camerski
commented
3 years ago Implemented in https://github.com/opensearch-project/opensearch-build/pull/15
Thanks for the excellent suggestion!
Closed bodachaitanya closed 3 years ago
camerski
commented
3 years ago Implemented in https://github.com/opensearch-project/opensearch-build/pull/15
Thanks for the excellent suggestion!
Is your feature request related to a problem? Please describe. There are kubernetes based OS distributions particularly developed keeping security considerations in mind. Eg: Talos (https://www.talos.dev/). To explain in short, Talos is OS for k8s, lean and secure. Problem I have faced currently is Opendistro-elasticsearch doesn't get deployed on Talos k8s. Reason is simple as I mentioned in the subject of this ticket i.e., "/usr/share/elasticsearch" path is hard-coded inside elasticsearch container, which is actually bad.
Describe the solution you'd like From security pov, Talos provides only /var partition as RW (which is ephemeral partition), and other host filesystem paths are intentionally kept Read-Only. I would like to have path's configurable using configuration files instead of hard-coding. This way, opendistro distribution of elasticsearch would be compatible across different platforms. I would prefer solution something like: Elastic container having "/usr/share/elasticsearch" path mapping to host path "/var/elasticsearch/data".
Describe alternatives you've considered In the process of building an docker image of opendistro elastic by modifying the path from /usr/share/elasticsearch to /var/elasticsearch/data and checking. Not successful though.
Additional context NA