You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by st...@apache.org on 2020/07/17 03:36:55 UTC
[openwhisk-deploy-kube] branch master updated: Add elasticsearch
(#620)
This is an automated email from the ASF dual-hosted git repository.
style95 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openwhisk-deploy-kube.git
The following commit(s) were added to refs/heads/master by this push:
new 0d9ad0c Add elasticsearch (#620)
0d9ad0c is described below
commit 0d9ad0cd84cb4c975968b0fd69c204adc8051b4f
Author: ningyougang <41...@qq.com>
AuthorDate: Fri Jul 17 11:36:49 2020 +0800
Add elasticsearch (#620)
* Add elasticsearch support
* Use openwhisk style
* Add ElasticSearch backend store for activation
* Add waitForElasticsearch
* Change variable
* Support external elasticsearch
* Change affinity
* Add document
* Add license header
Co-authored-by: ning.yougang <ni...@navercorp.com>
---
docs/configurationChoices.md | 42 +++
helm/openwhisk/templates/_helpers.tpl | 101 ++++++
helm/openwhisk/templates/_readiness.tpl | 11 +
helm/openwhisk/templates/controller-pod.yaml | 18 +
helm/openwhisk/templates/elasticsearch-cm.yaml | 30 ++
helm/openwhisk/templates/elasticsearch-pdb.yaml | 31 ++
helm/openwhisk/templates/elasticsearch-pod.yaml | 398 +++++++++++++++++++++
helm/openwhisk/templates/elasticsearch-psp.yaml | 28 ++
helm/openwhisk/templates/elasticsearch-role.yaml | 39 ++
.../templates/elasticsearch-rolebind.yaml | 38 ++
helm/openwhisk/templates/elasticsearch-svc.yaml | 43 +++
.../openwhisk/templates/elasticsearch-svcacct.yaml | 33 ++
helm/openwhisk/templates/invoker-pod.yaml | 14 +
helm/openwhisk/values.yaml | 190 ++++++++++
14 files changed, 1016 insertions(+)
diff --git a/docs/configurationChoices.md b/docs/configurationChoices.md
index 3882970..3c352ff 100644
--- a/docs/configurationChoices.md
+++ b/docs/configurationChoices.md
@@ -97,6 +97,48 @@ redis:
port: <redis port>
```
+### Using an external kafka/zookeeper
+
+To use an externally deployed kafka/zookeeper instead of using default single pod deployment, add a stanza like the one
+below to your `mycluster.yaml`, substituting in the appropriate values
+for `<...>`
+
+```yaml
+zookeeper:
+ external: true
+ connect_string: <zookeeper connect string>
+ host: <the first instance of zookeeper>
+
+kafka:
+ external: true
+ connect_string: <kafka connect string>
+```
+
+### Using activation store backend: ElasticSearch
+
+Currently, deploy-kube uses `CouchDB` for activation store backend by default,
+If you want to change it to `ElasticSearch`, just change
+
+```yaml
+activationStoreBackend: "ElasticSearch"
+```
+
+If you want to use an externally deployed ElasticSearch for activation store backend, add a stanza like the one
+below to your `mycluster.yaml`, substituting in the appropriate values
+for `<...>`
+
+```yaml
+activationStoreBackend: "ElasticSearch"
+elasticsearch:
+ external: true
+ connect_string: <elasticsearch connect string>
+ protocol: <"http" or "https">
+ host: <the first instance of elasticsearch>
+ indexPattern: <the indexPattern for activation index>
+ username: <elasticsearch username>
+ password: <elasticsearch username>
+```
+
### Persistence
Several of the OpenWhisk components that are deployed by the Helm
diff --git a/helm/openwhisk/templates/_helpers.tpl b/helm/openwhisk/templates/_helpers.tpl
index f6669d3..f57c578 100644
--- a/helm/openwhisk/templates/_helpers.tpl
+++ b/helm/openwhisk/templates/_helpers.tpl
@@ -55,6 +55,10 @@ app: {{ template "openwhisk.fullname" . }}
{{ .Values.db.auth.username }}:{{ .Values.db.auth.password }}
{{- end -}}
+{{- define "openwhisk.elasticsearch_authentication" -}}
+{{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }}
+{{- end -}}
+
{{/* hostname for redis */}}
{{- define "openwhisk.redis_host" -}}
{{- if .Values.redis.external -}}
@@ -341,3 +345,100 @@ imagePullSecrets:
{{ .Files.Get .Values.nginx.certificate.key_file }}
{{- end -}}
{{- end -}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "elasticsearch.name" -}}
+{{- default .Chart.Name .Values.elasticsearch.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "elasticsearch.fullname" -}}
+{{- $name := default .Chart.Name .Values.elasticsearch.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "elasticsearch.uname" -}}
+{{- if empty .Values.elasticsearch.fullnameOverride -}}
+{{- if empty .Values.elasticsearch.nameOverride -}}
+{{ .Values.elasticsearch.clusterName }}-{{ .Values.elasticsearch.nodeGroup }}
+{{- else -}}
+{{ .Values.elasticsearch.nameOverride }}-{{ .Values.elasticsearch.nodeGroup }}
+{{- end -}}
+{{- else -}}
+{{ .Values.elasticsearch.fullnameOverride }}
+{{- end -}}
+{{- end -}}
+
+{{- define "elasticsearch.masterService" -}}
+{{- if empty .Values.elasticsearch.masterServiceValue -}}
+{{- if empty .Values.elasticsearch.fullnameOverride -}}
+{{- if empty .Values.elasticsearch.nameOverride -}}
+{{ .Values.elasticsearch.clusterName }}-master
+{{- else -}}
+{{ .Values.elasticsearch.nameOverride }}-master
+{{- end -}}
+{{- else -}}
+{{ .Values.elasticsearch.fullnameOverride }}
+{{- end -}}
+{{- else -}}
+{{ .Values.elasticsearch.masterServiceValue }}
+{{- end -}}
+{{- end -}}
+
+{{- define "elasticsearch.endpoints" -}}
+{{- $replicas := int (toString (.Values.elasticsearch.replicaCount)) }}
+{{- $uname := printf "%s-elasticsearch" .Release.Name }}
+ {{- range $i, $e := untilStep 0 $replicas 1 -}}
+{{ $uname }}-{{ $i }},
+ {{- end -}}
+{{- end -}}
+
+{{- define "elasticsearch.esMajorVersion" -}}
+{{- if .Values.elasticsearch.esMajorVersionValue -}}
+{{ .Values.elasticsearch.esMajorVersionValue }}
+{{- else -}}
+{{- $version := int (index (.Values.elasticsearch.imageTag | splitList ".") 0) -}}
+ {{- if and (contains "docker.elastic.co/elasticsearch/elasticsearch" .Values.elasticsearch.image) (not (eq $version 0)) -}}
+{{ $version }}
+ {{- else -}}
+7
+ {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for statefulset.
