Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
188 lines (187 sloc) 6.32 KB
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: {{ template "fullname" . }}-master
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
component: {{ template "fullname" . }}-master
role: master
estype: node
spec:
serviceName: {{ template "fullname" . }}-master
replicas: {{ .Values.master.replicas }}
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
selector:
matchLabels:
component: {{ template "fullname" . }}
role: master
template:
metadata:
labels:
release: "{{ .Release.Name }}"
app: {{ template "fullname" . }}
component: {{ template "fullname" . }}
role: master
{{- if .Values.master.labels }}
{{ toYaml .Values.master.labels | indent 8 }}
{{- end }}
annotations:
{{ if .Values.common.restart_pods_on_config_change }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{ end }}
{{- if .Values.master.annotations }}
{{ toYaml .Values.master.annotations | indent 8 }}
{{- end }}
spec:
subdomain: {{ template "fullname" . }}
serviceAccountName: {{ template "fullname" . }}
securityContext:
fsGroup: 1000
{{- if eq .Values.master.antiAffinity "hard" }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: "failure-domain.beta.kubernetes.io/zone"
labelSelector:
matchLabels:
component: {{ template "fullname" . }}
role: master
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: "kubernetes.io/hostname"
labelSelector:
matchLabels:
component: {{ template "fullname" . }}
role: master
{{- else if eq .Values.master.antiAffinity "soft" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: "failure-domain.beta.kubernetes.io/zone"
labelSelector:
matchLabels:
component: {{ template "fullname" . }}
role: master
- weight: 2
podAffinityTerm:
topologyKey: "kubernetes.io/hostname"
labelSelector:
matchLabels:
component: {{ template "fullname" . }}
role: master
{{- end }}
initContainers:
{{ include "init-containers" . | indent 6 }}
containers:
- name: elasticsearch
securityContext:
capabilities:
add:
- IPC_LOCK
- SYS_RESOURCE
{{ if .Values.common.xpack_basic }}
image: "floragunncom/sg-elasticsearch:{{ .Values.common.elkversion }}-{{ .Values.common.sgversion }}"
{{ else }}
image: "floragunncom/sg-elasticsearch:{{ .Values.common.elkversion }}-oss-{{ .Values.common.sgversion }}"
{{ end }}
imagePullPolicy: {{ .Values.common.pullPolicy }}
lifecycle:
postStart:
{{ include "remove-demo-certs" . | indent 12 }}
envFrom:
- secretRef:
name: {{ template "fullname" . }}-passwd-secret
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: DISCOVERY_SERVICE
value: {{ template "fullname" . }}-discovery.{{ .Release.Namespace }}.svc
- name: ES_JAVA_OPTS
value: "-Djava.net.preferIPv4Stack=true -Xms{{ .Values.master.heapSize }} -Xmx{{ .Values.master.heapSize }}"
- name: NODE_DATA
value: "false"
- name: NODE_MASTER
value: "true"
- name: NODE_INGEST
value: "false"
- name: PROCESSORS
value: "{{ .Values.master.processors }}"
{{- range $key, $value := .Values.common.env }}
- name: {{ $key | upper | replace "-" "_" }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.master.env }}
- name: {{ $key | upper | replace "-" "_" }}
value: {{ $value | quote }}
{{- end }}
resources:
{{ toYaml .Values.master.resources | indent 10 }}
ports:
- containerPort: 9300
name: transport
protocol: TCP
- containerPort: 9200
name: http
protocol: TCP
readinessProbe:
tcpSocket:
port: transport
initialDelaySeconds: 20
periodSeconds: 10
livenessProbe:
tcpSocket:
port: transport
initialDelaySeconds: 60
periodSeconds: 10
resources:
{{ toYaml .Values.master.resources | indent 10 }}
volumeMounts:
- mountPath: /storage/
name: storage
- mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
name: config
subPath: elasticsearch.yml
- mountPath: /usr/share/elasticsearch/plugins/search-guard-{{ .Values.common.elkversion | substr 0 1 }}/sgconfig/
name: searchguard-config
- name: secret-volume
readOnly: true
mountPath: "/usr/share/elasticsearch/config/certificates-secrets"
- name: kubectl
subPath: kubectl
mountPath: /usr/local/bin/kubectl
volumes:
- name: secret-volume
secret:
secretName: {{ template "fullname" . }}-nodes-cert-secret
defaultMode: 0600
- configMap:
name: {{ template "fullname" . }}-config
name: config
- configMap:
name: {{ template "fullname" . }}-searchguard-config-{{ .Values.common.elkversion | substr 0 1 }}
name: searchguard-config
- name: kubectl
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: storage
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: {{ .Values.master.storageClass }}
resources:
requests:
storage: {{ .Values.master.storage }}
You can’t perform that action at this time.