elasticsearch.k8s.elastic.co/v1
editelasticsearch.k8s.elastic.co/v1
editPackage v1 contains API schema definitions for managing Elasticsearch resources.
Resource Types
Auth
editAuth contains user authentication and authorization security settings for Elasticsearch.
Field | Description |
---|---|
|
Roles to propagate to the Elasticsearch cluster. |
|
FileRealm to propagate to the Elasticsearch cluster. |
ChangeBudget
editChangeBudget defines the constraints to consider when applying changes to the Elasticsearch cluster.
Field | Description |
---|---|
|
MaxUnavailable is the maximum number of pods that can be unavailable (not ready) during the update due to circumstances under the control of the operator. Setting a negative value will disable this restriction. Defaults to 1 if not specified. |
|
MaxSurge is the maximum number of new pods that can be created exceeding the original number of pods defined in the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will disable the restriction. Defaults to unbounded if not specified. |
Elasticsearch
editElasticsearch represents an Elasticsearch resource in a Kubernetes cluster.
Field | Description |
---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
|
ElasticsearchSpec
editElasticsearchSpec holds the specification of an Elasticsearch cluster.
Field | Description |
---|---|
|
Version of Elasticsearch. |
|
Image is the Elasticsearch Docker image to deploy. |
|
HTTP holds HTTP layer settings for Elasticsearch. |
|
Transport holds transport layer settings for Elasticsearch. |
|
NodeSets allow specifying groups of Elasticsearch nodes sharing the same configuration and Pod templates. |
|
UpdateStrategy specifies how updates to the cluster should be performed. |
|
PodDisruptionBudget provides access to the default pod disruption budget for the Elasticsearch cluster. The default budget selects all cluster pods and sets |
|
Auth contains user authentication and authorization security settings for Elasticsearch. |
|
SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Elasticsearch. |
|
ServiceAccountName is used to check access from the current resource to a resource (eg. a remote Elasticsearch cluster) in a different namespace. Can only be used if ECK is enforcing RBAC on references. |
|
RemoteClusters enables you to establish uni-directional connections to a remote Elasticsearch cluster. |
|
VolumeClaimDeletePolicy sets the policy for handling deletion of PersistentVolumeClaims for all NodeSets. Possible values are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion. Defaults to DeleteOnScaledownAndClusterDeletion. |
|
Monitoring enables you to collect and ship log and monitoring data of this Elasticsearch cluster. See https://www.elastic.co/guide/en/elasticsearch/reference/current/monitor-elasticsearch-cluster.html. Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different Elasticsearch monitoring clusters running in the same Kubernetes cluster. |
FileRealmSource
editFileRealmSource references users to create in the Elasticsearch cluster.
Field | Description |
---|---|
|
SecretName references a Kubernetes secret in the same namespace as the Elasticsearch resource. Multiple users and their roles mapping can be specified in a Kubernetes secret. The secret should contain 2 entries: - users: contain all users and the hash of their password (https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#password-hashing-algorithms) - users_roles: contain the role to users mapping The format of those 2 entries must correspond to the expected file realm format, as specified in Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/7.5/file-realm.html#file-realm-configuration. Example: --- # File realm in ES format (from the CLI or manually assembled) kind: Secret apiVersion: v1 metadata: name: my-filerealm stringData: users: |
|
|
LogsMonitoring
editField | Description |
---|---|
|
ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported. |
MetricsMonitoring
editField | Description |
---|---|
|
ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported. |
Monitoring
editField | Description |
---|---|
|
Metrics holds references to Elasticsearch clusters which receive monitoring data from this Elasticsearch cluster. |
|
Logs holds references to Elasticsearch clusters which receive log data from this Elasticsearch cluster. |
NodeSet
editNodeSet is the specification for a group of Elasticsearch nodes sharing the same configuration and a Pod template.
Field | Description |
---|---|
|
Name of this set of nodes. Becomes a part of the Elasticsearch node.name setting. |
|
Config holds the Elasticsearch configuration. |
|
Count of Elasticsearch nodes to deploy. If the node set is managed by an autoscaling policy the initial value is automatically set by the autoscaling controller. |
|
PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Pods belonging to this NodeSet. |
|
VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet. Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate. Items defined here take precedence over any default claims added by the operator with the same name. |
RemoteCluster
editRemoteCluster declares a remote Elasticsearch cluster connection.
Field | Description |
---|---|
|
Name is the name of the remote cluster as it is set in the Elasticsearch settings. The name is expected to be unique for each remote clusters. |
|
ElasticsearchRef is a reference to an Elasticsearch cluster running within the same k8s cluster. |
RoleSource
editRoleSource references roles to create in the Elasticsearch cluster.
Field | Description |
---|---|
|
SecretName references a Kubernetes secret in the same namespace as the Elasticsearch resource. Multiple roles can be specified in a Kubernetes secret, under a single "roles.yml" entry. The secret value must match the expected file-based specification as described in https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-management-file. Example: --- kind: Secret apiVersion: v1 metadata: name: my-roles stringData: roles.yml: |
TransportConfig
editTransportConfig holds the transport layer settings for Elasticsearch.
Field | Description |
---|---|
|
Service defines the template for the associated Kubernetes Service object. |
TLS defines options for configuring TLS on the transport layer. |
TransportTLSOptions
editField | Description |
---|---|
|
OtherNameSuffix when defined will be prefixed with the Pod name and used as the common name, and the first DNSName, as well as an OtherName required by Elasticsearch in the Subject Alternative Name extension of each Elasticsearch node’s transport TLS certificate. Example: if set to "node.cluster.local", the generated certificate will have its otherName set to "<pod_name>.node.cluster.local". |
|
SubjectAlternativeNames is a list of SANs to include in the generated node transport TLS certificates. |
|
Certificate is a reference to a Kubernetes secret that contains the CA certificate and private key for generating node certificates. The referenced secret should contain the following:
- |
UpdateStrategy
editUpdateStrategy specifies how updates to the cluster should be performed.
Field | Description |
---|---|
|
ChangeBudget defines the constraints to consider when applying changes to the Elasticsearch cluster. |
VolumeClaimDeletePolicy (string)
editVolumeClaimDeletePolicy describes the delete policy for handling PersistentVolumeClaims that hold Elasticsearch data. Inspired by https://github.com/kubernetes/enhancements/pull/2440