After creating Elasticsearch, and then changing the yaml file, apply fails

Elastic Orchestration Elastic Cloud on Kubernetes (ECK)
1 
apiVersion: elasticsearch.k8s.elastic.co/v1

kind: Elasticsearch

metadata:

  name: aimee  

spec:

  version: 7.10.1  

  securityContext:

    fsGroup: 1000

    runAsUser: 1000

  http:

      service:

        spec:

          type: NodePort

          ports:

            - name: http

              nodePort: 30655

              port: 9200

              protocol: TCP

              targetPort: 9200

  nodeSets:

  - name: master-node    

    count: 3   

    config:

      node.master: true   

      node.data: false

      xpack.security.transport.ssl.certificate_authorities:

      - /usr/share/elasticsearch/config/other/two.ca.crt

      path.repo: "/data/index/buckup"     

    podTemplate:

      spec:

        initContainers:

        - name: sysctl   

          securityContext:

            privileged: true

          command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']   

        containers:

        - name: elasticsearch

          volumeMounts:

          - mountPath: "/data/index/backup"

            name: backup

          - mountPath: /usr/share/elasticsearch/config/other

            name: remote-certs

        volumes:

        - name: backup

          persistentVolumeClaim:

            claimName: backup    

        - name: elasticsearch-data

          emptyDir: {}

        - name: remote-certs

          secret:

            secretName: remote-certs

          env:

          - name: ES_JAVA_OPTS    

            value: -Xms3g -Xmx3g  

          - name: READINESS_PROBE_TIMEOUT

            value: "30"

          resources:

            requests:

              cpu: 3

              memory: 3Gi

            limits:

              cpu: 4

              memory: 6Gi

  - name: data-node-hot

    count: 3

    config:

      node.master: false  

      node.data: true  

      node.attr.date: hot   

    podTemplate:

      spec:

        initContainers:

        - name: sysctl

          securityContext:

            privileged: true

          command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']

        containers:

        - name: elasticsearch

          env:

          - name: ES_JAVA_OPTS

            value: -Xms10g -Xmx10g

          - name: READINESS_PROBE_TIMEOUT

            value: "30"

          resources:

            requests:

              cpu: 2

              memory: 16Gi

            limits:

              cpu: 5

              memory: 20Gi

        volumes:

        - name: elasticsearch-data

          emptyDir: {}

I defined the master node and mounted pvc and secret. When I used this yaml file to create a cluster for the first time, it was okay. Then I changed the yaml parameters, such as modifying the cpu, and then applied the yaml file, which prompted me to report an error.

