watch"]
+- apiGroups: ["autoscaling.k8s.elastic.co"]
+  resources: ["elasticsearchautoscalers"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: ["apm.k8s.elastic.co"]
   resources: ["apmservers"]
   verbs: ["get", "list", "watch"]
@@ -291,6 +302,9 @@ rules:
 - apiGroups: ["maps.k8s.elastic.co"]
   resources: ["elasticmapsservers"]
   verbs: ["get", "list", "watch"]
+- apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
+  resources: ["stackconfigpolicies"]
+  verbs: ["get", "list", "watch"]
 ---
 # Source: eck-operator/templates/cluster-roles.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -301,11 +315,14 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     control-plane: elastic-operator
-    app.kubernetes.io/version: "2.4.0"
+    app.kubernetes.io/version: "2.6.1"
 rules:
 - apiGroups: ["elasticsearch.k8s.elastic.co"]
   resources: ["elasticsearches"]
   verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- apiGroups: ["autoscaling.k8s.elastic.co"]
+  resources: ["elasticsearchautoscalers"]
+  verbs: ["create", "delete", "deletecollection", "patch", "update"]
 - apiGroups: ["apm.k8s.elastic.co"]
   resources: ["apmservers"]
   verbs: ["create", "delete", "deletecollection", "patch", "update"]
@@ -324,6 +341,9 @@ rules:
 - apiGroups: ["maps.k8s.elastic.co"]
   resources: ["elasticmapsservers"]
   verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
+  resources: ["stackconfigpolicies"]
+  verbs: ["create", "delete", "deletecollection", "patch", "update"]
 ---
 # Source: eck-operator/templates/role-bindings.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -332,7 +352,7 @@ metadata:
   name: elastic-operator
   labels:
     control-plane: elastic-operator
-    app.kubernetes.io/version: "2.4.0"
+    app.kubernetes.io/version: "2.6.1"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -350,7 +370,7 @@ metadata:
   namespace: elastic-system
   labels:
     control-plane: elastic-operator
-    app.kubernetes.io/version: "2.4.0"
+    app.kubernetes.io/version: "2.6.1"
 spec:
   ports:
   - name: https
@@ -367,7 +387,7 @@ metadata:
   namespace: elastic-system
   labels:
     control-plane: elastic-operator
-    app.kubernetes.io/version: "2.4.0"
+    app.kubernetes.io/version: "2.6.1"
 spec:
   selector:
     matchLabels:
@@ -380,7 +400,7 @@ spec:
         # Rename the fields "error" to "error.message" and "source" to "event.source"
         # This is to avoid a conflict with the ECS "error" and "source" documents.
         "co.elastic.logs/raw": "[{\"type\":\"container\",\"json.keys_under_root\":true,\"paths\":[\"/var/log/containers/*${data.kubernetes.container.id}.log\"],\"processors\":[{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"error\",\"to\":\"_error\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_error\",\"to\":\"error.message\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"source\",\"to\":\"_source\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_source\",\"to\":\"event.source\"}]}}]}]"
-        "checksum/config": a99a5f63f628a1ca8df440c12506cdfbf17827a1175dc5765b05f22f92b12b95
+        "checksum/config": 0167077654d0c8023b9201c09b02b9213c73d47b50aab990b1e2e8cd41653ca7
       labels:
         control-plane: elastic-operator
     spec:
@@ -389,12 +409,19 @@ spec:
       securityContext:
         runAsNonRoot: true
       containers:
-      - image: "docker.elastic.co/eck/eck-operator:2.4.0"
+      - image: "docker.elastic.co/eck/eck-operator:2.6.1"
         imagePullPolicy: IfNotPresent
         name: manager
         args:
         - "manager"
         - "--config=/conf/eck.yaml"
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
         env:
         - name: OPERATOR_NAMESPACE
           valueFrom:
@@ -440,7 +467,7 @@ metadata:
   name: elastic-webhook.k8s.elastic.co
   labels:
     control-plane: elastic-operator
-    app.kubernetes.io/version: "2.4.0"
+    app.kubernetes.io/version: "2.6.1"
 webhooks:
 - clientConfig:
     caBundle: Cg==
@@ -652,4 +679,46 @@ webhooks:
     - UPDATE
     resources:
     - kibanas
+- clientConfig:
+    caBundle: Cg==
+    service:
+      name: elastic-webhook-server
+      namespace: elastic-system
+      path: /validate-autoscaling-k8s-elastic-co-v1alpha1-elasticsearchautoscaler
+  failurePolicy: Ignore
+  name: elastic-esa-validation-v1alpha1.k8s.elastic.co
+  matchPolicy: Exact
+  admissionReviewVersions: [v1beta1]
+  sideEffects: None
+  rules:
+  - apiGroups:
+    - autoscaling.k8s.elastic.co
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - elasticsearchautoscalers
+- clientConfig:
+    caBundle: Cg==
+    service:
+      name: elastic-webhook-server
+      namespace: elastic-system
+      path: /validate-scp-k8s-elastic-co-v1alpha1-stackconfigpolicies
+  failurePolicy: Ignore
+  name: elastic-scp-validation-v1alpha1.k8s.elastic.co
+  matchPolicy: Exact
+  admissionReviewVersions: [v1, v1beta1]
+  sideEffects: None
+  rules:
+  - apiGroups:
+    - stackconfigpolicy.k8s.elastic.co
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - stackconfigpolicies
 
diff --git a/templates/apm.yml b/templates/apm.yml
@@ -3,7 +3,7 @@ kind: ApmServer
 metadata:
       name: dingo-apm
 spec:
-    version: 8.4.3
+    version: 8.5.3
     count: 1
     elasticsearchRef:
         name: dingo
diff --git a/templates/es.all_role.yml b/templates/es.all_role.yml
@@ -3,7 +3,7 @@ kind: Elasticsearch
 metadata:
     name: dingo
 spec:
-    version: 8.4.3
+    version: 8.5.3
     #http:
         #service:
             #spec:
diff --git a/templates/es.demo.yml b/templates/es.demo.yml
@@ -3,7 +3,7 @@ kind: Elasticsearch
 metadata:
     name: dingo-demo
 spec:
-    version: 8.4.3
+    version: 8.5.3
     http:
         service:
             spec:
diff --git a/templates/es.prod.yml b/templates/es.prod.yml
@@ -3,7 +3,7 @@ kind: Elasticsearch
 metadata:
     name: dingo
 spec:
-    version: 8.4.3
+    version: 8.5.3
     #http:
         #service:
             #spec:
diff --git a/templates/es.single_node.yml b/templates/es.single_node.yml
@@ -3,7 +3,7 @@ kind: Elasticsearch
 metadata:
     name: dingo
 spec:
-    version: 8.4.3
+    version: 8.5.3
     #http:
         #service:
             #spec:
diff --git a/templates/kbn.demo.yml b/templates/kbn.demo.yml
@@ -3,7 +3,7 @@ kind: Kibana
 metadata:
     name: dingo-demo-kbn 
 spec:
-    version: 8.4.3
+    version: 8.5.3
     count: 1
     http:
         service:
diff --git a/templates/kbn.yml b/templates/kbn.yml
@@ -3,7 +3,7 @@ kind: Kibana
 metadata:
     name: dingo-kbn 
 spec:
-    version: 8.4.3
+    version: 8.5.3
     count: 1
     #http:
         #service:
