sassoftware
diff --git a/‎CHANGELOG.md‎
Lines changed: 13 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎autogenerate.md‎
Lines changed: 0 additions & 186 deletions b/‎autogenerate.md‎
Lines changed: 0 additions & 186 deletions
diff --git a/‎bin/autogenerate-include.sh‎
Lines changed: 42 additions & 4 deletions b/‎bin/autogenerate-include.sh‎
Lines changed: 42 additions & 4 deletions
diff --git a/‎logging/bin/deploy_opensearch.sh‎
Lines changed: 15 additions & 12 deletions b/‎logging/bin/deploy_opensearch.sh‎
Lines changed: 15 additions & 12 deletions
@@ -1,4 +1,17 @@
 # SAS Viya Monitoring for Kubernetes
+## unreleased
+* **Overall**
+  * [ANNOUNCEMENT] As announced previously, this project now *requires*  the `yq` command-line processor for YAML.  Specifically, a recent version (4.32+) of the [Golang-based (Mike Farah) version of `yq`](https://github.com/mikefarah/yq)
+needs to be installed.  While this utility is *currently* only used in a few places, we expect its use to become
+much more extensive over time.
+  * [FEATURE] The auto-generation of Ingress resources for the web applications has moved from *experimental*
+to *production* status.  As noted earlier, this feature requires the `yq` utility.  See the 
+[Configure Ingress Access to Web Applications](https://documentation.sas.com/?cdcId=obsrvcdc&cdcVersion=v_003&docsetId=obsrvdply&docsetTarget=n0auhd4hutsf7xn169hfvriysz4e.htm#n0jiph3lcb5rmsn1g71be3cesmo8)
+topic within the Help Center documentation for further information.
+  * [FEATURE] The auto-generation of storageClass references for PVC definitions has moved from *experimental*
+to *production* status.  As noted earlier, this feature requires the `yq` utility.  See the 
+[Customize StorageClass](https://documentation.sas.com/?cdcId=obsrvcdc&cdcVersion=v_003&docsetId=obsrvdply&docsetTarget=n0auhd4hutsf7xn169hfvriysz4e.htm#p1lvxtk81r8jgun1d789fqaz3lq1)
+topic within the Help Center documentation for further information.
 
 
 ## unreleased
 
@@ -24,6 +24,26 @@ function checkYqVersion {
 
 export -f checkYqVersion
 
+function create_ingress_certs {
+   local certFile keyFile namespace secretName
+
+   namespace="$1"
+   secretName="$2"
+   certFile="${3:-$INGRESS_CERT}"
+   keyFile="${4:-$INGRESS_KEY}"
+
+   if [ -f "$certFile" ] && [ -f "$keyFile" ]; then
+      kubectl delete secret "$secretName" --namespace "$namespace" --ignore-not-found 
+      kubectl create secret tls "$secretName" --namespace "$namespace" --key="$keyFile" --cert="$certFile" 
+      kubectl -n $namespace label secret $secretName  managed-by="v4m-es-script"
+   elif [ ! -z "$certFile$keyFile" ]; then
+      log_warn "Missing Ingress certificate file; specified Ingress cert [$certFile] and/or key [$keyFile] file is missing."
+      log_warn "Create the missing Kubernetes secrets after deployment; use command: kubectl -create secret tls $secretName --namespace $namespace --key=cert_key_file --cert=cert_file"
+   fi   
+}
+
+export -f create_ingress_certs
+
 AUTOGENERATE_INGRESS="${AUTOGENERATE_INGRESS:-false}"
 AUTOGENERATE_STORAGECLASS="${AUTOGENERATE_STORAGECLASS:-false}"
 
@@ -57,11 +77,29 @@ if [ -z "$AUTOGENERATE_SOURCED" ]; then
          exit 1
       fi
 
-      routing="${ROUTING:-host}"
-
-      if [ "$routing" != "host" ]; then
-         MON_TLS_PATH_INGRESS="true"
+      ROUTING="${ROUTING:-host}"
+      
+      if [ "$ROUTING" == "path" ]; then
+         export MON_TLS_PATH_INGRESS="true"
          log_debug "Path ingress requested, setting MON_TLS_PATH_INGRESS to 'true'"
+      elif [ "$ROUTING" != "host" ] && [ "$ROUTING" != "path" ]; then
+         log_error "Invalid ROUTING value, valid values are 'host' or 'path'"
+         exit 1
+      fi
+
+      INGRESS_CERT="${INGRESS_CERT}"
+      INGRESS_KEY="${INGRESS_KEY}"
+      if [ "$INGRESS_CERT/$INGRESS_KEY" != "/" ]; then
+         if [ ! -f "$INGRESS_CERT" ] || [ ! -f "$INGRESS_KEY" ]; then
+            # Only WARN b/c missing cert doesn't prevent deployment and it can be created afterwards
+            log_warn "Missing Ingress certificate file; specified Ingress cert [$INGRESS_CERT] and/or key [$INGRESS_KEY] file is missing."
+            log_warn "You can create the missing Kubernetes secrets after deployment. See Enable TLS for Ingress topic in Help Center documentation."
+            #unset variable values to prevent further attempted use
+            unset INGRESS_CERT
+            unset INGRESS_KEY
+         else
+            log_debug "Ingress cert [$INGRESS_CERT] and key [$INGRESS_KEY] files exist."
+         fi
       fi
 
       log_info "Autogeneration of Ingress definitions has been enabled"
 
