openstack/openstack-helm-infra
Code Issues Proposed changes

Add Elasticsearch to OSH Infra

Browse Source 
This moves the Elasticsearch chart to OSH infra, along with rbac
rules for running Elasticsearch. It includes a cronjob for running
ES Curator for cleaning up old indices

Change-Id: I69fcbe8b77de8b594eba5340a6e4340f389ba5bf
This commit is contained in:
Steve Wilkerson 2017-11-28 16:44:03 -06:00
parent 9051ec4ac2
commit 4b94e47c94
24 changed files with 1420 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
elasticsearch/Chart.yaml Normal file
View File

@ -0,0 +1,24 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: OpenStack-Helm ElasticSearch
name: elasticsearch
version: 0.1.0
home: https://www.elastic.co/
sources:
- https://github.com/elastic/elasticsearch
- https://git.openstack.org/cgit/openstack/openstack-helm-addons
maintainers:
- name: OpenStack-Helm Authors

18
elasticsearch/requirements.yaml Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

20
elasticsearch/templates/bin/_curator.sh.tpl Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
exec /usr/bin/curator --config /etc/config/config.yml /etc/config/action_file.yml

30
elasticsearch/templates/bin/_elasticsearch.sh.tpl Normal file
View File

@ -0,0 +1,30 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
COMMAND="${@:-start}"
function start () {
ulimit -l unlimited
exec /docker-entrypoint.sh elasticsearch
}
function stop () {
kill -TERM 1
}
$COMMAND

81
elasticsearch/templates/bin/_helm-tests.sh.tpl Normal file
View File

@ -0,0 +1,81 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
function create_index () {
index_result=$(curl -XPUT "${ELASTICSEARCH_ENDPOINT}/test_index?pretty" -H 'Content-Type: application/json' -d'
{
"settings" : {
"index" : {
"number_of_shards" : 3,
"number_of_replicas" : 2
}
}
}
' | python -c "import sys, json; print json.load(sys.stdin)['acknowledged']")
if [ "$index_result" == "True" ];
then
echo "PASS: Test index created!"
else
echo "FAIL: Test index not created!";
exit 1;
fi
}
function insert_test_data () {
insert_result=$(curl -XPUT "${ELASTICSEARCH_ENDPOINT}/sample_index/sample_type/123/_create?pretty" -H 'Content-Type: application/json' -d'
{
"name" : "Elasticsearch",
"message" : "Test data text entry"
}
' | python -c "import sys, json; print json.load(sys.stdin)['created']")
if [ "$insert_result" == "True" ]; then
sleep 20
echo "PASS: Test data inserted into test index!"
else
echo "FAIL: Test data not inserted into test index!";
exit 1;
fi
}
function check_hits () {
total_hits=$(curl -XGET "${ELASTICSEARCH_ENDPOINT}/_search?pretty" -H 'Content-Type: application/json' -d'
{
"query" : {
"bool": {
"must": [
{ "match": { "name": "Elasticsearch" }},
{ "match": { "message": "Test data text entry" }}
]
}
}
}
' | python -c "import sys, json; print json.load(sys.stdin)['hits']['total']")
if [ "$total_hits" -gt 0 ]; then
echo "PASS: Successful hits on test data query!"
else
echo "FAIL: No hits on query for test data! Exiting";
exit 1;
fi
}
create_index
insert_test_data
check_hits

41
elasticsearch/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,41 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.clusterrole }}
{{- $envAll := . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: elasticsearch-runner
rules:
- nonResourceURLs:
- /
verbs:
- get
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- apps
resources:
- statefulsets/status
verbs:
- get
{{- end -}}

32
elasticsearch/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,32 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.clusterrolebinding }}
{{- $envAll := . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: run-elasticsearch
subjects:
- kind: ServiceAccount
name: elasticsearch
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: elasticsearch-runner
apiGroup: rbac.authorization.k8s.io
{{- end }}

