Elastic On K8S

Elasticsearch (Elastic) is a powerful distributed search and analytics engine, and running it on Kubernetes offers scalability, flexibility, and simplified management. This blog explores how to deploy Elasticsearch on Kubernetes, discusses its benefits, and provides best practices for optimizing the setup.


Why Run Elasticsearch on Kubernetes?

Benefits:

  • Scalability: Easily scale Elasticsearch nodes based on workload.
  • High Availability: Kubernetes ensures pods are rescheduled on failures.
  • Resource Management: Fine-grained control over CPU, memory, and storage resources.
  • Integration: Native support for other Kubernetes-hosted applications and services.


Prerequisites

  1. Kubernetes Cluster:
    • At least three nodes for high availability.
    • kubectl CLI installed and configured.
  2. Storage Solution:
    • Persistent volumes provisioned for Elasticsearch data.
    • Dynamic provisioning (e.g., using CSI drivers) or static PersistentVolume setup.
  3. Elastic Helm Chart (optional):
    • Elasticsearch can be deployed using the Elastic-provided Helm charts for streamlined configuration.


Deploying Elasticsearch on Kubernetes

Step 1: Create a Namespace

Organize Elasticsearch resources within a dedicated namespace:

kubectl create namespace elasticsearch

Step 2: Deploy Elasticsearch Using YAML

Create a StatefulSet for Elasticsearch to ensure stable network identities and persistent storage.

apiVersion: apps/v1

kind: StatefulSet

metadata:

  name: elasticsearch

  namespace: elasticsearch

spec:

  serviceName: elasticsearch

  replicas: 3

  selector:

    matchLabels:

      app: elasticsearch

  template:

    metadata:

      labels:

        app: elasticsearch

    spec:

      containers:

      - name: elasticsearch

        image: docker.elastic.co/elasticsearch/elasticsearch:8.10.0

        resources:

          requests:

            memory: 1Gi

            cpu: 500m

          limits:

            memory: 2Gi

            cpu: 1

        ports:

        - containerPort: 9200

          name: http

        - containerPort: 9300

          name: transport

        volumeMounts:

        - name: elasticsearch-data

          mountPath: /usr/share/elasticsearch/data

      volumes:

        - name: elasticsearch-data

          persistentVolumeClaim:

            claimName: elasticsearch-pvc

---

apiVersion: v1

kind: PersistentVolumeClaim

metadata:

  name: elasticsearch-pvc

  namespace: elasticsearch

spec:

  accessModes:

    - ReadWriteOnce

  resources:

    requests:

      storage: 10Gi

Apply the YAML:

Step 3: Verify Deployment

Check the pods and services:

kubectl get pods -n elasticsearch
kubectl get svc -n elasticsearch

Optimizing Elasticsearch on Kubernetes

1. Resource Allocation

  • Set CPU and memory requests/limits to ensure Elasticsearch pods run reliably.
  • Use node affinity or taints to schedule pods on dedicated high-memory nodes.

2. Persistent Storage

  • Use SSD-backed storage for better I/O performance.
  • Ensure data volumes are backed up regularly.

3. Monitoring and Logging

  • Use tools like Kibana and Prometheus to monitor cluster health.
  • Integrate Elasticsearch logs into centralized logging systems.

4. Networking

  • Use a dedicated load balancer or ingress controller to expose Elasticsearch services securely.
  • Implement network policies to restrict access.

Scaling Elasticsearch

Horizontal Scaling:

Increase the replicas count in the StatefulSet YAML to add more nodes:

spec:
  replicas: 5

Vertical Scaling:

Modify resource requests and limits for more powerful nodes:

resources:

  requests:

    memory: 2Gi

    cpu: 1

  limits:

    memory: 4Gi

    cpu: 2

Security Best Practices

  1. Enable Transport Layer Security (TLS):
    • Use Elastic’s official documentation to configure TLS for node-to-node and client communication.
  2. Set Strong Authentication:
    • Enable Basic Authentication or use API keys.
  3. Limit Pod Privileges:
    • Use Kubernetes PodSecurityPolicies to enforce least privilege.
  4. Restrict External Access:
    • Expose services only through a secure ingress or VPN.


Conclusion

Running Elasticsearch on Kubernetes offers unmatched flexibility and scalability for modern applications. By following the steps and best practices outlined in this guide, you can deploy, manage, and secure an Elasticsearch cluster optimized for your workload.

Have questions or insights? Share them in the comments below!

Comments

Post a Comment

Popular posts from this blog

Managine Hadoop Cluster

If you are working on Hadoop, you’ll realize there are several shell commands available to manage your Hadoop cluster.  Hadoop administration commands. 1. Name node Commands Command Description hadoop namenode -format Format HDFS filesystem from Namenode hadoop namenode -upgrade Upgrade the NameNode start-dfs.sh Start HDFS Daemons                        stop-dfs.sh Stop HDFS Daemons start-mapred.sh Start MapReduce Daemons stop-mapred.sh Stop MapReduce Daemons hadoop namenode -recover -force Recover namenode metadata after a cluster failure (may lose data) 2. fsck Commands Command Description hadoop fsck / Filesystem check on HDFS hadoop fsck / -files Display files duri...
Read more

VENOM Vulnerability

How to Patch and Protect Linux Server against the VENOM Vulnerability # CVE-2015-3456 A very serious security problem has been found in the virtual floppy drive QEMU's code used by many computer virtualization platforms including Xen, KVM, VirtualBox, and the native QEMU client. It is called VENOM vulnerability. How can I fix VENOM vulnerability and protect my Linux server against the attack? How do I verify that my server has been fixed against the VENOM vulnerability? This is tagged as high severity security bug and it was announced on 13th May 2015. The VENOM vulnerability has existed since 2004, when the virtual Floppy Disk Controller was first added to the QEMU codebase. Since the VENOM vulnerability exists in the hypervisor’s codebase, the vulnerability is agnostic of the host operating system (Linux, Windows, Mac OS, etc.). What is the VENOM security bug (CVE-2015-3456)? An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (F...
Read more

Logrotation in Linux/unix

Log files are the most valuable tools available for Linux system security. The logrotate program is used to provide the administrator with an up-to-date record of events taking place on the system. The logrotate utility may also be used to back up log files, so copies may be used to establish patterns for system use. logrotate the logrotate program is a log file manager. It is used to regularly cycle (or rotate) log files by removing the oldest ones from your system and creating new log files. It may be used to rotate based on the age of the file or the file’s size, and usually runs automatically through the cron utility. The logrotate program may also be used to compress log files and to configure e-mail to users when they are rotated. Configuration File :-  Files /var/lib/logrotate.status   >> this file update  status of recent execution of  logrotation. root@puppet:~/sadeek/big# ls -l /var/lib/logrotate/status -rw-r--r-- 1 root root 2030 Feb...
Read more