+*/}}
+{{- define "elasticsearch.statefulset.apiVersion" -}}
+{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "apps/v1beta2" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "openwhisk.elasticsearch_connect" -}}
+{{- if .Values.elasticsearch.external -}}
+{{ .Values.elasticsearch.connect_string }}
+{{- else -}}
+{{- $kname := printf "%s-elasticsearch" .Release.Name }}
+{{- $kport := .Values.elasticsearch.httpPort }}
+{{- $kubeDomain := .Values.k8s.domain }}
+{{- range $i, $e := until (int .Values.elasticsearch.replicaCount) -}}{{ if ne $i 0 }},{{ end }}{{ $kname }}-{{ . }}.{{ $kname }}.{{ $.Release.Namespace }}.svc.{{ $kubeDomain }}:{{ $kport }}{{ end }}
+{{- end -}}
+{{- end -}}
+
+{{/* host name for server.0 in elasticsearch cluster */}}
+{{- define "openwhisk.elasticsearch_zero_host" -}}
+{{- if .Values.elasticsearch.external -}}
+{{ .Values.elasticsearch.host }}
+{{- else -}}
+{{ .Release.Name }}-elasticsearch-0.{{ .Release.Name }}-elasticsearch.{{ .Release.Namespace }}.svc.{{ .Values.k8s.domain }}
+{{- end -}}
+{{- end -}}
diff --git a/helm/openwhisk/templates/_readiness.tpl b/helm/openwhisk/templates/_readiness.tpl
index db9f089..b144646 100644
--- a/helm/openwhisk/templates/_readiness.tpl
+++ b/helm/openwhisk/templates/_readiness.tpl
@@ -68,3 +68,14 @@
value: "http://{{ include "openwhisk.controller_host" . }}:{{ .Values.controller.port }}/invokers/healthy/count"
command: ["sh", "-c", "echo 0 > /tmp/count.txt; while true; do echo 'waiting for healthy invoker'; wget -T 5 -qO /tmp/count.txt --no-check-certificate \"$READINESS_URL\"; NUM_HEALTHY_INVOKERS=$(cat /tmp/count.txt); if [ $NUM_HEALTHY_INVOKERS -gt 0 ]; then echo \"Success: there are $NUM_HEALTHY_INVOKERS healthy invokers\"; break; fi; echo '...not ready yet; sleeping 3 seconds before retry'; sleep 3; done;"]
{{- end -}}
+
+{{/* Init container that waits for ElasticSearch to be ready */}}
+{{- define "openwhisk.readiness.waitForElasticSearch" -}}
+- name: "wait-for-elasticsearch"
+ image: "{{- .Values.docker.registry.name -}}busybox"
+ imagePullPolicy: "IfNotPresent"
+ env:
+ - name: "READINESS_URL"
+ value: {{ .Values.elasticsearch.protocol }}://{{ include "openwhisk.elasticsearch_zero_host" . }}:{{ .Values.elasticsearch.httpPort }}/_cluster/health
+ command: ["sh", "-c", "while true; do echo 'checking ElasticSearch readiness'; wget -T 5 --spider $READINESS_URL --header=\"Authorization: Basic {{ include "openwhisk.elasticsearch_authentication" . | b64enc }}\"; result=$?; if [ $result -eq 0 ]; then echo 'Success: ElasticSearch is ready!'; break; fi; echo '...not ready yet; sleeping 3 seconds before retry'; sleep 3; done;"]
+{{- end -}}
diff --git a/helm/openwhisk/templates/controller-pod.yaml b/helm/openwhisk/templates/controller-pod.yaml
index 211e1ba..8066596 100644
--- a/helm/openwhisk/templates/controller-pod.yaml
+++ b/helm/openwhisk/templates/controller-pod.yaml
@@ -62,6 +62,10 @@ spec:
{{ include "openwhisk.readiness.waitForKafka" . | indent 6 }}
{{- end }}
{{ include "openwhisk.readiness.waitForCouchDB" . | indent 6 }}
+{{- if eq .Values.activationStoreBackend "ElasticSearch" }}
+ # The controller must wait for elasticsearch to be ready before it starts
+{{ include "openwhisk.readiness.waitForElasticSearch" . | indent 6 }}
+{{- end }}
# The lean controller requires invoker volumes mounts
{{- if .Values.controller.lean }}
{{ include "openwhisk.invoker.volumes" . }}
@@ -182,6 +186,20 @@ spec:
- name: "CONFIG_whisk_userEvents_enabled"
value: "true"
{{ end }}
+{{- if eq .Values.activationStoreBackend "ElasticSearch" }}
+ - name: "CONFIG_whisk_activationStore_elasticsearch_protocol"
+ value: "{{ .Values.elasticsearch.protocol }}"
+ - name: "CONFIG_whisk_activationStore_elasticsearch_hosts"
+ value: {{ template "openwhisk.elasticsearch_connect" . }}
+ - name: "CONFIG_whisk_activationStore_elasticsearch_indexPattern"
+ value: {{ .Values.elasticsearch.indexPattern }}
+ - name: "CONFIG_whisk_activationStore_elasticsearch_username"
