aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/common/elasticsearch/components
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2025-02-10 11:57:45 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2025-02-23 11:53:14 +0000
commitd9c3cc6c8dc375df464fd0cdf009572d7bc3831b (patch)
treeedf8bb691a2a393869bc970c3e441eabee43c027 /kubernetes/common/elasticsearch/components
parentdc8cf1efa5e069173351ffcc8d065478fdeac3d5 (diff)
[COMMON] Add label template and make jobs GitOps ready
- update label template and use it within the resource definitions - add jobAnnotations in DB init jobs to make them GitOps ready - add bitnami/common chart to nginx and fix lint errors Issue-ID: OOM-3327 Issue-ID: OOM-3329 Change-Id: I72b1adad43ff479e46f6db2834c627d74c97a20c Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Diffstat (limited to 'kubernetes/common/elasticsearch/components')
-rw-r--r--kubernetes/common/elasticsearch/components/curator/Chart.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml7
-rw-r--r--kubernetes/common/elasticsearch/components/curator/values.yaml3
-rw-r--r--kubernetes/common/elasticsearch/components/data/Chart.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml84
-rw-r--r--kubernetes/common/elasticsearch/components/data/values.yaml11
-rw-r--r--kubernetes/common/elasticsearch/components/master/Chart.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml79
-rw-r--r--kubernetes/common/elasticsearch/components/master/values.yaml12
9 files changed, 131 insertions, 71 deletions
diff --git a/kubernetes/common/elasticsearch/components/curator/Chart.yaml b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
index baceb1dadc..85bbd67a77 100644
--- a/kubernetes/common/elasticsearch/components/curator/Chart.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP elasticsearch curator
name: curator
-version: 13.0.0
+version: 13.0.1
dependencies:
- name: common
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
index ff63cf00b1..a27fbb39ca 100644
--- a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
@@ -51,7 +51,8 @@ spec:
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
-{{- include "elasticsearch.imagePullSecrets" . | indent 10 }}
+ {{- include "elasticsearch.imagePullSecrets" . | indent 10 }}
+ {{ include "common.podSecurityContext" . | indent 10 | trim }}
{{- if .Values.extraInitContainers }}
initContainers:
{{- range $key, $value := .Values.extraInitContainers }}
@@ -71,13 +72,11 @@ spec:
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 12 }}
{{- end }}
- {{- if .Values.securityContext }}
- securityContext: {{- toYaml .Values.securityContext | nindent 12 }}
- {{- end }}
containers:
- name: {{ template "common.fullname" . }}-curator
image: {{printf "%s/%s" (include "repositoryGenerator.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 14 | trim }}
volumeMounts:
- name: config-volume
mountPath: /etc/es-curator
diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml
index d02d017108..40078be0df 100644
--- a/kubernetes/common/elasticsearch/components/curator/values.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/values.yaml
@@ -175,3 +175,6 @@ extraInitContainers: {}
# "storage_class": "${S3_STORAGE_CLASS}"
# }
# }
+securityContext:
+ user_id: 1000
+ group_id: 1000
diff --git a/kubernetes/common/elasticsearch/components/data/Chart.yaml b/kubernetes/common/elasticsearch/components/data/Chart.yaml
index 30c925aba7..82858cedb9 100644
--- a/kubernetes/common/elasticsearch/components/data/Chart.yaml
+++ b/kubernetes/common/elasticsearch/components/data/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP elasticsearch data
name: data
-version: 13.0.0
+version: 13.0.1
dependencies:
- name: common
diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
index e6c5a87f5c..dc8562b8fc 100644
--- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
@@ -44,17 +44,21 @@ spec:
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
- {{- if .Values.securityContext.enabled }}
- securityContext:
- fsGroup: {{ .Values.securityContext.fsGroup }}
