openstack/openstack-helm-infra
Code Issues Proposed changes

Elasticsearch: Add curator snapshot action and PVC for fs repo

Browse Source 
This provides an example action in the curator config for taking
snapshots of the elasticsearch indexes. As the snapshot action
requires a repository registered with Elasticsearch, this also
adds a PVC for a filesystem repository backed with NFS and a job
for registering the repository with Elasticsearch.

Change-Id: I26b788c58f52844e997bde5002459bddc1bb685e
This commit is contained in:
Steve Wilkerson 2017-12-12 16:54:23 -06:00
parent 2be5abec3d
commit 45ba95a2de
12 changed files with 231 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
elasticsearch/templates/serviceaccount.yaml → elasticsearch/templates/bin/_register-repository.sh.tpl
View File

@ -1,3 +1,4 @@
#!/bin/bash
{{/* {{/*
Copyright 2017 The Openstack-Helm Authors. Copyright 2017 The Openstack-Helm Authors.
@ -14,9 +15,13 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests.serviceaccount }} set -ex
apiVersion: v1
kind: ServiceAccount exec curl -X PUT "${ELASTICSEARCH_ENDPOINT}/_snapshot/${REPO_NAME}" -H 'Content-Type: application/json' -d'
metadata: {
name: elasticsearch "type": "'"$REPO_TYPE"'",
{{- end }} "settings": {
"location": "'"$REPO_LOCATION"'",
"compress": true
}
}'

2
elasticsearch/templates/configmap-bin.yaml
View File

@ -26,6 +26,8 @@ data:
{{ tuple "bin/_elasticsearch.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_elasticsearch.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
helm-tests.sh: | helm-tests.sh: |
{{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
register-repository.sh: |
{{ tuple "bin/_register-repository.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
curator.sh: | curator.sh: |
{{ tuple "bin/_curator.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_curator.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
image-repo-sync.sh: |+ image-repo-sync.sh: |+

4
elasticsearch/templates/cron-job-curator.yaml
View File

@ -19,13 +19,13 @@ limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- $_ := set .Values "pod_dependency" .Values.dependencies.curator -}} {{- $_ := set .Values "pod_dependency" .Values.dependencies.curator -}}
{{- $serviceAccountName := "curator"}} {{- $serviceAccountName := "elastic-curator"}}
{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
apiVersion: batch/v2alpha1 apiVersion: batch/v2alpha1
kind: CronJob kind: CronJob
metadata: metadata:
name: curator name: elastic-curator
spec: spec:
schedule: {{ .Values.conf.curator.schedule | quote }} schedule: {{ .Values.conf.curator.schedule | quote }}
jobTemplate: jobTemplate:

13
elasticsearch/templates/deployment-client.yaml
View File

@ -22,6 +22,8 @@ limitations under the License.
{{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_client -}} {{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_client -}}
{{- end -}} {{- end -}}
{{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }}
{{- $serviceAccountName := "elasticsearch-client"}} {{- $serviceAccountName := "elasticsearch-client"}}
{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
@ -126,6 +128,11 @@ spec:
readOnly: true readOnly: true
- name: storage - name: storage
mountPath: {{ .Values.conf.elasticsearch.path.data }} mountPath: {{ .Values.conf.elasticsearch.path.data }}
{{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
mountPath: {{ .Values.conf.elasticsearch.path.repo }}
{{ end }}
{{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }}
volumes: volumes:
- name: elastic-logs - name: elastic-logs
emptyDir: {} emptyDir: {}
@ -141,4 +148,10 @@ spec:
defaultMode: 0444 defaultMode: 0444
- name: storage - name: storage
emptyDir: {} emptyDir: {}
{{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
persistentVolumeClaim:
claimName: {{ .Values.storage.filesystem_repository.pvc.name }}
{{ end }}
{{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }}
{{- end }} {{- end }}

13
elasticsearch/templates/deployment-master.yaml
View File

@ -22,6 +22,8 @@ limitations under the License.
{{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_master -}} {{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_master -}}
{{- end -}} {{- end -}}
{{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }}
{{- $serviceAccountName := "elasticsearch-master"}} {{- $serviceAccountName := "elasticsearch-master"}}
{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
@ -120,6 +122,11 @@ spec:
readOnly: true readOnly: true
- name: storage - name: storage
mountPath: {{ .Values.conf.elasticsearch.path.data }} mountPath: {{ .Values.conf.elasticsearch.path.data }}
{{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
mountPath: {{ .Values.conf.elasticsearch.path.repo }}
{{ end }}
{{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }}
volumes: volumes:
- name: elastic-logs - name: elastic-logs
emptyDir: {} emptyDir: {}
@ -135,4 +142,10 @@ spec:
defaultMode: 0444 defaultMode: 0444
- name: storage - name: storage
emptyDir: {} emptyDir: {}
{{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
persistentVolumeClaim:
claimName: {{ .Values.storage.filesystem_repository.pvc.name }}
{{ end }}
{{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }}
{{- end }} {{- end }}

1
elasticsearch/templates/etc/_elasticsearch.yml.tpl
View File

@ -28,6 +28,7 @@ network.host: {{ .Values.conf.elasticsearch.network.host }}
path: path:
data: {{ .Values.conf.elasticsearch.path.data }} data: {{ .Values.conf.elasticsearch.path.data }}
logs: {{ .Values.conf.elasticsearch.path.logs }} logs: {{ .Values.conf.elasticsearch.path.logs }}
repo: {{ .Values.conf.elasticsearch.path.repo }}
bootstrap: bootstrap:
memory_lock: {{ .Values.conf.elasticsearch.bootstrap.memory_lock }} memory_lock: {{ .Values.conf.elasticsearch.bootstrap.memory_lock }}

6
elasticsearch/templates/job-image-repo-sync.yaml
View File

@ -50,16 +50,16 @@ spec:
command: command:
- /tmp/image-repo-sync.sh - /tmp/image-repo-sync.sh
volumeMounts: volumeMounts:
- name: elasticsearch-bin - name: elastic-bin
mountPath: /tmp/image-repo-sync.sh mountPath: /tmp/image-repo-sync.sh
subPath: image-repo-sync.sh subPath: image-repo-sync.sh
readOnly: true readOnly: true
- name: docker-socket - name: docker-socket
mountPath: /var/run/docker.sock mountPath: /var/run/docker.sock
volumes: volumes:
- name: elasticsearch-bin - name: elastic-bin
configMap: configMap:
name: elasticsearch-bin name: elastic-bin
defaultMode: 0555 defaultMode: 0555
- name: docker-socket - name: docker-socket
hostPath: hostPath:

65
elasticsearch/templates/job-register-snapshot-repository.yaml Normal file
View File

@ -0,0 +1,65 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_snapshot_repository }}
{{- $envAll := . }}
{{- $_ := set .Values "pod_dependency" .Values.dependencies.snapshot_repository -}}
{{- $serviceAccountName := "elasticsearch-register-snapshot-repository" }}
{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: elasticsearch-register-snapshot-repository
spec:
template:
metadata:
labels:
{{ tuple $envAll "elasticsearch" "snapshot-repository" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: register-snapshot-repository
{{ tuple $envAll "snapshot_repository" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.snapshot_repository | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: ELASTICSEARCH_ENDPOINT
value: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
- name: REPO_NAME
value: {{ .Values.conf.elasticsearch.repository.name | quote }}
- name: REPO_TYPE
value: {{ .Values.conf.elasticsearch.repository.type | quote }}
- name: REPO_LOCATION
value: {{ .Values.conf.elasticsearch.path.repo | quote }}
command:
- /tmp/register-repository.sh
volumeMounts:
- name: elastic-bin
mountPath: /tmp/register-repository.sh
subPath: register-repository.sh
readOnly: true
volumes:
- name: elastic-bin
configMap:
name: elastic-bin
defaultMode: 0555
{{- end }}

33
elasticsearch/templates/pvc-snapshots.yaml Normal file
View File

@ -0,0 +1,33 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.pvc_snapshots }}
{{- if .Values.storage.filesystem_repository.enabled }}
{{- $envAll := . }}
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.storage.filesystem_repository.pvc.name }}
spec:
accessModes:
- {{ .Values.storage.filesystem_repository.pvc.access_mode }}
resources:
requests:
storage: {{ .Values.storage.filesystem_repository.requests.storage }}
storageClassName: {{ .Values.storage.filesystem_repository.storage_class }}
{{- end }}
{{- end }}

