search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
8.6k stars 8.98k forks source link

[bitnami/elasticsearch] [Chart config] How to persisten new keystore data in Kubernetes environment? #27554

Open gzOne2Free opened 5 days ago

gzOne2Free commented 5 days ago

Name and Version

bitnami/elasticsearch

What is the problem this feature will solve?

Here I have a requirement that adds new data to the Elasticsearch key store by invoking the command bin/elasticsearch-keystore add XXXX. I can do this by attaching to the Elasticsearch pod and executing the above command, but when the ES pods are restarted, the data is lost. I am required to configure LDAP authentication which needs to add new data to the Elasticsearch key store.

What is the feature you are proposing to solve the problem?

How to configure the helm chart's values.yaml before installing Elasticsearch or update ConfigMap/Secret after Elasticsearch is installed to make it possible to add additional data to Elasticsearch's key store?

gzOne2Free commented 5 days ago

Missed info: Chart version: 19.5.5 ES version: 8.11.3 (updated image version from chart's default 8.5.3)

rafariossaa commented 5 days ago

Hi, Currently there is not a parameter in the chart for that. However, you could use something like:

master:
  extraEnvVars:
    - name: ELASTICSEARCH_KEYS
      value: key1=value1;key2=value2

You could also use extraEnvVarsSecret, extraEnvVarsCM if you want to use a secret or a configmap instead. The file is not persisted but recreated in each restart.

gzOne2Free commented 4 days ago

Hi @rafariossaa

I am able to use extraEnvVars to achieve the goal. But when I try to use extraEnvVarsSecret to do so, helm template command will throw: 

Error: YAML parse error on elasticsearch/templates/data/statefulset.yaml: error converting YAML to JSON: yaml: line 127: block sequence entries are not allowed in this context
helm.go:84: [debug] error converting YAML to JSON: yaml: line 127: block sequence entries are not allowed in this context
YAML parse error on elasticsearch/templates/data/statefulset.yaml

Because the value I added is a password, so I want it to be put in Secret. Here the values.yaml snippet FYI:

master:
  masterOnly: true
  replicaCount: 3
  updateStrategy:
    type: RollingUpdate
  resources:
    limits: 
      cpu: 1
      memory: 8Gi
    requests:
      cpu: 256m
      memory: 2048Mi
  heapSize: 1024m
  persistence:
    enabled: true
    selector: {}
    annotations: {}
    accessModes:
      - ReadWriteOnce
    size: 100Gi
  serviceAccount:
    create: false
    name: ""
    automountServiceAccountToken: true
    annotations: {}
  _extraEnvVarsSecret:
    - name: ELASTICSEARCH_KEYS
      value: "xpack.security.authc.realms.ldap.ldap1.secure_bind_password=REDACTED"_
gzOne2Free commented 4 days ago

@rafariossaa Please ignore the '' (underscore) before extraEnvVarsSecret and the last character '' in yaml because I wnat to set Italic format but it fail because in code block.