From d625a95d516d806a2ba1f2fd96d487699f62f124 Mon Sep 17 00:00:00 2001 From: chengdehao Date: Tue, 4 Jan 2022 17:55:24 +0800 Subject: [PATCH] upgrade es Signed-off-by: chengdehao --- stable/elasticsearch/Chart.yaml | 19 ++-- stable/elasticsearch/OWNERS | 10 -- stable/elasticsearch/README.md | 44 ++++++-- ...pose-transport-port-on-service-values.yaml | 5 + stable/elasticsearch/ci/hooks-values.yaml | 31 ++++++ .../ci/nonroot-deployment-values.yaml | 12 +++ .../ci/updatestrategy-values.yaml | 7 ++ stable/elasticsearch/templates/NOTES.txt | 4 + stable/elasticsearch/templates/_helpers.tpl | 8 +- .../templates/client-deployment.yaml | 40 ++++++- .../templates/client-ingress.yaml | 2 +- .../elasticsearch/templates/client-svc.yaml | 8 ++ stable/elasticsearch/templates/configmap.yaml | 73 +++++++------ .../templates/data-statefulset.yaml | 51 +++++++-- .../templates/master-statefulset.yaml | 55 +++++++++- .../templates/podsecuritypolicy.yaml | 2 +- .../templates/tests/test-configmap.yaml | 15 +++ .../elasticsearch/templates/tests/test.yaml | 48 +++++++++ stable/elasticsearch/values.yaml | 101 +++++++++++++++++- 19 files changed, 447 insertions(+), 88 deletions(-) delete mode 100644 stable/elasticsearch/OWNERS create mode 100644 stable/elasticsearch/ci/expose-transport-port-on-service-values.yaml create mode 100644 stable/elasticsearch/ci/hooks-values.yaml create mode 100644 stable/elasticsearch/ci/nonroot-deployment-values.yaml create mode 100644 stable/elasticsearch/ci/updatestrategy-values.yaml create mode 100644 stable/elasticsearch/templates/tests/test-configmap.yaml create mode 100644 stable/elasticsearch/templates/tests/test.yaml diff --git a/stable/elasticsearch/Chart.yaml b/stable/elasticsearch/Chart.yaml index db050525926f..eeaccf5e58e2 100755 --- a/stable/elasticsearch/Chart.yaml +++ b/stable/elasticsearch/Chart.yaml @@ -1,8 +1,11 @@ +apiVersion: v1 name: elasticsearch home: https://www.elastic.co/products/elasticsearch -version: 1.22.0 -appVersion: 6.7.0 -description: Flexible and powerful open source, distributed real-time search and analytics +version: 1.32.6 +appVersion: 6.8.22 +# The elasticsearch chart is deprecated and no longer maintained. For details deprecation, see the PROCESSES.md file. +deprecated: true +description: DEPRECATED Flexible and powerful open source, distributed real-time search and analytics engine. icon: https://static-www.elastic.co/assets/blteb1c97719574938d/logo-elastic-elasticsearch-lt.svg sources: @@ -12,12 +15,4 @@ sources: - https://github.com/GoogleCloudPlatform/elasticsearch-docker - https://github.com/clockworksoul/helm-elasticsearch - https://github.com/pires/kubernetes-elasticsearch-cluster -maintainers: -- name: simonswine - email: christian@jetstack.io -- name: icereval - email: michael.haselton@gmail.com -- name: rendhalver - email: pete.brown@powerhrg.com -- name: desaintmartin - email: cedric@desaintmartin.fr +maintainers: [] diff --git a/stable/elasticsearch/OWNERS b/stable/elasticsearch/OWNERS deleted file mode 100644 index 3c4068f10142..000000000000 --- a/stable/elasticsearch/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -approvers: -- simonswine -- icereval -- rendhalver -- desaintmartin -reviewers: -- simonswine -- icereval -- rendhalver -- desaintmartin diff --git a/stable/elasticsearch/README.md b/stable/elasticsearch/README.md index 5e9f251c2f45..38d81f827cf1 100644 --- a/stable/elasticsearch/README.md +++ b/stable/elasticsearch/README.md @@ -3,6 +3,14 @@ This chart uses a standard Docker image of Elasticsearch (docker.elastic.co/elasticsearch/elasticsearch-oss) and uses a service pointing to the master's transport port for service discovery. Elasticsearch does not communicate with the Kubernetes API, hence no need for RBAC permissions. +## This Helm chart is deprecated +As mentioned in #10543 this chart has been deprecated in favour of the official [Elastic Helm Chart](https://github.com/elastic/helm-charts/tree/master/elasticsearch). +We have made steps towards that goal by producing a [migration guide](https://github.com/elastic/helm-charts/blob/master/elasticsearch/examples/migration/README.md) to help people switch the management of their clusters over to the new Charts. +The Elastic Helm Chart supports version 6 and 7 of Elasticsearch and it was decided it would be easier for people to upgrade after migrating to the Elastic Helm Chart because it's upgrade process works better. +During deprecation process we want to make sure that Chart will do what people are using this chart to do. +Please look at the Elastic Helm Charts and if you see anything missing from please [open an issue](https://github.com/elastic/helm-charts/issues/new/choose) to let us know what you need. +The Elastic Chart repo is also in [Helm Hub](https://hub.helm.sh). + ## Warning for previous users If you are currently using an earlier version of this Chart you will need to redeploy your Elasticsearch clusters. The discovery method used here is incompatible with using RBAC. If you are upgrading to Elasticsearch 6 from the 5.5 version used in this chart before, please note that your cluster needs to do a full cluster restart. @@ -11,7 +19,7 @@ If you want to avoid doing that upgrade to Elasticsearch 5.6 first before moving ## Prerequisites Details -* Kubernetes 1.6+ +* Kubernetes 1.10+ * PV dynamic provisioning support on the underlying infrastructure ## StatefulSets Details @@ -61,13 +69,15 @@ The following table lists the configurable parameters of the elasticsearch chart | Parameter | Description | Default | | ------------------------------------ | ------------------------------------------------------------------- | --------------------------------------------------- | -| `appVersion` | Application Version (Elasticsearch) | `6.7.0` | +| `appVersion` | Application Version (Elasticsearch) | `6.8.22` | | `image.repository` | Container image name | `docker.elastic.co/elasticsearch/elasticsearch-oss` | -| `image.tag` | Container image tag | `6.7.0` | +| `image.tag` | Container image tag | `6.8.22` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `image.pullSecrets` | container image pull secrets | `[]` | | `initImage.repository` | Init container image name | `busybox` | | `initImage.tag` | Init container image tag | `latest` | | `initImage.pullPolicy` | Init container pull policy | `Always` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | | `cluster.name` | Cluster name | `elasticsearch` | | `cluster.xpackEnable` | Writes the X-Pack configuration options to the configuration file | `false` | | `cluster.config` | Additional cluster config appended | `{}` | @@ -76,6 +86,8 @@ The following table lists the configurable parameters of the elasticsearch chart | `cluster.bootstrapShellCommand` | Post-init command to run in separate Job | `""` | | `cluster.additionalJavaOpts` | Cluster parameters to be added to `ES_JAVA_OPTS` environment variable | `""` | | `cluster.plugins` | List of Elasticsearch plugins to install | `[]` | +| `cluster.loggingYml` | Cluster logging configuration for ES v2 | see `values.yaml` for defaults | +| `cluster.log4j2Properties` | Cluster logging configuration for ES v5 and 6 | see `values.yaml` for defaults | | `client.name` | Client component name | `client` | | `client.replicas` | Client node replicas (deployment) | `2` | | `client.resources` | Client node resources requests & limits | `{} - cpu limit must be an integer` | @@ -84,13 +96,17 @@ The following table lists the configurable parameters of the elasticsearch chart | `client.podAnnotations` | Client Deployment annotations | `{}` | | `client.nodeSelector` | Node labels for client pod assignment | `{}` | | `client.tolerations` | Client tolerations | `[]` | +| `client.terminationGracePeriodSeconds` | Client nodes: Termination grace period (seconds) | `nil` | | `client.serviceAnnotations` | Client Service annotations | `{}` | | `client.serviceType` | Client service type | `ClusterIP` | +| `client.httpNodePort` | Client service HTTP NodePort port number. Has no effect if client.serviceType is not `NodePort`. | `nil` | | `client.loadBalancerIP` | Client loadBalancerIP | `{}` | | `client.loadBalancerSourceRanges` | Client loadBalancerSourceRanges | `{}` | | `client.antiAffinity` | Client anti-affinity policy | `soft` | | `client.nodeAffinity` | Client node affinity policy | `{}` | | `client.initResources` | Client initContainer resources requests & limits | `{}` | +| `client.hooks.preStop` | Client nodes: Lifecycle hook script to execute prior the pod stops | `nil` | +| `client.hooks.preStart` | Client nodes: Lifecycle hook script to execute after the pod starts | `nil` | | `client.additionalJavaOpts` | Parameters to be added to `ES_JAVA_OPTS` environment variable for client | `""` | | `client.ingress.enabled` | Enable Client Ingress | `false` | | `client.ingress.user` | If this & password are set, enable basic-auth on ingress | `nil` | @@ -98,6 +114,7 @@ The following table lists the configurable parameters of the elasticsearch chart | `client.ingress.annotations` | Client Ingress annotations | `{}` | | `client.ingress.hosts` | Client Ingress Hostnames | `[]` | | `client.ingress.tls` | Client Ingress TLS configuration | `[]` | +| `client.exposeTransportPort` | Expose transport port 9300 on client service (ClusterIP) | `false` | | `master.initResources` | Master initContainer resources requests & limits | `{}` | | `master.additionalJavaOpts` | Parameters to be added to `ES_JAVA_OPTS` environment variable for master | `""` | | `master.exposeHttp` | Expose http port 9200 on master Pods for monitoring, etc | `false` | @@ -108,6 +125,7 @@ The following table lists the configurable parameters of the elasticsearch chart | `master.podAnnotations` | Master Deployment annotations | `{}` | | `master.nodeSelector` | Node labels for master pod assignment | `{}` | | `master.tolerations` | Master tolerations | `[]` | +| `master.terminationGracePeriodSeconds` | Master nodes: Termination grace period (seconds) | `nil` | | `master.heapSize` | Master node heap size | `512m` | | `master.name` | Master component name | `master` | | `master.persistence.enabled` | Master persistent enabled/disabled | `true` | @@ -118,7 +136,10 @@ The following table lists the configurable parameters of the elasticsearch chart | `master.readinessProbe` | Master container readiness probes | see `values.yaml` for defaults | | `master.antiAffinity` | Master anti-affinity policy | `soft` | | `master.nodeAffinity` | Master node affinity policy | `{}` | +| `master.podManagementPolicy` | Master pod creation strategy | `OrderedReady` | | `master.updateStrategy` | Master node update strategy policy | `{type: "onDelete"}` | +| `master.hooks.preStop` | Master nodes: Lifecycle hook script to execute prior the pod stops | `nil` | +| `master.hooks.preStart` | Master nodes: Lifecycle hook script to execute after the pod starts | `nil` | | `data.initResources` | Data initContainer resources requests & limits | `{}` | | `data.additionalJavaOpts` | Parameters to be added to `ES_JAVA_OPTS` environment variable for data | `""` | | `data.exposeHttp` | Expose http port 9200 on data Pods for monitoring, etc | `false` | @@ -126,7 +147,9 @@ The following table lists the configurable parameters of the elasticsearch chart | `data.resources` | Data node resources requests & limits | `{} - cpu limit must be an integer` | | `data.priorityClassName` | Data priorityClass | `nil` | | `data.heapSize` | Data node heap size | `1536m` | -| `data.hooks.drain.enabled | Data nodes: Enable drain pre-stop and post-start hook | `true` | +| `data.hooks.drain.enabled` | Data nodes: Enable drain pre-stop and post-start hook | `true` | +| `data.hooks.preStop` | Data nodes: Lifecycle hook script to execute prior the pod stops. Ignored if `data.hooks.drain.enabled` is `true` | `nil` | +| `data.hooks.preStart` | Data nodes: Lifecycle hook script to execute after the pod starts. Ignored if `data.hooks.drain.enabled` is `true` | `nil`| | `data.persistence.enabled` | Data persistent enabled/disabled | `true` | | `data.persistence.name` | Data statefulset PVC template name | `data` | | `data.persistence.size` | Data persistent volume size | `30Gi` | @@ -139,17 +162,24 @@ The following table lists the configurable parameters of the elasticsearch chart | `data.terminationGracePeriodSeconds` | Data termination grace period (seconds) | `3600` | | `data.antiAffinity` | Data anti-affinity policy | `soft` | | `data.nodeAffinity` | Data node affinity policy | `{}` | +| `data.podManagementPolicy` | Data pod creation strategy | `OrderedReady` | | `data.updateStrategy` | Data node update strategy policy | `{type: "onDelete"}` | -| `sysctlInitContainer.enabled` | If true, the sysctl init container is enabled (does not stop extraInitContainers from running) | `true` | +| `sysctlInitContainer.enabled` | If true, the sysctl init container is enabled (does not stop chownInitContainer or extraInitContainers from running) | `true` | +| `chownInitContainer.enabled` | If true, the chown init container is enabled (does not stop sysctlInitContainer or extraInitContainers from running) | `true` | | `extraInitContainers` | Additional init container passed through the tpl | `` | -| `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | +| `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | | `podSecurityPolicy.enabled` | Specify if a pod security policy must be created | `false` | -| `serviceAccounts.client.create` | If true, create the client service account | `true` | +| `securityContext.enabled` | If true, add securityContext to client, master and data pods | `false` | +| `securityContext.runAsUser` | user ID to run containerized process | `1000` | +| `serviceAccounts.client.create` | If true, create the client service account | `true` | | `serviceAccounts.client.name` | Name of the client service account to use or create | `{{ elasticsearch.client.fullname }}` | | `serviceAccounts.master.create` | If true, create the master service account | `true` | | `serviceAccounts.master.name` | Name of the master service account to use or create | `{{ elasticsearch.master.fullname }}` | | `serviceAccounts.data.create` | If true, create the data service account | `true` | | `serviceAccounts.data.name` | Name of the data service account to use or create | `{{ elasticsearch.data.fullname }}` | +| `testFramework.image` | `test-framework` image repository. | `dduportal/bats` | +| `testFramework.tag` | `test-framework` image tag. | `0.4.0` | +| `forceIpv6` | force to use IPv6 address to listen if set to true | `false` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/stable/elasticsearch/ci/expose-transport-port-on-service-values.yaml b/stable/elasticsearch/ci/expose-transport-port-on-service-values.yaml new file mode 100644 index 000000000000..2aa678b306ce --- /dev/null +++ b/stable/elasticsearch/ci/expose-transport-port-on-service-values.yaml @@ -0,0 +1,5 @@ +--- +# Expose transport port on ClusterIP service + +client: + exposeTransportPort: true diff --git a/stable/elasticsearch/ci/hooks-values.yaml b/stable/elasticsearch/ci/hooks-values.yaml new file mode 100644 index 000000000000..da40122f380d --- /dev/null +++ b/stable/elasticsearch/ci/hooks-values.yaml @@ -0,0 +1,31 @@ +--- +# Enable custom lifecycle hooks for client, data and master pods + +client: + hooks: + preStop: |- + #!