| # Licensed to Apache Software Foundation (ASF) under one or more contributor |
| # license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright |
| # ownership. Apache Software Foundation (ASF) licenses this file to you under |
| # the Apache License, Version 2.0 (the "License"); you may |
| # not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| |
| apiVersion: apps/v1 |
| kind: StatefulSet |
| metadata: |
| name: {{ .Name }}-elasticsearch |
| namespace: {{ .Namespace }} |
| labels: |
| app: es |
| operator.skywalking.apache.org/es-name: {{ .Name }} |
| operator.skywalking.apache.org/application: elasticsearch |
| operator.skywalking.apache.org/component: statefulset |
| spec: |
| serviceName: {{ .Spec.ServiceName }} |
| replicas: {{ .Spec.Instances }} |
| selector: |
| matchLabels: |
| app: es |
| operator.skywalking.apache.org/es-name: {{ .Name }} |
| podManagementPolicy: Parallel |
| updateStrategy: |
| type: RollingUpdate |
| template: |
| metadata: |
| labels: |
| app: es |
| operator.skywalking.apache.org/es-name: {{ .Name }} |
| operator.skywalking.apache.org/application: elasticsearch |
| operator.skywalking.apache.org/component: statefulset |
| spec: |
| serviceAccountName: {{ .Name }}-elasticsearch |
| affinity: |
| podAntiAffinity: |
| requiredDuringSchedulingIgnoredDuringExecution: |
| - labelSelector: |
| matchExpressions: |
| - key: app |
| operator: In |
| values: |
| - "es" |
| topologyKey: kubernetes.io/hostname |
| initContainers: |
| - name: configure-sysctl |
| securityContext: |
| runAsUser: 0 |
| privileged: true |
| image: "{{ .Spec.Image }}" |
| imagePullPolicy: IfNotPresent |
| command: [ "sysctl", "-w", "vm.max_map_count=262144" ] |
| containers: |
| - name: elasticsearch |
| image: {{ .Spec.Image }} |
| resources: |
| limits: |
| cpu: {{ .Spec.ResourceCnfig.Limit }} |
| requests: |
| cpu: {{ .Spec.ResourceCnfig.Requests }} |
| imagePullPolicy: IfNotPresent |
| ports: |
| - containerPort: 9200 |
| name: http |
| protocol: TCP |
| - containerPort: 9300 |
| name: transport |
| protocol: TCP |
| volumeMounts: |
| - name: config |
| mountPath: /usr/share/elasticsearch/config/elasticsearch.yml |
| subPath: elasticsearch.yml |
| {{ if .Spec.Security.User.SecretName }} |
| - name: cert |
| mountPath: "/usr/share/elasticsearch/config/storage.p12" |
| subPath: storage.p12 |
| {{end}} |
| env: |
| - name: cluster.name |
| value: "{{ .Name }}-skywalking-es" |
| - name: node.name |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| - name: thread_pool.write.queue_size |
| value: "1000" |
| {{ range .Spec.Config }} |
| - name: {{ .Name }} |
| value: {{ .Value }} |
| {{end}} |
| readinessProbe: |
| exec: |
| command: |
| - sh |
| - -c |
| - | |
| #!/usr/bin/env bash -e |
| # Exit if ELASTIC_PASSWORD in unset |
| if [ -z "${ELASTIC_PASSWORD}" ]; then |
| echo "ELASTIC_PASSWORD variable is missing, exiting" |
| exit 1 |
| fi |
| # If the node is starting up wait for the cluster to be ready (request params: "wait_for_status=green&timeout=1s" ) |
| # Once it has started only check that the node itself is responding |
| START_FILE=/tmp/.es_start_file |
| http () { |
| local path="${1}" |
| local args="${2}" |
| set -- -XGET -s |
| if [ "$args" != "" ]; then |
| set -- "$@" $args |
| fi |
| set -- "$@" -u "elastic:${ELASTIC_PASSWORD}" |
| curl --output /dev/null -k "$@" "{{ getProtocol .Spec.Security.TLS }}://127.0.0.1:9200${path}" |
| } |
| if [ -f "${START_FILE}" ]; then |
| echo 'Elasticsearch is already running, lets check the node is healthy' |
| HTTP_CODE=$(http "/" "-w %{http_code}") |
| RC=$? |
| if [[ ${RC} -ne 0 ]]; then |
| echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ getProtocol .Spec.Security.TLS }}://127.0.0.1:9200/ failed with RC ${RC}" |
| exit ${RC} |
| fi |
| # ready if HTTP code 200 |
| if [[ ${HTTP_CODE} == "200" ]]; then |
| exit 0 |
| else |
| echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ getProtocol .Spec.Security.TLS }}://127.0.0.1:9200/ failed with HTTP code ${HTTP_CODE}" |
| exit 1 |
| fi |
| else |
| echo 'Waiting for elasticsearch cluster to become ready (request params: "wait_for_status=green&timeout=1s" )' |
| if http "/_cluster/health?wait_for_status=green&timeout=1s" "--fail" ; then |
| touch ${START_FILE} |
| exit 0 |
| else |
| echo 'Cluster is not yet ready (request params: "wait_for_status=green&timeout=1s" )' |
| exit 1 |
| fi |
| fi |
| failureThreshold: 10 |
| initialDelaySeconds: 10 |
| periodSeconds: 12 |
| successThreshold: 1 |
| timeoutSeconds: 12 |
| volumes: |
| - name: config |
| configMap: |
| name: {{ .Name }}-config |
| items: |
| - key: elasticsearch.yml |
| path: elasticsearch.yml |
| {{ if .Spec.Security.User.SecretName }} |
| - name: cert |
| secret: |
| secretName: "skywalking-storage" |
| {{end}} |