Hello, all,
I have a very strange problem that I've been testing and working on for a couple of days. I am running elasticsearch in Kubernetes, trying to get the first pod up and running. I have it running fine, it starts, generates the auto config for security (creates the config/certs directory, modifies the elasticsearch.yml with the xpack.security settings, etc) and it starts up and runs just fine.
Now, I need to have persistent storage for the /data directory, so I create a new persistent volume, volume mount it to /usr/share/elasticsearch/data, run an initContainer to set the permissions and ownership to elasticsearch:elasticsearch user/group, all of that works great. But when this persistent volume is mounted, elasticsearch fails to start. It fails bootstrap checks because the "certs" directory does not get created and the elasticsearch.yml does not get updated. I remove the persistent volume mount and let it default back to the /data directory embedded in the image itself, and elasticsearch startup up and everything works as it should.
Some files do get created in the /data directory (_state, snapshot_cache,nodes, etc) before elasticsearch errors out, so I don't believe this is a permissions issue on the persistent datastore.
Another clue, an "indices" sub directory gets created in the /data directory when I don't use the Persistent Volume, it does not get created when the persistent volume is mounted. I don't know if that is the root cause, or if that indices just doesn't get created because elasticsearch crashes and exits before it gets that far.
I went into the log4j2.properties and turned everything I could find into "debug" but still no useful clues in the elasticsearch startup output, even with all of the debug output.
Has anyone run into this before, and can anyone point me in the right direction? I'm completely stumped as to what is actually preventing the security auto config from finishing just because there is a persistent volume present.