server/sa-charts
14
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

swarm

Browse Source
This commit is contained in:
marsal wang
2023-07-26 10:07:34 +08:00
parent f884cb1020
commit 1e5a703cce
5384 changed files with 618283 additions and 4002 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
helm/elasticsearch/templates/NOTES.txt Normal file
View File

@ -0,0 +1,121 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
{{- if contains .Values.service.type "LoadBalancer" }}
-------------------------------------------------------------------------------
WARNING
By specifying "service.type=LoadBalancer" you have most likely
exposed the Elasticsearch service externally.
Please note that Elasticsearch does not implement a authentication
mechanism to secure your cluster. For security reasons, we strongly
suggest that you switch to "ClusterIP" or "NodePort".
-------------------------------------------------------------------------------
{{- end }}
{{- if not .Values.sysctlImage.enabled }}
-------------------------------------------------------------------------------
WARNING
Elasticsearch requires some changes in the kernel of the host machine to
work as expected. If those values are not set in the underlying operating
system, the ES containers fail to boot with ERROR messages.
To check whether the host machine meets the requirements, run the command
below:
kubectl logs --namespace {{ include "common.names.namespace" . }} $(kubectl get --namespace {{ include "common.names.namespace" . }} \
pods -l app={{ template "common.names.name" . }},role=master -o jsonpath='{.items[0].metadata.name}') \
elasticsearch
You can adapt the Kernel parameters on you cluster as described in the
official documentation:
https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster
As an alternative, you can specify "sysctlImage.enabled=true" to use a
privileged initContainer to change those settings in the Kernel:
helm upgrade --namespace {{ include "common.names.namespace" . }} {{ .Release.Name }} my-repo/elasticsearch --set sysctlImage.enabled=true
Note that this requires the ability to run privileged containers, which is likely not
the case on many secure clusters. To cover this use case, you can also set some parameters
in the config file to customize the default settings:
https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-store.html
https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
For that, you can place the desired parameters by using the "config" block present in the values.yaml
{{- else if .Values.sysctlImage.enabled }}
-------------------------------------------------------------------------------
WARNING
Elasticsearch requires some changes in the kernel of the host machine to
work as expected. If those values are not set in the underlying operating
system, the ES containers fail to boot with ERROR messages.
More information about these requirements can be found in the links below:
https://www.elastic.co/guide/en/elasticsearch/reference/current/file-descriptors.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html
This chart uses a privileged initContainer to change those settings in the Kernel
by running: sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
{{- end }}
** Please be patient while the chart is being deployed **
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ include "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
In order to replicate the container startup scripts execute this command:
/opt/bitnami/scripts/elasticsearch/entrypoint.sh /opt/bitnami/scripts/elasticsearch/run.sh
{{- else }}
Elasticsearch can be accessed within the cluster on port {{ include "elasticsearch.service.ports.restAPI" . }} at {{ template "elasticsearch.service.name" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
To access from outside the cluster execute the following commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "elasticsearch.service.name" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
curl http://$NODE_IP:$NODE_PORT/
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "elasticsearch.service.name" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "elasticsearch.service.name" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
curl http://$SERVICE_IP:{{ include "elasticsearch.service.ports.restAPI" . }}/
{{- else if contains "ClusterIP" .Values.service.type }}
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ template "elasticsearch.service.name" . }} {{ include "elasticsearch.service.ports.restAPI" . }}:9200 &
curl http://127.0.0.1:9200/
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- include "common.warnings.rollingTag" .Values.sysctlImage }}
{{- end }}
{{ include "elasticsearch.validateValues" . }}

585
helm/elasticsearch/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,585 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper ES image name
*/}}
{{- define "elasticsearch.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "elasticsearch.imagePullSecrets" -}}
{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.sysctlImage .Values.volumePermissions.image) "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper ES exporter image name
*/}}
{{- define "elasticsearch.metrics.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper sysctl image name
*/}}
{{- define "elasticsearch.sysctl.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.sysctlImage "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "elasticsearch.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}
{{/*
Name for the Elasticsearch service
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
Required for the Kibana subchart to find Elasticsearch service.
*/}}
{{- define "elasticsearch.service.name" -}}
{{- if .Values.global.kibanaEnabled -}}
{{- $name := .Values.global.elasticsearch.service.name -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- else -}}
{{- printf "%s" ( include "common.names.fullname" . ) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Port number for the Elasticsearch service REST API port
Required for the Kibana subchart to find Elasticsearch service.
*/}}
{{- define "elasticsearch.service.ports.restAPI" -}}
{{- if .Values.global.kibanaEnabled -}}
{{- printf "%d" (int .Values.global.elasticsearch.service.ports.restAPI) -}}
{{- else -}}
{{- printf "%d" (int .Values.service.ports.restAPI) -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified master name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.master.fullname" -}}
{{- $name := default "master" .Values.master.nameOverride -}}
{{- if .Values.master.fullnameOverride -}}
{{- .Values.master.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" (include "common.names.fullname" .) $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default master service name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.master.servicename" -}}
{{- if .Values.master.servicenameOverride -}}
{{- .Values.master.servicenameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-hl" (include "elasticsearch.master.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified coordinating name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.coordinating.fullname" -}}
{{- $name := default "coordinating" .Values.coordinating.nameOverride -}}
{{- if .Values.coordinating.fullnameOverride -}}
{{- .Values.coordinating.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" (include "common.names.fullname" .) $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default coordinating service name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.coordinating.servicename" -}}
{{- if .Values.coordinating.servicenameOverride -}}
{{- .Values.coordinating.servicenameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-hl" (include "elasticsearch.coordinating.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified data name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.data.fullname" -}}
{{- $name := default "data" .Values.data.nameOverride -}}
{{- if .Values.data.fullnameOverride -}}
{{- .Values.data.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" (include "common.names.fullname" .) $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default data service name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.data.servicename" -}}
{{- if .Values.data.servicenameOverride -}}
{{- .Values.data.servicenameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-hl" (include "elasticsearch.data.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified ingest name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.ingest.fullname" -}}
{{- $name := default "ingest" .Values.ingest.nameOverride -}}
{{- if .Values.ingest.fullnameOverride -}}
{{- .Values.ingest.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" (include "common.names.fullname" .) $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default ingest service name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.ingest.servicename" -}}
{{- if .Values.ingest.servicenameOverride -}}
{{- .Values.ingest.servicenameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-hl" (include "elasticsearch.ingest.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified metrics name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.metrics.fullname" -}}
{{- $name := default "metrics" .Values.metrics.nameOverride -}}
{{- if .Values.metrics.fullnameOverride -}}
{{- .Values.metrics.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" (include "common.names.fullname" .) $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if at least one master-elegible node replica has been configured.
*/}}
{{- define "elasticsearch.master.enabled" -}}
{{- if or .Values.master.autoscaling.enabled (gt (int .Values.master.replicaCount) 0) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if at least one coordinating-only node replica has been configured.
*/}}
{{- define "elasticsearch.coordinating.enabled" -}}
{{- if or .Values.coordinating.autoscaling.enabled (gt (int .Values.coordinating.replicaCount) 0) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if at least one data-only node replica has been configured.
*/}}
{{- define "elasticsearch.data.enabled" -}}
{{- if or .Values.data.autoscaling.enabled (gt (int .Values.data.replicaCount) 0) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if at least one ingest-only node replica has been configured.
*/}}
{{- define "elasticsearch.ingest.enabled" -}}
{{- if and .Values.ingest.enabled (or .Values.ingest.autoscaling.enabled (gt (int .Values.ingest.replicaCount) 0)) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the hostname of every ElasticSearch seed node
*/}}
{{- define "elasticsearch.hosts" -}}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $releaseNamespace := include "common.names.namespace" . }}
{{- if (include "elasticsearch.master.enabled" .) -}}
{{- $masterFullname := include "elasticsearch.master.servicename" .}}
{{- $masterFullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }},
{{- end -}}
{{- if (include "elasticsearch.coordinating.enabled" .) -}}
{{- $coordinatingFullname := include "elasticsearch.coordinating.servicename" .}}
{{- $coordinatingFullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }},
{{- end -}}
{{- if (include "elasticsearch.data.enabled" .) -}}
{{- $dataFullname := include "elasticsearch.data.servicename" .}}
{{- $dataFullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }},
{{- end -}}
{{- if (include "elasticsearch.ingest.enabled" .) -}}
{{- $ingestFullname := include "elasticsearch.ingest.servicename" .}}
{{- $ingestFullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }},
{{- end -}}
{{- range .Values.extraHosts }}
{{- . }},
{{- end }}
{{- end -}}
{{/*
Get the initialization scripts volume name.
*/}}
{{- define "elasticsearch.initScripts" -}}
{{- printf "%s-init-scripts" (include "common.names.fullname" .) -}}
{{- end -}}
{{/*
Get the initialization scripts ConfigMap name.
*/}}
{{- define "elasticsearch.initScriptsCM" -}}
{{- printf "%s" .Values.initScriptsCM -}}
{{- end -}}
{{/*
Get the initialization scripts Secret name.
*/}}
{{- define "elasticsearch.initScriptsSecret" -}}
{{- printf "%s" .Values.initScriptsSecret -}}
{{- end -}}
{{/*
Create the name of the master service account to use
*/}}
{{- define "elasticsearch.master.serviceAccountName" -}}
{{- if .Values.master.serviceAccount.create -}}
{{ default (include "elasticsearch.master.fullname" .) .Values.master.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.master.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the coordinating-only service account to use
*/}}
{{- define "elasticsearch.coordinating.serviceAccountName" -}}
{{- if .Values.coordinating.serviceAccount.create -}}
{{ default (include "elasticsearch.coordinating.fullname" .) .Values.coordinating.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.coordinating.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the data service account to use
*/}}
{{- define "elasticsearch.data.serviceAccountName" -}}
{{- if .Values.data.serviceAccount.create -}}
{{ default (include "elasticsearch.data.fullname" .) .Values.data.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.data.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the ingest service account to use
*/}}
{{- define "elasticsearch.ingest.serviceAccountName" -}}
{{- if .Values.ingest.serviceAccount.create -}}
{{ default (include "elasticsearch.ingest.fullname" .) .Values.ingest.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.ingest.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the elasticsearch TLS credentials secret for master nodes.
*/}}
{{- define "elasticsearch.master.tlsSecretName" -}}
{{- $secretName := .Values.security.tls.master.existingSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-crt" (include "elasticsearch.master.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the elasticsearch TLS credentials secret for data nodes.
*/}}
{{- define "elasticsearch.data.tlsSecretName" -}}
{{- $secretName := .Values.security.tls.data.existingSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-crt" (include "elasticsearch.data.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the elasticsearch TLS credentials secret for ingest nodes.
*/}}
{{- define "elasticsearch.ingest.tlsSecretName" -}}
{{- $secretName := .Values.security.tls.ingest.existingSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-crt" (include "elasticsearch.ingest.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the elasticsearch TLS credentials secret for coordinating-only nodes.
*/}}
{{- define "elasticsearch.coordinating.tlsSecretName" -}}
{{- $secretName := .Values.security.tls.coordinating.existingSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-crt" (include "elasticsearch.coordinating.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a TLS credentials secret object should be created
*/}}
{{- define "elasticsearch.createTlsSecret" -}}
{{- if and .Values.security.enabled .Values.security.tls.autoGenerated (not (include "elasticsearch.security.tlsSecretsProvided" .)) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return true if an authentication credentials secret object should be created
*/}}
{{- define "elasticsearch.createSecret" -}}
{{- if and .Values.security.enabled (not .Values.security.existingSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the Elasticsearch authentication credentials secret name
*/}}
{{- define "elasticsearch.secretName" -}}
{{- default (include "common.names.fullname" .) .Values.security.existingSecret -}}
{{- end -}}
{{/*
Return true if a TLS password secret object should be created
*/}}
{{- define "elasticsearch.createTlsPasswordsSecret" -}}
{{- if and .Values.security.enabled (not .Values.security.tls.passwordsSecret) (or .Values.security.tls.keystorePassword .Values.security.tls.truststorePassword .Values.security.tls.keyPassword ) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the Elasticsearch TLS password secret name
*/}}
{{- define "elasticsearch.tlsPasswordsSecret" -}}
{{- default (printf "%s-tls-pass" (include "common.names.fullname" .)) .Values.security.tls.passwordsSecret -}}
{{- end -}}
{{/*
Returns the name of the secret key containing the Keystore password
*/}}
{{- define "elasticsearch.keystorePasswordKey" -}}
{{- if .Values.security.tls.secretKeystoreKey -}}
{{- printf "%s" .Values.security.tls.secretKeystoreKey -}}
{{- else -}}
{{- print "keystore-password"}}
{{- end -}}
{{- end -}}
{{/*
Returns the name of the secret key containing the Truststore password
*/}}
{{- define "elasticsearch.truststorePasswordKey" -}}
{{- if .Values.security.tls.secretTruststoreKey -}}
{{- printf "%s" .Values.security.tls.secretTruststoreKey -}}
{{- else -}}
{{- print "truststore-password"}}
{{- end -}}
{{- end -}}
{{/*
Returns the name of the secret key containing the PEM key password
*/}}
{{- define "elasticsearch.keyPasswordKey" -}}
{{- if .Values.security.tls.secretKey -}}
{{- printf "%s" .Values.security.tls.secretKey -}}
{{- else -}}
{{- print "key-password"}}
{{- end -}}
{{- end -}}
{{/*
Add environment variables to configure database values
*/}}
{{- define "elasticsearch.configure.security" -}}
- name: ELASTICSEARCH_ENABLE_SECURITY
value: "true"
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "elasticsearch.secretName" . }}
key: elasticsearch-password
- name: ELASTICSEARCH_ENABLE_FIPS_MODE
value: {{ .Values.security.fipsMode | quote }}
- name: ELASTICSEARCH_TLS_VERIFICATION_MODE
value: {{ .Values.security.tls.verificationMode | quote }}
- name: ELASTICSEARCH_ENABLE_REST_TLS
value: {{ ternary "true" "false" .Values.security.tls.restEncryption | quote }}
{{- if or (include "elasticsearch.createTlsSecret" .) .Values.security.tls.usePemCerts }}
- name: ELASTICSEARCH_TLS_USE_PEM
value: "true"
{{- else }}
- name: ELASTICSEARCH_KEYSTORE_LOCATION
value: "/opt/bitnami/elasticsearch/config/certs/{{ .Values.security.tls.keystoreFilename }}"
- name: ELASTICSEARCH_TRUSTSTORE_LOCATION
value: "/opt/bitnami/elasticsearch/config/certs/{{ .Values.security.tls.truststoreFilename }}"
{{- end }}
{{- if and (not .Values.security.tls.usePemCerts) (or .Values.security.tls.keystorePassword .Values.security.tls.passwordsSecret) }}
- name: ELASTICSEARCH_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
key: {{ include "elasticsearch.keystorePasswordKey" . | quote }}
{{- end }}
{{- if and (not .Values.security.tls.usePemCerts) (or .Values.security.tls.truststorePassword .Values.security.tls.passwordsSecret) }}
- name: ELASTICSEARCH_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
key: {{ include "elasticsearch.truststorePasswordKey" . | quote }}
{{- end }}
{{- if and .Values.security.tls.usePemCerts (or .Values.security.tls.keyPassword .Values.security.tls.passwordsSecret) }}
- name: ELASTICSEARCH_KEY_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
key: {{ include "elasticsearch.keyPasswordKey" . | quote }}
{{- end }}
{{- end -}}
{{/*
Returns true if at least 1 existing secret was provided
*/}}
{{- define "elasticsearch.security.tlsSecretsProvided" -}}
{{- $masterSecret := (and (include "elasticsearch.master.enabled" .) .Values.security.tls.master.existingSecret) -}}
{{- $coordinatingSecret := (and (include "elasticsearch.coordinating.enabled" .) .Values.security.tls.coordinating.existingSecret) -}}
{{- $dataSecret := (and (include "elasticsearch.data.enabled" .) .Values.security.tls.data.existingSecret) -}}
{{- $ingestSecret := (and (include "elasticsearch.ingest.enabled" .) .Values.security.tls.ingest.existingSecret) -}}
{{- if or $masterSecret $coordinatingSecret $dataSecret $ingestSecret }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Elasticsearch - Existing secret not provided for master nodes */}}
{{- define "elasticsearch.validateValues.security.missingTlsSecrets.master" -}}
{{- $masterSecret := (and (include "elasticsearch.master.enabled" .) (not .Values.security.tls.master.existingSecret)) -}}
{{- if and .Values.security.enabled (include "elasticsearch.security.tlsSecretsProvided" .) $masterSecret -}}
elasticsearch: security.tls.master.existingSecret
Missing secret containing the TLS certificates for the Elasticsearch master nodes.
Provide the certificates using --set .Values.security.tls.master.existingSecret="my-secret".
{{- end -}}
{{- end -}}
{{/* Validate values of Elasticsearch - Existing secret not provided for coordinating-only nodes */}}
{{- define "elasticsearch.validateValues.security.missingTlsSecrets.coordinating" -}}
{{- $coordinatingSecret := (and (include "elasticsearch.coordinating.enabled" .) (not .Values.security.tls.coordinating.existingSecret)) -}}
{{- if and .Values.security.enabled (include "elasticsearch.security.tlsSecretsProvided" .) $coordinatingSecret -}}
elasticsearch: security.tls.coordinating.existingSecret
Missing secret containing the TLS certificates for the Elasticsearch coordinating-only nodes.
Provide the certificates using --set .Values.security.tls.coordinating.existingSecret="my-secret".
{{- end -}}
{{- end -}}
{{/* Validate values of Elasticsearch - Existing secret not provided for data nodes */}}
{{- define "elasticsearch.validateValues.security.missingTlsSecrets.data" -}}
{{- $dataSecret := (and (include "elasticsearch.data.enabled" .) (not .Values.security.tls.data.existingSecret)) -}}
{{- if and .Values.security.enabled (include "elasticsearch.security.tlsSecretsProvided" .) $dataSecret -}}
elasticsearch: security.tls.data.existingSecret
Missing secret containing the TLS certificates for the Elasticsearch data nodes.
Provide the certificates using --set .Values.security.tls.data.existingSecret="my-secret".
{{- end -}}
{{- end -}}
{{/* Validate values of Elasticsearch - Existing secret not provided for ingest nodes */}}
{{- define "elasticsearch.validateValues.security.missingTlsSecrets.ingest" -}}
{{- $ingestSecret := (and (include "elasticsearch.ingest.enabled" .) (not .Values.security.tls.ingest.existingSecret)) -}}
{{- if and .Values.security.enabled (include "elasticsearch.security.tlsSecretsProvided" .) $ingestSecret -}}
elasticsearch: security.tls.ingest.existingSecret
Missing secret containing the TLS certificates for the Elasticsearch ingest nodes.
Provide the certificates using --set .Values.security.tls.ingest.existingSecret="my-secret".
{{- end -}}
{{- end -}}
{{/* Validate values of Elasticsearch - TLS enabled but no certificates provided */}}
{{- define "elasticsearch.validateValues.security.tls" -}}
{{- if and .Values.security.enabled (not .Values.security.tls.autoGenerated) (not (include "elasticsearch.security.tlsSecretsProvided" .)) -}}
elasticsearch: security.tls
In order to enable X-Pack Security, it is necessary to configure TLS.
Three different mechanisms can be used:
- Provide an existing secret containing the Keystore and Truststore for each role
- Provide an existing secret containing the PEM certificates for each role and enable `security.tls.usePemCerts=true`
- Enable using auto-generated certificates with `security.tls.autoGenerated=true`
Existing secrets containing either JKS/PKCS12 or PEM certificates can be provided using --set Values.security.tls.master.existingSecret=master-certs,
--set Values.security.tls.data.existingSecret=data-certs, --set Values.security.tls.coordinating.existingSecret=coordinating-certs, --set Values.security.tls.ingest.existingSecret=ingest-certs
{{- end -}}
{{- end -}}
{{/* Validate at least Elasticsearch one master node is configured */}}
{{- define "elasticsearch.validateValues.master.replicas" -}}
{{- if not (include "elasticsearch.master.enabled" .) -}}
elasticsearch: master.replicas
Elasticsearch needs at least one master-elegible node to form a cluster.
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "elasticsearch.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "elasticsearch.validateValues.master.replicas" .) -}}
{{- $messages := append $messages (include "elasticsearch.validateValues.security.tls" .) -}}
{{- $messages := append $messages (include "elasticsearch.validateValues.security.missingTlsSecrets.master" .) -}}
{{- $messages := append $messages (include "elasticsearch.validateValues.security.missingTlsSecrets.data" .) -}}
{{- $messages := append $messages (include "elasticsearch.validateValues.security.missingTlsSecrets.coordinating" .) -}}
{{- $messages := append $messages (include "elasticsearch.validateValues.security.missingTlsSecrets.ingest" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/*
Sysctl set if less then
*/}}
{{- define "elasticsearch.sysctlIfLess" -}}
CURRENT=`sysctl -n {{ .key }}`;
DESIRED="{{ .value }}";
if [ "$DESIRED" -gt "$CURRENT" ]; then
sysctl -w {{ .key }}={{ .value }};
fi;
{{- end -}}

