How to build docker image with OSS Elasticsearch and SearchGuard?

We are using docker images from this repo:

https://hub.docker.com/r/floragunncom/sg-elasticsearch/tags?page=1&ordering=last_updated

But It seems like, some versions of Elasticsearch are missing.

I want to build a docker image with the following configuration:

Elasticsearch	Search Guard	Kibana Plugin	SG Admin Standalone	Status
7.3.2	37.0.0	37.0.0	37.0.0	Active

Do you have an open-source Dockerfile or script which I can use to generate the image?

You can get scripts from the following repository Files · master · search-guard / search-guard-labs · GitLab

For example

Dokerfile

ARG ES_VERSION
ARG SG_VERSION
ARG CONTAINER_NAME
ARG AUTH

FROM docker.elastic.co/elasticsearch/elasticsearch:${ES_VERSION}

# Must repeat the docker-compose args to make them available after FROM
ARG ES_VERSION
ARG SG_VERSION
ARG CONTAINER_NAME
ARG AUTH

RUN elasticsearch-plugin install --batch https://maven.search-guard.com/search-guard-suite-release/com/floragunn/search-guard-suite-plugin/${ES_VERSION}-${SG_VERSION}/search-guard-suite-plugin-${ES_VERSION}-${SG_VERSION}.zip

# Copy Elasticsearch config
COPY ./config/${AUTH}/${CONTAINER_NAME}/*.pem /usr/share/elasticsearch/config/
COPY ./config/${AUTH}/${CONTAINER_NAME}/*.key /usr/share/elasticsearch/config/
COPY ./config/${AUTH}/${CONTAINER_NAME}/*.readme /usr/share/elasticsearch/config/
COPY ./config/${AUTH}/${CONTAINER_NAME}/*.yml /usr/share/elasticsearch/config/
COPY ./config/${AUTH}/${CONTAINER_NAME}/*.yml.example /usr/share/elasticsearch/config/

# Copy Search Guard config
COPY ./config/${AUTH}/${CONTAINER_NAME}/sgconfig/* /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/

.env

ES_VERSION=7.9.1
KIBANA_VERSION=7.9.1
SG_VERSION=45.0.0

docker-compose-basicauth.yml

version: '3.2'

services:
  sgssl-0.example.com:
    container_name: sgssl-0.example.com
    build:
      context: elasticsearch/
      args:
        AUTH: basicauth
        CONTAINER_NAME: sgssl-0.example.com
        ES_VERSION: $ES_VERSION
        SG_VERSION: $SG_VERSION
    ports:
      - "9200:9200"
      - "9300:9300"
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    # volumes:
    #   - type: volume
    #     source: elasticsearch
    #     target: /usr/share/elasticsearch/data_sgssl-0.example.com
    networks:
      - elastic
  sgssl-1.example.com:
    container_name: sgssl-1.example.com
    build:
      context: elasticsearch/
      args:
        AUTH: basicauth
        CONTAINER_NAME: sgssl-1.example.com
        ES_VERSION: $ES_VERSION
        SG_VERSION: $SG_VERSION
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    # volumes:
    #   - type: volume
    #     source: elasticsearch
    #     target: /usr/share/elasticsearch/data_sgssl-1.example.com
    networks:
      - elastic
  sgssl-2.example.com:
    container_name: sgssl-2.example.com
    build:
      context: elasticsearch/
      args:
        AUTH: basicauth
        CONTAINER_NAME: sgssl-2.example.com
        ES_VERSION: $ES_VERSION
        SG_VERSION: $SG_VERSION
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    # volumes:
    #   - type: volume
    #     source: elasticsearch
    #     target: /usr/share/elasticsearch/data_sgssl-2.example.com
    networks:
      - elastic
  kibana.example.com:
    container_name: kibana.example.com
    build:
      context: kibana/
      dockerfile: Dockerfile
      args:
        AUTH: basicauth
        CONTAINER_NAME: kibana.example.com
        KIBANA_VERSION: $KIBANA_VERSION
        SG_VERSION: $SG_VERSION
    ports:
      - "5601:5601"
    depends_on:
      - sgssl-0.example.com
    networks:
      - elastic

networks:
  elastic:
    driver: bridge

#volumes:
#  elasticsearch:

And here are the scripts from the official Search Guard Helm repository https://git.floragunn.com/gh/search-guard-helm/-/tree/prod_ready_ca/docker

Thanks @srgbnd

Can’t access your link though, tried to sign up, but not working.

Hi @kamolhasan Sorry, the link to the helm repo is not available yet. The Docker image for v7.3.2 was uploaded on Docker Hub

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.