/bin/bash + echo "Node {{ template "elasticsearch.client.fullname" . }} is shutting down" + postStart: |- + #!/bin/bash + echo "Node {{ template "elasticsearch.client.fullname" . }} is ready to be used" + +data: + hooks: + drain: + enabled: false + preStop: |- + #!/bin/bash + echo "Node {{ template "elasticsearch.data.fullname" . }} is shutting down" + postStart: |- + #!/bin/bash + echo "Node {{ template "elasticsearch.data.fullname" . }} is ready to be used" + +master: + hooks: + preStop: |- + #!/bin/bash + echo "Node {{ template "elasticsearch.master.fullname" . }} is shutting down" + postStart: |- + #!/bin/bash + echo "Node {{ template "elasticsearch.master.fullname" . }} is ready to be used" diff --git a/stable/elasticsearch/ci/nonroot-deployment-values.yaml b/stable/elasticsearch/ci/nonroot-deployment-values.yaml new file mode 100644 index 000000000000..e3e3239ddbc8 --- /dev/null +++ b/stable/elasticsearch/ci/nonroot-deployment-values.yaml @@ -0,0 +1,12 @@ +--- +# Deploy Chart as non-root and unprivileged + +chownInitContainer: + enabled: false + +securityContext: + enabled: true + runAsUser: 1000 + +sysctlInitContainer: + enabled: false diff --git a/stable/elasticsearch/ci/updatestrategy-values.yaml b/stable/elasticsearch/ci/updatestrategy-values.yaml new file mode 100644 index 000000000000..8288156ba3b6 --- /dev/null +++ b/stable/elasticsearch/ci/updatestrategy-values.yaml @@ -0,0 +1,7 @@ +data: + updateStrategy: + type: RollingUpdate + +master: + updateStrategy: + type: RollingUpdate diff --git a/stable/elasticsearch/templates/NOTES.txt b/stable/elasticsearch/templates/NOTES.txt index c38cbd6ba75a..9e43cb45c303 100644 --- a/stable/elasticsearch/templates/NOTES.txt +++ b/stable/elasticsearch/templates/NOTES.txt @@ -1,3 +1,7 @@ +This Helm chart is deprecated. Please use https://github.com/elastic/helm-charts/tree/master/elasticsearch instead. + +--- + The elasticsearch cluster has been installed. Elasticsearch can be accessed: diff --git a/stable/elasticsearch/templates/_helpers.tpl b/stable/elasticsearch/templates/_helpers.tpl index c13762271812..4b1d19144c5a 100644 --- a/stable/elasticsearch/templates/_helpers.tpl +++ b/stable/elasticsearch/templates/_helpers.tpl @@ -97,7 +97,13 @@ plugin installer template - "-c" - | {{- range .Values.cluster.plugins }} - /usr/share/elasticsearch/bin/elasticsearch-plugin install -b {{ . }} + PLUGIN_NAME="{{ . }}" + echo "Installing $PLUGIN_NAME..." + if /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep "$PLUGIN_NAME" > /dev/null; then + echo "Plugin $PLUGIN_NAME already exists, skipping." + else + /usr/share/elasticsearch/bin/elasticsearch-plugin install -b $PLUGIN_NAME + fi {{- end }} volumeMounts: - mountPath: /usr/share/elasticsearch/plugins/ diff --git a/stable/elasticsearch/templates/client-deployment.yaml b/stable/elasticsearch/templates/client-deployment.yaml index 047e3c8f3e9a..31c7d87685f7 100644 --- a/stable/elasticsearch/templates/client-deployment.yaml +++ b/stable/elasticsearch/templates/client-deployment.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: labels: @@ -9,6 +9,11 @@ metadata: release: {{ .Release.Name }} name: {{ template "elasticsearch.client.fullname" . }} spec: + selector: + matchLabels: + app: {{ template "elasticsearch.name" . }} + component: "{{ .Values.client.name }}" + release: {{ .Release.Name }} replicas: {{ .Values.client.replicas }} template: metadata: @@ -16,8 +21,9 @@ spec: app: {{ template "elasticsearch.name" . }} component: "{{ .Values.client.name }}" release: {{ .Release.Name }} - {{- if .Values.client.podAnnotations }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.client.podAnnotations }} {{ toYaml .Values.client.podAnnotations | indent 8 }} {{- end }} spec: @@ -63,6 +69,9 @@ spec: tolerations: {{ toYaml .Values.client.tolerations | indent 8 }} {{- end }} +{{- if .Values.client.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.client.terminationGracePeriodSeconds }} +{{- end }} {{- if or .Values.extraInitContainers .Values.sysctlInitContainer.enabled .Values.cluster.plugins }} initContainers: {{- if .Values.sysctlInitContainer.enabled }} @@ -121,6 +130,10 @@ spec: initialDelaySeconds: 90 image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} ports: - containerPort: 9200 name: http @@ -150,6 +163,29 @@ spec: subPath: elasticsearch.keystore readOnly: true {{- end }} +{{- if .Values.client.hooks.preStop }} + - name: config + mountPath: /client-pre-stop-hook.sh + subPath: client-pre-stop-hook.sh +{{- end }} +{{- if .Values.client.hooks.postStart }} + - name: config + mountPath: /client-post-start-hook.sh + subPath: client-post-start-hook.sh +{{- end }} +{{- if or .Values.client.hooks.preStop .Values.client.hooks.postStart }} + lifecycle: + {{- if .Values.client.hooks.preStop }} + preStop: + exec: + command: ["/bin/bash","/client-pre-stop-hook.sh"] + {{- end }} + {{- if .Values.client.hooks.postStart }} + postStart: + exec: + command: ["/bin/bash","/client-post-start-hook.sh"] + {{- end }} +{{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range $pullSecret := .Values.image.pullSecrets }} diff --git a/stable/elasticsearch/templates/client-ingress.yaml b/stable/elasticsearch/templates/client-ingress.yaml index 9070cddf81b2..66d41feafc4d 100644 --- a/stable/elasticsearch/templates/client-ingress.yaml +++ b/stable/elasticsearch/templates/client-ingress.yaml @@ -11,8 +11,8 @@ metadata: component: "{{ .Values.client.name }}" heritage: {{ .Release.Service }} release: {{ .Release.Name }} -{{- with .Values.client.ingress.annotations }} annotations: +{{- with .Values.client.ingress.annotations }} {{ toYaml . | indent 4 }} {{- end }} {{- if and ( .Values.client.ingress.user ) ( .Values.client.ingress.password ) }} diff --git a/stable/elasticsearch/templates/client-svc.yaml b/stable/elasticsearch/templates/client-svc.yaml index cbecce5aed1a..5fbbc18c264f 100644 --- a/stable/elasticsearch/templates/client-svc.yaml +++ b/stable/elasticsearch/templates/client-svc.yaml @@ -17,7 +17,15 @@ spec: ports: - name: http port: 9200 +{{- if and .Values.client.httpNodePort (eq .Values.client.serviceType "NodePort") }} + nodePort: {{ .Values.client.httpNodePort }} +{{- end }} targetPort: http +{{- if .Values.client.exposeTransportPort }} + - name: transport + port: 9300 + targetPort: transport +{{- end }} selector: app: {{ template "elasticsearch.name" . }} component: "{{ .Values.client.name }}" diff --git a/stable/elasticsearch/templates/configmap.yaml b/stable/elasticsearch/templates/configmap.yaml index 977ee9a5d3b8..493346ed2b6f 100644 --- a/stable/elasticsearch/templates/configmap.yaml +++ b/stable/elasticsearch/templates/configmap.yaml @@ -21,7 +21,11 @@ data: {{- end }} node.name: ${HOSTNAME} +{{- if .Values.forceIpv6 }} + network.host: "::" +{{- else }} network.host: 0.0.0.0 +{{- end }} {{- if hasPrefix "2." .Values.appVersion }} # see https://github.com/kubernetes/kubernetes/issues/3595 @@ -92,45 +96,13 @@ data: {{- end }} {{- if hasPrefix "2." .Values.appVersion }} logging.yml: |- - # you can override this using by setting a system property, for example -Des.logger.level=DEBUG - es.logger.level: INFO - rootLogger: ${es.logger.level}, console - logger: - # log action execution errors for easier debugging - action: DEBUG - # reduce the logging for aws, too much is logged under the default INFO - com.amazonaws: WARN - appender: - console: - type: console - layout: - type: consolePattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" -{{- else if hasPrefix "5." .Values.appVersion }} - log4j2.properties: |- - status = error - appender.console.type = Console - appender.console.name = console - appender.console.layout.type = PatternLayout - appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n - rootLogger.level = info - rootLogger.appenderRef.console.ref = console - logger.searchguard.name = com.floragunn - logger.searchguard.level = info -{{- else if hasPrefix "6." .Values.appVersion }} +{{ toYaml .Values.cluster.loggingYml | indent 4 }} +{{- else }} log4j2.properties: |- - status = error - appender.console.type = Console - appender.console.name = console - appender.console.layout.type = PatternLayout - appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n - rootLogger.level = info - rootLogger.appenderRef.console.ref = console - logger.searchguard.name = com.floragunn - logger.searchguard.level = info +{{ tpl .Values.cluster.log4j2Properties . | indent 4 }} {{- end }} {{- if .Values.data.hooks.drain.enabled }} - pre-stop-hook.sh: |- + data-pre-stop-hook.sh: |- #!/bin/bash exec &> >(tee -a "/var/log/elasticsearch-hooks.log") NODE_NAME=${HOSTNAME} @@ -152,7 +124,7 @@ data: sleep 1 done echo "Node ${NODE_NAME} is ready to shutdown" - post-start-hook.sh: |- + data-post-start-hook.sh: |- #!/bin/bash exec &> >(tee -a "/var/log/elasticsearch-hooks.log") NODE_NAME=${HOSTNAME} @@ -166,4 +138,31 @@ data: }" fi echo "Node ${NODE_NAME} is ready to be used" +{{- else }} + {{- if .Values.data.hooks.preStop }} + data-pre-stop-hook.sh: |- +{{ tpl .Values.data.hooks.preStop . | indent 4 }} + {{- end }} + {{- if .Values.data.hooks.postStart }} + data-post-start-hook.sh: |- +{{ tpl .Values.data.hooks.postStart . | indent 4 }} + {{- end }} +{{- end }} + +{{- if .Values.client.hooks.preStop }} + client-pre-stop-hook.sh: |- +{{ tpl .Values.client.hooks.preStop . | indent 4 }} +{{- end }} +{{- if .Values.client.hooks.postStart }} + client-post-start-hook.sh: |- +{{ tpl .Values.client.hooks.postStart . | indent 4 }} +{{- end }} + +{{- if .Values.master.hooks.preStop }} + master-pre-stop-hook.sh: |- +{{ tpl .Values.master.hooks.preStop . | indent 4 }} +{{- end }} +{{- if .Values.master.hooks.postStart }} + master-post-start-hook.sh: |- +{{ tpl .Values.master.hooks.postStart . | indent 4 }} {{- end }} diff --git a/stable/elasticsearch/templates/data-statefulset.yaml b/stable/elasticsearch/templates/data-statefulset.yaml index 2829c9580eab..d2990e18ac7e 100644 --- a/stable/elasticsearch/templates/data-statefulset.yaml +++ b/stable/elasticsearch/templates/data-statefulset.