Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elasticsearch volume cersts is empty-dir when security.enabled=true and security.autoGenerated=true #30988

Closed
Rebyrg opened this issue Dec 11, 2024 · 3 comments · May be fixed by #30989
Closed

Elasticsearch volume cersts is empty-dir when security.enabled=true and security.autoGenerated=true #30988

Rebyrg opened this issue Dec 11, 2024 · 3 comments · May be fixed by #30989
Assignees
@carrodher
Labels
elasticsearch solved stale 15 days without activity tech-issues The user has a technical issue about an application triage Triage is needed

Comments

@Rebyrg
Copy link

Rebyrg commented Dec 11, 2024
edited by carrodher
Loading

Name and Version

21.3.10

What architecture are you using?

None

What steps will reproduce the bug?

deploy the helm chart with the provided values.yaml below

Are you using any custom parameters or values?

security:
  enabled: true
  elasticPassword: "XXXX"
  tls:
    autoGenerated: true
    verificationMode: "none"
master:
  replicaCount: 3
  masterOnly: false
  extraRoles: ["data"]
  resourcesPreset: "medium"
  heapSize: "512m"
  persistence:
    storageClass: "gold"
    size: "2Gi"
data:
  replicaCount: 0
coordinating:
  replicaCount: 0
ingest:
  enabled: false
metrics:
  enabled: false

What is the expected behavior?

3 nodes cluster up and running with TLS enabled and generated self signed certs mounted as volumes to nodes

What do you see instead?

errors in logs of master node:

elasticsearch 16:27:21.73 INFO  ==>
elasticsearch 16:27:21.74 INFO  ==> Welcome to the Bitnami elasticsearch container
elasticsearch 16:27:21.75 INFO  ==> Subscribe to project updates by watching https://github.com/bitnami/containers
elasticsearch 16:27:21.76 INFO  ==> Submit issues and feature requests at https://github.com/bitnami/containers/issues
elasticsearch 16:27:21.77 INFO  ==> Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit https://bitnami.com/enterprise
elasticsearch 16:27:21.80 INFO  ==>
elasticsearch 16:27:21.82 INFO  ==> ** Starting Elasticsearch setup **
elasticsearch 16:27:21.93 WARN  ==> Setting ELASTICSEARCH_IS_DEDICATED_NODE is disabled.
elasticsearch 16:27:21.94 WARN  ==> ELASTICSEARCH_NODE_ROLES will be ignored and Elasticsearch will asume all different roles.
elasticsearch 16:27:21.94 ERROR ==> In order to configure the TLS encryption for Elasticsearch Transport you must provide your node key, certificate and a valid certification_authority certificate.
elasticsearch 16:27:21.95 ERROR ==> In order to configure the TLS encryption for Elasticsearch you must provide your node key, certificate and a valid certification_authority certificate.

Additional information

The problem is in the file https://github.com/bitnami/charts/blob/main/bitnami/elasticsearch/templates/master/statefulset.yaml line number 356.
When you enable security by setting security.enabled=true you always have empty-dir volume. It should be elasticsearch-certificates instead.

Change:

            {{- if .Values.security.enabled }}
            - name: empty-dir
              mountPath: /opt/bitnami/elasticsearch/config/certs
              subPath: certs
            {{- end }}

to

            {{- if .Values.security.enabled }}
            - name: elasticsearch-certificates
              mountPath: /opt/bitnami/elasticsearch/config/certs
            {{- end }}
@Rebyrg Rebyrg added the tech-issues The user has a technical issue about an application label Dec 11, 2024
@github-actions github-actions bot added the triage Triage is needed label Dec 11, 2024
Rebyrg added a commit to Rebyrg/charts that referenced this issue Dec 11, 2024
@Rebyrg
mount cerst to master node instead empty-dir
a82e145 
fixed bitnami#30988
mount TLS secrets as certs instead empty-dir

Signed-off-by: Rebyrg <[email protected]>
@Rebyrg Rebyrg mentioned this issue Dec 11, 2024
Open
4 tasks
@carrodher
Copy link
Member

Thank you for opening this issue and submitting the associated Pull Request. Our team will review and provide feedback. Once the PR is merged, the issue will automatically close.

Your contribution is greatly appreciated!

@github-actions GitHub Actions
Copy link

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

@github-actions github-actions bot added the stale 15 days without activity label Dec 27, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 1, 2025

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

@github-actions github-actions bot added the solved label Jan 1, 2025
@bitnami-bot bitnami-bot closed this as not planned Won't fix, can't repro, duplicate, stale Jan 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carrodher carrodher

Labels
elasticsearch solved stale 15 days without activity tech-issues The user has a technical issue about an application triage Triage is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bitnami/elasticsearch: mount cerst to master node instead empty-dir Rebyrg/charts
3 participants
@bitnami-bot @carrodher @Rebyrg