summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/cassandra/templates/statefulset.yaml2
-rw-r--r--kubernetes/common/common/templates/_service.tpl8
-rw-r--r--kubernetes/common/elasticsearch/Chart.yaml19
-rw-r--r--kubernetes/common/elasticsearch/components/curator/Chart.yaml19
-rw-r--r--kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml74
-rw-r--r--kubernetes/common/elasticsearch/components/curator/requirements.yaml18
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml24
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml112
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml46
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/role.yaml32
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml29
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml21
-rw-r--r--kubernetes/common/elasticsearch/components/curator/values.yaml180
-rw-r--r--kubernetes/common/elasticsearch/components/data/Chart.yaml19
-rw-r--r--kubernetes/common/elasticsearch/components/data/requirements.yaml18
-rw-r--r--kubernetes/common/elasticsearch/components/data/templates/pv.yaml15
-rw-r--r--kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml21
-rw-r--r--kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml175
-rw-r--r--kubernetes/common/elasticsearch/components/data/values.yaml170
-rw-r--r--kubernetes/common/elasticsearch/components/master/Chart.yaml20
-rw-r--r--kubernetes/common/elasticsearch/components/master/requirements.yaml18
-rw-r--r--kubernetes/common/elasticsearch/components/master/templates/pv.yaml15
-rw-r--r--kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml23
-rw-r--r--kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml179
-rw-r--r--kubernetes/common/elasticsearch/components/master/templates/svc.yaml19
-rw-r--r--kubernetes/common/elasticsearch/components/master/values.yaml203
-rw-r--r--kubernetes/common/elasticsearch/requirements.yaml30
-rw-r--r--kubernetes/common/elasticsearch/templates/_helpers.tpl103
-rw-r--r--kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml33
-rw-r--r--kubernetes/common/elasticsearch/templates/configmap-es.yaml20
-rw-r--r--kubernetes/common/elasticsearch/templates/configmap-server-block.yaml31
-rw-r--r--kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml167
-rw-r--r--kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml18
-rw-r--r--kubernetes/common/elasticsearch/templates/discovery-svc.yaml15
-rw-r--r--kubernetes/common/elasticsearch/templates/secrets.yaml15
-rw-r--r--kubernetes/common/elasticsearch/templates/serviceaccount.yaml21
-rw-r--r--kubernetes/common/elasticsearch/values.yaml329
-rw-r--r--kubernetes/common/mariadb-galera/values.yaml2
38 files changed, 2257 insertions, 6 deletions
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index 16aa27f68a..96139ce988 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -28,7 +28,7 @@ spec:
hostNetwork: {{ .Values.hostNetwork }}
containers:
- name: {{ include "common.name" . }}
- image: {{ .Values.image }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 8 }}
volumeMounts:
diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl
index 7d3177e695..3d745ed819 100644
--- a/kubernetes/common/common/templates/_service.tpl
+++ b/kubernetes/common/common/templates/_service.tpl
@@ -222,8 +222,8 @@ spec:
{{- $labels := default (dict) .labels -}}
{{- $matchLabels := default (dict) .matchLabels -}}
-{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
+{{- if (and (include "common.needTLS" $dot) $both_tls_and_plain) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
{{- if (ne $serviceType "ClusterIP") }}
---
{{- if $suffix }}
@@ -231,10 +231,10 @@ spec:
{{- else }}
{{- $suffix = "external" }}
{{- end }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
{{- end }}
{{- else }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
{{- end }}
{{- end -}}
diff --git a/kubernetes/common/elasticsearch/Chart.yaml b/kubernetes/common/elasticsearch/Chart.yaml
new file mode 100644
index 0000000000..517905641f
--- /dev/null
+++ b/kubernetes/common/elasticsearch/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch
+name: elasticsearch
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/curator/Chart.yaml b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
new file mode 100644
index 0000000000..d1eaa61bc2
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch curator
+name: curator
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
new file mode 100644
index 0000000000..7e73420e13
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
@@ -0,0 +1,74 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+{{- range $kind, $enabled := .Values.hooks }}
+{{- if $enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-curator-on-{{ $kind }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 2 }}
+ role: "curator"
+ annotations:
+ "helm.sh/hook": post-{{ $kind }}