23
helm/elasticsearch/templates/configmap.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if or .Values.config .Values.extraConfig }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- if .Values.config }}
elasticsearch.yml: |-
{{- include "common.tplvalues.render" ( dict "value" .Values.config "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.extraConfig }}
my_elasticsearch.yml: |-
{{- include "common.tplvalues.render" ( dict "value" .Values.extraConfig "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

47
helm/elasticsearch/templates/coordinating/hpa.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- if and (include "elasticsearch.coordinating.enabled" .) .Values.coordinating.autoscaling.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "elasticsearch.coordinating.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: coordinating-only
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
name: {{ include "elasticsearch.coordinating.fullname" . }}
minReplicas: {{ .Values.coordinating.autoscaling.minReplicas }}
maxReplicas: {{ .Values.coordinating.autoscaling.maxReplicas }}
metrics:
{{- if .Values.coordinating.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.coordinating.autoscaling.targetCPU }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.coordinating.autoscaling.targetCPU }}
{{- end }}
{{- end }}
{{- if .Values.coordinating.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.coordinating.autoscaling.targetMemory }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.coordinating.autoscaling.targetMemory }}
{{- end }}
{{- end }}
{{- end }}

22
helm/elasticsearch/templates/coordinating/serviceaccount.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if and (include "elasticsearch.coordinating.enabled" .) .Values.coordinating.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "elasticsearch.coordinating.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: coordinating-only
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if or .Values.coordinating.serviceAccount.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.coordinating.serviceAccount.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.coordinating.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
automountServiceAccountToken: {{ .Values.coordinating.serviceAccount.automountServiceAccountToken }}
{{- end -}}

313
helm/elasticsearch/templates/coordinating/statefulset.yaml Normal file
View File

