From 4b94e47c9429daa0a18450ff19f2f74313c7a9be Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Tue, 28 Nov 2017 16:44:03 -0600 Subject: [PATCH] Add Elasticsearch to OSH Infra This moves the Elasticsearch chart to OSH infra, along with rbac rules for running Elasticsearch. It includes a cronjob for running ES Curator for cleaning up old indices Change-Id: I69fcbe8b77de8b594eba5340a6e4340f389ba5bf --- elasticsearch/Chart.yaml | 24 ++ elasticsearch/requirements.yaml | 18 ++ elasticsearch/templates/bin/_curator.sh.tpl | 20 ++ .../templates/bin/_elasticsearch.sh.tpl | 30 ++ .../templates/bin/_helm-tests.sh.tpl | 81 ++++++ elasticsearch/templates/clusterrole.yaml | 41 +++ .../templates/clusterrolebinding.yaml | 32 +++ elasticsearch/templates/configmap-bin.yaml | 33 +++ elasticsearch/templates/configmap-etc.yaml | 33 +++ elasticsearch/templates/cron-job-curator.yaml | 72 +++++ .../templates/deployment-client.yaml | 133 +++++++++ .../templates/deployment-master.yaml | 133 +++++++++ .../templates/etc/_elasticsearch.yml.tpl | 42 +++ .../templates/etc/_log4j2.properties.tpl | 37 +++ .../templates/job-image-repo-sync.yaml | 65 +++++ elasticsearch/templates/pod-helm-tests.yaml | 48 ++++ elasticsearch/templates/rbac-entrypoint.yaml | 19 ++ elasticsearch/templates/service-data.yaml | 36 +++ .../templates/service-discovery.yaml | 36 +++ elasticsearch/templates/service-logging.yaml | 36 +++ elasticsearch/templates/serviceaccount.yaml | 22 ++ elasticsearch/templates/statefulset-data.yaml | 140 +++++++++ elasticsearch/values.yaml | 271 ++++++++++++++++++ tools/gate/chart-deploys/default.yaml | 18 ++ 24 files changed, 1420 insertions(+) create mode 100644 elasticsearch/Chart.yaml create mode 100644 elasticsearch/requirements.yaml create mode 100644 elasticsearch/templates/bin/_curator.sh.tpl create mode 100644 elasticsearch/templates/bin/_elasticsearch.sh.tpl create mode 100644 elasticsearch/templates/bin/_helm-tests.sh.tpl create mode 100644 elasticsearch/templates/clusterrole.yaml create mode 100644 elasticsearch/templates/clusterrolebinding.yaml create mode 100644 elasticsearch/templates/configmap-bin.yaml create mode 100644 elasticsearch/templates/configmap-etc.yaml create mode 100644 elasticsearch/templates/cron-job-curator.yaml create mode 100644 elasticsearch/templates/deployment-client.yaml create mode 100644 elasticsearch/templates/deployment-master.yaml create mode 100644 elasticsearch/templates/etc/_elasticsearch.yml.tpl create mode 100644 elasticsearch/templates/etc/_log4j2.properties.tpl create mode 100644 elasticsearch/templates/job-image-repo-sync.yaml create mode 100644 elasticsearch/templates/pod-helm-tests.yaml create mode 100644 elasticsearch/templates/rbac-entrypoint.yaml create mode 100644 elasticsearch/templates/service-data.yaml create mode 100644 elasticsearch/templates/service-discovery.yaml create mode 100644 elasticsearch/templates/service-logging.yaml create mode 100644 elasticsearch/templates/serviceaccount.yaml create mode 100644 elasticsearch/templates/statefulset-data.yaml create mode 100644 elasticsearch/values.yaml diff --git a/elasticsearch/Chart.yaml b/elasticsearch/Chart.yaml new file mode 100644 index 000000000..95d96f1c4 --- /dev/null +++ b/elasticsearch/Chart.yaml @@ -0,0 +1,24 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm ElasticSearch +name: elasticsearch +version: 0.1.0 +home: https://www.elastic.co/ +sources: + - https://github.com/elastic/elasticsearch + - https://git.openstack.org/cgit/openstack/openstack-helm-addons +maintainers: + - name: OpenStack-Helm Authors diff --git a/elasticsearch/requirements.yaml b/elasticsearch/requirements.yaml new file mode 100644 index 000000000..53782e69b --- /dev/null +++ b/elasticsearch/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/elasticsearch/templates/bin/_curator.sh.tpl b/elasticsearch/templates/bin/_curator.sh.tpl new file mode 100644 index 000000000..575973d64 --- /dev/null +++ b/elasticsearch/templates/bin/_curator.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec /usr/bin/curator --config /etc/config/config.yml /etc/config/action_file.yml diff --git a/elasticsearch/templates/bin/_elasticsearch.sh.tpl b/elasticsearch/templates/bin/_elasticsearch.sh.tpl new file mode 100644 index 000000000..780ec6e76 --- /dev/null +++ b/elasticsearch/templates/bin/_elasticsearch.sh.tpl @@ -0,0 +1,30 @@ +#!/bin/bash +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + ulimit -l unlimited + exec /docker-entrypoint.sh elasticsearch +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/elasticsearch/templates/bin/_helm-tests.sh.tpl b/elasticsearch/templates/bin/_helm-tests.sh.tpl new file mode 100644 index 000000000..8e0d8244b --- /dev/null +++ b/elasticsearch/templates/bin/_helm-tests.sh.tpl @@ -0,0 +1,81 @@ +#!/bin/bash +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + + +set -ex + +function create_index () { + index_result=$(curl -XPUT "${ELASTICSEARCH_ENDPOINT}/test_index?pretty" -H 'Content-Type: application/json' -d' + { + "settings" : { + "index" : { + "number_of_shards" : 3, + "number_of_replicas" : 2 + } + } + } + ' | python -c "import sys, json; print json.load(sys.stdin)['acknowledged']") + if [ "$index_result" == "True" ]; + then + echo "PASS: Test index created!" + else + echo "FAIL: Test index not created!"; + exit 1; + fi +} + +function insert_test_data () { + insert_result=$(curl -XPUT "${ELASTICSEARCH_ENDPOINT}/sample_index/sample_type/123/_create?pretty" -H 'Content-Type: application/json' -d' + { + "name" : "Elasticsearch", + "message" : "Test data text entry" + } + ' | python -c "import sys, json; print json.load(sys.stdin)['created']") + if [ "$insert_result" == "True" ]; then + sleep 20 + echo "PASS: Test data inserted into test index!" + else + echo "FAIL: Test data not inserted into test index!"; + exit 1; + fi +} + + +function check_hits () { + total_hits=$(curl -XGET "${ELASTICSEARCH_ENDPOINT}/_search?pretty" -H 'Content-Type: application/json' -d' + { + "query" : { + "bool": { + "must": [ + { "match": { "name": "Elasticsearch" }}, + { "match": { "message": "Test data text entry" }} + ] + } + } + } + ' | python -c "import sys, json; print json.load(sys.stdin)['hits']['total']") + if [ "$total_hits" -gt 0 ]; then + echo "PASS: Successful hits on test data query!" + else + echo "FAIL: No hits on query for test data! Exiting"; + exit 1; + fi +} + +create_index +insert_test_data +check_hits diff --git a/elasticsearch/templates/clusterrole.yaml b/elasticsearch/templates/clusterrole.yaml new file mode 100644 index 000000000..2a24bf454 --- /dev/null +++ b/elasticsearch/templates/clusterrole.yaml @@ -0,0 +1,41 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.clusterrole }} +{{- $envAll := . }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: elasticsearch-runner +rules: + - nonResourceURLs: + - / + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - get +{{- end -}} diff --git a/elasticsearch/templates/clusterrolebinding.yaml b/elasticsearch/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..7eba51e2c --- /dev/null +++ b/elasticsearch/templates/clusterrolebinding.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.clusterrolebinding }} +{{- $envAll := . }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: run-elasticsearch +subjects: + - kind: ServiceAccount + name: elasticsearch + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: elasticsearch-runner + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/elasticsearch/templates/configmap-bin.yaml b/elasticsearch/templates/configmap-bin.yaml new file mode 100644 index 000000000..22b2a6cd1 --- /dev/null +++ b/elasticsearch/templates/configmap-bin.yaml @@ -0,0 +1,33 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: elastic-bin +data: + elasticsearch.sh: | +{{ tuple "bin/_elasticsearch.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + helm-tests.sh: | +{{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + curator.sh: | +{{ tuple "bin/_curator.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + image-repo-sync.sh: |+ +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} diff --git a/elasticsearch/templates/configmap-etc.yaml b/elasticsearch/templates/configmap-etc.yaml new file mode 100644 index 000000000..9fd248eea --- /dev/null +++ b/elasticsearch/templates/configmap-etc.yaml @@ -0,0 +1,33 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: elastic-etc +data: + elasticsearch.yml: |+ +{{- tuple .Values.conf.elasticsearch "etc/_elasticsearch.yml.tpl" . | include "helm-toolkit.utils.configmap_templater" }} + log4j2.properties: |+ +{{- tuple .Values.conf.elasticsearch "etc/_log4j2.properties.tpl" . | include "helm-toolkit.utils.configmap_templater" }} + action_file.yml: +{{ toYaml .Values.conf.curator.action_file | indent 4 }} + config.yml: +{{ toYaml .Values.conf.curator.config | indent 4 }} +{{- end }} diff --git a/elasticsearch/templates/cron-job-curator.yaml b/elasticsearch/templates/cron-job-curator.yaml new file mode 100644 index 000000000..73b2786fb --- /dev/null +++ b/elasticsearch/templates/cron-job-curator.yaml @@ -0,0 +1,72 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.cron_curator }} +{{- if .Capabilities.APIVersions.Has "batch/v2alpha1" }} +{{- $envAll := . }} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.curator -}} +--- +apiVersion: batch/v2alpha1 +kind: CronJob +metadata: + name: curator +spec: + schedule: {{ .Values.conf.curator.schedule }} + jobTemplate: + metadata: + labels: +{{ tuple $envAll "elasticsearch" "curator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + template: + spec: + restartPolicy: OnFailure + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} + containers: + - name: curator +{{ tuple $envAll "curator" | include "helm-toolkit.snippets.image" | indent 14 }} + command: + - /tmp/curator.sh +{{ tuple $envAll $envAll.Values.pod.resources.jobs.curator | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} + volumeMounts: + - name: pod-etc-curator + mountPath: /etc/config + - name: elastic-bin + mountPath: /tmp/curator.sh + subPath: curator.sh + readOnly: true + - name: elastic-etc + mountPath: /etc/config/config.yml + subPath: config.yml + readOnly: true + - name: elastic-etc + mountPath: /etc/config/action_file.yml + subPath: action_file.yml + readOnly: true + volumes: + - name: pod-etc-curator + emptyDir: {} + - name: elastic-bin + configMap: + name: elastic-bin + defaultMode: 0555 + - name: elastic-etc + configMap: + name: elastic-etc + defaultMode: 0444 +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 12 }} +{{- end }} +{{- end }} diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml new file mode 100644 index 000000000..9380ff485 --- /dev/null +++ b/elasticsearch/templates/deployment-client.yaml @@ -0,0 +1,133 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_client }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.elasticsearch_client .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_client -}} +{{- end -}} +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: elasticsearch-client +spec: + replicas: {{ .Values.pod.replicas.client }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccount: elasticsearch + affinity: +{{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.client.timeout | default "600" }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: memory-map-increase + securityContext: + privileged: true + runAsUser: 0 +{{ tuple $envAll "memory_init" | include "helm-toolkit.snippets.image" | indent 10 }} + command: + - sysctl + - -w + - vm.max_map_count={{ .Values.conf.init.max_map_count }} + containers: + - name: elasticsearch-client + securityContext: + privileged: true + capabilities: + add: + - IPC_LOCK + - SYS_RESOURCE +{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.client | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }} + command: + - /tmp/elasticsearch.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/elasticsearch.sh + - stop + ports: + - name: http + containerPort: {{ .Values.network.client.port }} + - name: transport + containerPort: {{ .Values.network.discovery.port }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NODE_MASTER + value: "false" + - name: NODE_DATA + value: "false" + - name: HTTP_ENABLE + value: "true" + - name: DISCOVERY_SERVICE + value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + - name: ES_JAVA_OPTS + value: "{{ .Values.conf.elasticsearch.env.java_opts }}" + volumeMounts: + - name: elastic-logs + mountPath: {{ .Values.conf.elasticsearch.path.logs }} + - name: elastic-bin + mountPath: /tmp/elasticsearch.sh + subPath: elasticsearch.sh + readOnly: true + - name: elastic-config + mountPath: /usr/share/elasticsearch/config + - name: elastic-etc + mountPath: /usr/share/elasticsearch/config/elasticsearch.yml + subPath: elasticsearch.yml + readOnly: true + - name: elastic-etc + mountPath: /usr/share/elasticsearch/config/log4j2.properties + subPath: log4j2.properties + readOnly: true + - name: storage + mountPath: {{ .Values.conf.elasticsearch.path.data }} + volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} + - name: elastic-logs + emptyDir: {} + - name: elastic-bin + configMap: + name: elastic-bin + defaultMode: 0555 + - name: elastic-config + emptyDir: {} + - name: elastic-etc + configMap: + name: elastic-etc + defaultMode: 0444 + - name: storage + emptyDir: {} +{{- end }} diff --git a/elasticsearch/templates/deployment-master.yaml b/elasticsearch/templates/deployment-master.yaml new file mode 100644 index 000000000..e55847119 --- /dev/null +++ b/elasticsearch/templates/deployment-master.yaml @@ -0,0 +1,133 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_master }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.elasticsearch_master .