server/sa-charts
14
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

swarm

Browse Source
This commit is contained in:
marsal wang
2023-07-26 10:07:34 +08:00
parent f884cb1020
commit 1e5a703cce
5384 changed files with 618283 additions and 4002 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
helm/kibana/templates/NOTES.txt Normal file
View File

@ -0,0 +1,56 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
** Please be patient while the chart is being deployed **
{{- if or (not .Values.elasticsearch.hosts) (not .Values.elasticsearch.port) -}}
######################################################################################################
### ERROR: You did not provide the Elasticsearch external host or port in your 'helm install' call ###
######################################################################################################
Complete your Kibana deployment by running:
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/kibana \
--set elasticsearch.hosts[0]=YOUR_ES_HOST,elasticsearch.port=YOUR_ES_PORT
Replacing "YOUR_ES_HOST" and "YOUR_ES_PORT" placeholders by the proper values of your Elasticsearch deployment.
{{- else -}}
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
Get the Kibana URL and associate Kibana hostname to your cluster external IP:
export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
echo "Kibana URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/"
echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }}
{{- end }}
{{- if or .Values.ingress.enabled (contains "NodePort" .Values.service.type) (contains "LoadBalancer" .Values.service.type) }}
WARNING: Kibana is externally accessible from the cluster but the dashboard does not contain authentication mechanisms. Make sure you follow the authentication guidelines in your Elastic stack.
+info https://www.elastic.co/guide/en/elastic-stack-overview/current/setting-up-authentication.html
{{- end }}
{{- if .Values.metrics.enabled }}
WARNING: For Prometheus metrics to work, make sure that the kibana-prometheus-exporter plugin is installed:
+info https://github.com/pjhampton/kibana-prometheus-exporter
{{- end }}
{{- include "kibana.validateValues" . }}
{{- include "kibana.checkRollingTags" . }}
{{- end }}

