Created
August 16, 2019 13:58
-
-
Save Tekcraft/d13801a212c2c056c9439a923af6ff89 to your computer and use it in GitHub Desktop.
Helm get elasticsearch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REVISION: 1 | |
| RELEASED: Fri Aug 16 11:06:00 2019 | |
| CHART: elasticsearch-7.1.1 | |
| USER-SUPPLIED VALUES: | |
| antiAffinity: hard | |
| antiAffinityTopologyKey: kubernetes.io/hostname | |
| clusterHealthCheckParams: wait_for_status=green&timeout=1s | |
| clusterName: elasticsearch | |
| esConfig: | |
| elasticsearch.yml: | | |
| xpack.security.enabled: true | |
| xpack.security.transport.ssl.enabled: true | |
| xpack.security.transport.ssl.verification_mode: certificate | |
| xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| xpack.security.http.ssl.enabled: false | |
| # xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| # xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| esJavaOpts: -Xmx1g -Xms1g | |
| esMajorVersion: 7 | |
| extraEnvs: | |
| - name: ELASTIC_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| key: password | |
| name: elastic-credentials | |
| - name: ELASTIC_USERNAME | |
| valueFrom: | |
| secretKeyRef: | |
| key: username | |
| name: elastic-credentials | |
| extraInitContainers: [] | |
| extraVolumeMounts: [] | |
| extraVolumes: [] | |
| fsGroup: 1000 | |
| fullnameOverride: "" | |
| httpPort: 9200 | |
| image: docker.elastic.co/elasticsearch/elasticsearch | |
| imagePullPolicy: IfNotPresent | |
| imagePullSecrets: [] | |
| imageTag: 7.1.1 | |
| ingress: | |
| annotations: {} | |
| enabled: false | |
| hosts: | |
| - elastic.dominiog.lan | |
| path: /api | |
| tls: [] | |
| initResources: {} | |
| lifecycle: {} | |
| masterService: "" | |
| masterTerminationFix: false | |
| maxUnavailable: 1 | |
| minimumMasterNodes: 1 | |
| nameOverride: "" | |
| networkHost: 0.0.0.0 | |
| nodeAffinity: {} | |
| nodeGroup: master | |
| nodeSelector: {} | |
| persistence: | |
| annotations: {} | |
| enabled: true | |
| podAnnotations: {} | |
| podManagementPolicy: Parallel | |
| priorityClassName: "" | |
| protocol: http | |
| readinessProbe: | |
| failureThreshold: 3 | |
| initialDelaySeconds: 10 | |
| periodSeconds: 10 | |
| successThreshold: 3 | |
| timeoutSeconds: 5 | |
| replicas: 1 | |
| resources: | |
| limits: | |
| cpu: 1000m | |
| memory: 2Gi | |
| requests: | |
| cpu: 100m | |
| memory: 2Gi | |
| roles: | |
| data: "true" | |
| ingest: "true" | |
| master: "true" | |
| schedulerName: "" | |
| secretMounts: | |
| - name: elastic-certificates | |
| path: /usr/share/elasticsearch/config/certs | |
| secretName: elastic-certificates | |
| service: | |
| annotations: {} | |
| nodePort: null | |
| type: ClusterIP | |
| sysctlInitContainer: | |
| enabled: true | |
| sysctlVmMaxMapCount: 262144 | |
| terminationGracePeriod: 120 | |
| tolerations: [] | |
| transportPort: 9300 | |
| updateStrategy: RollingUpdate | |
| volumeClaimTemplate: | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 10Gi | |
| COMPUTED VALUES: | |
| antiAffinity: hard | |
| antiAffinityTopologyKey: kubernetes.io/hostname | |
| clusterHealthCheckParams: wait_for_status=green&timeout=1s | |
| clusterName: elasticsearch | |
| esConfig: | |
| elasticsearch.yml: | | |
| xpack.security.enabled: true | |
| xpack.security.transport.ssl.enabled: true | |
| xpack.security.transport.ssl.verification_mode: certificate | |
| xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| xpack.security.http.ssl.enabled: false | |
| # xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| # xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| esJavaOpts: -Xmx1g -Xms1g | |
| esMajorVersion: 7 | |
| extraEnvs: | |
| - name: ELASTIC_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| key: password | |
| name: elastic-credentials | |
| - name: ELASTIC_USERNAME | |
| valueFrom: | |
| secretKeyRef: | |
| key: username | |
| name: elastic-credentials | |
| extraInitContainers: [] | |
| extraVolumeMounts: [] | |
| extraVolumes: [] | |
| fsGroup: 1000 | |
| fullnameOverride: "" | |
| httpPort: 9200 | |
| image: docker.elastic.co/elasticsearch/elasticsearch | |
| imagePullPolicy: IfNotPresent | |
| imagePullSecrets: [] | |
| imageTag: 7.1.1 | |
| ingress: | |
| annotations: {} | |
| enabled: false | |
| hosts: | |
| - elastic.dominiog.lan | |
| path: /api | |
| tls: [] | |
| initResources: {} | |
| lifecycle: {} | |
| masterService: "" | |
| masterTerminationFix: false | |
| maxUnavailable: 1 | |
| minimumMasterNodes: 1 | |
| nameOverride: "" | |
| networkHost: 0.0.0.0 | |
| nodeAffinity: {} | |
| nodeGroup: master | |
| nodeSelector: {} | |
| persistence: | |
| annotations: {} | |
| enabled: true | |
| podAnnotations: {} | |
| podManagementPolicy: Parallel | |
| priorityClassName: "" | |
| protocol: http | |
| readinessProbe: | |
| failureThreshold: 3 | |
| initialDelaySeconds: 10 | |
| periodSeconds: 10 | |
| successThreshold: 3 | |
| timeoutSeconds: 5 | |
| replicas: 1 | |
| resources: | |
| limits: | |
| cpu: 1000m | |
| memory: 2Gi | |
| requests: | |
| cpu: 100m | |
| memory: 2Gi | |
| roles: | |
| data: "true" | |
| ingest: "true" | |
| master: "true" | |
| schedulerName: "" | |
| secretMounts: | |
| - name: elastic-certificates | |
| path: /usr/share/elasticsearch/config/certs | |
| secretName: elastic-certificates | |
| service: | |
| annotations: {} | |
| nodePort: null | |
| type: ClusterIP | |
| sysctlInitContainer: | |
| enabled: true | |
| sysctlVmMaxMapCount: 262144 | |
| terminationGracePeriod: 120 | |
| tolerations: [] | |
| transportPort: 9300 | |
| updateStrategy: RollingUpdate | |
| volumeClaimTemplate: | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 10Gi | |
| HOOKS: | |
| --- | |
| # elasticsearch-qsuab-test | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: "elasticsearch-qsuab-test" | |
| annotations: | |
| "helm.sh/hook": test-success | |
| spec: | |
| containers: | |
| - name: "elasticsearch-kuivh-test" | |
| image: "docker.elastic.co/elasticsearch/elasticsearch:7.1.1" | |
| command: | |
| - "sh" | |
| - "-c" | |
| - | | |
| #!/usr/bin/env bash -e | |
| curl -XGET --fail 'elasticsearch-master:9200/_cluster/health?wait_for_status=green&timeout=1s' | |
| restartPolicy: Never | |
| MANIFEST: | |
| --- | |
| # Source: elasticsearch/templates/poddisruptionbudget.yaml | |
| apiVersion: policy/v1beta1 | |
| kind: PodDisruptionBudget | |
| metadata: | |
| name: "elasticsearch-master-pdb" | |
| spec: | |
| maxUnavailable: 1 | |
| selector: | |
| matchLabels: | |
| app: "elasticsearch-master" | |
| --- | |
| # Source: elasticsearch/templates/configmap.yaml | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: elasticsearch-master-config | |
| labels: | |
| heritage: "Tiller" | |
| release: "elasticsearch" | |
| chart: "elasticsearch-7.1.1" | |
| app: "elasticsearch-master" | |
| data: | |
| elasticsearch.yml: | | |
| xpack.security.enabled: true | |
| xpack.security.transport.ssl.enabled: true | |
| xpack.security.transport.ssl.verification_mode: certificate | |
| xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| xpack.security.http.ssl.enabled: false | |
| # xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| # xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