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_master -}} +{{- end -}} +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: elasticsearch-master +spec: + replicas: {{ .Values.pod.replicas.master }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccount: elasticsearch + affinity: +{{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.master.timeout | default "600" }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: memory-map-increase + securityContext: + privileged: true + runAsUser: 0 +{{ tuple $envAll "memory_init" | include "helm-toolkit.snippets.image" | indent 10 }} + command: + - sysctl + - -w + - vm.max_map_count={{ .Values.conf.init.max_map_count }} + containers: + - name: elasticsearch-master + securityContext: + privileged: true + capabilities: + add: + - IPC_LOCK + - SYS_RESOURCE +{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.master | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }} + command: + - /tmp/elasticsearch.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/elasticsearch.sh + - stop + ports: + - name: http + containerPort: {{ .Values.network.client.port }} + - name: transport + containerPort: {{ .Values.network.discovery.port }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NODE_MASTER + value: "true" + - name: NODE_DATA + value: "false" + - name: HTTP_ENABLE + value: "false" + - name: DISCOVERY_SERVICE + value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + - name: ES_JAVA_OPTS + value: "{{ .Values.conf.elasticsearch.env.java_opts }}" + volumeMounts: + - name: elastic-logs + mountPath: {{ .Values.conf.elasticsearch.path.logs }} + - name: elastic-bin + mountPath: /tmp/elasticsearch.sh + subPath: elasticsearch.sh + readOnly: true + - name: elastic-config + mountPath: /usr/share/elasticsearch/config + - name: elastic-etc + mountPath: /usr/share/elasticsearch/config/elasticsearch.yml + subPath: elasticsearch.yml + readOnly: true + - name: elastic-etc + mountPath: /usr/share/elasticsearch/config/log4j2.properties + subPath: log4j2.properties + readOnly: true + - name: storage + mountPath: {{ .Values.conf.elasticsearch.path.data }} + volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} + - name: elastic-logs + emptyDir: {} + - name: elastic-bin + configMap: + name: elastic-bin + defaultMode: 0555 + - name: elastic-config + emptyDir: {} + - name: elastic-etc + configMap: + name: elastic-etc + defaultMode: 0444 + - name: storage + emptyDir: {} +{{- end }} diff --git a/elasticsearch/templates/etc/_elasticsearch.yml.tpl b/elasticsearch/templates/etc/_elasticsearch.yml.tpl new file mode 100644 index 000000000..b150e5b6d --- /dev/null +++ b/elasticsearch/templates/etc/_elasticsearch.yml.tpl @@ -0,0 +1,42 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +cluster: + name: {{ .Values.conf.elasticsearch.cluster.name }} + +node: + master: ${NODE_MASTER} + data: ${NODE_DATA} + name: ${NODE_NAME} + max_local_storage_nodes: {{ .Values.pod.replicas.data }} + +network.host: {{ .Values.conf.elasticsearch.network.host }} + +path: + data: {{ .Values.conf.elasticsearch.path.data }} + logs: {{ .Values.conf.elasticsearch.path.logs }} + +bootstrap: + memory_lock: {{ .Values.conf.elasticsearch.bootstrap.memory_lock }} + +http: + enabled: ${HTTP_ENABLE} + compression: true + +discovery: + zen: + ping.unicast.hosts: ${DISCOVERY_SERVICE} + minimum_master_nodes: {{ .Values.conf.elasticsearch.zen.min_masters }} diff --git a/elasticsearch/templates/etc/_log4j2.properties.tpl b/elasticsearch/templates/etc/_log4j2.properties.tpl new file mode 100644 index 000000000..bf0ceb5cd --- /dev/null +++ b/elasticsearch/templates/etc/_log4j2.properties.tpl @@ -0,0 +1,37 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +appender.rolling.type = RollingFile +appender.rolling.name = rolling +appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${hostName}.log +appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${hostName}.log.%i +appender.rolling.layout.type = PatternLayout +appender.rolling.layout.pattern = [%d{DEFAULT}][%-5p][%-25c] %.10000m%n +appender.rolling.policies.type = Policies +appender.rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.rolling.policies.size.size=100MB +appender.rolling.strategy.type = DefaultRolloverStrategy +appender.rolling.strategy.max = 5 +appender.rolling.strategy.fileIndex = min + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console +rootLogger.appenderRef.rolling.ref = rolling diff --git a/elasticsearch/templates/job-image-repo-sync.yaml b/elasticsearch/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..e85f48aec --- /dev/null +++ b/elasticsearch/templates/job-image-repo-sync.yaml @@ -0,0 +1,65 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_image_repo_sync }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: elasticsearch-image-repo-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "elasticsearch" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: image-repo-sync +{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: LOCAL_REPO + value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + - name: IMAGE_SYNC_LIST + value: "{{ include "helm-toolkit.utils.image_sync_list" . }}" + command: + - /tmp/image-repo-sync.sh + volumeMounts: + - name: elasticsearch-bin + mountPath: /tmp/image-repo-sync.sh + subPath: image-repo-sync.sh + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + volumes: + - name: elasticsearch-bin + configMap: + name: elasticsearch-bin + defaultMode: 0555 + - name: docker-socket + hostPath: + path: /var/run/docker.sock +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} +{{- end }} +{{- end }} diff --git a/elasticsearch/templates/pod-helm-tests.yaml b/elasticsearch/templates/pod-helm-tests.yaml new file mode 100644 index 000000000..cfd208095 --- /dev/null +++ b/elasticsearch/templates/pod-helm-tests.yaml @@ -0,0 +1,48 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.helm_tests }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{.Release.Name}}-test" + annotations: + "helm.sh/hook": test-success +spec: + restartPolicy: Never + containers: + - name: {{.Release.Name}}-helm-tests +{{ tuple $envAll "helm_tests" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} + command: + - /tmp/helm-tests.sh + env: + - name: ELASTICSEARCH_ENDPOINT + value: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} + volumeMounts: + - name: elastic-bin + mountPath: /tmp/helm-tests.sh + subPath: helm-tests.sh + readOnly: true + volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 4 }} + - name: elastic-bin + configMap: + name: elastic-bin + defaultMode: 0555 +{{- end }} diff --git a/elasticsearch/templates/rbac-entrypoint.yaml b/elasticsearch/templates/rbac-entrypoint.yaml new file mode 100644 index 000000000..311712ea9 --- /dev/null +++ b/elasticsearch/templates/rbac-entrypoint.yaml @@ -0,0 +1,19 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.rbac_entrypoint }} +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}} +{{- end }} diff --git a/elasticsearch/templates/service-data.yaml b/elasticsearch/templates/service-data.yaml new file mode 100644 index 000000000..e488ba63e --- /dev/null +++ b/elasticsearch/templates/service-data.yaml @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_data }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "elasticsearch" "data" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: transport + port: {{ .Values.network.data.port }} + {{- if .Values.network.data.node_port.enabled }} + nodePort: {{ .Values.network.data.node_port.port }} + {{- end }} + selector: +{{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{- if .Values.network.data.node_port.enabled }} + type: NodePort + {{- end }} +{{- end }} diff --git a/elasticsearch/templates/service-discovery.yaml b/elasticsearch/templates/service-discovery.yaml new file mode 100644 index 000000000..172c06ae2 --- /dev/null +++ b/elasticsearch/templates/service-discovery.yaml @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_discovery }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: transport + port: {{ .Values.network.discovery.port }} + {{- if .Values.network.discovery.node_port.enabled }} + nodePort: {{ .Values.network.discovery.node_port.port }} + {{- end }} + selector: +{{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{- if .Values.network.discovery.node_port.enabled }} + type: NodePort + {{- end }} +{{- end }} diff --git