Created
August 16, 2019 13:58
-
-
Save Tekcraft/d13801a212c2c056c9439a923af6ff89 to your computer and use it in GitHub Desktop.
Helm get elasticsearch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
REVISION: 1 | |
RELEASED: Fri Aug 16 11:06:00 2019 | |
CHART: elasticsearch-7.1.1 | |
USER-SUPPLIED VALUES: | |
antiAffinity: hard | |
antiAffinityTopologyKey: kubernetes.io/hostname | |
clusterHealthCheckParams: wait_for_status=green&timeout=1s | |
clusterName: elasticsearch | |
esConfig: | |
elasticsearch.yml: | | |
xpack.security.enabled: true | |
xpack.security.transport.ssl.enabled: true | |
xpack.security.transport.ssl.verification_mode: certificate | |
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
xpack.security.http.ssl.enabled: false | |
# xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
# xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
esJavaOpts: -Xmx1g -Xms1g | |
esMajorVersion: 7 | |
extraEnvs: | |
- name: ELASTIC_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: password | |
name: elastic-credentials | |
- name: ELASTIC_USERNAME | |
valueFrom: | |
secretKeyRef: | |
key: username | |
name: elastic-credentials | |
extraInitContainers: [] | |
extraVolumeMounts: [] | |
extraVolumes: [] | |
fsGroup: 1000 | |
fullnameOverride: "" | |
httpPort: 9200 | |
image: docker.elastic.co/elasticsearch/elasticsearch | |
imagePullPolicy: IfNotPresent | |
imagePullSecrets: [] | |
imageTag: 7.1.1 | |
ingress: | |
annotations: {} | |
enabled: false | |
hosts: | |
- elastic.dominiog.lan | |
path: /api | |
tls: [] | |
initResources: {} | |
lifecycle: {} | |
masterService: "" | |
masterTerminationFix: false | |
maxUnavailable: 1 | |
minimumMasterNodes: 1 | |
nameOverride: "" | |
networkHost: 0.0.0.0 | |
nodeAffinity: {} | |
nodeGroup: master | |
nodeSelector: {} | |
persistence: | |
annotations: {} | |
enabled: true | |
podAnnotations: {} | |
podManagementPolicy: Parallel | |
priorityClassName: "" | |
protocol: http | |
readinessProbe: | |
failureThreshold: 3 | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
successThreshold: 3 | |
timeoutSeconds: 5 | |
replicas: 1 | |
resources: | |
limits: | |
cpu: 1000m | |
memory: 2Gi | |
requests: | |
cpu: 100m | |
memory: 2Gi | |
roles: | |
data: "true" | |
ingest: "true" | |
master: "true" | |
schedulerName: "" | |
secretMounts: | |
- name: elastic-certificates | |
path: /usr/share/elasticsearch/config/certs | |
secretName: elastic-certificates | |
service: | |
annotations: {} | |
nodePort: null | |
type: ClusterIP | |
sysctlInitContainer: | |
enabled: true | |
sysctlVmMaxMapCount: 262144 | |
terminationGracePeriod: 120 | |
tolerations: [] | |
transportPort: 9300 | |
updateStrategy: RollingUpdate | |
volumeClaimTemplate: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 10Gi | |
COMPUTED VALUES: | |
antiAffinity: hard | |
antiAffinityTopologyKey: kubernetes.io/hostname | |
clusterHealthCheckParams: wait_for_status=green&timeout=1s | |
clusterName: elasticsearch | |
esConfig: | |
elasticsearch.yml: | | |
xpack.security.enabled: true | |
xpack.security.transport.ssl.enabled: true | |
xpack.security.transport.ssl.verification_mode: certificate | |
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
xpack.security.http.ssl.enabled: false | |
# xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
# xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
esJavaOpts: -Xmx1g -Xms1g | |
esMajorVersion: 7 | |
extraEnvs: | |
- name: ELASTIC_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: password | |
name: elastic-credentials | |
- name: ELASTIC_USERNAME | |
valueFrom: | |
secretKeyRef: | |
key: username | |
name: elastic-credentials | |
extraInitContainers: [] | |
extraVolumeMounts: [] | |
extraVolumes: [] | |
fsGroup: 1000 | |
fullnameOverride: "" | |
httpPort: 9200 | |
image: docker.elastic.co/elasticsearch/elasticsearch | |
imagePullPolicy: IfNotPresent | |
imagePullSecrets: [] | |
imageTag: 7.1.1 | |
ingress: | |
annotations: {} | |
enabled: false | |
hosts: | |
- elastic.dominiog.lan | |
path: /api | |
tls: [] | |
initResources: {} | |
lifecycle: {} | |
masterService: "" | |
masterTerminationFix: false | |
maxUnavailable: 1 | |
minimumMasterNodes: 1 | |
nameOverride: "" | |
networkHost: 0.0.0.0 | |
nodeAffinity: {} | |
nodeGroup: master | |
nodeSelector: {} | |
persistence: | |
annotations: {} | |
enabled: true | |
podAnnotations: {} | |
podManagementPolicy: Parallel | |
priorityClassName: "" | |
protocol: http | |
