Cloud-on-k8s: OSS support

Created on 1 Jul 2019  路  2Comments  路  Source: elastic/cloud-on-k8s

Proposal

Support OSS version. Currently, when I try to use the oss elasticsearch version(image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.2.0), configuring like:

node.master: true
node.data: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.monitoring.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false

I get the following error:

Error from server (node[0]: xpack.security.enabled is not user configurable): error when creating "kubernetes/elasticsearch/elasticsearch-logs.yml": admission webhook "validation.elasticsearch.elastic.co" denied the request: node[0]: xpack.security.enabled is not user configurable

Is that intended? Are there any plans to support oss?
Thanks!

picture racevedoo
👍71

Most helpful comment

so we are going to secure whole ES via Istio and do not need xpack security. why it is enforced?

apiVersion: elasticsearch.k8s.elastic.co/v1alpha1
kind: Elasticsearch
metadata:
  name: elastic-tracing
spec:
  version: 7.2.0
  nodes:
  - nodeCount: 2 # at least some safety
    config:
      node.master: true
      node.data: true
      node.ingest: true
      xpack.security.enabled: false
      # xpack.security.authc.token.enabled: false
      # xpack.security.http.ssl.enabled: false
      # xpack.security.transport.ssl.enabled: false
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data # note: elasticsearch-data must be the name of the Elasticsearch volume
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        #storageClassName: standard # can be any available storage class      
    secureSettings: []
picture dzmitry-lahoda on 19 Sep 2019
👍13

All 2 comments

Hi @racevedoo, ECK turns on security on by default for every cluster and requires the free security features from 6.8+ and 7.1+ which is why that error is appearing. We do not have plans to support OSS at this time

agup006 picture agup006 on 7 Jul 2019

so we are going to secure whole ES via Istio and do not need xpack security. why it is enforced?

apiVersion: elasticsearch.k8s.elastic.co/v1alpha1
kind: Elasticsearch
metadata:
  name: elastic-tracing
spec:
  version: 7.2.0
  nodes:
  - nodeCount: 2 # at least some safety
    config:
      node.master: true
      node.data: true
      node.ingest: true
      xpack.security.enabled: false
      # xpack.security.authc.token.enabled: false
      # xpack.security.http.ssl.enabled: false
      # xpack.security.transport.ssl.enabled: false
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data # note: elasticsearch-data must be the name of the Elasticsearch volume
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        #storageClassName: standard # can be any available storage class      
    secureSettings: []
dzmitry-lahoda picture dzmitry-lahoda on 19 Sep 2019
👍13
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pebrc picture pebrc  路  3Comments
Sakib37 picture Sakib37  路  3Comments
deepaksinghcs14 picture deepaksinghcs14  路  4Comments
barkbay picture barkbay  路  4Comments
sebgl picture sebgl  路  3Comments