hi,
problem: I create secret.yml, I want Kibana and Elastic to use it. but Elasticsearch can not apply the password from secret.yml and i have to set password whit elasticsearch-setup-password interactive
. so each time that pod will be recreate i lost password and i havto to set password manually. how can i setup password permanently?
more info:
when pods created, i run bellow command on Elasticsearch console And displays the variables that were set in secret.yml:
sh-5.0# echo $ELASTIC_PASSWORD
123456
but when i curl elastic:9200 on kibana console give an error message Kibana server is not ready yet
so i have to using elasticsearch-setup-password interactive
to set password manually and after that all thing works well until pod recreate.
secret.yml
apiVersion: v1
kind: Secret
metadata:
name: db-secret
type: Opaque
data:
password: 123456
stringData:
username: kibana_system
kibana.yml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: kibana
name: kibana
spec:
Strategy:
type: Recreate
selector:
matchLabels:
app: kibana
replicas: 1
template:
metadata:
labels:
app: kibana
spec:
containers:
- image: docker.elastic.co/kibana/kibana:7.16.3
env:
- name: "server.publicBaseUrl"
value: http://mon.bzg-srv.ir/
- name: "setup.dashboards.enabled"
value: "true"
- name: ELASTICSEARCH_HOSTS
value: "http://elastic-0.elastic:9200"
- name: ELASTICSEARCH_USERNAME
valueFrom:
secretKeyRef:
key: username
name: db-secret
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: db-secret
imagePullPolicy: IfNotPresent
name: kibana
ports:
- containerPort: 5601
name: http
resources:
limits:
cpu: '1'
ephemeral-storage: 2G
memory: 2G
requests:
cpu: '1'
ephemeral-storage: 2G
memory: 2G
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
Elasticsearch.yml
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: elastic
name: elastic
spec:
selector:
matchLabels:
app: elastic
serviceName: "elastic"
replicas: 1
template:
metadata:
labels:
app: elastic
spec:
terminationGracePeriodSeconds: 10
containers:
- name: elastic
env:
- name: "pod_name"
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: "node.name"
value: "$(pod_name).elastic"
- name: "cluster.name"
value: "arvan-cluster"
- name: ES_JAVA_OPTS
value: "-Xms2048m -Xmx2048m"
- name: "node.data"
value: "true"
- name: "cluster.initial_master_nodes"
value: "elastic-0.elastic"
- name: "discovery.seed_hosts"
value: "elastic-0.elastic"
- name: "node.master"
value: "true"
- name: "discovery.zen.minimum_master_nodes"
value: "1"
- name: "xpack.security.enabled"
value: "true"
- name: "xpack.monitoring.collection.enabled"
value: "true"
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: db-secret
# - name: APM_SYSTEM_PASSWORD
# valueFrom:
# secretKeyRef:
# key: password
# name: db-secret
# - name: KIBANA_PASSWORD
# valueFrom:
# secretKeyRef:
# key: password
# name: db-secret
- name: KIBANA_SYSTEM_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: db-secret
# - name: LOGSTASH_SYSTEM_PASSWORD
# valueFrom:
# secretKeyRef:
# key: password
# name: db-secret
# - name: BEATS_SYSTEM_PASSWORD
# valueFrom:
# secretKeyRef:
# key: password
# name: db-secret
# - name: REMOTE_MONITORING_USER_PASSWORD
# valueFrom:
# secretKeyRef:
# key: password
# name: db-secret
image: docker.elastic.co/elasticsearch/elasticsearch:7.16.3
ports:
- containerPort: 9200
name: db
- containerPort: 9300
name: transport
resources:
limits:
cpu: '2'
ephemeral-storage: 4G
memory: 4G
requests:
cpu: '2'
ephemeral-storage: 4G
memory: 4G
volumeMounts:
- name: elastic-data
mountPath: /data
- name: elastic-config
mountPath: /config
volumeClaimTemplates:
- metadata:
name: elastic-data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "standard"
resources:
requests:
storage: 10Gi
- metadata:
name: elastic-config
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "standard"
resources:
requests:
storage: 1Gi