search

apecloud / kubeblocks

KubeBlocks is an open-source control plane software that runs and manages databases, message queues and other stateful applications on K8s.
https://kubeblocks.io
GNU Affero General Public License v3.0
2.08k stars 169 forks source link

[BUG]how to set elasticsearch cluster password #8196

Closed shuoshadow closed 5 days ago

shuoshadow commented 6 days ago

I set the Elasticsearch cluster’s user password using environment variables, but it doesn’t take effect.

apiVersion: v1
kind: Secret
metadata:
  name: elastic-credentials
  namespace: kb-cloud
type: Opaque
stringData:
  username: elastic
  password: vYxdfazdfIJnnKas
apiVersion: apps.kubeblocks.io/v1alpha1
kind: Cluster
metadata:
  annotations:
    kubeblocks.io/extra-env: '{"mdit-roles":"master,data,ingest,transform","mode":"multi-node"}'
  labels:
    app.kubernetes.io/instance: dev-es
    app.kubernetes.io/version: 7.10.1
    helm.sh/chart: elasticsearch-cluster-0.9.0
  name: dev-es
  namespace: kb-cloud
spec:
  tolerations:
    - key: "node-type"
      operator: "Equal"
      value: "mid"
      effect: "NoSchedule"
  affinity:
    podAntiAffinity: Required
    tenancy: SharedNode
    #topologyKeys:
    #- kubernetes.io/hostname
    nodeLabels:
      node-type: "mid"
  componentSpecs:
    - componentDef: elasticsearch-7
      disableExporter: false
      env:
        - name: ELASTIC_USERNAME
          valueFrom:
            secretKeyRef:
              name: elastic-credentials
              key: username
        - name: ELASTIC_PASSWORD
          valueFrom:
            secretKeyRef:
              name: elastic-credentials
              key: password
      name: mdit
      replicas: 3
      resources:
        limits:
          cpu: "4"
          memory: 8Gi
        requests:
          cpu: "4"
          memory: 8Gi
      serviceAccountName: null
      serviceVersion: 7.10.1
      services: null
      systemAccounts:
      - name: elastic
      volumeClaimTemplates:
      - name: data
        spec:
          accessModes:
          - ReadWriteOnce
          resources:
            requests:
              storage: 500Gi
          storageClassName: openebs-hostpath
  terminationPolicy: Delete
shanshanying commented 5 days ago

Hi @shuoshadow

thanks for reporting the issue. In ES addon, we did not explicitly set the password for any accounts, and the ENVs (ELASTIC_USERNAME, ELASTIC_USERNAME ) are not recognized during bootstarp stage to create accounts.

You can fire a feature issue in our KubeBlocks-Addon repo and specify how would you prefer to provision the account for ES: https://github.com/apecloud/kubeblocks-addons/issues

shuoshadow commented 5 days ago

@shanshanying Tanks, I submitted an issue in the addon repository https://github.com/apecloud/kubeblocks-addons/issues/1062

shanshanying commented 5 days ago

Hi @shuoshadow

Got it. I will close this issue then.