如何在通过yml清单部署StatefulSet时编辑elasticsearch.yml?

huangapple
go评论115阅读模式
英文:

How can I edit elasticsearch.yml when deploying the StatefulSet via a yml manifest?

问题

我想要启用ElasticSearch的安全功能,根据这个教程,我需要将 xpack.security.enabled: true 添加到elasticsearch.yml文件中来实现。

我尝试通过添加以下命令来做到这一点:

  1.  command:
  2.    - "sh"
  3.    - "-c"
  4.    - "echo 'xpack.security.enabled: true >> /usr/share/elasticsearch/config/elasticsearch.yml"

但这导致Pod进入CrashLoopBackOff状态。起初,我认为这是因为elasticsearch.yml文件在这一点上不存在,但当我将命令更改为:

  1.  command:
  2.    - "sh"
  3.    - "-c"
  4.    - "cat /usr/share/elasticsearch/config/elasticsearch.yml"

我可以通过 kubectl logs <pod-name> 看到它确实存在,并包含以下行:

  1. cluster.name: "docker-cluster"
  2. network.host: 0.0.0.0

奇怪的是,即使我使用一个非常简单的命令,比如 ls,我总是收到CrashLoopBackOff的错误。

这是ElasticSearch StatefulSet的完整清单文件:

  1. apiVersion: apps/v1
  2. kind: StatefulSet
  3. metadata:
  4.   name: es-cluster
  5.   namespace: efk-stack
  6. spec:
  7.   serviceName: elasticsearch
  8.   replicas: 3
  9.   selector:
  10.     matchLabels:
  11.       app: elasticsearch
  12.   template:
  13.     metadata:
  14.       labels:
  15.         app: elasticsearch
  16.     spec:
  17.       containers:
  18.       - name: elasticsearch
  19.         image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10
  20.         command:
  21.             - "sh"
  22.             - "-c"
  23.             - "cat /usr/share/elasticsearch/config/elasticsearch.yml"
  24.         resources:
  25.             limits:
  26.               cpu: 1000m
  27.             requests:
  28.               cpu: 100m
  29.         ports:
  30.         - containerPort: 9200
  31.           name: rest
  32.           protocol: TCP
  33.         - containerPort: 9300
  34.           name: inter-node
  35.           protocol: TCP
  36.         volumeMounts:
  37.         - name: data
  38.           mountPath: /usr/share/elasticsearch/data
  39.         env:
  40.           - name: cluster.name
  41.             value: k8s-logs
  42.           - name: node.name
  43.             valueFrom:
  44.               fieldRef:
  45.                 fieldPath: metadata.name
  46.           - name: discovery.seed_hosts
  47.             value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
  48.           - name: cluster.initial_master_nodes
  49.             value: "es-cluster-0,es-cluster-1,es-cluster-2"
  50.           - name: ES_JAVA_OPTS
  51.             value: "-Xms512m -Xmx512m"
  52.       initContainers:
  53.       - name: fix-permissions
  54.         image: busybox
  55.         command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
  56.         securityContext:
  57.           privileged: true
  58.         volumeMounts:
  59.         - name: data
  60.           mountPath: /usr/share/elasticsearch/data
  61.       - name: increase-vm-max-map
  62.         image: busybox
  63.         command: ["sysctl", "-w", "vm.max_map_count=262144"]
  64.         securityContext:
  65.           privileged: true
  66.       - name: increase-fd-ulimit
  67.         image: busybox
  68.         command: ["sh", "-c", "ulimit -n 65536"]
  69.         securityContext:
  70.           privileged: true
  71.   volumeClaimTemplates:
  72.   - metadata:
  73.       name: data
  74.       labels:
  75.         app: elasticsearch
  76.     spec:
  77.       accessModes: [ "ReadWriteOnce" ]
  78.       resources:
  79.         requests:
  80.           storage: 3Gi

注意:清单文件中的 " 是HTML编码,实际上应该是双引号 "

英文:

I want to enable the security features of ElasticSearch and according to this tutorial I need to add xpack.security.enabled: true to elasticsearch.yml to do so.

I tried doing this by adding the following command:

  1.  command:
  2. - "sh"
  3. - "-c"
  4. - "echo 'xpack.security.enabled: true >> /usr/share/elasticsearch/config/elasticsearch.yml"

But this put the pod into a CrashLoopBackOff. At first I thought this was because the elasticsearch.yml file did not exist at this point, but when I changed the command to:

  1.  command:
  2. - "sh"
  3. - "-c"
  4. - "cat /usr/share/elasticsearch/config/elasticsearch.yml"

I could see with kubectl logs <pod-name> that it does exist and contains the following lines:

  1. cluster.name: "docker-cluster"
  2. network.host: 0.0.0.0

Strangely, even if I use a very simple command like ls I always get the CrashLoopBackOff.

