From a1dd587d6a5204030bc266d371e6ec9fa7c95d7b Mon Sep 17 00:00:00 2001
From: Edwin Lawrance <Edwin.Lawrance@amdocs.com>
Date: Tue, 5 Mar 2019 10:30:33 +0000
Subject: Add Searchguard OOM config to ElasticSearch

Change-Id: I3c4d0c82882b2f064a6ad3610c0f699d8af50632
Issue-ID: AAI-2203
Signed-off-by: Edwin Lawrance <Edwin.Lawrance@amdocs.com>
---
 .../aai-elasticsearch/templates/configmap.yaml     | 33 ++++++++++++++++---
 .../aai-elasticsearch/templates/deployment.yaml    | 37 ++++++++++++++++++----
 .../aai-elasticsearch/templates/secrets.yaml       | 22 +++++++++++++
 .../aai-elasticsearch/templates/service.yaml       | 21 +++++++-----
 4 files changed, 94 insertions(+), 19 deletions(-)
 create mode 100644 kubernetes/aai/charts/aai-elasticsearch/templates/secrets.yaml

(limited to 'kubernetes/aai/charts/aai-elasticsearch/templates')

diff --git a/kubernetes/aai/charts/aai-elasticsearch/templates/configmap.yaml b/kubernetes/aai/charts/aai-elasticsearch/templates/configmap.yaml
index c60b8f2da8..4be124fc0f 100644
--- a/kubernetes/aai/charts/aai-elasticsearch/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-elasticsearch/templates/configmap.yaml
@@ -1,5 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,11 +12,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#{{ if not .Values.disableAaiElasticsearch }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "common.fullname" . }}
+  name: {{ include "common.fullname" . }}-es-config
   namespace: {{ include "common.namespace" . }}
   labels:
     app: {{ include "common.name" . }}
@@ -26,4 +24,29 @@ metadata:
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-#{{ end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-sg-scripts
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/bin/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-sg-config
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/sg/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/charts/aai-elasticsearch/templates/deployment.yaml b/kubernetes/aai/charts/aai-elasticsearch/templates/deployment.yaml
index 14b896e272..785693a9ba 100644
--- a/kubernetes/aai/charts/aai-elasticsearch/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-elasticsearch/templates/deployment.yaml
@@ -34,6 +34,7 @@ spec:
         release: {{ .Release.Name }}
       name: {{ include "common.name" . }}
     spec:
+      hostname: {{ include "common.name" . }}
       initContainers:
       - command:
         - /bin/sh
@@ -53,18 +54,18 @@ spec:
         securityContext:
           privileged: true
         image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
         name: init-sysctl
         volumeMounts:
         - name: elasticsearch-data
           mountPath: /logroot/
-      hostname: {{ include "common.name" . }}
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}
+        - containerPort: {{ .Values.service.internalPort2 }}
         # disable liveness probe when breakpoints set in debugger
         # so K8s doesn't restart unresponsive container
         {{- if eq .Values.liveness.enabled true }}
@@ -92,10 +93,23 @@ spec:
           - name: elasticsearch-config
             subPath: log4j2.properties
             mountPath: /usr/share/elasticsearch/config/log4j2.properties
+          - name: searchguard-scripts
+            subPath: run.sh
+            mountPath: /usr/share/elasticsearch/bin/run.sh
+          - name: searchguard-scripts
+            subPath: wait_until_started.sh
+            mountPath: /usr/share/elasticsearch/bin/wait_until_started.sh
+          - name: searchguard-scripts
+            subPath: init_sg.sh
+            mountPath: /usr/share/elasticsearch/bin/init_sg.sh
+          - name: searchguard-config
+            mountPath: /usr/share/elasticsearch/config/sg
+          - name: searchguard-auth-config
+            mountPath: /usr/share/elasticsearch/config/sg/auth
           - name: elasticsearch-data
             mountPath: /usr/share/elasticsearch/data
         resources:
-{{ include "common.resources" . }}
+{{ include "common.resources" . | indent 12 }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
@@ -111,9 +125,20 @@ spec:
           path: /etc/localtime
       - name: elasticsearch-config
         configMap:
-          name: {{ include "common.fullname" . }}
+          name: {{ include "common.fullname" . }}-es-config
+      - name: searchguard-scripts
+        configMap:
+          name: {{ include "common.fullname" . }}-sg-scripts
+          defaultMode: 0754
+      - name: searchguard-config
+        configMap:
+          name: {{ include "common.fullname" . }}-sg-config
+      - name: searchguard-auth-config
+        secret:
+          secretName: {{ include "common.fullname" . }}-sg-auth
       - name: elasticsearch-data
         hostPath:
           path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+      restartPolicy: {{ .Values.restartPolicy }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/charts/aai-elasticsearch/templates/secrets.yaml b/kubernetes/aai/charts/aai-elasticsearch/templates/secrets.yaml
new file mode 100644
index 0000000000..34b272f086
--- /dev/null
+++ b/kubernetes/aai/charts/aai-elasticsearch/templates/secrets.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-sg-auth
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/sg/auth/*").AsSecrets . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-elasticsearch/templates/service.yaml b/kubernetes/aai/charts/aai-elasticsearch/templates/service.yaml
index b1de5a73cb..d1199125d2 100644
--- a/kubernetes/aai/charts/aai-elasticsearch/templates/service.yaml
+++ b/kubernetes/aai/charts/aai-elasticsearch/templates/service.yaml
@@ -25,14 +25,19 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
-    {{- else -}}
-    - port: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    {{- end}}
+  {{if eq .Values.service.type "NodePort" -}}
+  - port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- else -}}
+  - port: {{ .Values.service.internalPort }}
+    name: {{ .Values.service.portName }}
+  - port: {{ .Values.service.internalPort2 }}
+    name: {{ .Values.service.portName2 }}
+  {{- end}}
   selector:
     app: {{ include "common.name" . }}
     release: {{ .Release.Name }}
-- 
cgit 1.2.3-korg