server/sa-charts
14
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

es mongodb

Browse Source
This commit is contained in:
marsal wang
2021-12-24 15:55:52 +08:00
parent 98c8ddd6f5
commit de34586660
77 changed files with 15072 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
elasticsearch/templates/NOTES.txt Normal file
View File

@ -0,0 +1,132 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
{{- if contains .Values.coordinating.service.type "LoadBalancer" }}
-------------------------------------------------------------------------------
WARNING
By specifying "coordinating.service.type=LoadBalancer" you have most likely
exposed the Elasticsearch service externally.
Please note that Elasticsearch does not implement a authentication
mechanism to secure your cluster. For security reasons, we strongly
suggest that you switch to "ClusterIP" or "NodePort".
-------------------------------------------------------------------------------
{{- end }}
{{- if not .Values.sysctlImage.enabled }}
-------------------------------------------------------------------------------
WARNING
Elasticsearch requires some changes in the kernel of the host machine to
work as expected. If those values are not set in the underlying operating
system, the ES containers fail to boot with ERROR messages.
To check whether the host machine meets the requirements, run the command
below:
kubectl logs --namespace {{ .Release.Namespace }} $(kubectl get --namespace {{ .Release.Namespace }} \
pods -l app={{ template "common.names.name" . }},role=master -o jsonpath='{.items[0].metadata.name}') \
elasticsearch
You can adapt the Kernel parameters on you cluster as described in the
official documentation:
https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster
As an alternative, you can specify "sysctlImage.enabled=true" to use a
privileged initContainer to change those settings in the Kernel:
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/elasticsearch --set sysctlImage.enabled=true
Note that this requires the ability to run privileged containers, which is likely not
the case on many secure clusters. To cover this use case, you can also set some parameters
in the config file to customize the default settings:
https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-store.html
https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
For that, you can place the desired parameters by using the "config" block present in the values.yaml
{{- else if .Values.sysctlImage.enabled }}
-------------------------------------------------------------------------------
WARNING
Elasticsearch requires some changes in the kernel of the host machine to
work as expected. If those values are not set in the underlying operating
system, the ES containers fail to boot with ERROR messages.
More information about these requirements can be found in the links below:
https://www.elastic.co/guide/en/elasticsearch/reference/current/file-descriptors.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html
This chart uses a privileged initContainer to change those settings in the Kernel
by running: sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
{{- end }}
** Please be patient while the chart is being deployed **
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
In order to replicate the container startup scripts execute this command:
/opt/bitnami/scripts/elasticsearch/entrypoint.sh /opt/bitnami/scripts/elasticsearch/run.sh
{{- else }}
{{- if .Values.curator.enabled }}
A CronJob will run with schedule {{ .Values.curator.cronjob.schedule }}.
The Jobs will not be removed automagically when deleting this Helm chart.
To remove these jobs, run the following:
kubectl --namespace {{ .Release.Namespace }} delete job -l app={{ template "common.names.name" . }},role=curator
{{- end }}
Elasticsearch can be accessed within the cluster on port {{ .Values.coordinating.service.port }} at {{ template "elasticsearch.coordinating.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
To access from outside the cluster execute the following commands:
{{- if contains "NodePort" .Values.coordinating.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "elasticsearch.coordinating.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
curl http://$NODE_IP:$NODE_PORT/
{{- else if contains "LoadBalancer" .Values.coordinating.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "elasticsearch.coordinating.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "elasticsearch.coordinating.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
curl http://$SERVICE_IP:{{ .Values.coordinating.service.port }}/
{{- else if contains "ClusterIP" .Values.coordinating.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "elasticsearch.coordinating.fullname" . }} {{ .Values.coordinating.service.port }}:9200 &
curl http://127.0.0.1:9200/
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- include "common.warnings.rollingTag" .Values.sysctlImage }}
{{- end }}
{{ include "elasticsearch.validateValues" . }}

490
elasticsearch/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,490 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper ES image name
*/}}
{{- define "elasticsearch.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Create a default fully qualified master name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.master.fullname" -}}
{{- if .Values.master.fullnameOverride -}}
{{- .Values.master.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.master.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified ingest name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.ingest.fullname" -}}
{{- if .Values.ingest.fullnameOverride -}}
{{- .Values.ingest.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.ingest.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified coordinating name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.coordinating.fullname" -}}
{{- if .Values.global.kibanaEnabled -}}
{{- printf "%s-%s" .Release.Name .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- if .Values.coordinating -}}
{{- if .Values.coordinating.fullnameOverride -}}
{{- .Values.coordinating.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the hostname of every ElasticSearch seed node
*/}}
{{- define "elasticsearch.hosts" -}}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $masterFullname := include "elasticsearch.master.fullname" . }}
{{- $coordinatingFullname := include "elasticsearch.coordinating.fullname" . }}
{{- $dataFullname := include "elasticsearch.data.fullname" . }}
{{- $ingestFullname := include "elasticsearch.ingest.fullname" . }}
{{- $masterFullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }},
{{- $coordinatingFullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }},
{{- $dataFullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }},
{{- if .Values.ingest.enabled }}
{{- $ingestFullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }},
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified data name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.data.fullname" -}}
{{- if .Values.data.fullnameOverride -}}
{{- .Values.data.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.data.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{ template "elasticsearch.initScriptsSecret" . }}
{{/*
Get the initialization scripts volume name.
*/}}
{{- define "elasticsearch.initScripts" -}}
{{- printf "%s-init-scripts" (include "common.names.fullname" .) -}}
{{- end -}}
{{ template "elasticsearch.initScriptsCM" . }}
{{/*
Get the initialization scripts ConfigMap name.
*/}}
{{- define "elasticsearch.initScriptsCM" -}}
{{- printf "%s" .Values.initScriptsCM -}}
{{- end -}}
{{ template "elasticsearch.initScriptsSecret" . }}
{{/*
Get the initialization scripts Secret name.
*/}}
{{- define "elasticsearch.initScriptsSecret" -}}
{{- printf "%s" .Values.initScriptsSecret -}}
{{- end -}}
{{/*
Create the name of the master service account to use
*/}}
{{- define "elasticsearch.master.serviceAccountName" -}}
{{- if .Values.master.serviceAccount.create -}}
{{ default (include "elasticsearch.master.fullname" .) .Values.master.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.master.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the coordinating-only service account to use
*/}}
{{- define "elasticsearch.coordinating.serviceAccountName" -}}
{{- if .Values.coordinating.serviceAccount.create -}}
{{ default (include "elasticsearch.coordinating.fullname" .) .Values.coordinating.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.coordinating.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the data service account to use
*/}}
{{- define "elasticsearch.data.serviceAccountName" -}}
{{- if .Values.data.serviceAccount.create -}}
{{ default (include "elasticsearch.data.fullname" .) .Values.data.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.data.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the ingest service account to use
*/}}
{{- define "elasticsearch.ingest.serviceAccountName" -}}
{{- if .Values.ingest.serviceAccount.create -}}
{{ default (include "elasticsearch.ingest.fullname" .) .Values.ingest.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.ingest.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified metrics name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.metrics.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.metrics.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper ES exporter image name
*/}}
{{- define "elasticsearch.metrics.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper sysctl image name
*/}}
{{- define "elasticsearch.sysctl.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.sysctlImage "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "elasticsearch.imagePullSecrets" -}}
{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.curator.image .Values.sysctlImage .Values.volumePermissions.image) "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "elasticsearch.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Storage Class
Usage:
{{ include "elasticsearch.storageClass" (dict "global" .Values.global "local" .Values.master) }}
*/}}
{{- define "elasticsearch.storageClass" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
*/}}
{{- if .global -}}
{{- if .global.storageClass -}}
{{- if (eq "-" .global.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .global.storageClass -}}
{{- end -}}
{{- else -}}
{{- if .local.persistence.storageClass -}}
{{- if (eq "-" .local.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .local.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if .local.persistence.storageClass -}}
{{- if (eq "-" .local.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .local.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for cronjob APIs.
*/}}
{{- define "cronjob.apiVersion" -}}
{{- if semverCompare "< 1.8-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "batch/v2alpha1" }}
{{- else if and (semverCompare ">=1.8-0" .Capabilities.KubeVersion.GitVersion) (semverCompare "< 1.21-0" .Capabilities.KubeVersion.GitVersion) -}}
{{- print "batch/v1beta1" }}
{{- else if semverCompare ">=1.21-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "batch/v1" }}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "elasticsearch.curator.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.curator.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "elasticsearch.curator.serviceAccountName" -}}
{{- if .Values.curator.serviceAccount.create -}}
{{ default (include "elasticsearch.curator.fullname" .) .Values.curator.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.curator.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the proper ES curator image name
*/}}
{{- define "elasticsearch.curator.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.curator.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the elasticsearch TLS credentials secret for master nodes.
*/}}
{{- define "elasticsearch.master.tlsSecretName" -}}
{{- $secretName := .Values.security.tls.master.existingSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-crt" (include "elasticsearch.master.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the elasticsearch TLS credentials secret for data nodes.
*/}}
{{- define "elasticsearch.data.tlsSecretName" -}}
{{- $secretName := .Values.security.tls.data.existingSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-crt" (include "elasticsearch.data.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the elasticsearch TLS credentials secret for ingest nodes.
*/}}
{{- define "elasticsearch.ingest.tlsSecretName" -}}
{{- $secretName := .Values.security.tls.ingest.existingSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-crt" (include "elasticsearch.ingest.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the elasticsearch TLS credentials secret for coordinating-only nodes.
*/}}
{{- define "elasticsearch.coordinating.tlsSecretName" -}}
{{- $secretName := .Values.security.tls.coordinating.existingSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-crt" (include "elasticsearch.coordinating.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a TLS credentials secret object should be created
*/}}
{{- define "elasticsearch.createTlsSecret" -}}
{{- if and .Values.security.enabled .Values.security.tls.autoGenerated (not (include "elasticsearch.security.tlsSecretsProvided" .)) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return true if an authentication credentials secret object should be created
*/}}
{{- define "elasticsearch.createSecret" -}}
{{- if and .Values.security.enabled (not .Values.security.existingSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the Elasticsearch authentication credentials secret name
*/}}
{{- define "elasticsearch.secretName" -}}
{{- coalesce .Values.security.existingSecret (include "common.names.fullname" .) -}}
{{- end -}}
{{/*
Return true if a TLS password secret object should be created
*/}}
{{- define "elasticsearch.createTlsPasswordsSecret" -}}
{{- if and .Values.security.enabled (not .Values.security.tls.passwordsSecret) (or .Values.security.tls.keystorePassword .Values.security.tls.truststorePassword .Values.security.tls.keyPassword ) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the Elasticsearch TLS password secret name
*/}}
{{- define "elasticsearch.tlsPasswordsSecret" -}}
{{- coalesce .Values.security.tls.passwordsSecret (printf "%s-tls-pass" (include "common.names.fullname" .)) -}}
{{- end -}}
{{/*
Add environment variables to configure database values
*/}}
{{- define "elasticsearch.configure.security" -}}
- name: ELASTICSEARCH_ENABLE_SECURITY
value: "true"
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "elasticsearch.secretName" . }}
key: elasticsearch-password
- name: ELASTICSEARCH_ENABLE_FIPS_MODE
value: {{ .Values.security.fipsMode | quote }}
- name: ELASTICSEARCH_TLS_VERIFICATION_MODE
value: {{ .Values.security.tls.verificationMode | quote }}
- name: ELASTICSEARCH_ENABLE_REST_TLS
value: {{ ternary "true" "false" .Values.security.tls.restEncryption | quote }}
{{- if or (include "elasticsearch.createTlsSecret" .) .Values.security.tls.usePemCerts }}
- name: ELASTICSEARCH_TLS_USE_PEM
value: "true"
{{- else }}
- name: ELASTICSEARCH_KEYSTORE_LOCATION
value: "/opt/bitnami/elasticsearch/config/certs/{{ .Values.security.tls.keystoreFilename }}"
- name: ELASTICSEARCH_TRUSTSTORE_LOCATION
value: "/opt/bitnami/elasticsearch/config/certs/{{ .Values.security.tls.truststoreFilename }}"
{{- end }}
{{- if and (not .Values.security.tls.usePemCerts) (or .Values.security.tls.keystorePassword .Values.security.tls.passwordsSecret) }}
- name: ELASTICSEARCH_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
key: keystore-password
{{- end }}
{{- if and (not .Values.security.tls.usePemCerts) (or .Values.security.tls.truststorePassword .Values.security.tls.passwordsSecret) }}
- name: ELASTICSEARCH_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
key: truststore-password
{{- end }}
{{- if and .Values.security.tls.usePemCerts (or .Values.security.tls.keyPassword .Values.security.tls.passwordsSecret) }}
- name: ELASTICSEARCH_KEY_PASSWORD
value: {{ .Values.security.tls.keyPassword | quote }}
{{- end }}
{{- end -}}
{{/*
Returns true if at least 1 existing secret was provided
*/}}
{{- define "elasticsearch.security.tlsSecretsProvided" -}}
{{- $masterSecret :=.Values.security.tls.master.existingSecret -}}
{{- $dataSecret :=.Values.security.tls.data.existingSecret -}}
{{- $coordSecret :=.Values.security.tls.coordinating.existingSecret -}}
{{- $ingestSecret :=.Values.security.tls.ingest.existingSecret -}}
{{- $ingestEnabled := .Values.ingest.enabled -}}
{{- if or $masterSecret $dataSecret $coordSecret (and $ingestEnabled $ingestSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Elasticsearch - Existing secret not provided for master nodes */}}
{{- define "elasticsearch.validateValues.security.missingTlsSecrets.master" -}}
{{- if and .Values.security.enabled (include "elasticsearch.security.tlsSecretsProvided" .) (not .Values.security.tls.master.existingSecret) -}}
elasticsearch: security.tls.master.existingSecret
Missing secret containing the TLS certificates for the Elasticsearch master nodes.
Provide the certificates using --set .Values.security.tls.master.existingSecret="my-secret".
{{- end -}}
{{- end -}}
{{/* Validate values of Elasticsearch - Existing secret not provided for data nodes */}}
{{- define "elasticsearch.validateValues.security.missingTlsSecrets.data" -}}
{{- if and .Values.security.enabled (include "elasticsearch.security.tlsSecretsProvided" .) (not .Values.security.tls.data.existingSecret) -}}
elasticsearch: security.tls.data.existingSecret
Missing secret containing the TLS certificates for the Elasticsearch data nodes.
Provide the certificates using --set .Values.security.tls.data.existingSecret="my-secret".
{{- end -}}
{{- end -}}
{{/* Validate values of Elasticsearch - Existing secret not provided for coordinating-only nodes */}}
{{- define "elasticsearch.validateValues.security.missingTlsSecrets.coordinating" -}}
{{- if and .Values.security.enabled (include "elasticsearch.security.tlsSecretsProvided" .) (not .Values.security.tls.coordinating.existingSecret) -}}
elasticsearch: security.tls.coordinating.existingSecret
Missing secret containing the TLS certificates for the Elasticsearch coordinating-only nodes.
Provide the certificates using --set .Values.security.tls.coordinating.existingSecret="my-secret".
{{- end -}}
{{- end -}}
{{/* Validate values of Elasticsearch - Existing secret not provided for ingest nodes */}}
{{- define "elasticsearch.validateValues.security.missingTlsSecrets.ingest" -}}
{{- if and .Values.security.enabled .Values.ingest.enabled (include "elasticsearch.security.tlsSecretsProvided" .) (not .Values.security.tls.ingest.existingSecret) -}}
elasticsearch: security.tls.ingest.existingSecret
Missing secret containing the TLS certificates for the Elasticsearch ingest nodes.
Provide the certificates using --set .Values.security.tls.ingest.existingSecret="my-secret".
{{- end -}}
{{- end -}}
{{/* Validate values of Elasticsearch - TLS enabled but no certificates provided */}}
{{- define "elasticsearch.validateValues.security.tls" -}}
{{- if and .Values.security.enabled (not .Values.security.tls.autoGenerated) (not (include "elasticsearch.security.tlsSecretsProvided" .)) -}}
elasticsearch: security.tls
In order to enable X-Pack Security, it is necessary to configure TLS.
Three different mechanisms can be used:
- Provide an existing secret containing the Keystore and Truststore for each role
- Provide an existing secret containing the PEM certificates for each role and enable `security.tls.usePemCerts=true`
- Enable using auto-generated certificates with `security.tls.autoGenerated=true`
Existing secrets containing either JKS/PKCS12 or PEM certificates can be provided using --set Values.security.tls.master.existingSecret=master-certs,
--set Values.security.tls.data.existingSecret=data-certs, --set Values.security.tls.coordinating.existingSecret=coordinating-certs, --set Values.security.tls.ingest.existingSecret=ingest-certs
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "elasticsearch.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "elasticsearch.validateValues.security.tls" .) -}}
{{- $messages := append $messages (include "elasticsearch.validateValues.security.missingTlsSecrets.master" .) -}}
{{- $messages := append $messages (include "elasticsearch.validateValues.security.missingTlsSecrets.data" .) -}}
{{- $messages := append $messages (include "elasticsearch.validateValues.security.missingTlsSecrets.coordinating" .) -}}
{{- $messages := append $messages (include "elasticsearch.validateValues.security.missingTlsSecrets.ingest" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/*
Sysctl set if less then
*/}}
{{- define "elasticsearch.sysctlIfLess" -}}
CURRENT=`sysctl -n {{ .key }}`;
DESIRED="{{ .value }}";
if [ "$DESIRED" -gt "$CURRENT" ]; then
sysctl -w {{ .key }}={{ .value }};
fi;
{{- end -}}

