Upgrade fluentd-elasticsearch addon to Elasticsearch/Kibana 5.5 #48722
Conversation
|
Hi @aknuds1. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
needs-ok-to-test
k8s-github-robot
added
size/L
aknuds1
force-pushed
the
upgrade-fluentd-elasticsearch
branch
4 times, most recently
from
13f38ca to
09d6dcb
Compare
|
@Aknuds thanks for the PR! Do you want any feedback on this now? There are a few things that will prevent me from kicking off tests. |
aknuds1
force-pushed
the
upgrade-fluentd-elasticsearch
branch
2 times, most recently
from
07eb090 to
b8a9c0b
Compare
| accessModes: ["ReadWriteOnce"] | ||
| resources: | ||
| requests: | ||
| storage: 20Gi |
There was a problem hiding this comment.
Should this be configurable?
There was a problem hiding this comment.
yes, 20Gi is far too low for a production use case.
There was a problem hiding this comment.
@coffeepac How should we make it configurable in your opinion?
| chown -R elasticsearch:elasticsearch /data | ||
|
|
||
| exec gosu elasticsearch sh /elasticsearch/bin/elasticsearch | ||
| sysctl -w vm.max_map_count=262144 |
There was a problem hiding this comment.
This seems to cause a warning about the filesystem being read only. Is it even needed?
There was a problem hiding this comment.
I'm not sure if its required for the es5 image, it may already be set. however, ES5 has a strictly enforced minimum number of memory maps that must be available or ES refuses to start.
There was a problem hiding this comment.
@coffeepac The official ES5 image does not call sysctl, nor does it seem to set vm.mx_map_count in any other way. I guess it's unnecessary with 5.5?
There was a problem hiding this comment.
I believe this is still enforced by ES 5.5: https://www.elastic.co/guide/en/elasticsearch/reference/5.x/_maximum_map_count_check.html
there is another workaround but I don't fully understand it:
https://www.elastic.co/guide/en/elasticsearch/reference/5.x/breaking-changes-5.5.html#breaking_55_packaging_changes
| command: | ||
| - '/bin/sh' | ||
| - '-c' | ||
| - '/usr/sbin/td-agent $FLUENTD_ARGS' | ||
| env: | ||
| - name: FLUENTD_AGRS | ||
| value: -q | ||
| # TODO: Make into secret!! |
There was a problem hiding this comment.
What do we do about these Elasticsearch credentials? Should we make them configurable via a Makefile?
There was a problem hiding this comment.
what are these used for? is this basic auth against the ES cluster?
There was a problem hiding this comment.
@coffeepac That is correct, since authentication is enabled by default for ES 5.5.
|
@coffeepac I would love any feedback at this point! I'm really especially interested in hearing about my approach when it comes to the Elasticsearch Dockerfile. I've justed based it off the original one, instead of writing it from scratch, as was done in the original. I'm also interested in hearing about how installation of Elasticsearch plugins should be made configurable, instead of hardwiring repository-s3 like I've done. Note also please that I include a binary of |
| USER elasticsearch | ||
| # Temporarily move config out of the way before installing plugin as installation will fail | ||
| # otherwise | ||
| RUN mv config config.bak && ./bin/elasticsearch-plugin install -b repository-s3 && \ |
There was a problem hiding this comment.
I suspect that which plugins to install, repository-s3 in this case, should be configurable in some way.
There was a problem hiding this comment.
yes and I'm not sure how it could be done.
There was a problem hiding this comment.
@coffeepac I'm sure there could be a way. I might have seen it being done in another repository in fact.
There was a problem hiding this comment.
if you have seen it I would love to get that in here. there are several things that should be parameterized.
aknuds1
force-pushed
the
upgrade-fluentd-elasticsearch
branch
from
b8a9c0b to
a6ee0f9
Compare
k8s-github-robot
added
the
needs-rebase
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. |
There was a problem hiding this comment.
this copyright information should remain and should be at the top of all files
| @@ -22,7 +24,7 @@ spec: | |||
| spec: | |||
| serviceAccountName: elasticsearch-logging | |||
| containers: | |||
| - image: gcr.io/google_containers/elasticsearch:v2.4.1-2 | |||
| - image: gcr.io/google_containers/elasticsearch-k8s-s3:5.5.0-11 | |||
There was a problem hiding this comment.