@@ -39,13 +39,13 @@ if [ "$AUTOGENERATE_STORAGECLASS" == "true" ]; then
    sc="$storageClass" yq -i '.persistence.storageClass=env(sc)' "$autogeneratedYAMLFile"
 
 else
-   log_debug "Autogeneration of storageClassReferences NOT enabled"
+   log_debug "Autogeneration of storageClass References NOT enabled"
 fi
 
 AUTOGENERATE_INGRESS="${AUTOGENERATE_INGRESS:-false}"
+OPENSEARCH_INGRESS_ENABLE="${OPENSEARCH_INGRESS_ENABLE:-false}"
 
-if [ "$AUTOGENERATE_INGRESS" == "true" ]; then
-
+if [ "$AUTOGENERATE_INGRESS" == "true" ] && [ "$OPENSEARCH_INGRESS_ENABLE"="true" ]; then
 
    if [ ! -f "$autogeneratedYAMLFile" ]; then
       log_debug "Creating file [$autogeneratedYAMLFile]"
@@ -54,21 +54,24 @@ if [ "$AUTOGENERATE_INGRESS" == "true" ]; then
       log_debug "File [$autogeneratedYAMLFile] already exists"
    fi
 
-   routing="${ROUTING:-host}"
-   log_debug "ROUTING [$routing]"
+   osIngressCert="${OPENSEARCH_INGRESS_CERT}"
+   osIngressKey="${OPENSEARCH_INGRESS_KEY}"
+
+   create_ingress_certs "$LOG_NS" "elasticsearch-ingress-tls-secret" "$osIngressCert" "$osIngressKey" 
+
+   ROUTING="${ROUTING:-host}"
 
    ## tested with sample version: 0.2.1
-   ingressSampleFile="samples/ingress/${routing}-based-ingress/logging/user-values-opensearch.yaml"
+   ingressSampleFile="samples/ingress/${ROUTING}-based-ingress/logging/user-values-opensearch.yaml"
 
    #intialized the yaml file w/appropriate ingress sample
    yq -i eval-all '. as $item ireduce ({}; . * $item )' "$autogeneratedYAMLFile" "$ingressSampleFile"
 
-
-   OPENSEARCH_INGRESS_ENABLE="${OPENSEARCH_INGRESS_ENABLE:-false}"
+   
    OPENSEARCH_FQDN="${OPENSEARCH_FQDN}"
    OPENSEARCH_PATH="${OPENSEARCH_PATH:-search}"
    if [ -z "$OPENSEARCH_FQDN" ]; then
-      if [ "$routing" == "host" ]; then
+      if [ "$ROUTING" == "host" ]; then
          OPENSEARCH_FQDN="$OPENSEARCH_PATH.$BASE_DOMAIN"
       else
          OPENSEARCH_FQDN="$BASE_DOMAIN"
@@ -81,7 +84,7 @@ if [ "$AUTOGENERATE_INGRESS" == "true" ]; then
 
    yq -i '.ingress.enabled=env(OPENSEARCH_INGRESS_ENABLE)'               $autogeneratedYAMLFile
 
-   if [ "$routing" == "host" ]; then
+   if [ "$ROUTING" == "host" ]; then
       yq -i '.ingress.hosts.[0]=env(OPENSEARCH_FQDN)'                    $autogeneratedYAMLFile
       yq -i '.ingress.tls.[0].hosts.[0]=env(OPENSEARCH_FQDN)'            $autogeneratedYAMLFile
    else
@@ -95,9 +98,9 @@ if [ "$AUTOGENERATE_INGRESS" == "true" ]; then
       printf -v snippet "rewrite (?i)/$OPENSEARCH_PATH/(.*) /\$1 break;\nrewrite (?i)/${OPENSEARCH_PATH}$ / break;"  ;
       snippet="$snippet"    yq -i '.ingress.annotations["nginx.ingress.kubernetes.io/configuration-snippet"]=strenv(snippet)'  $autogeneratedYAMLFile
 
-   fi
+   fi      
 else
-   log_debug "Autogeneration of ingresss NOT enabled"
+   log_debug "Autogeneration of ingresss NOT enabled and/or ingress NOT enabled for OpenSearch"
 fi