11
elasticsearch/templates/configmap-curator.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if .Values.curator.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "elasticsearch.curator.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: curator
data:
action_file.yml: {{ required "A valid .Values.curator.configMaps.action_file_yml entry is required!" (toYaml .Values.curator.configMaps.action_file_yml | indent 2) }}
config.yml: {{ required "A valid .Values.curator.configMaps.config_yml entry is required!" (tpl (toYaml .Values.curator.configMaps.config_yml | indent 2) $) }}
{{- end }}

16
elasticsearch/templates/configmap-es.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if or .Values.config .Values.extraConfig }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
data:
{{- if .Values.config }}
elasticsearch.yml: |-
{{- toYaml .Values.config | nindent 4 }}
{{- end}}
{{- if .Values.extraConfig }}
my_elasticsearch.yml: |-
{{- toYaml .Values.extraConfig | nindent 4 }}
{{- end }}
{{- end }}

12
elasticsearch/templates/configmap-initscripts.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- if .Values.initScripts }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "elasticsearch.initScripts" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
component: master
data:
{{- with .Values.initScripts }}
{{ toYaml . | indent 2 }}
{{- end }}
{{ end }}

35
elasticsearch/templates/coordinating-hpa.yaml Normal file
View File

@ -0,0 +1,35 @@
{{- if .Values.coordinating.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "elasticsearch.coordinating.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: coordinating-only
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
kind: StatefulSet
name: {{ include "elasticsearch.coordinating.fullname" . }}
minReplicas: {{ .Values.coordinating.autoscaling.minReplicas }}
maxReplicas: {{ .Values.coordinating.autoscaling.maxReplicas }}
metrics:
{{- if .Values.coordinating.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.coordinating.autoscaling.targetCPU }}
{{- end }}
{{- if .Values.coordinating.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.coordinating.autoscaling.targetMemory }}
{{- end }}
{{- end }}

280
elasticsearch/templates/coordinating-statefulset.yaml Normal file
View File

@ -0,0 +1,280 @@
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "elasticsearch.coordinating.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: coordinating-only
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: coordinating-only
spec:
updateStrategy:
type: {{ .Values.coordinating.updateStrategy.type }}
{{- if (eq "Recreate" .Values.coordinating.updateStrategy.type) }}
rollingUpdate: null
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: coordinating-only
podManagementPolicy: Parallel
{{- if not .Values.coordinating.autoscaling.enabled }}
replicas: {{ .Values.coordinating.replicas }}
{{- end }}
serviceName: {{ template "elasticsearch.coordinating.fullname" . }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: coordinating-only
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: coordinating-only
{{- if .Values.coordinating.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.coordinating.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if and (include "elasticsearch.createTlsSecret" .) (not .Values.security.tls.coordinating.existingSecret) }}
checksum/tls: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.coordinating.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.coordinating.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
{{- if .Values.coordinating.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.coordinating.schedulerName }}
schedulerName: {{ .Values.coordinating.schedulerName }}
{{- end }}
{{- if .Values.coordinating.priorityClassName }}
priorityClassName: {{ .Values.coordinating.priorityClassName | quote }}
{{- end }}
{{- if .Values.coordinating.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.coordinating.podAffinityPreset "component" "coordinating-only" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.coordinating.podAntiAffinityPreset "component" "coordinating-only" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.coordinating.nodeAffinityPreset.type "key" .Values.coordinating.nodeAffinityPreset.key "values" .Values.coordinating.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.coordinating.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.coordinating.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.coordinating.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "elasticsearch.coordinating.serviceAccountName" . }}
{{- if or .Values.coordinating.podSecurityContext.enabled .Values.coordinating.securityContext.enabled }}
securityContext:
{{- if .Values.coordinating.podSecurityContext.enabled }}
{{- omit .Values.coordinating.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- else }}
fsGroup: {{ .Values.coordinating.securityContext.fsGroup }}
{{- end }}
{{- end }}
{{- if or .Values.coordinating.initContainers .Values.sysctlImage.enabled }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
image: {{ include "elasticsearch.sysctl.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- include "elasticsearch.sysctlIfLess" (dict "key" "vm.max_map_count" "value" "262144") | nindent 14 }}
{{- include "elasticsearch.sysctlIfLess" (dict "key" "fs.file-max" "value" "65536") | nindent 14 }}
securityContext:
privileged: true
{{- if .Values.sysctlImage.resources }}
resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.coordinating.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.coordinating.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: elasticsearch
image: {{ include "elasticsearch.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if or .Values.coordinating.containerSecurityContext.enabled .Values.coordinating.securityContext.enabled }}
securityContext:
{{- if .Values.coordinating.containerSecurityContext.enabled }}
{{- omit .Values.coordinating.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- else }}
runAsUser: {{ .Values.coordinating.securityContext.runAsUser }}
{{- end }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ .Values.name | quote }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
value: {{ include "elasticsearch.hosts" . | quote }}
- name: ELASTICSEARCH_TOTAL_NODES
value: {{ add (ternary .Values.master.autoscaling.minReplicas .Values.master.replicas .Values.master.autoscaling.enabled) (ternary .Values.data.autoscaling.minReplicas .Values.data.replicas .Values.data.autoscaling.enabled) | quote }}
- name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
{{- $elasticsearchMasterFullname := include "elasticsearch.master.fullname" . }}
{{- $replicas := int (ternary .Values.master.autoscaling.minReplicas .Values.master.replicas .Values.master.autoscaling.enabled) }}
value: {{range $i, $e := until $replicas }}{{ $elasticsearchMasterFullname }}-{{ $e }} {{ end }}
- name: ELASTICSEARCH_MINIMUM_MASTER_NODES
value: {{ add (div (ternary .Values.master.autoscaling.minReplicas .Values.master.replicas .Values.master.autoscaling.enabled) 2) 1 | quote }}
- name: ELASTICSEARCH_ADVERTISED_HOSTNAME
value: "$(MY_POD_NAME).{{ include "elasticsearch.coordinating.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
{{- if .Values.plugins }}
- name: ELASTICSEARCH_PLUGINS
value: {{ .Values.plugins | quote }}
{{- end }}
- name: ELASTICSEARCH_HEAP_SIZE
value: {{ .Values.coordinating.heapSize | quote }}
- name: ELASTICSEARCH_IS_DEDICATED_NODE
value: "yes"
- name: ELASTICSEARCH_NODE_TYPE
value: "coordinating"
{{- if .Values.security.enabled }}
{{- include "elasticsearch.configure.security" . | nindent 12 }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.extraEnvVarsConfigMap .Values.extraEnvVarsSecret }}
envFrom:
{{- if .Values.extraEnvVarsConfigMap }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsConfigMap "context" $ ) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: 9200
- name: transport
containerPort: 9300
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.coordinating.startupProbe.enabled }}
startupProbe:
initialDelaySeconds: {{ .Values.coordinating.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.coordinating.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.coordinating.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.coordinating.startupProbe.successThreshold }}
failureThreshold: {{ .Values.coordinating.startupProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.coordinating.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.coordinating.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.coordinating.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.coordinating.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.coordinating.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.coordinating.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.coordinating.livenessProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.coordinating.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.coordinating.readinessProbe.enabled}}
readinessProbe:
initialDelaySeconds: {{ .Values.coordinating.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.coordinating.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.coordinating.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.coordinating.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.coordinating.readinessProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.coordinating.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.coordinating.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.coordinating.resources }}
resources: {{- toYaml .Values.coordinating.resources | nindent 12 }}
{{- end}}
volumeMounts:
{{- if .Values.config }}
- mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
name: config
subPath: elasticsearch.yml
{{- end }}
{{- if .Values.extraConfig }}
- mountPath: /opt/bitnami/elasticsearch/config/my_elasticsearch.yml
name: config
subPath: my_elasticsearch.yml
{{- end }}
- name: data
mountPath: /bitnami/elasticsearch/data
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
mountPath: /opt/bitnami/elasticsearch/config/certs
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d/init-scripts
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
mountPath: /docker-entrypoint-initdb.d/init-scripts-cm
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
mountPath: /docker-entrypoint-initdb.d/init-scripts-secret
{{- end }}
{{- if .Values.coordinating.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.coordinating.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if or .Values.config .Values.extraConfig }}
- name: config
configMap:
name: {{ include "common.names.fullname" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
secret:
secretName: {{ include "elasticsearch.coordinating.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
configMap:
name: {{ template "elasticsearch.initScripts" . }}
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
configMap:
name: {{ template "elasticsearch.initScriptsCM" . }}
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
secret:
secretName: {{ template "elasticsearch.initScriptsSecret" . }}
defaultMode: 0755
{{- end }}
- name: "data"
emptyDir: {}

27
elasticsearch/templates/coordinating-svc.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.coordinating.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: coordinating-only
annotations: {{ include "common.tplvalues.render" ( dict "value" .Values.coordinating.service.annotations "context" $) | nindent 4 }}
spec:
type: {{ .Values.coordinating.service.type | quote }}
{{- if and (eq .Values.coordinating.service.type "LoadBalancer") (not (empty .Values.coordinating.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.coordinating.service.loadBalancerIP }}
externalTrafficPolicy: {{ .Values.coordinating.service.externalTrafficPolicy | quote }}
{{- end }}
publishNotReadyAddresses: true
ports:
- name: http
port: {{ .Values.coordinating.service.port }}
targetPort: http
{{- if and (or (eq .Values.coordinating.service.type "NodePort") (eq .Values.coordinating.service.type "LoadBalancer")) (not (empty .Values.coordinating.service.nodePort)) }}
nodePort: {{ .Values.coordinating.service.nodePort }}
{{- else if eq .Values.coordinating.service.type "ClusterIP" }}
nodePort: null
{{- end }}
- name: tcp-transport
port: 9300
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: coordinating-only

130
elasticsearch/templates/cronjob.yaml Normal file
View File

@ -0,0 +1,130 @@
{{- if .Values.curator.enabled }}
apiVersion: {{ template "cronjob.apiVersion" . }}
kind: CronJob
metadata:
name: {{ template "elasticsearch.curator.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: curator
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: curator
{{- if .Values.curator.cronjob.annotations }}
annotations: {{- toYaml .Values.curator.cronjob.annotations | nindent 4 }}
{{- end }}
spec:
schedule: "{{ .Values.curator.cronjob.schedule }}"
{{- with .Values.curator.cronjob.concurrencyPolicy }}
concurrencyPolicy: {{ . }}
{{- end }}
{{- with .Values.curator.cronjob.failedJobsHistoryLimit }}
failedJobsHistoryLimit: {{ . }}
{{- end }}
{{- with .Values.curator.cronjob.successfulJobsHistoryLimit }}
successfulJobsHistoryLimit: {{ . }}
{{- end }}
jobTemplate:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: curator
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: curator
{{- if .Values.curator.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.curator.podLabels "context" $) | nindent 8 }}
{{- end }}
spec:
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 12 }}
app.kubernetes.io/component: curator
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: curator
{{- if .Values.curator.podAnnotations }}
annotations: {{- toYaml .Values.curator.podAnnotations | nindent 12 }}
{{- end }}
spec:
volumes:
- name: config-volume
configMap:
name: {{ template "elasticsearch.curator.fullname" . }}
{{- if .Values.curator.extraVolumes }}
{{- toYaml .Values.curator.extraVolumes | nindent 12 }}
{{- end }}
restartPolicy: {{ .Values.curator.cronjob.jobRestartPolicy }}
{{- if .Values.curator.priorityClassName }}
priorityClassName: {{ .Values.curator.priorityClassName | quote }}
{{- end }}
{{- include "elasticsearch.imagePullSecrets" . | indent 10 }}
{{- $initContainers := coalesce .Values.curator.initContainers .Values.curator.extraInitContainers -}}
{{- if $initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" $initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.curator.schedulerName }}
schedulerName: {{ .Values.curator.schedulerName }}
{{- end }}
{{- if .Values.curator.rbac.enabled }}
serviceAccountName: {{ include "elasticsearch.curator.serviceAccountName" . }}
{{- end }}
{{- if .Values.curator.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.curator.affinity "context" $) | nindent 12 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.curator.podAffinityPreset "component" "curator" "context" $) | nindent 14 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.curator.podAntiAffinityPreset "component" "curator" "context" $) | nindent 14 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.curator.nodeAffinityPreset.type "key" .Values.curator.nodeAffinityPreset.key "values" .Values.curator.nodeAffinityPreset.values) | nindent 14 }}
{{- end }}
{{- if .Values.curator.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.curator.nodeSelector "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.curator.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.curator.tolerations "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.curator.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.curator.topologySpreadConstraints "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.curator.securityContext }}
securityContext: {{- toYaml .Values.curator.securityContext | nindent 12 }}
{{- end }}
containers:
- name: {{ template "elasticsearch.curator.fullname" . }}
image: {{ template "elasticsearch.curator.image" . }}
imagePullPolicy: {{ .Values.curator.image.pullPolicy | quote }}
volumeMounts:
- name: config-volume
mountPath: /etc/es-curator
{{- if .Values.curator.extraVolumeMounts }}
{{- toYaml .Values.curator.extraVolumeMounts | nindent 16 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 16 }}
{{ else if .Values.curator.command }}
command: {{ toYaml .Values.curator.command | nindent 16 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 16 }}
{{- else if .Values.curator.dryrun }}
args: [ "--dry-run", "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
{{- else }}
args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
{{- end }}
env:
{{- if .Values.curator.env }}
{{- range $key,$value := .Values.curator.env }}
- name: {{ $key | upper | quote}}
value: {{ $value | quote}}
{{- end }}
{{- end }}
{{- if .Values.curator.envFromSecrets }}
{{- range $key,$value := .Values.curator.envFromSecrets }}
- name: {{ $key | upper | quote}}
valueFrom:
secretKeyRef:
name: {{ $value.from.secret | quote}}
key: {{ $value.from.key | quote}}
{{- end }}
{{- end }}
{{- if .Values.curator.resources }}
resources: {{- toYaml .Values.curator.resources | nindent 16 }}
{{- end }}
{{- if .Values.curator.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.curator.sidecars "context" $) | nindent 12 }}
{{- end }}
{{- end }}

35
elasticsearch/templates/data-hpa.yaml Normal file
View File

@ -0,0 +1,35 @@
{{- if .Values.data.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "elasticsearch.data.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: data
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
name: {{ include "elasticsearch.data.fullname" . }}
minReplicas: {{ .Values.data.autoscaling.minReplicas }}
maxReplicas: {{ .Values.data.autoscaling.maxReplicas }}
metrics:
{{- if .Values.data.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.data.autoscaling.targetCPU }}
{{- end }}
{{- if .Values.data.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.data.autoscaling.targetMemory }}
{{- end }}
{{- end }}

