elasticsearch-operator

module
v0.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 27, 2017 License: BSD-3-Clause

README

elasticsearch operator

Build Status

The ElasticSearch operator is designed to manage one or more elastic search clusters. Included in the project (initially) is the ability to create the Elastic cluster, deploy the data nodes across zones in your Kubernetes cluster, and snapshot indexes to AWS S3.

Requirements

Kubernetes

The operator was built and tested on a 1.6.X Kubernetes cluster and is the only version supported currently. This is because it is utilizing StatefulSets as well as CronJobs which are not available in previous versions of Kubernetes.

Cloud

The operator was also currently designed to leverage Amazon AWS S3 for snapshot / restore to the elastic cluster. The goal of this project is to extend to support additional clouds and scenarios to make it fully featured.

By swapping out the storage types, this can be used in GKE, but snapshots won't work at the moment.

Demo

Watch a demo here:
Elasticsearch Operator Demo
https://www.youtube.com/watch?v=3HnV7NfgP6A

Usage

The operator is built using the controller + third party resource model. Once the controller is deployed to your cluster, it will automatically create the ThirdPartyResource. Next create a Kubernetes object type elasticsearchCluster to deploy the elastic cluster based upon the TPR.

ThirdPartyResource

Following parameters are available to customize the elastic cluster:

  • client-node-replicas: Number of client node replicas
  • master-node-replicas: Number of master node replicas
  • data-node-replicas: Number of data node replicas
  • zones: Define which zones to deploy data nodes to for high availability (Note: Zones are evenly distributed based upon number of data-node-replicas defined)
  • data-volume-size: Size of persistent volume to attach to data nodes
  • elastic-search-image: Override the elasticsearch image (e.g. upmcenterprises/docker-elasticsearch-kubernetes:5.3.1)
  • snapshot
    • scheduler-enabled: If the cron scheduler should be running to enable snapshotting
    • bucket-name: Name of S3 bucket to dump snaptshots
    • cron-schedule: Cron task definition for intervals to do snapshots
  • storage
    • Using a provisioner
      • type: Defines the type of storage to provision based upon cloud (e.g. gp2)
      • storage-class-provisioner: Defines which type of provisioner to use (e.g. kubernetes.io/aws-ebs)
    • Using an existing Storage Class (e.g. storage class for GlusterFS)
      • storage-class: Name of an existing StorageClass object to use (zones can be [])
  • instrumentation
    • statsd-host: Sets the statsd host to send metrics to if enabled
  • kibana: Deploy kibana to cluster and automatically reference certs from secret
    • image: Image to use (Note: Using custom image since upstream has x-pack installed and causes issues)

Certs secret

The default image used adds TLS to the Elastic cluster. If not existing, secrets are automatically generated by the operator dynamically.

If supplying your own certs, first generate them and add to a secret. Secret should contain truststore.jks and node-keystore.jks. The name of the secret should follow the pattern: es-certs-[ClusterName]. So for example if your cluster is named example-es-cluster then the secret should be `es-certs-example-es-cluster.

Base image

The base image used is upmcenterprises/docker-elasticsearch-kubernetes:5.3.1 which can be overriden by addeding to the custom cluster you create (See: ThirdPartyResource above).

NOTE: If no image is specified, the default noted previously is used.

Image pull secret

If you are using a private repository you can add a pull secret under spec in your ElasticsearchCluster manifest

spec:
  client-node-replicas: 3
  data-node-replicas: 3
  data-volume-size: 10Gi
  java-options: -Xms256m -Xmx256m
  master-node-replicas: 2
  image-pull-secrets:
    - name: pull-secret-name
  snapshot:
    bucket-name: elasticsnapshots99
    cron-schedule: '@every 2m'
    scheduler-enabled: false
  storage:
    storage-class-provisioner: kubernetes.io/aws-ebs
    type: gp2
  zones:
  - us-east-1a
  - us-east-1b
  - us-east-1c

Deploy Operator

To deploy the operator simply deploy to your cluster:

$ kubectl create ns operator
$ kubectl create -f https://raw.githubusercontent.com/upmc-enterprises/elasticsearch-operator/master/example/controller.yaml -n operator

NOTE: In the example we're putting the operator into the namespace operator. If you want to change this, then make sure to update the RBAC rules in the example/controller.yaml spec to match the namespace desired.