| --- | |
| # Source: elasticsearch/templates/service.yaml | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| name: elasticsearch-master | |
| spec: | |
| selector: | |
| heritage: "Tiller" | |
| release: "elasticsearch" | |
| chart: "elasticsearch-7.1.1" | |
| app: "elasticsearch-master" | |
| ports: | |
| - name: http | |
| protocol: TCP | |
| port: 9200 | |
| - name: transport | |
| protocol: TCP | |
| port: 9300 | |
| --- | |
| # Source: elasticsearch/templates/service.yaml | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| name: elasticsearch-master-headless | |
| labels: | |
| heritage: "Tiller" | |
| release: "elasticsearch" | |
| chart: "elasticsearch-7.1.1" | |
| app: "elasticsearch-master" | |
| annotations: | |
| # Create endpoints also if the related pod isn't ready | |
| service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" | |
| spec: | |
| clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve | |
| selector: | |
| app: "elasticsearch-master" | |
| ports: | |
| - name: http | |
| port: 9200 | |
| - name: transport | |
| port: 9300 | |
| --- | |
| # Source: elasticsearch/templates/statefulset.yaml | |
| apiVersion: apps/v1beta1 | |
| kind: StatefulSet | |
| metadata: | |
| name: elasticsearch-master | |
| labels: | |
| heritage: "Tiller" | |
| release: "elasticsearch" | |
| chart: "elasticsearch-7.1.1" | |
| app: "elasticsearch-master" | |
| spec: | |
| serviceName: elasticsearch-master-headless | |
| selector: | |
| matchLabels: | |
| app: "elasticsearch-master" | |
| replicas: 1 | |
| podManagementPolicy: Parallel | |
| updateStrategy: | |
| type: RollingUpdate | |
| volumeClaimTemplates: | |
| - metadata: | |
| name: elasticsearch-master | |
| spec: | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 10Gi | |
| template: | |
| metadata: | |
| name: "elasticsearch-master" | |
| labels: | |
| heritage: "Tiller" | |
| release: "elasticsearch" | |
| chart: "elasticsearch-7.1.1" | |
| app: "elasticsearch-master" | |
| annotations: | |
| configchecksum: 639129bc41278680232d2c291b0ea3991743a8e1c431f2a1236253cafe70c9b | |
| spec: | |
| securityContext: | |
| fsGroup: 1000 | |
| affinity: | |
| podAntiAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| - labelSelector: | |
| matchExpressions: | |
| - key: app | |
| operator: In | |
| values: | |
| - "elasticsearch-master" | |
| topologyKey: kubernetes.io/hostname | |
| terminationGracePeriodSeconds: 120 | |
| volumes: | |
| - name: elastic-certificates | |
| secret: | |
| secretName: elastic-certificates | |
| - name: esconfig | |
| configMap: | |
| name: elasticsearch-master-config | |
| initContainers: | |
| - name: configure-sysctl | |
| securityContext: | |
| runAsUser: 0 | |
| privileged: true | |
| image: "docker.elastic.co/elasticsearch/elasticsearch:7.1.1" | |
| command: ["sysctl", "-w", "vm.max_map_count=262144"] | |
| resources: | |
| {} | |
| containers: | |
| - name: "elasticsearch" | |
| image: "docker.elastic.co/elasticsearch/elasticsearch:7.1.1" | |
| imagePullPolicy: "IfNotPresent" | |
| readinessProbe: | |
| failureThreshold: 3 | |
| initialDelaySeconds: 10 | |
| periodSeconds: 10 | |
| successThreshold: 3 | |
| timeoutSeconds: 5 | |
| exec: | |
| command: | |
| - sh | |
| - -c | |
| - | | |
| #!/usr/bin/env bash -e | |
| # If the node is starting up wait for the cluster to be ready (request params: 'wait_for_status=green&timeout=1s' ) | |
| # Once it has started only check that the node itself is responding | |
| START_FILE=/tmp/.es_start_file | |
| http () { | |
