Elasticsearch: Add ingress, remove node ports

This adds an ingress to the Elasticsearch chart, allowing for the
exposure of the Elasticsearch cluster externally if required.

This also removes the node ports from the data and discovery
services, as these ports should not be used beyond service
discovery by the elasticsearch nodes. It moves the node port for
the client service under the network.elasticsearch key to match
the network tree for the other services

Change-Id: Ia989eff87b8c9f112c697ae309bbb971dc699aa5
This commit is contained in:
Steve Wilkerson 2018-08-14 09:57:17 -05:00
parent 55424bacfd
commit cd88fc44fc
6 changed files with 64 additions and 24 deletions

View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.ingress .Values.network.elasticsearch.ingress.public }}
{{- $ingressOpts := dict "envAll" . "backendService" "elasticsearch" "backendServiceType" "elasticsearch" "backendPort" "http" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}

View File

@ -25,12 +25,6 @@ spec:
ports: ports:
- name: transport - name: transport
port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.data.node_port.enabled }}
nodePort: {{ .Values.network.data.node_port.port }}
{{- end }}
selector: selector:
{{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- if .Values.network.data.node_port.enabled }}
type: NodePort
{{- end }}
{{- end }} {{- end }}

View File

@ -25,12 +25,6 @@ spec:
ports: ports:
- name: transport - name: transport
port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.discovery.node_port.enabled }}
nodePort: {{ .Values.network.discovery.node_port.port }}
{{- end }}
selector: selector:
{{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- if .Values.network.discovery.node_port.enabled }}
type: NodePort
{{- end }}
{{- end }} {{- end }}

View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.service_ingress .Values.network.elasticsearch.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "elasticsearch" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}

View File

@ -25,12 +25,12 @@ spec:
ports: ports:
- name: http - name: http
port: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} port: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.client.node_port.enabled }} {{- if .Values.network.elasticsearch.node_port.enabled }}
nodePort: {{ .Values.network.client.node_port.port }} nodePort: {{ .Values.network.elasticsearch.node_port.port }}
{{- end }} {{- end }}
selector: selector:
{{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- if .Values.network.client.node_port.enabled }} {{- if .Values.network.elasticsearch.node_port.enabled }}
type: NodePort type: NodePort
{{- end }} {{- end }}
{{- end }} {{- end }}

View File

@ -174,6 +174,10 @@ pod:
secrets: secrets:
elasticsearch: elasticsearch:
user: elasticsearch-admin-creds user: elasticsearch-admin-creds
tls:
elasticsearch:
elasticsearch:
public: elasticsearch-tls-public
conf: conf:
httpd: | httpd: |
@ -461,6 +465,13 @@ endpoints:
public: elasticsearch public: elasticsearch
host_fqdn_override: host_fqdn_override:
default: null default: null
# NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path: path:
default: null default: null
scheme: scheme:
@ -509,18 +520,17 @@ monitoring:
scrape: true scrape: true
network: network:
client: elasticsearch:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
node_port: node_port:
enabled: false enabled: false
port: 30920 port: 30920
discovery:
node_port:
enabled: false
port: 30930
data:
node_port:
enabled: false
port: 30931
storage: storage:
elasticsearch: elasticsearch:
@ -547,6 +557,7 @@ manifests:
cron_curator: true cron_curator: true
deployment_client: true deployment_client: true
deployment_master: true deployment_master: true
ingress: true
job_image_repo_sync: true job_image_repo_sync: true
job_snapshot_repository: false job_snapshot_repository: false
helm_tests: true helm_tests: true
@ -560,5 +571,6 @@ manifests:
pvc_snapshots: true pvc_snapshots: true
service_data: true service_data: true
service_discovery: true service_discovery: true
service_ingress: true
service_logging: true service_logging: true
statefulset_data: true statefulset_data: true