326
elasticsearch/templates/data-statefulset.yaml Normal file
View File

@ -0,0 +1,326 @@
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "elasticsearch.data.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: data
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: data
spec:
updateStrategy:
type: {{ .Values.data.updateStrategy.type }}
{{- if (eq "OnDelete" .Values.data.updateStrategy.type) }}
rollingUpdate: null
{{- else if .Values.data.updateStrategy.rollingUpdatePartition }}
rollingUpdate:
partition: {{ .Values.data.updateStrategy.rollingUpdatePartition }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: data
podManagementPolicy: Parallel
{{- if not .Values.data.autoscaling.enabled }}
replicas: {{ .Values.data.replicas }}
{{- end }}
serviceName: {{ template "elasticsearch.data.fullname" . }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: data
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: data
{{- if .Values.data.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.data.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if and (include "elasticsearch.createTlsSecret" .) (not .Values.security.tls.data.existingSecret) }}
checksum/tls: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.data.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.data.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
{{- if .Values.data.priorityClassName }}
priorityClassName: {{ .Values.data.priorityClassName | quote }}
{{- end }}
{{- if .Values.data.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.data.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.data.podAffinityPreset "component" "data" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.data.podAntiAffinityPreset "component" "data" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.data.nodeAffinityPreset.type "key" .Values.data.nodeAffinityPreset.key "values" .Values.data.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.data.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.data.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.data.schedulerName }}
schedulerName: {{ .Values.data.schedulerName }}
{{- end }}
{{- if .Values.data.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.data.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.data.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.data.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.data.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.data.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }}
{{- if or .Values.data.podSecurityContext.enabled .Values.data.securityContext.enabled }}
securityContext:
{{- if .Values.data.podSecurityContext.enabled }}
{{- omit .Values.data.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- else }}
fsGroup: {{ .Values.data.securityContext.fsGroup }}
{{- end }}
{{- end }}
{{- if or .Values.data.initContainers .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.data.persistence.enabled) }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
image: {{ include "elasticsearch.sysctl.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- include "elasticsearch.sysctlIfLess" (dict "key" "vm.max_map_count" "value" "262144") | nindent 14 }}
{{- include "elasticsearch.sysctlIfLess" (dict "key" "fs.file-max" "value" "65536") | nindent 14 }}
securityContext:
privileged: true
{{- if .Values.sysctlImage.resources }}
resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.data.persistence.enabled }}
- name: volume-permissions
image: {{ include "elasticsearch.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
chown -R {{ .Values.data.securityContext.runAsUser }}:{{ .Values.data.securityContext.fsGroup }} //bitnami/elasticsearch/data
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: "/bitnami/elasticsearch/data"
{{- end }}
{{- if .Values.data.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.data.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: elasticsearch
image: {{ include "elasticsearch.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if or .Values.data.containerSecurityContext.enabled .Values.data.securityContext.enabled }}
securityContext:
{{- if .Values.data.containerSecurityContext.enabled }}
{{- omit .Values.data.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- else }}
runAsUser: {{ .Values.data.securityContext.runAsUser }}
{{- end }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ .Values.name | quote }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
value: {{ include "elasticsearch.hosts" . | quote }}
- name: ELASTICSEARCH_TOTAL_NODES
value: {{ add (ternary .Values.master.autoscaling.minReplicas .Values.master.replicas .Values.master.autoscaling.enabled) (ternary .Values.data.autoscaling.minReplicas .Values.data.replicas .Values.data.autoscaling.enabled) | quote }}
{{- if .Values.plugins }}
- name: ELASTICSEARCH_PLUGINS
value: {{ .Values.plugins | quote }}
{{- end }}
{{- if .Values.snapshotRepoPath }}
- name: ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH
value: {{ .Values.snapshotRepoPath | quote }}
{{- end }}
- name: ELASTICSEARCH_HEAP_SIZE
value: {{ .Values.data.heapSize | quote }}
- name: ELASTICSEARCH_IS_DEDICATED_NODE
value: "yes"
- name: ELASTICSEARCH_NODE_TYPE
value: "data"
- name: ELASTICSEARCH_ADVERTISED_HOSTNAME
value: "$(MY_POD_NAME).{{ include "elasticsearch.data.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
{{- if .Values.security.enabled }}
{{- include "elasticsearch.configure.security" . | nindent 12 }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.extraEnvVarsConfigMap .Values.extraEnvVarsSecret }}
envFrom:
{{- if .Values.extraEnvVarsConfigMap }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsConfigMap "context" $ ) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: 9200
- name: transport
containerPort: 9300
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.data.startupProbe.enabled }}
startupProbe:
initialDelaySeconds: {{ .Values.data.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.data.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.data.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.data.startupProbe.successThreshold }}
failureThreshold: {{ .Values.data.startupProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.data.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.data.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.data.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.data.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.data.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.data.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.data.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.data.livenessProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.data.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.data.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.data.readinessProbe.enabled }}
readinessProbe:
initialDelaySeconds: {{ .Values.data.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.data.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.data.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.data.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.data.readinessProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.data.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.data.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.data.resources }}
resources: {{- toYaml .Values.data.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.config }}
- mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
name: "config"
subPath: elasticsearch.yml
{{- end }}
{{- if .Values.extraConfig }}
- mountPath: /opt/bitnami/elasticsearch/config/my_elasticsearch.yml
name: config
subPath: my_elasticsearch.yml
{{- end }}
- name: "data"
mountPath: "/bitnami/elasticsearch/data"
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
mountPath: /opt/bitnami/elasticsearch/config/certs
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d/init-scripts
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
mountPath: /docker-entrypoint-initdb.d/init-scripts-cm
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
mountPath: /docker-entrypoint-initdb.d/init-scripts-secret
{{- end }}
{{- if .Values.data.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.data.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if or .Values.config .Values.extraConfig }}
- name: "config"
configMap:
name: {{ template "common.names.fullname" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
secret:
secretName: {{ include "elasticsearch.data.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
configMap:
name: {{ template "elasticsearch.initScripts" . }}
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
configMap:
name: {{ template "elasticsearch.initScriptsCM" . }}
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
secret:
secretName: {{ template "elasticsearch.initScriptsSecret" . }}
defaultMode: 0755
{{- end }}
{{- if not .Values.data.persistence.enabled }}
- name: "data"
emptyDir: {}
{{- else if .Values.data.persistence.existingClaim }}
- name: "data"
persistentVolumeClaim:
claimName: {{ .Values.data.persistence.existingClaim }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: "data"
{{- if .Values.data.persistence.annotations }}
annotations: {{- toYaml .Values.data.persistence.annotations | nindent 10 }}
{{- end }}
spec:
accessModes: {{- toYaml .Values.data.persistence.accessModes | nindent 10 }}
{{ $storage := dict "global" .Values.global "local" .Values.data }}
{{ include "elasticsearch.storageClass" $storage }}
resources:
requests:
storage: {{ .Values.data.persistence.size | quote }}
{{- if .Values.data.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.data.persistence.selector "context" $) | nindent 10 }}
{{- else if .Values.data.persistence.existingVolume }}
selector:
matchLabels:
volume: {{ .Values.data.persistence.existingVolume }}
{{- end }}
{{- end }}

19
elasticsearch/templates/data-svc.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.data.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: data
spec:
type: ClusterIP
publishNotReadyAddresses: true
ports:
- name: http
port: 9200
targetPort: http
- name: tcp-transport
port: 9300
targetPort: transport
nodePort: null
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: data

4
elasticsearch/templates/extra-list.yaml Normal file
View File

@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

73
elasticsearch/templates/hooks/job.install.yaml Normal file
View File

@ -0,0 +1,73 @@
{{- if .Values.curator.enabled }}
{{- range $kind, $enabled := .Values.curator.hooks }}
{{- if $enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "elasticsearch.curator.fullname" . }}-curator-on-{{ $kind }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: curator
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: curator
annotations:
"helm.sh/hook": post-{{ $kind }}
"helm.sh/hook-weight": "1"
{{- if $.Values.cronjob.annotations }}
{{- toYaml $.Values.cronjob.annotations | nindent 4 }}
{{- end }}
spec:
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 10 }}
app.kubernetes.io/component: curator
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: curator
{{- if $.Values.podAnnotations }}
annotations: {{- toYaml $.Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
{{- if $.Values.curator.priorityClassName }}
priorityClassName: {{ $.Values.curator.priorityClassName | quote }}
{{- end }}
{{- if .Values.curator.schedulerName }}
schedulerName: {{ .Values.curator.schedulerName }}
{{- end }}
{{- if $.Values.curator.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" $.Values.curator.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if $.Values.curator.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" $.Values.curator.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if $.Values.curator.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.curator.tolerations "context" $) | nindent 8 }}
{{- end }}
containers:
- name: {{ template "elasticsearch.curator.fullname" . }}
image: {{ template "elasticsearch.curator.image" . }}
imagePullPolicy: {{ .Values.curator.image.pullPolicy | quote }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else }}
command: [ "curator" ]
args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
{{- end }}
resources: {{- toYaml $.Values.curator.resources | nindent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/es-curator
{{- if $.Values.curator.extraVolumeMounts }}
{{- toYaml $.Values.curator.extraVolumeMounts | nindent 12 }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ template "elasticsearch.curator.fullname" . }}
{{- if $.Values.curator.extraVolumes }}
{{- toYaml $.Values.curator.extraVolumes | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