+ value: "{{ .Values.elasticsearch.username }}"
+ - name: "CONFIG_whisk_activationStore_elasticsearch_password"
+ value: "{{ .Values.elasticsearch.password }}"
+ - name: "CONFIG_whisk_spi_ActivationStoreProvider"
+ value: "org.apache.openwhisk.core.database.elasticsearch.ElasticSearchActivationStoreProvider"
+{{- end }}
# properties for lean messaging provider
{{ include "openwhisk.lean.provider" . | indent 8 }}
diff --git a/helm/openwhisk/templates/elasticsearch-cm.yaml b/helm/openwhisk/templates/elasticsearch-cm.yaml
new file mode 100644
index 0000000..dbb4672
--- /dev/null
+++ b/helm/openwhisk/templates/elasticsearch-cm.yaml
@@ -0,0 +1,30 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- if and (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") .Values.elasticsearch.esConfig }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-elasticsearch-cm
+ labels:
+{{ include "openwhisk.label_boilerplate" .| indent 4 }}
+data:
+{{- range $path, $config := .Values.elasticsearch.esConfig }}
+ {{ $path }}: |
+{{ $config | indent 4 -}}
+{{- end -}}
+{{- end -}}
diff --git a/helm/openwhisk/templates/elasticsearch-pdb.yaml b/helm/openwhisk/templates/elasticsearch-pdb.yaml
new file mode 100644
index 0000000..33e3526
--- /dev/null
+++ b/helm/openwhisk/templates/elasticsearch-pdb.yaml
@@ -0,0 +1,31 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+---
+{{- if and .Values.pdb.enable (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ .Release.Name }}-elasticsearch-pdb
+ labels:
+{{ include "openwhisk.label_boilerplate" .| indent 4 }}
+spec:
+ maxUnavailable: {{ .Values.pdb.elasticsearch.maxUnavailable | default 1 }}
+ selector:
+ matchLabels:
+ name: {{ .Release.Name }}-elasticsearch
+{{- end }}
diff --git a/helm/openwhisk/templates/elasticsearch-pod.yaml b/helm/openwhisk/templates/elasticsearch-pod.yaml
new file mode 100644
index 0000000..d137854
--- /dev/null
+++ b/helm/openwhisk/templates/elasticsearch-pod.yaml
@@ -0,0 +1,398 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- if and (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }}
+---
+apiVersion: {{ template "elasticsearch.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+ name: {{ .Release.Name }}-elasticsearch
+ labels:
+ name: {{ .Release.Name }}-elasticsearch
+{{ include "openwhisk.label_boilerplate" . | indent 4 }}
+ annotations:
+ esMajorVersion: "{{ include "elasticsearch.esMajorVersion" . }}"
+spec:
+ serviceName: {{ .Release.Name }}-elasticsearch
+ selector:
+ matchLabels:
+ name: {{ .Release.Name }}-elasticsearch
+ replicas: {{ .Values.elasticsearch.replicaCount }}
+ podManagementPolicy: {{ .Values.elasticsearch.podManagementPolicy }}
+ updateStrategy:
+ type: {{ .Values.elasticsearch.updateStrategy }}
+ {{- if .Values.k8s.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ template "elasticsearch.uname" . }}
+ {{- with .Values.elasticsearch.persistence.annotations }}
+ annotations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ spec:
+{{ toYaml .Values.elasticsearch.volumeClaimTemplate | indent 6 }}
+ {{- end }}
+ template:
+ metadata:
+ labels:
+ name: {{ .Release.Name }}-elasticsearch
+{{ include "openwhisk.label_boilerplate" . | indent 8 }}
+ annotations:
+ {{- range $key, $value := .Values.elasticsearch.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{/* This forces a restart if the configmap has changed */}}
+ {{- if .Values.elasticsearch.esConfig }}
+ configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
+ {{- end }}
+ spec:
+ {{- if .Values.elasticsearch.schedulerName }}
+ schedulerName: "{{ .Values.elasticsearch.schedulerName }}"
+ {{- end }}
+ securityContext:
+{{ toYaml .Values.elasticsearch.podSecurityContext | indent 8 }}
+ {{- if .Values.elasticsearch.fsGroup }}
+ fsGroup: {{ .Values.elasticsearch.fsGroup }} # Deprecated value, please use .Values.podSecurityContext.fsGroup
+ {{- end }}
+ {{- if .Values.elasticsearch.rbac.create }}
+ serviceAccountName: "{{ template "elasticsearch.uname" . }}"
+ {{- else if not (eq .Values.elasticsearch.rbac.serviceAccountName "") }}
+ serviceAccountName: {{ .Values.elasticsearch.rbac.serviceAccountName | quote }}
+ {{- end }}
+
+ {{- if .Values.affinity.enabled }}
+ affinity:
+{{ include "openwhisk.affinity.core" . | indent 8 }}
+{{ include "openwhisk.affinity.selfAntiAffinity" ( printf "%s-elasticsearch" .Release.Name ) | indent 8 }}
+ {{- end }}
+
+ {{- if .Values.toleration.enabled }}
+ tolerations:
+{{ include "openwhisk.toleration.core" . | indent 8 }}
+ {{- end }}
+
+ terminationGracePeriodSeconds: {{ .Values.elasticsearch.terminationGracePeriod }}
+ volumes:
+ {{- range .Values.elasticsearch.secretMounts }}
+ - name: {{ .name }}
+ secret:
+ secretName: {{ .secretName }}
+ {{- if .defaultMode }}
+ defaultMode: {{ .defaultMode }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.elasticsearch.esConfig }}
+ - name: esconfig
+ configMap:
+ name: {{ .Release.Name }}-elasticsearch-cm
+ {{- end }}
+{{- if .Values.elasticsearch.keystore }}
+ - name: keystore
+ emptyDir: {}
+ {{- range .Values.elasticsearch.keystore }}
+ - name: keystore-{{ .secretName }}
+ secret: {{ toYaml . | nindent 12 }}
+ {{- end }}
+{{ end }}
+ {{- if .Values.elasticsearch.extraVolumes }}
+ # Currently some extra blocks accept strings
+ # to continue with backwards compatibility this is being kept
+ # whilst also allowing for yaml to be specified too.
+ {{- if eq "string" (printf "%T" .Values.elasticsearch.extraVolumes) }}
+{{ tpl .Values.elasticsearch.extraVolumes . | indent 8 }}
+ {{- else }}
+{{ toYaml .Values.elasticsearch.extraVolumes | indent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.elasticsearch.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.elasticsearch.imagePullSecrets | indent 8 }}
+ {{- end }}
+ {{- if semverCompare ">1.13" .Capabilities.KubeVersion.GitVersion }}
+ enableServiceLinks: {{ .Values.elasticsearch.enableServiceLinks }}
+ {{- end }}
+ initContainers:
+ {{- if .Values.elasticsearch.sysctlInitContainer.enabled }}
+ - name: configure-sysctl
+ securityContext:
+ runAsUser: 0
+ privileged: true
+ image: "{{ .Values.elasticsearch.image }}:{{ .Values.elasticsearch.imageTag }}"
+ imagePullPolicy: "{{ .Values.elasticsearch.imagePullPolicy }}"
+ command: ["sysctl", "-w", "vm.max_map_count={{ .Values.elasticsearch.sysctlVmMaxMapCount}}"]
+ resources:
+{{ toYaml .Values.elasticsearch.initResources | indent 10 }}
+ {{- end }}
+{{ if .Values.elasticsearch.keystore }}
+ - name: keystore
+ image: "{{ .Values.elasticsearch.image }}:{{ .Values.elasticsearch.imageTag }}"
+ imagePullPolicy: "{{ .Values.elasticsearch.imagePullPolicy }}"
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash
+ set -euo pipefail
+
+ elasticsearch-keystore create
+
+ for i in /tmp/keystoreSecrets/*/*; do
+ key=$(basename $i)
+ echo "Adding file $i to keystore key $key"
+ elasticsearch-keystore add-file "$key" "$i"
+ done
+
+ # Add the bootstrap password since otherwise the Elasticsearch entrypoint tries to do this on startup
+ if [ ! -z ${ELASTIC_PASSWORD+x} ]; then
+ echo 'Adding env $ELASTIC_PASSWORD to keystore as key bootstrap.password'
+ echo "$ELASTIC_PASSWORD" | elasticsearch-keystore add -x bootstrap.password
+ fi
+
+ cp -a /usr/share/elasticsearch/config/elasticsearch.keystore /tmp/keystore/
+ env: {{ toYaml .Values.elasticsearch.extraEnvs | nindent 10 }}
+ envFrom: {{ toYaml .Values.elasticsearch.envFrom | nindent 10 }}
+ resources: {{ toYaml .Values.elasticsearch.initResources | nindent 10 }}
+ volumeMounts:
+ - name: keystore
+ mountPath: /tmp/keystore
+ {{- range .Values.elasticsearch.keystore }}
+ - name: keystore-{{ .secretName }}
+ mountPath: /tmp/keystoreSecrets/{{ .secretName }}
+ {{- end }}
+{{ end }}
+ {{- if .Values.elasticsearch.extraInitContainers }}
+ # Currently some extra blocks accept strings
+ # to continue with backwards compatibility this is being kept
+ # whilst also allowing for yaml to be specified too.
+ {{- if eq "string" (printf "%T" .Values.elasticsearch.extraInitContainers) }}
+{{ tpl .Values.elasticsearch.extraInitContainers . | indent 6 }}
+ {{- else }}
+{{ toYaml .Values.elasticsearch.extraInitContainers | indent 6 }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: "{{ template "elasticsearch.name" . }}"
+ securityContext:
+{{ toYaml .Values.elasticsearch.securityContext | indent 10 }}
+ image: "{{ .Values.elasticsearch.image }}:{{ .Values.elasticsearch.imageTag }}"
+ imagePullPolicy: "{{ .Values.elasticsearch.imagePullPolicy }}"
+ readinessProbe:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash -e
+ # If the node is starting up wait for the cluster to be ready (request params: "{{ .Values.elasticsearch.clusterHealthCheckParams }}" )
+ # Once it has started only check that the node itself is responding
+ START_FILE=/tmp/.es_start_file
+
+ http () {
+ local path="${1}"
+ local args="${2}"
+ set -- -XGET -s
+
+ if [ "$args" != "" ]; then
+ set -- "$@" $args
+ fi
+
+ if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then
+ set -- "$@" -u "${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}"
+ fi
+
+ curl --output /dev/null -k "$@" "{{ .Values.elasticsearch.protocol }}://127.0.0.1:{{ .Values.elasticsearch.httpPort }}${path}"
+ }
+
+ if [ -f "${START_FILE}" ]; then
+ echo 'Elasticsearch is already running, lets check the node is healthy'
+ HTTP_CODE=$(http "/" "-w %{http_code}")
+ RC=$?
+ if [[ ${RC} -ne 0 ]]; then
+ echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.elasticsearch.protocol }}://127.0.0.1:{{ .Values.elasticsearch.httpPort }}/ failed with RC ${RC}"
+ exit ${RC}
+ fi
+ # ready if HTTP code 200, 503 is tolerable if ES version is 6.x
+ if [[ ${HTTP_CODE} == "200" ]]; then
+ exit 0
+ elif [[ ${HTTP_CODE} == "503" && "{{ include "elasticsearch.esMajorVersion" . }}" == "6" ]]; then
+ exit 0
+ else
+ echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.elasticsearch.protocol }}://127.0.0.1:{{ .Values.elasticsearch.httpPort }}/ failed with HTTP code ${HTTP_CODE}"
+ exit 1
+ fi
+
+ else
+ echo 'Waiting for elasticsearch cluster to become ready (request params: "{{ .Values.elasticsearch.clusterHealthCheckParams }}" )'
+ if http "/_cluster/health?{{ .Values.elasticsearch.clusterHealthCheckParams }}" "--fail" ; then
+ touch ${START_FILE}
+ exit 0
+ else
+ echo 'Cluster is not yet ready (request params: "{{ .Values.elasticsearch.clusterHealthCheckParams }}" )'
+ exit 1
+ fi
+ fi
+{{ toYaml .Values.elasticsearch.readinessProbe | indent 10 }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.elasticsearch.httpPort }}
+ - name: transport
+ containerPort: {{ .Values.elasticsearch.transportPort }}
+ resources:
+{{ toYaml .Values.elasticsearch.resources | indent 10 }}
+ env:
+ - name: node.name
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ {{- if eq .Values.elasticsearch.roles.master "true" }}
+ {{- if ge (int (include "elasticsearch.esMajorVersion" .)) 7 }}
+ - name: cluster.initial_master_nodes
+ value: "{{ template "elasticsearch.endpoints" . }}"
+ {{- else }}
+ - name: discovery.zen.minimum_master_nodes
+ value: "{{ .Values.elasticsearch.minimumMasterNodes }}"
+ {{- end }}
+ {{- end }}
+ {{- if lt (int (include "elasticsearch.esMajorVersion" .)) 7 }}
+ - name: discovery.zen.ping.unicast.hosts
+ value: "{{ .Release.Name }}-elasticsearch"
+ {{- else }}
+ - name: discovery.seed_hosts
+ value: "{{ .Release.Name }}-elasticsearch"
+ {{- end }}
+ - name: cluster.name
+ value: "{{ .Values.elasticsearch.clusterName }}"
+ - name: network.host
+ value: "{{ .Values.elasticsearch.networkHost }}"
+ - name: ES_JAVA_OPTS
+ value: "{{ .Values.elasticsearch.esJavaOpts }}"
+ {{- range $role, $enabled := .Values.elasticsearch.roles }}
+ - name: node.{{ $role }}
+ value: "{{ $enabled }}"
+ {{- end }}
+{{- if .Values.elasticsearch.extraEnvs }}
+{{ toYaml .Values.elasticsearch.extraEnvs | indent 10 }}
+{{- end }}
+{{- if .Values.elasticsearch.envFrom }}
+ envFrom:
+{{ toYaml .Values.elasticsearch.envFrom | indent 10 }}
+{{- end }}
+ volumeMounts:
+ {{- if .Values.k8s.persistence.enabled }}
+ - name: "{{ template "elasticsearch.uname" . }}"
+ mountPath: /usr/share/elasticsearch/data
+ {{- end }}
+{{ if .Values.elasticsearch.keystore }}
+ - name: keystore
+ mountPath: /usr/share/elasticsearch/config/elasticsearch.keystore
+ subPath: elasticsearch.keystore
+{{ end }}
+ {{- range .Values.elasticsearch.secretMounts }}
+ - name: {{ .name }}
+ mountPath: {{ .path }}
+ {{- if .subPath }}
+ subPath: {{ .subPath }}
+ {{- end }}
+ {{- end }}
+ {{- range $path, $config := .Values.elasticsearch.esConfig }}
+ - name: esconfig
+ mountPath: /usr/share/elasticsearch/config/{{ $path }}
+ subPath: {{ $path }}
+ {{- end -}}
+ {{- if .Values.elasticsearch.extraVolumeMounts }}
+ # Currently some extra blocks accept strings
+ # to continue with backwards compatibility this is being kept
+ # whilst also allowing for yaml to be specified too.
