| # RBAC authn and authz |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: elasticsearch-logging |
| namespace: kube-system |
| labels: |
| k8s-app: elasticsearch-logging |
| kubernetes.io/cluster-service: "true" |
| addonmanager.kubernetes.io/mode: Reconcile |
| --- |
| kind: ClusterRole |
| apiVersion: rbac.authorization.k8s.io/v1 |
| metadata: |
| name: elasticsearch-logging |
| labels: |
| k8s-app: elasticsearch-logging |
| kubernetes.io/cluster-service: "true" |
| addonmanager.kubernetes.io/mode: Reconcile |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - "services" |
| - "namespaces" |
| - "endpoints" |
| verbs: |
| - "get" |
| --- |
| kind: ClusterRoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1 |
| metadata: |
| namespace: kube-system |
| name: elasticsearch-logging |
| labels: |
| k8s-app: elasticsearch-logging |
| kubernetes.io/cluster-service: "true" |
| addonmanager.kubernetes.io/mode: Reconcile |
| subjects: |
| - kind: ServiceAccount |
| name: elasticsearch-logging |
| namespace: kube-system |
| apiGroup: "" |
| roleRef: |
| kind: ClusterRole |
| name: elasticsearch-logging |
| apiGroup: "" |
| --- |
| # Elasticsearch deployment itself |
| apiVersion: apps/v1 |
| kind: StatefulSet |
| metadata: |
| name: elasticsearch-logging |
| namespace: kube-system |
| labels: |
| k8s-app: elasticsearch-logging |
| version: v6.3.0 |
| kubernetes.io/cluster-service: "true" |
| addonmanager.kubernetes.io/mode: Reconcile |
| spec: |
| serviceName: elasticsearch-logging |
| replicas: 2 |
| selector: |
| matchLabels: |
| k8s-app: elasticsearch-logging |
| version: v6.3.0 |
| template: |
| metadata: |
| labels: |
| k8s-app: elasticsearch-logging |
| version: v6.3.0 |
| kubernetes.io/cluster-service: "true" |
| spec: |
| serviceAccountName: elasticsearch-logging |
| containers: |
| - image: k8s.gcr.io/elasticsearch:v6.3.0 |
| name: elasticsearch-logging |
| resources: |
| # need more cpu upon initialization, therefore burstable class |
| limits: |
| cpu: 1000m |
| requests: |
| cpu: 100m |
| ports: |
| - containerPort: 9200 |
| name: db |
| protocol: TCP |
| - containerPort: 9300 |
| name: transport |
| protocol: TCP |
| volumeMounts: |
| - name: elasticsearch-logging |
| mountPath: /data |
| env: |
| - name: "NAMESPACE" |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.namespace |
| volumes: |
| - name: elasticsearch-logging |
| emptyDir: {} |
| # Elasticsearch requires vm.max_map_count to be at least 262144. |
| # If your OS already sets up this number to a higher value, feel free |
| # to remove this init container. |
| initContainers: |
| - image: alpine:3.6 |
| command: ["/sbin/sysctl", "-w", "vm.max_map_count=262144"] |
| name: elasticsearch-logging-init |
| securityContext: |
| privileged: true |