New to KubeDB? Please start here.

ElasticsearchVersion

What is ElasticsearchVersion

ElasticsearchVersion is a Kubernetes Custom Resource Definitions (CRD). It provides a declarative configuration to specify the docker images to be used for Elasticsearch, Kibana and OpenSearch, OpenSearch-Dashboards deployed with KubeDB in a Kubernetes native way.

When you install KubeDB, an ElasticsearchVersion custom resource will be created automatically for every supported Elasticsearch and OpenSearch version. You have to specify the name of ElasticsearchVersion CRD in spec.version field of Elasticsearch CRD. Then, KubeDB will use the docker images specified in the ElasticsearchVersion CRD to create your expected database. If you want to provision Kibana or Opensearch-Dashboards, you have to specify the name of Elasticsearch CRD in spec.databaseRef.name field of ElasticsearchDashboard CRD. Then, KubeDB will use the compatible docker image specified in the .spec.dashboard.image field of the ElasticsearchVersion CRD that Elasticsearch is using to create your expected dashboard.

Using a separate CRD for specifying respective docker images, and pod security policy names allow us to modify the images, and policies independent of the KubeDB operator. This will also allow the users to use a custom image for the database.

ElasticsearchVersion Specification

As with all other Kubernetes objects, an ElasticsearchVersion needs apiVersion, kind, and metadata fields. It also needs a .spec section.

apiVersion: catalog.kubedb.com/v1alpha1
kind: ElasticsearchVersion
metadata:
  annotations:
    meta.helm.sh/release-name: kubedb
    meta.helm.sh/release-namespace: kubedb
  creationTimestamp: "2022-12-29T09:23:41Z"
  generation: 1
  labels:
    app.kubernetes.io/instance: kubedb
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubedb-catalog
    app.kubernetes.io/version: v2022.12.28
    helm.sh/chart: kubedb-catalog-v2022.12.28
  name: xpack-8.11.1
  resourceVersion: "1844"
  uid: db8b5122-bce8-4e80-b608-e314954f2980
spec:
  authPlugin: X-Pack
  dashboard:
    image: kibana:7.14.0
  dashboardInitContainer:
    yqImage: kubedb/elasticsearch-dashboard-init:7.14.0-xpack-v2022.02.22
  db:
    image: elasticsearch:7.14.0
  distribution: ElasticStack
  exporter:
    image: prometheuscommunity/elasticsearch-exporter:v1.3.0
  initContainer:
    image: tianon/toybox:0.8.4
    yqImage: kubedb/elasticsearch-init:7.14.0-xpack-v2021.08.23
  podSecurityPolicies:
    databasePolicyName: elasticsearch-db
  securityContext:
    runAsAnyNonRoot: true
    runAsUser: 1000
  stash:
    addon:
      backupTask:
        name: elasticsearch-backup-7.3.2
        params:
          - name: args
            value: --match=^(?![.])(?!kubedb-system).+
      restoreTask:
        name: elasticsearch-restore-7.3.2
        params:
          - name: args
            value: --match=^(?![.])(?!kubedb-system).+
  updateConstraints:
    allowlist:
      - < 7.18.0
  version: 7.14.0

metadata.name

metadata.name is a required field that specifies the name of the ElasticsearchVersion CRD. You have to specify this name in spec.version field of Elasticsearch CRD.

We follow this convention for naming ElasticsearchVersion CRD:

  • Name format: {Security Plugin Name}-{Application Version}-{Modification Tag}

  • Samples: xpack-8.11.1, xpack-8.11.1, opensearch-2.8.0, etc.

We use the original Elasticsearch docker image provided by the distributors. Then we bundle the image with the necessary sidecar and init container images which facilitate features like sysctl kernel settings, custom configuration, monitoring matrices, etc. An image with a higher modification tag will have more features and fixes than an image with a lower modification tag. Hence, it is recommended to use ElasticsearchVersion CRD with the highest modification tag to take advantage of the latest features.

spec.version

spec.version is a required field that specifies the original version of the Elasticsearch database that has been used to build the docker image specified in spec.db.image field.

spec.deprecated

spec.deprecated is an optional field that specifies whether the docker images specified here is supported by the current KubeDB operator. For example, we have modified kubedb/elasticsearch:7.x.x-xpack docker images to support custom configuration and re-tagged as kubedb/elasticsearch:7.x.x-xpack-v1. Now, KubeDB operator version:x.y.z supports providing custom configuration which required kubedb/elasticsearch:7.x.x-xpack-v1 docker images. So, we have marked kubedb/elasticsearch:7.x.x-xpack as deprecated in KubeDB version:x.y.z.

The default value of this field is false. If spec.deprecated is set true, the KubeDB operator will not create the database and other respective resources for this version.

spec.db.image

spec.db.image is a required field that specifies the docker image which will be used to create PetSet by KubeDB provisioner operator to create the expected Elasticsearch/OpenSearch database.

spec.dashboard.image

spec.dashboard.image is an optional field that specifies the docker image which will be used to create Deployment by KubeDB dashboard operator to create the expected Kibana/Opensearch-dashboards.

spec.exporter.image

spec.exporter.image is a required field that specifies the image which will be used to export Prometheus metrics if monitoring is enabled.

spec.updateConstraints

updateConstraints specifies the constraints that need to be considered during version update. Here allowList contains the versions those are allowed for updating from the current version. An empty list of AllowList indicates all the versions are accepted except the denyList. On the other hand, DenyList contains all the rejected versions for the update request. An empty list indicates no version is rejected.

spec.podSecurityPolicies.databasePolicyName

spec.podSecurityPolicies.databasePolicyName is a required field that specifies the name of the pod security policy required to get the database server pod(s) running.

helm upgrade -i kubedb oci://ghcr.io/appscode-charts/kubedb \
  --namespace kubedb --create-namespace \
  --set additionalPodSecurityPolicies[0]=custom-db-policy \
  --set additionalPodSecurityPolicies[1]=custom-snapshotter-policy \
  --set-file global.license=/path/to/the/license.txt \
  --wait --burst-limit=10000 --debug

spec.stash

This holds the Backup & Restore task definitions, where a TaskRef has a Name & Params section. Params specifies a list of parameters to pass to the task.

Next Steps

  • Learn about Elasticsearch CRD here.
  • Deploy your first Elasticsearch database with KubeDB by following the guide here.
  • Deploy your first OpenSearch database with KubeDB by following the guide here.