The error report is as follows

Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
Error from server (Elasticsearch.elasticsearch.k8s.elastic.co "aimee" is invalid: env: Invalid value: "env": env field found in the kubectl.kubernetes.io/last-applied-configuration annotation is unknown. This is often due to incorrect indentation in the manifest.): error when applying patch:
{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{"apiVersion":"elasticsearch.k8s.elastic.co/v1","kind":"Elasticsearch","metadata":{"annotations":{},"name":"aimee","namespace":"default"},"spec":{"http":{"service":{"spec":{"ports":[{"name":"http","nodePort":30655,"port":9200,"protocol":"TCP","targetPort":9200}],"type":"NodePort"}}},"nodeSets":[{"config":{"node.data":false,"node.master":true,"path.repo":"/data/index/buckup","xpack.security.transport.ssl.certificate_authorities":["/usr/share/elasticsearch/config/other/two.ca.crt"]},"count":3,"name":"master-node","podTemplate":{"spec":{"containers":[{"name":"elasticsearch","volumeMounts":[{"mountPath":"/data/index/backup","name":"backup"},{"mountPath":"/usr/share/elasticsearch/config/other","name":"remote-certs"}]}],"initContainers":[{"command":["sh","-c","sysctl -w vm.max_map_count=262144"],"name":"sysctl","securityContext":{"privileged":true}}],"volumes":[{"name":"backup","persistentVolumeClaim":{"claimName":"backup"}},{"emptyDir":{},"name":"elasticsearch-data"},{"env":[{"name":"ES_JAVA_OPTS","value":"-Xms3g -Xmx3g"},{"name":"READINESS_PROBE_TIMEOUT","value":"30"}],"name":"remote-certs","resources":{"limits":{"cpu":4,"memory":"6Gi"},"requests":{"cpu":3,"memory":"3Gi"}},"secret":{"secretName":"remote-certs"}}]}}},{"config":{"node.attr.date":"hot","node.data":true,"node.master":false},"count":3,"name":"data-node-hot","podTemplate":{"spec":{"containers":[{"env":[{"name":"ES_JAVA_OPTS","value":"-Xms10g -Xmx10g"},{"name":"READINESS_PROBE_TIMEOUT","value":"30"}],"name":"elasticsearch","resources":{"limits":{"cpu":5,"memory":"20Gi"},"requests":{"cpu":2,"memory":"16Gi"}}}],"initContainers":[{"command":["sh","-c","sysctl -w vm.max_map_count=262144"],"name":"sysctl","securityContext":{"privileged":true}}],"volumes":[{"emptyDir":{},"name":"elasticsearch-data"}]}}}],"securityContext":{"fsGroup":1000,"runAsUser":1000},"version":"7.10.1"}}\n"}},"spec":{"nodeSets":[{"config":{"node.data":false,"node.master":true,"path.repo":"/data/index/buckup","xpack.security.transport.ssl.certificate_authorities":["/usr/share/elasticsearch/config/other/two.ca.crt"]},"count":3,"name":"master-node","podTemplate":{"spec":{"containers":[{"name":"elasticsearch","volumeMounts":[{"mountPath":"/data/index/backup","name":"backup"},{"mountPath":"/usr/share/elasticsearch/config/other","name":"remote-certs"}]}],"initContainers":[{"command":["sh","-c","sysctl -w vm.max_map_count=262144"],"name":"sysctl","securityContext":{"privileged":true}}],"volumes":[{"name":"backup","persistentVolumeClaim":{"claimName":"backup"}},{"emptyDir":{},"name":"elasticsearch-data"},{"env":[{"name":"ES_JAVA_OPTS","value":"-Xms3g -Xmx3g"},{"name":"READINESS_PROBE_TIMEOUT","value":"30"}],"name":"remote-certs","resources":{"limits":{"cpu":4,"memory":"6Gi"},"requests":{"cpu":3,"memory":"3Gi"}},"secret":{"secretName":"remote-certs"}}]}}},{"config":{"node.attr.date":"hot","node.data":true,"node.master":false},"count":3,"name":"data-node-hot","podTemplate":{"spec":{"containers":[{"env":[{"name":"ES_JAVA_OPTS","value":"-Xms10g -Xmx10g"},{"name":"READINESS_PROBE_TIMEOUT","value":"30"}],"name":"elasticsearch","resources":{"limits":{"cpu":5,"memory":"20Gi"},"requests":{"cpu":2,"memory":"16Gi"}}}],"initContainers":[{"command":["sh","-c","sysctl -w vm.max_map_count=262144"],"name":"sysctl","securityContext":{"privileged":true}}],"volumes":[{"emptyDir":{},"name":"elasticsearch-data"}]}}}],"securityContext":{"fsGroup":1000,"runAsUser":1000}}}
to:
Resource: "elasticsearch.k8s.elastic.co/v1, Resource=elasticsearches", GroupVersionKind: "elasticsearch.k8s.elastic.co/v1, Kind=Elasticsearch"
Name: "aimee", Namespace: "default"
for: "elasticsearch.yaml": admission webhook "elastic-es-validation-v1.k8s.elastic.co" denied the request: Elasticsearch.elasticsearch.k8s.elastic.co "aimee" is invalid: env: Invalid value: "env": env field found in the kubectl.kubernetes.io/last-applied-configuration annotation is unknown. This is often due to incorrect indentation in the manifest.

2

Hi,
There are several issues with the manifest your provided:

  • As suggested by the error message env should be in the container specification, not in the list of volumes.

  • There is the same problem for the resources definition.

  • The securityContext must be either at the Pod or Container level.

Hope it helps.

3

Thank you for your answer, indeed this question has been revised~

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.