@ -0,0 +1,313 @@
{{- if (include "elasticsearch.coordinating.enabled" .) }}
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "elasticsearch.coordinating.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: coordinating-only
{{- if .Values.useIstioLabels }}
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: coordinating-only
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.coordinating.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.coordinating.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.coordinating.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if not .Values.coordinating.autoscaling.enabled }}
replicas: {{ .Values.coordinating.replicaCount }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: coordinating-only
{{- if .Values.coordinating.updateStrategy }}
updateStrategy: {{- toYaml .Values.coordinating.updateStrategy | nindent 4 }}
{{- end }}
serviceName: {{ include "elasticsearch.coordinating.servicename" . }}
podManagementPolicy: {{ .Values.coordinating.podManagementPolicy }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: coordinating-only
{{- if .Values.useIstioLabels }}
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: coordinating-only
{{- end }}
{{- if .Values.coordinating.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.coordinating.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if and (include "elasticsearch.createTlsSecret" .) (not .Values.security.tls.coordinating.existingSecret) }}
checksum/tls: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.coordinating.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.coordinating.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "elasticsearch.coordinating.serviceAccountName" . }}
{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
{{- if .Values.coordinating.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.coordinating.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.coordinating.podAffinityPreset "component" "coordinating-only" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.coordinating.podAntiAffinityPreset "component" "coordinating-only" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.coordinating.nodeAffinityPreset.type "key" .Values.coordinating.nodeAffinityPreset.key "values" .Values.coordinating.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.coordinating.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.coordinating.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.coordinating.schedulerName }}
schedulerName: {{ .Values.coordinating.schedulerName }}
{{- end }}
{{- if .Values.coordinating.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.coordinating.priorityClassName }}
priorityClassName: {{ .Values.coordinating.priorityClassName | quote }}
{{- end }}
{{- if .Values.coordinating.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.coordinating.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.coordinating.podSecurityContext.enabled }}
securityContext: {{- omit .Values.coordinating.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if or .Values.coordinating.initContainers .Values.sysctlImage.enabled }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
image: {{ include "elasticsearch.sysctl.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- include "elasticsearch.sysctlIfLess" (dict "key" "vm.max_map_count" "value" "262144") | nindent 14 }}
{{- include "elasticsearch.sysctlIfLess" (dict "key" "fs.file-max" "value" "65536") | nindent 14 }}
securityContext:
privileged: true
runAsUser: 0
{{- if .Values.sysctlImage.resources }}
resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.coordinating.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.coordinating.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: elasticsearch
image: {{ include "elasticsearch.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.coordinating.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.coordinating.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.coordinating.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.coordinating.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.coordinating.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ .Values.clusterName | quote }}
- name: ELASTICSEARCH_IS_DEDICATED_NODE
value: "yes"
- name: ELASTICSEARCH_NODE_ROLES
value: ""
- name: ELASTICSEARCH_TRANSPORT_PORT_NUMBER
value: {{ .Values.containerPorts.transport | quote }}
- name: ELASTICSEARCH_HTTP_PORT_NUMBER
value: {{ .Values.containerPorts.restAPI | quote }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
value: {{ include "elasticsearch.hosts" . | quote }}
- name: ELASTICSEARCH_TOTAL_NODES
value: {{ add (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) (ternary .Values.data.autoscaling.minReplicas .Values.data.replicaCount .Values.data.autoscaling.enabled) | quote }}
- name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
{{- $elasticsearchMasterFullname := include "elasticsearch.master.fullname" . }}
{{- $replicas := int (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) }}
value: {{ range $i, $e := until $replicas }}{{ printf "%s-%d" $elasticsearchMasterFullname $e }} {{ end }}
- name: ELASTICSEARCH_MINIMUM_MASTER_NODES
value: {{ add (div (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) 2) 1 | quote }}
- name: ELASTICSEARCH_ADVERTISED_HOSTNAME
value: "$(MY_POD_NAME).{{ (include "elasticsearch.coordinating.servicename" .)}}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
{{- if .Values.plugins }}
- name: ELASTICSEARCH_PLUGINS
value: {{ .Values.plugins | quote }}
{{- end }}
{{- if .Values.coordinating.heapSize }}
- name: ELASTICSEARCH_HEAP_SIZE
value: {{ .Values.coordinating.heapSize | quote }}
{{- end }}
{{- if .Values.security.enabled }}
{{- include "elasticsearch.configure.security" . | nindent 12 }}
{{- end }}
{{- if .Values.coordinating.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.coordinating.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret .Values.coordinating.extraEnvVarsCM .Values.coordinating.extraEnvVarsSecret }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsCM "context" $ ) }}
{{- end }}
{{- if .Values.coordinating.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.coordinating.extraEnvVarsCM "context" $ ) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- if .Values.coordinating.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.coordinating.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- end }}
ports:
- name: rest-api
containerPort: {{ .Values.containerPorts.restAPI }}
- name: transport
containerPort: {{ .Values.containerPorts.transport }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.coordinating.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.coordinating.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.coordinating.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: rest-api
{{- end }}
{{- if .Values.coordinating.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.coordinating.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.coordinating.livenessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- end }}
{{- if .Values.coordinating.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.coordinating.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.coordinating.readinessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- end }}
{{- end }}
{{- if .Values.coordinating.resources }}
resources: {{- toYaml .Values.coordinating.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/elasticsearch/data
{{- if .Values.config }}
- mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
name: config
subPath: elasticsearch.yml
{{- end }}
{{- if .Values.extraConfig }}
- mountPath: /opt/bitnami/elasticsearch/config/my_elasticsearch.yml
name: config
subPath: my_elasticsearch.yml
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
mountPath: /opt/bitnami/elasticsearch/config/certs
readOnly: true
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d/init-scripts
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
mountPath: /docker-entrypoint-initdb.d/init-scripts-cm
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
mountPath: /docker-entrypoint-initdb.d/init-scripts-secret
{{- end }}
{{- if .Values.coordinating.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.coordinating.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.coordinating.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.coordinating.sidecars "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: "data"
emptyDir: {}
{{- if or .Values.config .Values.extraConfig }}
- name: config
configMap:
name: {{ include "common.names.fullname" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
secret:
secretName: {{ include "elasticsearch.coordinating.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
configMap:
name: {{ template "elasticsearch.initScripts" . }}
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
configMap:
name: {{ template "elasticsearch.initScriptsCM" . }}
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
secret:
secretName: {{ template "elasticsearch.initScriptsSecret" . }}
defaultMode: 0755
{{- end }}
{{- if .Values.coordinating.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.coordinating.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

28
helm/elasticsearch/templates/coordinating/svc-headless.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if (include "elasticsearch.coordinating.enabled" .) }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.coordinating.servicename" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: coordinating-only
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: tcp-rest-api
port: {{ .Values.containerPorts.restAPI }}
targetPort: rest-api
- name: tcp-transport
port: {{ .Values.containerPorts.transport }}
targetPort: transport
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: coordinating-only
{{- end }}

47
helm/elasticsearch/templates/data/hpa.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- if and (include "elasticsearch.data.enabled" .) .Values.data.autoscaling.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "elasticsearch.data.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: data
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
name: {{ include "elasticsearch.data.fullname" . }}
minReplicas: {{ .Values.data.autoscaling.minReplicas }}
maxReplicas: {{ .Values.data.autoscaling.maxReplicas }}
metrics:
{{- if .Values.data.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.data.autoscaling.targetCPU }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.data.autoscaling.targetCPU }}
{{- end }}
{{- end }}
{{- if .Values.data.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.data.autoscaling.targetMemory }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.data.autoscaling.targetMemory }}
{{- end }}
{{- end }}
{{- end }}

22
helm/elasticsearch/templates/data/serviceaccount.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if and (include "elasticsearch.data.enabled" .) .Values.data.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "elasticsearch.data.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: data
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if or .Values.data.serviceAccount.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.data.serviceAccount.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.data.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
automountServiceAccountToken: {{ .Values.data.serviceAccount.automountServiceAccountToken }}
{{- end -}}