33
elasticsearch/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,33 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: elastic-bin
data:
elasticsearch.sh: |
{{ tuple "bin/_elasticsearch.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
helm-tests.sh: |
{{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
curator.sh: |
{{ tuple "bin/_curator.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
image-repo-sync.sh: |+
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
{{- end }}

33
elasticsearch/templates/configmap-etc.yaml Normal file
View File

@ -0,0 +1,33 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: elastic-etc
data:
elasticsearch.yml: |+
{{- tuple .Values.conf.elasticsearch "etc/_elasticsearch.yml.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
log4j2.properties: |+
{{- tuple .Values.conf.elasticsearch "etc/_log4j2.properties.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
action_file.yml:
{{ toYaml .Values.conf.curator.action_file | indent 4 }}
config.yml:
{{ toYaml .Values.conf.curator.config | indent 4 }}
{{- end }}

72
elasticsearch/templates/cron-job-curator.yaml Normal file
View File

@ -0,0 +1,72 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.cron_curator }}
{{- if .Capabilities.APIVersions.Has "batch/v2alpha1" }}
{{- $envAll := . }}
{{- $_ := set .Values "pod_dependency" .Values.dependencies.curator -}}
---
apiVersion: batch/v2alpha1
kind: CronJob
metadata:
name: curator
spec:
schedule: {{ .Values.conf.curator.schedule }}
jobTemplate:
metadata:
labels:
{{ tuple $envAll "elasticsearch" "curator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
template:
spec:
restartPolicy: OnFailure
initContainers:
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
containers:
- name: curator
{{ tuple $envAll "curator" | include "helm-toolkit.snippets.image" | indent 14 }}
command:
- /tmp/curator.sh
{{ tuple $envAll $envAll.Values.pod.resources.jobs.curator | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
volumeMounts:
- name: pod-etc-curator
mountPath: /etc/config
- name: elastic-bin
mountPath: /tmp/curator.sh
subPath: curator.sh
readOnly: true
- name: elastic-etc
mountPath: /etc/config/config.yml
subPath: config.yml
readOnly: true
- name: elastic-etc
mountPath: /etc/config/action_file.yml
subPath: action_file.yml
readOnly: true
volumes:
- name: pod-etc-curator
emptyDir: {}
- name: elastic-bin
configMap:
name: elastic-bin
defaultMode: 0555
- name: elastic-etc
configMap:
name: elastic-etc
defaultMode: 0444
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 12 }}
{{- end }}
{{- end }}

133
elasticsearch/templates/deployment-client.yaml Normal file
View File

@ -0,0 +1,133 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_client }}
{{- $envAll := . }}
{{- if .Values.images.local_registry.active -}}
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.elasticsearch_client .Values.conditional_dependencies.local_image_registry) -}}
{{- else -}}
{{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_client -}}
{{- end -}}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: elasticsearch-client
spec:
replicas: {{ .Values.pod.replicas.client }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccount: elasticsearch
affinity:
{{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.client.timeout | default "600" }}
initContainers:
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: memory-map-increase
securityContext:
privileged: true
runAsUser: 0
{{ tuple $envAll "memory_init" | include "helm-toolkit.snippets.image" | indent 10 }}
command:
- sysctl
- -w
- vm.max_map_count={{ .Values.conf.init.max_map_count }}
containers:
- name: elasticsearch-client
securityContext:
privileged: true
capabilities:
add:
- IPC_LOCK
- SYS_RESOURCE
{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.client | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
command:
- /tmp/elasticsearch.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/elasticsearch.sh
- stop
ports:
- name: http
containerPort: {{ .Values.network.client.port }}
- name: transport
containerPort: {{ .Values.network.discovery.port }}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_MASTER
value: "false"
- name: NODE_DATA
value: "false"
- name: HTTP_ENABLE
value: "true"
- name: DISCOVERY_SERVICE
value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- name: ES_JAVA_OPTS
value: "{{ .Values.conf.elasticsearch.env.java_opts }}"
volumeMounts:
- name: elastic-logs
mountPath: {{ .Values.conf.elasticsearch.path.logs }}
- name: elastic-bin
mountPath: /tmp/elasticsearch.sh
subPath: elasticsearch.sh
readOnly: true
- name: elastic-config
mountPath: /usr/share/elasticsearch/config
- name: elastic-etc
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
subPath: elasticsearch.yml
readOnly: true
- name: elastic-etc
mountPath: /usr/share/elasticsearch/config/log4j2.properties
subPath: log4j2.properties
readOnly: true
- name: storage
mountPath: {{ .Values.conf.elasticsearch.path.data }}
volumes:
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
- name: elastic-logs
emptyDir: {}
- name: elastic-bin
configMap:
name: elastic-bin
defaultMode: 0555
- name: elastic-config
emptyDir: {}
- name: elastic-etc
configMap:
name: elastic-etc
defaultMode: 0444
- name: storage
emptyDir: {}
{{- end }}

