Elasticsearch

Published: 21 Jan. 2025 Last updated: 11 Dec. 2025

Summary

Elasticsearch is an open source, distributed search and analytics engine. It is designed to store, search, and analyze large volumes of data in near real time, making it ideal for use cases such as log analysis, full-text search, and application performance monitoring.

This Application Note discusses how to use CloudCasa to properly protect and restore Elasticsearch databases running in containers under Kubernetes.

CloudCasa has been tested for this application note with Elasticsearch 8.17 clusters created using the Elastic Cloud on Kubernetes (ECK) operator. The information herein is expected to apply to more recent versions as well.

Backup

To back up Elasticsearch running on a Kubernetes cluster, you should do the following:

  • Locate your Elasticsearch cluster on your Kubernetes cluster. Make a note of the namespace, the “elasticsearch.k8s.elastic.co/node-master” label set on the Elasticsearch Pods (e.g. elasticsearch.k8s.elastic.co/node-master=true), and also the container name in the Pod (e.g. elasticsearch).

  • Create a pre-backup application hook in CloudCasa by navigating to the Configuration/App Hooks page and selecting “Add App Hook”. Choose hook type “Pre-backup”.

    Set the namespace, pod selector, and container name obtained from the previous step.

    Set the command to the following, which will flush all the Elasticsearch data streams and indices:

    curl -k -u "<ES_USERNAME>:<ES_PASSWORD>" -X POST "https://localhost:9200/_flush"

    ES_USERNAME is the username (e.g. elastic) to use for the flush command. The user must have at least manage privilege.

    ES_PASSWORD is the password for the ES_USERNAME user.

    See also

    For more information on CloudCasa Application Hooks, see App Hooks.

  • Add your Kubernetes cluster to CloudCasa if it has not been added already.

    See also

    For details see Adding a CloudCasa Pro cluster.

  • Create a backup definition as described in the CloudCasa User Guide. Select the option to do a full cluster backup since there can be multiple cluster-scoped resources that may be required during the restore. In the App Hooks section of the backup definition, add the Pre-backup hook created previously.

    See also

    For more details on defining a backup, see Defining a Kubernetes backup job.

Restore

When restoring Elasticsearch to a Kubernetes cluster, you should do the following:

  • When creating the restore definition, you should select both the namespace of the Elasticsearch operator and the namespace of the Elasticsearch cluster.

  • Ensure that you have enabled the “Include all cluster-scoped resources” switch when creating the restore definition. This will ensure that all of the CRDs for Elasticsearch are properly restored.

See also

For more information on defining a restore, see Cluster Restore Wizard.