elasticsearch.k8s.elastic.co/v1

edit

Package v1 contains API schema definitions for managing Elasticsearch resources.

Resource Types

Auth

edit

Auth contains user authentication and authorization security settings for Elasticsearch.

Field Description

roles RoleSource array

Roles to propagate to the Elasticsearch cluster.

fileRealm FileRealmSource array

FileRealm to propagate to the Elasticsearch cluster.

ChangeBudget

edit

ChangeBudget defines the constraints to consider when applying changes to the Elasticsearch cluster.

Field Description

maxUnavailable integer

MaxUnavailable is the maximum number of pods that can be unavailable (not ready) during the update due to circumstances under the control of the operator. Setting a negative value will disable this restriction. Defaults to 1 if not specified.

maxSurge integer

MaxSurge is the maximum number of new pods that can be created exceeding the original number of pods defined in the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will disable the restriction. Defaults to unbounded if not specified.

Elasticsearch

edit

Elasticsearch represents an Elasticsearch resource in a Kubernetes cluster.

Field Description

apiVersion string

elasticsearch.k8s.elastic.co/v1

kind string

Elasticsearch

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ElasticsearchSpec

ElasticsearchSpec

edit

ElasticsearchSpec holds the specification of an Elasticsearch cluster.

Field Description

version string

Version of Elasticsearch.

image string

Image is the Elasticsearch Docker image to deploy.

http HTTPConfig

HTTP holds HTTP layer settings for Elasticsearch.

transport TransportConfig

Transport holds transport layer settings for Elasticsearch.

nodeSets NodeSet array

NodeSets allow specifying groups of Elasticsearch nodes sharing the same configuration and Pod templates.

updateStrategy UpdateStrategy

UpdateStrategy specifies how updates to the cluster should be performed.

podDisruptionBudget PodDisruptionBudgetTemplate

PodDisruptionBudget provides access to the default pod disruption budget for the Elasticsearch cluster. The default budget selects all cluster pods and sets maxUnavailable to 1. To disable, set PodDisruptionBudget to the empty value ({} in YAML).

auth Auth

Auth contains user authentication and authorization security settings for Elasticsearch.

secureSettings SecretSource

SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Elasticsearch.

serviceAccountName string

ServiceAccountName is used to check access from the current resource to a resource (eg. a remote Elasticsearch cluster) in a different namespace. Can only be used if ECK is enforcing RBAC on references.

remoteClusters RemoteCluster array

RemoteClusters enables you to establish uni-directional connections to a remote Elasticsearch cluster.

volumeClaimDeletePolicy VolumeClaimDeletePolicy

VolumeClaimDeletePolicy sets the policy for handling deletion of PersistentVolumeClaims for all NodeSets. Possible values are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion. Defaults to DeleteOnScaledownAndClusterDeletion.

monitoring Monitoring

Monitoring enables you to collect and ship log and monitoring data of this Elasticsearch cluster. See https://www.elastic.co/guide/en/elasticsearch/reference/current/monitor-elasticsearch-cluster.html. Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different Elasticsearch monitoring clusters running in the same Kubernetes cluster.

FileRealmSource

edit

FileRealmSource references users to create in the Elasticsearch cluster.

Field Description

SecretRef SecretRef

SecretName references a Kubernetes secret in the same namespace as the Elasticsearch resource. Multiple users and their roles mapping can be specified in a Kubernetes secret. The secret should contain 2 entries: - users: contain all users and the hash of their password (https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#password-hashing-algorithms) - users_roles: contain the role to users mapping The format of those 2 entries must correspond to the expected file realm format, as specified in Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/7.5/file-realm.html#file-realm-configuration. Example: --- # File realm in ES format (from the CLI or manually assembled) kind: Secret apiVersion: v1 metadata: name: my-filerealm stringData: users:

