-
Notifications
You must be signed in to change notification settings - Fork 1.9k
fix cluster outage, add masterService template #41
Changes from 2 commits
ed67799
17fe76d
f2ba6e0
1048ce3
95cf412
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
{{ if eq .Values.roles.master "true" }} | ||
{{- range $i := until (int .Values.replicas) }} | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: {{ template "uname" $ }}-announce-{{ $i }} | ||
labels: | ||
heritage: {{ $.Release.Service | quote }} | ||
release: {{ $.Release.Name | quote }} | ||
chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}" | ||
app: "{{ template "uname" $ }}" | ||
annotations: | ||
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" | ||
spec: | ||
type: ClusterIP | ||
publishNotReadyAddresses: true | ||
ports: | ||
- name: transport | ||
port: 9300 | ||
targetPort: transport | ||
selector: | ||
heritage: {{ $.Release.Service | quote }} | ||
release: {{ $.Release.Name | quote }} | ||
chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}" | ||
app: "{{ template "uname" $ }}" | ||
statefulset.kubernetes.io/pod-name: {{ template "masterService" $ }}-{{ $i }} | ||
{{ end }} | ||
{{ end }} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -78,6 +78,8 @@ spec: | |
secret: | ||
secretName: {{ .name }} | ||
{{- end }} | ||
- name: config | ||
emptyDir: {} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why should we store the configuration here instead of regenerating it at each start? |
||
{{- if .Values.esConfig }} | ||
- name: esconfig | ||
configMap: | ||
|
@@ -94,14 +96,47 @@ spec: | |
privileged: true | ||
image: "{{ .Values.image }}:{{ .Values.imageTag }}" | ||
command: ["sysctl", "-w", "vm.max_map_count={{ .Values.sysctlVmMaxMapCount}}"] | ||
- name: init-config | ||
securityContext: | ||
runAsUser: 0 | ||
privileged: true | ||
image: "{{ .Values.image }}:{{ .Values.imageTag }}" | ||
command: | ||
- /bin/bash | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe add some comment here to state the purpose of the initContainer? |
||
- -c | ||
- |- | ||
shopt -s nullglob dotglob | ||
files=(/tmp/config/*) | ||
if [ ${#files[@]} -gt 0 ]; then | ||
cp -r /tmp/config/* /usr/share/elasticsearch/config/ | ||
fi | ||
|
||
HOSTNAME="$(hostname)" | ||
INDEX="${HOSTNAME##*-}" | ||
|
||
ENV_VAR_PREFIX=`echo {{ template "masterService" . }}-|awk '{print toupper($0)}'|sed 's/-/_/g'` | ||
HOSTVAR="${ENV_VAR_PREFIX}ANNOUNCE_${INDEX}_SERVICE_HOST" | ||
HOST="${!HOSTVAR}" | ||
|
||
if [ ! -f /usr/share/elasticsearch/config/elasticsearch.yml ]; then | ||
echo "" > /usr/share/elasticsearch/config/elasticsearch.yml | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Very nitpicky, but "touch" would be more elegant. |
||
fi; | ||
echo "network.publish_host: ${HOST}" >> /usr/share/elasticsearch/config/elasticsearch.yml; | ||
volumeMounts: | ||
- name: config | ||
mountPath: /usr/share/elasticsearch/config | ||
{{- if .Values.esConfig }} | ||
- name: esconfig | ||
mountPath: /tmp/config | ||
{{- end }} | ||
containers: | ||
- name: "{{ template "name" . }}" | ||
image: "{{ .Values.image }}:{{ .Values.imageTag }}" | ||
imagePullPolicy: "{{ .Values.imagePullPolicy }}" | ||
readinessProbe: | ||
{{ toYaml .Values.readinessProbe | indent 10 }} | ||
exec: | ||
command: | ||
command: | ||
- sh | ||
- -c | ||
- | | ||
|
@@ -119,7 +154,7 @@ spec: | |
fi | ||
curl -XGET -s -k --fail ${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}${path} | ||
} | ||
|
||
if [ -f "${START_FILE}" ]; then | ||
echo 'Elasticsearch is already running, lets check the node is healthy' | ||
http "/" | ||
|
@@ -155,7 +190,7 @@ spec: | |
{{- end }} | ||
{{- end }} | ||
- name: discovery.zen.ping.unicast.hosts | ||
value: "{{ .Values.masterService }}-headless" | ||
value: "{{ template "masterService" . }}-headless" | ||
- name: cluster.name | ||
value: "{{ .Values.clusterName }}" | ||
- name: network.host | ||
|
@@ -180,7 +215,18 @@ spec: | |
{{- end }} | ||
{{- end }} | ||
{{- range $path, $config := .Values.esConfig }} | ||
- name: esconfig | ||
- name: config | ||
mountPath: /usr/share/elasticsearch/config/{{ $path }} | ||
subPath: {{ $path }} | ||
{{- end }} | ||
{{- if not (empty .Values.esConfig) }} | ||
{{- if not (hasKey .Values.esConfig "elasticsearch.yml") }} | ||
- name: config | ||
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml | ||
subPath: elasticsearch.yml | ||
{{- end -}} | ||
{{- else if (empty .Values.esConfig) }} | ||
- name: config | ||
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml | ||
subPath: elasticsearch.yml | ||
{{- end -}} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,7 +4,7 @@ nodeGroup: "master" | |
|
||
# The service that non master groups will try to connect to when joining the cluster | ||
# This should be set to clusterName + "-" + nodeGroup for your master group | ||
masterService: "elasticsearch-master" | ||
masterService: "" | ||
|
||
# Elasticsearch roles that will be applied to this nodeGroup | ||
# These will be set as environment variables. E.g. node.master=true | ||
|
@@ -37,7 +37,7 @@ extraEnvs: | |
# A list of secrets and their paths to mount inside the pod | ||
# This is useful for mounting certificates for security and for mounting | ||
# the X-Pack license | ||
secretMounts: | ||
secretMounts: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In order for this to pass validations, shouln't it be set to []? |
||
# - name: elastic-certificates | ||
# secretName: elastic-certificates | ||
# path: /usr/share/elasticsearch/config/certs | ||
|
@@ -67,7 +67,7 @@ volumeClaimTemplate: | |
|
||
# By default this will make sure two pods don't end up on the same node | ||
# Changing this to a region would allow you to spread pods across regions | ||
antiAffinityTopologyKey: "kubernetes.io/hostname" | ||
antiAffinityTopologyKey: "kubernetes.io/hostname" | ||
|
||
# Hard means that by default pods will only be scheduled if there are enough nodes for them | ||
# and that they will never end up on the same node. Setting this to soft will do this "best effort" | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really need this?
The headless service is used for service discovery and includes all members in the cluster even the unready ones
https://github.com/elastic/helm-charts/blob/master/elasticsearch/templates/service.yaml#L31