+ "helm.sh/hook-weight": "1"
+{{- if $.Values.cronjob.annotations }}
+{{ toYaml $.Values.cronjob.annotations | indent 4 }}
+{{- end }}
+spec:
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ volumes:
+ - name: config-volume
+ configMap:
+ name: {{ template "common.fullname" (dict "suffix" "curator" "dot" .) }}
+{{- if $.Values.extraVolumes }}
+{{ toYaml $.Values.extraVolumes | indent 8 }}
+{{- end }}
+ restartPolicy: Never
+{{- if $.Values.priorityClassName }}
+ priorityClassName: "{{ $.Values.priorityClassName }}"
+{{- end }}
+ containers:
+ - name: {{ template "common.fullname" . }}-curator
+ image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/es-curator
+ {{- if $.Values.extraVolumeMounts }}
+{{ toYaml $.Values.extraVolumeMounts | indent 12 }}
+ {{- end }}
+ command: [ "curator" ]
+ args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+ resources:
+{{ toYaml $.Values.resources | indent 12 }}
+ {{- with $.Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with $.Values.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with $.Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- end -}}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
new file mode 100644
index 0000000000..ff65593469
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml
new file mode 100644
index 0000000000..dc2a430922
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml
@@ -0,0 +1,24 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: ConfigMap
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+data:
+ action_file.yml: {{ required "A valid .Values.configMaps.action_file_yml entry is required!" (toYaml .Values.configMaps.action_file_yml | indent 2) }}
+ config.yml: {{ required "A valid .Values.configMaps.config_yml entry is required!" (tpl (toYaml .Values.configMaps.config_yml | indent 2) $) }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
new file mode 100644
index 0000000000..901c0a5c06
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
@@ -0,0 +1,112 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+ {{- if .Values.cronjob.annotations }}
+ annotations: {{- toYaml .Values.cronjob.annotations | indent 4 }}
+ {{- end }}
+spec:
+ schedule: "{{ .Values.cronjob.schedule }}"
+ {{- with .Values.cronjob.concurrencyPolicy }}
+ concurrencyPolicy: {{ . }}
+ {{- end }}
+ {{- with .Values.cronjob.failedJobsHistoryLimit }}
+ failedJobsHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with .Values.cronjob.successfulJobsHistoryLimit }}
+ successfulJobsHistoryLimit: {{ . }}
+ {{- end }}
+ jobTemplate:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 10 }}
+ spec:
+ volumes:
+ - name: config-volume
+ configMap:
+ name: {{ template "common.fullname" . }}-curator
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 12 }}
+ {{- end }}
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.cronjob.jobRestartPolicy }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- end }}
+{{- include "elasticsearch.imagePullSecrets" . | indent 10 }}
+ {{- if .Values.extraInitContainers }}
+ initContainers:
+ {{- range $key, $value := .Values.extraInitContainers }}
+ - name: "{{ $key }}"
+ {{- toYaml $value | nindent 14 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.rbac.enabled }}
+ serviceAccountName: {{ include "elasticsearch.curator.serviceAccountName" . }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.securityContext }}
+ securityContext: {{- toYaml .Values.securityContext | nindent 12 }}
+ {{- end }}
+ containers:
+ - name: {{ template "common.fullname" . }}-curator
+ image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/es-curator
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 16 }}
+ {{- end }}
+ {{ if .Values.command }}
+ command: {{ toYaml .Values.command | nindent 16 }}
+ {{- end }}
+ {{- if .Values.dryrun }}
+ args: [ "--dry-run", "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+ {{- else }}
+ args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+ {{- end }}
+ env:
+ {{- if .Values.env }}
+ {{- range $key,$value := .Values.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.envFromSecrets }}
+ {{- range $key,$value := .Values.envFromSecrets }}
+ - name: {{ $key | upper | quote}}
+ valueFrom:
+ secretKeyRef:
+ name: {{ $value.from.secret | quote}}
+ key: {{ $value.from.key | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 16 }}
+ {{- end }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml
new file mode 100644
index 0000000000..6fe032d818
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml
@@ -0,0 +1,46 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.psp.create }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ privileged: true
+ #requiredDropCapabilities:
+ volumes:
+ - 'configMap'
+ - 'secret'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Require the container to run without root privileges.
+ rule: 'MustRunAsNonRoot'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml
new file mode 100644
index 0000000000..0d189f448b
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml
@@ -0,0 +1,32 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.rbac.enabled }}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["update", "patch"]
+ {{- if .Values.psp.create }}
+ - apiGroups: ["extensions"]
+ resources: ["podsecuritypolicies"]
+ verbs: ["use"]
+ resourceNames:
+ - {{ include "common.fullname" (dict "suffix" $suffix "dot" .) }}
+ {{- end }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml
new file mode 100644
index 0000000000..b112468dc3
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.rbac.enabled }}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+roleRef:
+ kind: Role
+ name: {{ template "common.name" (dict "suffix" $suffix "dot" .) }}
+ apiGroup: rbac.authorization.k8s.io
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "elasticsearch.curator.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..0bd4ae0999
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml
new file mode 100644
index 0000000000..5e0d9668d3
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/values.yaml
@@ -0,0 +1,180 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+ clusterName: cluster.local
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+## Elasticsearch curator parameters
+##
+enabled: false
+name: curator
+image:
+ imageName: bitnami/elasticsearch-curator
+ tag: 5.8.1-debian-9-r74
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+service:
+ port: 9200
+cronjob:
+ # At 01:00 every day
+ schedule: "0 1 * * *"
+ annotations: {}
+ concurrencyPolicy: ""
+ failedJobsHistoryLimit: ""
+ successfulJobsHistoryLimit: ""
+ jobRestartPolicy: Never
+podAnnotations: {}
+rbac:
+ # Specifies whether RBAC should be enabled
+ enabled: false
+serviceAccount:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+psp:
+ # Specifies whether a podsecuritypolicy should be created
+ create: false
+hooks:
+ install: false
+ upgrade: false
+# run curator in dry-run mode
+dryrun: false
+command: ["curator"]
+env: {}
+configMaps:
+ # Delete indices older than 90 days
+ action_file_yml: |-
+ ---
+ actions:
+ 1:
+ action: delete_indices
+ description: "Clean up ES by deleting old indices"
+ options:
+ timeout_override:
+ continue_if_exception: False
+ disable_action: False
+ ignore_empty_list: True
+ filters:
+ - filtertype: age
+ source: name
+ direction: older
+ timestring: '%Y.%m.%d'
+ unit: days
+ unit_count: 90
+ field:
+ stats_result:
+ epoch:
+ exclude: False
+ # Default config (this value is evaluated as a template)
+ config_yml: |-
+ ---
+ client:
+ hosts:
+ {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
+ port: {{ .Values.service.port }}
+ # url_prefix:
+ # use_ssl: True
+ # certificate:
+ # client_cert:
+ # client_key:
+ # ssl_no_validate: True
+ # http_auth:
+ # timeout: 30
+ # master_only: False
+ # logging:
+ # loglevel: INFO
+ # logfile:
+ # logformat: default
+ # blacklist: ['elasticsearch', 'urllib3']
+## Curator resources requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests: {}
+ # cpu: 100m
+ # memory: 128Mi
+priorityClassName: ""
+# extraVolumes and extraVolumeMounts allows you to mount other volumes
+# Example Use Case: mount ssl certificates when elasticsearch has tls enabled
+# extraVolumes:
+# - name: es-certs
+# secret:
+# defaultMode: 420
+# secretName: es-certs
+# extraVolumeMounts:
+# - name: es-certs
+# mountPath: /certs
+# readOnly: true
+## Add your own init container or uncomment and modify the given example.
+##
+extraInitContainers: {}
+## Don't configure S3 repository till Elasticsearch is reachable.