| local path="${1}" | |
| if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then | |
| BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}" | |
| else | |
| BASIC_AUTH='' | |
| fi | |
| curl -XGET -s -k --fail ${BASIC_AUTH} http://127.0.0.1:9200${path} | |
| } | |
| if [ -f "${START_FILE}" ]; then | |
| echo 'Elasticsearch is already running, lets check the node is healthy' | |
| http "/" | |
| else | |
| echo 'Waiting for elasticsearch cluster to become cluster to be ready (request params: "wait_for_status=green&timeout=1s" )' | |
| if http "/_cluster/health?wait_for_status=green&timeout=1s" ; then | |
| touch ${START_FILE} | |
| exit 0 | |
| else | |
| echo 'Cluster is not yet ready (request params: "wait_for_status=green&timeout=1s" )' | |
| exit 1 | |
| fi | |
| fi | |
| ports: | |
| - name: http | |
| containerPort: 9200 | |
| - name: transport | |
| containerPort: 9300 | |
| resources: | |
| limits: | |
| cpu: 1000m | |
| memory: 2Gi | |
| requests: | |
| cpu: 100m | |
| memory: 2Gi | |
| env: | |
| - name: node.name | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: cluster.initial_master_nodes | |
| value: "elasticsearch-master-0," | |
| - name: discovery.seed_hosts | |
| value: "elasticsearch-master-headless" | |
| - name: cluster.name | |
| value: "elasticsearch" | |
| - name: network.host | |
| value: "0.0.0.0" | |
| - name: ES_JAVA_OPTS | |
| value: "-Xmx1g -Xms1g" | |
| - name: node.data | |
| value: "true" | |
| - name: node.ingest | |
| value: "true" | |
| - name: node.master | |
| value: "true" | |
| - name: ELASTIC_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| key: password | |
| name: elastic-credentials | |
| - name: ELASTIC_USERNAME | |
| valueFrom: | |
| secretKeyRef: | |
| key: username | |
| name: elastic-credentials | |
| volumeMounts: | |
| - name: "elasticsearch-master" | |
| mountPath: /usr/share/elasticsearch/data | |
| - name: elastic-certificates | |
| mountPath: /usr/share/elasticsearch/config/certs | |
| - name: esconfig | |
| mountPath: /usr/share/elasticsearch/config/elasticsearch.yml | |
| subPath: elasticsearch.yml | |
| # This sidecar will prevent slow master re-election | |
| # https://github.com/elastic/helm-charts/issues/63 | |
| - name: elasticsearch-master-graceful-termination-handler | |
| image: "docker.elastic.co/elasticsearch/elasticsearch:7.1.1" | |
| imagePullPolicy: "IfNotPresent" | |
| command: | |
| - "sh" | |
| - -c | |
| - | | |
| #!/usr/bin/env bash | |
| set -eo pipefail | |
| http () { | |
| local path="${1}" | |
| if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then | |
| BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}" | |
| else | |
| BASIC_AUTH='' | |
| fi | |
| curl -XGET -s -k --fail ${BASIC_AUTH} http://elasticsearch-master:9200${path} | |
| } | |
| cleanup () { | |
| while true ; do | |
| local master="$(http "/_cat/master?h=node")" | |
| if [[ $master == "elasticsearch-master"* && $master != "${NODE_NAME}" ]]; then | |
| echo "This node is not master." | |
| break | |
| fi | |
| echo "This node is still master, waiting gracefully for it to step down" | |
| sleep 1 | |
| done | |
| exit 0 | |
| } | |
| trap cleanup SIGTERM | |
| sleep infinity & | |
| wait $! | |
| env: | |
| - name: NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: ELASTIC_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| key: password | |
| name: elastic-credentials | |
| - name: ELASTIC_USERNAME | |
| valueFrom: | |
| secretKeyRef: | |
| key: username | |
| name: elastic-credentials |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment