Skip to content

[WPB-21366] De-duplicate configuration between brig and brig-index #4947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Copilot wants to merge 20 commits into from
Closed

[WPB-21366] De-duplicate configuration between brig and brig-index #4947

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
71b77c5
Initial plan
Copilot Jan 12, 2026
2cfc11e
Add YAML config support for brig-index and update Helm charts
Copilot Jan 12, 2026
f2b4626
Address code review feedback
Copilot Jan 12, 2026
da67a45
Update elasticsearch-index chart to use brig's secrets
Copilot Jan 12, 2026
5667246
Simplify brig-index to use Brig.Options directly
Copilot Jan 12, 2026
b19e1a4
Add changelog entry for brig-index config de-duplication
Copilot Jan 12, 2026
3922758
Remove connection settings from Command ADT, pass Opts directly
Copilot Jan 12, 2026
887c7bf
Address code review: remove unused index settings from Command constr…
Copilot Jan 12, 2026
77aaf05
Delete ESConnectionSettings type, inline fields in ReindexFromAnother…
Copilot Jan 12, 2026
14c3b2f
haddocks.
fisx Jan 12, 2026
792bfc5
nit-picks.
fisx Jan 13, 2026
02e63d4
Further simplify brig-index: remove custom types, use brig.yaml for a…
Copilot Jan 13, 2026
0e5e2ae
Fix trivial ghc errors / warnings.
fisx Jan 13, 2026
1be3c21
Merge remote-tracking branch 'refs/remotes/origin/copilot/de-duplicat…
fisx Jan 13, 2026
1614acb
Merge remote-tracking branch 'origin/develop' into copilot/de-duplica…
fisx Jan 13, 2026
728f1bc
Revert brig-index de-duplication changes, restore original behavior
Copilot Jan 13, 2026
0ed7a8f
Revert "Revert brig-index de-duplication changes, restore original be…
fisx Jan 13, 2026
2931470
Merge remote-tracking branch 'origin/develop' into copilot/de-duplica…
fisx Jan 14, 2026
dd06bf5
Clean up Makefile.
fisx Jan 14, 2026
5bb5b1c
Fix ghc warnings.
fisx Jan 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 8 additions & 27 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -396,20 +396,14 @@ postgres-reset: c

.PHONY: es-reset
es-reset: c
./dist/brig-index reset \
--elasticsearch-index-prefix directory \
--elasticsearch-server https://localhost:9200 \
--elasticsearch-ca-cert ./libs/wire-subsystems/test/resources/elasticsearch-ca.pem \
--elasticsearch-credentials ./libs/wire-subsystems/test/resources/elasticsearch-credentials.yaml > /dev/null
./dist/brig-index reset \
--elasticsearch-index-prefix directory2 \
--elasticsearch-server https://localhost:9200 \
--elasticsearch-ca-cert ./libs/wire-subsystems/test/resources/elasticsearch-ca.pem \
--elasticsearch-credentials ./libs/wire-subsystems/test/resources/elasticsearch-credentials.yaml > /dev/null
./dist/brig-index \
-c ./services/brig/brig.integration.yaml reset \
--elasticsearch-index-prefix directory > /dev/null
./dist/brig-index \
-c ./services/brig/brig.integration.yaml reset \
--elasticsearch-index-prefix directory2 > /dev/null
./integration/scripts/integration-dynamic-backends-brig-index.sh \
--elasticsearch-server https://localhost:9200 \
--elasticsearch-ca-cert ./libs/wire-subsystems/test/resources/elasticsearch-ca.pem \
--elasticsearch-credentials ./libs/wire-subsystems/test/resources/elasticsearch-credentials.yaml > /dev/null
-c ./services/brig/brig.integration.yaml > /dev/null