280
elasticsearch/templates/ingest-statefulset.yaml Normal file
View File

@ -0,0 +1,280 @@
{{- if .Values.ingest.enabled }}
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "elasticsearch.ingest.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: ingest
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: ingest
spec:
updateStrategy:
type: {{ .Values.ingest.updateStrategy.type }}
{{- if (eq "OnDelete" .Values.ingest.updateStrategy.type) }}
rollingUpdate: null
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: ingest
podManagementPolicy: Parallel
replicas: {{ .Values.ingest.replicas }}
serviceName: {{ template "elasticsearch.ingest.fullname" . }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: ingest
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: ingest
{{- if .Values.ingest.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if and (include "elasticsearch.createTlsSecret" .) (not .Values.security.tls.ingest.existingSecret) }}
checksum/tls: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.ingest.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
{{- if .Values.ingest.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.ingest.schedulerName }}
schedulerName: {{ .Values.ingest.schedulerName }}
{{- end }}
{{- if .Values.ingest.priorityClassName }}
priorityClassName: {{ .Values.ingest.priorityClassName | quote }}
{{- end }}
{{- if .Values.ingest.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ingest.podAffinityPreset "component" "ingest" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ingest.podAntiAffinityPreset "component" "ingest" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.ingest.nodeAffinityPreset.type "key" .Values.ingest.nodeAffinityPreset.key "values" .Values.ingest.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.ingest.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.ingest.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.ingest.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "elasticsearch.ingest.serviceAccountName" . }}
{{- if or .Values.ingest.podSecurityContext.enabled .Values.ingest.securityContext.enabled }}
securityContext:
{{- if .Values.ingest.podSecurityContext.enabled }}
{{- omit .Values.ingest.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- else }}
fsGroup: {{ .Values.ingest.securityContext.fsGroup }}
{{- end }}
{{- end }}
{{- if or .Values.ingest.initContainers .Values.sysctlImage.enabled }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
image: {{ include "elasticsearch.sysctl.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- include "elasticsearch.sysctlIfLess" (dict "key" "vm.max_map_count" "value" "262144") | nindent 14 }}
{{- include "elasticsearch.sysctlIfLess" (dict "key" "fs.file-max" "value" "65536") | nindent 14 }}
securityContext:
privileged: true
{{- if .Values.sysctlImage.resources }}
resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.ingest.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: elasticsearch
image: {{ include "elasticsearch.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if or .Values.ingest.containerSecurityContext.enabled .Values.ingest.securityContext.enabled }}
securityContext:
{{- if .Values.ingest.containerSecurityContext.enabled }}
{{- omit .Values.ingest.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- else }}
runAsUser: {{ .Values.ingest.securityContext.runAsUser }}
{{- end }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ .Values.name | quote }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
value: {{ include "elasticsearch.hosts" . | quote }}
- name: ELASTICSEARCH_TOTAL_NODES
value: {{ add (ternary .Values.master.autoscaling.minReplicas .Values.master.replicas (eq .Values.master.autoscaling.enabled true)) (ternary .Values.data.autoscaling.minReplicas .Values.data.replicas (eq .Values.data.autoscaling.enabled true)) | quote }}
- name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
{{- $elasticsearchMasterFullname := include "elasticsearch.master.fullname" . }}
{{- $replicas := int (ternary .Values.master.autoscaling.minReplicas .Values.master.replicas (eq .Values.master.autoscaling.enabled true)) }}
value: {{range $i, $e := until $replicas }}{{ $elasticsearchMasterFullname }}-{{ $e }} {{ end }}
- name: ELASTICSEARCH_MINIMUM_MASTER_NODES
value: {{ add (div (ternary .Values.master.autoscaling.minReplicas .Values.master.replicas (eq .Values.master.autoscaling.enabled true)) 2) 1 | quote }}
- name: ELASTICSEARCH_ADVERTISED_HOSTNAME
value: "$(MY_POD_NAME).{{ include "elasticsearch.ingest.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
{{- if .Values.plugins }}
- name: ELASTICSEARCH_PLUGINS
value: {{ .Values.plugins | quote }}
{{- end }}
- name: ELASTICSEARCH_HEAP_SIZE
value: {{ .Values.ingest.heapSize | quote }}
- name: ELASTICSEARCH_IS_DEDICATED_NODE
value: "yes"
- name: ELASTICSEARCH_NODE_TYPE
value: "ingest"
{{- if .Values.security.enabled }}
{{- include "elasticsearch.configure.security" . | nindent 12 }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.extraEnvVarsConfigMap .Values.extraEnvVarsSecret }}
envFrom:
{{- if .Values.extraEnvVarsConfigMap }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsConfigMap "context" $ ) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: 9200
- name: transport
containerPort: 9300
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.ingest.startupProbe.enabled }}
startupProbe:
initialDelaySeconds: {{ .Values.ingest.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.ingest.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.ingest.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.ingest.startupProbe.successThreshold }}
failureThreshold: {{ .Values.ingest.startupProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.ingest.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.ingest.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.ingest.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.ingest.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.ingest.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.ingest.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.ingest.livenessProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.ingest.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.ingest.readinessProbe.enabled }}
readinessProbe:
initialDelaySeconds: {{ .Values.ingest.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.ingest.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.ingest.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.ingest.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.ingest.readinessProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.ingest.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ingest.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.ingest.resources }}
resources: {{- toYaml .Values.ingest.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.config }}
- mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
name: config
subPath: elasticsearch.yml
{{- end }}
- name: data
mountPath: /bitnami/elasticsearch/data
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
mountPath: /opt/bitnami/elasticsearch/config/certs
readOnly: true
{{- end }}
{{- if .Values.extraConfig }}
- mountPath: /opt/bitnami/elasticsearch/config/my_elasticsearch.yml
name: config
subPath: my_elasticsearch.yml
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d/init-scripts
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
mountPath: /docker-entrypoint-initdb.d/init-scripts-cm
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
mountPath: /docker-entrypoint-initdb.d/init-scripts-secret
{{- end }}
{{- if .Values.ingest.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingest.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if or .Values.config .Values.extraConfig }}
- name: config
configMap:
name: {{ include "common.names.fullname" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
secret:
secretName: {{ include "elasticsearch.ingest.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
configMap:
name: {{ template "elasticsearch.initScripts" . }}
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
configMap:
name: {{ template "elasticsearch.initScriptsCM" . }}
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
secret:
secretName: {{ template "elasticsearch.initScriptsSecret" . }}
defaultMode: 0755
{{- end }}
- name: "data"
emptyDir: {}
{{- end }}

29
elasticsearch/templates/ingest-svc.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.ingest.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.ingest.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: ingest
annotations: {{ include "common.tplvalues.render" ( dict "value" .Values.ingest.service.annotations "context" $) | nindent 4 }}
spec:
type: {{ .Values.ingest.service.type | quote }}
{{- if and (eq .Values.ingest.service.type "LoadBalancer") (not (empty .Values.ingest.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.ingest.service.loadBalancerIP }}
{{- end }}
publishNotReadyAddresses: true
ports:
- name: http
port: 9200
targetPort: http
- name: tcp-transport
port: {{ .Values.ingest.service.port }}
targetPort: transport
{{- if and (or (eq .Values.ingest.service.type "NodePort") (eq .Values.ingest.service.type "LoadBalancer")) (not (empty .Values.ingest.service.nodePort)) }}
nodePort: {{ .Values.ingest.service.nodePort }}
{{- else if eq .Values.ingest.service.type "ClusterIP" }}
nodePort: null
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: ingest
{{- end }}

35
elasticsearch/templates/master-hpa.yaml Normal file
View File

@ -0,0 +1,35 @@
{{- if .Values.master.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "elasticsearch.master.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
name: {{ include "elasticsearch.master.fullname" . }}
minReplicas: {{ .Values.master.autoscaling.minReplicas }}
maxReplicas: {{ .Values.master.autoscaling.maxReplicas }}
metrics:
{{- if .Values.master.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.master.autoscaling.targetCPU }}
{{- end }}
{{- if .Values.master.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.master.autoscaling.targetMemory }}
{{- end }}
{{- end }}

