持久体积的kube上的elasticsearch

时间:2019-03-13 18:15:44

标签: docker elasticsearch kubernetes amazon-eks

我正在尝试在具有持久性卷(EBS)的Kubernetes(EKS)集群上进行elasticsearch部署,请参考https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: elasticsearch
spec:
  replicas: 1
  template:
    metadata:
      labels:
        run: elasticsearch
    spec:
      initContainers:
        - name: init-sysctl
          image: busybox
          imagePullPolicy: IfNotPresent
          command: ["sysctl", "-w", "vm.max_map_count=262144"]
          securityContext:
            privileged: true
      containers:
      - name: elasticsearch
        image: elasticsearch:6.6.1
        imagePullPolicy: IfNotPresent
        securityContext:
          privileged: true
          capabilities:
            add:
              - IPC_LOCK
        ports:
        - containerPort: 9300
          protocol: TCP
        resources:
          limits:
            cpu: 1
        env:
        - name: CLUSTER_NAME
          value: elasticsearch
        - name: ES_JAVA_OPTS
          value: "-Xms256m -Xmx512m"
        volumeMounts:
          - name: elasticsearch-storage
            mountPath: /usr/share/elasticsearch/data
      volumes:
      - name: elasticsearch-storage
        persistentVolumeClaim:
          claimName: elasticsearch

但是pod失败

OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[2019-03-13T18:03:08,459][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [unknown] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Failed to create node environment
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.6.1.jar:6.6.1]
    at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.6.1.jar:6.6.1]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.6.1.jar:6.6.1]
Caused by: java.lang.IllegalStateException: Failed to create node environment
    at org.elasticsearch.node.Node.<init>(Node.java:298) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-6.6.1.jar:6.6.1]
    ... 6 more
Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes
    at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[?:?]
    at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:385) ~[?:?]
    at java.nio.file.Files.createDirectory(Files.java:689) ~[?:?]
    at java.nio.file.Files.createAndCheckIsDirectory(Files.java:796) ~[?:?]
    at java.nio.file.Files.createDirectories(Files.java:782) ~[?:?]
    at org.elasticsearch.env.NodeEnvironment.lambda$new$0(NodeEnvironment.java:270) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.env.NodeEnvironment$NodeLock.<init>(NodeEnvironment.java:203) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:267) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.node.Node.<init>(Node.java:295) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.6.1.jar:6.6.1]
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-6.6.1.jar:6.6.1]
    ... 6 more

在此discussion上,看起来像/usr/share/elasticsearch/data目录上的权限问题。

遵循initContainers可以帮助我解决此问题。

initContainers:
  - name: init-sysctl
    image: busybox
    imagePullPolicy: IfNotPresent
    #command: ["sysctl", "-w", "vm.max_map_count=262144"]
    command: ["/bin/sh","-c"]
    args: ["sysctl -w vm.max_map_count=262144; chown -R 1000:1000 /usr/share/elasticsearch/data"]
    securityContext:
      privileged: true
    volumeMounts:
      - name: elasticsearch-storage
        mountPath: /usr/share/elasticsearch/data

什么是解决此问题的正确方法?

2 个答案:

答案 0 :(得分:1)

您正在使用的解决方案是一种解决方法,但是您可以通过下面的kubernetes方法来做到这一点:

Permission denied when chown on elasticsearch data directory in kubernetes statefulset

所以您的情况应该是这样:

....

spec:
  ...
  securityContext:
    fsGroup: 1000

答案 1 :(得分:0)

我会评论Ijaz Ahmad Khan的回答,因为它是正确的,但不清楚。但是我还没有代表。

设置 Pod securtyContext是Kubernetes的方法,而无需进行大量的sidecar / pre-run愚弄。

为清楚起见,在您部署的情况下:

apiVersion: apps/v1
kind: Deployment

# ...

spec: # Deployment
  template:
    spec: # Pod
      securityContext:
        fsGroup: 1000