Elasticsearch5 Helm Chart

Elasticsearch5
Analyzed version: 6.2.2

By ygqygq2

A highly scalable open-source full-text search and analytics engine

Prometheus, a CNCF project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true.

This chart bootstraps a Prometheus deployment on a Kubernetes cluster using the Helm package manager.

Latest version: 15.5.3
View GitHub

How to Install the Elasticsearch5 Helm Chart

Add Chart Repository to Helm

helm repo add ygqygq2 https://ygqygq2.github.io/charts/

Install Chart

helm install my-elasticsearch5 ygqygq2/elasticsearch5 --version 6.2.2

Does the Elasticsearch5 chart contain security gaps?

The chart meets the best practices recommended by the industry.

The chart contains 6 misconfigurations.

The chart meets the best practices recommended by the industry. Find the full list of best practices here.

❌ Ensure each container has a configured readiness probe

3 occurrences:

  • metadata.name: release-name-elasticsearch5-coordinating-only (kind: Deployment)
  • metadata.name: release-name-elasticsearch5-data (kind: StatefulSet)
  • metadata.name: release-name-elasticsearch5-master (kind: StatefulSet)

💡 Missing property object `readinessProbe` - add a properly configured readinessProbe to notify kubelet your Pods are ready for traffic

Learn how to fix the issue here

❌ Prevent deprecated APIs in Kubernetes v1.16

3 occurrences:

  • metadata.name: release-name-elasticsearch5-coordinating-only (kind: Deployment)
  • metadata.name: release-name-elasticsearch5-data (kind: StatefulSet)
  • metadata.name: release-name-elasticsearch5-master (kind: StatefulSet)

💡 Incorrect value for key `apiVersion` - the version you are trying to use is not supported by the Kubernetes cluster version (>=1.16)

Learn how to fix the issue here

❌ Prevent container security vulnerability (CVE-2021-25741)

2 occurrences:

  • metadata.name: release-name-elasticsearch5-data (kind: StatefulSet)

💡 Forbidden property object `subPath` - malicious users can gain access to files & directories outside of the volume

Learn how to fix the issue here

❌ Ensure each container has a configured memory limit

3 occurrences:

  • metadata.name: release-name-elasticsearch5-coordinating-only (kind: Deployment)
  • metadata.name: release-name-elasticsearch5-data (kind: StatefulSet)
  • metadata.name: release-name-elasticsearch5-master (kind: StatefulSet)

💡 Missing property object `limits.memory` - value should be within the accepted boundaries recommended by the organization

Learn how to fix the issue here

❌ Ensure each container has a configured CPU limit

3 occurrences:

  • metadata.name: release-name-elasticsearch5-coordinating-only (kind: Deployment)
  • metadata.name: release-name-elasticsearch5-data (kind: StatefulSet)
  • metadata.name: release-name-elasticsearch5-master (kind: StatefulSet)

💡 Missing property object `limits.cpu` - value should be within the accepted boundaries recommended by the organization

Learn how to fix the issue here

❌ Ensure each container has a configured liveness probe

3 occurrences:

  • metadata.name: release-name-elasticsearch5-coordinating-only (kind: Deployment)
  • metadata.name: release-name-elasticsearch5-data (kind: StatefulSet)
  • metadata.name: release-name-elasticsearch5-master (kind: StatefulSet)

💡 Missing property object `livenessProbe` - add a properly configured livenessProbe to catch possible deadlocks

Learn how to fix the issue here

This is some text inside of a div block.
This is some text inside of a div block.

Reveal misconfigurations within minutes

3 Quick Steps to Get Started