diff options
Diffstat (limited to 'kubernetes/common/elasticsearch')
14 files changed, 271 insertions, 98 deletions
diff --git a/kubernetes/common/elasticsearch/.helmignore b/kubernetes/common/elasticsearch/.helmignore index 0bab41b6b1..569baddc3a 100644 --- a/kubernetes/common/elasticsearch/.helmignore +++ b/kubernetes/common/elasticsearch/.helmignore @@ -2,6 +2,7 @@ # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store + # Common VCS dirs .git/ .gitignore @@ -10,23 +11,30 @@ .hg/ .hgignore .svn/ + # Common backup files *.swp *.bak *.tmp *~ + # Various IDEs .project .idea/ +.vscode/ *.tmproj + # Project/CI/CD related items .gitlab .gitlab-ci.yml +.gitignore .dockerignore + # Helm build files .helmignore .cache/ .config/ .local/ + # OOM specific dirs components/ diff --git a/kubernetes/common/elasticsearch/Chart.yaml b/kubernetes/common/elasticsearch/Chart.yaml index 48de2c0502..cb43539ba2 100644 --- a/kubernetes/common/elasticsearch/Chart.yaml +++ b/kubernetes/common/elasticsearch/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP elasticsearch name: elasticsearch -version: 13.0.0 +version: 13.0.1 dependencies: - name: common diff --git a/kubernetes/common/elasticsearch/components/curator/Chart.yaml b/kubernetes/common/elasticsearch/components/curator/Chart.yaml index baceb1dadc..85bbd67a77 100644 --- a/kubernetes/common/elasticsearch/components/curator/Chart.yaml +++ b/kubernetes/common/elasticsearch/components/curator/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP elasticsearch curator name: curator -version: 13.0.0 +version: 13.0.1 dependencies: - name: common diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml index ff63cf00b1..a27fbb39ca 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml @@ -51,7 +51,8 @@ spec: {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName | quote }} {{- end }} -{{- include "elasticsearch.imagePullSecrets" . | indent 10 }} + {{- include "elasticsearch.imagePullSecrets" . | indent 10 }} + {{ include "common.podSecurityContext" . | indent 10 | trim }} {{- if .Values.extraInitContainers }} initContainers: {{- range $key, $value := .Values.extraInitContainers }} @@ -71,13 +72,11 @@ spec: {{- if .Values.tolerations }} tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 12 }} {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- end }} containers: - name: {{ template "common.fullname" . }}-curator image: {{printf "%s/%s" (include "repositoryGenerator.repository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 14 | trim }} volumeMounts: - name: config-volume mountPath: /etc/es-curator diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml index d02d017108..40078be0df 100644 --- a/kubernetes/common/elasticsearch/components/curator/values.yaml +++ b/kubernetes/common/elasticsearch/components/curator/values.yaml @@ -175,3 +175,6 @@ extraInitContainers: {} # "storage_class": "${S3_STORAGE_CLASS}" # } # } +securityContext: + user_id: 1000 + group_id: 1000 diff --git a/kubernetes/common/elasticsearch/components/data/Chart.yaml b/kubernetes/common/elasticsearch/components/data/Chart.yaml index 30c925aba7..82858cedb9 100644 --- a/kubernetes/common/elasticsearch/components/data/Chart.yaml +++ b/kubernetes/common/elasticsearch/components/data/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP elasticsearch data name: data -version: 13.0.0 +version: 13.0.1 dependencies: - name: common diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml index e6c5a87f5c..dc8562b8fc 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -44,17 +44,21 @@ spec: {{- if .Values.tolerations }} tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: {{- if .Values.sysctlImage.enabled }} ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) - name: sysctl image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 5m + memory: 20Mi command: - /bin/sh - -c @@ -62,37 +66,35 @@ spec: set -o errexit set -o pipefail set -o nounset - sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 - securityContext: - privileged: true + volumeMounts: + - mountPath: /etc/sysctl.conf + name: config + subPath: sysctl.conf {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "repositoryGenerator.image.busybox" . }} + - name: {{ include "common.name" . }}-config-copy + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 