From a25db945be79e11ebe3f5918875d0cfd00db805f Mon Sep 17 00:00:00 2001 From: pega-Abhinav <110885740+pega-Abhinav@users.noreply.github.com> Date: Fri, 15 Nov 2024 17:30:27 +0530 Subject: [PATCH 1/6] US-646756 : containerLifecycleHooks for pega deployments (#841) Co-authored-by: Saurabh --- charts/pega/templates/_pega-deployment.tpl | 6 +++ .../data/values_custom_lifecycle_hooks.yaml | 23 +++++++++ ...er-deployment-with-lifecycle-hooks_test.go | 49 +++++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 terratest/src/test/pega/data/values_custom_lifecycle_hooks.yaml create mode 100644 terratest/src/test/pega/pega-tier-deployment-with-lifecycle-hooks_test.go diff --git a/charts/pega/templates/_pega-deployment.tpl b/charts/pega/templates/_pega-deployment.tpl index 32004fe64..c3473d32a 100644 --- a/charts/pega/templates/_pega-deployment.tpl +++ b/charts/pega/templates/_pega-deployment.tpl @@ -149,6 +149,12 @@ spec: # Additional custom ports {{ toYaml .custom.ports | indent 8 }} {{- end }} +{{- end }} +{{- if .custom }} +{{- if .custom.containerLifecycleHooks }} + lifecycle: +{{ toYaml .custom.containerLifecycleHooks | indent 10 }} +{{- end }} {{- end }} # Specify any of the container environment variables here env: diff --git a/terratest/src/test/pega/data/values_custom_lifecycle_hooks.yaml b/terratest/src/test/pega/data/values_custom_lifecycle_hooks.yaml new file mode 100644 index 000000000..cb1d47f83 --- /dev/null +++ b/terratest/src/test/pega/data/values_custom_lifecycle_hooks.yaml @@ -0,0 +1,23 @@ +--- +global: + tier: + - name: "web" + nodeType: "WebUser" + requestor: + passivationTimeSec: 900 + replicas: 1 + deploymentStrategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + livenessProbe: + port: 8081 + # Values for test - web + custom: + containerLifecycleHooks: + preStop: + exec: + command: + - sleep + - '15' diff --git a/terratest/src/test/pega/pega-tier-deployment-with-lifecycle-hooks_test.go b/terratest/src/test/pega/pega-tier-deployment-with-lifecycle-hooks_test.go new file mode 100644 index 000000000..5bde13eb8 --- /dev/null +++ b/terratest/src/test/pega/pega-tier-deployment-with-lifecycle-hooks_test.go @@ -0,0 +1,49 @@ +package pega + +import ( + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/stretchr/testify/require" + appsv1 "k8s.io/api/apps/v1" + "path/filepath" + "strings" + "testing" +) + +func TestPegaDeploymentWithLifecycleHooks(t *testing.T) { + var supportedVendors = []string{"k8s"} + var supportedOperations = []string{"deploy", "install-deploy", "upgrade-deploy"} + var deploymentNames = []string{"pega", "myapp-dev"} + + helmChartPath, err := filepath.Abs(PegaHelmChartPath) + require.NoError(t, err) + + for _, vendor := range supportedVendors { + for _, operation := range supportedOperations { + for _, depName := range deploymentNames { + var options = &helm.Options{ + ValuesFiles: []string{"data/values_custom_lifecycle_hooks.yaml"}, + SetValues: map[string]string{ + "global.deployment.name": depName, + "global.provider": vendor, + "global.actions.execute": operation, + "installer.upgrade.upgradeType": "zero-downtime", + }, + } + deploymentYaml := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-tier-deployment.yaml"}) + yamlSplit := strings.Split(deploymentYaml, "---") + assertWeb(t, yamlSplit[1], options) + assertLifecycleHook(t, yamlSplit[1], options) + } + } + } +} + +func assertLifecycleHook(t *testing.T, tierYaml string, options *helm.Options) { + var deploymentObj appsv1.Deployment + UnmarshalK8SYaml(t, tierYaml, &deploymentObj) + pod := deploymentObj.Spec.Template.Spec + require.Equal(t, 1, len(pod.Containers)) + require.Equal(t, "pega-web-tomcat", pod.Containers[0].Name) + require.Equal(t, "pegasystems/pega", pod.Containers[0].Image) + require.Equal(t, []string{"sleep", "15"}, pod.Containers[0].Lifecycle.PreStop.Exec.Command) +} From 3959f3f62e73bbcd08da4f673eb1974fe3d70372 Mon Sep 17 00:00:00 2001 From: Saurabh-16 Date: Tue, 19 Nov 2024 05:18:44 +0000 Subject: [PATCH 2/6] Update chart versions to 3.25.0 --- charts/addons/Chart.yaml | 2 +- charts/backingservices/Chart.yaml | 2 +- charts/pega/Chart.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/addons/Chart.yaml b/charts/addons/Chart.yaml index b43b24b6c..1640ac510 100644 --- a/charts/addons/Chart.yaml +++ b/charts/addons/Chart.yaml @@ -3,4 +3,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: addons -version: "3.24.10" +version: "3.25.0" diff --git a/charts/backingservices/Chart.yaml b/charts/backingservices/Chart.yaml index 18b3157d0..5d4593409 100644 --- a/charts/backingservices/Chart.yaml +++ b/charts/backingservices/Chart.yaml @@ -17,4 +17,4 @@ description: Helm Chart to provision the latest Search and Reporting Service (SR # The chart version: Pega provides this as a useful way to track changes you make to this chart. # As a best practice, you should increment the version number each time you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "3.24.10" +version: "3.25.0" diff --git a/charts/pega/Chart.yaml b/charts/pega/Chart.yaml index de1cadd0d..5dc7cecdc 100644 --- a/charts/pega/Chart.yaml +++ b/charts/pega/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: pega -version: "3.24.10" +version: "3.25.0" description: Pega installation on kubernetes keywords: - pega From 5784be934ed5a34bf90079fb90dfb23b16ae0573 Mon Sep 17 00:00:00 2001 From: Kinga Kowalska <120555574+kingakowalska1@users.noreply.github.com> Date: Tue, 19 Nov 2024 09:22:19 +0100 Subject: [PATCH 3/6] BUG-898033 - Documentation clarification for DB support (#853) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Peterson, John Sent: Friday, November 15, 2024 4:10 PM To: Kowalska, Kinga Cc: Casavant, Dave ; Chikkam, Venkata Satya Gopal ; Talbot, Adam ; Kumar, Saurabh Subject: CMC Documentation clarification for SRS & Databases. Hi Kinga, Yes, I agree with your proposed changes. Thanks! John From: Kowalska, Kinga Sent: Thursday, November 14, 2024 8:15 AM To: Peterson, John Cc: Casavant, Dave ; Chikkam, Venkata Satya Gopal ; Talbot, Adam ; Kumar, Saurabh Subject: RE: ExtMsg: Pega Containerized Deployment on OpenShift Hi John, For Elasticsearch: In Search and Reporting Service Helm chart I would replace the following introduction paragraph: The Pega Search and Reporting Service or SRS backing service can replace the embedded search feature of Pega Infinity Platform. To use it in your deployment, you provision and deploy it independently as an external service which provides search and reporting capabilities with a Pega Infinity environment. With: The Pega Search and Reporting Service or SRS backing service provides the search and reporting capabilities of Pega Infinity Platform. To use it in your deployment, you provision and deploy it independently as an external service in a Pega Infinity environment. If we want to stress the message, I can add a note specifically saying “Embedded Elasticsearch service is not supported for containerized deployments.”, but this will become redundant once we cycle out of Pega Platform versions that support embedded search. For databases: In JDBC Configuration I can add the following sentence with a link: Use the jdbc section of the values file to specify how to connect to the Pega database. Pega must be installed to this database before deploying on Kubernetes. For more information on supported databases and jdbc driver versions, see the Platform Support Guide. Does this work for you? Best regards, Kinga Kowalska | Principal Technical Writer | Pegasystems Inc. Email: kinga.kowalska@pega.com | pega.com From: Peterson, John Sent: Friday, November 1, 2024 3:28 PM To: Kowalska, Kinga Cc: Casavant, Dave ; Chikkam, Venkata Satya Gopal ; Talbot, Adam ; Kumar, Saurabh Subject: RE: ExtMsg: Pega Containerized Deployment on OpenShift Hi Kinga, We’ve never supported running embedded search on K8S deployments, so I think the language needs to be updated, is this something you can assist with? From a database support perspective, can you also update the K8S documentation to refer the Platform Support Guide? Thanks, John From: Peterson, John Sent: Friday, November 1, 2024 10:03 AM To: Panigrahy, Chinmaya ; Oleti Venkata, Nagendra ; Thota, Srinivas Maheedhar ; Chikkam, Venkata Satya Gopal Subject: RE: ExtMsg: Pega Containerized Deployment on OpenShift Hi Chinmaya, 1. Usage of existing on-premise DB : We have existing oracle database on-premise, Can we use this existing database and schemas with the containerized deployment on OpenShift ? Yes. https://github.com/pegasystems/pega-helm-charts/tree/master/charts/pega#url-and-driver-class 2. Usage of embedded Kafka on OpenShift : As we are doing POC on 23.1.2 version of Pega , can we use embedded kafka & elastic search on OpenShift ? Embedded Kafka : Yes, but it is not recommended. https://github.com/pegasystems/pega-helm-charts/blob/1936bcfcbd0257fc047dc4390a4764a2dad6a626/charts/pega/EmbeddedStream.md#embedded-stream-with-latest-helm-chart-version Embedded Search : No. https://github.com/pegasystems/pega-helm-charts/tree/1936bcfcbd0257fc047dc4390a4764a2dad6a626/charts/backingservices/charts/srs#search-and-reporting-service-helm-chart Thanks, John --- charts/pega/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/pega/README.md b/charts/pega/README.md index 7286462c5..6d58fa09a 100644 --- a/charts/pega/README.md +++ b/charts/pega/README.md @@ -58,7 +58,7 @@ global: ## JDBC Configuration -Use the `jdbc` section of the values file to specify how to connect to the Pega database. Pega must be installed to this database before deploying on Kubernetes. +Use the `jdbc` section of the values file to specify how to connect to the Pega database. Pega must be installed to this database before deploying on Kubernetes. For more information about supported databases and jdbc driver versions, see the [Platform Support Guide](https://docs.pega.com/bundle/platform/page/platform/deployment/platform-support-guide/platform-support-guide.html) ### URL and Driver Class These required connection details will point Pega to the correct database and provide the type of driver used to connect. Examples of the correct format to use are provided below. From e2a09dabe6f347beff26e33728ed5e0fb2b682f5 Mon Sep 17 00:00:00 2001 From: Kinga Kowalska <120555574+kingakowalska1@users.noreply.github.com> Date: Tue, 19 Nov 2024 09:34:44 +0100 Subject: [PATCH 4/6] BUG-898031 SRS Readme clarification on embedded ES (#852) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Peterson, John Sent: Friday, November 15, 2024 4:10 PM To: Kowalska, Kinga Cc: Casavant, Dave ; Chikkam, Venkata Satya Gopal ; Talbot, Adam ; Kumar, Saurabh Subject: CMC Documentation clarification for SRS & Databases. Hi Kinga, Yes, I agree with your proposed changes. Thanks! John From: Kowalska, Kinga Sent: Thursday, November 14, 2024 8:15 AM To: Peterson, John Cc: Casavant, Dave ; Chikkam, Venkata Satya Gopal ; Talbot, Adam ; Kumar, Saurabh Subject: RE: ExtMsg: Pega Containerized Deployment on OpenShift Hi John, For Elasticsearch: In Search and Reporting Service Helm chart I would replace the following introduction paragraph: The Pega Search and Reporting Service or SRS backing service can replace the embedded search feature of Pega Infinity Platform. To use it in your deployment, you provision and deploy it independently as an external service which provides search and reporting capabilities with a Pega Infinity environment. With: The Pega Search and Reporting Service or SRS backing service provides the search and reporting capabilities of Pega Infinity Platform. To use it in your deployment, you provision and deploy it independently as an external service in a Pega Infinity environment. If we want to stress the message, I can add a note specifically saying “Embedded Elasticsearch service is not supported for containerized deployments.”, but this will become redundant once we cycle out of Pega Platform versions that support embedded search. For databases: In JDBC Configuration I can add the following sentence with a link: Use the jdbc section of the values file to specify how to connect to the Pega database. Pega must be installed to this database before deploying on Kubernetes. For more information on supported databases and jdbc driver versions, see the Platform Support Guide. Does this work for you? Best regards, Kinga Kowalska | Principal Technical Writer | Pegasystems Inc. Email: kinga.kowalska@pega.com | pega.com From: Peterson, John Sent: Friday, November 1, 2024 3:28 PM To: Kowalska, Kinga Cc: Casavant, Dave ; Chikkam, Venkata Satya Gopal ; Talbot, Adam ; Kumar, Saurabh Subject: RE: ExtMsg: Pega Containerized Deployment on OpenShift Hi Kinga, We’ve never supported running embedded search on K8S deployments, so I think the language needs to be updated, is this something you can assist with? From a database support perspective, can you also update the K8S documentation to refer the Platform Support Guide? Thanks, John From: Peterson, John Sent: Friday, November 1, 2024 10:03 AM To: Panigrahy, Chinmaya ; Oleti Venkata, Nagendra ; Thota, Srinivas Maheedhar ; Chikkam, Venkata Satya Gopal Subject: RE: ExtMsg: Pega Containerized Deployment on OpenShift Hi Chinmaya, Usage of existing on-premise DB : We have existing oracle database on-premise, Can we use this existing database and schemas with the containerized deployment on OpenShift ? Yes. https://github.com/pegasystems/pega-helm-charts/tree/master/charts/pega#url-and-driver-class Usage of embedded Kafka on OpenShift : As we are doing POC on 23.1.2 version of Pega , can we use embedded kafka & elastic search on OpenShift ? Embedded Kafka : Yes, but it is not recommended. https://github.com/pegasystems/pega-helm-charts/blob/1936bcfcbd0257fc047dc4390a4764a2dad6a626/charts/pega/EmbeddedStream.md#embedded-stream-with-latest-helm-chart-version Embedded Search : No. https://github.com/pegasystems/pega-helm-charts/tree/1936bcfcbd0257fc047dc4390a4764a2dad6a626/charts/backingservices/charts/srs#search-and-reporting-service-helm-chart Thanks, John --- charts/backingservices/charts/srs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/backingservices/charts/srs/README.md b/charts/backingservices/charts/srs/README.md index 3b55f7a93..850a250ae 100644 --- a/charts/backingservices/charts/srs/README.md +++ b/charts/backingservices/charts/srs/README.md @@ -1,6 +1,6 @@ # Search and Reporting Service Helm chart -The Pega `Search and Reporting Service` or `SRS` backing service can replace the embedded search feature of Pega Infinity Platform. To use it in your deployment, you provision and deploy it independently as an external service which provides search and reporting capabilities with a Pega Infinity environment. +The Pega `Search and Reporting Service` or `SRS` backing service provides the search and reporting capabilities of Pega Infinity Platform. To use it in your deployment, you provision and deploy it independently as an external service in a Pega Infinity environment. ## Configuring a backing service with your pega environment From 8b45db7bbea309e3282c103cae3f28689e0717db Mon Sep 17 00:00:00 2001 From: Kinga Kowalska <120555574+kingakowalska1@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:01:46 +0100 Subject: [PATCH 5/6] US-649313 - Update OpenSearch information (#851) * US-649313 - Update OpenSearch information * US-649313 - Update OpenSearch information * US-649313 - Update OpenSearch information * US-649313 - Update OpenSearch information * US-649313 - Update OpenSearch information --- charts/backingservices/charts/srs/README.md | 48 +++++++++++++++------ docs/Deploying-Pega-on-EKS.md | 2 +- 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/charts/backingservices/charts/srs/README.md b/charts/backingservices/charts/srs/README.md index 850a250ae..8d29e3791 100644 --- a/charts/backingservices/charts/srs/README.md +++ b/charts/backingservices/charts/srs/README.md @@ -20,9 +20,10 @@ The service deployment provisions runtime service pods along with a dependency o Pega Infinity version SRS version + Docker image Kubernetes version Authentication - Certified Elasticsearch version + Certified Elasticsearch/OpenSearch version Description @@ -33,35 +34,45 @@ The service deployment provisions runtime service pods along with a dependency o NA NA NA + NA SRS can be used with Pega Infinity 8.6 and later. - >= 8.6 - 1.31.8 + >= 8.6 + 1.35.0 or later + search-n-reporting-service < 1.25 Not enabled - 7.10.2, 7.16.3 & 7.17.9 + Elasticsearch 7.10.2, 7.16.3 & 7.17.9 As a best practice, use Elasticsearch version 7.17.9. Deployments without authentication are not recommended for production environments. Enabled - 7.10.2, 7.16.3, 7.17.9 & 8.10.3 + Elasticsearch 7.10.2, 7.16.3, 7.17.9 & 8.10.3 As a best practice, use Elasticsearch version 8.10.3. >= 1.25 Not enabled - 7.17.9 + Elasticsearch 7.17.9 As a best practice, use Elasticsearch version 7.17.9. Deployments without authentication are not recommended for production environments. Enabled - 7.17.9 & 8.10.3 + Elasticsearch 7.17.9 & 8.10.3 As a best practice, use Elasticsearch version 8.10.3. + + search-n-reporting-service-os + All versions + Enabled +
  • Elasticsearch 7.10 on AWS OpenSearch service
  • OpenSearch 1.3
  • OpenSearch 2.15
+ As a best practice, use OpenSearch 2.15. + + **Note:** ### If your deployment uses the internally-provisioned Elasticsearch: ### @@ -96,7 +107,7 @@ You may enable the component of [Elasticsearch](https://github.com/helm/charts/t Note: Pega does **not** actively update the elasticsearch dependency in `requirements.yaml`. To leverage SRS, you must do one of the following: -* To use the internally-provided Elasticsearch service in the SRS cluster, use the default `srs.enabled.true` parameter and set the Elasticsearch version by updating the `elasticsearch.imageTag` parameter in the [values.yaml](./values.yaml) to match the `dependencies.version` parameter in the [requirements.yaml](../../requirements.yaml). This method streamlines the deployment process for development and testing environments, but it is not suitable for production environments, which require a fully external Elasticsearch cluster. Additionally, even though you deploy SRS and Elasticsearch together, Pega does not license the Elasticsearch cluster deployed using this method and does not maintain it as part of the Pega Platform support. +* To use the internally-provided Elasticsearch service in the SRS cluster, use the default `srs.enabled.true` parameter and set the Elasticsearch version by updating the `elasticsearch.imageTag` parameter in the [values.yaml](./values.yaml) to match the `dependencies.version` parameter in the [requirements.yaml](../../requirements.yaml). This method streamlines the deployment process for development and testing environments, but it is not suitable for production environments, which require a fully external Elasticsearch cluster. Additionally, even though you deploy SRS and Elasticsearch together, Pega does not license the Elasticsearch cluster deployed using this method and does not maintain it as part of the Pega Platform support. Note: You cannot use OpenSearch for the internally provisioned cluster. * To use an externally-provided Elasticsearch service with SRS, use the default `srs.enabled.true` parameter, update the `srs.srsStorage.provisionInternalESCluster` parameter in the [values.yaml](./values.yaml) to `false` and then provide connection details as documented below. This is the recommended method and is suitable for production environments. ### Deploying SRS with Pega-provided busybox images @@ -122,7 +133,7 @@ To configure a secure connection between the SRS cluster and internally provisio | Configuration | Usage | |------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `tls` | Set to `true` to enable the SRS service to authenticate to your organization's available Elasticsearch service. | -| `srsStorage.provisionInternalESCluster` |
  1. Set the `srsStorage.provisionInternalESCluster` parameter to `true` to provide an internally managed and secured Elasticsearch cluster.
  2. In the [requirements.yaml](../../requirements.yaml) file, set the `dependencies.version` parameter to the same version you configured for the `elasticsearch.imageTag` version in the Backing Services Helm chart [values.yaml](../../values.yaml) file.
  3. From the Backing Services Helm chart directory in your environment, run the following command to create your Elasticsearch certificates and pass them to secrets:

    `$ make es-prerequisite NAMESPACE= ELASTICSEARCH_VERSION=`

    Where `NAMESPACE` references your deployment namespace of the SRS cluster and `ELASTICSEARCH_VERSION` matches the Elasticsearch version you want to use in [values.yaml](../../values.yaml) and [requirements.yaml](../../requirements.yaml).

| +| `srsStorage.provisionInternalESCluster` | Note: You cannot use OpenSearch for the internally provisioned cluster.

  1. Set the `srsStorage.provisionInternalESCluster` parameter to `true` to provide an internally managed and secured Elasticsearch cluster.
  2. In the [requirements.yaml](../../requirements.yaml) file, set the `dependencies.version` parameter to the same version you configured for the `elasticsearch.imageTag` version in the Backing Services Helm chart [values.yaml](../../values.yaml) file.
  3. From the Backing Services Helm chart directory in your environment, run the following command to create your Elasticsearch certificates and pass them to secrets:

    `$ make es-prerequisite NAMESPACE= ELASTICSEARCH_VERSION=`

    Where `NAMESPACE` references your deployment namespace of the SRS cluster and `ELASTICSEARCH_VERSION` matches the Elasticsearch version you want to use in [values.yaml](../../values.yaml) and [requirements.yaml](../../requirements.yaml).

| To configure a secure connection between SRS and an external Elasticsearch cluster, configure the following parameters. @@ -133,12 +144,13 @@ To configure a secure connection between SRS and an external Elasticsearch clust | `certificatePassword` | Enter the tls certificate password if any. Default value will be empty if not used. | | `certsSecret` | To specify a certificate using a secret, uncomment the certsSecret parameter and provide the secret name containing your certificate and certificate password. Use the full name of the certificate file (together with file extension, for example, “certificate.p12” or“certificate.jks”) as a key name in the secret. Use this key name to configure the “certificateName”parameter.Use a key name “password” to provide the certificate password in the secret. Defaults to "srs-certificates".| | `authSecret` | Specify the secret with your Elasticsearch credentials. Use “username” and “password” as keys for your secret.This parameter applies to both basic authentication and TLS-based authentication. Defaults to "srs-elastic-credentials".| -| `esCredentials.username` | Enter the username for your available Elasticsearch service. This username value must match the values you set in the connection info section of esCredentials. | -| `esCredentials.password` | Enter the required password for your available Elasticsearch service. This password value must match the values you set in the connection info section of esCredentials. | -| `srsStorage.provisionInternalESCluster` |
  1. Set the `srsStorage.provisionInternalESCluster` parameter to `false` to disable the internally provisioned Elasticsearch cluster and connect to your available external Elasticsearch service.
  2. To secure the connection between SRS and your external Elasticsearch service, you must provide the appropriate TLS certificates in an accessible location, for example, /home/certs.
  3. To pass the required certificates to the cluster using a secrets file, run the following command:

    `$ make external-es-secrets NAMESPACE= ELASTICSEARCH_VERSION= PATH_TO_CERTIFICATE=`

    Where NAMESPACE references your deployment namespace of the SRS cluster, `ELASTICSEARCH_VERSION` matches the Elasticsearch version you want to use, and `PATH_TO_CERTIFICATE` points to the location where you copied the required certificates on your location machine, for example:

    `$ make external-es-secrets NAMESPACE=pegabackingservices ELASTICSEARCH_VERSION=7.10.2 PATH_TO_CERTIFICATE=/home/certs/truststore.jks`

  4. To update the SRS and External Elasticsearch certificates, use the following command:

    `$ make update-external-es-secrets NAMESPACE= PATH_TO_CERTIFICATE=`

| +| `esCredentials.username` | Enter the username for your available Elasticsearch service. This username value must match the values you set in the connection info section of esCredentials.
Note: This parameter will be deprecated in future releases, so as a best practice, use `authCredentials.username`. | +| `esCredentials.password` | Enter the required password for your available Elasticsearch service. This password value must match the values you set in the connection info section of esCredentials.
Note: This parameter will be deprecated in future releases, so as a best practice, use `authCredentials.password`. +| `authCredentials.username` | Enter the username for your available Elasticsearch/OpenSearch service. This username value must match the values you set in the connection info section of authCredentials. | +| `authCredentials.password` | Enter the required password for your available Elasticsearch/OpenSearch service. This password value must match the values you set in the connection info section of authCredentials. | +| `srsStorage.provisionInternalESCluster` |
  1. Set the `srsStorage.provisionInternalESCluster` parameter to `false` to disable the internally provisioned Elasticsearch cluster and connect to your available external Elasticsearch service.
  2. To secure the connection between SRS and your external Elasticsearch service, you must provide the appropriate TLS certificates in an accessible location, for example, /home/certs.
  3. To pass the required certificates to the cluster using a secrets file, run the following command:

    `$ make external-es-secrets NAMESPACE= ELASTICSEARCH_VERSION= PATH_TO_CERTIFICATE=`

    Where NAMESPACE references your deployment namespace of the SRS cluster, `ELASTICSEARCH_VERSION` matches the Elasticsearch version you want to use, and `PATH_TO_CERTIFICATE` points to the location where you copied the required certificates on your location machine, for example:

    `$ make external-es-secrets NAMESPACE=pegabackingservices ELASTICSEARCH_VERSION=7.10.2 PATH_TO_CERTIFICATE=/home/certs/truststore.jks`

  4. To update the SRS and External Elasticsearch certificates, use the following command:

    `$ make update-external-es-secrets NAMESPACE= PATH_TO_CERTIFICATE=`

    Note: Only .p12 and .jks certificates are supported.

| | `domain` | Enter the DNS entry associated with your external Elasticsearch service. | -Note: Only .p12 and .jks certificates are supported. ### Enable request authentication/authorization mechanism using identity provider(IdP) between SRS and Pega Infinity @@ -214,7 +226,15 @@ srs: # Set srs.srsStorage.basicAuthentication.enabled: true to enable the use of basic authentication to your Elasticsearch service whether is it running as an internalized or externalized service in your SRS cluster. basicAuthentication: enabled: true - # To configure basic authentication or TLS-based authentication to your externally-managed Elasticsearch service in your SRS cluster, uncomment and add the parameter details: srs.srsStorage.esCredentials.username and srs.srsStorage.esCredentials.password. + # To configure basic authentication or TLS-based authentication to your externally-managed Elasticsearch/OpenSearch service in your SRS cluster, + # uncomment and add the parameter details: srs.srsStorage.authCredentials.username and srs.srsStorage.authCredentials.password + # Auth Credentials added under authCredentials field which supports both Elasticsearch and OpenSearch credentials. + # authCredentials: + # username: "username" + # password: "password" + # for your externally managed Elasticsearch cluster. + # uncomment and add the parameter details: srs.srsStorage.esCredentials.username and srs.srsStorage.esCredentials.password for your externally managed elasticsearch cluster. + # esCredentials will be deprecated in future releases, please switch to authCredentials. # esCredentials: # username: "username" # password: "password" diff --git a/docs/Deploying-Pega-on-EKS.md b/docs/Deploying-Pega-on-EKS.md index d230e5c0a..ca4be6bd0 100644 --- a/docs/Deploying-Pega-on-EKS.md +++ b/docs/Deploying-Pega-on-EKS.md @@ -471,7 +471,7 @@ To configure the parameters in the backingservices.yaml file, download the file | global.imageCredentials.registry: username: password: | Include the URL of your Docker registry along with the registry “username” and “password” credentials. |
  • url: “\
  • username: "\"
  • password: "\"
| | global.k8sProvider: | Specify the value of your Kubernetes provider. | k8sProvider: "eks" | | srs.deploymentName: | Specify unique name for the deployment based on org app and/or SRS applicable environment name. | deploymentName: "acme-demo-dev-srs" | -| srs.srsRuntime.srsImage: | Specify the Pega-provided SRS Docker image that you downloaded and pushed to your Docker registry. To run SRS with AWS OpenSearch Elasticsearch 7.10, use the dedicated `platform-services/search-n-reporting-service-aws` Docker image. | srs.srsRuntime.srsImage: "\my-pega-srs:\". For `` tag details, see [SRS Version compatibility matrix](../charts/backingservices/charts/srs/README.md#srs-version-compatibility-matrix). | +| srs.srsRuntime.srsImage: | Specify the Pega-provided SRS Docker image that you downloaded and pushed to your Docker registry. To run SRS with Elasticsearch, use the general `platform-services/search-n-reporting-service` Docker image. To run SRS with AWS-managed OpenSearch service, use the dedicated `platform-services/search-n-reporting-service-os` Docker image. | srs.srsRuntime.srsImage: "\my-pega-srs:\". For `` tag details, see [SRS Version compatibility matrix](../charts/backingservices/charts/srs/README.md#srs-version-compatibility-matrix). | | srs.srsRuntime.imagePullSecretNames: | Specify any pre-existing image pull secrets required to pull images from your organization's registry. (Optional) | imagePullSecretNames: [secret1, secret2] | | srs.srsStorage.provisionInternalESCluster: | Enabled by default to provision an Elasticsearch cluster. |
  • Set srs.srsStorage.provisionInternalESCluster:`true` and run `$ make es-prerequisite NAMESPACE= ELASTICSEARCH_VERSION= `
  • Set srs.srsStorage.provisionInternalESCluster:`false` if you want to use an existing, externally provisioned ElasticSearch cluster.