+## Ensure that it is available at http://elasticsearch:9200
+##
+# elasticsearch-s3-repository:
+# image: bitnami/minideb:latest
+# imagePullPolicy: "IfNotPresent"
+# command:
+# - "/bin/bash"
+# - "-c"
+# args:
+# - |
+# ES_HOST=elasticsearch
+# ES_PORT=9200
+# ES_REPOSITORY=backup
+# S3_REGION=us-east-1
+# S3_BUCKET=bucket
+# S3_BASE_PATH=backup
+# S3_COMPRESS=true
+# S3_STORAGE_CLASS=standard
+# install_packages curl && \
+# ( counter=0; while (( counter++ < 120 )); do curl -s http://${ES_HOST}:${ES_PORT} >/dev/null 2>&1 && break; echo "Waiting for elasticsearch $counter/120"; sleep 1; done ) && \
+# cat <<EOF | curl -sS -XPUT -H "Content-Type: application/json" -d @- http://${ES_HOST}:${ES_PORT}/_snapshot/${ES_REPOSITORY} \
+# {
+# "type": "s3",
+# "settings": {
+# "bucket": "${S3_BUCKET}",
+# "base_path": "${S3_BASE_PATH}",
+# "region": "${S3_REGION}",
+# "compress": "${S3_COMPRESS}",
+# "storage_class": "${S3_STORAGE_CLASS}"
+# }
+# }
+
diff --git a/kubernetes/common/elasticsearch/components/data/Chart.yaml b/kubernetes/common/elasticsearch/components/data/Chart.yaml
new file mode 100644
index 0000000000..5243a56101
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch data
+name: data
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml
new file mode 100644
index 0000000000..6a61926e9e
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml
new file mode 100644
index 0000000000..c713ec81ac
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..2ac3880886
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
new file mode 100644
index 0000000000..994b458e33
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
@@ -0,0 +1,175 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: StatefulSet
+{{ $role := "data" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ updateStrategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "OnDelete" .Values.updateStrategy.type) }}
+ rollingUpdate: null
+ {{- else if .Values.updateStrategy.rollingUpdatePartition }}
+ rollingUpdate:
+ partition: {{ .Values.updateStrategy.rollingUpdatePartition }}
+ {{- end }}
+ selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }}
+ serviceName: {{ include "common.fullname" . }}-data
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+ spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- end }}
+ {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
+ initContainers:
+ {{- if .Values.sysctlImage.enabled }}
+ ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+ - name: sysctl
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+ sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+ securityContext:
+ privileged: true
+ {{- end }}
+ {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data
+ securityContext:
+ runAsUser: 0
+ {{- if .Values.volumePermissions.resource }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: data
+ mountPath: "/bitnami/elasticsearch/data"
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}-elasticsearch
+ image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ - name: ELASTICSEARCH_CLUSTER_NAME
+ value: {{include "elasticsearch.clustername" .}}
+ - name: ELASTICSEARCH_CLUSTER_HOSTS
+ value: {{ include "common.name" . }}-discovery
+ {{- if .Values.plugins }}
+ - name: ELASTICSEARCH_PLUGINS
+ value: {{ .Values.plugins | quote }}
+ {{- end }}
+ - name: ELASTICSEARCH_HEAP_SIZE
+ value: {{ .Values.heapSize | quote }}
+ - name: ELASTICSEARCH_IS_DEDICATED_NODE
+ value: "yes"
+ - name: ELASTICSEARCH_NODE_TYPE
+ value: "data"
+ ports: {{- include "common.containerPorts" . |indent 12 }}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.config }}
+ - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+ name: "config"
+ subPath: elasticsearch.yml
+ {{- end }}
+ - name: "data"
+ mountPath: "/bitnami/elasticsearch/data"
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.config }}
+ - name: "config"
+ configMap:
+ name: {{ template "common.fullname" . }}
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
+{{- if not .Values.persistence.enabled }}
+ - name: "data"
+ emptyDir: {}
+{{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: "data"
+ {{- if .Values.persistence.annotations }}
+ annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml
new file mode 100644
index 0000000000..cfb7f51da3
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/values.yaml
@@ -0,0 +1,170 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+ enabled: true
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+volumePermissions:
+ enabled: true
+# application image
+## Elasticsearch data node parameters
+##
+name: data
+## Number of data node(s) replicas to deploy
+##
+replicaCount: 0
+## required for "common.containerPorts"
+## no dedicated service for data nodes
+service:
+ ## list of ports for "common.containerPorts"
+ ports:
+ - name: http-transport
+ port: 9300
+
+image:
+ imageName: bitnami/elasticsearch
+ tag: 6.8.6-debian-9-r23
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ ## Set to true if you would like to see extra information on logs
+ ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+ ##
+ debug: false
+
+
+## updateStrategy for ElasticSearch Data statefulset
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+##
+updateStrategy:
+ type: RollingUpdate
+ # rollingUpdatePartition
+heapSize: 128m
+## Provide annotations for the data pods.
+##
+podAnnotations: {}
+## Pod Security Context for data pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch data container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests:
+ cpu: 25m
+ memory: 1152Mi
+## Elasticsearch data container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+readinessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ ## suffix for pv
+ suffix: data-pv
+
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations: {}
+ ## Persistent Volume Access Mode
+ ##
+ accessMode: ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 8Gi
+## Provide functionality to use RBAC
+##
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+ mountSubPath: elastic-data
+ storageType: local
+ backup:
+ mountPath: /dockerdata-nfs/backup
+serviceAccount:
+ ## Specifies whether a ServiceAccount should be created for the data node
+ ##
+ create: false
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ ##
+ # name:
diff --git a/kubernetes/common/elasticsearch/components/master/Chart.yaml b/kubernetes/common/elasticsearch/components/master/Chart.yaml
new file mode 100644
index 0000000000..e9ac99a5bc
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/Chart.yaml
@@ -0,0 +1,20 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+
+apiVersion: v1
+description: ONAP elasticsearch master
+name: master
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml
new file mode 100644
index 0000000000..6a61926e9e
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml
new file mode 100644
index 0000000000..c713ec81ac
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..05a3af37f2
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml
@@ -0,0 +1,23 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
new file mode 100644
index 0000000000..dfa3ccbacc
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
@@ -0,0 +1,179 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: StatefulSet
+{{ $role := "master" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ updateStrategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "OnDelete" .Values.updateStrategy.type) }}
+ rollingUpdate: null
+ {{- end }}
+ selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .)| nindent 4 }}
+ serviceName: {{ include "common.fullname" . }}-master
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+ spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- end }}
+ {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
+ initContainers:
+ {{- if .Values.sysctlImage.enabled }}
+ ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+ - name: sysctl
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+ sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+ securityContext:
+ privileged: true
+ {{- end }}
+ {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data
+ securityContext:
+ runAsUser: 0
+ {{- if .Values.volumePermissions.resource }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: data
+ mountPath: "/bitnami/elasticsearch/data"
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}-elasticsearch
+ image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ - name: ELASTICSEARCH_CLUSTER_NAME
+ value: {{ include "elasticsearch.clustername" . }}
+ - name: ELASTICSEARCH_CLUSTER_HOSTS
+ value: {{ include "common.name" . }}-discovery
+ - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
+ {{- $elasticsearchMasterFullname := printf "%s-%s" (include "common.fullname" . ) "master" }}
+ {{- $replicas := int .Values.replicaCount }}
+ value: {{range $i, $e := until $replicas }}{{ $elasticsearchMasterFullname }}-{{ $e }} {{ end }}
+ - name: ELASTICSEARCH_MINIMUM_MASTER_NODES
+ value: {{ add (div .Values.replicaCount 2) 1 | quote }}
+ {{- if .Values.plugins }}
+ - name: ELASTICSEARCH_PLUGINS
+ value: {{ .Values.plugins | quote }}
+ {{- end }}
+ - name: ELASTICSEARCH_HEAP_SIZE
+ value: {{ .Values.heapSize | quote }}
+ - name: ELASTICSEARCH_IS_DEDICATED_NODE
+ value: {{ .Values.dedicatednode | quote }}
+ - name: ELASTICSEARCH_NODE_TYPE
+ value: "master"
+ ports: {{- include "common.containerPorts" . |indent 12 }}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.config }}
+ - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+ name: config
+ subPath: elasticsearch.yml
+ {{- end }}
+ - name: data
+ mountPath: /bitnami/elasticsearch/data
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.config }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
+{{- if not .Values.persistence.enabled }}
+ - name: "data"
+ emptyDir: {}
+{{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: "data"
+ {{- if .Values.persistence.annotations }}
+ annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml
new file mode 100644
index 0000000000..8d66ef082e
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+{{ $role := "master" -}}
+{{ $labels := (dict "role" $role) -}}
+{{ $matchLabels := (dict "role" $role) }}
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} \ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml
new file mode 100644
index 0000000000..2862692eef
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/values.yaml
@@ -0,0 +1,203 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+ enabled: true
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+volumePermissions:
+ enabled: true
+
+# application image
+## Elasticsearch master-eligible node parameters
+##
+name: master
+## Number of master-eligible node(s) replicas to deploy
+##
+replicaCount: 3
+## master acts as master only node, choose 'no' if no further data nodes are deployed)
+dedicatednode: "yes"
+## dedicatednode: "no"
+image:
+ imageName: bitnami/elasticsearch
+ tag: 6.8.6-debian-9-r23
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ ## Set to true if you would like to see extra information on logs
+ ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+ ##
+ debug: false
+
+## String to partially override common.fullname template (will maintain the release name)
+##
+# nameOverride:
+
+## String to fully override common.fullname template
+##
+# fullnameOverride:
+## updateStrategy for ElasticSearch master statefulset
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+##
+updateStrategy:
+ type: RollingUpdate
+heapSize: 128m
+## Provide annotations for master-eligible pods.
+##
+podAnnotations: {}
+## Pod Security Context for master-eligible pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch master-eligible container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests:
+ cpu: 25m
+ memory: 256Mi
+## Elasticsearch master-eligible container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+readinessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ ## suffix for pv
+ suffix: master-pv
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations: {}
+ ## Persistent Volume Access Mode
+ ##
+ accessMode: ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 8Gi
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+ mountSubPath: elastic-master
+ storageType: local
+ backup:
+ mountPath: /dockerdata-nfs/backup
+## Service parameters for master-eligible node(s)
+##
+service:
+ suffix: "service"
+ name: ""
+ ## list of ports for "common.containerPorts"
+ ## Elasticsearch transport port
+ ports:
+ - name: http-transport
+ port: 9300
+ ## master-eligible service type
+ ##
+ type: ClusterIP
+ ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ##
+ # nodePort:
+ ## Provide any additional annotations which may be required. This can be used to
+ ## set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ annotations: {}
+ ## Set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ # loadBalancerIP:
+## Provide functionality to use RBAC
+##
+serviceAccount:
+ ## Specifies whether a ServiceAccount should be created for the master node
+ create: false
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ # name:
+
+
+## Elasticsearch cluster name
+##
+clusterName: elastic-cluster
+
+
+
diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml
new file mode 100644
index 0000000000..84fa71c6e6
--- /dev/null
+++ b/kubernetes/common/elasticsearch/requirements.yaml
@@ -0,0 +1,30 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: master
+ version: ~6.x-0
+ repository: 'file://components/master'
+ - name: data
+ version: ~6.x-0
+ repository: 'file://components/data'
+ condition: elasticsearch.data.enabled,data.enabled
+ - name: curator
+ version: ~6.x-0
+ repository: 'file://components/curator'
+ condition: elasticsearch.curator.enabled,curator.enabled
+
diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl
new file mode 100644
index 0000000000..fdbe82f855
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl
@@ -0,0 +1,103 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+
+
+{{ define "elasticsearch.clustername"}}
+{{- printf "%s-%s" (include "common.name" .) "cluster" -}}
+{{- end -}}
+
+{{/*
+This define should be used instead of "common.fullname" to allow
+special handling of kibanaEnabled=true
+Create a default fully qualified coordinating name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "elasticsearch.coordinating.fullname" -}}
+{{- if .Values.global.kibanaEnabled -}}
+{{- printf "%s-%s" .Release.Name .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" (include "common.fullname" .) .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the master service account to use
+ */}}
+{{- define "elasticsearch.master.serviceAccountName" -}}
+{{- if .Values.master.serviceAccount.create -}}
+ {{ default (include "common.fullname" (dict "suffix" "master" "dot" .)) .Values.master.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.master.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the coordinating-only service account to use
+ */}}
+{{- define "elasticsearch.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "common.fullname" . ) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the data service account to use
+ */}}
+{{- define "elasticsearch.data.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "common.fullname" (dict "suffix" "data" "dot" .)) .Values.data.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "elasticsearch.imagePullSecrets" -}}
+{{- if .Values.global }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.global.imagePullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}}
+{{- if $imagePullSecrets }}
+imagePullSecrets:
+{{- range $imagePullSecrets }}
+ - name: {{ . }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "elasticsearch.curator.serviceAccountName" -}}
+{{- if .Values.curator.serviceAccount.create -}}
+ {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.curator.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml
new file mode 100644
index 0000000000..b4e0044891
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml
@@ -0,0 +1,33 @@
+
+{{ if .Values.global.aafEnabled }}
+{{/*
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.aafConfig.addconfig -}}
+apiVersion: v1
+kind: ConfigMap
+{{ $suffix := "aaf-add-config" -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ cd /opt/app/osaaf/local
+ mkdir -p certs
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0)
+ keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.aafConfig.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password
+ openssl pkcs12 -in {{ .Values.aafConfig.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12
+ cp {{ .Values.aafConfig.fqi_namespace }}.key certs/key.pem
+ chmod -R 755 certs
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml
new file mode 100644
index 0000000000..38234da0cf
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml
@@ -0,0 +1,20 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.config }}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+ elasticsearch.yml: |- {{- toYaml .Values.config | nindent 4 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml
new file mode 100644
index 0000000000..49ce0ef76a
