如何在通过yml清单部署StatefulSet时编辑elasticsearch.yml?

huangapple go评论89阅读模式
英文:

How can I edit elasticsearch.yml when deploying the StatefulSet via a yml manifest?

问题

我想要启用ElasticSearch的安全功能,根据这个教程,我需要将 xpack.security.enabled: true 添加到elasticsearch.yml文件中来实现。

我尝试通过添加以下命令来做到这一点:

 command:
   - "sh"
   - "-c"
   - "echo 'xpack.security.enabled: true >> /usr/share/elasticsearch/config/elasticsearch.yml"

但这导致Pod进入CrashLoopBackOff状态。起初,我认为这是因为elasticsearch.yml文件在这一点上不存在,但当我将命令更改为:

 command:
   - "sh"
   - "-c"
   - "cat /usr/share/elasticsearch/config/elasticsearch.yml"

我可以通过 kubectl logs <pod-name> 看到它确实存在,并包含以下行:

cluster.name: "docker-cluster"
network.host: 0.0.0.0

奇怪的是,即使我使用一个非常简单的命令,比如 ls,我总是收到CrashLoopBackOff的错误。

这是ElasticSearch StatefulSet的完整清单文件:

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: es-cluster
  namespace: efk-stack
spec:
  serviceName: elasticsearch
  replicas: 3
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      containers:
      - name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10
        command:
            - "sh"
            - "-c"
            - "cat /usr/share/elasticsearch/config/elasticsearch.yml"
        resources:
            limits:
              cpu: 1000m
            requests:
              cpu: 100m
        ports:
        - containerPort: 9200
          name: rest
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        env:
          - name: cluster.name
            value: k8s-logs
          - name: node.name
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: discovery.seed_hosts
            value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
          - name: cluster.initial_master_nodes
            value: "es-cluster-0,es-cluster-1,es-cluster-2"
          - name: ES_JAVA_OPTS
            value: "-Xms512m -Xmx512m"
      initContainers:
      - name: fix-permissions
        image: busybox
        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
        securityContext:
          privileged: true
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
      - name: increase-vm-max-map
        image: busybox
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      - name: increase-fd-ulimit
        image: busybox
        command: ["sh", "-c", "ulimit -n 65536"]
        securityContext:
          privileged: true
  volumeClaimTemplates:
  - metadata:
      name: data
      labels:
        app: elasticsearch
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 3Gi

注意:清单文件中的 " 是HTML编码,实际上应该是双引号 "

英文:

I want to enable the security features of ElasticSearch and according to this tutorial I need to add xpack.security.enabled: true to elasticsearch.yml to do so.

I tried doing this by adding the following command:

 command:
- "sh"
- "-c"
- "echo 'xpack.security.enabled: true >> /usr/share/elasticsearch/config/elasticsearch.yml"

But this put the pod into a CrashLoopBackOff. At first I thought this was because the elasticsearch.yml file did not exist at this point, but when I changed the command to:

 command:
- "sh"
- "-c"
- "cat /usr/share/elasticsearch/config/elasticsearch.yml"

I could see with kubectl logs <pod-name> that it does exist and contains the following lines:

cluster.name: "docker-cluster"
network.host: 0.0.0.0

Strangely, even if I use a very simple command like ls I always get the CrashLoopBackOff.

This is the complete manifest file of the ElasticSearch StatefulSet:

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es-cluster
namespace: efk-stack
spec:
serviceName: elasticsearch
replicas: 3
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10
command:
- "sh"
- "-c"
- "cat /usr/share/elasticsearch/config/elasticsearch.yml"
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: rest
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
env:
- name: cluster.name
value: k8s-logs
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.seed_hosts
value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
- name: cluster.initial_master_nodes
value: "es-cluster-0,es-cluster-1,es-cluster-2"
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
- name: increase-vm-max-map
image: busybox
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
- name: increase-fd-ulimit
image: busybox
command: ["sh", "-c", "ulimit -n 65536"]
securityContext:
privileged: true
volumeClaimTemplates:
- metadata:
name: data
labels:
app: elasticsearch
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 3Gi

答案1

得分: 1

如果我理解正确,您的主要目标只是编辑/usr/share/elasticsearch/config/elasticsearch.yml文件,然后使elasticsearch正常启动?

在这种情况下,ConfigMap和VolumeMount是您的朋友。

TL;DR:创建一个ConfigMap,包含您想要放入elasticsearch.yml全部内容(即不仅仅是要添加的部分),并将其挂载为卷到/usr/share/elasticsearch/config/elasticsearch.yml。这将在启动时覆盖文件。

示例:

apiVersion: v1
kind: ConfigMap
metadata:
  name: my-configmap
  namespace: efk-stack
data:
  elasticsearch.yml: |-
    foo: bar
    baz: foo
    xpack.security.enabled: true    
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: es-cluster
  namespace: efk-stack
spec:
  serviceName: elasticsearch
  replicas: 3
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:

      ### 添加部分:
      volumes:
        - name: my-configmap
          configMap:
            name: my-configmap
      containers:
      - name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10

        ## 移除以使用默认启动命令
        # command:
        #     - "sh"
        #     - "-c"
        #    - "cat /usr/share/elasticsearch/config/elasticsearch.yml"

        resources:
            limits:
              cpu: 1000m
            requests:
              cpu: 100m
        ports:
        - containerPort: 9200
          name: rest
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data

        ## 添加部分
        - name: my-configmap
          subPath: elasticsearch.yml
          readOnly: true
          mountPath: /usr/share/elasticsearch/config/elasticsearch.yml

        env:
          - name: cluster.name
            value: k8s-logs
          - name: node.name
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: discovery.seed_hosts
            value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
          - name: cluster.initial_master_nodes
            value: "es-cluster-0,es-cluster-1,es-cluster-2"
          - name: ES_JAVA_OPTS
            value: "-Xms512m -Xmx512m"
      initContainers:
      - name: fix-permissions
        image: busybox
        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
        securityContext:
          privileged: true
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
      - name: increase-vm-max-map
        image: busybox
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      - name: increase-fd-ulimit
        image: busybox
        command: ["sh", "-c", "ulimit -n 65536"]
        securityContext:
          privileged: true
  volumeClaimTemplates:
  - metadata:
      name: data
      labels:
        app: elasticsearch
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 3Gi

请注意,上述代码中的中文注释是为了帮助您理解代码。

英文:

If I understand you correctly, you main goal is simply to edit the /usr/share/elasticsearch/config/elasticsearch.yml file and then have elastisearch start up as normal?

I that case a ConfigMap and a VolumeMount are your friend.

TL;DR: Create a ConfigMap with the entire contents that you want in elasticsearch.yml (i.e. not just the part you want to add) and mount that as a volume at /usr/share/elasticsearch/config/elasticsearch.yml. This will overwrite the file at startup.

As follows:

apiVersion: v1
kind: ConfigMap
metadata:
name: my-configmap
namespace: efk-stack
data:
elasticsearch.yml: |-
foo: bar
baz: foo
xpack.security.enabled: true    
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es-cluster
namespace: efk-stack
spec:
serviceName: elasticsearch
replicas: 3
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
### added:
volumes:
- name: my-configmap
configMap:
name: my-configmap
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10
## removed so that default startup command is used
# command:
#     - "sh"
#     - "-c"
#    - "cat /usr/share/elasticsearch/config/elasticsearch.yml"
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: rest
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
## added
- name: my-configmap
subPath: elasticsearch.yml 
readOnly: true
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
env:
- name: cluster.name
value: k8s-logs
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.seed_hosts
value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
- name: cluster.initial_master_nodes
value: "es-cluster-0,es-cluster-1,es-cluster-2"
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
- name: increase-vm-max-map
image: busybox
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
- name: increase-fd-ulimit
image: busybox
command: ["sh", "-c", "ulimit -n 65536"]
securityContext:
privileged: true
volumeClaimTemplates:
- metadata:
name: data
labels:
app: elasticsearch
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 3Gi

答案2

得分: 0

最简单的方法是使用图像的基本启动,不要尝试使用特殊的执行命令。
一旦您的 Pod 正常启动,使用 kubectl exec 命令将 Pod 上的文件复制到主机上,以便您可以编辑需要修改的文件。

然后,最后您只需编辑它并将其用作 Pod 的挂载卷即可。

英文:

The easiest way is to use the basic start of the image don't try to use a special exec cmd .
Once your pod did a normal start , use cat file_location_on_pod>>file_location_on_host with kubectl exec to have the file you need to modify on your Host.

Then finally you will just edit it and use it as a mount volume for your pod.

huangapple
  • 本文由 发表于 2023年7月10日 23:37:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/76655294.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定