having s3 included in the default is a bit tough as mentioned above. Its not a useful plugin for GKE clusters.
| - metadata: | ||
| name: elasticsearch-logging | ||
| spec: | ||
| storageClassName: gp2 |
There was a problem hiding this comment.
this isn't portable, its AWS specific. allow this to be the cluster default (which I think is an empty string? the semantics of storage class default is very particular).
| namespace: kube-system | ||
| labels: | ||
| k8s-app: fluentd-es | ||
| kubernetes.io/cluster-service: "true" | ||
| addonmanager.kubernetes.io/mode: Reconcile | ||
| version: v1.22 | ||
| version: v1.23 |
There was a problem hiding this comment.
I think the current version is 24? probably shouldn't change it yet as there may be other PRs that bump the version but something to check when closer to merge.
|
I don't have any ideas for how to provide a list of plugins to be installed at install time. @crassirostris do you have any thoughts on that? its something I've been considering but I don't know if this is something that there is already a pattern for elsewhere in kubernetes. |
aknuds1
force-pushed
the
upgrade-fluentd-elasticsearch
branch
from
a6ee0f9 to
8e499e4
Compare
k8s-github-robot
removed
the
needs-rebase
aknuds1
force-pushed
the
upgrade-fluentd-elasticsearch
branch
2 times, most recently
from
5cec436 to
b5e71b2
Compare
|
/ok-to-test |
| [init container](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) executing | ||
| before Elasticsearch containers themselves, in order to ensure that the kernel state variable | ||
| `vm.max_map_count` is at least 262144, since this is a requirement of Elasticsearch. | ||
| You may remove the init container if you know that your host filesystem meets this requirement. |
There was a problem hiding this comment.
It's not about filesystem, but OS
There was a problem hiding this comment.
@crassirostris Ah, thank you! My bad.
aknuds1
force-pushed
the
upgrade-fluentd-elasticsearch
branch
from
68d9dd2 to
126d5d8
Compare
aknuds1
force-pushed
the
upgrade-fluentd-elasticsearch
branch
from
126d5d8 to
0ed0f02
Compare
|
@crassirostris Both nits handled. Please review my release notes as I added a couple. |
aknuds1
changed the title
|
/lgtm Thanks a lot for doing the work! One nit towards the release notes:
I don't understand what it means :) Last part at least, "as is the default". Could you please rephrase it? |
k8s-ci-robot
added
the
lgtm
|
/approve no-issue |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aknuds1, crassirostris Associated issue requirement bypassed by: crassirostris The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
|
@crassirostris I revised my release notes, trying to make it more clear what I mean about requiring Elasticsearch authentication. |
|
@aknuds1 SGTM, thanks again! Sorry in advance for those test flakes =__= |
|
/retest Review the full test history for this PR. |
|
Automatic merge from submit-queue (batch tested with PRs 48365, 49902, 49808, 48722, 47045) |
|
Image are not pushed on not granted for public? |
|
@sebglon Was not pushed, sorry, Just fixed it |
|
Thanks very much @crassirostris @coffeepac for helping out and getting this merged! |
|
I'm rolling back the PD, because it's leaking resources in the e2e tests |
|
@crassirostris What do you mean by PD? Is there any particular issue causing resource leaks? |
|
@aknuds1 "Persistent disk", sorry, GCP terminology :) I mean PVC in the elasticsearch-logging |
|
@crassirostris What's the solution then? Not having persistentVolumeClaimTemplate in the Elasticsearch StatefulSet (because of test issues)? |
|
@aknuds1 Yup, and document it better. Ideally, I'm thinking about splitting fluentd to a separate repo and having test yamls in this repo and an example with PVC in another |
|
@crassirostris So the idea is to let the user define persistentVolumeClaimTemplate instead? You know best in any case. |
|
@aknuds1 The idea is to replace persistentVolumeClaimTemplate with emptyDir volume in this repo and add a note to the readme, stating that when adapting this example for your own need, you have to replace it with a PVC. Sounds good? |
|
@crassirostris That's what I thought you would do. Sounds like the best solution everything taken into consideration! |
This is a patch to upgrade the fluentd-elasticsearch addon to Elasticsearch/Kibana 5.5. Please provide feedback!