This repository has been archived by the owner on Aug 2, 2022. It is now read-only.
Elasticsearch container having hardcoded path "/usr/share/elasticsearch" is not a proper design #752
Labels
enhancement
New feature or request
Is your feature request related to a problem? Please describe.
There are kubernetes based OS distributions particularly developed keeping security considerations in mind. Eg: Talos (https://www.talos.dev/). To explain in short, Talos is OS for k8s, lean and secure.
Problem I have faced currently is Opendistro-elasticsearch doesn't get deployed on Talos k8s. Reason is simple as I mentioned in the subject of this ticket i.e., "/usr/share/elasticsearch" path is hard-coded inside elasticsearch container, which is actually bad.
Describe the solution you'd like
From security pov, Talos provides only /var partition as RW (which is ephemeral partition), and other host filesystem paths are intentionally kept Read-Only.
I would like to have path's configurable using configuration files instead of hard-coding. This way, opendistro distribution of elasticsearch would be compatible across different platforms.
I would prefer solution something like: Elastic container having "/usr/share/elasticsearch" path mapping to host path "/var/elasticsearch/data".
Describe alternatives you've considered
In the process of building an docker image of opendistro elastic by modifying the path from /usr/share/elasticsearch to /var/elasticsearch/data and checking. Not successful though.
Additional context
NA
The text was updated successfully, but these errors were encountered: