Google Git
Sign in
apache / openwhisk-deploy-kube / b6a72b35b4d16f7e5d0c3a432a7058853f175a29 / . / helm / openwhisk / templates / elasticsearch-pod.yaml
blob: d137854f86105f6b4770a30dabefae7892b53a5f [file] [log] [blame]
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
{{- if and (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }}
---
apiVersion: {{ template "elasticsearch.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ .Release.Name }}-elasticsearch
labels:
name: {{ .Release.Name }}-elasticsearch
{{ include "openwhisk.label_boilerplate" . | indent 4 }}
annotations:
esMajorVersion: "{{ include "elasticsearch.esMajorVersion" . }}"
spec:
serviceName: {{ .Release.Name }}-elasticsearch
selector:
matchLabels:
name: {{ .Release.Name }}-elasticsearch
replicas: {{ .Values.elasticsearch.replicaCount }}
podManagementPolicy: {{ .Values.elasticsearch.podManagementPolicy }}
updateStrategy:
type: {{ .Values.elasticsearch.updateStrategy }}
{{- if .Values.k8s.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: {{ template "elasticsearch.uname" . }}
{{- with .Values.elasticsearch.persistence.annotations }}
annotations:
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{ toYaml .Values.elasticsearch.volumeClaimTemplate | indent 6 }}
{{- end }}
template:
metadata:
labels:
name: {{ .Release.Name }}-elasticsearch
{{ include "openwhisk.label_boilerplate" . | indent 8 }}
annotations:
{{- range $key, $value := .Values.elasticsearch.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{/* This forces a restart if the configmap has changed */}}
{{- if .Values.elasticsearch.esConfig }}
configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
{{- end }}
spec:
{{- if .Values.elasticsearch.schedulerName }}
schedulerName: "{{ .Values.elasticsearch.schedulerName }}"
{{- end }}
securityContext:
{{ toYaml .Values.elasticsearch.podSecurityContext | indent 8 }}
{{- if .Values.elasticsearch.fsGroup }}
fsGroup: {{ .Values.elasticsearch.fsGroup }} # Deprecated value, please use .Values.podSecurityContext.fsGroup
{{- end }}
{{- if .Values.elasticsearch.rbac.create }}
serviceAccountName: "{{ template "elasticsearch.uname" . }}"
{{- else if not (eq .Values.elasticsearch.rbac.serviceAccountName "") }}
serviceAccountName: {{ .Values.elasticsearch.rbac.serviceAccountName | quote }}
{{- end }}
{{- if .Values.affinity.enabled }}
affinity:
{{ include "openwhisk.affinity.core" . | indent 8 }}
{{ include "openwhisk.affinity.selfAntiAffinity" ( printf "%s-elasticsearch" .Release.Name ) | indent 8 }}
{{- end }}
{{- if .Values.toleration.enabled }}
tolerations:
{{ include "openwhisk.toleration.core" . | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.elasticsearch.terminationGracePeriod }}
volumes:
{{- range .Values.elasticsearch.secretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- if .defaultMode }}
defaultMode: {{ .defaultMode }}
{{- end }}
{{- end }}
{{- if .Values.elasticsearch.esConfig }}
- name: esconfig
configMap:
name: {{ .Release.Name }}-elasticsearch-cm
{{- end }}
{{- if .Values.elasticsearch.keystore }}
- name: keystore
emptyDir: {}
{{- range .Values.elasticsearch.keystore }}
- name: keystore-{{ .secretName }}
secret: {{ toYaml . | nindent 12 }}
{{- end }}
{{ end }}
{{- if .Values.elasticsearch.extraVolumes }}
# Currently some extra blocks accept strings
# to continue with backwards compatibility this is being kept
# whilst also allowing for yaml to be specified too.
{{- if eq "string" (printf "%T" .Values.elasticsearch.extraVolumes) }}
{{ tpl .Values.elasticsearch.extraVolumes . | indent 8 }}
{{- else }}
{{ toYaml .Values.elasticsearch.extraVolumes | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.elasticsearch.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.elasticsearch.imagePullSecrets | indent 8 }}
{{- end }}
{{- if semverCompare ">1.13" .Capabilities.KubeVersion.GitVersion }}
enableServiceLinks: {{ .Values.elasticsearch.enableServiceLinks }}
{{- end }}
initContainers:
{{- if .Values.elasticsearch.sysctlInitContainer.enabled }}
- name: configure-sysctl
securityContext:
runAsUser: 0
privileged: true
image: "{{ .Values.elasticsearch.image }}:{{ .Values.elasticsearch.imageTag }}"
imagePullPolicy: "{{ .Values.elasticsearch.imagePullPolicy }}"
command: ["sysctl", "-w", "vm.max_map_count={{ .Values.elasticsearch.sysctlVmMaxMapCount}}"]
resources:
{{ toYaml .Values.elasticsearch.initResources | indent 10 }}
{{- end }}
{{ if .Values.elasticsearch.keystore }}
- name: keystore
image: "{{ .Values.elasticsearch.image }}:{{ .Values.elasticsearch.imageTag }}"
imagePullPolicy: "{{ .Values.elasticsearch.imagePullPolicy }}"
command:
- sh
- -c
- |
#!/usr/bin/env bash
set -euo pipefail
elasticsearch-keystore create
for i in /tmp/keystoreSecrets/*/*; do
key=$(basename $i)
echo "Adding file $i to keystore key $key"
elasticsearch-keystore add-file "$key" "$i"
done
# Add the bootstrap password since otherwise the Elasticsearch entrypoint tries to do this on startup
if [ ! -z ${ELASTIC_PASSWORD+x} ]; then
echo 'Adding env $ELASTIC_PASSWORD to keystore as key bootstrap.password'
echo "$ELASTIC_PASSWORD" | elasticsearch-keystore add -x bootstrap.password
fi
cp -a /usr/share/elasticsearch/config/elasticsearch.keystore /tmp/keystore/
env: {{ toYaml .Values.elasticsearch.extraEnvs | nindent 10 }}
envFrom: {{ toYaml .Values.elasticsearch.envFrom | nindent 10 }}
resources: {{ toYaml .Values.elasticsearch.initResources | nindent 10 }}
volumeMounts:
- name: keystore
mountPath: /tmp/keystore
{{- range .Values.elasticsearch.keystore }}
- name: keystore-{{ .secretName }}
mountPath: /tmp/keystoreSecrets/{{ .secretName }}
{{- end }}
{{ end }}
{{- if .Values.elasticsearch.extraInitContainers }}
# Currently some extra blocks accept strings
# to continue with backwards compatibility this is being kept
# whilst also allowing for yaml to be specified too.
{{- if eq "string" (printf "%T" .Values.elasticsearch.extraInitContainers) }}
{{ tpl .Values.elasticsearch.extraInitContainers . | indent 6 }}
{{- else }}
{{ toYaml .Values.elasticsearch.extraInitContainers | indent 6 }}
{{- end }}
{{- end }}
containers:
- name: "{{ template "elasticsearch.name" . }}"
securityContext:
{{ toYaml .Values.elasticsearch.securityContext | indent 10 }}
image: "{{ .Values.elasticsearch.image }}:{{ .Values.elasticsearch.imageTag }}"
imagePullPolicy: "{{ .Values.elasticsearch.imagePullPolicy }}"
readinessProbe:
exec:
command:
- sh
- -c
- |
#!/usr/bin/env bash -e
# If the node is starting up wait for the cluster to be ready (request params: "{{ .Values.elasticsearch.clusterHealthCheckParams }}" )
# Once it has started only check that the node itself is responding
START_FILE=/tmp/.es_start_file
http () {
local path="${1}"
local args="${2}"
set -- -XGET -s
if [ "$args" != "" ]; then
set -- "$@" $args
fi
if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then
set -- "$@" -u "${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}"
fi
curl --output /dev/null -k "$@" "{{ .Values.elasticsearch.protocol }}://127.0.0.1:{{ .Values.elasticsearch.httpPort }}${path}"
}
if [ -f "${START_FILE}" ]; then
echo 'Elasticsearch is already running, lets check the node is healthy'
HTTP_CODE=$(http "/" "-w %{http_code}")
RC=$?
if [[ ${RC} -ne 0 ]]; then
echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.elasticsearch.protocol }}://127.0.0.1:{{ .Values.elasticsearch.httpPort }}/ failed with RC ${RC}"
exit ${RC}
fi
# ready if HTTP code 200, 503 is tolerable if ES version is 6.x
if [[ ${HTTP_CODE} == "200" ]]; then
exit 0
elif [[ ${HTTP_CODE} == "503" && "{{ include "elasticsearch.esMajorVersion" . }}" == "6" ]]; then
exit 0
else
echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.elasticsearch.protocol }}://127.0.0.1:{{ .Values.elasticsearch.httpPort }}/ failed with HTTP code ${HTTP_CODE}"
exit 1
fi
else
echo 'Waiting for elasticsearch cluster to become ready (request params: "{{ .Values.elasticsearch.clusterHealthCheckParams }}" )'
if http "/_cluster/health?{{ .Values.elasticsearch.clusterHealthCheckParams }}" "--fail" ; then
touch ${START_FILE}
exit 0
else
echo 'Cluster is not yet ready (request params: "{{ .Values.elasticsearch.clusterHealthCheckParams }}" )'
exit 1
fi
fi
{{ toYaml .Values.elasticsearch.readinessProbe | indent 10 }}
ports:
- name: http
containerPort: {{ .Values.elasticsearch.httpPort }}
- name: transport
containerPort: {{ .Values.elasticsearch.transportPort }}
resources:
{{ toYaml .Values.elasticsearch.resources | indent 10 }}
env:
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- if eq .Values.elasticsearch.roles.master "true" }}
{{- if ge (int (include "elasticsearch.esMajorVersion" .)) 7 }}
- name: cluster.initial_master_nodes
value: "{{ template "elasticsearch.endpoints" . }}"
{{- else }}
- name: discovery.zen.minimum_master_nodes
value: "{{ .Values.elasticsearch.minimumMasterNodes }}"
{{- end }}
{{- end }}
{{- if lt (int (include "elasticsearch.esMajorVersion" .)) 7 }}
- name: discovery.zen.ping.unicast.hosts
value: "{{ .Release.Name }}-elasticsearch"
{{- else }}
- name: discovery.seed_hosts
value: "{{ .Release.Name }}-elasticsearch"
{{- end }}
- name: cluster.name
value: "{{ .Values.elasticsearch.clusterName }}"
- name: network.host
value: "{{ .Values.elasticsearch.networkHost }}"
- name: ES_JAVA_OPTS
value: "{{ .Values.elasticsearch.esJavaOpts }}"
{{- range $role, $enabled := .Values.elasticsearch.roles }}
- name: node.{{ $role }}
value: "{{ $enabled }}"
{{- end }}
{{- if .Values.elasticsearch.extraEnvs }}
{{ toYaml .Values.elasticsearch.extraEnvs | indent 10 }}
{{- end }}
{{- if .Values.elasticsearch.envFrom }}
envFrom:
{{ toYaml .Values.elasticsearch.envFrom | indent 10 }}
{{- end }}
volumeMounts:
{{- if .Values.k8s.persistence.enabled }}
- name: "{{ template "elasticsearch.uname" . }}"
mountPath: /usr/share/elasticsearch/data
{{- end }}
{{ if .Values.elasticsearch.keystore }}
- name: keystore
mountPath: /usr/share/elasticsearch/config/elasticsearch.keystore
subPath: elasticsearch.keystore
{{ end }}
{{- range .Values.elasticsearch.secretMounts }}
- name: {{ .name }}
mountPath: {{ .path }}
{{- if .subPath }}
subPath: {{ .subPath }}
{{- end }}
{{- end }}
{{- range $path, $config := .Values.elasticsearch.esConfig }}
- name: esconfig
mountPath: /usr/share/elasticsearch/config/{{ $path }}
subPath: {{ $path }}
{{- end -}}
{{- if .Values.elasticsearch.extraVolumeMounts }}
# Currently some extra blocks accept strings
# to continue with backwards compatibility this is being kept
# whilst also allowing for yaml to be specified too.
{{- if eq "string" (printf "%T" .Values.elasticsearch.extraVolumeMounts) }}
{{ tpl .Values.elasticsearch.extraVolumeMounts . | indent 10 }}
{{- else }}
{{ toYaml .Values.elasticsearch.extraVolumeMounts | indent 10 }}
{{- end }}
{{- end }}
{{- if .Values.elasticsearch.masterTerminationFix }}
{{- if eq .Values.elasticsearch.roles.master "true" }}
# This sidecar will prevent slow master re-election
# https://github.com/elastic/helm-charts/issues/63
- name: elasticsearch-master-graceful-termination-handler
image: "{{ .Values.elasticsearch.image }}:{{ .Values.elasticsearch.imageTag }}"
imagePullPolicy: "{{ .Values.elasticsearch.imagePullPolicy }}"
command:
- "sh"
- -c
- |
#!/usr/bin/env bash
set -eo pipefail
http () {
local path="${1}"
if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then
BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}"
else
BASIC_AUTH=''
fi
curl -XGET -s -k --fail ${BASIC_AUTH} {{ .Values.elasticsearch.protocol }}://{{ template "elasticsearch.masterService" . }}:{{ .Values.elasticsearch.httpPort }}${path}
}
cleanup () {
while true ; do
local master="$(http "/_cat/master?h=node" || echo "")"
if [[ $master == "{{ template "elasticsearch.masterService" . }}"* && $master != "${NODE_NAME}" ]]; then
echo "This node is not master."
break
fi
echo "This node is still master, waiting gracefully for it to step down"
sleep 1
done
exit 0
}
trap cleanup SIGTERM
sleep infinity &
wait $!
resources:
{{ toYaml .Values.elasticsearch.sidecarResources | indent 10 }}
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- if .Values.elasticsearch.extraEnvs }}
{{ toYaml .Values.elasticsearch.extraEnvs | indent 10 }}
{{- end }}
{{- if .Values.elasticsearch.envFrom }}
envFrom:
{{ toYaml .Values.elasticsearch.envFrom | indent 10 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.elasticsearch.lifecycle }}
lifecycle:
{{ toYaml .Values.elasticsearch.lifecycle | indent 10 }}
{{- end }}
{{- if .Values.elasticsearch.extraContainers }}
# Currently some extra blocks accept strings
# to continue with backwards compatibility this is being kept
# whilst also allowing for yaml to be specified too.
{{- if eq "string" (printf "%T" .Values.elasticsearch.extraContainers) }}
{{ tpl .Values.elasticsearch.extraContainers . | indent 6 }}
{{- else }}
{{ toYaml .Values.elasticsearch.extraContainers | indent 6 }}
{{- end }}
{{- end }}
{{- end }}