1 From 21cd4d9720064f89843551e7da4c1e0528b6cbf5 Mon Sep 17 00:00:00 2001
2 From: Kevin Smith <kevin.smith@windriver.com>
3 Date: Thu, 10 Oct 2019 15:43:20 -0400
4 Subject: [PATCH 1/1] add curator as of 2019-10-10
7 stable/elasticsearch-curator/Chart.yaml | 6 +--
8 stable/elasticsearch-curator/OWNERS | 6 +--
9 stable/elasticsearch-curator/README.md | 34 ++++++++++---
10 .../ci/initcontainer-values.yaml | 9 ++++
11 .../elasticsearch-curator/templates/_helpers.tpl | 22 +++++++++
12 .../elasticsearch-curator/templates/cronjob.yaml | 10 ++++
13 stable/elasticsearch-curator/templates/psp.yml | 35 +++++++++++++
14 stable/elasticsearch-curator/templates/role.yaml | 23 +++++++++
15 .../templates/rolebinding.yaml | 21 ++++++++
16 .../templates/serviceaccount.yaml | 12 +++++
17 stable/elasticsearch-curator/values.yaml | 57 ++++++++++++++++++++--
18 11 files changed, 218 insertions(+), 17 deletions(-)
19 create mode 100644 stable/elasticsearch-curator/ci/initcontainer-values.yaml
20 create mode 100644 stable/elasticsearch-curator/templates/psp.yml
21 create mode 100644 stable/elasticsearch-curator/templates/role.yaml
22 create mode 100644 stable/elasticsearch-curator/templates/rolebinding.yaml
23 create mode 100644 stable/elasticsearch-curator/templates/serviceaccount.yaml
25 diff --git a/stable/elasticsearch-curator/Chart.yaml b/stable/elasticsearch-curator/Chart.yaml
26 index 24a37ce..7a8e0a7 100644
27 --- a/stable/elasticsearch-curator/Chart.yaml
28 +++ b/stable/elasticsearch-curator/Chart.yaml
29 @@ -2,7 +2,7 @@ apiVersion: v1
31 description: A Helm chart for Elasticsearch Curator
32 name: elasticsearch-curator
35 home: https://github.com/elastic/curator
38 @@ -12,7 +12,7 @@ sources:
39 - https://github.com/kubernetes/charts/elasticsearch-curator
40 - https://github.com/pires/docker-elasticsearch-curator
43 - email: mestdagh.tom@gmail.com
44 + - name: desaintmartin
45 + email: cedric.dsm@gmail.com
47 email: gianrubio@gmail.com
48 diff --git a/stable/elasticsearch-curator/OWNERS b/stable/elasticsearch-curator/OWNERS
49 index d8c0ba0..89df1c0 100644
50 --- a/stable/elasticsearch-curator/OWNERS
51 +++ b/stable/elasticsearch-curator/OWNERS
60 \ No newline at end of file
63 diff --git a/stable/elasticsearch-curator/README.md b/stable/elasticsearch-curator/README.md
64 index 0a9f311..2057b85 100644
65 --- a/stable/elasticsearch-curator/README.md
66 +++ b/stable/elasticsearch-curator/README.md
67 @@ -23,6 +23,17 @@ To install the chart, use the following:
68 $ helm install stable/elasticsearch-curator
71 +## Upgrading an existing Release to a new major version
73 +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
74 +incompatible breaking change needing manual actions.
78 +v2.0.0 uses docker image from `elasticsearch-curator` author, which differs in its way to install curator.
80 +If you have a hardcoded `command` value, please update it to follow the new `curator` executable path: `/curator/curator` (which is not in PATH).
84 The following table lists the configurable parameters of the docker-registry chart and
85 @@ -31,8 +42,8 @@ their default values.
86 | Parameter | Description | Default |
87 | :----------------------------------- | :---------------------------------------------------------- | :------------------------------------------- |
88 | `image.pullPolicy` | Container pull policy | `IfNotPresent` |
89 -| `image.repository` | Container image to use | `quay.io/pires/docker-elasticsearch-curator` |
90 -| `image.tag` | Container image tag to deploy | `5.5.4` |
91 +| `image.repository` | Container image to use | `untergeek/curator` |
92 +| `image.tag` | Container image tag to deploy | `5.7.6` |
93 | `hooks` | Whether to run job on selected hooks | `{ "install": false, "upgrade": false }` |
94 | `cronjob.schedule` | Schedule for the CronJob | `0 1 * * *` |
95 | `cronjob.annotations` | Annotations to add to the cronjob | {} |
96 @@ -43,15 +54,22 @@ their default values.