329
elasticsearch/templates/master-statefulset.yaml Normal file
View File

@ -0,0 +1,329 @@
apiVersion: {{ template "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "elasticsearch.master.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: master
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: master
spec:
updateStrategy:
type: {{ .Values.master.updateStrategy.type }}
{{- if (eq "OnDelete" .Values.master.updateStrategy.type) }}
rollingUpdate: null
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: master
podManagementPolicy: Parallel
{{- if not .Values.master.autoscaling.enabled }}
replicas: {{ .Values.master.replicas }}
{{- end }}
serviceName: {{ template "elasticsearch.master.fullname" . }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: master
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: master
{{- if .Values.master.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if and (include "elasticsearch.createTlsSecret" .) (not .Values.security.tls.master.existingSecret) }}
checksum/tls: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.master.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
{{- if .Values.master.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.schedulerName }}
schedulerName: {{ .Values.master.schedulerName }}
{{- end }}
{{- if .Values.master.priorityClassName }}
priorityClassName: {{ .Values.master.priorityClassName | quote }}
{{- end }}
{{- if .Values.master.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.master.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAffinityPreset "component" "master" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAntiAffinityPreset "component" "master" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.master.nodeAffinityPreset.type "key" .Values.master.nodeAffinityPreset.key "values" .Values.master.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.master.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.master.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.master.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.master.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "elasticsearch.master.serviceAccountName" . }}
{{- if or .Values.master.podSecurityContext.enabled .Values.master.securityContext.enabled }}
securityContext:
{{- if .Values.master.podSecurityContext.enabled }}
{{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- else }}
fsGroup: {{ .Values.master.securityContext.fsGroup }}
{{- end }}
{{- end }}
{{- if or .Values.master.initContainers .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.master.persistence.enabled) }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
image: {{ include "elasticsearch.sysctl.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- include "elasticsearch.sysctlIfLess" (dict "key" "vm.max_map_count" "value" "262144") | nindent 14 }}
{{- include "elasticsearch.sysctlIfLess" (dict "key" "fs.file-max" "value" "65536") | nindent 14 }}
securityContext:
privileged: true
{{- if .Values.sysctlImage.resources }}
resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.master.persistence.enabled }}
- name: volume-permissions
image: {{ include "elasticsearch.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
chown -R {{ .Values.master.securityContext.runAsUser }}:{{ .Values.master.securityContext.fsGroup }} //bitnami/elasticsearch/data
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: "/bitnami/elasticsearch/data"
{{- end }}
{{- if .Values.master.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: elasticsearch
image: {{ include "elasticsearch.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if or .Values.master.containerSecurityContext.enabled .Values.master.securityContext.enabled }}
securityContext:
{{- if .Values.master.containerSecurityContext.enabled }}
{{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{ else }}
runAsUser: {{ .Values.master.securityContext.runAsUser }}
{{- end }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ .Values.name | quote }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
value: {{ include "elasticsearch.hosts" . | quote }}
- name: ELASTICSEARCH_TOTAL_NODES
value: {{ add (ternary .Values.master.autoscaling.minReplicas .Values.master.replicas .Values.master.autoscaling.enabled) (ternary .Values.data.autoscaling.minReplicas .Values.data.replicas .Values.data.autoscaling.enabled) | quote }}
- name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
{{- $elasticsearchMasterFullname := include "elasticsearch.master.fullname" . }}
{{- $replicas := int (ternary .Values.master.autoscaling.minReplicas .Values.master.replicas .Values.master.autoscaling.enabled) }}
value: {{range $i, $e := until $replicas }}{{ $elasticsearchMasterFullname }}-{{ $e }} {{ end }}
- name: ELASTICSEARCH_MINIMUM_MASTER_NODES
value: {{ add (div (ternary .Values.master.autoscaling.minReplicas .Values.master.replicas .Values.master.autoscaling.enabled) 2) 1 | quote }}
- name: ELASTICSEARCH_ADVERTISED_HOSTNAME
value: "$(MY_POD_NAME).{{ include "elasticsearch.master.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
{{- if .Values.plugins }}
- name: ELASTICSEARCH_PLUGINS
value: {{ .Values.plugins | quote }}
{{- end }}
{{- if .Values.snapshotRepoPath }}
- name: ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH
value: {{ .Values.snapshotRepoPath | quote }}
{{- end }}
- name: ELASTICSEARCH_HEAP_SIZE
value: {{ .Values.master.heapSize | quote }}
- name: ELASTICSEARCH_IS_DEDICATED_NODE
value: "yes"
- name: ELASTICSEARCH_NODE_TYPE
value: "master"
{{- if .Values.security.enabled }}
{{- include "elasticsearch.configure.security" . | nindent 12 }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.extraEnvVarsConfigMap .Values.extraEnvVarsSecret }}
envFrom:
{{- if .Values.extraEnvVarsConfigMap }}
- configMapRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsConfigMap "context" $ ) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.extraEnvVarsSecret "context" $ ) }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: 9200
- name: transport
containerPort: 9300
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.master.startupProbe.enabled }}
startupProbe:
initialDelaySeconds: {{ .Values.master.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.master.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.master.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.master.startupProbe.successThreshold }}
failureThreshold: {{ .Values.master.startupProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.master.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.master.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.master.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.master.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.master.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.master.readinessProbe.enabled }}
readinessProbe:
initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.master.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.master.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }}
exec:
command:
- /opt/bitnami/scripts/elasticsearch/healthcheck.sh
{{- else if .Values.master.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.master.resources }}
resources: {{- toYaml .Values.master.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.config }}
- mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
name: config
subPath: elasticsearch.yml
{{- end }}
{{- if .Values.extraConfig }}
- mountPath: /opt/bitnami/elasticsearch/config/my_elasticsearch.yml
name: config
subPath: my_elasticsearch.yml
{{- end }}
- name: data
mountPath: /bitnami/elasticsearch/data
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
mountPath: /opt/bitnami/elasticsearch/config/certs
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d/init-scripts
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
mountPath: /docker-entrypoint-initdb.d/init-scripts-cm
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
mountPath: /docker-entrypoint-initdb.d/init-scripts-secret
{{- end }}
{{- if .Values.master.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if or .Values.config .Values.extraConfig }}
- name: config
configMap:
name: {{ include "common.names.fullname" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: elasticsearch-certificates
secret:
secretName: {{ include "elasticsearch.master.tlsSecretName" . }}
defaultMode: 256
{{- end }}
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
{{- if .Values.initScripts }}
- name: custom-init-scripts
configMap:
name: {{ template "elasticsearch.initScripts" . }}
{{- end }}
{{- if .Values.initScriptsCM }}
- name: custom-init-scripts-cm
configMap:
name: {{ template "elasticsearch.initScriptsCM" . }}
{{- end }}
{{- if .Values.initScriptsSecret }}
- name: custom-init-scripts-secret
secret:
secretName: {{ template "elasticsearch.initScriptsSecret" . }}
defaultMode: 0755
{{- end }}
{{- if not .Values.master.persistence.enabled }}
- name: "data"
emptyDir: {}
{{- else if .Values.master.persistence.existingClaim }}
- name: "data"
persistentVolumeClaim:
claimName: {{ .Values.master.persistence.existingClaim }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: "data"
{{- if .Values.master.persistence.annotations }}
annotations: {{- toYaml .Values.master.persistence.annotations | nindent 10 }}
{{- end }}
spec:
accessModes: {{- toYaml .Values.master.persistence.accessModes | nindent 10 }}
{{ $storage := dict "global" .Values.global "local" .Values.master }}
{{ include "elasticsearch.storageClass" $storage }}
resources:
requests:
storage: {{ .Values.master.persistence.size | quote }}
{{- if .Values.master.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 10 }}
{{- else if .Values.master.persistence.existingVolume }}
selector:
matchLabels:
volume: {{ .Values.master.persistence.existingVolume }}
{{- end }}
{{- end }}

27
elasticsearch/templates/master-svc.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.master.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: master
annotations: {{ include "common.tplvalues.render" ( dict "value" .Values.master.service.annotations "context" $) | nindent 4 }}
spec:
type: {{ .Values.master.service.type | quote }}
{{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
{{- end }}
publishNotReadyAddresses: true
ports:
- name: http
port: 9200
targetPort: http
- name: tcp-transport
port: {{ .Values.master.service.port }}
targetPort: transport
{{- if and (or (eq .Values.master.service.type "NodePort") (eq .Values.master.service.type "LoadBalancer")) (not (empty .Values.master.service.nodePort)) }}
nodePort: {{ .Values.master.service.nodePort }}
{{- else if eq .Values.master.service.type "ClusterIP" }}
nodePort: null
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: master

