关于elasticsearch的一个小问题。
我目前使用的版本7.17.7弹力搜索,在这里找到https://hub.docker.com/_/elasticsearch
我在Kubernetes中使用这个清单部署它,没有任何问题,一切都很好,非常高兴。
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elastic
spec:
serviceName: elastic
replicas: 3
selector:
matchLabels:
app: elastic
template:
metadata:
labels:
app: elastic
spec:
containers:
- name: elastic
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.7
# image: docker.elastic.co/elasticsearch/elasticsearch:8.5.2
resources:
limits:
cpu: 1000m
memory: 1G
requests:
cpu: 100m
memory: 1G
ports:
- containerPort: 9200
name: rest
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
env:
- name: cluster.name
value: mynamespace
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.seed_hosts
value: "elastic-0.elasticsearch,elastic-1.elasticsearch,elastic-2.elasticsearch"
- name: cluster.initial_master_nodes
value: "elastic-0,elastic-1,elastic-2"
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
initContainers:
- name: increase-vm-max-map
image: busybox
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
- name: increase-fd-ulimit
image: busybox
command: ["sh", "-c", "ulimit -n 65536"]
securityContext:
privileged: true
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: nfs-1
resources:
requests:
storage: 50Mi
---
kind: Service
apiVersion: v1
metadata:
name: elastic
labels:
app: elastic
spec:
selector:
app: elastic
clusterIP: None
ports:
- port: 9200
name: rest
- port: 9300
name: inter-node
现在,我只想把版本升级到8.5.2,实际上只是替换了这一行(被注释掉的那一行),其余的都保持不变。
然后我部署这个新版本,不幸的是,发生了这种情况。
NAME READY STATUS RESTARTS AGE
pod/elastic-0 0/1 CrashLoopBackOff 5 (98s ago) 8m22s
pod/elastic-1 0/1 CrashLoopBackOff 5 (110s ago) 7m42s
pod/elastic-2 0/1 CrashLoopBackOff 4 (76s ago) 7m38s
Containers:
elastic:
Container ID: containerd://28100aa783d222c6899e82a6399d862bfc770ae096bbf338cb64183f7cc65026
Image: docker.elastic.co/elasticsearch/elasticsearch:8.5.2
Image ID: docker.elastic.co/elasticsearch/elasticsearch@sha256:3464f7f6963c2b00a59a9efb2458949be35e56c22a8f0fd7c0ba8b028c96f5d8
Ports: 9200/TCP, 9300/TCP
Host Ports: 0/TCP, 0/TCP
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 78
我很难理解我做错了什么。我找不到任何关于迁移的有用信息。
当跟踪日志时,我确实看到:
2022-12-06 07:12:44,449 process reaper (pid 86) ERROR Recursive call to appender rolling
{"@timestamp":"2022-12-06T07:12:44.250Z", "log.level":"ERROR", "message":"uncaught exception in thread [process reaper (pid 86)]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"process reaper (pid 86)","log.logger":"org.elasticsearch.bootstrap.ElasticsearchUncaughtExceptionHandler","elasticsearch.node.name":"elastic-0","error.type":"java.security.AccessControlException","error.message":"access denied ("java.lang.RuntimePermission" "modifyThread")","error.stack_trace":"java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThread")ntat java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)ntat java.base/java.security.AccessController.checkPermission(AccessController.java:1068)ntat java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:411)ntat org.elasticsearch.securesm@8.5.2/org.elasticsearch.secure_sm.SecureSM.checkThreadAccess(SecureSM.java:166)ntat org.elasticsearch.securesm@8.5.2/org.elasticsearch.secure_sm.SecureSM.checkAccess(SecureSM.java:120)ntat java.base/java.lang.Thread.checkAccess(Thread.java:2360)ntat java.base/java.lang.Thread.setDaemon(Thread.java:2308)ntat java.base/java.lang.ProcessHandleImpl.lambda$static$0(ProcessHandleImpl.java:103)ntat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:637)ntat java.base/java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:928)ntat java.base/java.util.concurrent.ThreadPoolExecutor.processWorkerExit(ThreadPoolExecutor.java:1021)ntat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1158)ntat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)ntat java.base/java.lang.Thread.run(Thread.java:1589)ntat java.base/jdk.internal.misc.InnocuousThread.run(InnocuousThread.java:186)n"}
请问发生了什么事?
谢谢
正如官方文档所说,从Elasticsearch 8.0开始,安全是默认启用的。启用安全功能后,弹性堆栈安全功能需要传输网络层的TLS加密,否则您的集群将无法启动,请检查。
弹性搜索在8.5中做了一些改变,你可以在这个文档中查看它们。如果您正在使用java_home,请将其升级到Java 17,这是8.5版本所需要的。
尝试获取该映像的Dockerfile,更新其中安装的版本,并重新运行docker build来更新它,附加最新版本用于安装弹性搜索
附加弹性搜索社区中询问的类似问题。