Comments (8)
Thank you for the assistance. Everything is working great with the strategy that was added to the FAQ.
from helm-charts.
Hi!
The recommended way to install plugins into our docker images is to create a custom docker image.
The Dockerfile would look something like:
ARG elasticsearch_version
FROM docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_version}
RUN bin/elasticsearch-plugin install --batch repository-gcs
And then updating image:
in values to point to your custom image.
There are a couple reasons we recommend this.
- Tying the availability of Elasticsearch to the download service to install plugins is not a great idea or something that we recommend. Especially in Kubernetes where it is normal and expected for a container to be moved to another host at random times.
- Mutating the state of a running docker image (by installing plugins) goes against best practices of containers and immutable infrastructure.
from helm-charts.
Added an FAQ section in #52
from helm-charts.
Can I generate that with any keystore tool (for example, from a desktop) and have it work with any deployment I do, or is there some seed based on the cluster config that will make that not work?
Yup, it just works! I used the elasticsearch-keystore command from my laptop (macbook running OSX) which works just fine in any other cluster.
from helm-charts.
I see. Thank you!
My next question was going to be how to insert values into the elasticsearch keystore, but it sounds like the answer all-around is custom image. 👍
from helm-charts.
The keystore contains sensitive secrets and isn't really suitable to being baked into the docker image. It would also mean you would need seperate docker images for each cluster you have. It's much better to store it as a kubernetes secret and mount it into the container.
$ kubectl create secret generic elasticsearch-keystore --from-file=./elasticsearch.keystore
Then mount it via the secretMounts
value.
secretMounts:
- name: elasticsearch-keystore
secretName: elasticsearch-keystore
path: /usr/share/elasticsearch/config/elasticsearch.keystore
subPath: elasticsearch.keystore
I have made a note to get both of these examples added into the readme since I'm sure others will have the same question.
from helm-charts.
Sounds great and the FAQ is looking good. I was able to get the gcs-repository working just fine (funny that's the one you put in your example). :)
I had one more question, though. For the elasticsearch.keystore, is it somehow tied to a cluster? Can I generate that with any keystore tool (for example, from a desktop) and have it work with any deployment I do, or is there some seed based on the cluster config that will make that not work?
To get my deploy working I just used the elasticsearch-keystore tool in the custom image I created, but I wasn't sure if that was somehow seeded with a keystore encryption key.
from helm-charts.
I understand in elastic helm chart read me , i see this following lines
kubectl create secret generic encryption-key --from-file=xpack.watcher.encryption_key=./watcher_encryption_key
kubectl create secret generic slack-hook --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd'
but this is bit of confusing to me, Can you please elaborate a little how do we create keystore for aws s3 bucket?
from helm-charts.
Related Issues (20)
- [Kibana] 8.5.1"message":"secrets \"kibana-kibana-es-token\" already exists" HOT 4
- Support file realm in the Elasticsearch spec
- readiness probe also always fails when security is disabled HOT 1
- Readiness probe is failing because of bad SSL HOT 1
- Kibana chart helm install failing with Error: INSTALLATION FAILED: failed pre-install: job failed: BackoffLimitExceeded HOT 5
- Logstash does not respect logstashJavaOpts
- Out of memory error both on
- Kibana chart fails when security disabled HOT 1
- Enabling security breaks ES endpoints.
- Kibana post delete can fail, leaving artifact behind. HOT 2
- Cannot enable Metricbeat modules HOT 1
- Elasticsearch 7.17.9 HOT 1
- [kibana] helm deployment with no values fails, kubeadm kubernetes deployment 1.25.3 HOT 1
- elasticsearch chart optimizes the discovery.seed_hosts Settings HOT 1
- How to add license on the helmchart
- Randomly receive list of indices with kubectl exec on single node installation.
- Kibana 8.5.1 Upgrade failed from 7.17.3- Error: UPGRADE FAILED: pre-upgrade hooks failed: timed out waiting for the condition
- UNABLE_TO_VERIFY_LEAF_SIGNATURE HOT 5
- [logstash] Statefulset annotations
- kibana cannot be installed, output self signed certificate in certificate chain HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm-charts.