  • rdeniro:$2a$10$BBJ/ILiyJ1eBTYoRKxkqbuDEdYECplvxnqQ47uiowE7yGqvCEgj9W alpacino:$2a$10$cNwHnElYiMYZ/T3K4PvzGeJ1KbpXZp2PfoQD.gfaVdImnHOwIuBKS jacknich:{PBKDF2}50000$z1CLJt0MEFjkIK5iEfgvfnA6xq7lF25uasspsTKSo5Q=$XxCVLbaKDimOdyWgLCLJiyoiWpA/XDMe/xtVgn1r5Sg= users_roles:
  • admin:rdeniro power_user:alpacino,jacknich user:jacknich ---

LogsMonitoring

edit
Field Description

elasticsearchRefs ObjectSelector

ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported.

MetricsMonitoring

edit
Field Description

elasticsearchRefs ObjectSelector

ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported.

Monitoring

edit
Field Description

metrics MetricsMonitoring

Metrics holds references to Elasticsearch clusters which receive monitoring data from this Elasticsearch cluster.

logs LogsMonitoring

Logs holds references to Elasticsearch clusters which receive log data from this Elasticsearch cluster.

NodeSet

edit

NodeSet is the specification for a group of Elasticsearch nodes sharing the same configuration and a Pod template.

Field Description

name string

Name of this set of nodes. Becomes a part of the Elasticsearch node.name setting.

config Config

Config holds the Elasticsearch configuration.

count integer

Count of Elasticsearch nodes to deploy. If the node set is managed by an autoscaling policy the initial value is automatically set by the autoscaling controller.

podTemplate PodTemplateSpec

PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Pods belonging to this NodeSet.

volumeClaimTemplates PersistentVolumeClaim array

VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet. Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate. Items defined here take precedence over any default claims added by the operator with the same name.

RemoteCluster

edit

RemoteCluster declares a remote Elasticsearch cluster connection.

Field Description

name string

Name is the name of the remote cluster as it is set in the Elasticsearch settings. The name is expected to be unique for each remote clusters.

elasticsearchRef ObjectSelector

ElasticsearchRef is a reference to an Elasticsearch cluster running within the same k8s cluster.

RoleSource

edit

RoleSource references roles to create in the Elasticsearch cluster.

Field Description

SecretRef SecretRef

SecretName references a Kubernetes secret in the same namespace as the Elasticsearch resource. Multiple roles can be specified in a Kubernetes secret, under a single "roles.yml" entry. The secret value must match the expected file-based specification as described in https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-management-file. Example: --- kind: Secret apiVersion: v1 metadata: name: my-roles stringData: roles.yml:

TransportConfig

edit

TransportConfig holds the transport layer settings for Elasticsearch.

Field Description

service ServiceTemplate

Service defines the template for the associated Kubernetes Service object.

tls TransportTLSOptions

TLS defines options for configuring TLS on the transport layer.

TransportTLSOptions

edit
Field Description

otherNameSuffix string

OtherNameSuffix when defined will be prefixed with the Pod name and used as the common name, and the first DNSName, as well as an OtherName required by Elasticsearch in the Subject Alternative Name extension of each Elasticsearch node’s transport TLS certificate. Example: if set to "node.cluster.local", the generated certificate will have its otherName set to "<pod_name>.node.cluster.local".

subjectAltNames SubjectAlternativeName

SubjectAlternativeNames is a list of SANs to include in the generated node transport TLS certificates.

certificate SecretRef

Certificate is a reference to a Kubernetes secret that contains the CA certificate and private key for generating node certificates. The referenced secret should contain the following: - ca.crt: The CA certificate in PEM format. - ca.key: The private key for the CA certificate in PEM format.

UpdateStrategy

edit

UpdateStrategy specifies how updates to the cluster should be performed.

Field Description

changeBudget ChangeBudget

ChangeBudget defines the constraints to consider when applying changes to the Elasticsearch cluster.

VolumeClaimDeletePolicy (string)

edit

VolumeClaimDeletePolicy describes the delete policy for handling PersistentVolumeClaims that hold Elasticsearch data. Inspired by https://github.com/kubernetes/enhancements/pull/2440