|
|
@@ -1,364 +0,0 @@
|
|
|
-# helm repo add elastic https://helm.elastic.co
|
|
|
-# helm upgrade --install elasticsearch elastic/elasticsearch -n elasticsearch -f ~/server/elasticsearch/values.yaml --version 8.5.1
|
|
|
-
|
|
|
----
|
|
|
-clusterName: "elasticsearch"
|
|
|
-nodeGroup: "master"
|
|
|
-
|
|
|
-# The service that non master groups will try to connect to when joining the cluster
|
|
|
-# This should be set to clusterName + "-" + nodeGroup for your master group
|
|
|
-masterService: ""
|
|
|
-
|
|
|
-# Elasticsearch roles that will be applied to this nodeGroup
|
|
|
-# These will be set as environment variables. E.g. node.roles=master
|
|
|
-# https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html#node-roles
|
|
|
-roles:
|
|
|
- - master
|
|
|
- - data
|
|
|
- - data_content
|
|
|
- - data_hot
|
|
|
- - data_warm
|
|
|
- - data_cold
|
|
|
- - ingest
|
|
|
- - ml
|
|
|
- - remote_cluster_client
|
|
|
- - transform
|
|
|
-
|
|
|
-replicas: 3
|
|
|
-minimumMasterNodes: 2
|
|
|
-
|
|
|
-esMajorVersion: ""
|
|
|
-
|
|
|
-# Allows you to add any config files in /usr/share/elasticsearch/config/
|
|
|
-# such as elasticsearch.yml and log4j2.properties
|
|
|
-esConfig:
|
|
|
- # SSL is disabled: internal-only cluster, & self-signed certs in mastodon are a pain
|
|
|
- elasticsearch.yml: |
|
|
|
- xpack.security.enabled: false
|
|
|
- xpack.security.http.ssl.enabled: false
|
|
|
- xpack.security.transport.ssl.enabled: false
|
|
|
-# key:
|
|
|
-# nestedkey: value
|
|
|
-# log4j2.properties: |
|
|
|
-# key = value
|
|
|
-
|
|
|
-createCert: false
|
|
|
-
|
|
|
-esJvmOptions: {}
|
|
|
-# processors.options: |
|
|
|
-# -XX:ActiveProcessorCount=3
|
|
|
-
|
|
|
-# Extra environment variables to append to this nodeGroup
|
|
|
-# This will be appended to the current 'env:' key. You can use any of the kubernetes env
|
|
|
-# syntax here
|
|
|
-extraEnvs: []
|
|
|
-# - name: MY_ENVIRONMENT_VAR
|
|
|
-# value: the_value_goes_here
|
|
|
-
|
|
|
-# Allows you to load environment variables from kubernetes secret or config map
|
|
|
-envFrom: []
|
|
|
-# - secretRef:
|
|
|
-# name: env-secret
|
|
|
-# - configMapRef:
|
|
|
-# name: config-map
|
|
|
-
|
|
|
-# Disable it to use your own elastic-credential Secret.
|
|
|
-secret:
|
|
|
- enabled: true
|
|
|
- password: "" # generated randomly if not defined
|
|
|
-
|
|
|
-# A list of secrets and their paths to mount inside the pod
|
|
|
-# This is useful for mounting certificates for security and for mounting
|
|
|
-# the X-Pack license
|
|
|
-secretMounts: []
|
|
|
-# - name: elastic-certificates
|
|
|
-# secretName: elastic-certificates
|
|
|
-# path: /usr/share/elasticsearch/config/certs
|
|
|
-# defaultMode: 0755
|
|
|
-
|
|
|
-hostAliases: []
|
|
|
-#- ip: "127.0.0.1"
|
|
|
-# hostnames:
|
|
|
-# - "foo.local"
|
|
|
-# - "bar.local"
|
|
|
-
|
|
|
-image: "docker.elastic.co/elasticsearch/elasticsearch"
|
|
|
-imageTag: "8.5.1"
|
|
|
-imagePullPolicy: "IfNotPresent"
|
|
|
-
|
|
|
-podAnnotations: {}
|
|
|
-# iam.amazonaws.com/role: es-cluster
|
|
|
-
|
|
|
-# additionals labels
|
|
|
-labels: {}
|
|
|
-
|
|
|
-esJavaOpts: "" # example: "-Xmx1g -Xms1g"
|
|
|
-
|
|
|
-resources:
|
|
|
- requests:
|
|
|
- cpu: "1000m"
|
|
|
- memory: "2Gi"
|
|
|
- limits:
|
|
|
- cpu: "1000m"
|
|
|
- memory: "2Gi"
|
|
|
-
|
|
|
-initResources: {}
|
|
|
-# limits:
|
|
|
-# cpu: "25m"
|
|
|
-# # memory: "128Mi"
|
|
|
-# requests:
|
|
|
-# cpu: "25m"
|
|
|
-# memory: "128Mi"
|
|
|
-
|
|
|
-networkHost: "0.0.0.0"
|
|
|
-
|
|
|
-volumeClaimTemplate:
|
|
|
- accessModes: ["ReadWriteOnce"]
|
|
|
- resources:
|
|
|
- requests:
|
|
|
- storage: 30Gi
|
|
|
- storageClassName: "ceph-block"
|
|
|
-
|
|
|
-rbac:
|
|
|
- create: false
|
|
|
- serviceAccountAnnotations: {}
|
|
|
- serviceAccountName: ""
|
|
|
- automountToken: true
|
|
|
-
|
|
|
-podSecurityPolicy:
|
|
|
- create: false
|
|
|
- name: ""
|