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet metadata: labels: @@ -9,6 +9,12 @@ metadata: release: {{ .Release.Name }} name: {{ template "elasticsearch.data.fullname" . }} spec: + selector: + matchLabels: + app: {{ template "elasticsearch.name" . }} + component: "{{ .Values.data.name }}" + release: {{ .Release.Name }} + role: data serviceName: {{ template "elasticsearch.data.fullname" . }} replicas: {{ .Values.data.replicas }} template: @@ -18,11 +24,19 @@ spec: component: "{{ .Values.data.name }}" release: {{ .Release.Name }} role: data - {{- if .Values.data.podAnnotations }} +{{- if or .Values.data.podAnnotations (eq .Values.data.updateStrategy.type "RollingUpdate") }} annotations: + {{- if .Values.data.podAnnotations }} {{ toYaml .Values.data.podAnnotations | indent 8 }} - {{- end }} + {{- end }} + {{- if eq .Values.data.updateStrategy.type "RollingUpdate" }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} +{{- end }} spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} serviceAccountName: {{ template "elasticsearch.serviceAccountName.data" . }} {{- if .Values.data.priorityClassName }} priorityClassName: "{{ .Values.data.priorityClassName }}" @@ -65,7 +79,9 @@ spec: tolerations: {{ toYaml .Values.data.tolerations | indent 8 }} {{- end }} +{{- if or .Values.extraInitContainers .Values.sysctlInitContainer.enabled .Values.chownInitContainer.enabled .Values.cluster.plugins }} initContainers: +{{- end }} {{- if .Values.sysctlInitContainer.enabled }} # see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html # and https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall @@ -78,6 +94,7 @@ spec: securityContext: privileged: true {{- end }} +{{- if .Values.chownInitContainer.enabled }} - name: "chown" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} @@ -102,6 +119,7 @@ spec: volumeMounts: - mountPath: /usr/share/elasticsearch/data name: data +{{- end }} {{- if .Values.extraInitContainers }} {{ tpl .Values.extraInitContainers . | indent 6 }} {{- end }} @@ -127,6 +145,10 @@ spec: {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} ports: - containerPort: 9300 name: transport @@ -164,20 +186,28 @@ spec: subPath: elasticsearch.keystore readOnly: true {{- end }} -{{- if .Values.data.hooks.drain.enabled }} +{{- if or .Values.data.hooks.preStop .Values.data.hooks.drain.enabled }} - name: config - mountPath: /pre-stop-hook.sh - subPath: pre-stop-hook.sh + mountPath: /data-pre-stop-hook.sh + subPath: data-pre-stop-hook.sh +{{- end }} +{{- if or .Values.data.hooks.postStart .Values.data.hooks.drain.enabled }} - name: config - mountPath: /post-start-hook.sh - subPath: post-start-hook.sh + mountPath: /data-post-start-hook.sh + subPath: data-post-start-hook.sh +{{- end }} +{{- if or .Values.data.hooks.preStop .Values.data.hooks.postStart .Values.data.hooks.drain.enabled }} lifecycle: + {{- if or .Values.data.hooks.preStop .Values.data.hooks.drain.enabled }} preStop: exec: - command: ["/bin/bash","/pre-stop-hook.sh"] + command: ["/bin/bash","/data-pre-stop-hook.sh"] + {{- end }} + {{- if or .Values.data.hooks.postStart .Values.data.hooks.drain.enabled }} postStart: exec: - command: ["/bin/bash","/post-start-hook.sh"] + command: ["/bin/bash","/data-post-start-hook.sh"] + {{- end }} {{- end }} terminationGracePeriodSeconds: {{ .Values.data.terminationGracePeriodSeconds }} {{- if .Values.image.pullSecrets }} @@ -203,6 +233,7 @@ spec: - name: data emptyDir: {} {{- end }} + podManagementPolicy: {{ .Values.data.podManagementPolicy }} updateStrategy: type: {{ .Values.data.updateStrategy.type }} {{- if .Values.data.persistence.enabled }} diff --git a/stable/elasticsearch/templates/master-statefulset.yaml b/stable/elasticsearch/templates/master-statefulset.yaml index 348c6c603e52..b7fc7b6c9c01 100644 --- a/stable/elasticsearch/templates/master-statefulset.yaml +++ b/stable/elasticsearch/templates/master-statefulset.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet metadata: labels: @@ -9,6 +9,12 @@ metadata: release: {{ .Release.Name }} name: {{ template "elasticsearch.master.fullname" . }} spec: + selector: + matchLabels: + app: {{ template "elasticsearch.name" . }} + component: "{{ .Values.master.name }}" + release: {{ .Release.Name }} + role: master serviceName: {{ template "elasticsearch.master.fullname" . }} replicas: {{ .Values.master.replicas }} template: @@ -18,11 +24,19 @@ spec: component: "{{ .Values.master.name }}" release: {{ .Release.Name }} role: master - {{- if .Values.master.podAnnotations }} +{{- if or .Values.master.podAnnotations (eq .Values.master.updateStrategy.type "RollingUpdate") }} annotations: + {{- if .Values.master.podAnnotations }} {{ toYaml .Values.master.podAnnotations | indent 8 }} - {{- end }} + {{- end }} + {{- if eq .Values.master.updateStrategy.type "RollingUpdate" }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} +{{- end }} spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} serviceAccountName: {{ template "elasticsearch.serviceAccountName.master" . }} {{- if .Values.master.priorityClassName }} priorityClassName: "{{ .Values.master.priorityClassName }}" @@ -65,7 +79,12 @@ spec: tolerations: {{ toYaml .Values.master.tolerations | indent 8 }} {{- end }} +{{- if .Values.master.