365 lines
11 KiB
YAML
365 lines
11 KiB
YAML
---
|
|
schema: armada/Chart/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: elasticsearch-global
|
|
labels:
|
|
hosttype: elasticsearch-global
|
|
layeringDefinition:
|
|
abstract: true
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
# Chart source
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .charts.osh_infra.elasticsearch
|
|
dest:
|
|
path: .source
|
|
|
|
# Images
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.osh_infra.elasticsearch
|
|
dest:
|
|
path: .values.images.tags
|
|
|
|
# Endpoints
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_infra_endpoints
|
|
path: .osh_infra.elasticsearch
|
|
dest:
|
|
path: .values.endpoints.elasticsearch
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_infra_endpoints
|
|
path: .osh_infra.prometheus_elasticsearch_exporter
|
|
dest:
|
|
path: .values.endpoints.prometheus_elasticsearch_exporter
|
|
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_infra_endpoints
|
|
path: .osh_infra.ldap
|
|
dest:
|
|
path: .values.endpoints.ldap
|
|
|
|
# Accounts
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_infra_service_accounts
|
|
path: .osh_infra.elasticsearch.admin
|
|
dest:
|
|
path: .values.endpoints.elasticsearch.auth.admin
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_infra_service_accounts
|
|
path: .osh_infra.ceph_object_store.admin
|
|
dest:
|
|
path: .values.endpoints.ceph_object_store.auth.admin
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_infra_service_accounts
|
|
path: .osh_infra.ceph_object_store.elasticsearch
|
|
dest:
|
|
path: .values.endpoints.ceph_object_store.auth.elasticsearch
|
|
|
|
# Secrets
|
|
- dest:
|
|
path: .values.endpoints.elasticsearch.auth.admin.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_infra_elasticsearch_admin_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.ceph_object_store.auth.admin.access_key
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_infra_rgw_s3_admin_access_key
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.ceph_object_store.auth.admin.secret_key
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_infra_rgw_s3_admin_secret_key
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.ceph_object_store.auth.elasticsearch.access_key
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_infra_rgw_s3_elasticsearch_access_key
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.ceph_object_store.auth.elasticsearch.secret_key
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_infra_rgw_s3_elasticsearch_secret_key
|
|
path: .
|
|
|
|
# LDAP Details
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_infra_service_accounts
|
|
path: .osh_infra.ldap.admin
|
|
dest:
|
|
path: .values.endpoints.ldap.auth.admin
|
|
- dest:
|
|
path: .values.endpoints.ldap.auth.admin.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_keystone_ldap_password
|
|
path: .
|
|
data:
|
|
chart_name: elasticsearch
|
|
release: elasticsearch
|
|
namespace: osh-infra
|
|
wait:
|
|
timeout: 900
|
|
labels:
|
|
release_group: airship-elasticsearch
|
|
install:
|
|
no_hooks: false
|
|
upgrade:
|
|
no_hooks: false
|
|
pre:
|
|
delete:
|
|
- type: job
|
|
labels:
|
|
release_group: airship-elasticsearch
|
|
create: []
|
|
post:
|
|
create: []
|
|
values:
|
|
pod:
|
|
replicas:
|
|
client: 5
|
|
resources:
|
|
enabled: true
|
|
apache_proxy:
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
requests:
|
|
memory: "0"
|
|
cpu: "0"
|
|
client:
|
|
requests:
|
|
memory: "8Gi"
|
|
cpu: "1000m"
|
|
limits:
|
|
memory: "16Gi"
|
|
cpu: "2000m"
|
|
master:
|
|
requests:
|
|
memory: "8Gi"
|
|
cpu: "1000m"
|
|
limits:
|
|
memory: "16Gi"
|
|
cpu: "2000m"
|
|
data:
|
|
requests:
|
|
memory: "8Gi"
|
|
cpu: "1000m"
|
|
limits:
|
|
memory: "16Gi"
|
|
cpu: "2000m"
|
|
prometheus_elasticsearch_exporter:
|
|
requests:
|
|
memory: "0"
|
|
cpu: "0"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
jobs:
|
|
curator:
|
|
requests:
|
|
memory: "0"
|
|
cpu: "0"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
image_repo_sync:
|
|
requests:
|
|
memory: "0"
|
|
cpu: "0"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
snapshot_repository:
|
|
requests:
|
|
memory: "0"
|
|
cpu: "0"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
tests:
|
|
requests:
|
|
memory: "0"
|
|
cpu: "0"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
labels:
|
|
elasticsearch:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
job:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
test:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
monitoring:
|
|
prometheus:
|
|
enabled: true
|
|
conf:
|
|
httpd: |
|
|
ServerRoot "/usr/local/apache2"
|
|
Listen 80
|
|
LoadModule mpm_event_module modules/mod_mpm_event.so
|
|
LoadModule authn_file_module modules/mod_authn_file.so
|
|
LoadModule authn_core_module modules/mod_authn_core.so
|
|
LoadModule authz_host_module modules/mod_authz_host.so
|
|
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
|
|
LoadModule authz_user_module modules/mod_authz_user.so
|
|
LoadModule authz_core_module modules/mod_authz_core.so
|
|
LoadModule access_compat_module modules/mod_access_compat.so
|
|
LoadModule auth_basic_module modules/mod_auth_basic.so
|
|
LoadModule ldap_module modules/mod_ldap.so
|
|
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
|
|
LoadModule reqtimeout_module modules/mod_reqtimeout.so
|
|
LoadModule filter_module modules/mod_filter.so
|
|
LoadModule proxy_html_module modules/mod_proxy_html.so
|
|
LoadModule log_config_module modules/mod_log_config.so
|
|
LoadModule env_module modules/mod_env.so
|
|
LoadModule headers_module modules/mod_headers.so
|
|
LoadModule setenvif_module modules/mod_setenvif.so
|
|
LoadModule version_module modules/mod_version.so
|
|
LoadModule proxy_module modules/mod_proxy.so
|
|
LoadModule proxy_connect_module modules/mod_proxy_connect.so
|
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
|
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
|
|
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
|
|
LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
|
|
LoadModule unixd_module modules/mod_unixd.so
|
|
LoadModule status_module modules/mod_status.so
|
|
LoadModule autoindex_module modules/mod_autoindex.so
|
|
<IfModule unixd_module>
|
|
User daemon
|
|
Group daemon
|
|
</IfModule>
|
|
<Directory />
|
|
AllowOverride none
|
|
Require all denied
|
|
</Directory>
|
|
<Files ".ht*">
|
|
Require all denied
|
|
</Files>
|
|
ErrorLog /dev/stderr
|
|
LogLevel warn
|
|
<IfModule log_config_module>
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
|
<IfModule logio_module>
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
|
|
</IfModule>
|
|
CustomLog /dev/stdout common
|
|
CustomLog /dev/stdout combined
|
|
</IfModule>
|
|
<Directory "/usr/local/apache2/cgi-bin">
|
|
AllowOverride None
|
|
Options None
|
|
Require all granted
|
|
</Directory>
|
|
<IfModule headers_module>
|
|
RequestHeader unset Proxy early
|
|
</IfModule>
|
|
<IfModule proxy_html_module>
|
|
Include conf/extra/proxy-html.conf
|
|
</IfModule>
|
|
<VirtualHost *:80>
|
|
<Location />
|
|
ProxyPass http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
|
|
ProxyPassReverse http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
|
|
</Location>
|
|
<Proxy *>
|
|
AuthName "Elasticsearch"
|
|
AuthType Basic
|
|
AuthBasicProvider file ldap
|
|
AuthUserFile /usr/local/apache2/conf/.htpasswd
|
|
AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
|
|
AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
|
|
AuthLDAPURL {{ tuple "ldap" "public" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
|
|
Require valid-user
|
|
</Proxy>
|
|
</VirtualHost>
|
|
elasticsearch:
|
|
config:
|
|
http:
|
|
max_content_length: 2gb
|
|
pipelining: false
|
|
env:
|
|
java_opts:
|
|
client: "-Xms8g -Xmx8g"
|
|
data: "-Xms8g -Xmx8g"
|
|
master: "-Xms8g -Xmx8g"
|
|
snapshots:
|
|
enabled: true
|
|
curator:
|
|
#run every 6th hour
|
|
schedule: "0 */6 * * *"
|
|
action_file:
|
|
# Remember, leave a key empty if there is no value. None will be a string,
|
|
# not a Python "NoneType"
|
|
#
|
|
# Also remember that all examples have 'disable_action' set to True. If you
|
|
# want to use this action as a template, be sure to set this to False after
|
|
# copying it.
|
|
actions:
|
|
1:
|
|
action: delete_indices
|
|
description: >-
|
|
"Delete indices older than 7 days"
|
|
options:
|
|
timeout_override:
|
|
continue_if_exception: False
|
|
ignore_empty_list: True
|
|
disable_action: False
|
|
filters:
|
|
- filtertype: pattern
|
|
kind: prefix
|
|
value: logstash-
|
|
- filtertype: age
|
|
source: name
|
|
direction: older
|
|
timestring: '%Y.%m.%d'
|
|
unit: days
|
|
unit_count: 7
|
|
2:
|
|
action: delete_indices
|
|
description: >-
|
|
"Delete indices by age if available disk space is
|
|
less than 80% total disk"
|
|
options:
|
|
timeout_override: 600
|
|
continue_if_exception: False
|
|
ignore_empty_list: True
|
|
disable_action: False
|
|
filters:
|
|
- filtertype: pattern
|
|
kind: prefix
|
|
value: logstash-
|
|
- filtertype: space
|
|
source: creation_date
|
|
use_age: True
|
|
disk_space: 1200
|
|
storage:
|
|
requests:
|
|
storage: 500Gi
|
|
dependencies:
|
|
- osh-infra-helm-toolkit
|
|
...
|