I ran the script:
OPERATOR_NAME=myelastic-op OPERATOR_IMAGE=docker.elastic.co/eck/eck-operator:1.0.1 NAMESPACE=myns MANAGED_NAMESPACE=myns make generate-namespace | kubectl apply -f -
And it works up until I get this error in the pod:
message: "unable to setup and fill webhook certificates", error="resource may not be empty"
Do I need to set something up beforehand?
Also, I noticed the operator template for all-in-one had values for certs and services, whereas the operator template for namespace did not. Is the configuration ready for running ECK in a single namespace? We don't want to give users access other namespaces like is done with all-in-one so we would really like to get this working in a single namespace.
@data_smith I think you should download the official manifests, and try to adapt them to your needs.
The namespace sample we have in the github repository might be tricky to setup, however it gives you a pretty good idea of how you should adapt the all-in-one manifests.
Basically, you mostly have to tweak the namespace of the elastic-operator StatefulSet in that yaml file, and also add the --managed-namespaces=<your-namespace1>,<your-namespace2> flag to the StatefulSet container args.
Let me know if that works for you.
We want to improve this process with some extra tooling in the future, see https://github.com/elastic/cloud-on-k8s/issues/2406.
I believe this particular error indicates that ECK is running with the webhook role enabled which should not be the case when you running in single namespace mode.
I think I have a theory about what is the problem in your case though: I am assuming you checked out the ECK code locally to run this make target and that code contains already changes incompatible with the 1.0.1 image you are trying to run. Most notably we have removed the concept of operator roles and the corresponding --operator-roles parameter, which means the manifest you generated does not have the parameter and ECK defaults to all roles which includes the webhook role, causing your error.
You can:
args: ["manager", "--namespaces", "myns", "--operator-roles", "namespace,global"]
Thanks, I ended up doing that. Here's exactly what I ran:
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.