133
elasticsearch/templates/deployment-master.yaml Normal file
View File

@ -0,0 +1,133 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_master }}
{{- $envAll := . }}
{{- if .Values.images.local_registry.active -}}
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.elasticsearch_master .Values.conditional_dependencies.local_image_registry) -}}
{{- else -}}
{{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_master -}}
{{- end -}}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: elasticsearch-master
spec:
replicas: {{ .Values.pod.replicas.master }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccount: elasticsearch
affinity:
{{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.master.timeout | default "600" }}
initContainers:
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: memory-map-increase
securityContext:
privileged: true
runAsUser: 0
{{ tuple $envAll "memory_init" | include "helm-toolkit.snippets.image" | indent 10 }}
command:
- sysctl
- -w
- vm.max_map_count={{ .Values.conf.init.max_map_count }}
containers:
- name: elasticsearch-master
securityContext:
privileged: true
capabilities:
add:
- IPC_LOCK
- SYS_RESOURCE
{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.master | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
command:
- /tmp/elasticsearch.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/elasticsearch.sh
- stop
ports:
- name: http
containerPort: {{ .Values.network.client.port }}
- name: transport
containerPort: {{ .Values.network.discovery.port }}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_MASTER
value: "true"
- name: NODE_DATA
value: "false"
- name: HTTP_ENABLE
value: "false"
- name: DISCOVERY_SERVICE
value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- name: ES_JAVA_OPTS
value: "{{ .Values.conf.elasticsearch.env.java_opts }}"
volumeMounts:
- name: elastic-logs
mountPath: {{ .Values.conf.elasticsearch.path.logs }}
- name: elastic-bin
mountPath: /tmp/elasticsearch.sh
subPath: elasticsearch.sh
readOnly: true
- name: elastic-config
mountPath: /usr/share/elasticsearch/config
- name: elastic-etc
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
subPath: elasticsearch.yml
readOnly: true
- name: elastic-etc
mountPath: /usr/share/elasticsearch/config/log4j2.properties
subPath: log4j2.properties
readOnly: true
- name: storage
mountPath: {{ .Values.conf.elasticsearch.path.data }}
volumes:
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
- name: elastic-logs
emptyDir: {}
- name: elastic-bin
configMap:
name: elastic-bin
defaultMode: 0555
- name: elastic-config
emptyDir: {}
- name: elastic-etc
configMap:
name: elastic-etc
defaultMode: 0444
- name: storage
emptyDir: {}
{{- end }}

42
elasticsearch/templates/etc/_elasticsearch.yml.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
cluster:
name: {{ .Values.conf.elasticsearch.cluster.name }}
node:
master: ${NODE_MASTER}
data: ${NODE_DATA}
name: ${NODE_NAME}
max_local_storage_nodes: {{ .Values.pod.replicas.data }}
network.host: {{ .Values.conf.elasticsearch.network.host }}
path:
data: {{ .Values.conf.elasticsearch.path.data }}
logs: {{ .Values.conf.elasticsearch.path.logs }}
bootstrap:
memory_lock: {{ .Values.conf.elasticsearch.bootstrap.memory_lock }}
http:
enabled: ${HTTP_ENABLE}
compression: true
discovery:
zen:
ping.unicast.hosts: ${DISCOVERY_SERVICE}
minimum_master_nodes: {{ .Values.conf.elasticsearch.zen.min_masters }}

37
elasticsearch/templates/etc/_log4j2.properties.tpl Normal file
View File

@ -0,0 +1,37 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
appender.console.type = Console
appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
appender.rolling.type = RollingFile
appender.rolling.name = rolling
appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${hostName}.log
appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${hostName}.log.%i
appender.rolling.layout.type = PatternLayout
appender.rolling.layout.pattern = [%d{DEFAULT}][%-5p][%-25c] %.10000m%n
appender.rolling.policies.type = Policies
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size=100MB
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.max = 5
appender.rolling.strategy.fileIndex = min
rootLogger.level = info
rootLogger.appenderRef.console.ref = console
rootLogger.appenderRef.rolling.ref = rolling

65
elasticsearch/templates/job-image-repo-sync.yaml Normal file
View File

@ -0,0 +1,65 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_image_repo_sync }}
{{- $envAll := . }}
{{- if .Values.images.local_registry.active -}}
{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}}
---
apiVersion: batch/v1
kind: Job
metadata:
name: elasticsearch-image-repo-sync
spec:
template:
metadata:
labels:
{{ tuple $envAll "elasticsearch" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: image-repo-sync
{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: LOCAL_REPO
value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
- name: IMAGE_SYNC_LIST
value: "{{ include "helm-toolkit.utils.image_sync_list" . }}"
command:
- /tmp/image-repo-sync.sh
volumeMounts:
- name: elasticsearch-bin
mountPath: /tmp/image-repo-sync.sh
subPath: image-repo-sync.sh
readOnly: true
- name: docker-socket
mountPath: /var/run/docker.sock
volumes:
- name: elasticsearch-bin
configMap:
name: elasticsearch-bin
defaultMode: 0555
- name: docker-socket
hostPath:
path: /var/run/docker.sock
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
{{- end }}
{{- end }}

48
elasticsearch/templates/pod-helm-tests.yaml Normal file
View File

@ -0,0 +1,48 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.helm_tests }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Pod
metadata:
name: "{{.Release.Name}}-test"
annotations:
"helm.sh/hook": test-success
spec:
restartPolicy: Never
containers:
- name: {{.Release.Name}}-helm-tests
{{ tuple $envAll "helm_tests" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
- /tmp/helm-tests.sh
env:
- name: ELASTICSEARCH_ENDPOINT
value: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
volumeMounts:
- name: elastic-bin
mountPath: /tmp/helm-tests.sh
subPath: helm-tests.sh
readOnly: true
volumes:
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 4 }}
- name: elastic-bin
configMap:
name: elastic-bin
defaultMode: 0555
{{- end }}

19
elasticsearch/templates/rbac-entrypoint.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.rbac_entrypoint }}
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_rbac"}}
{{- end }}

36
elasticsearch/templates/service-data.yaml Normal file
View File

@ -0,0 +1,36 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_data }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "elasticsearch" "data" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: transport
port: {{ .Values.network.data.port }}
{{- if .Values.network.data.node_port.enabled }}
nodePort: {{ .Values.network.data.node_port.port }}
{{- end }}
selector:
{{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- if .Values.network.data.node_port.enabled }}
type: NodePort
{{- end }}
{{- end }}

36
elasticsearch/templates/service-discovery.yaml Normal file
View File

@ -0,0 +1,36 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_discovery }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: transport
port: {{ .Values.network.discovery.port }}
{{- if .Values.network.discovery.node_port.enabled }}
nodePort: {{ .Values.network.discovery.node_port.port }}
{{- end }}
selector:
{{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- if .Values.network.discovery.node_port.enabled }}
type: NodePort
{{- end }}
{{- end }}