5m + memory: 20Mi command: - /bin/sh - -c - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resource }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} + cp -R /opt/bitnami/elasticsearch/config/. /opt/bitnami/elasticsearch/config_rw volumeMounts: - - name: data - mountPath: "/bitnami/elasticsearch/data" - {{- end }} - {{- end }} + - mountPath: /opt/bitnami/elasticsearch/config_rw + name: bitnami-config containers: - name: {{ include "common.name" . }}-data - image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .) .Values.image }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} env: - name: BITNAMI_DEBUG value: {{ ternary "true" "false" .Values.debug | quote }} @@ -143,28 +145,52 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} {{- end }} volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /opt/bitnami/elasticsearch/logs + name: bitnami-logs + - mountPath: /opt/bitnami/elasticsearch/tmp + name: bitnami-tmp + - mountPath: /opt/bitnami/elasticsearch/config + name: bitnami-config {{- if .Values.config }} - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml name: "config" subPath: elasticsearch.yml {{- end }} + {{- if .Values.sysctlImage.enabled }} + - mountPath: /etc/sysctl.conf + name: config + subPath: sysctl.conf + {{- end }} - name: "data" mountPath: "/bitnami/elasticsearch/data" {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} volumes: - {{- if .Values.config }} - name: "config" configMap: name: {{ template "common.fullname" . }} - {{- end }} + - emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} + name: tmp + - emptyDir: + sizeLimit: {{ .Values.volumes.bitnamiLogsSizeLimit }} + name: bitnami-logs + - emptyDir: + sizeLimit: {{ .Values.volumes.bitnamiTmpSizeLimit }} + name: bitnami-tmp + - emptyDir: + sizeLimit: {{ .Values.volumes.bitnamiConfigSizeLimit }} + name: bitnami-config {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} {{- if not .Values.persistence.enabled }} - name: "data" - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.dataSizeLimit }} {{- else }} volumeClaimTemplates: - metadata: diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml index 3f9992aaba..25dc7e7911 100644 --- a/kubernetes/common/elasticsearch/components/data/values.yaml +++ b/kubernetes/common/elasticsearch/components/data/values.yaml @@ -82,9 +82,8 @@ podAnnotations: {} ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 + user_id: 1001 + group_id: 1001 ## Affinity for pod assignment. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## @@ -170,3 +169,9 @@ serviceAccount: ## If not set and create is true, a name is generated using the fullname template ## # name: +volumes: + logSizeLimit: 300Mi + tmpSizeLimit: 100Mi + bitnamiLogsSizeLimit: 200Mi + bitnamiTmpSizeLimit: 100Mi + bitnamiConfigSizeLimit: 50Mi diff --git a/kubernetes/common/elasticsearch/components/master/Chart.yaml b/kubernetes/common/elasticsearch/components/master/Chart.yaml index e481c7cd4b..30802dafbf 100644 --- a/kubernetes/common/elasticsearch/components/master/Chart.yaml +++ b/kubernetes/common/elasticsearch/components/master/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP elasticsearch master name: master -version: 13.0.0 +version: 13.0.1 dependencies: - name: common diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml index 8ee0fc50db..54b427c80d 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -42,17 +42,21 @@ spec: {{- if .Values.tolerations }} tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: {{- if .Values.sysctlImage.enabled }} ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) - name: sysctl image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 5m + memory: 20Mi command: - /bin/sh - -c @@ -60,37 +64,35 @@ spec: set -o errexit set -o pipefail set -o nounset - sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 - securityContext: - privileged: true + volumeMounts: + - mountPath: /etc/sysctl.conf + name: config + subPath: sysctl.conf {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "repositoryGenerator.image.busybox" . }} + - name: {{ include "common.name" . }}-config-copy + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 5m + memory: 20Mi command: - /bin/sh - -c - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resource }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} + cp -R /opt/bitnami/elasticsearch/config/. /opt/bitnami/elasticsearch/config_rw volumeMounts: - - name: data - mountPath: "/bitnami/elasticsearch/data" - {{- end }} - {{- end }} + - mountPath: /opt/bitnami/elasticsearch/config_rw + name: bitnami-config containers: - name: {{ include "common.name" . }}-master - image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .) .Values.image }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} env: - name: BITNAMI_DEBUG value: {{ ternary "true" "false" .Values.debug | quote }} @@ -147,6 +149,14 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} {{- end }} volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /opt/bitnami/elasticsearch/logs + name: bitnami-logs + - mountPath: /opt/bitnami/elasticsearch/tmp + name: bitnami-tmp + - mountPath: /opt/bitnami/elasticsearch/config + name: bitnami-config {{- if .Values.config }} - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml name: config @@ -158,17 +168,28 @@ spec: {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} volumes: - {{- if .Values.config }} - name: config configMap: name: {{ include "common.fullname" . }} - {{- end }} + - emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} + name: tmp + - emptyDir: + sizeLimit: {{ .Values.volumes.bitnamiLogsSizeLimit }} + name: bitnami-logs + - emptyDir: + sizeLimit: {{ .Values.volumes.bitnamiTmpSizeLimit }} + name: bitnami-tmp + - emptyDir: + sizeLimit: {{ .Values.volumes.bitnamiConfigSizeLimit }} + name: bitnami-config {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} {{- if not .Values.persistence.enabled }} - name: "data" - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.dataSizeLimit }} {{- else }} volumeClaimTemplates: - metadata: diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml index a3a219ee31..0837132db4 100644 --- a/kubernetes/common/elasticsearch/components/master/values.yaml +++ b/kubernetes/common/elasticsearch/components/master/values.yaml @@ -85,9 +85,8 @@ podAnnotations: {} ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 + user_id: 1001 + group_id: 1001 ## Affinity for pod assignment. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## @@ -202,3 +201,10 @@ serviceAccount: ## Elasticsearch cluster name ## clusterName: elastic-cluster + +volumes: + logSizeLimit: 300Mi + tmpSizeLimit: 100Mi + bitnamiLogsSizeLimit: 200Mi + bitnamiTmpSizeLimit: 100Mi + bitnamiConfigSizeLimit: 50Mi diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml index 7138e4e094..d844d08240 100644 --- a/kubernetes/common/elasticsearch/templates/configmap-es.yaml +++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml @@ -13,10 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{- if .Values.config }} apiVersion: v1 kind: ConfigMap metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: + {{- if .Values.config }} elasticsearch.yml: |- {{- toYaml .Values.config | nindent 4 }} -{{- end }} + {{- end }} + sysctl.conf: |- {{- toYaml .Values.sysctl_conf | nindent 4 }} diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml index 0bc6de2b9b..08c93031fb 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -41,17 +41,22 @@ spec: tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} {{- end }} serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - + {{ include "common.podSecurityContext" . | indent 6 | trim }} ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) initContainers: - {{- if .Values.sysctlImage.enabled }} + {{- if .Values.sysctlImage.enabled }} + ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) - name: sysctl image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 5m + memory: 20Mi command: - /bin/sh - -c @@ -59,11 +64,52 @@ spec: set -o errexit set -o pipefail set -o nounset - sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 - securityContext: - privileged: true - {{- end }} - + volumeMounts: + - mountPath: /etc/sysctl.conf + name: config + subPath: sysctl.conf + {{- end }} + - name: {{ include "common.name" . }}-config-copy + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 5m + memory: 20Mi + command: + - /bin/sh + - -c + - | + cp -R /opt/bitnami/elasticsearch/config/. /opt/bitnami/elasticsearch/config_rw + volumeMounts: + - mountPath: /opt/bitnami/elasticsearch/config_rw + name: bitnami-config + - name: {{ include "common.name" . }}-nginx-config-copy + image: {{ include "repositoryGenerator.image.nginx" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 5m + memory: 20Mi + command: + - /bin/sh + - -c + - | + cp -R /opt/bitnami/nginx/conf/. /opt/bitnami/nginx/conf_rw; + cp -R /opt/bitnami/nginx/logs/. /opt/bitnami/nginx/logs_rw + volumeMounts: + - mountPath: /opt/bitnami/nginx/conf_rw + name: nginx-config + - mountPath: /opt/bitnami/nginx/logs_rw + name: nginx-logs containers: - name: {{ include "common.name" . }}-nginx image: {{ include "repositoryGenerator.image.nginx" . }} @@ -78,7 +124,14 @@ spec: {{- if .Values.nginx.resources }} resources: {{- toYaml .Values.nginx.resources | nindent 12 }} {{- end }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} volumeMounts: + - mountPath: /opt/bitnami/nginx/conf + name: nginx-config + - mountPath: /opt/bitnami/nginx/tmp + name: nginx-tmp + - mountPath: /opt/bitnami/nginx/logs + name: nginx-logs {{- if .Values.nginx.serverBlock }} - name: nginx-server-block mountPath: /opt/bitnami/nginx/conf/server_blocks @@ -86,11 +139,8 @@ spec: - name: {{ include "common.name" . }}-elasticsearch image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} - {{- if .Values.securityContext.enabled }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} env: - name: BITNAMI_DEBUG value: {{ ternary "true" "false" .Values.debug | quote }} @@ -143,6 +193,14 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} {{- end}} volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /opt/bitnami/elasticsearch/logs + name: bitnami-logs + - mountPath: /opt/bitnami/elasticsearch/tmp + name: bitnami-tmp + - mountPath: /opt/bitnami/elasticsearch/config + name: bitnami-config {{- if .Values.config }} - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml name: config @@ -154,13 +212,33 @@ spec: {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} volumes: - {{- if .Values.config }} - name: config configMap: name: {{ include "common.fullname" . }} - {{- end }} + - emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} + name: tmp + - emptyDir: + sizeLimit: {{ .Values.volumes.bitnamiLogsSizeLimit }} + name: bitnami-logs + - emptyDir: + sizeLimit: {{ .Values.volumes.bitnamiTmpSizeLimit }} + name: bitnami-tmp + - emptyDir: + sizeLimit: {{ .Values.volumes.bitnamiConfigSizeLimit }} + name: bitnami-config + - emptyDir: + sizeLimit: {{ .Values.volumes.nginxLogsSizeLimit }} + name: nginx-logs + - emptyDir: + sizeLimit: {{ .Values.volumes.nginxTmpSizeLimit }} + name: nginx-tmp + - emptyDir: + sizeLimit: {{ .Values.volumes.nginxConfigSizeLimit }} + name: nginx-config - name: data - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.dataSizeLimit }} {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml index 7851f2804f..569adb0c91 100644 --- a/kubernetes/common/elasticsearch/values.yaml +++ b/kubernetes/common/elasticsearch/values.yaml @@ -71,9 +71,9 @@ podAnnotations: {} ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 + user_id: 1001 + group_id: 1001 + ## Affinity for pod assignment. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## @@ -93,12 +93,24 @@ resources: ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. - limits: {} - # cpu: "100m" - # memory: "100Mi" + limits: + cpu: "500m" + memory: 4Gi requests: cpu: "25m" memory: "200Mi" + +volumes: + dataSizeLimit: 200Mi + logSizeLimit: 300Mi + tmpSizeLimit: 100Mi + bitnamiLogsSizeLimit: 200Mi + bitnamiTmpSizeLimit: 100Mi + bitnamiConfigSizeLimit: 50Mi + nginxLogsSizeLimit: 200Mi + nginxTmpSizeLimit: 100Mi + nginxConfigSizeLimit: 50Mi + ## Elasticsearch coordinating-only container's liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @@ -144,6 +156,13 @@ sysctlImage: # nginx image nginx: pullPolicy: IfNotPresent + resources: + limits: + cpu: "500m" + memory: "400Mi" + requests: + cpu: "25m" + memory: "50Mi" service: name: nginx ports: @@ -260,6 +279,13 @@ service: ## ################################################################# +# system ctl configuration +################################################################# +sysctl_conf: |- + vm.max_map_count=262144 + fs.file-max=65536 + +################################################################# # subcharts configuration defaults. ################################################################# |