Elasticsearch: Add ingress, remove node ports
This adds an ingress to the Elasticsearch chart, allowing for the exposure of the Elasticsearch cluster externally if required. This also removes the node ports from the data and discovery services, as these ports should not be used beyond service discovery by the elasticsearch nodes. It moves the node port for the client service under the network.elasticsearch key to match the network tree for the other services Change-Id: Ia989eff87b8c9f112c697ae309bbb971dc699aa5
This commit is contained in:
parent
55424bacfd
commit
cd88fc44fc
20
elasticsearch/templates/ingress-elasticsearch.yaml
Normal file
20
elasticsearch/templates/ingress-elasticsearch.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.ingress .Values.network.elasticsearch.ingress.public }}
|
||||||
|
{{- $ingressOpts := dict "envAll" . "backendService" "elasticsearch" "backendServiceType" "elasticsearch" "backendPort" "http" -}}
|
||||||
|
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||||
|
{{- end }}
|
@ -25,12 +25,6 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
- name: transport
|
- name: transport
|
||||||
port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
{{- if .Values.network.data.node_port.enabled }}
|
|
||||||
nodePort: {{ .Values.network.data.node_port.port }}
|
|
||||||
{{- end }}
|
|
||||||
selector:
|
selector:
|
||||||
{{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
{{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
{{- if .Values.network.data.node_port.enabled }}
|
|
||||||
type: NodePort
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -25,12 +25,6 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
- name: transport
|
- name: transport
|
||||||
port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
{{- if .Values.network.discovery.node_port.enabled }}
|
|
||||||
nodePort: {{ .Values.network.discovery.node_port.port }}
|
|
||||||
{{- end }}
|
|
||||||
selector:
|
selector:
|
||||||
{{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
{{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
{{- if .Values.network.discovery.node_port.enabled }}
|
|
||||||
type: NodePort
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
20
elasticsearch/templates/service-ingress-elasticsearch.yaml
Normal file
20
elasticsearch/templates/service-ingress-elasticsearch.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.service_ingress .Values.network.elasticsearch.ingress.public }}
|
||||||
|
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "elasticsearch" -}}
|
||||||
|
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
|
||||||
|
{{- end }}
|
@ -25,12 +25,12 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
port: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
port: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
{{- if .Values.network.client.node_port.enabled }}
|
{{- if .Values.network.elasticsearch.node_port.enabled }}
|
||||||
nodePort: {{ .Values.network.client.node_port.port }}
|
nodePort: {{ .Values.network.elasticsearch.node_port.port }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
selector:
|
selector:
|
||||||
{{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
{{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
{{- if .Values.network.client.node_port.enabled }}
|
{{- if .Values.network.elasticsearch.node_port.enabled }}
|
||||||
type: NodePort
|
type: NodePort
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -174,6 +174,10 @@ pod:
|
|||||||
secrets:
|
secrets:
|
||||||
elasticsearch:
|
elasticsearch:
|
||||||
user: elasticsearch-admin-creds
|
user: elasticsearch-admin-creds
|
||||||
|
tls:
|
||||||
|
elasticsearch:
|
||||||
|
elasticsearch:
|
||||||
|
public: elasticsearch-tls-public
|
||||||
|
|
||||||
conf:
|
conf:
|
||||||
httpd: |
|
httpd: |
|
||||||
@ -461,6 +465,13 @@ endpoints:
|
|||||||
public: elasticsearch
|
public: elasticsearch
|
||||||
host_fqdn_override:
|
host_fqdn_override:
|
||||||
default: null
|
default: null
|
||||||
|
# NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public
|
||||||
|
# endpoints using the following format:
|
||||||
|
# public:
|
||||||
|
# host: null
|
||||||
|
# tls:
|
||||||
|
# crt: null
|
||||||
|
# key: null
|
||||||
path:
|
path:
|
||||||
default: null
|
default: null
|
||||||
scheme:
|
scheme:
|
||||||
@ -509,18 +520,17 @@ monitoring:
|
|||||||
scrape: true
|
scrape: true
|
||||||
|
|
||||||
network:
|
network:
|
||||||
client:
|
elasticsearch:
|
||||||
|
ingress:
|
||||||
|
public: true
|
||||||
|
classes:
|
||||||
|
namespace: "nginx"
|
||||||
|
cluster: "nginx-cluster"
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
node_port:
|
node_port:
|
||||||
enabled: false
|
enabled: false
|
||||||
port: 30920
|
port: 30920
|
||||||
discovery:
|
|
||||||
node_port:
|
|
||||||
enabled: false
|
|
||||||
port: 30930
|
|
||||||
data:
|
|
||||||
node_port:
|
|
||||||
enabled: false
|
|
||||||
port: 30931
|
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
elasticsearch:
|
elasticsearch:
|
||||||
@ -547,6 +557,7 @@ manifests:
|
|||||||
cron_curator: true
|
cron_curator: true
|
||||||
deployment_client: true
|
deployment_client: true
|
||||||
deployment_master: true
|
deployment_master: true
|
||||||
|
ingress: true
|
||||||
job_image_repo_sync: true
|
job_image_repo_sync: true
|
||||||
job_snapshot_repository: false
|
job_snapshot_repository: false
|
||||||
helm_tests: true
|
helm_tests: true
|
||||||
@ -560,5 +571,6 @@ manifests:
|
|||||||
pvc_snapshots: true
|
pvc_snapshots: true
|
||||||
service_data: true
|
service_data: true
|
||||||
service_discovery: true
|
service_discovery: true
|
||||||
|
service_ingress: true
|
||||||
service_logging: true
|
service_logging: true
|
||||||
statefulset_data: true
|
statefulset_data: true
|
||||||
|
Loading…
Reference in New Issue
Block a user