Comments (4)
pebrc
commented on July 22, 2024
1
I think we have settled on an approach for now. Good to close? @nkvoll
from cloud-on-k8s.
nkvoll
commented on July 22, 2024
Before discussing we should come up with more concrete options re how we can solve.
from cloud-on-k8s.
sebgl
commented on July 22, 2024
Need for override
There are several things we might need to override compared to what the official ES Docker image contains:
- elasticsearch.yml settings (can also be passed as env var)
- plugins for our own use (eg. S3 repository plugin)
- extra plugins defined in the stack CRD (eg. hebrew language)
- keystore credentials
- (tweak JVM options?)
Ways to override
1. Build our own Docker image
We can build our own Docker image, inheriting from the official one, and do whatever we need in the start script that we maintain.
# cloud.elastic.co/operator/elasticsearch:6.4.2-1
FROM cloud.elastic.co/elasticsearch/elasticsearch:6.4.2
COPY plugins/ plugins/
COPY "start-script.sh"
CMD ["./start-script.sh"]
This is basically what we do in Cloud with Stack Packs.
Pros:
- Flexibility to do whatever we need before ES starts
- Pre-load usual plugins to avoid waiting for download to complete
Cons:
- Need to maintain lifecycle of these Docker images. One image per ES official Docker image, that we may need to upgrade if we change the content of
start-script.sh.
2. Inject a start script
Instead of maintaining our own Docker image, we could "inject" the script we need to be executed beforehand.
This can be done through a ConfigMap:
kubectl create configmap init-script --from-file /path/to/init-script.sh
# pod spec
spec:
volumeMounts:
- name: init-script
mountPath: /scripts
volumes:
- name: init-script
configMap:
name: init-script
defaultMode: 0744 # execution right2.1 In the ES container
We can choose to inject this script within the ES container directly, and tweak the main command to not run Elasticsearch:
command: ["/scripts/init-script.sh"]2.2 In an init container
We can use an init container to perform whatever needs to before running the official ES container.
By reusing the same ES official Docker image as the init container image, we can ensure the use of the appropriate versioned tool (eg. bin/elasticsearch-plugin).
For changes to be persisted between the init containers and the ES container, we can rely on emptyDir volumes.
That is, we would need volumes for the following:
config/(includingelasticsearch.ymland plugin config directories - see elasticsearch-plugin source code)plugins/bin/(for plugin scripts... but also includes ES binaries)- etc?
For simplicity, that could be the entire ES directory from the init container that we copy over there.
Pros:
- No need to maintain a lifecycle of Docker Images corresponding to a particular ES version, we can reuse the same ES Docker image.
- A bit hacky but simpler to get started
- (with the init container:) we can inject some secrets in the init container, that are not injected in the ES container (eg. TLS stuff).
Cons:
- Need to wait for all plugins to be downloaded, since they're not part of the official image.
- Less flexibility in what we can do: limited to copying a shell or python script (that's probably enough though?)
- (with the init container:) shared volumes complexity
- Init script lifecycle management?
- ConfigMap needs to be in the same namespace as ES pods
from cloud-on-k8s.
nkvoll
commented on July 22, 2024
Taking 1) sounds to me to be the right way to go longer term, but perhaps taking 2) might be a good way to progress right now with fewer deps and learning more/quicker about our requirements for what we'd want 1) to do vs what we'd want a pod-level sidecar to do.
For 2, the init script potentially needs to be potentially versioned, but if we go with supporting a limited version range for now it will probably be the same, so we have a trivial way of starting.
Init container (2.2) sounds the way to go to initialize the pod rather than replacing the command for the ES container -- less reaching into an official image to change stuff at runtime. E.g in the init containers, by using the ES container image, install plugins and copy stuff into different emptyDirs shared with the container images, facilitating shared-disk/volumes between the ES container image and a potential sidecar.
We do need to consider what we'd want the interface between the ES image and the rest of the Pod to be in terms of what volumes we're using, what paths we mount them to (e.g should we always assume /usr/share/elasticsearch/plugins ? Sounds like potentially an env variable?). Not that we need to make everything completely configurable/pluggable straight away, but it is something to consider for down the line.
from cloud-on-k8s.
Related Issues (20)
- Custom Logs with operator eck dosen't works HOT 1
- How many Elasticsearch clusters can I deploy with ECK HOT 2
- Hardened Security Context for Kibana HOT 1
- Enable configuring of services created, or creation of new services, from eck-elasticsearch helm chart
- Support remote clusters using API keys
- Doc: Add messaging about autoscaling for Logstash on ECK
- opentelemetry collector -> APM server 401 error
- Missing ECK network policy for Isolating Elasticsearch Nodes (Ingress 9300)
- Delayed Elasticsearch Pod Initialization HOT 1
- Use Elasticearch readiness port instead of / for Pod readiness HOT 2
- Use secret hash instead of resource version to recreate pods when updating secure settings secrets
- TestFleetAPMIntegrationRecipe is failing
- Update docs listing eck versions causing rolling restart
- Custom Logstash service labels are not preserved HOT 1
- Reconciler error on upgrade from 8.13.3 to 8.13.4 HOT 6
- Breakdown usage by managed application
- Alert on operator panics during e2e tests
- Update to 8.14.0 from any version before 8.4.0 causes Elasticsearch pod to not reach a ready state
- null-valued setting found for key [node.attr.zone] found at line number [20], column number [11] HOT 5
- When scaling down StatefulSets, will PVCs be deleted together? Is this implemented in the operator? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloud-on-k8s.