diff options
author | Alexander Dehn <alexander.dehn@highstreet-technologies.com> | 2020-02-05 14:38:54 +0000 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-04-20 07:00:43 +0000 |
commit | ab86ec1953e94d7382aff5df97f49e5c37e3a4e0 (patch) | |
tree | b6b548a56661862ca73e82ad477e8905fae8c035 /kubernetes/common/elasticsearch/templates | |
parent | 8b6aca77c122a18be98ef09d5dad13493c367035 (diff) |
[COMMON] helm chart for elastic db
Add elasticdb as common chart to oom
Issue-ID: SDNC-1061
Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com>
Change-Id: Id8c48113b8d4193d7f13991296f0307a29724c01
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Diffstat (limited to 'kubernetes/common/elasticsearch/templates')
9 files changed, 423 insertions, 0 deletions
diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl new file mode 100644 index 0000000000..fdbe82f855 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl @@ -0,0 +1,103 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} + + +{{ define "elasticsearch.clustername"}} +{{- printf "%s-%s" (include "common.name" .) "cluster" -}} +{{- end -}} + +{{/* +This define should be used instead of "common.fullname" to allow +special handling of kibanaEnabled=true +Create a default fully qualified coordinating name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "elasticsearch.coordinating.fullname" -}} +{{- if .Values.global.kibanaEnabled -}} +{{- printf "%s-%s" .Release.Name .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" (include "common.fullname" .) .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the master service account to use + */}} +{{- define "elasticsearch.master.serviceAccountName" -}} +{{- if .Values.master.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "master" "dot" .)) .Values.master.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.master.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the coordinating-only service account to use + */}} +{{- define "elasticsearch.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.fullname" . ) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the data service account to use + */}} +{{- define "elasticsearch.data.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "data" "dot" .)) .Values.data.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "elasticsearch.imagePullSecrets" -}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +{{- else }} +{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}} +{{- if $imagePullSecrets }} +imagePullSecrets: +{{- range $imagePullSecrets }} + - name: {{ . }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "elasticsearch.curator.serviceAccountName" -}} +{{- if .Values.curator.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.curator.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml new file mode 100644 index 0000000000..b4e0044891 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml @@ -0,0 +1,33 @@ + +{{ if .Values.global.aafEnabled }} +{{/* +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.aafConfig.addconfig -}} +apiVersion: v1 +kind: ConfigMap +{{ $suffix := "aaf-add-config" -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: |- + cd /opt/app/osaaf/local + mkdir -p certs + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0) + keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.aafConfig.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password + openssl pkcs12 -in {{ .Values.aafConfig.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12 + cp {{ .Values.aafConfig.fqi_namespace }}.key certs/key.pem + chmod -R 755 certs +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml new file mode 100644 index 0000000000..38234da0cf --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.config }} +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: + elasticsearch.yml: |- {{- toYaml .Values.config | nindent 4 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml new file mode 100644 index 0000000000..49ce0ef76a --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.nginx.serverBlock -}} + +apiVersion: v1 +kind: ConfigMap +{{ $suffix := "nginx-server-block" -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + server-block.conf: |- +{{ if .Values.global.aafEnabled }} +{{ .Values.nginx.serverBlock.https | indent 4 }} +{{ else }} +{{ .Values.nginx.serverBlock.http | indent 4 }} + + +{{ end }} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml new file mode 100644 index 0000000000..65a7f462e1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -0,0 +1,167 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +{{ $role := "coordinating-only" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} + spec: +{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + + ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) + initContainers: + {{- if .Values.sysctlImage.enabled }} + - name: sysctl + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + set -o errexit + set -o pipefail + set -o nounset + sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 + securityContext: + privileged: true + {{- end }} + {{ include "common.aaf-config" . | nindent 8}} + + containers: + - name: {{ include "common.name" . }}-nginx + image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.nginx.imageName .Values.nginx.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }} + ports: {{- include "common.containerPorts" . | indent 12 -}} + {{- if .Values.nginx.livenessProbe }} + livenessProbe: {{- toYaml .Values.nginx.livenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.nginx.readinessProbe }} + readinessProbe: {{- toYaml .Values.nginx.readinessProbe | nindent 12 }} + {{- end }} + {{- if .Values.nginx.resources }} + resources: {{- toYaml .Values.nginx.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.nginx.serverBlock }} + - name: nginx-server-block + mountPath: /opt/bitnami/nginx/conf/server_blocks + {{- end }} + {{- include "common.aaf-config-volume-mountpath" . | nindent 10 }} + + - name: {{ include "common.name" . }}-elasticsearch + image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + {{- if .Values.securityContext.enabled }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: ELASTICSEARCH_CLUSTER_NAME + value: {{ include "elasticsearch.clustername" .}} + - name: ELASTICSEARCH_CLUSTER_HOSTS + value: {{ include "common.name" . }}-discovery + {{- if .Values.plugins }} + - name: ELASTICSEARCH_PLUGINS + value: {{ .Values.plugins | quote }} + {{- end }} + - name: ELASTICSEARCH_HEAP_SIZE + value: {{ .Values.heapSize | quote }} + - name: ELASTICSEARCH_IS_DEDICATED_NODE + value: "yes" + - name: ELASTICSEARCH_NODE_TYPE + value: "coordinating" + - name: ELASTICSEARCH_PORT_NUMBER + value: "9000" + {{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: http + {{- end }} + {{- if .Values.readinessProbe.enabled}} + readinessProbe: + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: http + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end}} + volumeMounts: + {{- if .Values.config }} + - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml + name: config + subPath: elasticsearch.yml + {{- end }} + - name: data + mountPath: "/bitnami/elasticsearch/data/" + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + {{- if .Values.config }} + - name: config + configMap: + name: {{ include "common.fullname" . }} + {{- end }} + - name: data + emptyDir: {} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + {{- if .Values.nginx.serverBlock }} + - name: nginx-server-block + configMap: + name: {{ include "common.fullname" . }}-nginx-server-block + {{- end }} + {{- include "common.aaf-config-volumes" . | nindent 8}} + diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml new file mode 100644 index 0000000000..610c7d68c1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ $role := "coordinating-only" -}} +{{ $labels := (dict "role" $role) -}} +{{ $matchLabels := (dict "role" $role) }} +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml new file mode 100644 index 0000000000..fa79c29eca --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }} +{{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }} diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml new file mode 100644 index 0000000000..359e8975e1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml new file mode 100644 index 0000000000..49ad504da6 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.global.coordinating.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} |