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.nginx.serverBlock -}}
+
+apiVersion: v1
+kind: ConfigMap
+{{ $suffix := "nginx-server-block" -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ server-block.conf: |-
+{{ if .Values.global.aafEnabled }}
+{{ .Values.nginx.serverBlock.https | indent 4 }}
+{{ else }}
+{{ .Values.nginx.serverBlock.http | indent 4 }}
+
+
+{{ end }}
+{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
new file mode 100644
index 0000000000..65a7f462e1
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
@@ -0,0 +1,167 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+{{ $role := "coordinating-only" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "Recreate" .Values.updateStrategy.type) }}
+ rollingUpdate: null
+ {{- end }}
+ selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+ spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- end }}
+
+ ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+ initContainers:
+ {{- if .Values.sysctlImage.enabled }}
+ - name: sysctl
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+ sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+ securityContext:
+ privileged: true
+ {{- end }}
+ {{ include "common.aaf-config" . | nindent 8}}
+
+ containers:
+ - name: {{ include "common.name" . }}-nginx
+ image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.nginx.imageName .Values.nginx.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }}
+ ports: {{- include "common.containerPorts" . | indent 12 -}}
+ {{- if .Values.nginx.livenessProbe }}
+ livenessProbe: {{- toYaml .Values.nginx.livenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.nginx.readinessProbe }}
+ readinessProbe: {{- toYaml .Values.nginx.readinessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.nginx.resources }}
+ resources: {{- toYaml .Values.nginx.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.nginx.serverBlock }}
+ - name: nginx-server-block
+ mountPath: /opt/bitnami/nginx/conf/server_blocks
+ {{- end }}
+ {{- include "common.aaf-config-volume-mountpath" . | nindent 10 }}
+
+ - name: {{ include "common.name" . }}-elasticsearch
+ image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ {{- if .Values.securityContext.enabled }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ - name: ELASTICSEARCH_CLUSTER_NAME
+ value: {{ include "elasticsearch.clustername" .}}
+ - name: ELASTICSEARCH_CLUSTER_HOSTS
+ value: {{ include "common.name" . }}-discovery
+ {{- if .Values.plugins }}
+ - name: ELASTICSEARCH_PLUGINS
+ value: {{ .Values.plugins | quote }}
+ {{- end }}
+ - name: ELASTICSEARCH_HEAP_SIZE
+ value: {{ .Values.heapSize | quote }}
+ - name: ELASTICSEARCH_IS_DEDICATED_NODE
+ value: "yes"
+ - name: ELASTICSEARCH_NODE_TYPE
+ value: "coordinating"
+ - name: ELASTICSEARCH_PORT_NUMBER
+ value: "9000"
+ {{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: http
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled}}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: http
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- end}}
+ volumeMounts:
+ {{- if .Values.config }}
+ - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+ name: config
+ subPath: elasticsearch.yml
+ {{- end }}
+ - name: data
+ mountPath: "/bitnami/elasticsearch/data/"
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.config }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ {{- end }}
+ - name: data
+ emptyDir: {}
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nginx.serverBlock }}
+ - name: nginx-server-block
+ configMap:
+ name: {{ include "common.fullname" . }}-nginx-server-block
+ {{- end }}
+ {{- include "common.aaf-config-volumes" . | nindent 8}}
+
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml
new file mode 100644
index 0000000000..610c7d68c1
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ $role := "coordinating-only" -}}
+{{ $labels := (dict "role" $role) -}}
+{{ $matchLabels := (dict "role" $role) }}
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml
new file mode 100644
index 0000000000..fa79c29eca
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }}
+{{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }}
diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml
new file mode 100644
index 0000000000..359e8975e1
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..49ad504da6
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.global.coordinating.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml
new file mode 100644
index 0000000000..3627b2ea97
--- /dev/null
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -0,0 +1,329 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ aafEnabled: true
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
+ clusterName: cluster.local
+
+persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+repositoryOverride: docker.io
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+ enabled: true
+
+# application image
+image:
+ imageName: bitnami/elasticsearch
+ tag: 6.8.6-debian-9-r23
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ ## Set to true if you would like to see extra information on logs
+ ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+ ##
+ debug: false
+
+## String to partially override common.fullname template (will maintain the release name)
+##
+# nameOverride:
+
+## String to fully override common.fullname template
+##
+# fullnameOverride:
+## updateStrategy for ElasticSearch coordinating deployment
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+##
+updateStrategy:
+ type: RollingUpdate
+heapSize: 128m
+## Provide annotations for the coordinating-only pods.
+##
+podAnnotations: {}
+## Pod Security Context for coordinating-only pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch coordinating-only container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests:
+ cpu: 25m
+ memory: 256Mi
+## Elasticsearch coordinating-only container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+readinessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+## Service parameters for coordinating-only node(s)
+##
+serviceAccount:
+ ## Specifies whether a ServiceAccount should be created for the coordinating node
+ ##
+ create: false
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ ##
+ # name:
+
+## Bitnami Minideb image version
+## ref: https://hub.docker.com/r/bitnami/minideb/tags/
+##
+sysctlImage:
+ enabled: true
+ imageName: bitnami/minideb
+ tag: stretch
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: Always
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+
+# nginx image
+nginx:
+ imageName: bitnami/nginx
+ tag: 1.16-debian-9
+ pullPolicy: IfNotPresent
+ service:
+ name: nginx
+ ports:
+ - name: elasticsearch
+ port: 8080
+## Custom server block to be added to NGINX configuration
+## PHP-FPM example server block:
+ serverBlock:
+ https: |-
+ server {
+ listen 9200 ssl;
+ #server_name ;
+ # auth_basic "server auth";
+ # auth_basic_user_file /etc/nginx/passwords;
+ ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
+ ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
+ location / {
+ # deny node shutdown api
+ if ($request_filename ~ "_shutdown") {
+ return 403;
+ break;
+ }
+
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ }
+
+ location = / {
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_redirect off;
+ auth_basic "off";
+ }
+ }
+ http: |-
+ server {
+ listen 9200 ;
+ #server_name ;
+ location / {
+ # deny node shutdown api
+ if ($request_filename ~ "_shutdown") {
+ return 403;
+ break;
+ }
+
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ }
+
+ location = / {
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_redirect off;
+ auth_basic "off";
+ }
+ }
+#################################################################
+# coordinating service configuration defaults.
+#################################################################
+
+service:
+ name: ""
+ suffix: ""
+ ## coordinating-only service type
+ ##
+ type: ClusterIP
+ headlessPorts:
+ - name: http-transport
+ port: 9300
+ headless:
+ suffix: discovery
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+ publishNotReadyAddresses: true
+ ## Elasticsearch tREST API port
+ ##
+ ports:
+ - name: elasticsearch
+ port: 9200
+
+
+ ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ##
+ # nodePort:
+ ## Provide any additional annotations which may be required. This can be used to
+ ## set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ annotations: {}
+ ## Set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ # loadBalancerIP:
+ ## Provide functionality to use RBAC
+ ##
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: &aaf_secret_uid elasticsearch-aaf-deploy-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+#################################################################
+# aaf configuration defaults.
+#################################################################
+aafConfig:
+ addconfig: true
+ fqdn: "elastic"
+ image: onap/aaf/aaf_agent:2.1.15
+ app_ns: "org.osaaf.aaf"
+ fqi_namespace: org.onap.elastic
+ fqi: "elastic@elastic.onap.org"
+ public_fqdn: "aaf.osaaf.org"
+ deploy_fqi: "deployer@people.osaaf.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ #aafDeployCredsExternalSecret: some secret
+ #cadi_latitude: "52.5"
+ #cadi_longitude: "13.4"
+ secret_uid: *aaf_secret_uid
+#################################################################
+# subcharts configuration defaults.
+#################################################################
+
+
+#data:
+# enabled: false
+
+#curator:
+# enabled: false
+
+## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
+
+master:
+ replicaCount: 3
+ # dedicatednode: "yes"
+ # working as master node only, in this case increase replicaCount for elasticsearch-data
+ # dedicatednode: "no"
+ # handles master and data node functionality
+ dedicatednode: "no"
+data:
+ enabled: false
+curator:
+ enabled: false
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index dabf21da79..6decff2463 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -58,7 +58,7 @@ pullPolicy: IfNotPresent
# application configuration
config:
# .mariadbRootPasswordExternalSecret: 'some-external-secret'
- mariadbRootPassword: secretpassword
+ # mariadbRootPassword: secretpassword
# .userCredentialsExternalSecret: 'some-external-secret'
userName: my-user
# userPassword: my-password