{"id":13646624,"url":"https://github.com/upmc-enterprises/elasticsearch-operator","last_synced_at":"2025-04-13T04:59:21.587Z","repository":{"id":13056545,"uuid":"73441473","full_name":"upmc-enterprises/elasticsearch-operator","owner":"upmc-enterprises","description":"manages elasticsearch clusters","archived":false,"fork":false,"pushed_at":"2022-06-20T12:43:58.000Z","size":39794,"stargazers_count":657,"open_issues_count":91,"forks_count":127,"subscribers_count":28,"default_branch":"master","last_synced_at":"2025-04-13T04:59:10.147Z","etag":null,"topics":["elasticsearch","kubernetes","operator"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/upmc-enterprises.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-11T03:09:14.000Z","updated_at":"2025-02-21T01:58:17.000Z","dependencies_parsed_at":"2022-09-20T21:51:12.595Z","dependency_job_id":null,"html_url":"https://github.com/upmc-enterprises/elasticsearch-operator","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/upmc-enterprises%2Felasticsearch-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/upmc-enterprises%2Felasticsearch-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/upmc-enterprises%2Felasticsearch-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/upmc-enterprises%2Felasticsearch-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/upmc-enterprises","download_url":"https://codeload.github.com/upmc-enterprises/elasticsearch-operator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248665758,"owners_count":21142123,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["elasticsearch","kubernetes","operator"],"created_at":"2024-08-02T01:03:01.194Z","updated_at":"2025-04-13T04:59:21.554Z","avatar_url":"https://github.com/upmc-enterprises.png","language":"Go","funding_links":[],"categories":["Operators","kubernetes","Repository is obsolete","Go"],"sub_categories":["[Jenkins](#jenkins)","Awesome Operators in the Wild"],"readme":"# Elasticsearch operator\n\n[![Build Status](https://travis-ci.org/upmc-enterprises/elasticsearch-operator.svg?branch=master)](https://travis-ci.org/upmc-enterprises/elasticsearch-operator)\n\nThe ElasticSearch operator is designed to manage one or more elastic search clusters. Included in the project (initially) is the ability to create the Elastic cluster, deploy the `data nodes` across zones in your Kubernetes cluster, and snapshot indexes to AWS S3.\n\n# Requirements\n\n## Kubernetes\n\nThe operator was built and tested on a 1.7.X Kubernetes cluster and is the minimum version required due to the operators use of Custom Resource Definitions.\n\n_NOTE: If using on an older cluster, please make sure to use version [v0.0.7](https://github.com/upmc-enterprises/elasticsearch-operator/releases/tag/v0.0.7) which still utilize third party resources._\n\n## Cloud\n\nThe operator was also _currently_ designed to leverage [Amazon AWS S3](https://aws.amazon.com/s3/) for snapshot / restore to the elastic cluster. The goal of this project is to extend to support additional clouds and scenarios to make it fully featured. \n\nBy swapping out the storage types, this can be used in GKE, but snapshots won't work at the moment.\n\n# Demo\n\nWatch a demo here:\u003cbr\u003e\n[![Elasticsearch Operator Demo](http://img.youtube.com/vi/3HnV7NfgP6A/0.jpg)](http://www.youtube.com/watch?v=3HnV7NfgP6A)\u003cbr\u003e\n[https://www.youtube.com/watch?v=3HnV7NfgP6A](https://www.youtube.com/watch?v=3HnV7NfgP6A)\n\n# Usage\n\nThe operator is built using the controller + custom resource definition model. Once the controller is deployed to your cluster, it will automatically create the CustomResourceDefinition (CRD). Next create a Kubernetes object type `elasticsearchCluster` to deploy the elastic cluster based upon the CRD. \n\n## CustomResourceDefinition\n\nFollowing parameters are available to customize the elastic cluster:\n\n- client-node-replicas: Number of client node replicas\n- master-node-replicas: Number of master node replicas\n- data-node-replicas: Number of data node replicas\n- zones: Define which zones to deploy data nodes to for high availability (_Note: Zones are evenly distributed based upon number of data-node-replicas defined_)\n- data-volume-size: Size of persistent volume to attach to data nodes\n- master-volume-size: Size of persistent volume to attach to master nodes\n- elastic-search-image: Override the elasticsearch image (e.g. `upmcenterprises/docker-elasticsearch-kubernetes:6.1.3_0`)\n- keep-secrets-on-delete (Boolean): Tells the operator to not delete cert secrets when a cluster is deleted\n- use-ssl: Use SSL for communication with the cluster and inside the cluster. Default value is true.