Dev aka fix apigw kibana err msg (#68)

* fix for allowanonymous status in kibana * fix for allowanonymous status in kibana and updating helm/README.me from values.yaml * added readinessProbe configuration for kibana * moved default readinessProbe in values.yaml, added optional livenessProbe
SoftwareAG · Mar 22, 2024 · 8788a32 · 8788a32
1 parent eb7bffd
commit 8788a32
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 9 deletions.
diff --git a/apigateway/helm/Chart.yaml b/apigateway/helm/Chart.yaml
@@ -33,7 +33,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.2.0
+version: 1.2.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/apigateway/helm/README.md b/apigateway/helm/README.md
@@ -152,6 +152,7 @@ helm upgrade -i -f myvalues.yaml --set ingress.tls.key="$(<key.pem)" --set ingre
 | `1.0.0` | Initial release |
 | `1.1.0` | Bug fixes in default values and helper functions for elastic secret names. <br> **Attention:** moved elasticsearch secret keys: <br>elasticSecretName --> elasticsearch.secretName<br>elasticSecretUserKey --> elasticsearch.secretUserKey<br>elasticSecretPasswordKey --> elasticsearch.secretPasswordKey |
 | `1.2.0` | Added Kibana TLS/SSL functionality towards Elasticsearch. Helper function aded for kibana truststore password.
+| `1.2.1` | Added Kibana configuration field 'status.allowAnonymous' set by Values.kibana.allowAnonymousStatus. This removes errors in API Gateway log indicating that Kibana is not available.
 ## Values
 
 | Key | Type | Default | Description |
@@ -297,13 +298,16 @@ helm upgrade -i -f myvalues.yaml --set ingress.tls.key="$(<key.pem)" --set ingre
 | ingresses.ui.tls[0].secretName | string | `nil` |  |
 | ingresses.ui.tls[0].secretProviderEnabled | bool | `false` |  |
 | ingresses.ui.tls[0].secretProviderSecretName | string | `nil` |  |
+| kibana.allowAnonymousStatus | bool | `true` | Enable anonymous access to /api/status. |
 | kibana.annotations | object | `{}` | Annotations for Kibana |
 | kibana.count | int | `1` |  |
 | kibana.extraInitContainers | list | `[]` | The definition of extra initContainers for kibana. |
 | kibana.extraLabels | object | `{}` | Additional labels to be added to kibana pod labels. |
 | kibana.image | string | `nil` | The image that should be used. By default ECK will use the official Elasticsearch images.  Overwrite this to use an image from an internal registry or any custom images. Make sure that the image corresponds to the version field. |
+| kibana.livenessProbe | object | `{}` | Configure Kibana's livenessProbe. |
 | kibana.podSecurityContext | object | `{}` | The pod securityContext for kibana pod. |
 | kibana.port | int | `5601` | The default Kibana Port |
+| kibana.readinessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/status","port":5601,"scheme":"HTTP"},"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Configure Kibana's readinessProbe. |
 | kibana.resources | object | `{}` | Resource Settings for Kibana Example:   limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi   |
 | kibana.secretName | string | `""` | The secret name that holds the kibana user for API Gateway. |
 | kibana.securityContext | object | `{}` | The securityContext for kibana container. |

