Skip to content
This repository has been archived by the owner on Aug 2, 2022. It is now read-only.

Elasticsearch container having hardcoded path "/usr/share/elasticsearch" is not a proper design #752

Closed
bodachaitanya opened this issue Apr 30, 2021 · 1 comment
Labels
enhancement New feature or request

Comments

@bodachaitanya
Copy link

Is your feature request related to a problem? Please describe.
There are kubernetes based OS distributions particularly developed keeping security considerations in mind. Eg: Talos (https://www.talos.dev/). To explain in short, Talos is OS for k8s, lean and secure.
Problem I have faced currently is Opendistro-elasticsearch doesn't get deployed on Talos k8s. Reason is simple as I mentioned in the subject of this ticket i.e., "/usr/share/elasticsearch" path is hard-coded inside elasticsearch container, which is actually bad.

Describe the solution you'd like
From security pov, Talos provides only /var partition as RW (which is ephemeral partition), and other host filesystem paths are intentionally kept Read-Only.
I would like to have path's configurable using configuration files instead of hard-coding. This way, opendistro distribution of elasticsearch would be compatible across different platforms.
I would prefer solution something like: Elastic container having "/usr/share/elasticsearch" path mapping to host path "/var/elasticsearch/data".

Describe alternatives you've considered
In the process of building an docker image of opendistro elastic by modifying the path from /usr/share/elasticsearch to /var/elasticsearch/data and checking. Not successful though.

Additional context
NA

@bodachaitanya bodachaitanya added the enhancement New feature or request label Apr 30, 2021
@camerski
Copy link
Contributor

camerski commented May 7, 2021

Implemented in opensearch-project/opensearch-build#15

Thanks for the excellent suggestion!

@camerski camerski closed this as completed May 7, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants