feat: Elasticsearch access via API Key#13167
feat: Elasticsearch access via API Key#13167leonardlin wants to merge 3 commits intoinfiniflow:mainfrom
Conversation
dosubot
bot
added
size:M
|
@Magicbook1108 @KevinHuSh this is the updated PR |
fixed local configuration feat: Elasticsearch access via API Key: reverse testconfig feat: Elasticsearch access via API Key: reverse testconfig
leonardlin-maintmaster
force-pushed
the
main
branch
from
3a0f561 to
ddb1450
Compare
|
Exactly what's the point of Basic Auth when the Elastic Cloud provided default API is based on endpoint + API Key? Shockingly bad decision to build something with basic auth. @click.option("--es-user", default=None, help="Elasticsearch username") Can I plase also request you do NOT default the endpoint of ES cloud to 9200 pls? The ES cloud's default provided port is 443 not 9200 @click.option("--es-port", default=9200, type=int, help="Elasticsearch port") |
docker/.env
Outdated
|
|
||
| # The hostname where the Elasticsearch service is exposed | ||
| ES_HOST=es01 | ||
| ES_HOST=http://es01:9200 |
There was a problem hiding this comment.
Appreciations!
This default setting should not be changed in consideration other users.
There was a problem hiding this comment.
Hi @KevinHuSh
There was no actual change in default port or protocol. It was http/9200 before too.
The difference is:
Previously the default protocol (http) and default port (9200) was populated/enforced in the docker/service_conf.yaml.template.
There was no way to define httpS or another port via environment variables.
ES_HOST as environment variable is not used directly but only the after parsing in service_conf.yaml.template
This means for the cases:
No ES_HOST defined: In service_conf.yaml.template the old default is defined: http://es01:9200
ES_HOST defined as old default: http://es01:9200 -> passed through
ES_HOST set to another external service -> passed through
Does this help to clarify?
There was a problem hiding this comment.
The circumstance might be more complicated. By my understanding, this requires .env and service_conf.yaml should be with the same version since they're coupled. For some users, they might apply the latest .env with the older version of service_conf.yaml. So, we should try our best to make minimum alteration to avoid unecessary confusion for all users.
There was a problem hiding this comment.
@KevinHuSh I updated the approach to keep the old ES_HOST format.
3 participants
What problem does this PR solve?
As requested: #10321
Elasticsearch configuration uses username/password.
In order to use external / cloud hosted elasticsearch, we need to enable API-Key based authentication.
Following changes:
Adds ELASTIC_API_KEY as configuration
Connection Pool checks if APIKey is present and tries to use it
HelmChart allows to disable the elasticsearch deployment
Type of change