{n} (ECK) is a Kubernetes operator to orchestrate Elastic applications ({eck_resources_list}) on Kubernetes. It relies on a set of Custom Resource Definitions (CRD) to declaratively define the way each application is deployed. CRDs are global resources shared by all users of the Kubernetes cluster, which requires certain permissions to install them for initial use. The operator itself can be installed as a cluster-scoped application managing all namespaces or it can be restricted to a pre-defined set of namespaces. Multiple copies of the operator can be installed on a single Kubernetes cluster provided that the global CRDs are compatible with each instance and optional cluster-scoped extensions such as the validating webhook are disabled.
|
Caution
|
Deleting CRDs will trigger deletion of all custom resources ({eck_resources_list}) in all namespaces of the cluster, regardless of whether they are managed by a single operator or multiple operators. |
This method is the quickest way to get started with ECK if you have full administrative access to the Kubernetes cluster. The [{p}-quickstart] document describes how to proceed with this method. When you run the kubectl command listed in [{p}-deploy-eck], the following components are installed or updated:
-
CustomResourceDefinitionobjects for all supported resource types ({eck_resources_list}). -
Namespacenamedelastic-systemto hold all operator resources. -
ServiceAccount,ClusterRoleandClusterRoleBindingto allow the operator to manage resources throughout the cluster. -
ValidatingWebhookConfigurationto validate Elastic custom resources on admission. -
StatefulSet,ConfigMap,SecretandServiceinelastic-systemnamespace to run the operator application.
Starting from ECK 1.3.0, a Helm chart is available to install ECK. It is available from the Elastic Helm repository and can be added to your Helm repository list by running the following command:
helm repo add elastic https://helm.elastic.co
helm repo update|
Note
|
The minimum supported version of Helm is 3.2.0. |
This is the default mode of installation and is equivalent to installing ECK using the stand-alone YAML manifests.
helm install elastic-operator elastic/eck-operator -n elastic-system --create-namespaceThis mode avoids installing any cluster-scoped resources and restricts the operator to manage only a set of pre-defined namespaces.
Since CRDs are global resources, they still need to be installed by an administrator. This can be achieved by:
helm install elastic-operator-crds elastic/eck-operator-crdsThe operator can be installed by any user who has full access to the set of namespaces they wish to manage. The following example installs the operator to elastic-system namespace and configures it to manage only namespace-a and namespace-b:
helm install elastic-operator elastic/eck-operator -n elastic-system --create-namespace \
--set=installCRDs=false \
--set=managedNamespaces='{namespace-a, namespace-b}' \
--set=createClusterScopedResources=false \
--set=webhook.enabled=false \
--set=config.validateStorageClass=false|
Note
|
The helm install elastic-operator elastic/eck-operator -n elastic-system --create-namespace \
--values="${CHART_DIR}/profile-restricted.yaml" \
--set=managedNamespaces='{namespace-a, namespace-b}'You can find the profile files in the Helm cache directory or from the ECK source repository. |
You can view all configurable values by running the following:
helm show values elastic/eck-operator|
Caution
|
Migrating an existing installation to Helm is essentially an upgrade operation and any caveats associated with normal operator upgrades are applicable. Check the upgrade documentation before proceeding. |
You can migrate an existing operator installation to Helm by adding the meta.helm.sh/release-name, meta.helm.sh/release-namespace annotations and the app.kubernetes.io/managed-by label to all the resources you want to be adopted by Helm. You must do this for the Elastic Custom Resource Definitions (CRD) because deleting them would trigger the deletion of all deployed Elastic applications as well. All other resources are optional and can be deleted.
|
Note
|
A shell script is available in the ECK source repository to demonstrate how to migrate from version 1.7.1 to Helm. You can modify it to suit your own environment. |
For example, an ECK 1.2.1 installation deployed using the quickstart guide can be migrated to Helm as follows:
-
Annotate and label all the ECK CRDs with the appropriate Helm annotations and labels. CRDs need to be preserved to retain any existing Elastic applications deployed using the operator.
for CRD in $(kubectl get crds --no-headers -o custom-columns=NAME:.metadata.name | grep k8s.elastic.co); do kubectl annotate crd "$CRD" meta.helm.sh/release-name="$RELEASE_NAME" kubectl annotate crd "$CRD" meta.helm.sh/release-namespace="$RELEASE_NAMESPACE" kubectl label crd "$CRD" app.kubernetes.io/managed-by=Helm done
-
Uninstall the current ECK operator. You can do this by taking the
operator.yamlfile you used to install the operator and runningkubectl delete -f operator.yaml. Alternatively, you could delete each resource individually.kubectl delete -n elastic-system \ serviceaccount/elastic-operator \ secret/elastic-webhook-server-cert \ clusterrole.rbac.authorization.k8s.io/elastic-operator \ clusterrole.rbac.authorization.k8s.io/elastic-operator-view \ clusterrole.rbac.authorization.k8s.io/elastic-operator-edit \ clusterrolebinding.rbac.authorization.k8s.io/elastic-operator \ service/elastic-webhook-server \ configmap/elastic-operator \ <1> statefulset.apps/elastic-operator \ validatingwebhookconfiguration.admissionregistration.k8s.io/elastic-webhook.k8s.elastic.co-
If you have previously customized the operator configuration in this ConfigMap, you will have to repeat the configuration once the operator has been reinstalled in the next step.
-
-
Install the ECK operator using the Helm chart as described in Install ECK using the Helm chart.