266
helm/kibana/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,266 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Kibana image name
*/}}
{{- define "kibana.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "kibana.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "kibana.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
{{- end -}}
{{/*
Return true if the deployment should include dashboards
*/}}
{{- define "kibana.importSavedObjects" -}}
{{- if or .Values.savedObjects.configmap .Values.savedObjects.urls }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Set Elasticsearch URL.
*/}}
{{- define "kibana.elasticsearch.url" -}}
{{- if .Values.elasticsearch.hosts -}}
{{- $totalHosts := len .Values.elasticsearch.hosts -}}
{{- $protocol := ternary "https" "http" .Values.elasticsearch.security.tls.enabled -}}
{{- range $i, $hostTemplate := .Values.elasticsearch.hosts -}}
{{- $host := tpl $hostTemplate $ }}
{{- printf "%s://%s:%s" $protocol $host (include "kibana.elasticsearch.port" $) -}}
{{- if (lt ( add1 $i ) $totalHosts ) }}{{- printf "," -}}{{- end }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Set Elasticsearch Port.
*/}}
{{- define "kibana.elasticsearch.port" -}}
{{- .Values.elasticsearch.port -}}
{{- end -}}
{{/*
Set Elasticsearch PVC.
*/}}
{{- define "kibana.pvc" -}}
{{- .Values.persistence.existingClaim | default (include "common.names.fullname" .) -}}
{{- end -}}
{{/*
Get the initialization scripts Secret name.
*/}}
{{- define "kibana.initScriptsSecret" -}}
{{- printf "%s" (tpl .Values.initScriptsSecret $) -}}
{{- end -}}
{{/*
Get the initialization scripts configmap name.
*/}}
{{- define "kibana.initScriptsCM" -}}
{{- printf "%s" (tpl .Values.initScriptsCM $) -}}
{{- end -}}
{{/*
Get the saved objects configmap name.
*/}}
{{- define "kibana.savedObjectsCM" -}}
{{- printf "%s" (tpl .Values.savedObjects.configmap $) -}}
{{- end -}}
{{/*
Set Elasticsearch Port.
*/}}
{{- define "kibana.configurationCM" -}}
{{- .Values.configurationCM | default (printf "%s-conf" (include "common.names.fullname" .)) -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "kibana.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "kibana.validateValues.noElastic" .) -}}
{{- $messages := append $messages (include "kibana.validateValues.configConflict" .) -}}
{{- $messages := append $messages (include "kibana.validateValues.extraVolumes" .) -}}
{{- $messages := append $messages (include "kibana.validateValues.tls" .) -}}
{{- $messages := append $messages (include "kibana.validateValues.elasticsearch.auth" .) -}}
{{- $messages := append $messages (include "kibana.validateValues.elasticsearch.tls" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Kibana - must provide an ElasticSearch */}}
{{- define "kibana.validateValues.noElastic" -}}
{{- if and (not .Values.elasticsearch.hosts) (not .Values.elasticsearch.port) -}}
kibana: no-elasticsearch
You did not specify an external Elasticsearch instance.
Please set elasticsearch.hosts and elasticsearch.port
{{- else if and (not .Values.elasticsearch.hosts) .Values.elasticsearch.port }}
kibana: missing-es-settings-host
You specified the external Elasticsearch port but not the host. Please
set elasticsearch.hosts
{{- else if and .Values.elasticsearch.hosts (not .Values.elasticsearch.port) }}
kibana: missing-es-settings-port
You specified the external Elasticsearch hosts but not the port. Please
set elasticsearch.port
{{- end -}}
{{- end -}}
{{/* Validate values of Kibana - configuration conflict */}}
{{- define "kibana.validateValues.configConflict" -}}
{{- if and (.Values.extraConfiguration) (.Values.configurationCM) -}}
kibana: conflict-configuration
You specified a ConfigMap with kibana.yml and a set of settings to be added
to the default kibana.yml. Please only set either extraConfiguration or configurationCM
{{- end -}}
{{- end -}}
{{/* Validate values of Kibana - Incorrect extra volume settings */}}
{{- define "kibana.validateValues.extraVolumes" -}}
{{- if and (.Values.extraVolumes) (not .Values.extraVolumeMounts) -}}
kibana: missing-extra-volume-mounts
You specified extra volumes but not mount points for them. Please set
the extraVolumeMounts value
{{- end -}}
{{- end -}}
{{/* Validate values of Kibana - No certificates for Kibana server */}}
{{- define "kibana.validateValues.tls" -}}
{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) (not .Values.tls.autoGenerated) -}}
kibana: tls.enabled
In order to enable HTTPS for Kibana, you also need to provide an existing secret
containing the TLS certificates (--set tls.existingSecret="my-secret") or enable
auto-generated certificates (--set elasticsearch.security.auth.existingSecret="true").
{{- end -}}
{{- end -}}
{{/* Validate values of Kibana - No credentials for Elasticsearch auth */}}
{{- define "kibana.validateValues.elasticsearch.auth" -}}
{{- if and .Values.elasticsearch.security.auth.enabled (not .Values.elasticsearch.security.auth.kibanaPassword) (not .Values.elasticsearch.security.auth.existingSecret) -}}
kibana: missing-kibana-credentials
You enabled Elasticsearch authentication but you didn't provide the required credentials for
Kibana to connect. Please provide them (--set elasticsearch.security.auth.kibanaPassword="XXXXX")
or the name of an existing secret containing them (--set elasticsearch.security.auth.existingSecret="my-secret").
{{- end -}}
{{- end -}}
{{/* Validate values of Kibana - Elasticsearch HTTPS no trusted CA */}}
{{- define "kibana.validateValues.elasticsearch.tls" -}}
{{- if and .Values.elasticsearch.security.tls.enabled (ne "none" .Values.elasticsearch.security.tls.verificationMode) (not .Values.elasticsearch.security.tls.existingSecret) -}}
kibana: missing-elasticsearch-trusted-ca
You configured communication with Elasticsearch REST API using HTTPS and
verification enabled but no existing secret containing the Truststore or CA
certificate was provided (--set elasticsearch.security.tls.existingSecret="my-secret").
{{- end -}}
{{- end -}}
{{/*
Check if there are rolling tags in the images
*/}}
{{- define "kibana.checkRollingTags" -}}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- end -}}
{{/*
Return the secret containing Kibana TLS certificates
*/}}
{{- define "kibana.tlsSecretName" -}}
{{- $secretName := .Values.tls.existingSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-crt" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a TLS secret object should be created
*/}}
{{- define "kibana.createTlsSecret" -}}
{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
basePath URL in use by the APIs.
*/}}
{{- define "kibana.basePath" -}}
{{- if (.Values.configuration.server.rewriteBasePath) }}
{{- .Values.configuration.server.basePath -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a Passwords secret object should be created
*/}}
{{- define "kibana.createSecret" -}}
{{- $kibanaPassword := and .Values.elasticsearch.security.auth.enabled (not .Values.elasticsearch.security.auth.existingSecret) -}}
{{- $serverTlsPassword := and .Values.tls.enabled (or .Values.tls.keystorePassword .Values.tls.keyPassword) (not .Values.tls.passwordsSecret) -}}
{{- $elasticsearchTlsPassword := and .Values.elasticsearch.security.tls.enabled .Values.elasticsearch.security.tls.truststorePassword (not .Values.elasticsearch.security.tls.passwordsSecret) -}}
{{- if or $kibanaPassword $serverTlsPassword $elasticsearchTlsPassword }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of secret containing the Elasticsearch auth credentials
*/}}
{{- define "kibana.elasticsearch.auth.secretName" -}}
{{- if .Values.elasticsearch.security.auth.existingSecret -}}
{{- printf "%s" .Values.elasticsearch.security.auth.existingSecret -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of secret containing the Elasticsearch auth credentials
*/}}
{{- define "kibana.elasticsearch.tls.secretName" -}}
{{- if .Values.elasticsearch.security.tls.passwordsSecret -}}
{{- printf "%s" .Values.elasticsearch.security.tls.passwordsSecret -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of secret containing the Elasticsearch auth credentials
*/}}
{{- define "kibana.tls.secretName" -}}
{{- if .Values.tls.passwordsSecret -}}
{{- printf "%s" .Values.tls.passwordsSecret -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "kibana.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

20
helm/kibana/templates/configmap.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if and (not .Values.configurationCM) (and .Values.elasticsearch.hosts .Values.elasticsearch.port) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-conf
labels: {{- include "common.labels.standard" . | nindent 4 }}
data:
kibana.yml: |
pid.file: /opt/bitnami/kibana/tmp/kibana.pid
server.host: "::"
server.port: {{ .Values.containerPort }}
elasticsearch.hosts: [{{ include "kibana.elasticsearch.url" . }}]
{{- if .Values.configuration.server.basePath }}
server.basePath: {{ .Values.configuration.server.basePath | quote }}
{{- end }}
server.rewriteBasePath: {{ .Values.configuration.server.rewriteBasePath }}
{{- if .Values.extraConfiguration }}
{{- tpl (toYaml .Values.extraConfiguration) $ | nindent 4 }}
{{- end }}
{{- end }}

283
helm/kibana/templates/deployment.yaml Normal file
View File

@ -0,0 +1,283 @@
{{- if and .Values.elasticsearch.hosts .Values.elasticsearch.port -}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
{{- if .Values.updateStrategy }}
strategy: {{- tpl (toYaml .Values.updateStrategy) $ | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
template:
metadata:
{{- if or .Values.podAnnotations (include "kibana.createTlsSecret" .) }}
annotations:
{{- if (include "kibana.createTlsSecret" .) }}
checksum/tls: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 8 }}
app: kibana
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "kibana.imagePullSecrets" . | nindent 6 }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
serviceAccountName: {{ include "kibana.serviceAccountName" . }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
{{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
initContainers:
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
image: "{{ template "kibana.volumePermissions.image" . }}"
imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }}
command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "/bitnami/kibana"]
securityContext:
runAsUser: 0
resources: {{ toYaml .Values.volumePermissions.resources | nindent 12 }}
volumeMounts:
- name: kibana-data
mountPath: /bitnami/kibana
{{- end }}
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 10 }}
{{- end }}
{{- end }}
containers:
- name: kibana
image: {{ include "kibana.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
env:
- name: KIBANA_PORT_NUMBER
value: {{ .Values.containerPort | quote }}
- name: KIBANA_ELASTICSEARCH_URL
value: {{ include "kibana.elasticsearch.url" . | quote }}
- name: KIBANA_ELASTICSEARCH_PORT_NUMBER
value: {{ include "kibana.elasticsearch.port" . | quote }}
- name: KIBANA_FORCE_INITSCRIPTS
value: {{ .Values.forceInitScripts | quote }}
- name: KIBANA_SERVER_ENABLE_TLS
value: {{ ternary "true" "false" .Values.tls.enabled | quote }}
{{- if or .Values.tls.usePemCerts (include "kibana.createTlsSecret" . ) }}
- name: KIBANA_SERVER_TLS_USE_PEM
value: "true"
{{- end }}
{{- if and .Values.tls.enabled .Values.tls.usePemCerts (or .Values.tls.keyPassword .Values.tls.passwordsSecret) }}
- name: KIBANA_SERVER_KEY_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "kibana.tls.secretName" . }}
key: kibana-key-password
{{- end }}
{{- if and .Values.tls.enabled (not .Values.tls.usePemCerts) (or .Values.tls.keystorePassword .Values.tls.passwordsSecret) }}
- name: KIBANA_SERVER_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "kibana.tls.secretName" . }}
key: kibana-keystore-password
{{- end }}
{{- if .Values.elasticsearch.security.auth.enabled }}
- name: KIBANA_USERNAME
value: {{ .Values.elasticsearch.security.auth.kibanaUsername | quote }}
- name: KIBANA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "kibana.elasticsearch.auth.secretName" . }}
key: kibana-password
{{- end }}
- name: KIBANA_ELASTICSEARCH_ENABLE_TLS
value: {{ ternary "true" "false" .Values.elasticsearch.security.tls.enabled | quote }}
- name: KIBANA_ELASTICSEARCH_TLS_USE_PEM
value: {{ ternary "true" "false" .Values.elasticsearch.security.tls.usePemCerts | quote }}
- name: KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE
value: {{ .Values.elasticsearch.security.tls.verificationMode | quote }}
{{- if and .Values.elasticsearch.security.tls.enabled (not .Values.elasticsearch.security.tls.usePemCerts) (or .Values.elasticsearch.security.tls.truststorePassword .Values.elasticsearch.security.tls.passwordsSecret) }}
- name: KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "kibana.elasticsearch.tls.secretName" . }}
key: elasticsearch-truststore-password
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ .Values.extraEnvVarsCM }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ .Values.extraEnvVarsSecret }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.containerPort }}
protocol: TCP
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
{{- if .Values.configuration.server.rewriteBasePath }}
path: {{ .Values.configuration.server.basePath }}/login
{{- else }}
path: /login
{{- end }}
port: http
scheme: {{ ternary "HTTPS" "HTTP" .Values.tls.enabled }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
{{- if .Values.configuration.server.rewriteBasePath }}
path: {{ .Values.configuration.server.basePath }}/login
{{- else }}
path: /login
{{- end }}
port: http
scheme: {{ ternary "HTTPS" "HTTP" .Values.tls.enabled }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
{{- if .Values.resources }}
resources: {{- include "common.tplvalues.render" (dict "value" .Values.resources "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: kibana-data
mountPath: /bitnami/kibana
- name: kibana-config
mountPath: /bitnami/kibana/conf
{{- if .Values.tls.enabled }}
- name: kibana-certificates
mountPath: /opt/bitnami/kibana/config/certs/server
readOnly: true
{{- end }}
{{- if and .Values.elasticsearch.security.tls.enabled (not (eq .Values.elasticsearch.security.tls.verificationMode "none" )) }}
- name: elasticsearch-certificates
mountPath: /opt/bitnami/kibana/config/certs/elasticsearch
readOnly: true
{{- end }}
{{- if .Values.plugins }}
- name: plugins-init-scripts
mountPath: /docker-entrypoint-initdb.d/plugin-install
{{- end }}
{{- if (include "kibana.importSavedObjects" .) }}
- name: saved-objects-init-scripts
mountPath: /docker-entrypoint-initdb.d/saved-objects-import
{{- end }}
{{- if .Values.savedObjects.configmap }}
- name: saved-objects-configmap
mountPath: /bitnami/kibana/saved-objects
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
mountPath: /docker-entrypoint-initdb.d/cm
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
mountPath: /docker-entrypoint-initdb.d/secret
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: kibana-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "kibana.pvc" . }}
{{- else }}
emptyDir: {}
{{ end }}
{{- if .Values.tls.enabled }}
- name: kibana-certificates
secret:
secretName: {{ include "kibana.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if and .Values.elasticsearch.security.tls.enabled (ne .Values.elasticsearch.security.tls.verificationMode "none" ) }}
- name: elasticsearch-certificates
secret:
secretName: {{ required "A secret containing the Truststore or CA certificate for Elasticsearch is required" .Values.elasticsearch.security.tls.existingSecret }}
defaultMode: 256
{{- end }}
- name: kibana-config
configMap:
name: {{ include "kibana.configurationCM" . }}
{{- if (include "kibana.importSavedObjects" .) }}
- name: saved-objects-init-scripts
configMap:
name: {{ include "common.names.fullname" . }}-saved-objects
defaultMode: 0755
{{- end }}
{{- if .Values.plugins }}
- name: plugins-init-scripts
configMap:
name: {{ include "common.names.fullname" . }}-plugins
defaultMode: 0755
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
configMap:
name: {{ template "kibana.initScriptsCM" . }}
defaultMode: 0755
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
secret:
name: {{ template "kibana.initScriptsSecret" . }}
defaultMode: 0755
{{- end }}
{{- if .Values.savedObjects.configmap }}
- name: saved-objects-configmap
configMap:
name: {{ template "kibana.savedObjectsCM" . }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

