英文:
How can I edit elasticsearch.yml when deploying the StatefulSet via a yml manifest?
问题
我想要启用ElasticSearch的安全功能,根据这个教程,我需要将 xpack.security.enabled: true 添加到elasticsearch.yml文件中来实现。
我尝试通过添加以下命令来做到这一点:
command:
- "sh"
- "-c"
- "echo 'xpack.security.enabled: true >> /usr/share/elasticsearch/config/elasticsearch.yml"
但这导致Pod进入CrashLoopBackOff状态。起初,我认为这是因为elasticsearch.yml文件在这一点上不存在,但当我将命令更改为:
command:
- "sh"
- "-c"
- "cat /usr/share/elasticsearch/config/elasticsearch.yml"
我可以通过 kubectl logs <pod-name> 看到它确实存在,并包含以下行:
cluster.name: "docker-cluster"
network.host: 0.0.0.0
奇怪的是,即使我使用一个非常简单的命令,比如 ls,我总是收到CrashLoopBackOff的错误。
这是ElasticSearch StatefulSet的完整清单文件:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es-cluster
namespace: efk-stack
spec:
serviceName: elasticsearch
replicas: 3
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10
command:
- "sh"
- "-c"
- "cat /usr/share/elasticsearch/config/elasticsearch.yml"
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: rest
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
env:
- name: cluster.name
value: k8s-logs
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.seed_hosts
value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
- name: cluster.initial_master_nodes
value: "es-cluster-0,es-cluster-1,es-cluster-2"
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
- name: increase-vm-max-map
image: busybox
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
- name: increase-fd-ulimit
image: busybox
command: ["sh", "-c", "ulimit -n 65536"]
securityContext:
privileged: true
volumeClaimTemplates:
- metadata:
name: data
labels:
app: elasticsearch
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 3Gi
注意:清单文件中的 " 是HTML编码,实际上应该是双引号 "。
英文:
I want to enable the security features of ElasticSearch and according to this tutorial I need to add xpack.security.enabled: true to elasticsearch.yml to do so.
I tried doing this by adding the following command:
command:
- "sh"
- "-c"
- "echo 'xpack.security.enabled: true >> /usr/share/elasticsearch/config/elasticsearch.yml"
But this put the pod into a CrashLoopBackOff. At first I thought this was because the elasticsearch.yml file did not exist at this point, but when I changed the command to:
command:
- "sh"
- "-c"
- "cat /usr/share/elasticsearch/config/elasticsearch.yml"
I could see with kubectl logs <pod-name> that it does exist and contains the following lines:
cluster.name: "docker-cluster"
network.host: 0.0.0.0
Strangely, even if I use a very simple command like ls I always get the CrashLoopBackOff.
This is the complete manifest file of the ElasticSearch StatefulSet:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es-cluster
namespace: efk-stack
spec:
serviceName: elasticsearch
replicas: 3
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10
command:
- "sh"
- "-c"
- "cat /usr/share/elasticsearch/config/elasticsearch.yml"
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: rest
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
env:
- name: cluster.name
value: k8s-logs
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.seed_hosts
value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
- name: cluster.initial_master_nodes
value: "es-cluster-0,es-cluster-1,es-cluster-2"
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
- name: increase-vm-max-map
image: busybox
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
- name: increase-fd-ulimit
image: busybox
command: ["sh", "-c", "ulimit -n 65536"]
securityContext:
privileged: true
volumeClaimTemplates:
- metadata:
name: data
labels:
app: elasticsearch
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 3Gi
答案1
得分: 1
如果我理解正确,您的主要目标只是编辑/usr/share/elasticsearch/config/elasticsearch.yml文件,然后使elasticsearch正常启动?
在这种情况下,ConfigMap和VolumeMount是您的朋友。
TL;DR:创建一个ConfigMap,包含您想要放入elasticsearch.yml的全部内容(即不仅仅是要添加的部分),并将其挂载为卷到/usr/share/elasticsearch/config/elasticsearch.yml。这将在启动时覆盖文件。
示例:
apiVersion: v1
kind: ConfigMap
metadata:
name: my-configmap
namespace: efk-stack
data:
elasticsearch.yml: |-
foo: bar
baz: foo
xpack.security.enabled: true
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es-cluster
namespace: efk-stack
spec:
serviceName: elasticsearch
replicas: 3
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
### 添加部分:
volumes:
- name: my-configmap
configMap:
name: my-configmap
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10
## 移除以使用默认启动命令
# command:
# - "sh"
# - "-c"
# - "cat /usr/share/elasticsearch/config/elasticsearch.yml"
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: rest
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
## 添加部分
- name: my-configmap
subPath: elasticsearch.yml
readOnly: true
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
env:
- name: cluster.name
value: k8s-logs
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.seed_hosts
value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
- name: cluster.initial_master_nodes
value: "es-cluster-0,es-cluster-1,es-cluster-2"
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
- name: increase-vm-max-map
image: busybox
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
- name: increase-fd-ulimit
image: busybox
command: ["sh", "-c", "ulimit -n 65536"]
securityContext:
privileged: true
volumeClaimTemplates:
- metadata:
name: data
labels:
app: elasticsearch
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 3Gi
请注意,上述代码中的中文注释是为了帮助您理解代码。
英文:
If I understand you correctly, you main goal is simply to edit the /usr/share/elasticsearch/config/elasticsearch.yml file and then have elastisearch start up as normal?
I that case a ConfigMap and a VolumeMount are your friend.
TL;DR: Create a ConfigMap with the entire contents that you want in elasticsearch.yml (i.e. not just the part you want to add) and mount that as a volume at /usr/share/elasticsearch/config/elasticsearch.yml. This will overwrite the file at startup.
As follows:
apiVersion: v1
kind: ConfigMap
metadata:
name: my-configmap
namespace: efk-stack
data:
elasticsearch.yml: |-
foo: bar
baz: foo
xpack.security.enabled: true
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es-cluster
namespace: efk-stack
spec:
serviceName: elasticsearch
replicas: 3
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
### added:
volumes:
- name: my-configmap
configMap:
name: my-configmap
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10
## removed so that default startup command is used
# command:
# - "sh"
# - "-c"
# - "cat /usr/share/elasticsearch/config/elasticsearch.yml"
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: rest
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
## added
- name: my-configmap
subPath: elasticsearch.yml
readOnly: true
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
env:
- name: cluster.name
value: k8s-logs
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.seed_hosts
value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
- name: cluster.initial_master_nodes
value: "es-cluster-0,es-cluster-1,es-cluster-2"
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
- name: increase-vm-max-map
image: busybox
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
- name: increase-fd-ulimit
image: busybox
command: ["sh", "-c", "ulimit -n 65536"]
securityContext:
privileged: true
volumeClaimTemplates:
- metadata:
name: data
labels:
app: elasticsearch
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 3Gi
答案2
得分: 0
最简单的方法是使用图像的基本启动,不要尝试使用特殊的执行命令。
一旦您的 Pod 正常启动,使用 kubectl exec 命令将 Pod 上的文件复制到主机上,以便您可以编辑需要修改的文件。
然后,最后您只需编辑它并将其用作 Pod 的挂载卷即可。
英文:
The easiest way is to use the basic start of the image don't try to use a special exec cmd .
Once your pod did a normal start , use cat file_location_on_pod>>file_location_on_host with kubectl exec to have the file you need to modify on your Host.
Then finally you will just edit it and use it as a mount volume for your pod.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论