21
elasticsearch/templates/statefulset-data.yaml
View File

@ -22,6 +22,8 @@ limitations under the License.
{{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_data -}} {{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_data -}}
{{- end -}} {{- end -}}
{{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }}
{{- $serviceAccountName := "elasticsearch-data"}} {{- $serviceAccountName := "elasticsearch-data"}}
{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
@ -115,8 +117,13 @@ spec:
mountPath: /usr/share/elasticsearch/config/log4j2.properties mountPath: /usr/share/elasticsearch/config/log4j2.properties
subPath: log4j2.properties subPath: log4j2.properties
readOnly: true readOnly: true
{{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
mountPath: {{ .Values.conf.elasticsearch.path.repo }}
{{ end }}
- name: storage - name: storage
mountPath: {{ .Values.conf.elasticsearch.path.data }} mountPath: {{ .Values.conf.elasticsearch.path.data }}
{{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }}
volumes: volumes:
- name: elastic-logs - name: elastic-logs
emptyDir: {} emptyDir: {}
@ -130,7 +137,13 @@ spec:
configMap: configMap:
name: elastic-etc name: elastic-etc
defaultMode: 0444 defaultMode: 0444
{{- if not .Values.storage.enabled }} {{ if .Values.storage.filesystem_repository.enabled }}
- name: snapshots
persistentVolumeClaim:
claimName: {{ .Values.storage.filesystem_repository.pvc.name }}
{{ end }}
{{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }}
{{- if not .Values.storage.elasticsearch.enabled }}
- name: storage - name: storage
emptyDir: {} emptyDir: {}
{{- else }} {{- else }}
@ -138,10 +151,10 @@ spec:
- metadata: - metadata:
name: storage name: storage
spec: spec:
accessModes: {{ .Values.storage.pvc.access_mode }} accessModes: {{ .Values.storage.elasticsearch.pvc.access_mode }}
resources: resources:
requests: requests:
storage: {{ .Values.storage.requests.storage }} storage: {{ .Values.storage.elasticsearch.requests.storage }}
storageClassName: {{ .Values.storage.storage_class }} storageClassName: {{ .Values.storage.elasticsearch.storage_class }}
{{- end }} {{- end }}
{{- end }} {{- end }}

64
elasticsearch/values.yaml
View File

@ -18,11 +18,12 @@
images: images:
tags: tags:
memory_init: docker.io/kolla/ubuntu-source-kolla-toolbox:4.0.0 memory_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
curator: docker.io/bobrik/curator:5.2.0 curator: docker.io/bobrik/curator:5.2.0
elasticsearch: docker.io/elasticsearch:5.4.2 elasticsearch: docker.io/elasticsearch:5.4.2
helm_tests: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3 helm_tests: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
snapshot_repository: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
image_repo_sync: docker.io/docker:17.07.0 image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent" pull_policy: "IfNotPresent"
local_registry: local_registry:
@ -48,6 +49,10 @@ dependencies:
services: services:
- service: local_image_registry - service: local_image_registry
endpoint: internal endpoint: internal
snapshot_repository:
services:
- service: elasticsearch
endpoint: internal
conditional_dependencies: conditional_dependencies:
local_image_registry: local_image_registry:
@ -83,6 +88,9 @@ pod:
timeout: 600 timeout: 600
client: client:
timeout: 600 timeout: 600
mounts:
elasticsearch:
elasticsearch:
resources: resources:
enabled: false enabled: false
client: client:
@ -121,6 +129,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
snapshot_repository:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests: tests:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -149,7 +164,33 @@ conf:
options: options:
timeout_override: timeout_override:
continue_if_exception: False continue_if_exception: False
disable_action: False ignore_empty_list: True
disable_action: True
filters:
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 30
field:
stats_result:
epoch:
exclude: False
2:
action: snapshot
description: "Snapshot indices and send to configured repository"
options:
repository: default_repo
# Leaving this blank results in the default name format
name:
wait_for_completion: True
max_wait: 3600
wait_interval: 10
timeout_override:
ignore_empty_list: True
continue_if_exception: False
disable_action: True
filters: filters:
- filtertype: age - filtertype: age
source: name source: name
@ -195,6 +236,10 @@ conf:
path: path:
data: /usr/share/elasticsearch/data data: /usr/share/elasticsearch/data
logs: /usr/share/elasticsearch/logs logs: /usr/share/elasticsearch/logs
repo: /usr/share/elasticsearch/repo
repository:
name: default_repo
type: fs
zen: zen:
min_masters: 2 min_masters: 2
env: env:
@ -244,6 +289,7 @@ network:
port: 30931 port: 30931
storage: storage:
elasticsearch:
enabled: true enabled: true
pvc: pvc:
name: pvc-elastic name: pvc-elastic
@ -251,6 +297,15 @@ storage:
requests: requests:
storage: 5Gi storage: 5Gi
storage_class: general storage_class: general
filesystem_repository:
enabled: true
pvc:
name: pvc-snapshots
access_mode: ReadWriteMany
requests:
storage: 5Gi
storage_class: general
manifests: manifests:
clusterrole: true clusterrole: true
@ -262,8 +317,9 @@ manifests:
deployment_client: true deployment_client: true
deployment_master: true deployment_master: true
job_image_repo_sync: true job_image_repo_sync: true
job_snapshot_repository: true
helm_tests: true helm_tests: true
serviceaccount: true pvc_snapshots: true
service_data: true service_data: true
service_discovery: true service_discovery: true
service_logging: true service_logging: true

5
tools/gate/chart-deploys/default.yaml
View File

@ -141,7 +141,10 @@ charts:
output: false output: false
values: values:
storage: storage:
enabled: false elasticsearch:
storage_class: openstack-helm-bootstrap
filesystem_repository:
storage_class: openstack-helm-bootstrap
fluent_logging: fluent_logging:
chart_name: fluent-logging chart_name: fluent-logging