\n- java-options: sets java-options for all nodes\n- master-java-options: sets java-options for Master nodes (overrides java-options)\n- client-java-options: sets java-options for Client nodes (overrides java-options)\n- data-java-options: sets java-options for Data nodes (overrides java-options)\n- annotations: list of custom annotations which are applied to the master, data and client nodes\n - `key: value`\n- [snapshot](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html)\n - scheduler-enabled: If the cron scheduler should be running to enable snapshotting\n - bucket-name: Name of S3 bucket to dump snapshots\n - cron-schedule: Cron task definition for intervals to do snapshots\n- [storage](https://kubernetes.io/docs/user-guide/persistent-volumes/)\n - Using a provisioner\n - type: Defines the type of storage to provision based upon cloud (e.g. `gp2`)\n - storage-class-provisioner: Defines which type of provisioner to use (e.g. `kubernetes.io/aws-ebs`)\n - encrypted: Whether or not to use encryption. `\"true\"` or `\"false\"` Defaults to: `\"true\"`\n - Using an existing Storage Class (e.g. storage class for GlusterFS)\n - storage-class: Name of an existing StorageClass object to use (zones can be [])\n - Using a custom Storage Class per zone\n - Useful if additional `parameters` are required by provisioner over and above `type` and `storage-class-provisioner`.\n - Manually create a Storage Class per zone. \n - Storage Class names must match zone names in `zones`. You are free to choose any naming scheme providing they match. Master and Data pod names will include the zone name.\n - Per the `Using a provisioner` section, specify `type:` and `provisioner:` values that match your custom Storage Classes.\n - Omitting the storage section, results in a VolumeClaimTemplates without storage-class annotation (uses default StorageClass in this case. See [change default StorageClass](https://kubernetes.io/docs/tasks/administer-cluster/change-default-storage-class/))\n - volume-reclaim-policy: Define what PV's should use (`Retain` or `Delete`)\n- instrumentation\n - statsd-host: Sets the statsd host to send metrics to if enabled\n- kibana: Deploy kibana to cluster and automatically reference certs from secret\n - image: Image to use (Note: Using [custom image](https://github.com/upmc-enterprises/kibana-docker) since upstream has x-pack installed and causes issues)\n- cerebro: Deploy [cerebro](https://github.com/lmenezes/cerebro) to cluster and automatically reference certs from secret\n - image: Image to use (Note: Using [custom image](https://github.com/upmc-enterprises/cerebro-docker) since upstream has no docker images available)\n- nodeSelector: list of k8s NodeSelectors which are applied to the Master Nodes and Data Nodes\n - `key: value`\n- tolerations: list of k8s Tolerations which are applied to the Master Nodes and Data Nodes\n - `- effect:` eg: NoSchedule, NoExecute\n `key:` eg: somekey\n `operator:` eg: exists\n- affinity: affinity rules to put on the client node deployments\n - example:\n\n ```sh\n affinity:\n podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchExpressions:\n - key: role\n operator: In\n values:\n - client\n topologyKey: kubernetes.io/hostname\n ```\n\n## Certs secret\n\nThe default image used adds TLS to the Elastic cluster. If not existing, secrets are automatically generated by the operator dynamically.\n\nIf supplying your own certs, first generate them and add to a secret. Secret should contain `truststore.jks` and `node-keystore.jks`. The name of the secret should follow the pattern: `es-certs-[ClusterName]`. So for example if your cluster is named `example-es-cluster` then the secret should be `es-certs-example-es-cluster`. \n\n## Base image\n\nThe base image used is `upmcenterprises/docker-elasticsearch-kubernetes:6.1.3_0` which can be overridden by adding to the custom cluster you create _(See: [CustomResourceDefinition](#customdesourcedefinition) above)_. \n\n_NOTE: If no image is specified, the default noted previously is used._\n\n## Image pull secret\n\nIf you are using a private repository you can add a pull secret under spec in your ElasticsearchCluster manifest\n\n```sh\nspec:\n client-node-replicas: 3\n data-node-replicas: 3\n data-volume-size: 10Gi\n master-volume-size: 10Gi\n java-options: -Xms256m -Xmx256m\n master-node-replicas: 2\n image-pull-secrets:\n - name: pull-secret-name\n snapshot:\n bucket-name: elasticsnapshots99\n cron-schedule: '@every 2m'\n scheduler-enabled: false\n storage:\n storage-class-provisioner: kubernetes.io/aws-ebs\n type: gp2\n zones:\n - us-east-1a\n - us-east-1b\n - us-east-1c\n```\n\n# Deploy Operator\n\nTo deploy the operator simply deploy to your cluster:\n\n```sh\n$ kubectl create ns operator\n$ kubectl create -f https://raw.githubusercontent.com/upmc-enterprises/elasticsearch-operator/master/example/controller.yaml -n operator\n```\n\n_NOTE: In the example we're putting the operator into the namespace `operator`. If you want to change this, then make sure to update the RBAC rules in the [example/controller.yaml](example/controller.yaml\n ) spec to match the namespace desired._\n\n# Create Example ElasticSearch Cluster\n\nRun the following command to create a [sample cluster](example/example-es-cluster.yaml) on AWS and you most likely will have to update the [zones](example/example-es-cluster.yaml#L16) to match your AWS Account, other examples are available as well if not running on AWS:\n\n```sh\n$ kubectl create -n operator -f https://raw.githubusercontent.com/upmc-enterprises/elasticsearch-operator/master/example/example-es-cluster.yaml\n```\n\n_NOTE: Creating a custom cluster requires the creation of a CustomResourceDefinition. This happens automatically after the controller is created._\n\n# Create Example ElasticSearch Cluster (Minikube)\n\nTo run the operator on minikube, this sample file is setup to do that. It sets lower Java memory constraints as well as uses the default storage class in Minikube which writes to hostPath.\n\n```sh\n$ kubectl create -f https://raw.githubusercontent.com/upmc-enterprises/elasticsearch-operator/master/example/example-es-cluster-minikube.yaml\n```\n\n_NOTE: Creating a custom cluster requires the creation of a CustomResourceDefinition. This happens automatically after the controller is created._\n\n# Helm\n\nBoth operator and cluster can be deployed using Helm charts:\n\n```sh\n$ helm repo add es-operator https://raw.githubusercontent.com/upmc-enterprises/elasticsearch-operator/master/charts/\n$ helm install --name elasticsearch-operator es-operator/elasticsearch-operator --set rbac.enabled=True --namespace logging\n$ helm install --name=elasticsearch es-operator/elasticsearch --set kibana.enabled=True --set cerebro.enabled=True --set zones=\"{eu-west-1a,eu-west-1b}\" --namespace logging\n⚡ $helm list\nNAME \t REVISION\tUPDATED \tSTATUS \tCHART \tNAMESPACE\nelasticsearch\t 1 \tThu Dec 7 11:53:45 2017\tDEPLOYED\telasticsearch-0.1.0 \tdefault\nelasticsearch-operator \t1 \tThu Dec 7 11:49:13 2017\tDEPLOYED\telasticsearch-operator-0.1.0\tdefault\n```\n\n# Kibana and cerebro\n\n[Kibana](https://www.elastic.co/products/kibana) and [Cerebro](https://github.com/lmenezes/cerebro) can be automatically deployed by adding the cerebro piece to the manifest:\n\n```sh\nspec:\n kibana:\n image: docker.elastic.co/kibana/kibana-oss:6.1.3\n cerebro:\n image: upmcenterprises/cerebro:0.6.8\n```\n\nOnce added the operator will create certs for Kibana or Cerebro and automatically secure with those certs trusting the same CA used to generate the certs for the Elastic nodes. \n\nTo access, just port-forward to the pod:\n\n```sh\nKibana:\n$ kubectl port-forward \u003cpodName\u003e 5601:5601\n$ curl https://localhost:5601\n````\n\n```sh\nCerebro:\n$ kubectl port-forward \u003cpodName\u003e 9000:9000\n$ curl https://localhost:9000\n```\n\n_(Note: Using [custom image](https://github.com/upmc-enterprises/kibana-docker) since upstream has x-pack installed and causes issues)_\n\n# Resize ElasticSearch Cluster\n\nIf changes are required to the cluster, say the replica count of the data nodes for example, just update the manifest and do a `kubectl apply` on the resource.\n\n# Snapshot\n\nElasticsearch can snapshot it's indexes for easy backup / recovery of the cluster. Currently there's an integration to Amazon S3 or Google Cloud Storage as the backup repository for snapshots. The `upmcenterprises` docker images include the [S3 Plugin](https://www.elastic.co/guide/en/elasticsearch/plugins/current/repository-s3.html) and the [GCS Plugin](https://www.elastic.co/guide/en/elasticsearch/plugins/current/repository-gcs.html) which enables this feature in AWS and GCP. \n\n## Schedule\n\nSnapshots can be scheduled via a Cron syntax by defining the cron schedule in your elastic cluster. See: [https://godoc.org/github.com/robfig/cron](https://godoc.org/github.com/robfig/cron)\n\n_NOTE: Be sure to enable the scheduler as well by setting `scheduler-enabled=true`_\n\n## AWS Setup\n\nTo enable the snapshots create a bucket in S3, then apply the following IAM permissions to your EC2 instances replacing `{!YOUR_BUCKET!}` with the correct bucket name.\n\n```json\n{\n \"Statement\": [\n {\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetBucketLocation\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:ListBucketVersions\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:s3:::{!YOUR_BUCKET!}\"\n ]\n },\n {\n \"Action\": [\n \"s3:GetObject\",\n \"s3:PutObject\",\n \"s3:DeleteObject\",\n \"s3:AbortMultipartUpload\",\n \"s3:ListMultipartUploadParts\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:s3:::{!YOUR_BUCKET!}/*\"\n ]\n }\n ],\n \"Version\": \"2012-10-17\"\n}\n```\n\n## GCP Setup\n\nTo enable snapshots with GCS on GKE, create a bucket in GCS and bind the `storage.admin` role to the cluster service account replacing `${BUCKET}` with your bucket name:\n\n```sh\ngsutil mb gs://${BUCKET}\n\nSA_EMAIL=$(kubectl run shell --rm --restart=Never -it --image google/cloud-sdk --command /usr/bin/curl -- -s -H \"Metadata-Flavor: Google\" http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email)\n\nPROJECT=$(gcloud config get-value project)\n\ngcloud projects add-iam-policy-binding ${PROJECT} \\\n --role roles/storage.admin --member serviceAccount:${SA_EMAIL}\n```\n\n## Snapshot Authentication\n\nIf you are using an elasticsearch image that requires authentication for the snapshot url, you can specify basic auth credentials.\n\n```sh\nspec:\n client-node-replicas: 3\n data-node-replicas: 3\n data-volume-size: 10Gi\n master-volume-size: 10Gi\n java-options: -Xms256m -Xmx256m\n master-node-replicas: 2\n snapshot:\n bucket-name: elasticsnapshots99\n cron-schedule: '@every 2m'\n scheduler-enabled: false\n authentication:\n password: betterpasswordneeded\n username: basicauthadmin\n storage:\n storage-class-provisioner: kubernetes.io/aws-ebs\n type: gp2\n zones:\n - us-east-1a\n - us-east-1b\n - us-east-1c\n``` \n\n# Access Cluster\n\nOnce deployed and all pods are running, the cluster can be accessed internally via https://elasticsearch:9200/ or https://${ELASTICSEARCH_SERVICE_HOST}:9200/. **Note**: the service name for the ES client may also be \"elasticsearch + \u003ccluster-Name\u003e\" as defined in your `ElasticsearchCluster` resource.\n\n![alt text](docs/images/running-cluster.png \"Running Cluster\")\n\n# Development\n\nTo run the Operator locally:\n\n```sh\n$ mkdir -p /tmp/certs/config \u0026\u0026 mkdir -p /tmp/certs/certs\n$ go get -u github.com/cloudflare/cfssl/cmd/cfssl\n$ go get -u github.com/cloudflare/cfssl/cmd/cfssljson\n$ go run cmd/operator/main.go --kubecfg-file=${HOME}/.kube/config\n```\n\n# About\n\nBuilt by UPMC Enterprises in Pittsburgh, PA. http://enterprises.upmc.com/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fupmc-enterprises%2Felasticsearch-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fupmc-enterprises%2Felasticsearch-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fupmc-enterprises%2Felasticsearch-operator/lists"}