Azure snapshot missing required setting: azure.client.default.account

Marcus_Simonsen · September 19, 2019, 8:25pm

Hello.
I'm trying to provision azure snapshot repository as described here (not gcp as in example).
https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-snapshot.html

I have created the kubernetes secrets and verified that they are in the keystore.

Here is my manifest below. When I add the azure applicable config settings, I get an exception:
"stacktrace": ["org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: missing required setting [azure.client.default.account] for setting [azure.client.default.endpoint_suffix]",

I think it's just I don't understand how the secureSettings are getting applied, because when I add both secure settings names, only one gets applied - the last one.

---
apiVersion: elasticsearch.k8s.elastic.co/v1alpha1
kind: Elasticsearch
metadata:
  name: elasticsearch-sample
spec:
  version: 7.2.0
  secureSettings:
    secretName: azure.client.default.account
    secretName: azure.client.default.key

  http:
    tls:
      certificate:
        secretName: ss-cert
  
  nodes:
  - config:
      # most Elasticsearch configuration parameters are possible to set, e.g:
      node.attr.attr_name: attr_value
      node.master: true
      node.data: true
      node.ingest: true
      node.ml: true
      # azure.client.default.timeout: 10s
      # azure.client.default.max_retries: 7
      # azure.client.default.endpoint_suffix: core.windows.net
      # azure.client.secondary.timeout: 30s
      # azure.client.default.max_retries: 5

    podTemplate:
      metadata:
        labels:
          owner: msimonsen
      spec:
        initContainers:
        - name: install-plugins
          command:
          - sh
          - -c
          - |
            bin/elasticsearch-plugin install --batch repository-azure
        # - name: config-es-keystore
        #   command:
        #   - sh
        #   - -c
        #   - echo "didit" |
        #     bin/elasticsearch-keystore add azure.client.default.account --stdin repository-azure  
            
        containers:
        - name: elasticsearch
          volumeMounts:
          - name: elasticsearch-keystore
            mountPath: /usr/share/elasticsearch/blaa
          # specify resource limits and requests
          resources:
            limits:
              memory: 8Gi
              cpu: 2
          env:
          - name: ES_JAVA_OPTS
            value: "-Xms4g -Xmx4g"
        volumes:
          - name: elasticsearch-keystore
            configMap:
              name: elasticsearch-keystore
    nodeCount: 3
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data # note: elasticsearch-data must be the name of the Elasticsearch volume
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 100Gi

Marcus_Simonsen · September 20, 2019, 1:28pm

I solved my own issue
I added secrets as a name/value pair:

apiVersion: v1
kind: Secret
metadata:
  name: az-secret
type: Opaque
data:
  azure.client.default.account: yyy-base64Encoded
  azure.client.default.key: xxx-base64

However I'm running into issues about the encoding now:

"stacktrace": ["org.elasticsearch.transport.RemoteTransportException: [elasticsearch-sample-es-x5gfctkt4p][10.244.1.30:9300][cluster:admin/repository/put]",
"Caused by: org.elasticsearch.common.settings.SettingsException: Invalid azure client settings with name [default]",
...
"Caused by: org.elasticsearch.common.io.stream.NotSerializableExceptionWrapper: invalid_key_exception: Storage Key is not a valid base64 encoded string.",

system · October 18, 2019, 1:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.