+ {{- if eq "string" (printf "%T" .Values.elasticsearch.extraVolumeMounts) }}
+{{ tpl .Values.elasticsearch.extraVolumeMounts . | indent 10 }}
+ {{- else }}
+{{ toYaml .Values.elasticsearch.extraVolumeMounts | indent 10 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.elasticsearch.masterTerminationFix }}
+ {{- if eq .Values.elasticsearch.roles.master "true" }}
+ # This sidecar will prevent slow master re-election
+ # https://github.com/elastic/helm-charts/issues/63
+ - name: elasticsearch-master-graceful-termination-handler
+ image: "{{ .Values.elasticsearch.image }}:{{ .Values.elasticsearch.imageTag }}"
+ imagePullPolicy: "{{ .Values.elasticsearch.imagePullPolicy }}"
+ command:
+ - "sh"
+ - -c
+ - |
+ #!/usr/bin/env bash
+ set -eo pipefail
+
+ http () {
+ local path="${1}"
+ if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then
+ BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}"
+ else
+ BASIC_AUTH=''
+ fi
+ curl -XGET -s -k --fail ${BASIC_AUTH} {{ .Values.elasticsearch.protocol }}://{{ template "elasticsearch.masterService" . }}:{{ .Values.elasticsearch.httpPort }}${path}
+ }
+
+ cleanup () {
+ while true ; do
+ local master="$(http "/_cat/master?h=node" || echo "")"
+ if [[ $master == "{{ template "elasticsearch.masterService" . }}"* && $master != "${NODE_NAME}" ]]; then
+ echo "This node is not master."
+ break
+ fi
+ echo "This node is still master, waiting gracefully for it to step down"
+ sleep 1
+ done
+
+ exit 0
+ }
+
+ trap cleanup SIGTERM
+
+ sleep infinity &
+ wait $!
+ resources:
+{{ toYaml .Values.elasticsearch.sidecarResources | indent 10 }}
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ {{- if .Values.elasticsearch.extraEnvs }}
+{{ toYaml .Values.elasticsearch.extraEnvs | indent 10 }}
+ {{- end }}
+ {{- if .Values.elasticsearch.envFrom }}
+ envFrom:
+{{ toYaml .Values.elasticsearch.envFrom | indent 10 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- if .Values.elasticsearch.lifecycle }}
+ lifecycle:
+{{ toYaml .Values.elasticsearch.lifecycle | indent 10 }}
+{{- end }}
+ {{- if .Values.elasticsearch.extraContainers }}
+ # Currently some extra blocks accept strings
+ # to continue with backwards compatibility this is being kept
+ # whilst also allowing for yaml to be specified too.
+ {{- if eq "string" (printf "%T" .Values.elasticsearch.extraContainers) }}
+{{ tpl .Values.elasticsearch.extraContainers . | indent 6 }}
+ {{- else }}
+{{ toYaml .Values.elasticsearch.extraContainers | indent 6 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/helm/openwhisk/templates/elasticsearch-psp.yaml b/helm/openwhisk/templates/elasticsearch-psp.yaml
new file mode 100644
index 0000000..e9e58a1
--- /dev/null
+++ b/helm/openwhisk/templates/elasticsearch-psp.yaml
@@ -0,0 +1,28 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- if and .Values.elasticsearch.podSecurityPolicy.create (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }}
+{{- $fullName := include "elasticsearch.uname" . -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ default $fullName .Values.elasticsearch.podSecurityPolicy.name | quote }}
+ labels:
+{{ include "openwhisk.label_boilerplate" .| indent 4 }}
+spec:
+{{ toYaml .Values.elasticsearch.podSecurityPolicy.spec | indent 2 }}
+{{- end -}}
diff --git a/helm/openwhisk/templates/elasticsearch-role.yaml b/helm/openwhisk/templates/elasticsearch-role.yaml
new file mode 100644
index 0000000..cd14b59
--- /dev/null
+++ b/helm/openwhisk/templates/elasticsearch-role.yaml
@@ -0,0 +1,39 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- if and .Values.elasticsearch.rbac.create (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }}
+{{- $fullName := include "elasticsearch.uname" . -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ .Release.Name }}-elasticsearch
+ labels:
+{{ include "openwhisk.label_boilerplate" . | indent 4 }}
+rules:
+ - apiGroups:
+ - extensions
+ resources:
+ - podsecuritypolicies
+ resourceNames:
+ {{- if eq .Values.elasticsearch.podSecurityPolicy.name "" }}
+ - {{ $fullName | quote }}
+ {{- else }}
+ - {{ .Values.elasticsearch.podSecurityPolicy.name | quote }}
+ {{- end }}
+ verbs:
+ - use
+{{- end -}}
diff --git a/helm/openwhisk/templates/elasticsearch-rolebind.yaml b/helm/openwhisk/templates/elasticsearch-rolebind.yaml
new file mode 100644
index 0000000..9088c86
--- /dev/null
+++ b/helm/openwhisk/templates/elasticsearch-rolebind.yaml
@@ -0,0 +1,38 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- if and .Values.elasticsearch.rbac.create (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }}
+{{- $fullName := include "elasticsearch.uname" . -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ .Release.Name }}-elasticsearch
+ labels:
+{{ include "openwhisk.label_boilerplate" . | indent 4 }}
+subjects:
+ - kind: ServiceAccount
+ {{- if eq .Values.elasticsearch.rbac.serviceAccountName "" }}
+ name: {{ $fullName | quote }}
+ {{- else }}
+ name: {{ .Values.elasticsearch.rbac.serviceAccountName | quote }}
+ {{- end }}
+ namespace: {{ .Release.Namespace | quote }}
+roleRef:
+ kind: Role
+ name: {{ $fullName | quote }}
+ apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/helm/openwhisk/templates/elasticsearch-svc.yaml b/helm/openwhisk/templates/elasticsearch-svc.yaml
new file mode 100644
index 0000000..b295a53
--- /dev/null
+++ b/helm/openwhisk/templates/elasticsearch-svc.yaml
@@ -0,0 +1,43 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- if and (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: {{ .Release.Name }}-elasticsearch
+ labels:
+ name: {{ .Release.Name }}-elasticsearch
+{{ include "openwhisk.label_boilerplate" . | indent 4 }}
+{{- if .Values.elasticsearch.service.labelsHeadless }}
+{{ toYaml .Values.elasticsearch.service.labelsHeadless | indent 4 }}
+{{- end }}
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+spec:
+ clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve
+ # Create endpoints also if the related pod isn't ready
+ publishNotReadyAddresses: true
+ selector:
+ name: {{ .Release.Name }}-elasticsearch
+ ports:
+ - name: {{ .Values.elasticsearch.service.httpPortName | default "http" }}
+ port: {{ .Values.elasticsearch.httpPort }}
+ - name: {{ .Values.elasticsearch.service.transportPortName | default "transport" }}
+ port: {{ .Values.elasticsearch.transportPort }}
+{{- end -}}
diff --git a/helm/openwhisk/templates/elasticsearch-svcacct.yaml b/helm/openwhisk/templates/elasticsearch-svcacct.yaml
new file mode 100644
index 0000000..ed09d40
--- /dev/null
+++ b/helm/openwhisk/templates/elasticsearch-svcacct.yaml
@@ -0,0 +1,33 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- if and .Values.elasticsearch.rbac.create (not .Values.elasticsearch.external) (eq .Values.activationStoreBackend "ElasticSearch") }}
+{{- $fullName := include "elasticsearch.uname" . -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ {{- if eq .Values.elasticsearch.rbac.serviceAccountName "" }}
+ name: {{ $fullName | quote }}
+ {{- else }}
+ name: {{ .Values.elasticsearch.rbac.serviceAccountName | quote }}
+ {{- end }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: {{ $fullName | quote }}
+{{- end -}}
diff --git a/helm/openwhisk/templates/invoker-pod.yaml b/helm/openwhisk/templates/invoker-pod.yaml
index e1431de..d71ceef 100644
--- a/helm/openwhisk/templates/invoker-pod.yaml
+++ b/helm/openwhisk/templates/invoker-pod.yaml
@@ -189,6 +189,20 @@ spec:
- name: "CONFIG_whisk_userEvents_enabled"
value: "true"
{{ end }}
+{{- if eq .Values.activationStoreBackend "ElasticSearch" }}
+ - name: "CONFIG_whisk_activationStore_elasticsearch_protocol"
+ value: "{{ .Values.elasticsearch.protocol }}"
+ - name: "CONFIG_whisk_activationStore_elasticsearch_hosts"
+ value: {{ template "openwhisk.elasticsearch_connect" . }}
+ - name: "CONFIG_whisk_activationStore_elasticsearch_indexPattern"
+ value: {{ .Values.elasticsearch.indexPattern }}
+ - name: "CONFIG_whisk_activationStore_elasticsearch_username"
+ value: "{{ .Values.elasticsearch.username }}"
+ - name: "CONFIG_whisk_activationStore_elasticsearch_password"
+ value: "{{ .Values.elasticsearch.password }}"
+ - name: "CONFIG_whisk_spi_ActivationStoreProvider"
+ value: "org.apache.openwhisk.core.database.elasticsearch.ElasticSearchActivationStoreProvider"
+{{- end }}
ports:
- name: invoker
containerPort: {{ .Values.invoker.port }}
diff --git a/helm/openwhisk/values.yaml b/helm/openwhisk/values.yaml
index bb3363e..1bfca21 100644
--- a/helm/openwhisk/values.yaml
+++ b/helm/openwhisk/values.yaml
@@ -229,6 +229,9 @@ db:
persistence:
size: 2Gi
+# CouchDB, ElasticSearch
+activationStoreBackend: "CouchDB"
+
# Nginx configurations
nginx:
imageName: "nginx"
@@ -483,3 +486,190 @@ pdb:
maxUnavailable: 1
invoker:
maxUnavailable: 1
+ elasticsearch:
+ maxUnavailable: 1
+
+# ElasticSearch configuration
+elasticsearch:
+ external: false
+ clusterName: "elasticsearch"
+ nodeGroup: "master"
+ # The service that non master groups will try to connect to when joining the cluster
+ # This should be set to clusterName + "-" + nodeGroup for your master group
+ masterServiceValue: ""
+ # Elasticsearch roles that will be applied to this nodeGroup
+ # These will be set as environment variables. E.g. node.master=true
+ roles:
+ master: "true"
+ ingest: "true"
+ data: "true"
+ replicaCount: 1
+ minimumMasterNodes: 1
+ esMajorVersionValue: ""
+ # Allows you to add any config files in /usr/share/elasticsearch/config/
+ # such as elasticsearch.yml and log4j2.properties, e.g.
+ # elasticsearch.yml: |
+ # key:
+ # nestedkey: value
+ # log4j2.properties: |
+ # key = value
+ esConfig: {}
+ # Extra environment variables to append to this nodeGroup
+ # This will be appended to the current 'env:' key. You can use any of the kubernetes env
+ # syntax here
+ # - name: MY_ENVIRONMENT_VAR
+ # value: the_value_goes_here
+ extraEnvs: []
+ # Allows you to load environment variables from kubernetes secret or config map
+ # - secretRef:
+ # name: env-secret
+ # - configMapRef:
+ # name: config-map
+ envFrom: []
+ # A list of secrets and their paths to mount inside the pod
+ # This is useful for mounting certificates for security and for mounting
+ # the X-Pack license
+ # - name: elastic-certificates
+ # secretName: elastic-certificates
+ # path: /usr/share/elasticsearch/config/certs
+ # defaultMode: 0755
+ secretMounts: []
+ image: "docker.elastic.co/elasticsearch/elasticsearch"
+ imageTag: "6.7.2"
+ imagePullPolicy: "IfNotPresent"
+ podAnnotations: {}
+ labels: {}
+ esJavaOpts: "-Xmx1g -Xms1g"
+ resources:
+ requests:
+ cpu: "1000m"
+ memory: "2Gi"
+ limits:
+ cpu: "1000m"
+ memory: "2Gi"
+ initResources: {}
+ sidecarResources: {}
+ networkHost: "0.0.0.0"
+ volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ resources:
+ requests:
+ storage: 30Gi
+ rbac:
+ create: false
+ serviceAccountName: ""
+ podSecurityPolicy:
+ create: false
+ name: ""
+ spec:
+ privileged: true
+ fsGroup:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ volumes:
+ - secret
+ - configMap
+ - persistentVolumeClaim
+ persistence:
+ annotations: {}
+ extraVolumes: []
+ # - name: extras
+ # mountPath: /usr/share/extras
+ # readOnly: true
+ extraVolumeMounts: []
+ # - name: do-something
+ # image: busybox
+ # command: ['do', 'something']
+ extraContainers: []
+ # - name: do-something
+ # image: busybox
+ # command: ['do', 'something']
+ extraInitContainers: []
+ # The default is to deploy all pods serially. By setting this to parallel all pods are started at
+ # the same time when bootstrapping the cluster
+ podManagementPolicy: "Parallel"
+ # The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when
+ # there are many services in the current namespace.
+ # If you experience slow pod startups you probably want to set this to `false`.
+ enableServiceLinks: true
+ protocol: http
+ connect_string: null
+ host: null
+ httpPort: 9200
+ transportPort: 9300
+ service:
+ labels: {}
+ labelsHeadless: {}
+ type: ClusterIP
+ nodePort: ""
+ annotations: {}
+ httpPortName: http
+ transportPortName: transport
+ loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+ updateStrategy: RollingUpdate
+ podSecurityContext:
+ fsGroup: 1000
+ runAsUser: 1000
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ # readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ # How long to wait for elasticsearch to stop gracefully
+ terminationGracePeriod: 120
+ sysctlVmMaxMapCount: 262144
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 3
+ timeoutSeconds: 5
+ # https://www.elastic.co/guide/en/elasticsearch/reference/7.8/cluster-health.html#request-params wait_for_status
+ clusterHealthCheckParams: "wait_for_status=green&timeout=1s"
+ ## Use an alternate scheduler.
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+ ##
+ schedulerName: ""
+ imagePullSecrets: []
+ nodeSelector: {}
+ tolerations: []
+ nameOverride: ""
+ fullnameOverride: ""
+ # https://github.com/elastic/helm-charts/issues/63
+ masterTerminationFix: false
+ lifecycle: {}
+ # preStop:
+ # exec:
+ # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
+ # postStart:
+ # exec:
+ # command:
+ # - bash
+ # - -c
+ # - |
+ # #!/bin/bash
+ # # Add a template to adjust number of shards/replicas
+ # TEMPLATE_NAME=my_template
+ # INDEX_PATTERN="logstash-*"
+ # SHARD_COUNT=8
+ # REPLICA_COUNT=1
+ # ES_URL=http://localhost:9200
+ # while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done
+ # curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}'
+ sysctlInitContainer:
+ enabled: true
+ keystore: []
+ # Deprecated
+ # please use the above podSecurityContext.fsGroup instead
+ fsGroup: ""
+ indexPattern: "openwhisk-%s"
+ username: "admin"
+ password: "admin"