| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 |
- {{- define "es.workload" -}}
- workload:
- es:
- enabled: true
- primary: true
- type: Deployment
- podSpec:
- hostNetwork: {{ .Values.esNetwork.hostNetwork }}
- containers:
- es:
- enabled: true
- primary: true
- imageSelector: image
- securityContext:
- runAsUser: {{ .Values.esRunAs.user }}
- runAsGroup: {{ .Values.esRunAs.group }}
- readOnlyRootFilesystem: false
- env:
- {{/* https://www.elastic.co/guide/en/elasticsearch/reference/master/docker.html#docker-configuration-methods */}}
- ES_HEAP_SIZE: {{ .Values.esConfig.heapSize }}
- ELASTIC_PASSWORD: {{ .Values.esConfig.password }}
- ES_SETTING_HTTP_PORT: {{ .Values.esNetwork.httpPort }}
- ES_SETTING_NODE_NAME: {{ .Values.esConfig.nodeName }}
- ES_SETTING_DISCOVERY_TYPE: single-node
- ES_SETTING_XPACK_SECURITY_ENABLED: true
- {{/* Transport is not used on single nodes */}}
- ES_SETTING_XPACK_SECURITY_TRANSPORT_SSL_ENABLED: false
- {{ if .Values.esNetwork.certificateID }}
- ES_SETTING_XPACK_SECURITY_HTTP_SSL_ENABLED: true
- ES_SETTING_XPACK_SECURITY_HTTP_SSL_KEY: /usr/share/elasticsearch/config/certs/tls.key
- ES_SETTING_XPACK_SECURITY_HTTP_SSL_CERTIFICATE: /usr/share/elasticsearch/config/certs/tls.crt
- ES_SETTING_XPACK_SECURITY_HTTP_SSL_CERTIFICATE__AUTHORITIES: /usr/share/elasticsearch/config/certs/ca.crt
- {{ end }}
- {{ with .Values.esConfig.additionalEnvs }}
- {{ range $env := . }}
- {{ $env.name }}: {{ $env.value }}
- {{ end }}
- {{ end }}
- probes:
- liveness:
- enabled: true
- type: {{ include "es.schema" . }}
- path: /_cluster/health?local=true
- port: {{ .Values.esNetwork.httpPort }}
- httpHeaders:
- Authorization: Basic {{ printf "elastic:%s" .Values.esConfig.password | b64enc }}
- readiness:
- enabled: true
- type: {{ include "es.schema" . }}
- path: /_cluster/health?local=true
- port: {{ .Values.esNetwork.httpPort }}
- httpHeaders:
- Authorization: Basic {{ printf "elastic:%s" .Values.esConfig.password | b64enc }}
- startup:
- enabled: true
- type: {{ include "es.schema" . }}
- path: /_cluster/health?local=true
- port: {{ .Values.esNetwork.httpPort }}
- httpHeaders:
- Authorization: Basic {{ printf "elastic:%s" .Values.esConfig.password | b64enc }}
- initContainers:
- {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
- "UID" .Values.esRunAs.user
- "GID" .Values.esRunAs.group
- "type" "install") | nindent 8 }}
- {{/* Service */}}
- service:
- es:
- enabled: true
- primary: true
- type: NodePort
- targetSelector: es
- ports:
- http:
- enabled: true
- primary: true
- port: {{ .Values.esNetwork.httpPort }}
- nodePort: {{ .Values.esNetwork.httpPort }}
- targetSelector: es
- {{/* Persistence */}}
- persistence:
- data:
- enabled: true
- type: {{ .Values.esStorage.data.type }}
- datasetName: {{ .Values.esStorage.data.datasetName | default "" }}
- hostPath: {{ .Values.esStorage.data.hostPath | default "" }}
- targetSelector:
- es:
- es:
- mountPath: /usr/share/elasticsearch/data
- 01-permissions:
- mountPath: /mnt/directories/data
- {{- if .Values.esNetwork.certificateID }}
- certs:
- enabled: true
- type: secret
- objectName: es-cert
- defaultMode: "0600"
- items:
- - key: tls.key
- path: tls.key
- - key: tls.crt
- path: tls.crt
- - key: tls.crt
- path: ca.crt
- targetSelector:
- es:
- es:
- mountPath: /usr/share/elasticsearch/config/certs
- readOnly: true
- scaleCertificate:
- es-cert:
- enabled: true
- id: {{ .Values.esNetwork.certificateID }}
- {{- end -}}
- {{- end -}}
|