|
|
- spec:
|
|
|
- privileged: true
|
|
|
- fsGroup:
|
|
|
- rule: RunAsAny
|
|
|
- runAsUser:
|
|
|
- rule: RunAsAny
|
|
|
- seLinux:
|
|
|
- rule: RunAsAny
|
|
|
- supplementalGroups:
|
|
|
- rule: RunAsAny
|
|
|
- volumes:
|
|
|
- - secret
|
|
|
- - configMap
|
|
|
- - persistentVolumeClaim
|
|
|
- - emptyDir
|
|
|
-
|
|
|
-persistence:
|
|
|
- enabled: true
|
|
|
- labels:
|
|
|
- # Add default labels for the volumeClaimTemplate of the StatefulSet
|
|
|
- enabled: false
|
|
|
- annotations: {}
|
|
|
-
|
|
|
-extraVolumes: []
|
|
|
-# - name: extras
|
|
|
-# emptyDir: {}
|
|
|
-
|
|
|
-extraVolumeMounts: []
|
|
|
-# - name: extras
|
|
|
-# mountPath: /usr/share/extras
|
|
|
-# readOnly: true
|
|
|
-
|
|
|
-extraContainers: []
|
|
|
-# - name: do-something
|
|
|
-# image: busybox
|
|
|
-# command: ['do', 'something']
|
|
|
-
|
|
|
-extraInitContainers: []
|
|
|
-# - name: do-something
|
|
|
-# image: busybox
|
|
|
-# command: ['do', 'something']
|
|
|
-
|
|
|
-# This is the PriorityClass settings as defined in
|
|
|
-# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
|
|
|
-priorityClassName: ""
|
|
|
-
|
|
|
-# By default this will make sure two pods don't end up on the same node
|
|
|
-# Changing this to a region would allow you to spread pods across regions
|
|
|
-antiAffinityTopologyKey: "kubernetes.io/hostname"
|
|
|
-
|
|
|
-# Hard means that by default pods will only be scheduled if there are enough nodes for them
|
|
|
-# and that they will never end up on the same node. Setting this to soft will do this "best effort"
|
|
|
-antiAffinity: "hard"
|
|
|
-
|
|
|
-# This is the node affinity settings as defined in
|
|
|
-# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
|
|
|
-nodeAffinity: {}
|
|
|
-
|
|
|
-# The default is to deploy all pods serially. By setting this to parallel all pods are started at
|
|
|
-# the same time when bootstrapping the cluster
|
|
|
-podManagementPolicy: "Parallel"
|
|
|
-
|
|
|
-# The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when
|
|
|
-# there are many services in the current namespace.
|
|
|
-# If you experience slow pod startups you probably want to set this to `false`.
|
|
|
-enableServiceLinks: true
|
|
|
-
|
|
|
-protocol: http
|
|
|
-httpPort: 9200
|
|
|
-transportPort: 9300
|
|
|
-
|
|
|
-service:
|
|
|
- enabled: true
|
|
|
- labels: {}
|
|
|
- labelsHeadless: {}
|
|
|
- type: ClusterIP
|
|
|
- # Consider that all endpoints are considered "ready" even if the Pods themselves are not
|
|
|
- # https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec
|
|
|
- publishNotReadyAddresses: false
|
|
|
- nodePort: ""
|
|
|
- annotations: {}
|
|
|
- httpPortName: http
|
|
|
- transportPortName: transport
|
|
|
- loadBalancerIP: ""
|
|
|
- loadBalancerSourceRanges: []
|
|
|
- externalTrafficPolicy: ""
|
|
|
-
|
|
|
-updateStrategy: RollingUpdate
|
|
|
-
|
|
|
-# This is the max unavailable setting for the pod disruption budget
|
|
|
-# The default value of 1 will make sure that kubernetes won't allow more than 1
|
|
|
-# of your pods to be unavailable during maintenance
|
|
|
-maxUnavailable: 1
|
|
|
-
|
|
|
-podSecurityContext:
|
|
|
- fsGroup: 1000
|
|
|
- runAsUser: 1000
|
|
|
-
|
|
|
-securityContext:
|
|
|
- capabilities:
|
|
|
- drop:
|
|
|
- - ALL
|
|
|
- # readOnlyRootFilesystem: true
|
|
|
- runAsNonRoot: true
|
|
|
- runAsUser: 1000
|
|
|
-
|
|
|
-# How long to wait for elasticsearch to stop gracefully
|
|
|
-terminationGracePeriod: 120
|
|
|
-
|
|
|
-sysctlVmMaxMapCount: 262144
|
|
|
-
|
|
|
-readinessProbe:
|
|
|
- failureThreshold: 3
|
|
|
- initialDelaySeconds: 10
|
|
|
- periodSeconds: 10
|
|
|
- successThreshold: 3
|
|
|
- timeoutSeconds: 5
|
|
|
-
|
|
|
-# https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params wait_for_status
|
|
|
-clusterHealthCheckParams: "wait_for_status=green&timeout=1s"
|
|
|
-
|
|
|
-## Use an alternate scheduler.
|
|
|
-## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
|
-##
|
|
|
-schedulerName: ""
|
|
|
-
|
|
|
-imagePullSecrets: []
|
|
|
-nodeSelector: {}
|
|
|
-tolerations: []
|
|
|
-
|
|
|
-# Enabling this will publicly expose your Elasticsearch instance.
|
|
|
-# Only enable this if you have security enabled on your cluster
|
|
|
-ingress:
|
|
|
- enabled: false
|
|
|
- annotations: {}
|
|
|
- # kubernetes.io/ingress.class: nginx
|
|
|
- # kubernetes.io/tls-acme: "true"
|
|
|
- className: "nginx"
|
|
|
- pathtype: ImplementationSpecific
|
|
|
- hosts:
|
|
|
- - host: chart-example.local
|
|
|
- paths:
|
|
|
- - path: /
|
|
|
- tls: []
|
|
|
- # - secretName: chart-example-tls
|
|
|
- # hosts:
|
|
|
- # - chart-example.local
|
|
|
-
|
|
|
-nameOverride: ""
|
|
|
-fullnameOverride: ""
|
|
|
-healthNameOverride: ""
|
|
|
-
|
|
|
-lifecycle: {}
|
|
|
-# preStop:
|
|
|
-# exec:
|
|
|
-# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
|
|
|
-# postStart:
|
|
|
-# exec:
|
|
|
-# command:
|
|
|
-# - bash
|
|
|
-# - -c
|
|
|
-# - |
|
|
|
-# #!/bin/bash
|
|
|
-# # Add a template to adjust number of shards/replicas
|
|
|
-# TEMPLATE_NAME=my_template
|
|
|
-# INDEX_PATTERN="logstash-*"
|
|
|
-# SHARD_COUNT=8
|
|
|
-# REPLICA_COUNT=1
|
|
|
-# ES_URL=http://localhost:9200
|
|
|
-# while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done
|
|
|
-# curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}'
|
|
|
-
|
|
|
-sysctlInitContainer:
|
|
|
- enabled: true
|
|
|
-
|
|
|
-keystore: []
|
|
|
-
|
|
|
-networkPolicy:
|
|
|
- ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
|
|
|
- ## In order for a Pod to access Elasticsearch, it needs to have the following label:
|
|
|
- ## {{ template "uname" . }}-client: "true"
|
|
|
- ## Example for default configuration to access HTTP port:
|
|
|
- ## elasticsearch-master-http-client: "true"
|
|
|
- ## Example for default configuration to access transport port:
|
|
|
- ## elasticsearch-master-transport-client: "true"
|
|
|
-
|
|
|
- http:
|
|
|
- enabled: false
|
|
|
- ## if explicitNamespacesSelector is not set or set to {}, only client Pods being in the networkPolicy's namespace
|
|
|
- ## and matching all criteria can reach the DB.
|
|
|
- ## But sometimes, we want the Pods to be accessible to clients from other namespaces, in this case, we can use this
|
|
|
- ## parameter to select these namespaces
|
|
|
- ##
|
|
|
- # explicitNamespacesSelector:
|
|
|
- # # Accept from namespaces with all those different rules (only from whitelisted Pods)
|
|
|
- # matchLabels:
|
|
|
- # role: frontend
|
|
|
- # matchExpressions:
|
|
|
- # - {key: role, operator: In, values: [frontend]}
|
|
|
-
|
|
|
- ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed.
|
|
|
- ##
|
|
|
- # additionalRules:
|
|
|
- # - podSelector:
|
|
|
- # matchLabels:
|
|
|
- # role: frontend
|
|
|
- # - podSelector:
|
|
|
- # matchExpressions:
|
|
|
- # - key: role
|
|
|
- # operator: In
|
|
|
- # values:
|
|
|
- # - frontend
|
|
|
-
|
|
|
- transport:
|
|
|
- ## Note that all Elasticsearch Pods can talk to themselves using transport port even if enabled.
|
|
|
- enabled: false
|
|
|
- # explicitNamespacesSelector:
|
|
|
- # matchLabels:
|
|
|
- # role: frontend
|
|
|
- # matchExpressions:
|
|
|
- # - {key: role, operator: In, values: [frontend]}
|
|
|
- # additionalRules:
|
|
|
- # - podSelector:
|
|
|
- # matchLabels:
|
|
|
- # role: frontend
|
|
|
- # - podSelector:
|
|
|
- # matchExpressions:
|
|
|
- # - key: role
|
|
|
- # operator: In
|
|
|
- # values:
|
|
|
- # - frontend
|
|
|
-
|
|
|
-tests:
|
|
|
- enabled: true
|