- {{- end }}
- {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ resources:
+ limits:
+ cpu: 20m
+ memory: 50Mi
+ requests:
+ cpu: 5m
+ memory: 20Mi
command:
- /bin/sh
- -c
@@ -62,37 +66,35 @@ spec:
set -o errexit
set -o pipefail
set -o nounset
- sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
- securityContext:
- privileged: true
+ volumeMounts:
+ - mountPath: /etc/sysctl.conf
+ name: config
+ subPath: sysctl.conf
{{- end }}
- {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- - name: volume-permissions
- image: {{ include "repositoryGenerator.image.busybox" . }}
+ - name: {{ include "common.name" . }}-config-copy
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ resources:
+ limits:
+ cpu: 20m
+ memory: 50Mi
+ requests:
+ cpu: 5m
+ memory: 20Mi
command:
- /bin/sh
- -c
- |
- chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data
- securityContext:
- runAsUser: 0
- {{- if .Values.volumePermissions.resource }}
- resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
- {{- end }}
+ cp -R /opt/bitnami/elasticsearch/config/. /opt/bitnami/elasticsearch/config_rw
volumeMounts:
- - name: data
- mountPath: "/bitnami/elasticsearch/data"
- {{- end }}
- {{- end }}
+ - mountPath: /opt/bitnami/elasticsearch/config_rw
+ name: bitnami-config
containers:
- name: {{ include "common.name" . }}-data
- image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .) .Values.image }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.securityContext.enabled }}
- securityContext:
- runAsUser: {{ .Values.securityContext.runAsUser }}
- {{- end }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.debug | quote }}
@@ -143,28 +145,52 @@ spec:
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
+ - mountPath: /tmp
+ name: tmp
+ - mountPath: /opt/bitnami/elasticsearch/logs
+ name: bitnami-logs
+ - mountPath: /opt/bitnami/elasticsearch/tmp
+ name: bitnami-tmp
+ - mountPath: /opt/bitnami/elasticsearch/config
+ name: bitnami-config
{{- if .Values.config }}
- mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
name: "config"
subPath: elasticsearch.yml
{{- end }}
+ {{- if .Values.sysctlImage.enabled }}
+ - mountPath: /etc/sysctl.conf
+ name: config
+ subPath: sysctl.conf
+ {{- end }}
- name: "data"
mountPath: "/bitnami/elasticsearch/data"
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
volumes:
- {{- if .Values.config }}
- name: "config"
configMap:
name: {{ template "common.fullname" . }}
- {{- end }}
+ - emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ name: tmp
+ - emptyDir:
+ sizeLimit: {{ .Values.volumes.bitnamiLogsSizeLimit }}
+ name: bitnami-logs
+ - emptyDir:
+ sizeLimit: {{ .Values.volumes.bitnamiTmpSizeLimit }}
+ name: bitnami-tmp
+ - emptyDir:
+ sizeLimit: {{ .Values.volumes.bitnamiConfigSizeLimit }}
+ name: bitnami-config
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: "data"
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.dataSizeLimit }}
{{- else }}
volumeClaimTemplates:
- metadata:
diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml
index 3f9992aaba..25dc7e7911 100644
--- a/kubernetes/common/elasticsearch/components/data/values.yaml
+++ b/kubernetes/common/elasticsearch/components/data/values.yaml
@@ -82,9 +82,8 @@ podAnnotations: {}
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
- enabled: true
- fsGroup: 1001
- runAsUser: 1001
+ user_id: 1001
+ group_id: 1001
## Affinity for pod assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
@@ -170,3 +169,9 @@ serviceAccount:
## If not set and create is true, a name is generated using the fullname template
##
# name:
+volumes:
+ logSizeLimit: 300Mi
+ tmpSizeLimit: 100Mi
+ bitnamiLogsSizeLimit: 200Mi
+ bitnamiTmpSizeLimit: 100Mi
+ bitnamiConfigSizeLimit: 50Mi
diff --git a/kubernetes/common/elasticsearch/components/master/Chart.yaml b/kubernetes/common/elasticsearch/components/master/Chart.yaml
index e481c7cd4b..30802dafbf 100644
--- a/kubernetes/common/elasticsearch/components/master/Chart.yaml
