search

xco-sk / eck-custom-resources

Kubernetes operator for Indices, Index Templates, Roles, Users and other Elasticsearch and Kibana related resources.
Apache License 2.0
36 stars 8 forks source link

DNS issue when operator is not installed in same ns as elasticsearch #36

Closed ppaslan closed 2 years ago

ppaslan commented 2 years ago

Is the operator supposed to support managing different elastic/kibaba instances across different namespaces?

I wanted to get the answer to the following question:

Example:
I have es and kibana running in namespace acme1 and another different elk stack in acme2.

if i create a indextemplate resources in namespace acme2, will the operator
understand that i want to deploy this on the elk stack in acme2 and not
acme1?

What i tried

I have Kibana and Elasticsearch stack deployed with ECK operator. I deployed the eck-custom-resources operator to the same namespace as the ECK operator (elastic-system)

My elasticsearch service name: 'elasticsearch-es-http' Service namespace location: 'acme'

I tried applying the following manifest.

apiVersion: es.eck.github.com/v1alpha1
kind: IndexTemplate
metadata:
  name: indextemplate-acme
spec:
  body: |
    {
      "index_patterns" : ["index-*"],
      "data_stream": {},
      "priority" : 1,
      "template": {
        "settings" : {
          "number_of_shards" : 2,
          "number_of_replicas" : 0
        }
      }
    }

Result:

INFO controller.indextemplate Creating/Updating index template {"reconciler group": "es.eck.github.com", "reconciler kind": "IndexTemplate", "name": "indextemplate-acme", "namespace": "acme", "index template": "indextemplate-acme"}
ERROR controller.indextemplate Reconciler error {"reconciler group": "es.eck.github.com", "reconciler kind": "IndexTemplate", "name": "indextemplate-acme", "namespace": "acme", "error": "dial tcp: lookup elasticsearch-es-http on 10.43.0.10:53: no answer from DNS server"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:227
DEBUG events Warning {"object": {"kind":"IndexTemplate","namespace":"acme","name":"indextemplate-acme","uid":"b6695857-7525-43b7-aabc-1c25d1c5ed31","apiVersion":"es.eck.github.com/v1alpha1","resourceVersion":"6130"}, "reason": "Failed to create/update", "message": "Failed to create/update es.eck.github.com/v1alpha1/IndexTemplate indextemplate-acme: dial tcp: lookup elasticsearch-es-http on 10.43.0.10:53: no answer from DNS server"}

However this works if i change the url section of the elasticsearch section in the values.yaml file, however this would obviously only work for 1 namespace. 

elasticsearch:
  enabled: true
  url: https://elasticsearch-es-http.acme.svc:9200
  certificate:
    secretName: elasticsearch-es-http-certs-public
    certificateKey: ca.crt
  authentication:
    usernamePasswordSecret:
`username: password` format.
      secretName: elasticsearch-es-elastic-user
      userName: elastic

Result:

INFO controller.indextemplate Elasticsearch client not initialized, initializing. {"reconciler group": "es.eck.github.com", "reconciler kind": "IndexTemplate", "name": "indextemplate-acme", "namespace": "acme"}
INFO controller.indextemplate Creating/Updating index template {"reconciler group": "es.eck.github.com", "reconciler kind": "IndexTemplate", "name": "indextemplate-acme", "namespace": "acme", "index template": "indextemplate-acme"}
DEBUG events Normal {"object": {"kind":"IndexTemplate","namespace":"acme","name":"indextemplate-acme","uid":"32d466d1-6ed5-440d-a8b5-2551077d7e36","apiVersion":"es.eck.github.com/v1alpha1","resourceVersion":"10860"}, "reason": "Created", "message": "Created/Updated es.eck.github.com/v1alpha1/IndexTemplate indextemplate-acme"}

Request

Would it be possible for you to include in some logic when calling the elastic and kibana services to include the \<namespace>.svc in the url, something like "elasticsearch-es-http.\<namespace>.svc:9200"

Thanks!

xco-sk commented 2 years ago

Hello @ppaslan, yes, the current implementation supports only one target ES and Kibana. So if you want to manage multiple Elasticsearch cluster / Kibana installations, the only way to do so at the moment is to deploy the ECK Custom Resources operator for each target cluster. I will definitely add a multi-namespace feature to the roadmap, thanks for the suggestion.

ppaslan commented 2 years ago

Thanks for taking your time to answer! And also nice project! :)