diff --git a/apigateway/helm/README.md.gotmpl b/apigateway/helm/README.md.gotmpl
@@ -153,4 +153,5 @@ helm upgrade -i -f myvalues.yaml --set ingress.tls.key="$(<key.pem)" --set ingre
 | `1.0.0` | Initial release |
 | `1.1.0` | Bug fixes in default values and helper functions for elastic secret names. <br> **Attention:** moved elasticsearch secret keys: <br>elasticSecretName --> elasticsearch.secretName<br>elasticSecretUserKey --> elasticsearch.secretUserKey<br>elasticSecretPasswordKey --> elasticsearch.secretPasswordKey |
 | `1.2.0` | Added Kibana TLS/SSL functionality towards Elasticsearch. Helper function aded for kibana truststore password.
+| `1.2.1` | Added Kibana configuration field 'status.allowAnonymous' set by Values.kibana.allowAnonymousStatus. This removes errors in API Gateway log indicating that Kibana is not available.
 {{ template "chart.valuesSection" . }}
diff --git a/apigateway/helm/templates/kibana.yaml b/apigateway/helm/templates/kibana.yaml
@@ -38,6 +38,11 @@ spec:
     server.publicBaseUrl: https://{{ $defaultHost }}/apigatewayui/dashboardproxy
     server.basePath: /apigatewayui/dashboardproxy
     server.rewriteBasePath: false
+    {{- if .Values.kibana.allowAnonymousStatus }}
+    status.allowAnonymous: true
+    {{- else }}
+    status.allowAnonymous: false
+    {{- end }}
     {{- if .Values.kibana.tls.enabled }}
     elasticsearch.ssl.truststore.path: /usr/share/kibana/config/elasticsearch-certs/truststore.p12
     elasticsearch.ssl.truststore.password: "${KIBANA_TRUSTSTORE_PASSWORD}"
@@ -67,14 +72,14 @@ spec:
     spec:
       imagePullSecrets:
         {{- toYaml .Values.imagePullSecrets | nindent 8 }}
-      {{-  if .Values.kibana.serviceAccount.name }}
+      {{- if .Values.kibana.serviceAccount.name }}
       serviceAccountName: {{ .Values.kibana.serviceAccount.name }}
       {{- end }}
-      {{-  if .Values.kibana.podSecurityContext }}
+      {{- if .Values.kibana.podSecurityContext }}
       securityContext:
         {{- toYaml .Values.kibana.podSecurityContext | nindent 8 }}
       {{- end }}
-      {{-  if .Values.kibana.extraInitContainers }}
+      {{- if .Values.kibana.extraInitContainers }}
       initContainers:
         {{- toYaml .Values.kibana.extraInitContainers | nindent 8 }}
       {{- end }}
@@ -91,7 +96,7 @@ spec:
         - name: kibana
           resources:
             {{- toYaml .Values.kibana.resources | nindent 12 }}
-          {{-  if .Values.kibana.securityContext }}
+          {{- if .Values.kibana.securityContext }}
           securityContext:
             {{- toYaml .Values.kibana.securityContext | nindent 12 }}
           {{- end }}
@@ -114,10 +119,11 @@ spec:
                   key: password
             {{- end }}
           readinessProbe:
-            httpGet:
-              path: /status
-              port: 5601
-              scheme: HTTP
+            {{- toYaml .Values.kibana.readinessProbe | nindent 12 }}
+          {{- if .Values.kibana.livenessProbe }}
+          livenessProbe:
+            {{- toYaml .Values.kibana.livenessProbe | nindent 12 }}
+          {{- end }}
           {{- if .Values.kibana.tls.enabled }}
           volumeMounts:
             - name: elasticsearch-certs

diff --git a/apigateway/helm/values.yaml b/apigateway/helm/values.yaml
@@ -650,6 +650,31 @@ kibana:
     # Requires create=true to work.
     roleName: ""
 
+  # -- Configure Kibana's readinessProbe.
+  readinessProbe:
+    httpGet:
+      path: /status
+      port: 5601
+      scheme: HTTP
+    failureThreshold: 3
+    successThreshold: 1
+    periodSeconds: 10
+    timeoutSeconds: 1
+
+  # -- Configure Kibana's livenessProbe.
+  livenessProbe: {}
+    # tcpSocket:
+    #   port: 5601
+    # failureThreshold: 3
+    # successThreshold: 1
+    # initialDelaySeconds: 30
+    # periodSeconds: 30
+    # timeoutSeconds: 1
+
+  # Set to 'true' prevents API Gateway Error message in the log, indicating that Kibana is not available.
+  # -- Enable anonymous access to /api/status.
+  allowAnonymousStatus: true
+
   # -- Enable and configure tls connection from Kibana to Elasticsearch.
   tls:
     # -- Whether to enable tls connection from Kibana to Elasticsearch.