a/elasticsearch/templates/service-logging.yaml b/elasticsearch/templates/service-logging.yaml new file mode 100644 index 000000000..6048e818d --- /dev/null +++ b/elasticsearch/templates/service-logging.yaml @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_logging }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "elasticsearch" "default" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: {{ .Values.network.client.port }} + {{- if .Values.network.client.node_port.enabled }} + nodePort: {{ .Values.network.client.node_port.port }} + {{- end }} + selector: +{{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{- if .Values.network.client.node_port.enabled }} + type: NodePort + {{- end }} +{{- end }} diff --git a/elasticsearch/templates/serviceaccount.yaml b/elasticsearch/templates/serviceaccount.yaml new file mode 100644 index 000000000..1579d19b4 --- /dev/null +++ b/elasticsearch/templates/serviceaccount.yaml @@ -0,0 +1,22 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.serviceaccount }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elasticsearch +{{- end }} diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml new file mode 100644 index 000000000..d23d5929d --- /dev/null +++ b/elasticsearch/templates/statefulset-data.yaml @@ -0,0 +1,140 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.statefulset_data }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.elasticsearch_data .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_data -}} +{{- end -}} +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: elasticsearch-data +spec: + serviceName: {{ tuple "elasticsearch" "data" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + replicas: {{ .Values.pod.replicas.data }} + template: + metadata: + labels: +{{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccount: elasticsearch + affinity: +{{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.data.timeout | default "600" }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: memory-map-increase + securityContext: + privileged: true + runAsUser: 0 +{{ tuple $envAll "memory_init" | include "helm-toolkit.snippets.image" | indent 10 }} + command: + - sysctl + - -w + - vm.max_map_count={{ .Values.conf.init.max_map_count }} + containers: + - name: elasticsearch-data + securityContext: + privileged: true + capabilities: + add: + - IPC_LOCK + - SYS_RESOURCE +{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.data | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }} + command: + - /tmp/elasticsearch.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/elasticsearch.sh + - stop + ports: + - name: transport + containerPort: {{ .Values.network.data.port }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NODE_MASTER + value: "false" + - name: NODE_DATA + value: "true" + - name: HTTP_ENABLE + value: "false" + - name: ES_JAVA_OPTS + value: "{{ .Values.conf.elasticsearch.env.java_opts }}" + - name: DISCOVERY_SERVICE + value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + volumeMounts: + - name: elastic-logs + mountPath: {{ .Values.conf.elasticsearch.path.logs }} + - name: elastic-bin + mountPath: /tmp/elasticsearch.sh + subPath: elasticsearch.sh + readOnly: true + - name: elastic-config + mountPath: /usr/share/elasticsearch/config + - name: elastic-etc + mountPath: /usr/share/elasticsearch/config/elasticsearch.yml + subPath: elasticsearch.yml + readOnly: true + - name: elastic-etc + mountPath: /usr/share/elasticsearch/config/log4j2.properties + subPath: log4j2.properties + readOnly: true + - name: storage + mountPath: {{ .Values.conf.elasticsearch.path.data }} + volumes: +{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }} + - name: elastic-logs + emptyDir: {} + - name: elastic-bin + configMap: + name: elastic-bin + defaultMode: 0555 + - name: elastic-config + emptyDir: {} + - name: elastic-etc + configMap: + name: elastic-etc + defaultMode: 0444 +{{- if not .Values.storage.enabled }} + - name: storage + emptyDir: {} +{{- else }} + volumeClaimTemplates: + - metadata: + name: storage + spec: + accessModes: {{ .Values.storage.pvc.access_mode }} + resources: + requests: + storage: {{ .Values.storage.requests.storage }} + storageClassName: {{ .Values.storage.storage_class }} +{{- end }} +{{- end }} diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml new file mode 100644 index 000000000..299bdaac5 --- /dev/null +++ b/elasticsearch/values.yaml @@ -0,0 +1,271 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for elasticsearch +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +images: + tags: + memory_init: docker.io/kolla/ubuntu-source-kolla-toolbox:4.0.0 + curator: docker.io/bobrik/curator:5.2.0 + elasticsearch: docker.io/elasticsearch:5.4.2 + helm_tests: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +dependencies: + elasticsearch_client: + services: null + elasticsearch_master: + services: null + elasticsearch_data: + services: null + curator: + services: null + image_repo_sync: + services: + - service: local_image_registry + endpoint: internal + +conditional_dependencies: + local_image_registry: + jobs: + - elasticsearch-image-repo-sync + services: + - service: local_image_registry + endpoint: node + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + replicas: + master: 3 + data: 3 + client: 2 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + termination_grace_period: + master: + timeout: 600 + data: + timeout: 600 + client: + timeout: 600 + resources: + enabled: false + client: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + master: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + data: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + curator: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +conf: + init: + max_map_count: 262144 + curator: + schedule: 1 0 * * * + action_file: | + --- + # Remember, leave a key empty if there is no value. None will be a string, + # not a Python "NoneType" + # + # Also remember that all examples have 'disable_action' set to True. If you + # want to use this action as a template, be sure to set this to False after + # copying it. + actions: + 1: + action: delete_indices + description: "Clean up ES by deleting old indices" + options: + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: 30 + field: + stats_result: + epoch: + exclude: False + config: | + --- + # Remember, leave a key empty if there is no value. None will be a string, + # not a Python "NoneType" + client: + hosts: + - elasticsearch-logging + port: 9200 + url_prefix: + use_ssl: False + certificate: + client_cert: + client_key: + ssl_no_validate: False + http_auth: + timeout: 30 + master_only: False + logging: + loglevel: INFO + logfile: + logformat: default + blacklist: ['elasticsearch', 'urllib3'] + elasticsearch: + override: + prefix: + append: + bootstrap: + memory_lock: true + cluster: + name: elasticsearch + network: + host: 0.0.0.0 + path: + data: /usr/share/elasticsearch/data + logs: /usr/share/elasticsearch/logs + zen: + min_masters: 2 + env: + java_opts: "-Xms256m -Xmx256m" + log4j2: + override: + prefix: + append: + +endpoints: + cluster_domain_suffix: cluster.local + elasticsearch: + name: elasticsearch + namespace: null + hosts: + data: elasticsearch-data + default: elasticsearch-logging + discovery: elasticsearch-discovery + public: elasticsearch + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + client: + default: 9200 + discovery: + default: 9300 + +network: + client: + port: 9200 + node_port: + enabled: false + port: 30920 + discovery: + port: 9300 + node_port: + enabled: false + port: 30930 + data: + port: 9300 + node_port: + enabled: false + port: 30931 + +storage: + enabled: true + pvc: + name: pvc-elastic + access_mode: [ "ReadWriteMany" ] + requests: + storage: 5Gi + storage_class: general + +manifests: + clusterrole: true + clusterrolebinding: true + configmap_bin: true + configmap_etc: true + cron_curator: true + deployment_client: true + deployment_master: true + job_image_repo_sync: true + helm_tests: true + rbac_entrypoint: true + serviceaccount: true + service_data: true + service_discovery: true + service_logging: true + statefulset_data: true diff --git a/tools/gate/chart-deploys/default.yaml b/tools/gate/chart-deploys/default.yaml index d2d3b7f8d..63255391f 100644 --- a/tools/gate/chart-deploys/default.yaml +++ b/tools/gate/chart-deploys/default.yaml @@ -28,6 +28,11 @@ chart_groups: - kube_state_metrics - alertmanager + - name: openstack_infra_logging + timeout: 600 + charts: + - openstack_elasticsearch + charts: docker_registry_nfs_provisioner: chart_name: nfs-provisioner @@ -122,3 +127,16 @@ charts: alertmanager: ingress: public: false + + openstack_elasticsearch: + chart_name: elasticsearch + release: elasticsearch + namespace: openstack + timeout: 300 + test: + enabled: true + timeout: 300 + output: false + values: + storage: + enabled: false