readinessProbe: | |
failureThreshold: 3 | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
successThreshold: 3 | |
timeoutSeconds: 5 | |
replicas: 1 | |
resources: | |
limits: | |
cpu: 1000m | |
memory: 2Gi | |
requests: | |
cpu: 100m | |
memory: 2Gi | |
roles: | |
data: "true" | |
ingest: "true" | |
master: "true" | |
schedulerName: "" | |
secretMounts: | |
- name: elastic-certificates | |
path: /usr/share/elasticsearch/config/certs | |
secretName: elastic-certificates | |
service: | |
annotations: {} | |
nodePort: null | |
type: ClusterIP | |
sysctlInitContainer: | |
enabled: true | |
sysctlVmMaxMapCount: 262144 | |
terminationGracePeriod: 120 | |
tolerations: [] | |
transportPort: 9300 | |
updateStrategy: RollingUpdate | |
volumeClaimTemplate: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 10Gi | |
HOOKS: | |
--- | |
# elasticsearch-qsuab-test | |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: "elasticsearch-qsuab-test" | |
annotations: | |
"helm.sh/hook": test-success | |
spec: | |
containers: | |
- name: "elasticsearch-kuivh-test" | |
image: "docker.elastic.co/elasticsearch/elasticsearch:7.1.1" | |
command: | |
- "sh" | |
- "-c" | |
- | | |
#!/usr/bin/env bash -e | |
curl -XGET --fail 'elasticsearch-master:9200/_cluster/health?wait_for_status=green&timeout=1s' | |
restartPolicy: Never | |
MANIFEST: | |
--- | |
# Source: elasticsearch/templates/poddisruptionbudget.yaml | |
apiVersion: policy/v1beta1 | |
kind: PodDisruptionBudget | |
metadata: | |
name: "elasticsearch-master-pdb" | |
spec: | |
maxUnavailable: 1 | |
selector: | |
matchLabels: | |
app: "elasticsearch-master" | |
--- | |
# Source: elasticsearch/templates/configmap.yaml | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: elasticsearch-master-config | |
labels: | |
heritage: "Tiller" | |
release: "elasticsearch" | |
chart: "elasticsearch-7.1.1" | |
app: "elasticsearch-master" | |
data: | |
elasticsearch.yml: | | |
xpack.security.enabled: true | |
xpack.security.transport.ssl.enabled: true | |
xpack.security.transport.ssl.verification_mode: certificate | |
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
xpack.security.http.ssl.enabled: false | |
# xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
# xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificate.p12 | |
--- | |
# Source: elasticsearch/templates/service.yaml | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
name: elasticsearch-master | |
spec: | |
selector: | |
heritage: "Tiller" | |
release: "elasticsearch" | |
chart: "elasticsearch-7.1.1" | |
app: "elasticsearch-master" | |
ports: | |
- name: http | |
protocol: TCP | |
port: 9200 | |
- name: transport | |
protocol: TCP | |
port: 9300 | |
--- | |
# Source: elasticsearch/templates/service.yaml | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
name: elasticsearch-master-headless | |
labels: | |
heritage: "Tiller" | |
release: "elasticsearch" | |
chart: "elasticsearch-7.1.1" | |
app: "elasticsearch-master" | |
annotations: | |
# Create endpoints also if the related pod isn't ready | |
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" | |
spec: | |
clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve | |
selector: | |
app: "elasticsearch-master" | |
ports: | |
- name: http | |
port: 9200 | |
- name: transport | |
port: 9300 | |
--- | |
# Source: elasticsearch/templates/statefulset.yaml | |
apiVersion: apps/v1beta1 | |
kind: StatefulSet | |
metadata: | |
name: elasticsearch-master | |
labels: | |
heritage: "Tiller" | |
release: "elasticsearch" | |
chart: "elasticsearch-7.1.1" | |
app: "elasticsearch-master" | |
spec: | |
serviceName: elasticsearch-master-headless | |
selector: | |
matchLabels: | |
app: "elasticsearch-master" | |
replicas: 1 | |
podManagementPolicy: Parallel | |
updateStrategy: | |
type: RollingUpdate | |
volumeClaimTemplates: | |
- metadata: | |
name: elasticsearch-master | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 10Gi | |
template: | |
metadata: | |
name: "elasticsearch-master" | |
labels: | |
heritage: "Tiller" | |
release: "elasticsearch" | |
chart: "elasticsearch-7.1.1" | |
app: "elasticsearch-master" | |
annotations: | |
configchecksum: 639129bc41278680232d2c291b0ea3991743a8e1c431f2a1236253cafe70c9b | |
spec: | |
securityContext: | |
fsGroup: 1000 | |
affinity: | |
podAntiAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
- labelSelector: | |
matchExpressions: | |
- key: app | |
operator: In | |
values: | |