107
elasticsearch/templates/metrics-deploy.yaml Normal file
View File

@ -0,0 +1,107 @@
{{- if .Values.metrics.enabled }}
apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "elasticsearch.metrics.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: metrics
spec:
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: metrics
replicas: 1
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: metrics
## Istio Labels: https://istio.io/docs/ops/deployment/requirements/
app: metrics
{{- if .Values.metrics.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.podLabels "context" $) | nindent 8 }}
{{- end }}
{{- with .Values.metrics.podAnnotations }}
annotations: {{ toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
{{- if .Values.metrics.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.schedulerName }}
schedulerName: {{ .Values.metrics.schedulerName }}
{{- end }}
containers:
- name: metrics
image: {{ include "elasticsearch.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else }}
args:
{{- if gt (int .Values.coordinating.replicas) 0 }}
# Prefer coordinating only nodes to do the initial metrics query
- --es.uri=http://{{- if .Values.security.enabled }}elastic:{{ .Values.security.elasticPassword}}@{{- end}}{{ template "elasticsearch.coordinating.fullname" . }}:{{ .Values.coordinating.service.port }}
{{- else }}
# Using master nodes as there are no coordinating only nodes
- --es.uri=http://{{- if .Values.security.enabled }}elastic:{{ .Values.security.elasticPassword}}@{{- end}}{{ include "elasticsearch.master.fullname" . }}:{{ .Values.master.service.port }}
{{- end }}
- --es.all
{{- if .Values.metrics.extraArgs }}
{{- toYaml .Values.metrics.extraArgs | nindent 12 }}
{{- end }}
{{- end }}
ports:
- name: metrics
containerPort: 9114
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.metrics.livenessProbe.enabled }}
livenessProbe:
initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
httpGet:
path: /metrics
port: metrics
{{- else if .Values.metrics.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.readinessProbe.enabled }}
readinessProbe:
initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
httpGet:
path: /metrics
port: metrics
{{- else if .Values.metrics.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
{{- if .Values.metrics.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.podAffinityPreset "component" "metrics" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.podAntiAffinityPreset "component" "metrics" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.metrics.nodeAffinityPreset.type "key" .Values.metrics.nodeAffinityPreset.key "values" .Values.metrics.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.metrics.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- end }}

17
elasticsearch/templates/metrics-svc.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if .Values.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "elasticsearch.metrics.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
annotations: {{ include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }}
spec:
type: {{ .Values.metrics.service.type }}
ports:
- name: http-metrics
port: 9114
targetPort: metrics
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- end }}

34
elasticsearch/templates/podsecuritypolicy.yaml Normal file
View File

@ -0,0 +1,34 @@
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.curator.enabled .Values.curator.psp.create }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "elasticsearch.curator.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
role: curator
spec:
privileged: true
#requiredDropCapabilities:
volumes:
- 'configMap'
- 'secret'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
# Require the container to run without root privileges.
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: false
{{- end }}

21
elasticsearch/templates/role.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if and .Values.curator.enabled .Values.curator.rbac.enabled }}
kind: Role
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ include "elasticsearch.curator.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
role: curator
component: elasticsearch-curator-configmap
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["update", "patch"]
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.curator.psp.create }}
- apiGroups: ["extensions"]
resources: ["podsecuritypolicies"]
verbs: ["use"]
resourceNames:
- {{ include "elasticsearch.curator.fullname" . }}
{{- end }}
{{- end }}

17
elasticsearch/templates/rolebinding.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if and .Values.curator.enabled .Values.curator.rbac.enabled }}
kind: RoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ include "elasticsearch.curator.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
role: curator
component: elasticsearch-curator-configmap
roleRef:
kind: Role
name: {{ template "elasticsearch.curator.fullname" . }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ include "elasticsearch.curator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

54
elasticsearch/templates/secrets.yaml Normal file
View File

@ -0,0 +1,54 @@
{{- if (include "elasticsearch.createSecret" . ) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "common.names.fullname" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if .Values.security.elasticPassword }}
elasticsearch-password: {{ default "" .Values.security.elasticPassword | b64enc | quote }}
{{- else }}
elasticsearch-password: {{ randAlphaNum 14 | b64enc | quote }}
{{- end }}
{{- if .Values.security.tls.keystorePassword }}
keystore-password: {{ default "" .Values.security.tls.keystorePassword | b64enc | quote }}
{{- end }}
{{- if .Values.security.tls.truststorePassword }}
truststore-password: {{ default "" .Values.security.tls.truststorePassword | b64enc | quote }}
{{- end }}
{{- if .Values.security.tls.keyPassword }}
key-password: {{ default "" .Values.security.tls.keyPassword | b64enc | quote }}
{{- end }}
---
{{- end }}
{{- if (include "elasticsearch.createTlsPasswordsSecret" . ) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "common.names.fullname" . }}-tls-pass
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if .Values.security.tls.keystorePassword }}
truststore-password: {{ default "" .Values.elasticPassword | b64enc | quote }}
{{- end }}
{{- if .Values.security.tls.truststorePassword }}
keystore-password: {{ default "" .Values.elasticPassword | b64enc | quote }}
{{- end }}
{{- if .Values.security.tls.elasticPassword }}
key-password: {{ default "" .Values.elasticPassword | b64enc | quote }}
{{- end }}
{{- end }}

44
elasticsearch/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,44 @@
{{- if and .Values.curator.enabled .Values.curator.serviceAccount.create .Values.curator.rbac.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "elasticsearch.curator.serviceAccountName" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
role: curator
{{- end }}
{{- if .Values.data.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "elasticsearch.data.serviceAccountName" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
role: data
{{- end }}
{{- if .Values.master.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "elasticsearch.master.serviceAccountName" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
role: master
{{- end }}
{{- if .Values.coordinating.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "elasticsearch.coordinating.serviceAccountName" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
role: coordinating-only
{{- end }}
{{- if and .Values.ingest.enabled .Values.ingest.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "elasticsearch.ingest.serviceAccountName" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
role: ingest
{{- end }}

29
elasticsearch/templates/servicemonitor.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "elasticsearch.metrics.fullname" . }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
spec:
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
app.kubernetes.io/component: metrics
endpoints:
- port: http-metrics
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
{{- end }}

99
elasticsearch/templates/tls-secret.yaml Normal file
View File

@ -0,0 +1,99 @@
{{- if (include "elasticsearch.createTlsSecret" .) }}
{{- $ca := genCA "elasticsearch-ca" 365 }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- if not .Values.security.tls.master.existingSecret }}
---
{{- $fullname := include "elasticsearch.master.fullname" . }}
{{- $serviceName := include "elasticsearch.master.fullname" . }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "elasticsearch.master.fullname" . }}-crt
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: master
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $crt.Cert | b64enc | quote }}
tls.key: {{ $crt.Key | b64enc | quote }}
{{- end }}
{{- if not .Values.security.tls.data.existingSecret }}
---
{{- $fullname := include "elasticsearch.data.fullname" . }}
{{- $serviceName := include "elasticsearch.data.fullname" . }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "elasticsearch.data.fullname" . }}-crt
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: data
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $crt.Cert | b64enc | quote }}
tls.key: {{ $crt.Key | b64enc | quote }}
{{- end }}
{{- if not .Values.security.tls.coordinating.existingSecret }}
---
{{- $fullname := include "elasticsearch.coordinating.fullname" . }}
{{- $serviceName := include "elasticsearch.coordinating.fullname" . }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "elasticsearch.coordinating.fullname" . }}-crt
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: coordinating-only
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $crt.Cert | b64enc | quote }}
tls.key: {{ $crt.Key | b64enc | quote }}
{{- end }}
{{- if and .Values.ingest.enabled (not .Values.security.tls.ingest.existingSecret) }}
---
{{- $fullname := include "elasticsearch.ingest.fullname" . }}
{{- $serviceName := include "elasticsearch.ingest.fullname" . }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "elasticsearch.ingest.fullname" . }}-crt
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: ingest
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $crt.Cert | b64enc | quote }}
tls.key: {{ $crt.Key | b64enc | quote }}
{{- end }}
{{- end }}