| From 39f5b552c6e2aacefb9631c82c7375f2c66641bc Mon Sep 17 00:00:00 2001 From: Kinga Kowalska <120555574+kingakowalska1@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:17:40 +0100 Subject: [PATCH 6/6] BUG-898240 - Add Elasticsearch 8.15.1 to github readme (#854) * BUG-898240 - Add Elasticsearch 8.15.1 to github readme * Add 8.15.1 to update instructions --- charts/backingservices/charts/srs/README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/backingservices/charts/srs/README.md b/charts/backingservices/charts/srs/README.md index 8d29e3791..cfc8f6c20 100644 --- a/charts/backingservices/charts/srs/README.md +++ b/charts/backingservices/charts/srs/README.md @@ -48,8 +48,8 @@ The service deployment provisions runtime service pods along with a dependency o Enabled - Elasticsearch 7.10.2, 7.16.3, 7.17.9 & 8.10.3 - As a best practice, use Elasticsearch version 8.10.3. + Elasticsearch 7.10.2, 7.16.3, 7.17.9, 8.10.3 & 8.15.1 + As a best practice, use Elasticsearch version 8.15.1. >= 1.25 @@ -59,8 +59,8 @@ The service deployment provisions runtime service pods along with a dependency o Enabled - Elasticsearch 7.17.9 & 8.10.3 - As a best practice, use Elasticsearch version 8.10.3. + Elasticsearch 7.17.9, 8.10.3 & 8.15.1 + As a best practice, use Elasticsearch version 8.15.1. search-n-reporting-service-os @@ -76,25 +76,25 @@ The service deployment provisions runtime service pods along with a dependency o **Note:** ### If your deployment uses the internally-provisioned Elasticsearch: ### -To migrate to Elasticsearch version 7.17.9 or 8.10.3 from the Elasticsearch version 7.10.2 or 7.16.3, perform the following steps: +To migrate to Elasticsearch version 7.17.9, 8.10.3 or 8.15.1 from the Elasticsearch version 7.10.2 or 7.16.3, perform the following steps: 1. Update the SRS Docker image version to use v1.31.2. This version has backward compatibility with Elasticsearch versions 7.10.x and 7.16.x, so your SRS will continue to work even before you update your Elasticsearch service. 2. To update Elasticsearch version to 7.17.9 perform the following actions: * Update the Elasticsearch `dependencies.version` parameter in the [requirement.yaml](../../requirements.yaml) to 7.17.3. Note: This parameter references the Elasticsearch Helm chart version and not the Elasticsearch cluster version. * Update the elasticsearch.imageTag in the Backing Services Helm chart to 7.17.9. -3. To update Elasticsearch version to 8.10.3, perform the following actions: +3. To update Elasticsearch version to 8.10.3 or 8.15.1, perform the following actions: * Update the Elasticsearch `dependencies.version` parameter in the [requirement.yaml](../../requirements.yaml) to 8.5.1. Note: This parameter references the Elasticsearch Helm chart version and not the Elasticsearch cluster version. - * Update the elasticsearch.imageTag in the Backing Services Helm chart to 8.10.3. + * Update the elasticsearch.imageTag in the Backing Services Helm chart to 8.10.3 or 8.15.1. 4. Restart the SRS pods ### If your deployment connects to an externally-managed Elasticsearch service: ### -To migrate to Elasticsearch version 7.17.9 or 8.10.3 from the Elasticsearch version 7.10.2 or 7.16.3, perform the following steps: +To migrate to Elasticsearch version 7.17.9, 8.10.3 or 8.15.1 from the Elasticsearch version 7.10.2 or 7.16.3, perform the following steps: 1. Update the SRS Docker image version to use v1.31.2. This version has backward compatibility with Elasticsearch versions 7.10.x and 7.16.x, so your SRS will continue to work even before you update your Elasticsearch service. 2. To use Elasticsearch version 7.17.9, upgrade your external Elasticsearch cluster to 7.17.9 according to your organization’s best practices. For more information, see official Elasticsearch version 7.17 documentation. -3. To use Elasticsearch version 8.10.3, upgrade your external Elasticsearch cluster to 8.10.3 according to your organization’s best practices. For more information, see official Elasticsearch version 8.10 documentation. +3. To use Elasticsearch version 8.10.3 or 8.15.1, upgrade your external Elasticsearch cluster to 8.10.3 or 8.15.1 according to your organization’s best practices. For more information, see official Elasticsearch version 8.x documentation. 4. Restart the SRS pods ### SRS runtime configuration