feat: add Elasticsearch install and setup guide for CloudPak #240
Conversation
zach-shu
force-pushed
the
add_cp4d_elastic_install_guide
branch
from
ef1a733
to
4f87aa2
Compare
zach-shu
changed the title
| This step is about installing Elastic Cloud on Kubernetes (ECK) in CloudPak. | ||
|
|
||
| Before you begin, you will need: | ||
| * Access to a CloudPack cluster |
There was a problem hiding this comment.
typo:
| * Access to a CloudPack cluster | |
| * Access to a CloudPak cluster |
| ``` | ||
|
|
||
| ### Create environment variables for Elasticsearch credentials | ||
| * Download TSL certificate |
| oc port-forward service/${ES_CLUSTER}-es-http 9200 -n ${ES_NAMESPACE} | ||
| ``` | ||
|
|
||
| ### Create environment variables for Elasticsearch credentials |
There was a problem hiding this comment.
Small point, but this section shows two steps. 1. Download the cert and 2. create (set) environment variables. Since you have them both in the same section here, the two need to be linked a little better. Step one outputs a file named tls.crt in the current directory. But then the related environment variable references a path to a cert.
I think if the reader reads this a couple times they'll understand that the fourth environment variable should point to the file created in step 1. But you can make it a little easier to see how they are connected. Consider something as simple as having the export statement be
export ES_CACERT=<path-to-your-tls.crt>
| oc get service ${ES_CLUSTER}-kb-http -n ${ES_NAMESPACE} | ||
| ``` | ||
|
|
||
| * Add a enterprise ECK license |
There was a problem hiding this comment.
Small typo: From the Elasticsearch site, the way they phrase this would be:
Add an ECK Enterprise license
zach-shu
force-pushed
the
add_cp4d_elastic_install_guide
branch
from
6c5215b
to
14e633a
Compare
|
Hi @jwm4, Manu has reviewed it again and thinks it looks good now. Could you also take a quick scan and approve it if everything looks good? Thanks. |
| ## Step 3: Build a custom extension in watsonx Assistant for Elasticsearch API | ||
|
|
||
| ### Provision a watsonx Assistant instance in your CloudPak cluster | ||
| From you CloudPak cluster, you need to provision a watsonx Assistant instance and then create an assistant in the new wxA experience. |
There was a problem hiding this comment.
Can we replace "wxA" with "watsonx Assistant" here? I think below it is fine because you define the abbrevation and then use it many times. Here though it is new and kind of confusing.
| oc -n $WA_NAMESPACE patch wa $WA_INSTANCE --type='merge' -p='{"configOverrides":{"webhooks_connector":{"extra_vars":{"TRUST_ALL_CERTIFICATES":true}}}}' | ||
| ``` | ||
| Please wait a few minutes for the `wa-webhooks-connector` pod to restart. Once the pod has restarted successfully, | ||
| TLS connections between your Elasticsearch service and wxA have been enabled. |
There was a problem hiding this comment.
I would add the following at the end:
This approach is not recommended for production use, especially for applications that involve sensitive data, because it introduces a security risk. It configures wxA to always trust that all services that it connects to through search integrations or custom integrations are the services they expect to be at the IP addresses that the integrations are configured to use. Option 2 below eliminates this risk by using a certificate to security verify that the Elasticsearch service you are connecting to is the one configured your assistant to connect to.
This PR adds an elasticsearch install and setup guide for watsonx Assistant in CloudPak.
Signed off by: [email protected]