--- # Source: elasticsearch/templates/configmap.yaml --- apiVersion: v1 kind: ConfigMap metadata: name: elasticsearch-data-config labels: heritage: "Tiller" release: "elasticsearch-data-nodes" chart: "elasticsearch-7.2.0" app: "elasticsearch-data" data: elasticsearch.yml: | xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elasticsearch-certificates.p12 xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elasticsearch-certificates.p12 --- # Source: elasticsearch/templates/poddisruptionbudget.yaml --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: "elasticsearch-data-pdb" spec: maxUnavailable: 1 selector: matchLabels: app: "elasticsearch-data" --- # Source: elasticsearch/templates/service.yaml --- kind: Service apiVersion: v1 metadata: name: elasticsearch-data labels: heritage: "Tiller" release: "elasticsearch-data-nodes" chart: "elasticsearch-7.2.0" app: "elasticsearch-data" annotations: {} spec: type: ClusterIP selector: heritage: "Tiller" release: "elasticsearch-data-nodes" chart: "elasticsearch-7.2.0" app: "elasticsearch-data" ports: - name: http protocol: TCP port: 9200 - name: transport protocol: TCP port: 9300 --- kind: Service apiVersion: v1 metadata: name: elasticsearch-data-headless labels: heritage: "Tiller" release: "elasticsearch-data-nodes" chart: "elasticsearch-7.2.0" app: "elasticsearch-data" spec: clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve # Create endpoints also if the related pod isn't ready publishNotReadyAddresses: true selector: app: "elasticsearch-data" ports: - name: http port: 9200 - name: transport port: 9300 --- # Source: elasticsearch/templates/statefulset.yaml --- apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: elasticsearch-data labels: heritage: "Tiller" release: "elasticsearch-data-nodes" chart: "elasticsearch-7.2.0" app: "elasticsearch-data" spec: serviceName: elasticsearch-data-headless selector: matchLabels: app: "elasticsearch-data" replicas: 3 podManagementPolicy: Parallel updateStrategy: type: RollingUpdate volumeClaimTemplates: - metadata: name: elasticsearch-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 30Gi template: metadata: name: "elasticsearch-data" labels: heritage: "Tiller" release: "elasticsearch-data-nodes" chart: "elasticsearch-7.2.0" app: "elasticsearch-data" annotations: configchecksum: adc27972acd5fcfe03f6869f3ca9c60b9bfce29ac5e666d8143479049f8dcb7 spec: securityContext: fsGroup: 1000 affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - "elasticsearch-data" topologyKey: kubernetes.io/hostname terminationGracePeriodSeconds: 120 volumes: - name: elasticsearch-certificates secret: secretName: elasticsearch-certificates - name: elasticsearch-keystore secret: secretName: elasticsearch-keystore - name: esconfig configMap: name: elasticsearch-data-config initContainers: - name: configure-sysctl securityContext: runAsUser: 0 privileged: true image: "elasticsearch:pulse" command: ["sysctl", "-w", "vm.max_map_count=262144"] resources: {} containers: - name: "elasticsearch" image: "elasticsearch:pulse" imagePullPolicy: "IfNotPresent" readinessProbe: failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 3 timeoutSeconds: 5 exec: command: - sh - -c - | #!/usr/bin/env bash -e # If the node is starting up wait for the cluster to be ready (request params: 'wait_for_status=green&timeout=1s' ) # Once it has started only check that the node itself is responding START_FILE=/tmp/.es_start_file http () { local path="${1}" if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}" else BASIC_AUTH='' fi curl -XGET -s -k --fail ${BASIC_AUTH} http://127.0.0.1:9200${path} } if [ -f "${START_FILE}" ]; then echo 'Elasticsearch is already running, lets check the node is healthy' http "/" else echo 'Waiting for elasticsearch cluster to become cluster to be ready (request params: "wait_for_status=green&timeout=1s" )' if http "/_cluster/health?wait_for_status=green&timeout=1s" ; then touch ${START_FILE} exit 0 else echo 'Cluster is not yet ready (request params: "wait_for_status=green&timeout=1s" )' exit 1 fi fi ports: - name: http containerPort: 9200 - name: transport containerPort: 9300 resources: limits: cpu: 1000m memory: 2Gi requests: cpu: 100m memory: 2Gi env: - name: node.name valueFrom: fieldRef: fieldPath: metadata.name - name: discovery.zen.ping.unicast.hosts value: "elasticsearch-master-headless" - name: cluster.name value: "elasticsearch" - name: network.host value: "0.0.0.0" - name: ES_JAVA_OPTS value: "-Xmx1g -Xms1g" - name: node.data value: "true" - name: node.ingest value: "true" - name: node.master value: "false" - name: ELASTIC_PASSWORD valueFrom: secretKeyRef: key: password name: elasticsearch-credentials - name: ELASTIC_USERNAME valueFrom: secretKeyRef: key: username name: elasticsearch-credentials volumeMounts: - name: "elasticsearch-data" mountPath: /usr/share/elasticsearch/data - name: elasticsearch-certificates mountPath: /usr/share/elasticsearch/config/certs - name: elasticsearch-keystore mountPath: /usr/share/elasticsearch/config/elasticsearch.keystore subPath: elasticsearch.keystore - name: esconfig mountPath: /usr/share/elasticsearch/config/elasticsearch.yml subPath: elasticsearch.yml