我尝试在本地 minikube 中安装 elastic/elasticsearch helm 图表。 Pod status状态为Running 0/1。我已经禁用了 xpack.security.enabled=false 因为它是出于开发目的。但 Pod 仍然无法运行。我还缺少什么配置吗?
NAME READY STATUS RESTARTS AGE
elasticsearch-master-0 0/1 Running 0 97m
我检查了日志,但除了警告之外看不到任何错误。
{"@timestamp":"2023-08-02T10:46:35.640Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:54200}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch-master-0][transport_worker][T#1]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"xjJ2up7zSGuEnCZ5cz5qDA","elasticsearch.node.id":"vF22sDghRwKJ1fe3sdQirQ","elasticsearch.node.name":"elasticsearch-master-0","elasticsearch.cluster.name":"elasticsearch"}
Values.yml:
---
clusterName: "elasticsearch"
nodeGroup: "master"
masterService: ""
roles:
- master
replicas: 1
minimumMasterNodes: 1
esMajorVersion: ""
esConfig:
elasticsearch.yml: |
xpack:
security:
http:
ssl:
enabled: false
autoconfiguration:
enabled: false
enabled: false
createCert: true
esJvmOptions: {}
extraEnvs: []
envFrom: []
secret:
enabled: true
password: "admin"
secretMounts: []
hostAliases: []
image: "docker.elastic.co/elasticsearch/elasticsearch"
imageTag: "8.1.1"
imagePullPolicy: "IfNotPresent"
podAnnotations: {}
labels: {}
esJavaOpts: ""
resources:
requests:
cpu: "1000m"
memory: "2Gi"
limits:
cpu: "1000m"
memory: "2Gi"
initResources: {}
networkHost: "0.0.0.0"
volumeClaimTemplate:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 2Gi
rbac:
create: false
serviceAccountAnnotations: {}
serviceAccountName: ""
automountToken: true
podSecurityPolicy:
create: false
name: ""
spec:
privileged: true
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- secret
- configMap
- persistentVolumeClaim
- emptyDir
persistence:
enabled: true
labels:
enabled: false
annotations: {}
extraVolumes: []
extraVolumeMounts: []
extraContainers: []
extraInitContainers: []
priorityClassName: ""
antiAffinityTopologyKey: "kubernetes.io/hostname"
nodeAffinity: {}
enableServiceLinks: true
protocol: http
httpPort: 9200
transportPort: 9300
service:
enabled: true
labels: {}
labelsHeadless: {}
type: ClusterIP
publishNotReadyAddresses: false
nodePort: ""
annotations: {}
httpPortName: http
transportPortName: transport
loadBalancerIP: ""
loadBalancerSourceRanges: []
externalTrafficPolicy: ""
updateStrategy: RollingUpdate
maxUnavailable: 1
podSecurityContext:
fsGroup: 1000
runAsUser: 1000
securityContext:
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
terminationGracePeriod: 120
sysctlVmMaxMapCount: 262144
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 3
timeoutSeconds: 5
schedulerName: ""
imagePullSecrets: []
nodeSelector: {}
tolerations: []
ingress:
enabled: false
annotations: {}
className: "nginx"
pathtype: ImplementationSpecific
hosts:
- host: chart-example.local
paths:
- path: /
tls: []
nameOverride: ""
fullnameOverride: ""
healthNameOverride: ""
lifecycle: {}
sysctlInitContainer:
enabled: true
keystore: []
networkPolicy:
elasticsearch-master-transport-client: "true"
http:
enabled: false
transport:
enabled: false
tests:
enabled: true
Elasticsearch 的 Helm 图表 8.5.1 表示不再支持 HTTP 访问。我们必须转向 HTTPS 访问。我还没有尝试过证书设置。
Elasticsearch 默认的安全性 从 8.0.0 开始,Elasticsearch 附带安全性(TLS + 身份验证)> 默认情况下启用并自动配置。因此,Elasticsearch 图表已更新为默认生成凭据和 TLS 证书。同样,所有图表均已更新为默认连接到由 Elasticsearch 图表部署的安全 Elasticsearch。
因此,不再支持在禁用安全性的情况下运行 Elasticsearch 图表。其他图表也不支持在没有安全性的情况下连接到 Elasticsearch。
请注意,除了默认配置的安全性之外,仍然可以使用您自己的 TLS 证书、凭据和安全配置(请参阅每个图表的安全性示例)。