ansible role update

ansible/roles/helm_install/files/elasticsearch/examples/config/Makefile

@@ -0,0 +1,21 @@
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-es-config
+TIMEOUT := 1200s
+
+install:
+	helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../
+
+secrets:
+	kubectl delete secret elastic-config-credentials elastic-config-secret elastic-config-slack elastic-config-custom-path || true
+	kubectl create secret generic elastic-config-credentials --from-literal=password=changeme --from-literal=username=elastic
+	kubectl create secret generic elastic-config-slack --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd'
+	kubectl create secret generic elastic-config-secret --from-file=xpack.watcher.encryption_key=./watcher_encryption_key
+	kubectl create secret generic elastic-config-custom-path --from-literal=slack_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' --from-literal=thing_i_don_tcare_about=test
+
+test: secrets install goss
+
+purge:
+	helm del $(RELEASE)

ansible/roles/helm_install/files/elasticsearch/examples/config/README.md

@@ -0,0 +1,27 @@
+# Config
+
+This example deploy a single node Elasticsearch 8.4.1 with authentication and
+custom [values][].
+
+
+## Usage
+
+* Create the required secrets: `make secrets`
+
+* Deploy Elasticsearch chart with the default values: `make install`
+
+* You can now setup a port forward to query Elasticsearch API:
+
+  ```
+  kubectl port-forward svc/config-master 9200
+  curl -u elastic:changeme http://localhost:9200/_cat/indices
+  ```
+
+
+## Testing
+
+You can also run [goss integration tests][] using `make test`
+
+
+[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/config/test/goss.yaml
+[values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/config/values.yaml

ansible/roles/helm_install/files/elasticsearch/examples/config/test/goss.yaml

@@ -0,0 +1,31 @@
+http:
+  https://localhost:9200/_cluster/health:
+    status: 200
+    timeout: 2000
+    allow-insecure: true
+    username: elastic
+    password: "{{ .Env.ELASTIC_PASSWORD }}"
+    body:
+      - "green"
+      - '"number_of_nodes":1'
+      - '"number_of_data_nodes":1'
+
+  https://localhost:9200:
+    status: 200
+    timeout: 2000
+    username: elastic
+    allow-insecure: true
+    password: "{{ .Env.ELASTIC_PASSWORD }}"
+    body:
+      - '"cluster_name" : "config"'
+      - "You Know, for Search"
+
+command:
+  "elasticsearch-keystore list":
+    exit-status: 0
+    stdout:
+      - keystore.seed
+      - bootstrap.password
+      - xpack.notification.slack.account.monitoring.secure_url
+      - xpack.notification.slack.account.otheraccount.secure_url
+      - xpack.watcher.encryption_key

ansible/roles/helm_install/files/elasticsearch/examples/config/values.yaml

@@ -0,0 +1,29 @@
+---
+clusterName: "config"
+replicas: 1
+
+extraEnvs:
+  - name: ELASTIC_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: elastic-config-credentials
+        key: password
+
+# This is just a dummy file to make sure that
+# the keystore can be mounted at the same time
+# as a custom elasticsearch.yml
+esConfig:
+  elasticsearch.yml: |
+    xpack.security.enabled: true
+    path.data: /usr/share/elasticsearch/data
+
+keystore:
+  - secretName: elastic-config-secret
+  - secretName: elastic-config-slack
+  - secretName: elastic-config-custom-path
+    items:
+      - key: slack_url
+        path: xpack.notification.slack.account.otheraccount.secure_url
+
+secret:
+  enabled: false

ansible/roles/helm_install/files/elasticsearch/examples/config/watcher_encryption_key

@@ -0,0 +1 @@
+supersecret