pkg/operator/manifests/storage/elasticsearch/templates/statefulset.yaml - skywalking-swck - Git at Google

 # Licensed to Apache Software Foundation (ASF) under one or more contributor
 # license agreements. See the NOTICE file distributed with
 # this work for additional information regarding copyright
 # ownership. Apache Software Foundation (ASF) licenses this file to you under
 # the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.

 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: {{ .Name }}-elasticsearch
   namespace: {{ .Namespace }}
   labels:
     app: es
     operator.skywalking.apache.org/es-name: {{ .Name }}
     operator.skywalking.apache.org/application: elasticsearch
     operator.skywalking.apache.org/component: statefulset
 spec:
   serviceName:  {{ .Spec.ServiceName }}
   replicas: {{ .Spec.Instances }}
   selector:
     matchLabels:
       app: es
       operator.skywalking.apache.org/es-name: {{ .Name }}
   podManagementPolicy: Parallel
   updateStrategy:
     type: RollingUpdate
   template:
     metadata:
       labels:
         app: es
         operator.skywalking.apache.org/es-name: {{ .Name }}
         operator.skywalking.apache.org/application: elasticsearch
         operator.skywalking.apache.org/component: statefulset
     spec:
       serviceAccountName: {{ .Name }}-elasticsearch
       affinity:
         podAntiAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
               - labelSelector:
                 matchExpressions:
                   - key: app
                     operator: In
                     values:
                       - "es"
                 topologyKey: kubernetes.io/hostname
       initContainers:
         - name: configure-sysctl
           securityContext:
             runAsUser: 0
             privileged: true
           image: "{{ .Spec.Image }}"
           imagePullPolicy: IfNotPresent
           command: [ "sysctl", "-w", "vm.max_map_count=262144" ]
       containers:
         - name: elasticsearch
           image: {{ .Spec.Image }}
           resources:
             limits:
               cpu: {{ .Spec.ResourceCnfig.Limit }}
             requests:
               cpu: {{ .Spec.ResourceCnfig.Requests }}
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 9200
               name: http
               protocol: TCP
             - containerPort: 9300
               name: transport
               protocol: TCP
           volumeMounts:
             - name: config
               mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
               subPath: elasticsearch.yml
             {{ if .Spec.Security.User.SecretName }}
             - name: cert
               mountPath: "/usr/share/elasticsearch/config/storage.p12"
               subPath: storage.p12
             {{end}}
           env:
             - name: cluster.name
               value: "{{ .Name }}-skywalking-es"
             - name: node.name
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.name
             - name: thread_pool.write.queue_size
               value: "1000"
             {{ range .Spec.Config }}
             - name: {{ .Name }}
               value: {{ .Value }}
             {{end}}
           readinessProbe:
             exec:
               command:
                 - sh
                 - -c
                 - |
                   #!/usr/bin/env bash -e
                   # Exit if ELASTIC_PASSWORD in unset
                   if [ -z "${ELASTIC_PASSWORD}" ]; then
                     echo "ELASTIC_PASSWORD variable is missing, exiting"
                     exit 1
                   fi
                   # If the node is starting up wait for the cluster to be ready (request params: "wait_for_status=green&timeout=1s" )
                   # Once it has started only check that the node itself is responding
                   START_FILE=/tmp/.es_start_file
                   http () {
                     local path="${1}"
                     local args="${2}"
                     set -- -XGET -s
                     if [ "$args" != "" ]; then
                       set -- "$@" $args
                     fi
                     set -- "$@" -u "elastic:${ELASTIC_PASSWORD}"
                     curl --output /dev/null -k "$@" "{{ getProtocol .Spec.Security.TLS }}://127.0.0.1:9200${path}"
                   }
                   if [ -f "${START_FILE}" ]; then
                     echo 'Elasticsearch is already running, lets check the node is healthy'
                     HTTP_CODE=$(http "/" "-w %{http_code}")
                     RC=$?
                     if [[ ${RC} -ne 0 ]]; then
                       echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ getProtocol .Spec.Security.TLS }}://127.0.0.1:9200/ failed with RC ${RC}"
                       exit ${RC}
                     fi
                     # ready if HTTP code 200
                     if [[ ${HTTP_CODE} == "200" ]]; then
                       exit 0
                     else
                       echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ getProtocol .Spec.Security.TLS }}://127.0.0.1:9200/ failed with HTTP code ${HTTP_CODE}"
                       exit 1
                     fi
                   else
                     echo 'Waiting for elasticsearch cluster to become ready (request params: "wait_for_status=green&timeout=1s" )'
                     if http "/_cluster/health?wait_for_status=green&timeout=1s" "--fail" ; then
                       touch ${START_FILE}
                       exit 0
                     else
                       echo 'Cluster is not yet ready (request params: "wait_for_status=green&timeout=1s" )'
                       exit 1
                     fi
                   fi
             failureThreshold: 10
             initialDelaySeconds: 10
             periodSeconds: 12
             successThreshold: 1
             timeoutSeconds: 12
       volumes:
         - name: config
           configMap:
             name: {{ .Name }}-config
             items:
                 - key: elasticsearch.yml
                   path: elasticsearch.yml
         {{ if .Spec.Security.User.SecretName }}
         - name: cert
           secret:
             secretName:  "skywalking-storage"
         {{end}}
	# Licensed to Apache Software Foundation (ASF) under one or more contributor
	# license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright
	# ownership. Apache Software Foundation (ASF) licenses this file to you under
	# the Apache License, Version 2.0 (the "License"); you may
	# not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	apiVersion: apps/v1
	kind: StatefulSet
	metadata:
	name: {{ .Name }}-elasticsearch
	namespace: {{ .Namespace }}
	labels:
	app: es
	operator.skywalking.apache.org/es-name: {{ .Name }}
	operator.skywalking.apache.org/application: elasticsearch
	operator.skywalking.apache.org/component: statefulset
	spec:
	serviceName: {{ .Spec.ServiceName }}
	replicas: {{ .Spec.Instances }}
	selector:
	matchLabels:
	app: es
	operator.skywalking.apache.org/es-name: {{ .Name }}
	podManagementPolicy: Parallel
	updateStrategy:
	type: RollingUpdate
	template:
	metadata:
	labels:
	app: es
	operator.skywalking.apache.org/es-name: {{ .Name }}
	operator.skywalking.apache.org/application: elasticsearch
	operator.skywalking.apache.org/component: statefulset
	spec:
	serviceAccountName: {{ .Name }}-elasticsearch
	affinity:
	podAntiAffinity:
	requiredDuringSchedulingIgnoredDuringExecution:
	- labelSelector:
	matchExpressions:
	- key: app
	operator: In
	values:
	- "es"
	topologyKey: kubernetes.io/hostname
	initContainers:
	- name: configure-sysctl
	securityContext:
	runAsUser: 0
	privileged: true
	image: "{{ .Spec.Image }}"
	imagePullPolicy: IfNotPresent
	command: [ "sysctl", "-w", "vm.max_map_count=262144" ]
	containers:
	- name: elasticsearch
	image: {{ .Spec.Image }}
	resources:
	limits:
	cpu: {{ .Spec.ResourceCnfig.Limit }}
	requests:
	cpu: {{ .Spec.ResourceCnfig.Requests }}
	imagePullPolicy: IfNotPresent
	ports:
	- containerPort: 9200
	name: http
	protocol: TCP
	- containerPort: 9300
	name: transport
	protocol: TCP
	volumeMounts:
	- name: config
	mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
	subPath: elasticsearch.yml
	{{ if .Spec.Security.User.SecretName }}
	- name: cert
	mountPath: "/usr/share/elasticsearch/config/storage.p12"
	subPath: storage.p12
	{{end}}
	env:
	- name: cluster.name
	value: "{{ .Name }}-skywalking-es"
	- name: node.name
	valueFrom:
	fieldRef:
	fieldPath: metadata.name
	- name: thread_pool.write.queue_size
	value: "1000"
	{{ range .Spec.Config }}
	- name: {{ .Name }}
	value: {{ .Value }}
	{{end}}
	readinessProbe:
	exec:
	command:
	- sh
	- -c
	- \|
	#!/usr/bin/env bash -e
	# Exit if ELASTIC_PASSWORD in unset
	if [ -z "${ELASTIC_PASSWORD}" ]; then
	echo "ELASTIC_PASSWORD variable is missing, exiting"
	exit 1
	fi
	# If the node is starting up wait for the cluster to be ready (request params: "wait_for_status=green&timeout=1s" )
	# Once it has started only check that the node itself is responding
	START_FILE=/tmp/.es_start_file
	http () {
	local path="${1}"
	local args="${2}"
	set -- -XGET -s
	if [ "$args" != "" ]; then
	set -- "$@" $args
	fi
	set -- "$@" -u "elastic:${ELASTIC_PASSWORD}"
	curl --output /dev/null -k "$@" "{{ getProtocol .Spec.Security.TLS }}://127.0.0.1:9200${path}"
	}
	if [ -f "${START_FILE}" ]; then
	echo 'Elasticsearch is already running, lets check the node is healthy'
	HTTP_CODE=$(http "/" "-w %{http_code}")
	RC=$?
	if [[ ${RC} -ne 0 ]]; then
	echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ getProtocol .Spec.Security.TLS }}://127.0.0.1:9200/ failed with RC ${RC}"
	exit ${RC}
	fi
	# ready if HTTP code 200
	if [[ ${HTTP_CODE} == "200" ]]; then
	exit 0
	else
	echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ getProtocol .Spec.Security.TLS }}://127.0.0.1:9200/ failed with HTTP code ${HTTP_CODE}"
	exit 1
	fi
	else
	echo 'Waiting for elasticsearch cluster to become ready (request params: "wait_for_status=green&timeout=1s" )'
	if http "/_cluster/health?wait_for_status=green&timeout=1s" "--fail" ; then
	touch ${START_FILE}
	exit 0
	else
	echo 'Cluster is not yet ready (request params: "wait_for_status=green&timeout=1s" )'
	exit 1
	fi
	fi
	failureThreshold: 10
	initialDelaySeconds: 10
	periodSeconds: 12
	successThreshold: 1
	timeoutSeconds: 12
	volumes:
	- name: config
	configMap:
	name: {{ .Name }}-config
	items:
	- key: elasticsearch.yml
	path: elasticsearch.yml
	{{ if .Spec.Security.User.SecretName }}
	- name: cert
	secret:
	secretName: "skywalking-storage"
	{{end}}