373
helm/elasticsearch/templates/data/statefulset.yaml Normal file
View File

@ -0,0 +1,373 @@
{{- if (include "elasticsearch.data.enabled" .) }}
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "elasticsearch.data.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: data
{{- if .Values.useIstioLabels }}
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: data
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.data.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.data.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.data.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if not .Values.data.autoscaling.enabled }}
replicas: {{ .Values.data.replicaCount }}
{{- end }}
podManagementPolicy: {{ .Values.data.podManagementPolicy }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: data
serviceName: {{ include "elasticsearch.data.servicename" . }}
{{- if .Values.data.updateStrategy }}
updateStrategy: {{- toYaml .Values.data.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: data
{{- if .Values.useIstioLabels }}
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: data
{{- end }}
{{- if .Values.data.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.data.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if and (include "elasticsearch.createTlsSecret" .) (not .Values.security.tls.data.existingSecret) }}
checksum/tls: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.data.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.data.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }}
{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
{{- if .Values.data.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.data.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.data.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.data.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.data.podAffinityPreset "component" "data" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.data.podAntiAffinityPreset "component" "data" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.data.nodeAffinityPreset.type "key" .Values.data.nodeAffinityPreset.key "values" .Values.data.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.data.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.data.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.data.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.data.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.data.schedulerName }}
schedulerName: {{ .Values.data.schedulerName }}
{{- end }}
{{- if .Values.data.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.data.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.data.priorityClassName }}
priorityClassName: {{ .Values.data.priorityClassName | quote }}
{{- end }}
{{- if .Values.data.podSecurityContext.enabled }}
securityContext: {{- omit .Values.data.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.data.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.data.terminationGracePeriodSeconds }}
{{- end }}
{{- if or .Values.data.initContainers .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.data.persistence.enabled) }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
image: {{ include "elasticsearch.sysctl.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- include "elasticsearch.sysctlIfLess" (dict "key" "vm.max_map_count" "value" "262144") | nindent 14 }}
{{- include "elasticsearch.sysctlIfLess" (dict "key" "fs.file-max" "value" "65536") | nindent 14 }}
securityContext:
privileged: true
runAsUser: 0
{{- if .Values.sysctlImage.resources }}
resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.data.persistence.enabled }}
- name: volume-permissions
image: {{ include "elasticsearch.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
mkdir -p /bitnami/elasticsearch/data
chown {{ .Values.data.containerSecurityContext.runAsUser }}:{{ .Values.data.podSecurityContext.fsGroup }} /bitnami/elasticsearch/data
find /bitnami/elasticsearch/data -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.data.containerSecurityContext.runAsUser }}:{{ .Values.data.podSecurityContext.fsGroup }}
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/elasticsearch/data
{{- end }}
{{- if .Values.data.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.data.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: elasticsearch
image: {{ include "elasticsearch.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.data.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.data.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.data.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.data.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.data.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.data.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.data.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.data.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ELASTICSEARCH_IS_DEDICATED_NODE
value: "yes"
- name: ELASTICSEARCH_NODE_ROLES
value: "data"
- name: ELASTICSEARCH_TRANSPORT_PORT_NUMBER
value: {{ .Values.containerPorts.transport | quote }}
- name: ELASTICSEARCH_HTTP_PORT_NUMBER
value: {{ .Values.containerPorts.restAPI | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ .Values.clusterName | quote }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
value: {{ include "elasticsearch.hosts" . | quote }}
- name: ELASTICSEARCH_TOTAL_NODES
value: {{ add (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) (ternary .Values.data.autoscaling.minReplicas .Values.data.replicaCount .Values.data.autoscaling.enabled) | quote }}
- name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
{{- $elasticsearchMasterFullname := include "elasticsearch.master.fullname" . }}
{{- $replicas := int (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) }}
value: {{ range $i, $e := until $replicas }}{{ printf "%s-%d" $elasticsearchMasterFullname $e }} {{ end }}
- name: ELASTICSEARCH_MINIMUM_MASTER_NODES
value: {{ add (div (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) 2) 1 | quote }}
- name: ELASTICSEARCH_ADVERTISED_HOSTNAME
value: "$(MY_POD_NAME).{{ (include "elasticsearch.data.servicename" .)}}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
{{- if .Values.plugins }}
- name: ELASTICSEARCH_PLUGINS
value: {{ .Values.plugins | quote }}
{{- end }}
{{- if .Values.snapshotRepoPath }}
- name: ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH
value: {{ .Values.snapshotRepoPath | quote }}
{{- end }}
{{- if .Values.data.heapSize }}
- name: ELASTICSEARCH_HEAP_SIZE
value: {{ .Values.data.heapSize | quote }}
{{- end }}
{{- if .Values.security.enabled }}
{{- include "elasticsearch.configure.security" . | nindent 12 }}
{{- end }}
{{- if .Values.data.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.data.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret .Values.data.extraEnvVarsCM .Values.data.extraEnvVarsSecret }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsCM "context" $ ) }}
{{- end }}
{{- if .Values.data.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.data.extraEnvVarsCM "context" $ ) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- if .Values.data.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.data.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- end }}
ports:
- name: rest-api
containerPort: {{ .Values.containerPorts.restAPI }}
- name: transport
containerPort: {{ .Values.containerPorts.transport }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.data.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.data.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.data.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.data.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: rest-api
{{- end }}
{{- if .Values.data.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.data.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.data.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.data.livenessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- end }}
{{- if .Values.data.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.data.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.data.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.data.readinessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- end }}
{{- end }}
{{- if .Values.data.resources }}
resources: {{- toYaml .Values.data.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/elasticsearch/data
{{- if .Values.config }}
- mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
name: config
subPath: elasticsearch.yml
{{- end }}
{{- if .Values.extraConfig }}
- mountPath: /opt/bitnami/elasticsearch/config/my_elasticsearch.yml
name: config
subPath: my_elasticsearch.yml
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
mountPath: /opt/bitnami/elasticsearch/config/certs
readOnly: true
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d/init-scripts
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
mountPath: /docker-entrypoint-initdb.d/init-scripts-cm
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
mountPath: /docker-entrypoint-initdb.d/init-scripts-secret
{{- end }}
{{- if .Values.data.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.data.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.data.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.data.sidecars "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if or .Values.config .Values.extraConfig }}
- name: config
configMap:
name: {{ template "common.names.fullname" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
secret:
secretName: {{ template "elasticsearch.data.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
configMap:
name: {{ template "elasticsearch.initScripts" . }}
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
configMap:
name: {{ template "elasticsearch.initScriptsCM" . }}
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
secret:
secretName: {{ template "elasticsearch.initScriptsSecret" . }}
defaultMode: 0755
{{- end }}
{{- if .Values.data.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.data.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if not .Values.data.persistence.enabled }}
- name: "data"
emptyDir: {}
{{- else if .Values.data.persistence.existingClaim }}
- name: "data"
persistentVolumeClaim:
claimName: {{ .Values.data.persistence.existingClaim }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: "data"
annotations:
{{- if .Values.data.persistence.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.data.persistence.annotations "context" $) | nindent 10 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 10 }}
{{- end }}
{{- if .Values.commonLabels }}
labels: {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.data.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.data.persistence.size | quote }}
{{- if .Values.data.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.data.persistence.selector "context" $) | nindent 10 }}
{{- else if .Values.data.persistence.existingVolume }}
selector:
matchLabels:
volume: {{ .Values.data.persistence.existingVolume }}
{{- end }}
{{- include "common.storage.class" (dict "persistence" .Values.data.persistence "global" .Values.global) | nindent 8 }}
{{- end }}
{{- end }}

28
helm/elasticsearch/templates/data/svc-headless.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if (include "elasticsearch.data.enabled" .) }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.data.servicename" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: data
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: tcp-rest-api
port: {{ .Values.containerPorts.restAPI }}
targetPort: rest-api
- name: tcp-transport
port: {{ .Values.containerPorts.transport }}
targetPort: transport
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: data
{{- end }}

4
helm/elasticsearch/templates/extra-list.yaml Normal file
View File

@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

47
helm/elasticsearch/templates/ingest/hpa.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- if and (include "elasticsearch.ingest.enabled" .) .Values.ingest.autoscaling.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "elasticsearch.ingest.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: ingest
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
name: {{ include "elasticsearch.ingest.fullname" . }}
minReplicas: {{ .Values.ingest.autoscaling.minReplicas }}
maxReplicas: {{ .Values.ingest.autoscaling.maxReplicas }}
metrics:
{{- if .Values.ingest.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.ingest.autoscaling.targetCPU }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.ingest.autoscaling.targetCPU }}
{{- end }}
{{- end }}
{{- if .Values.ingest.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.ingest.autoscaling.targetMemory }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.ingest.autoscaling.targetMemory }}
{{- end }}
{{- end }}
{{- end }}

65
helm/elasticsearch/templates/ingest/ingress.yaml Normal file
View File

@ -0,0 +1,65 @@
{{- if and (include "elasticsearch.ingest.enabled" .) .Values.ingest.service.enabled .Values.ingest.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "elasticsearch.ingest.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: ingest
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.ingest.ingress.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.ingest.ingress.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingest.ingress.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if and .Values.ingest.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.ingest.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if .Values.ingest.ingress.hostname }}
- http:
paths:
{{- if .Values.ingest.ingress.extraPaths }}
{{- toYaml .Values.ingest.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.ingest.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingest.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "elasticsearch.ingest.fullname" .) "servicePort" "tcp-rest-api" "context" $) | nindent 14 }}
{{- if ne .Values.ingest.ingress.hostname "*" }}
host: {{ .Values.ingest.ingress.hostname }}
{{- end }}
{{- end }}
{{- range .Values.ingest.ingress.extraHosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "elasticsearch.ingest.fullname" $) "servicePort" "tcp-rest-api" "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.ingest.ingress.extraRules }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingest.ingress.extraRules "context" $ ) | nindent 4 }}
{{- end }}
{{- if or (and .Values.ingest.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingest.ingress.annotations )) .Values.ingest.ingress.selfSigned)) .Values.ingest.ingress.extraTls }}
tls:
{{- if and .Values.ingest.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingest.ingress.annotations )) .Values.ingest.ingress.selfSigned) }}
- hosts:
- {{ .Values.ingest.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.ingest.ingress.hostname }}
{{- end }}
{{- if .Values.ingest.ingress.extraTls }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.ingress.extraTls "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

60
helm/elasticsearch/templates/ingest/service.yaml Normal file
View File

@ -0,0 +1,60 @@
{{- if and (include "elasticsearch.ingest.enabled" .) .Values.ingest.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.ingest.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: ingest
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.ingest.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingest.service.annotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.ingest.service.type }}
{{- if and .Values.ingest.service.clusterIP (eq .Values.ingest.service.type "ClusterIP") }}
clusterIP: {{ .Values.ingest.service.clusterIP }}
{{- end }}
{{- if or (eq .Values.ingest.service.type "LoadBalancer") (eq .Values.ingest.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.ingest.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.ingest.service.type "LoadBalancer") .Values.ingest.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.ingest.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if (and (eq .Values.ingest.service.type "LoadBalancer") (not (empty .Values.ingest.service.loadBalancerIP))) }}
loadBalancerIP: {{ .Values.ingest.service.loadBalancerIP }}
{{- end }}
{{- if .Values.ingest.service.sessionAffinity }}
sessionAffinity: {{ .Values.ingest.service.sessionAffinity }}
{{- end }}
{{- if .Values.ingest.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
ports:
- name: tcp-rest-api
port: {{ .Values.ingest.service.ports.restAPI }}
targetPort: rest-api
{{- if and (or (eq .Values.ingest.service.type "NodePort") (eq .Values.ingest.service.type "LoadBalancer")) (not (empty .Values.ingest.service.nodePorts.restAPI)) }}
nodePort: {{ .Values.ingest.service.nodePorts.restAPI }}
{{- else if eq .Values.ingest.service.type "ClusterIP" }}
nodePort: null
{{- end }}
- name: tcp-transport
port: {{ .Values.ingest.service.ports.transport }}
{{- if and (or (eq .Values.ingest.service.type "NodePort") (eq .Values.ingest.service.type "LoadBalancer")) (not (empty .Values.ingest.service.nodePorts.transport)) }}
nodePort: {{ .Values.ingest.service.nodePorts.transport }}
{{- else if eq .Values.ingest.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.ingest.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: ingest
{{- end }}

