Deploy Elasticsearch on Kubernetes with Helm: Step‑by‑Step Guide

In the digital era, data processing and analysis are crucial; Elasticsearch is a powerful search and analytics engine, and deploying it via Helm in containers simplifies management.

Download ES Chart Package

1. Download the ES chart on a host with internet access and push it to a Harbor repository.

<code># Add helm repo source
helm repo add elastic https://helm.elastic.co
"elastic" has been added to your repositories

# Download ES Chart package
helm pull elastic/elasticsearch --version 7.17.3

# Push to private Harbor repository
helm push elasticsearch-7.17.3.tgz oci://core.jiaxzeng.com/plugins
Pushed: core.jiaxzeng.com/plugins/elasticsearch:7.17.3
Digest: sha256:08adccbb261287f8b7515c3595f7748992b473dbbae0475ca0b6b17535d3ea81</code>

2. On the Kubernetes master node, download the chart package.

<code>sudo helm pull oci://core.jiaxzeng.com/plugins/elasticsearch --version 7.17.3 --untar --untardir /etc/kubernetes/addons/
Pulled: core.jiaxzeng.com/plugins/elasticsearch:7.17.3
Digest: sha256:08adccbb261287f8b7515c3595f7748992b473dbbae0475ca0b6b17535d3ea81</code>

ES Deployment Configuration

Generate ES Certificates

Start a container to generate ES certificates.

<code>sudo docker run --name generates-es-certs -d core.jiaxzeng.com/library/elasticsearch/elasticsearch:7.17.3 tail -f /dev/null
ce8b86b4d1eab443a8c629f2c46c8c7e018140233cded03e6253e153a4ef3752</code>

Generate a CA certificate.

<code>sudo docker exec -it generates-es-certs elasticsearch-certutil ca --out /tmp/elastic-stack-ca.p12 --pass ''</code>

Generate service certificates.

<code>sudo docker exec -it generates-es-certs elasticsearch-certutil cert --ca /tmp/elastic-stack-ca.p12 --ca-pass '' --out /tmp/elastic-certificates.p12 --pass ''</code>

Copy the generated certificates.

<code>sudo docker cp generates-es-certs:/tmp/elastic-certificates.p12 /tmp/</code>

Create a Kubernetes secret from the certificate file.

<code>kubectl -n obs-system create secret generic elastic-certificates --from-file=/tmp/elastic-certificates.p12
secret/elastic-certificates created</code>

-n parameter changes the actual deployment namespace.

Create ES Credentials

<code>kubectl -n obs-system create secret generic elastic-credentials --from-literal=username=elastic --from-literal=password=admin@123
secret/elastic-credentials created</code>

-n parameter changes the actual deployment namespace.

ES Deployment Values File

<code>cat <<'EOF' | sudo tee /etc/kubernetes/addons/elasticsearch-values.yaml > /dev/null
# Instance name
fullnameOverride: elasticsearch
# Image address
image: core.jiaxzeng.com/library/elasticsearch/elasticsearch
# ES Java options
esJavaOpts: "-Xmx2g -Xms2g"
# Resource limits
resources:
  requests:
    cpu: "1000m"
    memory: "2Gi"
  limits:
    cpu: "4000m"
    memory: "8Gi"
# Persistence configuration
persistence:
  enabled: true
  volumeClaimTemplate:
    storageClassName: ceph-rbd-storage
    accessModes: ["ReadWriteOnce"]
    resources:
      requests:
        storage: 30Gi
# Enable HTTPS
protocol: https
secretMounts:
- name: elastic-certificates
  secretName: elastic-certificates
  path: /usr/share/elasticsearch/config/certs
esConfig:
  elasticsearch.yml: |
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
# Access credentials
extraEnvs:
- name: ELASTIC_USERNAME
  valueFrom:
    secretKeyRef:
      name: elastic-credentials
      key: username
- name: ELASTIC_PASSWORD
  valueFrom:
    secretKeyRef:
      name: elastic-credentials
      key: password
tests:
  enabled: false
EOF</code>

Deploy ES

<code>helm -n obs-system install elasticsearch -f /etc/kubernetes/addons/elasticsearch-values.yaml /etc/kubernetes/addons/elasticsearch
NAME: elasticsearch
LAST DEPLOYED: Tue Feb 11 11:11:12 2025
NAMESPACE: obs-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
1. Watch all cluster members come up.
  $ kubectl get pods --namespace=obs-system -l app=elasticsearch -w</code>

Validate Service

Check Cluster Health

<code>curl -sk -u elastic:admin@123 https://$(kubectl -n obs-system get svc elasticsearch -ojsonpath='{.spec.clusterIP}'):9200/_cluster/health | python -m json.tool
{
  "active_primary_shards": 0,
  "active_shards": 0,
  "active_shards_percent_as_number": 100.0,
  "cluster_name": "elasticsearch",
  "delayed_unassigned_shards": 0,
  "initializing_shards": 0,
  "number_of_data_nodes": 3,
  "number_of_in_flight_fetch": 0,
  "number_of_nodes": 3,
  "number_of_pending_tasks": 0,
  "relocating_shards": 0,
  "status": "green",
  "task_max_waiting_in_queue_millis": 0,
  "timed_out": false,
  "unassigned_shards": 0
}</code>

View Node Details

<code>curl -sk -u elastic:admin@123 https://$(kubectl -n obs-system get svc elasticsearch -ojsonpath='{.spec.clusterIP}'):9200/_cat/nodes?v
ip               heap.percent ram.percent cpu load_1m load_5m load_15m node.role   master name
10.244.58.207    11          29          3   0.93    0.78    0.71    cdfhilmrstw -       elasticsearch-2
10.244.135.165   21          30          4   0.22    0.46    0.55    cdfhilmrstw *       elasticsearch-0
10.244.217.117   13          30          4   0.23    0.49    0.67    cdfhilmrstw -       elasticsearch-1</code>

Mastering containerized Helm deployment of Elasticsearch adds powerful data‑processing capabilities to your workflow; try it now to start an efficient data journey.