-
Notifications
You must be signed in to change notification settings - Fork 125
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add Elasticsearch install and setup guide for CloudPak #240
feat: add Elasticsearch install and setup guide for CloudPak #240
Conversation
ef1a733
to
4f87aa2
Compare
This step is about installing Elastic Cloud on Kubernetes (ECK) in CloudPak. | ||
|
||
Before you begin, you will need: | ||
* Access to a CloudPack cluster |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo:
* Access to a CloudPack cluster | |
* Access to a CloudPak cluster |
``` | ||
|
||
### Create environment variables for Elasticsearch credentials | ||
* Download TSL certificate |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo: should be TLS
oc port-forward service/${ES_CLUSTER}-es-http 9200 -n ${ES_NAMESPACE} | ||
``` | ||
|
||
### Create environment variables for Elasticsearch credentials |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small point, but this section shows two steps. 1. Download the cert and 2. create (set) environment variables. Since you have them both in the same section here, the two need to be linked a little better. Step one outputs a file named tls.crt in the current directory. But then the related environment variable references a path to a cert.
I think if the reader reads this a couple times they'll understand that the fourth environment variable should point to the file created in step 1. But you can make it a little easier to see how they are connected. Consider something as simple as having the export statement be
export ES_CACERT=<path-to-your-tls.crt>
oc get service ${ES_CLUSTER}-kb-http -n ${ES_NAMESPACE} | ||
``` | ||
|
||
* Add a enterprise ECK license |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small typo: From the Elasticsearch site, the way they phrase this would be:
Add an ECK Enterprise license
6c5215b
to
14e633a
Compare
Hi @jwm4, Manu has reviewed it again and thinks it looks good now. Could you also take a quick scan and approve it if everything looks good? Thanks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. I only have a couple small change requests.
## Step 3: Build a custom extension in watsonx Assistant for Elasticsearch API | ||
|
||
### Provision a watsonx Assistant instance in your CloudPak cluster | ||
From you CloudPak cluster, you need to provision a watsonx Assistant instance and then create an assistant in the new wxA experience. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we replace "wxA" with "watsonx Assistant" here? I think below it is fine because you define the abbrevation and then use it many times. Here though it is new and kind of confusing.
oc -n $WA_NAMESPACE patch wa $WA_INSTANCE --type='merge' -p='{"configOverrides":{"webhooks_connector":{"extra_vars":{"TRUST_ALL_CERTIFICATES":true}}}}' | ||
``` | ||
Please wait a few minutes for the `wa-webhooks-connector` pod to restart. Once the pod has restarted successfully, | ||
TLS connections between your Elasticsearch service and wxA have been enabled. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add the following at the end:
This approach is not recommended for production use, especially for applications that involve sensitive data, because it introduces a security risk. It configures wxA to always trust that all services that it connects to through search integrations or custom integrations are the services they expect to be at the IP addresses that the integrations are configured to use. Option 2 below eliminates this risk by using a certificate to security verify that the Elasticsearch service you are connecting to is the one configured your assistant to connect to.
This PR adds an elasticsearch install and setup guide for watsonx Assistant in CloudPak.
Signed off by: [email protected]