Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs(self-managed): external-elasticsearch configuration #3521

Merged
merged 32 commits into from
Apr 5, 2024
Merged
Changes from 1 commit
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
9916076
first draft of external-elasticsearch documentation
hamza-m-masood Mar 25, 2024
52c356a
changing wording of first paragraph
hamza-m-masood Mar 25, 2024
3db0450
changed wording
hamza-m-masood Mar 27, 2024
2ae30e7
added opensearch document page
hamza-m-masood Mar 27, 2024
b05ae89
updated elasticsearch doc
hamza-m-masood Apr 2, 2024
5d2e4b8
updated elasticsearch doc with new layout
hamza-m-masood Apr 3, 2024
291017b
from opensearch to Opensearch
hamza-m-masood Apr 3, 2024
e9a3c63
from opensearch to OpenSearch
hamza-m-masood Apr 3, 2024
93c75a8
from opensearch to OpenSearch
hamza-m-masood Apr 3, 2024
c04f273
es doc changes
hamza-m-masood Apr 3, 2024
1ce7204
opensearch changes
hamza-m-masood Apr 3, 2024
b31ad13
linking to specific opensearch section
hamza-m-masood Apr 3, 2024
c3f392a
aws iam
hamza-m-masood Apr 3, 2024
54b176b
change opensearch file name and added upgrade guide
hamza-m-masood Apr 3, 2024
ca0f793
fixed typo in upgrade guide
hamza-m-masood Apr 3, 2024
4d67d18
upgrade guide es breaking changes
hamza-m-masood Apr 4, 2024
2225c76
added irsa doc, fixed few typos
hamza-m-masood Apr 5, 2024
10fdcfd
added requested changes
hamza-m-masood Apr 5, 2024
04ddad8
changed link
hamza-m-masood Apr 5, 2024
c687c85
Merge branch 'main' into external-elasticsearch-docs
christinaausley Apr 5, 2024
a7fe264
style(formatting): technical review
christinaausley Apr 5, 2024
dfb17d1
added in sidebar files
hamza-m-masood Apr 5, 2024
1577a62
Merge branch 'external-elasticsearch-docs' of https://github.com/camu…
hamza-m-masood Apr 5, 2024
194fc11
Revert "Merge branch 'external-elasticsearch-docs' of https://github.…
hamza-m-masood Apr 5, 2024
c06d87c
added sidebar files
hamza-m-masood Apr 5, 2024
ba7483e
fixed typo
hamza-m-masood Apr 5, 2024
f3a4299
merge in main
christinaausley Apr 5, 2024
fbfdc9a
fix sidebar ids
christinaausley Apr 5, 2024
aa4a8c0
resolve broken links
christinaausley Apr 5, 2024
1c75a05
Merge branch 'main' into external-elasticsearch-docs
christinaausley Apr 5, 2024
d000232
a few more links
christinaausley Apr 5, 2024
8bc7fec
adjust irsa link
christinaausley Apr 5, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
---
aabouzaid marked this conversation as resolved.
Show resolved Hide resolved
id: using-existing-elasticsearch
title: "Using existing Elasticsearch"
description: "Learn how to use an existing elasticsearch instance in Camunda 8 Self-Managed deployment."
---

Camunda 8 Self-Managed has two different types of applications: Camunda applications (Operate, Optimize, Tasklist, etc.) and non-Camunda applications (such as Keycloak and Elasticsearch). For more details, review the [architecture](../../../platform-architecture/overview.md) documentation for more information on the different types of applications.
aabouzaid marked this conversation as resolved.
Show resolved Hide resolved

This guide steps through using an existing elasticsearch instance. By default, [Helm chart deployment](../deploy.md) creates a new elassticsearch instance, but it's possible to use an existing elasticsearch instance either inside the same Kubernetes cluster or outside of it.
aabouzaid marked this conversation as resolved.
Show resolved Hide resolved

## Preparation

### Connecting to self managed elasticsearch
aabouzaid marked this conversation as resolved.
Show resolved Hide resolved

- You must be aware of the username and password needed to connect to your Elasticsearch cluster.
- You must be aware of the hostname of the elasticsearch cluster.
- If your elasticsearch instance is accepting `http` requests then the connection is possible since you are able to modify the `global.elasticsearch.protocol` value in the Camunda helm chart.
- If you are using self signed certificates and are accepting only `https` requests in your elasticsearch cluster then you must create a `.jks` file from your elasticsearch certificate file using the `keystore` tool. Then you must create a kubernetes secret from the `.jks` file before installing Camunda. For example, this is how you would create the `.jks` file and kubernetes secret from your elasticsearch certificate file:

```yaml
keytool -import -alias elasticsearch -keystore externaldb.jks -storetype jks -file <name of elasticsearch crt file> -storepass changeit -noprompt
kubectl create secret -n <namespace> generic <secret name> --from-file=externaldb.jks
aabouzaid marked this conversation as resolved.
Show resolved Hide resolved
```

### Connecting to es-cloud
aabouzaid marked this conversation as resolved.
Show resolved Hide resolved

Since es-cloud does not use self signed certificates, all you need is the following information:
aabouzaid marked this conversation as resolved.
Show resolved Hide resolved

1. protocol, host, port
aabouzaid marked this conversation as resolved.
Show resolved Hide resolved
2. username and password

You do not need to create a secret including the `.jks` file before installing camunda like the previous section.
aabouzaid marked this conversation as resolved.
Show resolved Hide resolved

## Values file

The only change required to use the existing elasticsearch is configuring the following values in the Camunda 8 Self-Managed Helm chart:

### Connecting to self managed elasticsearch with self signed certificates

```yaml
global:
elasticsearch:
enabled: true
external: true
tls:
enabled: true
existingSecret: <secret name including .jks file>
auth:
username: <username>
password: <password>
existingSecret:
existingSecretKey:
url:
protocol: https
host: <elasticsearch host>
port: 443

elasticsearch:
enabled: false
```

If you do not wish to specify the username and password in plaintext within the values.yaml, you can use the following values instead:

```yaml
global:
elasticsearch:
auth:
existingSecret: <name of the already existing secret>
existingSecretKey: <key of the password value within the already existing secret>
```

### Connecting to es-cloud

You can use the same values provided above and not include the `global.elasticsearch.tls` section since the tls section is only needed to specify self signed certificates.

## Next Steps

Then, use the custom values file to [deploy Camunda 8](../deploy.md) as usual.

```sh
helm install camunda camunda/camunda-platform -f existing-elasticsearch-values.yaml
```
aabouzaid marked this conversation as resolved.
Show resolved Hide resolved
Loading