22
helm/elasticsearch/templates/ingest/serviceaccount.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if and (include "elasticsearch.ingest.enabled" .) .Values.ingest.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "elasticsearch.ingest.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: ingest
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if or .Values.ingest.serviceAccount.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.ingest.serviceAccount.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
automountServiceAccountToken: {{ .Values.ingest.serviceAccount.automountServiceAccountToken }}
{{- end -}}

313
helm/elasticsearch/templates/ingest/statefulset.yaml Normal file
View File

@ -0,0 +1,313 @@
{{- if (include "elasticsearch.ingest.enabled" . ) }}
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "elasticsearch.ingest.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: ingest
{{- if .Values.useIstioLabels }}
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: ingest
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.ingest.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.ingest.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingest.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if not .Values.ingest.autoscaling.enabled }}
replicas: {{ .Values.ingest.replicaCount }}
{{- end }}
podManagementPolicy: {{ .Values.ingest.podManagementPolicy }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: ingest
serviceName: {{ include "elasticsearch.ingest.servicename" . }}
{{- if .Values.ingest.updateStrategy }}
updateStrategy: {{- toYaml .Values.ingest.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: ingest
{{- if .Values.useIstioLabels }}
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: ingest
{{- end }}
{{- if .Values.ingest.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if and (include "elasticsearch.createTlsSecret" .) (not .Values.security.tls.ingest.existingSecret) }}
checksum/tls: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.ingest.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "elasticsearch.ingest.serviceAccountName" . }}
{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
{{- if .Values.ingest.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.ingest.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ingest.podAffinityPreset "component" "ingest" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ingest.podAntiAffinityPreset "component" "ingest" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.ingest.nodeAffinityPreset.type "key" .Values.ingest.nodeAffinityPreset.key "values" .Values.ingest.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.ingest.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.ingest.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.ingest.schedulerName }}
schedulerName: {{ .Values.ingest.schedulerName }}
{{- end }}
{{- if .Values.ingest.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.ingest.priorityClassName }}
priorityClassName: {{ .Values.ingest.priorityClassName | quote }}
{{- end }}
{{- if .Values.ingest.podSecurityContext.enabled }}
securityContext: {{- omit .Values.ingest.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.ingest.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.ingest.terminationGracePeriodSeconds }}
{{- end }}
{{- if or .Values.ingest.initContainers .Values.sysctlImage.enabled }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
image: {{ include "elasticsearch.sysctl.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- include "elasticsearch.sysctlIfLess" (dict "key" "vm.max_map_count" "value" "262144") | nindent 14 }}
{{- include "elasticsearch.sysctlIfLess" (dict "key" "fs.file-max" "value" "65536") | nindent 14 }}
securityContext:
privileged: true
runAsUser: 0
{{- if .Values.sysctlImage.resources }}
resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.ingest.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: elasticsearch
image: {{ include "elasticsearch.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.ingest.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.ingest.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.ingest.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.ingest.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.ingest.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ELASTICSEARCH_IS_DEDICATED_NODE
value: "yes"
- name: ELASTICSEARCH_NODE_ROLES
value: "ingest"
- name: ELASTICSEARCH_TRANSPORT_PORT_NUMBER
value: {{ .Values.containerPorts.transport | quote }}
- name: ELASTICSEARCH_HTTP_PORT_NUMBER
value: {{ .Values.containerPorts.restAPI | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ .Values.clusterName | quote }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
value: {{ include "elasticsearch.hosts" . | quote }}
- name: ELASTICSEARCH_TOTAL_NODES
value: {{ add (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) (ternary .Values.data.autoscaling.minReplicas .Values.data.replicaCount .Values.data.autoscaling.enabled) | quote }}
- name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
{{- $elasticsearchMasterFullname := include "elasticsearch.master.fullname" . }}
{{- $replicas := int (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) }}
value: {{ range $i, $e := until $replicas }}{{ printf "%s-%d" $elasticsearchMasterFullname $e }} {{ end }}
- name: ELASTICSEARCH_MINIMUM_MASTER_NODES
value: {{ add (div (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) 2) 1 | quote }}
- name: ELASTICSEARCH_ADVERTISED_HOSTNAME
value: "$(MY_POD_NAME).{{ (include "elasticsearch.ingest.servicename" .)}}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
{{- if .Values.plugins }}
- name: ELASTICSEARCH_PLUGINS
value: {{ .Values.plugins | quote }}
{{- end }}
{{- if .Values.ingest.heapSize }}
- name: ELASTICSEARCH_HEAP_SIZE
value: {{ .Values.ingest.heapSize | quote }}
{{- end }}
{{- if .Values.security.enabled }}
{{- include "elasticsearch.configure.security" . | nindent 12 }}
{{- end }}
{{- if .Values.ingest.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingest.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret .Values.ingest.extraEnvVarsCM .Values.ingest.extraEnvVarsSecret }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsCM "context" $ ) }}
{{- end }}
{{- if .Values.ingest.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.ingest.extraEnvVarsCM "context" $ ) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- if .Values.ingest.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.ingest.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- end }}
ports:
- name: rest-api
containerPort: {{ .Values.containerPorts.restAPI }}
- name: transport
containerPort: {{ .Values.containerPorts.transport }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.ingest.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.ingest.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ingest.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: rest-api
{{- end }}
{{- if .Values.ingest.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.ingest.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ingest.livenessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- end }}
{{- if .Values.ingest.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.ingest.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ingest.readinessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- end }}
{{- end }}
{{- if .Values.ingest.resources }}
resources: {{- toYaml .Values.ingest.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/elasticsearch/data
{{- if .Values.config }}
- mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
name: config
subPath: elasticsearch.yml
{{- end }}
{{- if .Values.extraConfig }}
- mountPath: /opt/bitnami/elasticsearch/config/my_elasticsearch.yml
name: config
subPath: my_elasticsearch.yml
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
mountPath: /opt/bitnami/elasticsearch/config/certs
readOnly: true
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d/init-scripts
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
mountPath: /docker-entrypoint-initdb.d/init-scripts-cm
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
mountPath: /docker-entrypoint-initdb.d/init-scripts-secret
{{- end }}
{{- if .Values.ingest.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.ingest.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingest.sidecars "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: "data"
emptyDir: {}
{{- if or .Values.config .Values.extraConfig }}
- name: config
configMap:
name: {{ template "common.names.fullname" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
secret:
secretName: {{ template "elasticsearch.ingest.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
configMap:
name: {{ template "elasticsearch.initScripts" . }}
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
configMap:
name: {{ template "elasticsearch.initScriptsCM" . }}
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
secret:
secretName: {{ template "elasticsearch.initScriptsSecret" . }}
defaultMode: 0755
{{- end }}
{{- if .Values.ingest.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

28
helm/elasticsearch/templates/ingest/svc-headless.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if (include "elasticsearch.ingest.enabled" .) }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.ingest.servicename" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: ingest
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: tcp-rest-api
port: {{ .Values.containerPorts.restAPI }}
targetPort: rest-api
- name: tcp-transport
port: {{ .Values.containerPorts.transport }}
targetPort: transport
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: ingest
{{- end }}

94
helm/elasticsearch/templates/ingress-tls-secrets.yaml Normal file
View File

@ -0,0 +1,94 @@
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.secrets }}
{{- range .Values.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ template "common.names.namespace" $ }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "elasticsearch-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ template "common.names.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
---
{{- end }}
{{- end }}
{{- if .Values.ingest.ingress.enabled }}
{{- if .Values.ingest.ingress.secrets }}
{{- range .Values.ingest.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ printf "%s-ingest-ingress" (include "common.names.namespace" $ ) }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
app.kubernetes.io/component: ingest
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.ingest.ingress.tls .Values.ingest.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.ingest.ingress.hostname }}
{{- $ca := genCA "elasticsearch-ingest-ca" 365 }}
{{- $cert := genSignedCert .Values.ingest.ingress.hostname nil (list .Values.ingest.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ template "common.names.namespace" $ }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: ingest
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
---
{{- end }}
{{- end }}