This is the complete manifest file of the ElasticSearch StatefulSet:

  1. apiVersion: apps/v1
  2. kind: StatefulSet
  3. metadata:
  4. name: es-cluster
  5. namespace: efk-stack
  6. spec:
  7. serviceName: elasticsearch
  8. replicas: 3
  9. selector:
  10. matchLabels:
  11. app: elasticsearch
  12. template:
  13. metadata:
  14. labels:
  15. app: elasticsearch
  16. spec:
  17. containers:
  18. - name: elasticsearch
  19. image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10
  20. command:
  21. - "sh"
  22. - "-c"
  23. - "cat /usr/share/elasticsearch/config/elasticsearch.yml"
  24. resources:
  25. limits:
  26. cpu: 1000m
  27. requests:
  28. cpu: 100m
  29. ports:
  30. - containerPort: 9200
  31. name: rest
  32. protocol: TCP
  33. - containerPort: 9300
  34. name: inter-node
  35. protocol: TCP
  36. volumeMounts:
  37. - name: data
  38. mountPath: /usr/share/elasticsearch/data
  39. env:
  40. - name: cluster.name
  41. value: k8s-logs
  42. - name: node.name
  43. valueFrom:
  44. fieldRef:
  45. fieldPath: metadata.name
  46. - name: discovery.seed_hosts
  47. value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
  48. - name: cluster.initial_master_nodes
  49. value: "es-cluster-0,es-cluster-1,es-cluster-2"
  50. - name: ES_JAVA_OPTS
  51. value: "-Xms512m -Xmx512m"
  52. initContainers:
  53. - name: fix-permissions
  54. image: busybox
  55. command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
  56. securityContext:
  57. privileged: true
  58. volumeMounts:
  59. - name: data
  60. mountPath: /usr/share/elasticsearch/data
  61. - name: increase-vm-max-map
  62. image: busybox
  63. command: ["sysctl", "-w", "vm.max_map_count=262144"]
  64. securityContext:
  65. privileged: true
  66. - name: increase-fd-ulimit
  67. image: busybox
  68. command: ["sh", "-c", "ulimit -n 65536"]
  69. securityContext:
  70. privileged: true
  71. volumeClaimTemplates:
  72. - metadata:
  73. name: data
  74. labels:
  75. app: elasticsearch
  76. spec:
  77. accessModes: [ "ReadWriteOnce" ]
  78. resources:
  79. requests:
  80. storage: 3Gi

答案1

得分: 1

如果我理解正确,您的主要目标只是编辑/usr/share/elasticsearch/config/elasticsearch.yml文件,然后使elasticsearch正常启动?

在这种情况下,ConfigMap和VolumeMount是您的朋友。

TL;DR:创建一个ConfigMap,包含您想要放入elasticsearch.yml全部内容(即不仅仅是要添加的部分),并将其挂载为卷到/usr/share/elasticsearch/config/elasticsearch.yml。这将在启动时覆盖文件。

示例:

  1. apiVersion: v1
  2. kind: ConfigMap
  3. metadata:
  4.   name: my-configmap
  5.   namespace: efk-stack
  6. data:
  7.   elasticsearch.yml: |-
  8.     foo: bar
  9.     baz: foo
  10.     xpack.security.enabled: true    
  11. ---
  12. apiVersion: apps/v1
  13. kind: StatefulSet
  14. metadata:
  15.   name: es-cluster
  16.   namespace: efk-stack
  17. spec:
  18.   serviceName: elasticsearch
  19.   replicas: 3
  20.   selector:
  21.     matchLabels:
  22.       app: elasticsearch
  23.   template:
  24.     metadata:
  25.       labels:
  26.         app: elasticsearch
  27.     spec:
  29.       ### 添加部分:
  30.       volumes:
  31.         - name: my-configmap
  32.           configMap:
  33.             name: my-configmap
  34.       containers:
  35.       - name: elasticsearch
  36.         image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10
  38.         ## 移除以使用默认启动命令
  39.         # command:
  40.         #     - "sh"
  41.         #     - "-c"
  42.         #    - "cat /usr/share/elasticsearch/config/elasticsearch.yml"
  44.         resources:
  45.             limits:
  46.               cpu: 1000m
  47.             requests:
  48.               cpu: 100m
  49.         ports:
  50.         - containerPort: 9200
  51.           name: rest
  52.           protocol: TCP
  53.         - containerPort: 9300
  54.           name: inter-node
  55.           protocol: TCP
  56.         volumeMounts:
  57.         - name: data
  58.           mountPath: /usr/share/elasticsearch/data
  60.         ## 添加部分
  61.         - name: my-configmap
  62.           subPath: elasticsearch.yml
  63.           readOnly: true
  64.           mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
  66.         env:
  67.           - name: cluster.name
  68.             value: k8s-logs
  69.           - name: node.name
  70.             valueFrom:
  71.               fieldRef:
  72.                 fieldPath: metadata.name
  73.           - name: discovery.seed_hosts
  74.             value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
  75.           - name: cluster.initial_master_nodes
  76.             value: "es-cluster-0,es-cluster-1,es-cluster-2"
  77.           - name: ES_JAVA_OPTS
  78.             value: "-Xms512m -Xmx512m"
  79.       initContainers:
  80.       - name: fix-permissions
  81.         image: busybox
  82.         command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
  83.         securityContext:
  84.           privileged: true
  85.         volumeMounts:
  86.         - name: data
  87.           mountPath: /usr/share/elasticsearch/data
  88.       - name: increase-vm-max-map
  89.         image: busybox
  90.         command: ["sysctl", "-w", "vm.max_map_count=262144"]
  91.         securityContext:
  92.           privileged: true
  93.       - name: increase-fd-ulimit
  94.         image: busybox
  95.         command: ["sh", "-c", "ulimit -n 65536"]
  96.         securityContext:
  97.           privileged: true
  98.   volumeClaimTemplates:
  99.   - metadata:
  100.       name: data
  101.       labels:
  102.         app: elasticsearch
  103.     spec:
  104.       accessModes: [ "ReadWriteOnce" ]
  105.       resources:
  106.         requests:
  107.           storage: 3Gi

请注意,上述代码中的中文注释是为了帮助您理解代码。

英文:

If I understand you correctly, you main goal is simply to edit the /usr/share/elasticsearch/config/elasticsearch.yml file and then have elastisearch start up as normal?

I that case a ConfigMap and a VolumeMount are your friend.

TL;DR: Create a ConfigMap with the entire contents that you want in elasticsearch.yml (i.e. not just the part you want to add) and mount that as a volume at /usr/share/elasticsearch/config/elasticsearch.yml. This will overwrite the file at startup.

As follows:

  1. apiVersion: v1
  2. kind: ConfigMap
  3. metadata:
  4. name: my-configmap
  5. namespace: efk-stack
  6. data:
  7. elasticsearch.yml: |-
  8. foo: bar
  9. baz: foo
  10. xpack.security.enabled: true    
  11. ---
  12. apiVersion: apps/v1
  13. kind: StatefulSet
  14. metadata:
  15. name: es-cluster
  16. namespace: efk-stack
  17. spec:
  18. serviceName: elasticsearch
  19. replicas: 3
  20. selector:
  21. matchLabels:
  22. app: elasticsearch
  23. template:
  24. metadata:
  25. labels:
  26. app: elasticsearch
  27. spec:
  28. ### added:
  29. volumes:
  30. - name: my-configmap
  31. configMap:
  32. name: my-configmap
  33. containers:
  34. - name: elasticsearch
  35. image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10
  36. ## removed so that default startup command is used
  37. # command:
  38. #     - "sh"
  39. #     - "-c"
  40. #    - "cat /usr/share/elasticsearch/config/elasticsearch.yml"
  41. resources:
  42. limits:
  43. cpu: 1000m
  44. requests:
  45. cpu: 100m
  46. ports:
  47. - containerPort: 9200
  48. name: rest
  49. protocol: TCP
  50. - containerPort: 9300
  51. name: inter-node
  52. protocol: TCP
  53. volumeMounts:
  54. - name: data
  55. mountPath: /usr/share/elasticsearch/data
  56. ## added
  57. - name: my-configmap
  58. subPath: elasticsearch.yml 
  59. readOnly: true
  60. mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
  61. env:
  62. - name: cluster.name
  63. value: k8s-logs
  64. - name: node.name
  65. valueFrom:
  66. fieldRef:
  67. fieldPath: metadata.name
  68. - name: discovery.seed_hosts
  69. value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
  70. - name: cluster.initial_master_nodes
  71. value: "es-cluster-0,es-cluster-1,es-cluster-2"
  72. - name: ES_JAVA_OPTS
  73. value: "-Xms512m -Xmx512m"
  74. initContainers:
  75. - name: fix-permissions
  76. image: busybox
  77. command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
  78. securityContext:
  79. privileged: true
  80. volumeMounts:
  81. - name: data
  82. mountPath: /usr/share/elasticsearch/data
  83. - name: increase-vm-max-map
  84. image: busybox
  85. command: ["sysctl", "-w", "vm.max_map_count=262144"]
  86. securityContext:
  87. privileged: true
  88. - name: increase-fd-ulimit
  89. image: busybox
  90. command: ["sh", "-c", "ulimit -n 65536"]
  91. securityContext:
  92. privileged: true
  93. volumeClaimTemplates:
  94. - metadata:
  95. name: data
  96. labels:
  97. app: elasticsearch
  98. spec:
  99. accessModes: [ "ReadWriteOnce" ]
  100. resources:
  101. requests:
  102. storage: 3Gi

答案2

得分: 0

最简单的方法是使用图像的基本启动,不要尝试使用特殊的执行命令。
一旦您的 Pod 正常启动,使用 kubectl exec 命令将 Pod 上的文件复制到主机上,以便您可以编辑需要修改的文件。

然后,最后您只需编辑它并将其用作 Pod 的挂载卷即可。

英文:

The easiest way is to use the basic start of the image don't try to use a special exec cmd .
Once your pod did a normal start , use cat file_location_on_pod>>file_location_on_host with kubectl exec to have the file you need to modify on your Host.

Then finally you will just edit it and use it as a mount volume for your pod.

huangapple
  • 本文由 发表于 2023年7月10日 23:37:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/76655294.html
  • azure-aks
  • elasticsearch
  • kubernetes
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定