36
elasticsearch/templates/service-logging.yaml Normal file
View File

@ -0,0 +1,36 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_logging }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "elasticsearch" "default" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: http
port: {{ .Values.network.client.port }}
{{- if .Values.network.client.node_port.enabled }}
nodePort: {{ .Values.network.client.node_port.port }}
{{- end }}
selector:
{{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- if .Values.network.client.node_port.enabled }}
type: NodePort
{{- end }}
{{- end }}

22
elasticsearch/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,22 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.serviceaccount }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: elasticsearch
{{- end }}

140
elasticsearch/templates/statefulset-data.yaml Normal file
View File

@ -0,0 +1,140 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.statefulset_data }}
{{- $envAll := . }}
{{- if .Values.images.local_registry.active -}}
{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.elasticsearch_data .Values.conditional_dependencies.local_image_registry) -}}
{{- else -}}
{{- $_ := set .Values "pod_dependency" .Values.dependencies.elasticsearch_data -}}
{{- end -}}
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: elasticsearch-data
spec:
serviceName: {{ tuple "elasticsearch" "data" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
replicas: {{ .Values.pod.replicas.data }}
template:
metadata:
labels:
{{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccount: elasticsearch
affinity:
{{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.data.timeout | default "600" }}
initContainers:
{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: memory-map-increase
securityContext:
privileged: true
runAsUser: 0
{{ tuple $envAll "memory_init" | include "helm-toolkit.snippets.image" | indent 10 }}
command:
- sysctl
- -w
- vm.max_map_count={{ .Values.conf.init.max_map_count }}
containers:
- name: elasticsearch-data
securityContext:
privileged: true
capabilities:
add:
- IPC_LOCK
- SYS_RESOURCE
{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.data | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
command:
- /tmp/elasticsearch.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/elasticsearch.sh
- stop
ports:
- name: transport
containerPort: {{ .Values.network.data.port }}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_MASTER
value: "false"
- name: NODE_DATA
value: "true"
- name: HTTP_ENABLE
value: "false"
- name: ES_JAVA_OPTS
value: "{{ .Values.conf.elasticsearch.env.java_opts }}"
- name: DISCOVERY_SERVICE
value: {{ tuple "elasticsearch" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
volumeMounts:
- name: elastic-logs
mountPath: {{ .Values.conf.elasticsearch.path.logs }}
- name: elastic-bin
mountPath: /tmp/elasticsearch.sh
subPath: elasticsearch.sh
readOnly: true
- name: elastic-config
mountPath: /usr/share/elasticsearch/config
- name: elastic-etc
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
subPath: elasticsearch.yml
readOnly: true
- name: elastic-etc
mountPath: /usr/share/elasticsearch/config/log4j2.properties
subPath: log4j2.properties
readOnly: true
- name: storage
mountPath: {{ .Values.conf.elasticsearch.path.data }}
volumes:
{{ tuple . | include "helm-toolkit.snippets.kubernetes_entrypoint_secret_mount" | indent 8 }}
- name: elastic-logs
emptyDir: {}
- name: elastic-bin
configMap:
name: elastic-bin
defaultMode: 0555
- name: elastic-config
emptyDir: {}
- name: elastic-etc
configMap:
name: elastic-etc
defaultMode: 0444
{{- if not .Values.storage.enabled }}
- name: storage
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: storage
spec:
accessModes: {{ .Values.storage.pvc.access_mode }}
resources:
requests:
storage: {{ .Values.storage.requests.storage }}
storageClassName: {{ .Values.storage.storage_class }}
{{- end }}
{{- end }}