65
helm/elasticsearch/templates/ingress.yaml Normal file
View File

@ -0,0 +1,65 @@
{{- if .Values.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: elasticsearch
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.ingress.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.ingress.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if .Values.ingress.hostname }}
- http:
paths:
{{- if .Values.ingress.extraPaths }}
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "tcp-rest-api" "context" $) | nindent 14 }}
{{- if ne .Values.ingress.hostname "*" }}
host: {{ .Values.ingress.hostname }}
{{- end }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "tcp-rest-api" "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.ingress.extraRules }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraRules "context" $ ) | nindent 4 }}
{{- end }}
{{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
tls:
{{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }}
- hosts:
- {{ .Values.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
{{- end }}
{{- if .Values.ingress.extraTls }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

16
helm/elasticsearch/templates/initialization-configmap.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if .Values.initScripts }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-init-scripts" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- include "common.tplvalues.render" ( dict "value" .Values.initScripts "context" $ ) | nindent 4 }}
{{- end }}

47
helm/elasticsearch/templates/master/hpa.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- if and (include "elasticsearch.master.enabled" .) .Values.master.autoscaling.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "elasticsearch.master.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
name: {{ include "elasticsearch.master.fullname" . }}
minReplicas: {{ .Values.master.autoscaling.minReplicas }}
maxReplicas: {{ .Values.master.autoscaling.maxReplicas }}
metrics:
{{- if .Values.master.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.master.autoscaling.targetCPU }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.master.autoscaling.targetCPU }}
{{- end }}
{{- end }}
{{- if .Values.master.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.master.autoscaling.targetMemory }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.master.autoscaling.targetMemory }}
{{- end }}
{{- end }}
{{- end }}

22
helm/elasticsearch/templates/master/serviceaccount.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if and (include "elasticsearch.master.enabled" .) .Values.master.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "elasticsearch.master.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if or .Values.master.serviceAccount.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.master.serviceAccount.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }}
{{- end -}}

373
helm/elasticsearch/templates/master/statefulset.yaml Normal file
View File

@ -0,0 +1,373 @@
{{- if (include "elasticsearch.master.enabled" .) }}
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "elasticsearch.master.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.useIstioLabels }}
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: master
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.master.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.master.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if not .Values.master.autoscaling.enabled }}
replicas: {{ .Values.master.replicaCount }}
{{- end }}
podManagementPolicy: {{ .Values.master.podManagementPolicy }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: master
serviceName: {{ include "elasticsearch.master.servicename" . }}
{{- if .Values.master.updateStrategy }}
updateStrategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: master
{{- if .Values.useIstioLabels }}
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: master
{{- end }}
{{- if .Values.master.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if and (include "elasticsearch.createTlsSecret" .) (not .Values.security.tls.master.existingSecret) }}
checksum/tls: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.master.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "elasticsearch.master.serviceAccountName" . }}
{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
{{- if .Values.master.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.master.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAffinityPreset "component" "master" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAntiAffinityPreset "component" "master" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.master.nodeAffinityPreset.type "key" .Values.master.nodeAffinityPreset.key "values" .Values.master.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.master.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.master.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.master.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.schedulerName }}
schedulerName: {{ .Values.master.schedulerName }}
{{- end }}
{{- if .Values.master.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.master.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.priorityClassName }}
priorityClassName: {{ .Values.master.priorityClassName | quote }}
{{- end }}
{{- if .Values.master.podSecurityContext.enabled }}
securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.master.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.master.terminationGracePeriodSeconds }}
{{- end }}
{{- if or .Values.master.initContainers .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.master.persistence.enabled) }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
image: {{ include "elasticsearch.sysctl.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- include "elasticsearch.sysctlIfLess" (dict "key" "vm.max_map_count" "value" "262144") | nindent 14 }}
{{- include "elasticsearch.sysctlIfLess" (dict "key" "fs.file-max" "value" "65536") | nindent 14 }}
securityContext:
privileged: true
runAsUser: 0
{{- if .Values.sysctlImage.resources }}
resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.master.persistence.enabled }}
- name: volume-permissions
image: {{ include "elasticsearch.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
mkdir -p /bitnami/elasticsearch/data
chown {{ .Values.master.containerSecurityContext.runAsUser }}:{{ .Values.master.podSecurityContext.fsGroup }} /bitnami/elasticsearch/data
find /bitnami/elasticsearch/data -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.master.containerSecurityContext.runAsUser }}:{{ .Values.master.podSecurityContext.fsGroup }}
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/elasticsearch/data
{{- end }}
{{- if .Values.master.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: elasticsearch
image: {{ include "elasticsearch.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.master.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.master.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.master.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.master.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.master.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.master.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ELASTICSEARCH_IS_DEDICATED_NODE
value: {{ ternary "yes" "no" .Values.master.masterOnly | quote }}
- name: ELASTICSEARCH_NODE_ROLES
value: "master"
- name: ELASTICSEARCH_TRANSPORT_PORT_NUMBER
value: {{ .Values.containerPorts.transport | quote }}
- name: ELASTICSEARCH_HTTP_PORT_NUMBER
value: {{ .Values.containerPorts.restAPI | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ .Values.clusterName | quote }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
value: {{ include "elasticsearch.hosts" . | quote }}
- name: ELASTICSEARCH_TOTAL_NODES
value: {{ add (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) (ternary .Values.data.autoscaling.minReplicas .Values.data.replicaCount .Values.data.autoscaling.enabled) | quote }}
- name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
{{- $elasticsearchMasterFullname := include "elasticsearch.master.fullname" . }}
{{- $replicas := int (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) }}
value: {{ range $i, $e := until $replicas }}{{ printf "%s-%d" $elasticsearchMasterFullname $e }} {{ end }}
- name: ELASTICSEARCH_MINIMUM_MASTER_NODES
value: {{ add (div (ternary .Values.master.autoscaling.minReplicas .Values.master.replicaCount .Values.master.autoscaling.enabled) 2) 1 | quote }}
- name: ELASTICSEARCH_ADVERTISED_HOSTNAME
value: "$(MY_POD_NAME).{{ (include "elasticsearch.master.servicename" .) | trunc 63 | trimSuffix "-" }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
{{- if .Values.plugins }}
- name: ELASTICSEARCH_PLUGINS
value: {{ .Values.plugins | quote }}
{{- end }}
{{- if .Values.snapshotRepoPath }}
- name: ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH
value: {{ .Values.snapshotRepoPath | quote }}
{{- end }}
{{- if .Values.master.heapSize }}
- name: ELASTICSEARCH_HEAP_SIZE
value: {{ .Values.master.heapSize | quote }}
{{- end }}
{{- if .Values.security.enabled }}
{{- include "elasticsearch.configure.security" . | nindent 12 }}
{{- end }}
{{- if .Values.master.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsCM "context" $ ) }}
{{- end }}
{{- if .Values.master.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.master.extraEnvVarsCM "context" $ ) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- if .Values.master.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.master.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- end }}
ports:
- name: rest-api
containerPort: {{ .Values.containerPorts.restAPI }}
- name: transport
containerPort: {{ .Values.containerPorts.transport }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.master.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.master.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: rest-api
{{- end }}
{{- if .Values.master.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.master.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.livenessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- end }}
{{- if .Values.master.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.master.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.readinessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- end }}
{{- end }}
{{- if .Values.master.resources }}
resources: {{- toYaml .Values.master.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/elasticsearch/data
{{- if .Values.config }}
- mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
name: config
subPath: elasticsearch.yml
{{- end }}
{{- if .Values.extraConfig }}
- mountPath: /opt/bitnami/elasticsearch/config/my_elasticsearch.yml
name: config
subPath: my_elasticsearch.yml
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
mountPath: /opt/bitnami/elasticsearch/config/certs
readOnly: true
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d/init-scripts
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
mountPath: /docker-entrypoint-initdb.d/init-scripts-cm
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
mountPath: /docker-entrypoint-initdb.d/init-scripts-secret
{{- end }}
{{- if .Values.master.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.master.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.sidecars "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if or .Values.config .Values.extraConfig }}
- name: config
configMap:
name: {{ template "common.names.fullname" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
secret:
secretName: {{ template "elasticsearch.master.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
configMap:
name: {{ template "elasticsearch.initScripts" . }}
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
configMap:
name: {{ template "elasticsearch.initScriptsCM" . }}
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
secret:
secretName: {{ template "elasticsearch.initScriptsSecret" . }}
defaultMode: 0755
{{- end }}
{{- if .Values.master.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if not .Values.master.persistence.enabled }}
- name: "data"
emptyDir: {}
{{- else if .Values.master.persistence.existingClaim }}
- name: "data"
persistentVolumeClaim:
claimName: {{ .Values.master.persistence.existingClaim }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: "data"
annotations:
{{- if .Values.master.persistence.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.annotations "context" $) | nindent 10 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 10 }}
{{- end }}
{{- if .Values.commonLabels }}
labels: {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.master.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.master.persistence.size | quote }}
{{- if .Values.master.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 10 }}
{{- else if .Values.master.persistence.existingVolume }}
selector:
matchLabels:
volume: {{ .Values.master.persistence.existingVolume }}
{{- end }}
{{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 8 }}
{{- end }}
{{- end }}

28
helm/elasticsearch/templates/master/svc-headless.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if (include "elasticsearch.master.enabled" .) }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.master.servicename" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{ include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: tcp-rest-api
port: {{ .Values.containerPorts.restAPI }}
targetPort: rest-api
- name: tcp-transport
port: {{ .Values.containerPorts.transport }}
targetPort: transport
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: master
{{- end }}

182
helm/elasticsearch/templates/metrics/deployment.yaml Normal file
View File

@ -0,0 +1,182 @@
{{- if .Values.metrics.enabled }}
apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "elasticsearch.metrics.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.useIstioLabels }}
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: metrics
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.metrics.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: 1
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: metrics
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: metrics
{{- if .Values.useIstioLabels }}
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: metrics
{{- end }}
{{- if .Values.metrics.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.podLabels "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
{{- if .Values.metrics.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.podAffinityPreset "component" "metrics" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.podAntiAffinityPreset "component" "metrics" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.metrics.nodeAffinityPreset.type "key" .Values.metrics.nodeAffinityPreset.key "values" .Values.metrics.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.metrics.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.priorityClassName }}
priorityClassName: {{ .Values.metrics.priorityClassName | quote }}
{{- end }}
{{- if .Values.metrics.schedulerName }}
schedulerName: {{ .Values.metrics.schedulerName | quote }}
{{- end }}
{{- if .Values.metrics.podSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.metrics.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: metrics
image: {{ include "elasticsearch.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.metrics.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.metrics.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }}
{{- else }}
args:
{{- $protocol := (ternary "https" "http" (and .Values.security.enabled .Values.security.tls.restEncryption)) }}
- --es.uri={{$protocol}}://{{ include "common.names.fullname" . }}:{{ include "elasticsearch.service.ports.restAPI" . }}
- --es.all
{{- if .Values.security.tls.restEncryption }}
- --es.ssl-skip-verify
{{- end }}
{{- if .Values.metrics.extraArgs }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraArgs "context" $) | nindent 12 }}
{{- end }}
{{- end }}
env:
{{- if .Values.security.enabled }}
- name: ES_USERNAME
value: "elastic"
- name: ES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "elasticsearch.secretName" . }}
key: elasticsearch-password
{{- end }}
{{- if .Values.metrics.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.metrics.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.metrics.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: metrics
containerPort: 9114
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.metrics.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.metrics.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
httpGet:
path: /metrics
port: metrics
{{- end }}
{{- if .Values.metrics.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.metrics.readinessProbe.enabled }}
readinessProbe:
initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
httpGet:
path: /metrics
port: metrics
{{- end }}
{{- if .Values.metrics.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.metrics.startupProbe.enabled }}
startupProbe:
initialDelaySeconds: {{ .Values.metrics.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.metrics.startupProbe.successThreshold }}
failureThreshold: {{ .Values.metrics.startupProbe.failureThreshold }}
httpGet:
path: /metrics
port: metrics
{{- end }}
{{- end }}
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
{{- if .Values.metrics.extraVolumeMounts }}
volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.sidecars "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.extraVolumes }}
volumes: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

22
helm/elasticsearch/templates/metrics/prometheusrule.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.metrics.prometheusRule.additionalLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
groups:
- name: {{ include "common.names.fullname" . }}
rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 6 }}
{{- end }}

24
helm/elasticsearch/templates/metrics/service.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- if .Values.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.metrics.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations: {{ include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.metrics.service.type }}
ports:
- name: http-metrics
port: {{ .Values.metrics.service.port }}
targetPort: metrics
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- end }}

46
helm/elasticsearch/templates/metrics/servicemonitor.yaml Normal file
View File

@ -0,0 +1,46 @@
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "elasticsearch.metrics.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.labels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
app.kubernetes.io/component: metrics
endpoints:
- port: http-metrics
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
{{- end }}

43
helm/elasticsearch/templates/secrets.yaml Normal file
View File

@ -0,0 +1,43 @@
{{- if (include "elasticsearch.createSecret" . ) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
elasticsearch-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "elasticsearch-password" "length" 16 "providedValues" (list "security.elasticPassword") "context" $) }}
{{- end }}
{{- if (include "elasticsearch.createTlsPasswordsSecret" . ) }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-tls-pass" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if .Values.security.tls.keystorePassword }}
keystore-password: {{ default "" .Values.security.tls.keystorePassword | b64enc | quote }}
{{- end }}
{{- if .Values.security.tls.truststorePassword }}
truststore-password: {{ default "" .Values.security.tls.truststorePassword | b64enc | quote }}
{{- end }}
{{- if .Values.security.tls.keyPassword }}
key-password: {{ default "" .Values.security.tls.keyPassword | b64enc | quote }}
{{- end }}
{{- end }}

66
helm/elasticsearch/templates/service.yaml Normal file
View File

@ -0,0 +1,66 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.service.name" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if (include "elasticsearch.coordinating.enabled" .) }}
app.kubernetes.io/component: coordinating-only
{{- else }}
app.kubernetes.io/component: master
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
ports:
- name: tcp-rest-api
port: {{ include "elasticsearch.service.ports.restAPI" . }}
targetPort: rest-api
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.restAPI)) }}
nodePort: {{ .Values.service.nodePorts.restAPI }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
- name: tcp-transport
port: {{ .Values.service.ports.transport }}
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.transport)) }}
nodePort: {{ .Values.service.nodePorts.transport }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
{{- if (include "elasticsearch.coordinating.enabled" .) }}
app.kubernetes.io/component: coordinating-only
{{- else }}
app.kubernetes.io/component: master
{{- end }}

117
helm/elasticsearch/templates/tls-secret.yaml Normal file
View File

@ -0,0 +1,117 @@
{{- if (include "elasticsearch.createTlsSecret" .) }}
{{- $ca := genCA "elasticsearch-ca" 365 }}
{{- $releaseNamespace := include "common.names.namespace" . }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- if and (include "elasticsearch.master.enabled" .) (not .Values.security.tls.master.existingSecret) }}
{{- $fullname := include "elasticsearch.master.fullname" . }}
{{- $serviceName := include "elasticsearch.master.servicename" . }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
{{- if not (include "elasticsearch.coordinating.enabled" .) }}
{{- $altNames = append $altNames (include "elasticsearch.service.name" .) }}
{{- $altNames = append $altNames (printf "%s.%s.svc.%s" (include "elasticsearch.service.name" .) $releaseNamespace $clusterDomain) }}
{{- end }}
{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
{{- $secretName := printf "%s-crt" (include "elasticsearch.master.fullname" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- if and (include "elasticsearch.data.enabled" .) (not .Values.security.tls.data.existingSecret) }}
{{- $fullname := include "elasticsearch.data.fullname" . }}
{{- $serviceName := include "elasticsearch.data.servicename" . }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
{{- $secretName := printf "%s-crt" (include "elasticsearch.data.fullname" .) }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: data
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- if and (include "elasticsearch.coordinating.enabled" .) (not .Values.security.tls.coordinating.existingSecret) }}
{{- $fullname := include "elasticsearch.coordinating.fullname" . }}
{{- $serviceName := include "elasticsearch.coordinating.servicename" . }}
{{- $altNames := list (include "elasticsearch.service.name" .) (printf "%s.%s.svc.%s" (include "elasticsearch.service.name" .) $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
{{- $secretName := printf "%s-crt" (include "elasticsearch.coordinating.fullname" .) }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: coordinating-only
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- if and (include "elasticsearch.ingest.enabled" .) (not .Values.security.tls.ingest.existingSecret) }}
{{- $fullname := include "elasticsearch.ingest.fullname" . }}
{{- $serviceName := include "elasticsearch.ingest.servicename" . }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
{{- if .Values.ingest.service.enabled }}
{{- $altNames = append $altNames (include "elasticsearch.ingest.fullname" .) }}
{{- $altNames = append $altNames (printf "%s.%s.svc.%s" (include "elasticsearch.ingest.fullname" .) $releaseNamespace $clusterDomain) }}
{{- end }}
{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
{{- $secretName := printf "%s-crt" (include "elasticsearch.ingest.fullname" .) }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: ingest
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}