.PHONY: rabbitmq-reset
rabbitmq-reset: rabbit-clean
Expand All @@ -427,20 +421,7 @@ db-migrate: c
./dist/gundeck-schema --keyspace gundeck_test2 --replication-factor 1 > /dev/null
./dist/spar-schema --keyspace spar_test2 --replication-factor 1 > /dev/null
./integration/scripts/integration-dynamic-backends-db-schemas.sh --replication-factor 1 > /dev/null
./dist/brig-index reset \
--elasticsearch-index-prefix directory \
--elasticsearch-server https://localhost:9200 \
--elasticsearch-ca-cert ./libs/wire-subsystems/test/resources/elasticsearch-ca.pem \
--elasticsearch-credentials ./libs/wire-subsystems/test/resources/elasticsearch-credentials.yaml > /dev/null
./dist/brig-index reset \
--elasticsearch-index-prefix directory2 \
--elasticsearch-server https://localhost:9200 \
--elasticsearch-ca-cert ./libs/wire-subsystems/test/resources/elasticsearch-ca.pem \
--elasticsearch-credentials ./libs/wire-subsystems/test/resources/elasticsearch-credentials.yaml > /dev/null
./integration/scripts/integration-dynamic-backends-brig-index.sh \
--elasticsearch-server https://localhost:9200 \
--elasticsearch-ca-cert ./libs/wire-subsystems/test/resources/elasticsearch-ca.pem \
--elasticsearch-credentials ./libs/wire-subsystems/test/resources/elasticsearch-credentials.yaml > /dev/null
make es-reset

#################################
## dependencies
Expand Down
1 change: 1 addition & 0 deletions changelog.d/5-internal/brig-index-config-dedup
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
De-duplicate brig-index configuration by reading connection settings (elasticsearch, cassandra, galley) from brig.yaml via the -c flag, instead of requiring them as CLI arguments.
51 changes: 8 additions & 43 deletions charts/elasticsearch-index/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,47 +8,12 @@
{{- (semverCompare ">= 1.24-0" (include "kubeVersion" .)) -}}
{{- end -}}

{{- define "useCassandraTLS" -}}
{{ or (hasKey .cassandra "tlsCa") (hasKey .cassandra "tlsCaSecretRef") }}
{{- end -}}

{{/* Return a Dict of TLS CA secret name and key
This is used to switch between provided secret (e.g. by cert-manager) and
created one (in case the CA is provided as PEM string.)
{{/*
NOTE: The following helpers are DEPRECATED.
This chart now uses brig's ConfigMap and Secret for configuration.
TLS settings should be configured via:
- elasticsearchTlsEnabled: true/false
- cassandraTlsEnabled: true/false
- secrets.elasticsearchCaSecretName: name of the secret (default: brig-elasticsearch-ca)
- secrets.cassandraCaSecretName: name of the secret (default: brig-cassandra)
*/}}

{{- define "cassandraTlsSecretName" -}}
{{- if .cassandra.tlsCaSecretRef -}}
{{ .cassandra.tlsCaSecretRef.name }}
{{- else }}
{{- print "elasticsearch-index-migrate-cassandra-client-ca" -}}
{{- end -}}
{{- end -}}

{{- define "cassandraTlsSecretKey" -}}
{{- if .cassandra.tlsCaSecretRef -}}
{{ .cassandra.tlsCaSecretRef.key }}
{{- else }}
{{- print "ca.pem" -}}
{{- end -}}
{{- end -}}

{{- define "configureElasticsearchCa" -}}
{{ or (hasKey .elasticsearch "tlsCa") (hasKey .elasticsearch "tlsCaSecretRef") }}
{{- end -}}

{{- define "elasticsearchTlsSecretName" -}}
{{- if .elasticsearch.tlsCaSecretRef -}}
{{ .elasticsearch.tlsCaSecretRef.name }}
{{- else }}
{{- printf "%s-ca" (include "fullname" .) -}}
{{- end -}}
{{- end -}}

{{- define "elasticsearchTlsSecretKey" -}}
{{- if .elasticsearch.tlsCaSecretRef -}}
{{ .elasticsearch.tlsCaSecretRef.key }}
{{- else }}
{{- print "ca.pem" -}}
{{- end -}}
{{- end -}}
14 changes: 0 additions & 14 deletions charts/elasticsearch-index/templates/cassandra-secret.yaml
View file
Open in desktop

This file was deleted.

85 changes: 26 additions & 59 deletions charts/elasticsearch-index/templates/create-index.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,98 +21,65 @@ spec:
chart: "{{.Chart.Name}}-{{.Chart.Version}}"
spec:
restartPolicy: OnFailure
{{- if or (eq (include "configureElasticsearchCa" .Values) "true") (hasKey .Values.secrets "elasticsearch") }}
volumes:
{{- if hasKey .Values.secrets "elasticsearch" }}
- name: elasticsearch-index-secrets
- name: brig-config
configMap:
name: brig
- name: brig-secrets
secret:
secretName: elasticsearch-index
{{- end }}
{{- if eq (include "configureElasticsearchCa" .Values) "true" }}
secretName: brig
{{- if .Values.elasticsearchTlsEnabled }}
- name: elasticsearch-ca
secret:
secretName: {{ include "elasticsearchTlsSecretName" .Values }}
secretName: {{ .Values.secrets.elasticsearchCaSecretName }}
{{- end }}
{{- end }}
initContainers:
# Creates index in elasticsearch only when it doesn't exist.
# Does nothing if the index exists.
- name: brig-index-create
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
{{- if or (eq (include "configureElasticsearchCa" .Values) "true") (hasKey .Values.secrets "elasticsearch") }}
volumeMounts:
{{- if hasKey .Values.secrets "elasticsearch" }}
- name: "elasticsearch-index-secrets"
mountPath: "/etc/wire/elasticsearch-index/secrets"
{{- end }}

{{- if eq (include "configureElasticsearchCa" .Values) "true" }}
- name: brig-config
mountPath: /etc/wire/brig/conf
- name: brig-secrets
mountPath: /etc/wire/brig/secrets
{{- if .Values.elasticsearchTlsEnabled }}
- name: elasticsearch-ca
mountPath: "/certs/elasticsearch"
mountPath: "/etc/wire/brig/elasticsearch-ca"
{{- end }}
{{- end }}
{{- if eq (include "includeSecurityContext" .) "true" }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 12 }}
{{- end }}
args:
- --config-file
- /etc/wire/brig/conf/brig.yaml
- create
- --elasticsearch-server
- "{{ .Values.elasticsearch.scheme }}://{{ required "missing elasticsearch-index.elasticsearch.host!" .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}"
{{- if hasKey .Values.secrets "elasticsearch" }}
- --elasticsearch-credentials
- "/etc/wire/elasticsearch-index/secrets/elasticsearch-credentials.yaml"
{{- end }}
- --elasticsearch-index
- "{{ or (.Values.elasticsearch.additionalWriteIndex) (.Values.elasticsearch.index) }}"
- --elasticsearch-shards=5
- --elasticsearch-replicas=2
- --elasticsearch-refresh-interval=5
- --elasticsearch-shards={{ default 5 .Values.elasticsearch.shards }}
- --elasticsearch-replicas={{ default 2 .Values.elasticsearch.replicas }}
- --elasticsearch-refresh-interval={{ default 5 .Values.elasticsearch.refreshInterval }}
{{- if .Values.elasticsearch.delete_template }}
- --delete-template
- "{{ .Values.elasticsearch.delete_template }}"
{{- end }}
{{- if eq (include "configureElasticsearchCa" .Values) "true" }}
- --elasticsearch-ca-cert
- /certs/elasticsearch/{{- include "elasticsearchTlsSecretKey" .Values}}
{{- end }}
{{- if .Values.elasticsearch.insecureSkipTlsVerify }}
- --elasticsearch-insecure-skip-tls-verify
{{- end }}
containers:
- name: brig-index-update-mapping
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }}
{{- if or (eq (include "configureElasticsearchCa" .Values) "true") (hasKey .Values.secrets "elasticsearch") }}
volumeMounts:
{{- if hasKey .Values.secrets "elasticsearch" }}
- name: "elasticsearch-index-secrets"
mountPath: "/etc/wire/elasticsearch-index/secrets"
{{- end }}

{{- if eq (include "configureElasticsearchCa" .Values) "true" }}
- name: brig-config
mountPath: /etc/wire/brig/conf
- name: brig-secrets
mountPath: /etc/wire/brig/secrets
{{- if .Values.elasticsearchTlsEnabled }}
- name: elasticsearch-ca
mountPath: "/certs/elasticsearch"
mountPath: "/etc/wire/brig/elasticsearch-ca"
{{- end }}
{{- end }}
{{- if eq (include "includeSecurityContext" .) "true" }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 12 }}
{{- end }}
args:
- --config-file
- /etc/wire/brig/conf/brig.yaml
- update-mapping
- --elasticsearch-server
- "{{ .Values.elasticsearch.scheme }}://{{ required "missing elasticsearch-index.elasticsearch.host!" .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}"
{{- if hasKey .Values.secrets "elasticsearch" }}
- --elasticsearch-credentials
- "/etc/wire/elasticsearch-index/secrets/elasticsearch-credentials.yaml"
{{- end }}
- --elasticsearch-index
- "{{ or (.Values.elasticsearch.additionalWriteIndex) (.Values.elasticsearch.index) }}"
{{- if eq (include "configureElasticsearchCa" .Values) "true" }}
- --elasticsearch-ca-cert
- /certs/elasticsearch/{{- include "elasticsearchTlsSecretKey" .Values}}
{{- end }}
{{- if .Values.elasticsearch.insecureSkipTlsVerify }}
- --elasticsearch-insecure-skip-tls-verify
{{- end }}
14 changes: 0 additions & 14 deletions charts/elasticsearch-index/templates/elasticsearch-ca-secret.yaml
View file
Open in desktop

This file was deleted.

7 changes: 0 additions & 7 deletions charts/elasticsearch-index/templates/helpers.tpl
View file
Open in desktop

This file was deleted.

68 changes: 21 additions & 47 deletions charts/elasticsearch-index/templates/migrate-data.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,62 +27,36 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }}
args:
- --config-file
- /etc/wire/brig/conf/brig.yaml
- migrate-data
- --elasticsearch-server
- "{{ .Values.elasticsearch.scheme }}://{{ required "missing elasticsearch-index.elasticsearch.host!" .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}"
{{- if hasKey .Values.secrets "elasticsearch" }}
- --elasticsearch-credentials
- "/etc/wire/elasticsearch-index/secrets/elasticsearch-credentials.yaml"
{{- end }}
- --elasticsearch-index
- "{{ or (.Values.elasticsearch.additionalWriteIndex) (.Values.elasticsearch.index) }}"
- --cassandra-host
- "{{ required "missing elasticsearch-index.cassandra.host!" .Values.cassandra.host }}"
- --cassandra-port
- "{{ required "missing elasticsearch-index.cassandra.port!" .Values.cassandra.port }}"
- --cassandra-keyspace
- "{{ required "missing elasticsearch-index.cassandra.keyspace!" .Values.cassandra.keyspace }}"
- --galley-host
- "{{ required "missing elasticsearch-index.galley.host!" .Values.galley.host }}"
- --galley-port
- "{{ required "missing elasticsearch-index.galley.port!" .Values.galley.port }}"
{{- if eq (include "useCassandraTLS" .Values) "true" }}
- --cassandra-ca-cert
- /certs/cassandra/{{- include "cassandraTlsSecretKey" .Values }}
{{- end }}
{{- if eq (include "configureElasticsearchCa" .Values) "true" }}
- --elasticsearch-ca-cert
- /certs/elasticsearch/{{- include "elasticsearchTlsSecretKey" .Values}}
{{- end }}
{{- if .Values.elasticsearch.insecureSkipTlsVerify }}
- --elasticsearch-insecure-skip-tls-verify
{{- end }}
volumeMounts:
{{- if hasKey .Values.secrets "elasticsearch" }}
- name: "elasticsearch-index-secrets"
mountPath: "/etc/wire/elasticsearch-index/secrets"
- name: brig-config
mountPath: /etc/wire/brig/conf
- name: brig-secrets
mountPath: /etc/wire/brig/secrets
{{- if .Values.cassandraTlsEnabled }}
- name: cassandra-ca
mountPath: "/etc/wire/brig/cassandra"
{{- end }}
{{- if eq (include "useCassandraTLS" .Values) "true" }}
- name: elasticsearch-index-migrate-cassandra-client-ca
mountPath: "/certs/cassandra"
{{- end }}
{{- if eq (include "configureElasticsearchCa" .Values) "true" }}
{{- if .Values.elasticsearchTlsEnabled }}
- name: elasticsearch-ca
mountPath: "/certs/elasticsearch"
mountPath: "/etc/wire/brig/elasticsearch-ca"
{{- end }}
volumes:
{{- if hasKey .Values.secrets "elasticsearch" }}
- name: elasticsearch-index-secrets
- name: brig-config
configMap:
name: brig
- name: brig-secrets
secret:
secretName: elasticsearch-index
{{- end }}
{{- if eq (include "useCassandraTLS" .Values) "true" }}
- name: elasticsearch-index-migrate-cassandra-client-ca
secretName: brig
{{- if .Values.cassandraTlsEnabled }}
- name: cassandra-ca
secret:
secretName: {{ include "cassandraTlsSecretName" .Values }}
secretName: {{ .Values.secrets.cassandraCaSecretName }}
{{- end }}
{{- if eq (include "configureElasticsearchCa" .Values) "true" }}
{{- if .Values.elasticsearchTlsEnabled }}
- name: elasticsearch-ca
secret:
secretName: {{ include "elasticsearchTlsSecretName" .Values }}
secretName: {{ .Values.secrets.elasticsearchCaSecretName }}
{{- end }}
20 changes: 0 additions & 20 deletions charts/elasticsearch-index/templates/secret.yaml
View file
Open in desktop

This file was deleted.

Loading