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.master.terminationGracePeriodSeconds }} +{{- end }} +{{- if or .Values.extraInitContainers .Values.sysctlInitContainer.enabled .Values.chownInitContainer.enabled .Values.cluster.plugins }} initContainers: +{{- end }} {{- if .Values.sysctlInitContainer.enabled }} # see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html # and https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall @@ -78,6 +97,7 @@ spec: securityContext: privileged: true {{- end }} +{{- if .Values.chownInitContainer.enabled }} - name: "chown" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} @@ -102,6 +122,7 @@ spec: volumeMounts: - mountPath: /usr/share/elasticsearch/data name: data +{{- end }} {{- if .Values.extraInitContainers }} {{ tpl .Values.extraInitContainers . | indent 6 }} {{- end }} @@ -135,6 +156,10 @@ spec: {{ toYaml .Values.master.readinessProbe | indent 10 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} ports: - containerPort: 9300 name: transport @@ -168,6 +193,29 @@ spec: subPath: elasticsearch.keystore readOnly: true {{- end }} +{{- if .Values.master.hooks.preStop }} + - name: config + mountPath: /master-pre-stop-hook.sh + subPath: master-pre-stop-hook.sh +{{- end }} +{{- if .Values.master.hooks.postStart }} + - name: config + mountPath: /master-post-start-hook.sh + subPath: master-post-start-hook.sh +{{- end }} +{{- if or .Values.master.hooks.preStop .Values.master.hooks.postStart }} + lifecycle: + {{- if .Values.master.hooks.preStop }} + preStop: + exec: + command: ["/bin/bash","/master-pre-stop-hook.sh"] + {{- end }} + {{- if .Values.master.hooks.postStart }} + postStart: + exec: + command: ["/bin/bash","/master-post-start-hook.sh"] + {{- end }} +{{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range $pullSecret := .Values.image.pullSecrets }} @@ -191,6 +239,7 @@ spec: - name: data emptyDir: {} {{- end }} + podManagementPolicy: {{ .Values.master.podManagementPolicy }} updateStrategy: type: {{ .Values.master.updateStrategy.type }} {{- if .Values.master.persistence.enabled }} diff --git a/stable/elasticsearch/templates/podsecuritypolicy.yaml b/stable/elasticsearch/templates/podsecuritypolicy.yaml index ee38e35bdd78..fd5f663d89a5 100644 --- a/stable/elasticsearch/templates/podsecuritypolicy.yaml +++ b/stable/elasticsearch/templates/podsecuritypolicy.yaml @@ -1,5 +1,5 @@ {{- if .Values.podSecurityPolicy.enabled }} -apiVersion: extensions/v1beta1 +apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: {{ template "elasticsearch.fullname" . }} diff --git a/stable/elasticsearch/templates/tests/test-configmap.yaml b/stable/elasticsearch/templates/tests/test-configmap.yaml new file mode 100644 index 000000000000..f9a30c196796 --- /dev/null +++ b/stable/elasticsearch/templates/tests/test-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "elasticsearch.fullname" . }}-test + labels: + app: {{ template "elasticsearch.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" +data: + run.sh: |- + @test "Test Access and Health" { + curl -D - http://{{ template "elasticsearch.client.fullname" . }}:9200 + curl -D - http://{{ template "elasticsearch.client.fullname" . }}:9200/_cluster/health?wait_for_status=green + } diff --git a/stable/elasticsearch/templates/tests/test.yaml b/stable/elasticsearch/templates/tests/test.yaml new file mode 100644 index 000000000000..56f11ac3940a --- /dev/null +++ b/stable/elasticsearch/templates/tests/test.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "elasticsearch.fullname" . }}-test + labels: + app: {{ template "elasticsearch.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + annotations: + "helm.sh/hook": test-success +spec: +{{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range $pullSecret := .Values.image.pullSecrets }} + - name: {{ $pullSecret }} + {{- end }} +{{- end }} + initContainers: + - name: test-framework + image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" + command: + - "bash" + - "-c" + - | + set -ex + # copy bats to tools dir + cp -R /usr/local/libexec/ /tools/bats/ + volumeMounts: + - mountPath: /tools + name: tools + containers: + - name: {{ .Release.Name }}-test + image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" + command: ["/tools/bats/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + - mountPath: /tools + name: tools + volumes: + - name: tests + configMap: + name: {{ template "elasticsearch.fullname" . }}-test + - name: tools + emptyDir: {} + restartPolicy: Never diff --git a/stable/elasticsearch/values.yaml b/stable/elasticsearch/values.yaml index 711d214e1483..f8879f8c370f 100644 --- a/stable/elasticsearch/values.yaml +++ b/stable/elasticsearch/values.yaml @@ -1,7 +1,7 @@ # Default values for elasticsearch. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -appVersion: "6.7.0" +appVersion: "6.8.22" ## Define serviceAccount names for components. Defaults to component's fully qualified name. ## @@ -31,14 +31,27 @@ podSecurityPolicy: # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' +securityContext: + enabled: false + runAsUser: 1000 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: "default-scheduler" + image: repository: "docker.elastic.co/elasticsearch/elasticsearch-oss" - tag: "6.7.0" + tag: "6.8.22" pullPolicy: "IfNotPresent" # If specified, use these secrets to access the image # pullSecrets: # - registry-secret +testFramework: + image: "dduportal/bats" + tag: "0.4.0" + initImage: repository: "busybox" tag: "latest" @@ -67,10 +80,39 @@ cluster: # - ingest-attachment # - mapper-size + loggingYml: + # you can override this using by setting a system property, for example -Des.logger.level=DEBUG + es.logger.level: INFO + rootLogger: ${es.logger.level}, console + logger: + # log action execution errors for easier debugging + action: DEBUG + # reduce the logging for aws, too much is logged under the default INFO + com.amazonaws: WARN + appender: + console: + type: console + layout: + type: consolePattern + conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" + + log4j2Properties: | + status = error + appender.console.type = Console + appender.console.name = console + appender.console.layout.type = PatternLayout + appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + rootLogger.level = info + rootLogger.appenderRef.console.ref = console + logger.searchguard.name = com.floragunn + logger.searchguard.level = info + client: name: client replicas: 2 serviceType: ClusterIP + ## If coupled with serviceType = "NodePort", this will set a specific nodePort to the client HTTP port + # httpNodePort: 30920 loadBalancerIP: {} loadBalancerSourceRanges: {} ## (dict) If specified, apply these annotations to the client service @@ -82,6 +124,7 @@ client: nodeAffinity: {} nodeSelector: {} tolerations: [] + # terminationGracePeriodSeconds: 60 initResources: {} # limits: # cpu: "25m" @@ -104,6 +147,12 @@ client: enabled: false minAvailable: 1 # maxUnavailable: 1 + hooks: {} + ## (string) Script to execute prior the client pod stops. + # preStop: |- + + ## (string) Script to execute after the client pod starts. + # postStart: |- ingress: enabled: false # user: NAME @@ -140,6 +189,7 @@ master: nodeAffinity: {} nodeSelector: {} tolerations: [] + # terminationGracePeriodSeconds: 60 initResources: {} # limits: # cpu: "25m" @@ -158,12 +208,19 @@ master: ## (dict) If specified, apply these annotations to each master Pod # podAnnotations: # example: master-foo + podManagementPolicy: OrderedReady podDisruptionBudget: enabled: false minAvailable: 2 # Same as `cluster.env.MINIMUM_MASTER_NODES` # maxUnavailable: 1 updateStrategy: type: OnDelete + hooks: {} + ## (string) Script to execute prior the master pod stops. + # preStop: |- + + ## (string) Script to execute after the master pod starts. + # postStart: |- data: name: data @@ -209,16 +266,52 @@ data: enabled: false # minAvailable: 1 maxUnavailable: 1 + podManagementPolicy: OrderedReady updateStrategy: type: OnDelete - hooks: # post-start and pre-stop hooks - drain: # drain the node before stopping it and re-integrate it into the cluster after start + hooks: + ## Drain the node before stopping it and re-integrate it into the cluster after start. + ## When enabled, it supersedes `data.hooks.preStop` and `data.hooks.postStart` defined below. + drain: enabled: true + ## (string) Script to execute prior the data pod stops. Ignored if `data.hooks.drain.enabled` is true (default) + # preStop: |- + # #!/bin/bash + # exec &> >(tee -a "/var/log/elasticsearch-hooks.log") + # NODE_NAME=${HOSTNAME} + # curl -s -XPUT -H 'Content-Type: application/json' '{{ template "elasticsearch.client.fullname" . }}:9200/_cluster/settings' -d "{ + # \"transient\" :{ + # \"cluster.routing.allocation.exclude._name\" : \"${NODE_NAME}\" + # } + # }" + # echo "Node ${NODE_NAME} is exluded from the allocation" + + ## (string) Script to execute after the data pod starts. Ignored if `data.hooks.drain.enabled` is true (default) + # postStart: |- + # #!/bin/bash + # exec &> >(tee -a "/var/log/elasticsearch-hooks.log") + # NODE_NAME=${HOSTNAME} + # CLUSTER_SETTINGS=$(curl -s -XGET "http://{{ template "elasticsearch.client.fullname" . }}:9200/_cluster/settings") + # if echo "${CLUSTER_SETTINGS}" | grep -E "${NODE_NAME}"; then + # echo "Activate node ${NODE_NAME}" + # curl -s -XPUT -H 'Content-Type: application/json' "http://{{ template "elasticsearch.client.fullname" . }}:9200/_cluster/settings" -d "{ + # \"transient\" :{ + # \"cluster.routing.allocation.exclude._name\" : null + # } + # }" + # fi + # echo "Node ${NODE_NAME} is ready to be used" + ## Sysctl init container to setup vm.max_map_count # see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html # and https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall sysctlInitContainer: enabled: true +## Chown init container to change ownership of data and logs directories to elasticsearch user +chownInitContainer: + enabled: true ## Additional init containers extraInitContainers: | + +forceIpv6: false