How to increase space for your elasticsearch instances in k8s on ECK

One of the most common issues of running elasticsearch on k8s is the need to increase space for your elasticsearch-data volume. It is very simple to do so lets demo it. I stood up an environment using my deploy-eck.sh script $ kubectl get pods,pvc NAME READY STATUS RESTARTS AGE pod/eck-lab-es-data-0 1/1 Running 0 112m pod/eck-lab-es-data-1 1/1 Running 0 112m pod/eck-lab-es-data-2 1/1 Running 0 112m pod/eck-lab-es-master-0 1/1 Running 0 112m pod/eck-lab-es-master-1 1/1 Running 0 112m pod/eck-lab-es-master-2 1/1 Running 0 8m12s pod/eck-lab-kb-794785d7f7-zxqlk 1/1 Running 0 110m NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE persistentvolumeclaim/elasticsearch-data-eck-lab-es-data-0 Bound pvc-4081bb0d-1664-46fe-97bd-08520075bbdc 1Gi RWO standard 112m persistentvolumeclaim/elasticsearch-data-eck-lab-es-data-1… Continue Reading


Fun things with Elastic’s Fleet server & elastic-agent

There are many fun things we can do with the fleet server & elastic-agent To understand how to edit and change settings to do fun things with fleet server, first you have to understand how fleet server works with kibana & elasticsearch and elastic-agent. Fleet server itself is elastic-agent that runs in a server mode. It needs to communicate with both kibana and elasticsearch as well as elastic-agent. It uses elasticsearch as its config manager to store configurations so that it can configure & keep track of elastic-agents that is registered against it. Kibana is used to configure fleet server,… Continue Reading


deploy-eck update 1

OUTDATED – Please use this link for the new script and instructions https://www.gooksu.com/2022/09/new-elastic-kubernetes-script-deploy-elastick8s-sh/ I developed the deploy-eck.sh script to easily deploy the elastic stack in k8s to quickly test things. Did a quick update to the script. operator mode. Now you can run the script just to deploy the operator only and apply a trial license. You can develop your own test cases etc in this mode. If you work out of ~/eckstack and name your manifest files *.yaml when you run the deploy-eck.sh cleanup it will cleanup all of your items as well. > ./deploy-eck.sh cleanup ********** Cleaning up… Continue Reading


Create secrets to use with your elastic stack to create keystore in kubernetes – minio example – helm example included

For this example I will stand up a very simple minio server on my localhost. Create kubernetes secrets for the s3.client.default.access_key and s3.client.default.secret_key. Configure my elasticsearch pod with initContainer to install the repository-s3 plugin and secureSettings to create the keystore. minio server This is a very simple, not secure setup just for testing $ mkdir data $ wget https://dl.min.io/server/minio/release/linux-amd64/minio $ chmod +x minio $ ./minio server ./data API: RootUser: minioadmin RootPass: minioadmin Console: RootUser: minioadmin RootPass: minioadmin Command-line: https://docs.min.io/docs/minio-client-quickstart-guide $ mc alias set myminio minioadmin minioadmin Instead of getting… Continue Reading


elasticsearch stack monitoring on kubernetes(ECK)

UPDATE: Since ECK operator 1.7 there is a new way to deploy stack monitoring. I’ve added the section at the end to cover for this. The old method still works and depending on your use case you can still use the old method versus new. The main difference between the OLD and NEW is that the OLD method uses filebeat and metricbeat pods while the new method uses filebeat and metricbeat sidecar containers. Lets get started with monitoring your elastic stack in kubernetes. There are multiple ways of doing this and I will divide this up into 3 sections, using… Continue Reading


elasticsearch 8.x configure roles and users for stack monitoring

A lot of changes were made with elasticsearch 8.0 release but the main one that affected me the most was the ability to use the default elastic(superuser role) to access system indices. According to https://www.elastic.co/guide/en/elasticsearch/reference/current/release-highlights.html#_better_protection_for_system_indices we no longer have write access to system indices with the superuser role. When configuring stack monitoring using metricbeats this is an issue if you’ve been just using the elastic user to configure the monitoring. You can add allow_restricted_indices to the role to enable it back however its the lazy and insecure method. I’ve summarized the creation of roles and users for metricbeats and filebeats… Continue Reading