- "elasticsearch-master" | |
topologyKey: kubernetes.io/hostname | |
terminationGracePeriodSeconds: 120 | |
volumes: | |
- name: elastic-certificates | |
secret: | |
secretName: elastic-certificates | |
- name: esconfig | |
configMap: | |
name: elasticsearch-master-config | |
initContainers: | |
- name: configure-sysctl | |
securityContext: | |
runAsUser: 0 | |
privileged: true | |
image: "docker.elastic.co/elasticsearch/elasticsearch:7.1.1" | |
command: ["sysctl", "-w", "vm.max_map_count=262144"] | |
resources: | |
{} | |
containers: | |
- name: "elasticsearch" | |
image: "docker.elastic.co/elasticsearch/elasticsearch:7.1.1" | |
imagePullPolicy: "IfNotPresent" | |
readinessProbe: | |
failureThreshold: 3 | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
successThreshold: 3 | |
timeoutSeconds: 5 | |
exec: | |
command: | |
- sh | |
- -c | |
- | | |
#!/usr/bin/env bash -e | |
# If the node is starting up wait for the cluster to be ready (request params: 'wait_for_status=green&timeout=1s' ) | |
# Once it has started only check that the node itself is responding | |
START_FILE=/tmp/.es_start_file | |
http () { | |
local path="${1}" | |
if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then | |
BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}" | |
else | |
BASIC_AUTH='' | |
fi | |
curl -XGET -s -k --fail ${BASIC_AUTH} http://127.0.0.1:9200${path} | |
} | |
if [ -f "${START_FILE}" ]; then | |
echo 'Elasticsearch is already running, lets check the node is healthy' | |
http "/" | |
else | |
echo 'Waiting for elasticsearch cluster to become cluster to be ready (request params: "wait_for_status=green&timeout=1s" )' | |
if http "/_cluster/health?wait_for_status=green&timeout=1s" ; then | |
touch ${START_FILE} | |
exit 0 | |
else | |
echo 'Cluster is not yet ready (request params: "wait_for_status=green&timeout=1s" )' | |
exit 1 | |
fi | |
fi | |
ports: | |
- name: http | |
containerPort: 9200 | |
- name: transport | |
containerPort: 9300 | |
resources: | |
limits: | |
cpu: 1000m | |
memory: 2Gi | |
requests: | |
cpu: 100m | |
memory: 2Gi | |
env: | |
- name: node.name | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: cluster.initial_master_nodes | |
value: "elasticsearch-master-0," | |
- name: discovery.seed_hosts | |
value: "elasticsearch-master-headless" | |
- name: cluster.name | |
value: "elasticsearch" | |
- name: network.host | |
value: "0.0.0.0" | |
- name: ES_JAVA_OPTS | |
value: "-Xmx1g -Xms1g" | |
- name: node.data | |
value: "true" | |
- name: node.ingest | |
value: "true" | |
- name: node.master | |
value: "true" | |
- name: ELASTIC_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: password | |
name: elastic-credentials | |
- name: ELASTIC_USERNAME | |
valueFrom: | |
secretKeyRef: | |
key: username | |
name: elastic-credentials | |
volumeMounts: | |
- name: "elasticsearch-master" | |
mountPath: /usr/share/elasticsearch/data | |
- name: elastic-certificates | |
mountPath: /usr/share/elasticsearch/config/certs | |
- name: esconfig | |
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml | |
subPath: elasticsearch.yml | |
# This sidecar will prevent slow master re-election | |
# https://github.com/elastic/helm-charts/issues/63 | |
- name: elasticsearch-master-graceful-termination-handler | |
image: "docker.elastic.co/elasticsearch/elasticsearch:7.1.1" | |
imagePullPolicy: "IfNotPresent" | |
command: | |
- "sh" | |
- -c | |
- | | |
#!/usr/bin/env bash | |
set -eo pipefail | |
http () { | |
local path="${1}" | |
if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then | |
BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}" | |
else | |
BASIC_AUTH='' | |
fi | |
curl -XGET -s -k --fail ${BASIC_AUTH} http://elasticsearch-master:9200${path} | |
} | |
cleanup () { | |
while true ; do | |
local master="$(http "/_cat/master?h=node")" | |
if [[ $master == "elasticsearch-master"* && $master != "${NODE_NAME}" ]]; then | |
echo "This node is not master." | |
break | |
fi | |
echo "This node is still master, waiting gracefully for it to step down" | |
sleep 1 | |
done | |
exit 0 | |
} | |
trap cleanup SIGTERM | |
sleep infinity & | |
wait $! | |
env: | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: ELASTIC_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: password | |
name: elastic-credentials | |
- name: ELASTIC_USERNAME | |
valueFrom: | |
secretKeyRef: | |
key: username | |
name: elastic-credentials |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment