Users have pingdom healthcheck for Elasticsearch and it fails whenever the kiam pods are not available.
The elasticsearch module uses with aws_es_proxy(a HTTP proxy) to connect the application to the ES cluster. The proxy doesnot re-use credentials and require signerV4 authentication requests. Hence it looks it needs kiam to be available all the time.
AntonyBishop
commented
3 years ago
Users have pingdom healthcheck for Elasticsearch and it fails whenever the kiam pods are not available.
The elasticsearch module uses with aws_es_proxy(a HTTP proxy) to connect the application to the ES cluster. The proxy doesnot re-use credentials and require signerV4 authentication requests. Hence it looks it needs kiam to be available all the time.
Build a new docker image with the https://github.com/abutaha/aws-es-proxy repo. The dockerfile used in the repo runs on root. Use something similar to https://github.com/yaradigitallabs/aws-es-proxy/blob/a1657ee3320d77e05646721ed5cc1011d5af92dc/Dockerfile.
Check whether the new proxy works without kiam and wait for the expiration and how long.
Update the elasticsearch module with the new proxy image
Which part of the user docs does this impact
Elasticsearch module Readme
Definition of done
Reference
How to write good user stories