Create Example ElasticSearch Cluster

$ kubectl create -f https://raw.githubusercontent.com/upmc-enterprises/elasticsearch-operator/master/example/example-es-cluster.json

NOTE: Creating a custom cluster requires the creation of a ThirdPartyResource. This happens automatically after the controller is created.

Create Example ElasticSearch Cluster (Minikube)

To run the operator on minikube, this sample file is setup to do that. It sets lower Java memory contraints as well as uses the default storage class in Minikube which writes to hostPath.

$ kubectl create -f https://raw.githubusercontent.com/upmc-enterprises/elasticsearch-operator/master/example/example-es-cluster-minikube.json

NOTE: Creating a custom cluster requires the creation of a ThirdPartyResource. This happens automatically after the controller is created.

Resize ElasticSearch Cluster

kubectl apply doesn't work for TPR for the moment. See kubernetes/#29542. As a workaround, we use curl to resize the cluster.

First update the default example configuration, then send a PUT request to the Kubernetes API server. NOTE: The API is acesssed the API service in this example via kubectl proxy.

curl -H 'Content-Type: application/json' -X PUT --data @example/example-es-cluster.json http://127.0.0.1:8001/apis/enterprises.upmc.com/v1/namespaces/default/elasticsearchclusters/example-es-cluster

Snapshot

Elasticsearch can snapshot it's indexes for easy backup / recovery of the cluster. Currently there's an integration to Amazon S3 as the backup respository for snapshots. The upmcenterprises docker images include the S3 Plugin which enables this feature in AWS.

Schedule

Snapshots can be scheduled via a Cron syntax by defining the cron schedule in your elastic cluster. See: https://godoc.org/github.com/robfig/cron

NOTE: Be sure to enable the scheduler as well by setting scheduler-enabled=true

AWS Setup

To enable the snapshots create a bucket in S3, then apply the following IAM permissions to your EC2 instances replacing {!YOUR_BUCKET!} with the correct bucket name.

{
    "Statement": [
        {
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "s3:ListBucketMultipartUploads",
                "s3:ListBucketVersions"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::{!YOUR_BUCKET!}"
            ]
        },
        {
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::{!YOUR_BUCKET!}/*"
            ]
        }
    ],
    "Version": "2012-10-17"
}

Snapshot Authentication

If you are using an elasticsearch image that requires authentication for the snapshot url, you can specify basic auth credentials.

spec:
  client-node-replicas: 3
  data-node-replicas: 3
  data-volume-size: 10Gi
  java-options: -Xms256m -Xmx256m
  master-node-replicas: 2
  snapshot:
    bucket-name: elasticsnapshots99
    cron-schedule: '@every 2m'
    scheduler-enabled: false
    authentication:
     password: betterpasswordneeded
     username: basicauthadmin
  storage:
    storage-class-provisioner: kubernetes.io/aws-ebs
    type: gp2
  zones:
  - us-east-1a
  - us-east-1b
  - us-east-1c

Access Cluster

Once deployed and all pods are running, the cluster can be accessed internally via https://elasticsearch:9200/ or https://${ELASTICSEARCH_SERVICE_HOST}:9200/

alt text

Development

To run the Operator locally:

$ kubectl proxy
$ mkdir -p /tmp/certs/config && mkdir -p /tmp/certs/certs
$ go get -u github.com/cloudflare/cfssl/cmd/cfssl
$ go get -u github.com/cloudflare/cfssl/cmd/cfssljson
$ go run cmd/operator/main.go --kubecfg-file=${HOME}/.kube/config

About

Built by UPMC Enterprises in Pittsburgh, PA. http://enterprises.upmc.com/

Directories

Path Synopsis
cmd
pkg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL