Creating an Elasticsearch data store on Linux on IBM Z and LinuxONE

Install the Elasticsearch operator and set up the data store.

Before you begin

Make sure that you prepared your online and offline host to pull images from the external repository. Also, ensure that you added the Helm repo.

For more information, see Preparing to install data store operators.

Elasticsearch operator versions and image tags

The following images are needed for the pinned Helm chart or operator versions.

Table 1. Operator versions and image tags for deployment
Platform Operator versions Helm chart version Image with tag
Linux® on IBM Z® and LinuxONE 2.9.0 2.9.0 artifact-public.instana.io/self-hosted-images/z/ds-operator-images/elasticsearch/eck-operator:2.9.0_v0.2.0

artifact-public.instana.io/self-hosted-images/z/ds-operator-images/elasticsearch/elasticsearch:7.17.14_v0.2.0

Installing the Elasticsearch operator online

Complete these steps to install the Elasticsearch data store.

  1. Create the instana-elastic namespace.

    kubectl create namespace instana-elastic
    
  2. Create image pull secrets for the instana-elastic namespace. Update the <download_key> value with your own download key.

    kubectl create secret docker-registry instana-registry --namespace instana-elastic \
    --docker-username=_ \
    --docker-password=<download_key> \
    --docker-server=artifact-public.instana.io
    
  3. Install the Elasticsearch operator.

    helm install elastic-operator instana/eck-operator -n instana-elastic --version=2.9.0 --set image.repository=artifact-public.instana.io/self-hosted-images/z/ds-operator-images/elasticsearch/eck-operator --set image.tag=2.9.0_v0.2.0 --set imagePullSecrets[0].name=instana-registry
    
  4. Create a YAML file, for example elastic.yaml, with the Elasticsearch configuration.

    apiVersion: elasticsearch.k8s.elastic.co/v1
    kind: Elasticsearch
    metadata:
      name: instana
    spec:
      image: artifact-public.instana.io/self-hosted-images/z/ds-operator-images/elasticsearch/elasticsearch:7.17.14_v0.2.0
      version: 7.17.14
      nodeSets:
        - name: default
          count: 3
          podTemplate:
            spec:
              imagePullSecrets:
                - name: instana-registry
          config:
            xpack.ml.enabled: false
            bootstrap.system_call_filter: false
            node.master: true
            node.data: true
            node.ingest: true
            node.store.allow_mmap: false
            xpack.security.authc:
              anonymous:
                username: anonymous
                roles: superuser
                authz_exception: false
          volumeClaimTemplates:
            - metadata:
                name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path.
              spec:
                accessModes:
                  - ReadWriteOnce
                resources:
                  requests:
                    storage: 20Gi
      http:
        tls:
          selfSignedCertificate:
            disabled: true
    
  5. Complete the steps in Deploying and verifying Elasticsearch (online and offline).

Installing Elasticsearch offline

If you didn't yet pull the Elasticsearch images from the external registry when you prepared for installation, you can pull them now. Run the following commands on your bastion host. Then, copy the images to your Instana host that is in your air-gapped environment.

docker pull artifact-public.instana.io/self-hosted-images/z/ds-operator-images/elasticsearch/eck-operator:2.9.0_v0.2.0
docker pull artifact-public.instana.io/self-hosted-images/z/ds-operator-images/elasticsearch/elasticsearch:7.17.14_v0.2.0

Complete the following steps on your Instana host.

  1. Retag the images to your internal image registry.

     docker tag artifact-public.instana.io/self-hosted-images/z/ds-operator-images/elasticsearch/eck-operator:2.9.0_v0.2.0 <internal-image-registry>/elasticsearch/eck-operator:2.9.0_v0.2.0
     docker tag artifact-public.instana.io/self-hosted-images/z/ds-operator-images/elasticsearch/elasticsearch:7.17.14_v0.2.0 <internal-image-registry>/elasticsearch/elasticsearch:7.17.14_v0.2.0
    
  2. Push the images to your internal image registry on your bastion host.

     docker push <internal-image-registry>/elasticsearch/eck-operator:2.9.0_v0.2.0
     docker push <internal-image-registry>/elasticsearch/elasticsearch:7.17.14_v0.2.0
    
  3. Create the instana-elastic namespace for the Elasticsearch instances.

    kubectl create namespace instana-elastic
    
  4. Optional: Create an image pull secret if your internal image registry needs authentication.

    kubectl create secret docker-registry <secret_name> --namespace instana-elastic \
    --docker-username=<registry_username> \
    --docker-password=<registry_password> \
    --docker-server=<internal-image-registry>:<internal-image-registry-port>
    -- docker-email=<registry_email>
    
  5. Install the Elasticsearch operator.

    helm install elastic-operator eck-operator-2.9.0.tgz -n instana-elastic --version=2.9.0 --set image.repository=<internal-image-registry>/elasticsearch/eck-operator --set image.tag=2.9.0_v0.2.0
    
  6. Create a YAML file, for example elasticsearch.yaml, with the Elasticsearch configuration.

    apiVersion: elasticsearch.k8s.elastic.co/v1
    kind: Elasticsearch
    metadata:
      name: instana
    spec:
      image: <internal-image-registry>/elasticsearch/elasticsearch:7.17.14_v0.2.0
      version: 7.17.14
      nodeSets:
        - name: default
          count: 3
          podTemplate:
            spec:
              imagePullSecrets:
                - name: instana-registry
          config:
            xpack.ml.enabled: false
            bootstrap.system_call_filter: false
            node.master: true
            node.data: true
            node.ingest: true
            node.store.allow_mmap: false
            xpack.security.authc:
              anonymous:
                username: anonymous
                roles: superuser
                authz_exception: false
          volumeClaimTemplates:
            - metadata:
                name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path.
              spec:
                accessModes:
                  - ReadWriteOnce
                resources:
                  requests:
                    storage: 20Gi
      http:
        tls:
          selfSignedCertificate:
            disabled: true
    
  7. Complete the steps in Deploying and verifying Elasticsearch (online and offline).

Deploying and verifying Elasticsearch (online and offline)

To deploy the Elasticsearch instance and create the data store, complete the following steps:

  1. Deploy Elasticsearch. By default, a user by the name elastic is created with a random-generated password.

    kubectl apply -f elastic.yaml -n instana-elastic
    kubectl wait elasticsearch/instana --for=condition=ReconciliationComplete --timeout=300s -n instana-elastic
    
  2. Retrieve the password.

    kubectl get secret instana-es-elastic-user -n instana-elastic -o go-template='{{.data.elastic | base64decode}}' && echo
    
  3. Store the retrieved password in the config.yaml as shown in the following piece of code. Replace <RETRIEVED_FROM_SECRET> with the password that you got in the previous step.

    datastoreConfigs:
    ...
    elasticsearchConfig:
      adminUser: elastic
      adminPassword: <RETRIEVED_FROM_SECRET>
      user: elastic
      password: <RETRIEVED_FROM_SECRET>
    
  4. Verify the Elasticsearch operator deployment.

     kubectl get all -n instana-elastic
    

    If the Elasticsearch operator is deployed successfully, the command output shows the operator status as Running as shown in the following example:

     NAME                       READY   STATUS    RESTARTS      AGE
     pod/elastic-operator-0     1/1     Running   1 (10m ago)   10m
     pod/instana-es-default-0   1/1     Running   0             6m44s
     pod/instana-es-default-1   1/1     Running   0             6m44s
     pod/instana-es-default-2   1/1     Running   0             6m44s
    
     NAME                               TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
     service/elastic-operator-webhook   ClusterIP   192.168.1.41    <none>        443/TCP    10m
     service/instana-es-default         ClusterIP   None            <none>        9200/TCP   6m46s
     service/instana-es-http            ClusterIP   192.168.1.111   <none>        9200/TCP   6m48s
     service/instana-es-internal-http   ClusterIP   192.168.1.196   <none>        9200/TCP   6m48s
     service/instana-es-transport       ClusterIP   None            <none>        9300/TCP   6m48s
    
     NAME                                  READY   AGE
     statefulset.apps/elastic-operator     1/1     10m
     statefulset.apps/instana-es-default   3/3     6m48s