97 | `dryrun` | Run Curator in dry-run mode | `false` |
98 | `env` | Environment variables to add to the cronjob container | {} |
99 | `envFromSecrets` | Environment variables from secrets to the cronjob container | {} |
100 -| `envFromSecrets.*.from.secret` | - `secretKeyRef.name` used for environment variable | |
101 -| `envFromSecrets.*.from.key` | - `secretKeyRef.key` used for environment variable | |
102 -| `command` | Command to execute | ["curator"] |
103 -| `configMaps.action_file_yml` | Contents of the Curator action_file.yml | See values.yaml |
104 -| `configMaps.config_yml` | Contents of the Curator config.yml (overrides config) | See values.yaml |
105 +| `envFromSecrets.*.from.secret` | - `secretKeyRef.name` used for environment variable | |
106 +| `envFromSecrets.*.from.key` | - `secretKeyRef.key` used for environment variable | |
107 +| `command` | Command to execute | ["/curator/curator"] |
108 +| `configMaps.action_file_yml` | Contents of the Curator action_file.yml | See values.yaml |
109 +| `configMaps.config_yml` | Contents of the Curator config.yml (overrides config) | See values.yaml |
110 | `resources` | Resource requests and limits | {} |
111 | `priorityClassName` | priorityClassName | `nil` |
112 | `extraVolumeMounts` | Mount extra volume(s), | |
113 | `extraVolumes` | Extra volumes | |
114 -| `securityContext` | Configure PodSecurityContext |
115 +| `extraInitContainers` | Init containers to add to the cronjob container | {} |
116 +| `securityContext` | Configure PodSecurityContext | `false` |
117 +| `rbac.enabled` | Enable RBAC resources | `false` |
118 +| `psp.create` | Create pod security policy resources | `false` |
119 +| `serviceAccount.create` | Create a default serviceaccount for elasticsearch curator | `true` |
120 +| `serviceAccount.name` | Name for elasticsearch curator serviceaccount | `""` |
123 Specify each parameter using the `--set key=value[,key=value]` argument to
125 diff --git a/stable/elasticsearch-curator/ci/initcontainer-values.yaml b/stable/elasticsearch-curator/ci/initcontainer-values.yaml
127 index 0000000..578becf
129 +++ b/stable/elasticsearch-curator/ci/initcontainer-values.yaml
131 +extraInitContainers:
133 + image: alpine:latest
140 diff --git a/stable/elasticsearch-curator/templates/_helpers.tpl b/stable/elasticsearch-curator/templates/_helpers.tpl
141 index c786fb5..8018c5d 100644
142 --- a/stable/elasticsearch-curator/templates/_helpers.tpl
143 +++ b/stable/elasticsearch-curator/templates/_helpers.tpl
144 @@ -12,6 +12,17 @@ Return the appropriate apiVersion for cronjob APIs.
148 +Return the appropriate apiVersion for podsecuritypolicy.
150 +{{- define "podsecuritypolicy.apiVersion" -}}
151 +{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}}
152 +{{- print "extensions/v1beta1" -}}
154 +{{- print "policy/v1beta1" -}}
159 Expand the name of the chart.
161 {{- define "elasticsearch-curator.name" -}}
162 @@ -42,3 +53,14 @@ Create chart name and version as used by the chart label.
163 {{- define "elasticsearch-curator.chart" -}}
164 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
168 +Create the name of the service account to use
170 +{{- define "elasticsearch-curator.serviceAccountName" -}}
171 +{{- if .Values.serviceAccount.create -}}
172 + {{ default (include "elasticsearch-curator.fullname" .) .Values.serviceAccount.name }}
174 + {{ default "default" .Values.serviceAccount.name }}
177 diff --git a/stable/elasticsearch-curator/templates/cronjob.yaml b/stable/elasticsearch-curator/templates/cronjob.yaml
178 index d0388f4..37274f6 100644
179 --- a/stable/elasticsearch-curator/templates/cronjob.yaml
180 +++ b/stable/elasticsearch-curator/templates/cronjob.yaml
181 @@ -53,6 +53,16 @@ spec:
183 - name: {{ .Values.image.pullSecret }}
185 +{{- if .Values.extraInitContainers }}
187 +{{- range $key, $value := .Values.extraInitContainers }}
188 + - name: "{{ $key }}"
189 +{{ toYaml $value | indent 12 }}
192 + {{- if .Values.rbac.enabled }}
193 + serviceAccountName: {{ template "elasticsearch-curator.serviceAccountName" .}}
196 - name: {{ .Chart.Name }}
197 image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
198 diff --git a/stable/elasticsearch-curator/templates/psp.yml b/stable/elasticsearch-curator/templates/psp.yml
200 index 0000000..5f62985
202 +++ b/stable/elasticsearch-curator/templates/psp.yml
204 +{{- if .Values.psp.create }}
205 +apiVersion: {{ template "podsecuritypolicy.apiVersion" . }}
206 +kind: PodSecurityPolicy
209 + app: {{ template "elasticsearch-curator.name" . }}
210 + chart: {{ template "elasticsearch-curator.chart" . }}
211 + release: {{ .Release.Name }}
212 + heritage: {{ .Release.Service }}
213 + name: {{ template "elasticsearch-curator.fullname" . }}-psp
216 + #requiredDropCapabilities:
227 + supplementalGroups:
237 + readOnlyRootFilesystem: false
239 diff --git a/stable/elasticsearch-curator/templates/role.yaml b/stable/elasticsearch-curator/templates/role.yaml
241 index 0000000..8867f67
243 +++ b/stable/elasticsearch-curator/templates/role.yaml
245 +{{- if .Values.rbac.enabled }}
247 +apiVersion: rbac.authorization.k8s.io/v1
250 + app: {{ template "elasticsearch-curator.name" . }}
251 + chart: {{ template "elasticsearch-curator.chart" . }}
252 + heritage: {{ .Release.Service }}
253 + release: {{ .Release.Name }}
254 + component: elasticsearch-curator-configmap
255 + name: {{ template "elasticsearch-curator.name" . }}-role
258 + resources: ["configmaps"]
259 + verbs: ["update", "patch"]
260 +{{- if .Values.psp.create }}
261 +- apiGroups: ["extensions"]
262 + resources: ["podsecuritypolicies"]
265 + - {{ template "elasticsearch-curator.fullname" . }}-psp
268 diff --git a/stable/elasticsearch-curator/templates/rolebinding.yaml b/stable/elasticsearch-curator/templates/rolebinding.yaml
270 index 0000000..d25d2e1
272 +++ b/stable/elasticsearch-curator/templates/rolebinding.yaml
274 +{{- if .Values.rbac.enabled -}}
276 +apiVersion: rbac.authorization.k8s.io/v1
279 + app: {{ template "elasticsearch-curator.name" . }}
280 + chart: {{ template "elasticsearch-curator.chart" . }}
281 + heritage: {{ .Release.Service }}
282 + release: {{ .Release.Name }}
283 + component: elasticsearch-curator-configmap
284 + name: {{ template "elasticsearch-curator.name" . }}-rolebinding
287 + name: {{ template "elasticsearch-curator.name" . }}-role
288 + apiGroup: rbac.authorization.k8s.io
290 + - kind: ServiceAccount
291 + name: {{ template "elasticsearch-curator.serviceAccountName" . }}
292 + namespace: {{ .Release.Namespace }}
295 diff --git a/stable/elasticsearch-curator/templates/serviceaccount.yaml b/stable/elasticsearch-curator/templates/serviceaccount.yaml
297 index 0000000..ad9c5c9
299 +++ b/stable/elasticsearch-curator/templates/serviceaccount.yaml
301 +{{- if and .Values.serviceAccount.create .Values.rbac.enabled }}
303 +kind: ServiceAccount
305 + name: {{ template "elasticsearch-curator.serviceAccountName" .}}
307 + app: {{ template "elasticsearch-curator.fullname" . }}
308 + chart: {{ template "elasticsearch-curator.chart" . }}
309 + release: "{{ .Release.Name }}"
310 + heritage: "{{ .Release.Service }}"
313 diff --git a/stable/elasticsearch-curator/values.yaml b/stable/elasticsearch-curator/values.yaml
314 index 3779be1..460f2a4 100644
315 --- a/stable/elasticsearch-curator/values.yaml
316 +++ b/stable/elasticsearch-curator/values.yaml
317 @@ -13,9 +13,25 @@ cronjob:
322 + # Specifies whether RBAC should be enabled
326 + # Specifies whether a ServiceAccount should be created
328 + # The name of the ServiceAccount to use.
329 + # If not set and create is true, a name is generated using the fullname template
334 + # Specifies whether a podsecuritypolicy should be created
338 - repository: quay.io/pires/docker-elasticsearch-curator
340 + repository: untergeek/curator
342 pullPolicy: IfNotPresent
345 @@ -25,7 +41,7 @@ hooks:
346 # run curator in dry-run mode
349 -command: ["curator"]
350 +command: ["/curator/curator"]
354 @@ -101,5 +117,40 @@ priorityClassName: ""
358 +# Add your own init container or uncomment and modify the given example.
359 +extraInitContainers: {}
360 + ## Don't configure S3 repository till Elasticsearch is reachable.
361 + ## Ensure that it is available at http://elasticsearch:9200
363 + # elasticsearch-s3-repository:
364 + # image: jwilder/dockerize:latest
365 + # imagePullPolicy: "IfNotPresent"
371 + # ES_HOST=elasticsearch
373 + # ES_REPOSITORY=backup
374 + # S3_REGION=us-east-1
376 + # S3_BASE_PATH=backup
378 + # S3_STORAGE_CLASS=standard
379 + # apk add curl --no-cache && \
380 + # dockerize -wait http://${ES_HOST}:${ES_PORT} --timeout 120s && \
381 + # cat <<EOF | curl -sS -XPUT -H "Content-Type: application/json" -d @- http://${ES_HOST}:${ES_PORT}/_snapshot/${ES_REPOSITORY} \
385 + # "bucket": "${S3_BUCKET}",
386 + # "base_path": "${S3_BASE_PATH}",
387 + # "region": "${S3_REGION}",
388 + # "compress": "${S3_COMPRESS}",
389 + # "storage_class": "${S3_STORAGE_CLASS}"
394 runAsUser: 16 # run as cron user instead of root