ric-aux/helm/mc-stack/charts/elasticsearch/templates/statefulset.yaml

   1 ################################################################################
   2 #   Copyright (c) 2019 AT&T Intellectual Property.                             #
   3 #                                                                              #
   4 #   Licensed under the Apache License, Version 2.0 (the "License");            #
   5 #   you may not use this file except in compliance with the License.           #
   6 #   You may obtain a copy of the License at                                    #
   7 #                                                                              #
   8 #       http://www.apache.org/licenses/LICENSE-2.0                             #
   9 #                                                                              #
  10 #   Unless required by applicable law or agreed to in writing, software        #
  11 #   distributed under the License is distributed on an "AS IS" BASIS,          #
  12 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
  13 #   See the License for the specific language governing permissions and        #
  14 #   limitations under the License.                                             #
  15 ################################################################################
  16
  17 ---
  18 apiVersion: apps/v1
  19 kind: StatefulSet
  20 metadata:
  21   name: {{ template "uname" . }}
  22   labels:
  23     heritage: {{ .Release.Service | quote }}
  24     release: {{ .Release.Name | quote }}
  25     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
  26     app: "{{ template "uname" . }}"
  27     {{- range $key, $value := .Values.labels }}
  28     {{ $key }}: {{ $value | quote }}
  29     {{- end }}
  30   annotations:
  31     esMajorVersion: "{{ include "esMajorVersion" . }}"
  32 spec:
  33   serviceName: {{ template "uname" . }}-headless
  34   selector:
  35     matchLabels:
  36       app: "{{ template "uname" . }}"
  37   replicas: {{ default .Values.replicas }}
  38   podManagementPolicy: {{ .Values.podManagementPolicy }}
  39   updateStrategy:
  40     type: {{ .Values.updateStrategy }}
  41   {{- if .Values.persistence.enabled }}
  42   volumeClaimTemplates:
  43   - metadata:
  44       name: {{ template "uname" . }}
  45     {{- with .Values.persistence.annotations  }}
  46       annotations:
  47 {{ toYaml . | indent 8 }}
  48     {{- end }}
  49     spec:
  50 {{ toYaml .Values.volumeClaimTemplate | indent 6 }}
  51   {{- end }}
  52   template:
  53     metadata:
  54       name: "{{ template "uname" . }}"
  55       labels:
  56         heritage: {{ .Release.Service | quote }}
  57         release: {{ .Release.Name | quote }}
  58         chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
  59         app: "{{ template "uname" . }}"
  60       annotations:
  61         {{- range $key, $value := .Values.podAnnotations }}
  62         {{ $key }}: {{ $value | quote }}
  63         {{- end }}
  64         {{/* This forces a restart if the configmap has changed */}}
  65         {{- if .Values.esConfig }}
  66         configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
  67         {{- end }}
  68     spec:
  69       {{- if .Values.schedulerName }}
  70       schedulerName: "{{ .Values.schedulerName }}"
  71       {{- end }}
  72       securityContext:
  73 {{ toYaml .Values.podSecurityContext | indent 8 }}
  74         {{- if .Values.fsGroup }}
  75         fsGroup: {{ .Values.fsGroup }} # Deprecated value, please use .Values.podSecurityContext.fsGroup
  76         {{- end }}
  77       {{- with .Values.tolerations }}
  78       tolerations:
  79 {{ toYaml . | indent 6 }}
  80       {{- end }}
  81       {{- with .Values.nodeSelector }}
  82       nodeSelector:
  83 {{ toYaml . | indent 8 }}
  84       {{- end }}
  85       {{- if or (eq .Values.antiAffinity "hard") (eq .Values.antiAffinity "soft") .Values.nodeAffinity }}
  86       {{- if .Values.priorityClassName }}
  87       priorityClassName: {{ .Values.priorityClassName }}
  88       {{- end }}
  89       affinity:
  90       {{- end }}
  91       {{- if eq .Values.antiAffinity "hard" }}
  92         podAntiAffinity:
  93           requiredDuringSchedulingIgnoredDuringExecution:
  94           - labelSelector:
  95               matchExpressions:
  96               - key: app
  97                 operator: In
  98                 values:
  99                 - "{{ template "uname" .}}"
 100             topologyKey: {{ .Values.antiAffinityTopologyKey }}
 101       {{- else if eq .Values.antiAffinity "soft" }}
 102         podAntiAffinity:
 103           preferredDuringSchedulingIgnoredDuringExecution:
 104           - weight: 1
 105             podAffinityTerm:
 106               topologyKey: {{ .Values.antiAffinityTopologyKey }}
 107               labelSelector:
 108                 matchExpressions:
 109                 - key: app
 110                   operator: In
 111                   values:
 112                   - "{{ template "uname" . }}"
 113       {{- end }}
 114       {{- with .Values.nodeAffinity }}
 115         nodeAffinity:
 116 {{ toYaml . | indent 10 }}
 117       {{- end }}
 118       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }}
 119       volumes:
 120         {{- range .Values.secretMounts }}
 121         - name: {{ .name }}
 122           secret:
 123             secretName: {{ .secretName }}
 124         {{- end }}
 125         {{- if .Values.esConfig }}
 126         - name: esconfig
 127           configMap:
 128             name: {{ template "uname" . }}-config
 129         {{- end }}
 130       {{- if .Values.extraVolumes }}
 131 {{ tpl .Values.extraVolumes . | indent 6 }}
 132       {{- end }}
 133       {{- if .Values.imagePullSecrets }}
 134       imagePullSecrets:
 135 {{ toYaml .Values.imagePullSecrets | indent 8 }}
 136       {{- end }}
 137       initContainers:
 138       {{- if .Values.sysctlInitContainer.enabled }}
 139       - name: configure-sysctl
 140         securityContext:
 141           runAsUser: 0
 142           privileged: true
 143         image: "{{ .Values.image }}:{{ .Values.imageTag }}"
 144         command: ["sysctl", "-w", "vm.max_map_count={{ .Values.sysctlVmMaxMapCount}}"]
 145         resources:
 146 {{ toYaml .Values.initResources | indent 10 }}
 147       {{- end }}
 148       {{- if .Values.extraInitContainers }}
 149 {{ tpl .Values.extraInitContainers . | indent 6 }}
 150       {{- end }}
 151       containers:
 152       - name: "{{ template "name" . }}"
 153         securityContext:
 154 {{ toYaml .Values.securityContext | indent 10 }}
 155         image: "{{ .Values.image }}:{{ .Values.imageTag }}"
 156         imagePullPolicy: "{{ .Values.imagePullPolicy }}"
 157         readinessProbe:
 158 {{ toYaml .Values.readinessProbe | indent 10 }}
 159           exec:
 160             command:
 161               - sh
 162               - -c
 163               - |
 164                 #!/usr/bin/env bash -e
 165                 # If the node is starting up wait for the cluster to be ready (request params: '{{ .Values.clusterHealthCheckParams }}' )
 166                 # Once it has started only check that the node itself is responding
 167                 START_FILE=/tmp/.es_start_file
 168
 169                 http () {
 170                     local path="${1}"
 171                     if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then
 172                       BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}"
 173                     else
 174                       BASIC_AUTH=''
 175                     fi
 176                     curl -XGET -s -k --fail ${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}${path}
 177                 }
 178
 179                 if [ -f "${START_FILE}" ]; then
 180                     echo 'Elasticsearch is already running, lets check the node is healthy'
 181                     http "/"
 182                 else
 183                     echo 'Waiting for elasticsearch cluster to become cluster to be ready (request params: "{{ .Values.clusterHealthCheckParams }}" )'
 184                     if http "/_cluster/health?{{ .Values.clusterHealthCheckParams }}" ; then
 185                         touch ${START_FILE}
 186                         exit 0
 187                     else
 188                         echo 'Cluster is not yet ready (request params: "{{ .Values.clusterHealthCheckParams }}" )'
 189                         exit 1
 190                     fi
 191                 fi
 192         ports:
 193         - name: http
 194           containerPort: {{ .Values.httpPort }}
 195         - name: transport
 196           containerPort: {{ .Values.transportPort }}
 197         resources:
 198 {{ toYaml .Values.resources | indent 10 }}
 199         env:
 200           - name: node.name
 201             valueFrom:
 202               fieldRef:
 203                 fieldPath: metadata.name
 204           {{- if eq .Values.roles.master "true" }}
 205           {{- if ge (int (include "esMajorVersion" .)) 7 }}
 206           - name: cluster.initial_master_nodes
 207             value: "{{ template "endpoints" .Values }}"
 208           {{- else }}
 209           - name: discovery.zen.minimum_master_nodes
 210             value: "{{ .Values.minimumMasterNodes }}"
 211           {{- end }}
 212           {{- end }}
 213           {{- if lt (int (include "esMajorVersion" .)) 7 }}
 214           - name: discovery.zen.ping.unicast.hosts
 215             value: "{{ template "masterService" . }}-headless"
 216           {{- else }}
 217           - name: discovery.seed_hosts
 218             value: "{{ template "masterService" . }}-headless"
 219           {{- end }}
 220           - name: cluster.name
 221             value: "{{ .Values.clusterName }}"
 222           - name: network.host
 223             value: "{{ .Values.networkHost }}"
 224           - name: ES_JAVA_OPTS
 225             value: "{{ .Values.esJavaOpts }}"
 226           {{- range $role, $enabled := .Values.roles }}
 227           - name: node.{{ $role }}
 228             value: "{{ $enabled }}"
 229           {{- end }}
 230 {{- if .Values.extraEnvs }}
 231 {{ toYaml .Values.extraEnvs | indent 10 }}
 232 {{- end }}
 233         volumeMounts:
 234           {{- if .Values.persistence.enabled }}
 235           - name: "{{ template "uname" . }}"
 236             mountPath: /usr/share/elasticsearch/data
 237           {{- end }}
 238           {{- range .Values.secretMounts }}
 239           - name: {{ .name }}
 240             mountPath: {{ .path }}
 241             {{- if .subPath }}
 242             subPath: {{ .subPath }}
 243             {{- end }}
 244           {{- end }}
 245           {{- range $path, $config := .Values.esConfig }}
 246           - name: esconfig
 247             mountPath: /usr/share/elasticsearch/config/{{ $path }}
 248             subPath: {{ $path }}
 249           {{- end -}}
 250         {{- if .Values.extraVolumeMounts }}
 251 {{ tpl .Values.extraVolumeMounts . | indent 10 }}
 252         {{- end }}
 253       {{- if .Values.masterTerminationFix }}
 254       {{- if eq .Values.roles.master "true" }}
 255       # This sidecar will prevent slow master re-election
 256       # https://github.com/elastic/helm-charts/issues/63
 257       - name: elasticsearch-master-graceful-termination-handler
 258         image: "{{ .Values.image }}:{{ .Values.imageTag }}"
 259         imagePullPolicy: "{{ .Values.imagePullPolicy }}"
 260         command:
 261         - "sh"
 262         - -c
 263         - |
 264           #!/usr/bin/env bash
 265           set -eo pipefail
 266
 267           http () {
 268               local path="${1}"
 269               if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then
 270                 BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}"
 271               else
 272                 BASIC_AUTH=''
 273               fi
 274               curl -XGET -s -k --fail ${BASIC_AUTH} {{ .Values.protocol }}://{{ template "masterService" . }}:{{ .Values.httpPort }}${path}
 275           }
 276
 277           cleanup () {
 278             while true ; do
 279               local master="$(http "/_cat/master?h=node" || echo "")"
 280               if [[ $master == "{{ template "masterService" . }}"* && $master != "${NODE_NAME}" ]]; then
 281                 echo "This node is not master."
 282                 break
 283               fi
 284               echo "This node is still master, waiting gracefully for it to step down"
 285               sleep 1
 286             done
 287
 288             exit 0
 289           }
 290
 291           trap cleanup SIGTERM
 292
 293           sleep infinity &
 294           wait $!
 295         resources:
 296 {{ toYaml .Values.sidecarResources | indent 10 }}
 297         env:
 298           - name: NODE_NAME
 299             valueFrom:
 300               fieldRef:
 301                 fieldPath: metadata.name
 302         {{- if .Values.extraEnvs }}
 303 {{ toYaml .Values.extraEnvs | indent 10 }}
 304         {{- end }}
 305       {{- end }}
 306       {{- end }}
 307 {{- if .Values.lifecycle }}
 308         lifecycle:
 309 {{ toYaml .Values.lifecycle | indent 10 }}
 310 {{- end }}