+++ b/kubernetes/common/elasticsearch/components/master/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: ONAP elasticsearch master
name: master
-version: 13.0.0
+version: 13.0.1
dependencies:
- name: common
diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
index 8ee0fc50db..54b427c80d 100644
--- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
@@ -42,17 +42,21 @@ spec:
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
- {{- if .Values.securityContext.enabled }}
- securityContext:
- fsGroup: {{ .Values.securityContext.fsGroup }}
- {{- end }}
- {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ resources:
+ limits:
+ cpu: 20m
+ memory: 50Mi
+ requests:
+ cpu: 5m
+ memory: 20Mi
command:
- /bin/sh
- -c
@@ -60,37 +64,35 @@ spec:
set -o errexit
set -o pipefail
set -o nounset
- sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
- securityContext:
- privileged: true
+ volumeMounts:
+ - mountPath: /etc/sysctl.conf
+ name: config
+ subPath: sysctl.conf
{{- end }}
- {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- - name: volume-permissions
- image: {{ include "repositoryGenerator.image.busybox" . }}
+ - name: {{ include "common.name" . }}-config-copy
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ resources:
+ limits:
+ cpu: 20m
+ memory: 50Mi
+ requests:
+ cpu: 5m
+ memory: 20Mi
command:
- /bin/sh
- -c
- |
- chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data
- securityContext:
- runAsUser: 0
- {{- if .Values.volumePermissions.resource }}
- resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
- {{- end }}
+ cp -R /opt/bitnami/elasticsearch/config/. /opt/bitnami/elasticsearch/config_rw
volumeMounts:
- - name: data
- mountPath: "/bitnami/elasticsearch/data"
- {{- end }}
- {{- end }}
+ - mountPath: /opt/bitnami/elasticsearch/config_rw
+ name: bitnami-config
containers:
- name: {{ include "common.name" . }}-master
- image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .) .Values.image }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.securityContext.enabled }}
- securityContext:
- runAsUser: {{ .Values.securityContext.runAsUser }}
- {{- end }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.debug | quote }}
@@ -147,6 +149,14 @@ spec:
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
+ - mountPath: /tmp
+ name: tmp
+ - mountPath: /opt/bitnami/elasticsearch/logs
+ name: bitnami-logs
+ - mountPath: /opt/bitnami/elasticsearch/tmp
+ name: bitnami-tmp
+ - mountPath: /opt/bitnami/elasticsearch/config
+ name: bitnami-config
{{- if .Values.config }}
- mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
name: config
@@ -158,17 +168,28 @@ spec:
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
volumes:
- {{- if .Values.config }}
- name: config
configMap:
name: {{ include "common.fullname" . }}
- {{- end }}
+ - emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ name: tmp
+ - emptyDir:
+ sizeLimit: {{ .Values.volumes.bitnamiLogsSizeLimit }}
+ name: bitnami-logs
+ - emptyDir:
+ sizeLimit: {{ .Values.volumes.bitnamiTmpSizeLimit }}
+ name: bitnami-tmp
+ - emptyDir:
+ sizeLimit: {{ .Values.volumes.bitnamiConfigSizeLimit }}
+ name: bitnami-config
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: "data"
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.dataSizeLimit }}
{{- else }}
volumeClaimTemplates:
- metadata:
diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml
index a3a219ee31..0837132db4 100644
--- a/kubernetes/common/elasticsearch/components/master/values.yaml
+++ b/kubernetes/common/elasticsearch/components/master/values.yaml
@@ -85,9 +85,8 @@ podAnnotations: {}
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
- enabled: true
- fsGroup: 1001
- runAsUser: 1001
+ user_id: 1001
+ group_id: 1001
## Affinity for pod assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
@@ -202,3 +201,10 @@ serviceAccount:
## Elasticsearch cluster name
##
clusterName: elastic-cluster
+
+volumes:
+ logSizeLimit: 300Mi
+ tmpSizeLimit: 100Mi
+ bitnamiLogsSizeLimit: 200Mi
+ bitnamiTmpSizeLimit: 100Mi
+ bitnamiConfigSizeLimit: 50Mi