4
helm/kibana/templates/extra-list.yaml Normal file
View File

@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

58
helm/kibana/templates/ingress.yaml Normal file
View File

@ -0,0 +1,58 @@
{{- if .Values.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- if .Values.ingress.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
rules:
{{- if .Values.ingress.hostname }}
- http:
paths:
- path: {{ .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- if ne .Values.ingress.hostname "*" }}
host: {{ .Values.ingress.hostname }}
{{- end }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if or .Values.ingress.tls .Values.ingress.extraTls }}
tls:
{{- if .Values.ingress.tls }}
- hosts:
- {{ .Values.ingress.hostname }}
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
{{- end }}
{{- if .Values.ingress.extraTls }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

18
helm/kibana/templates/plugins-configmap.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.plugins -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-plugins
labels: {{- include "common.labels.standard" . | nindent 4 }}
data:
install-plugins.sh: |
#!/bin/bash
echo "==> Plugin installation"
{{- $totalPlugins := len .Values.plugins }}
echo "Total plugins defined in chart installation: {{ $totalPlugins }}"
{{- range $i, $plugin := .Values.plugins }}
echo "Installing plugin {{ add $i 1 }} out of {{ $totalPlugins }}: {{ $plugin }}"
kibana-plugin install "{{ $plugin }}"
{{- end }}
echo "==> End of Plugin installation"
{{- end -}}

14
helm/kibana/templates/pvc.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }}
{{- end -}}

39
helm/kibana/templates/saved-objects-configmap.yaml Normal file
View File

@ -0,0 +1,39 @@
{{- if (include "kibana.importSavedObjects" .) -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-saved-objects
labels: {{- include "common.labels.standard" . | nindent 4 }}
data:
{{- $savedObjectsUrl := printf "localhost:%d%s/api/saved_objects/_import" (int .Values.containerPort) (include "kibana.basePath" .) }}
import-saved-objects.sh: |
#!/bin/bash
echo "==> Saved objects import"
{{- if .Values.savedObjects.urls }}
{{- $totalURLs := len .Values.savedObjects.urls }}
echo "Total saved objects NDJSON URLs to import: {{ $totalURLs }}"
{{- range $i, $url := .Values.savedObjects.urls }}
echo "Importing saved objects from NDJSON in url {{ add $i 1 }} out of {{ $totalURLs }}: {{ $url }}"
download_tmp_file="$(mktemp)"
curl "{{$url}}" > "${download_tmp_file}.ndjson"
curl -s --connect-timeout 60 --max-time 60 -XPOST {{ $savedObjectsUrl }} -H 'kbn-xsrf:true' --form file=@${download_tmp_file}.ndjson
{{- end }}
{{- end }}
{{- if .Values.savedObjects.configmap }}
echo "Searching for dashboard NDJSON files from ConfigMap mounted in /bitnami/kibana/saved-objects"
ndjson_file_list_tmp="$(mktemp)"
find /bitnami/kibana/saved-objects -type f -regex ".*\.ndjson" > $ndjson_file_list_tmp
while read -r f; do
case "$f" in
*.ndjson)
echo "Importing $f"
curl -s --connect-timeout 60 --max-time 60 -XPOST {{ $savedObjectsUrl }} -H 'kbn-xsrf:true' --form file=@${f}
;;
*)
echo "Ignoring $f"
;;
esac
done < $ndjson_file_list_tmp
{{- end }}
echo "==> End of Saved objects import"
{{- end -}}

29
helm/kibana/templates/secret.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if (include "kibana.createSecret" .) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if and .Values.elasticsearch.security.auth.enabled (not .Values.elasticsearch.security.auth.existingSecret) }}
kibana-password: {{ required "A Kibana password is required!" .Values.elasticsearch.security.auth.kibanaPassword | b64enc }}
{{- end }}
{{- if and .Values.tls.enabled (not .Values.tls.passwordsSecret) }}
{{- if .Values.tls.keyPassword }}
kibana-key-password: {{ .Values.tls.keyPassword | b64enc | quote }}
{{- end }}
{{- if .Values.tls.keystorePassword }}
kibana-keystore-password: {{.Values.tls.keystorePassword | b64enc | quote }}
{{- end }}
{{- end }}
{{- if and .Values.elasticsearch.security.tls.enabled .Values.elasticsearch.security.tls.truststorePassword (not .Values.elasticsearch.security.tls.passwordsSecret) }}
elasticsearch-truststore-password: {{ .Values.elasticsearch.security.tls.truststorePassword | b64enc | quote }}
{{- end }}
{{- end }}

41
helm/kibana/templates/service.yaml Normal file
View File

@ -0,0 +1,41 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.service.labels }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.labels "context" $) | nindent 4 }}
{{- end }}
{{- if or (and .Values.metrics.enabled .Values.metrics.service.annotations) .Values.service.annotations }}
annotations:
{{- if and .Values.metrics.enabled .Values.metrics.service.annotations }}
{{- tpl (toYaml .Values.metrics.service.annotations) $ | nindent 4 }}
{{- end }}
{{- if .Values.service.annotations }}
{{- tpl (toYaml .Values.service.annotations) $ | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if eq .Values.service.type "LoadBalancer" }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- end }}
{{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
ports:
- name: http
port: {{ .Values.service.port }}
targetPort: http
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort)))}}
nodePort: {{ .Values.service.nodePort }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- tpl (toYaml .Values.service.extraPorts) $ | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}

20
helm/kibana/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kibana.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }}
annotations:
{{- if or .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.serviceAccount.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

28
helm/kibana/templates/servicemonitor.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "common.names.fullname" . }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
spec:
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
endpoints:
- port: http
path: "/_prometheus/metrics"
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
{{- end }}

25
helm/kibana/templates/tls-secret.yaml Normal file
View File

@ -0,0 +1,25 @@
{{- if (include "kibana.createTlsSecret" .) }}
{{- $ca := genCA "kibana-ca" 365 }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $serviceName := include "common.names.fullname" . }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $serviceName }}
{{- $crt := genSignedCert $serviceName nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-crt" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $crt.Cert | b64enc | quote }}
tls.key: {{ $crt.Key | b64enc | quote }}
{{- end }}