271
elasticsearch/values.yaml Normal file
View File

@ -0,0 +1,271 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for elasticsearch
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
images:
tags:
memory_init: docker.io/kolla/ubuntu-source-kolla-toolbox:4.0.0
curator: docker.io/bobrik/curator:5.2.0
elasticsearch: docker.io/elasticsearch:5.4.2
helm_tests: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies:
elasticsearch_client:
services: null
elasticsearch_master:
services: null
elasticsearch_data:
services: null
curator:
services: null
image_repo_sync:
services:
- service: local_image_registry
endpoint: internal
conditional_dependencies:
local_image_registry:
jobs:
- elasticsearch-image-repo-sync
services:
- service: local_image_registry
endpoint: node
pod:
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
replicas:
master: 3
data: 3
client: 2
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
termination_grace_period:
master:
timeout: 600
data:
timeout: 600
client:
timeout: 600
resources:
enabled: false
client:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
master:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
data:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
curator:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conf:
init:
max_map_count: 262144
curator:
schedule: 1 0 * * *
action_file: |
---
# Remember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
#
# Also remember that all examples have 'disable_action' set to True. If you
# want to use this action as a template, be sure to set this to False after
# copying it.
actions:
1:
action: delete_indices
description: "Clean up ES by deleting old indices"
options:
timeout_override:
continue_if_exception: False
disable_action: False
filters:
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 30
field:
stats_result:
epoch:
exclude: False
config: |
---
# Remember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
client:
hosts:
- elasticsearch-logging
port: 9200
url_prefix:
use_ssl: False
certificate:
client_cert:
client_key:
ssl_no_validate: False
http_auth:
timeout: 30
master_only: False
logging:
loglevel: INFO
logfile:
logformat: default
blacklist: ['elasticsearch', 'urllib3']
elasticsearch:
override:
prefix:
append:
bootstrap:
memory_lock: true
cluster:
name: elasticsearch
network:
host: 0.0.0.0
path:
data: /usr/share/elasticsearch/data
logs: /usr/share/elasticsearch/logs
zen:
min_masters: 2
env:
java_opts: "-Xms256m -Xmx256m"
log4j2:
override:
prefix:
append:
endpoints:
cluster_domain_suffix: cluster.local
elasticsearch:
name: elasticsearch
namespace: null
hosts:
data: elasticsearch-data
default: elasticsearch-logging
discovery: elasticsearch-discovery
public: elasticsearch
host_fqdn_override:
default: null
path:
default: null
scheme:
default: http
port:
client:
default: 9200
discovery:
default: 9300
network:
client:
port: 9200
node_port:
enabled: false
port: 30920
discovery:
port: 9300
node_port:
enabled: false
port: 30930
data:
port: 9300
node_port:
enabled: false
port: 30931
storage:
enabled: true
pvc:
name: pvc-elastic
access_mode: [ "ReadWriteMany" ]
requests:
storage: 5Gi
storage_class: general
manifests:
clusterrole: true
clusterrolebinding: true
configmap_bin: true
configmap_etc: true
cron_curator: true
deployment_client: true
deployment_master: true
job_image_repo_sync: true
helm_tests: true
rbac_entrypoint: true
serviceaccount: true
service_data: true
service_discovery: true
service_logging: true
statefulset_data: true

18
tools/gate/chart-deploys/default.yaml
View File

@ -28,6 +28,11 @@ chart_groups:
- kube_state_metrics - kube_state_metrics
- alertmanager - alertmanager
- name: openstack_infra_logging
timeout: 600
charts:
- openstack_elasticsearch
charts: charts:
docker_registry_nfs_provisioner: docker_registry_nfs_provisioner:
chart_name: nfs-provisioner chart_name: nfs-provisioner
@ -122,3 +127,16 @@ charts:
alertmanager: alertmanager:
ingress: ingress:
public: false public: false
openstack_elasticsearch:
chart_name: elasticsearch
release: elasticsearch
namespace: openstack
timeout: 300
test:
enabled: true
timeout: 300
output: false
values:
storage:
enabled: false