Hi,
The new versions of the chart fail to launch graylog when using elasticsearch hosts in a secret.
Parameter elasticsearch_hosts must not contain URIs without host or scheme. (found [user:pass@graylog-es-http.graylog.svc:9200])"
However if I prefix the secret with https, then I get access issues because it seems that most parts of graylog honor GRAYLOG_ELASTICSEARCH_HOSTS but there are some scheduled index management jobs that appear to read only from graylog.conf.subst, which ends up as: http://https://user:pass@graylog-es-http.graylog.svc:9200. (notice the double-schema prefix).
I think to fix this you would just need to apply this patch, so that the startup script and the environment variable can produce consistent results.
The reason this was not a problem before, is that the chart was using "GRAYLOG_ELASTICSEARCH_HOST" which is not actually honored by Graylog, so it didn't override the graylog.conf setting.
diff --git a/charts/graylog/templates/_helpers.tpl b/charts/graylog/templates/_helpers.tpl
index ba0702f..58e3d48 100644
--- a/charts/graylog/templates/_helpers.tpl
+++ b/charts/graylog/templates/_helpers.tpl
@@ -92,9 +92,9 @@ Or use chart dependencies with release name
{{- define "graylog.elasticsearch.hosts" -}}
{{- if .Values.graylog.elasticsearch.uriSecretKey }}
{{- if .Values.graylog.elasticsearch.uriSSL }}
- {{- printf "https://${GRAYLOG_ELASTICSEARCH_HOSTS}" -}}
+ {{- printf "${GRAYLOG_ELASTICSEARCH_HOSTS}" -}}
{{- else }}
- {{- printf "http://${GRAYLOG_ELASTICSEARCH_HOSTS}" -}}
+ {{- printf "${GRAYLOG_ELASTICSEARCH_HOSTS}" -}}
{{- end }}
{{- else if .Values.graylog.elasticsearch.hosts }}
{{- .Values.graylog.elasticsearch.hosts -}}
Hi, The new versions of the chart fail to launch graylog when using elasticsearch hosts in a secret.
However if I prefix the secret with https, then I get access issues because it seems that most parts of graylog honor GRAYLOG_ELASTICSEARCH_HOSTS but there are some scheduled index management jobs that appear to read only from graylog.conf.subst, which ends up as: http://https://user:pass@graylog-es-http.graylog.svc:9200. (notice the double-schema prefix).
I think to fix this you would just need to apply this patch, so that the startup script and the environment variable can produce consistent results.
The reason this was not a problem before, is that the chart was using "GRAYLOG_ELASTICSEARCH_HOST" which is not actually honored by Graylog, so it didn't override the graylog.conf setting.