rapps/elastic-8.1.2.yaml - local/oransc/nonrtric-prototyping - Gitiles

 #
 # ============LICENSE_START=======================================================
 #  Copyright (C) 2022 Nordix Foundation.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 # SPDX-License-Identifier: Apache-2.0
 # ============LICENSE_END=========================================================
 #
 apiVersion: v1
 kind: PersistentVolume
 metadata:
   name: elasticsearch-storage-pv-volume
   namespace: logging
   labels:
     type: local
     app: elasticsearch
 spec:
   storageClassName: manual
   capacity:
     storage: 100Mi
   accessModes:
     - ReadWriteOnce
   hostPath:
     path: "/var/elasticsearch/data"
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: elasticsearch-storage-pv-claim
   namespace: logging
   labels:
     app: elasticsearch
 spec:
   storageClassName: manual
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
       storage: 100Mi
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: elasticsearch-init-script
   namespace: logging
 data:
   setup_certs.sh: |
    #!/bin/bash
    ELASTIC_HOME=/usr/share/elasticsearch
    # If the ca directory already exists, delete it
    if [ -d /certs-dir/ca ]; then
         rm -rf /certs-dir/ca
    fi
    # If the elasticsearch directory already exists, delete it
    if [ -d /certs-dir/elasticsearch ]; then
         rm -rf /certs-dir/elasticsearch
    fi
    echo "Creating CA";
    $ELASTIC_HOME/bin/elasticsearch-certutil ca --silent --pem -out /certs-dir/ca.zip;
    unzip -o /certs-dir/ca.zip -d /certs-dir;
    echo "Creating certs";
    echo -ne \
    "instances:\n"\
    "  - name: elasticsearch\n"\
    "    dns:\n"\
    "      - elasticsearch\n"\
    "      - elasticsearch.logging\n"\
    "      - elasticsearch.est.tech\n"\
    "      - localhost\n"\
    "    ip:\n"\
    "      - 127.0.0.1\n"\
    "      - 192.168.49.2\n"\
    > /certs-dir/instances.yml;
    $ELASTIC_HOME/bin/elasticsearch-certutil cert --silent --pem -out /certs-dir/certs.zip --in /certs-dir/instances.yml \
    --ca-cert /certs-dir/ca/ca.crt --ca-key /certs-dir/ca/ca.key;
    unzip -o /certs-dir/certs.zip -d /certs-dir;

    echo "Removing zip files"
    rm -f /certs-dir/ca.zip
    rm -f /certs-dir/certs.zip
    echo "Setting file permissions"
    chmod 750 /certs-dir/ca
    chmod 750 /certs-dir/elasticsearch
    chmod 640 /certs-dir/ca/*
    chmod 640 /certs-dir/elasticsearch/*
    echo "All done!";
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: elasticsearch-config
   namespace: logging
 data:
   elasticsearch.yml: |
    discovery.type: single-node
    cluster.name: "docker-cluster"
    network.host: 0.0.0.0
    node.name: elasticsearch
    ingest.geoip.downloader.enabled: false
    xpack.license.self_generated.type: basic
    xpack.security.enabled: true
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.key: certs/elasticsearch/elasticsearch.key
    xpack.security.http.ssl.certificate: certs/elasticsearch/elasticsearch.crt
    xpack.security.http.ssl.certificate_authorities: certs/ca/ca.crt
    xpack.security.http.ssl.verification_mode: certificate
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.key: certs/elasticsearch/elasticsearch.key
    xpack.security.transport.ssl.certificate: certs/elasticsearch/elasticsearch.crt
    xpack.security.transport.ssl.certificate_authorities: certs/ca/ca.crt
    xpack.security.transport.ssl.verification_mode: certificate
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: elasticsearch
   namespace: logging
 spec:
   selector:
     matchLabels:
       component: elasticsearch
   template:
     metadata:
       labels:
         component: elasticsearch
     spec:
       containers:
       - name: elasticsearch
         imagePullPolicy: IfNotPresent
         image: docker.elastic.co/elasticsearch/elasticsearch:8.1.2
         env:
         - name: ELASTIC_PASSWORD
           value: "secret"
         ports:
         - containerPort: 9200
           name: http
           protocol: TCP
         resources:
           limits:
             cpu: 500m
             memory: 4Gi
           requests:
             cpu: 500m
             memory: 4Gi
         volumeMounts:
         - name: elasticsearch-storage
           mountPath: /usr/share/elasticsearch/data
         - name: elasticsearch-certs
           mountPath: /usr/share/elasticsearch/config/certs
           readOnly: true
         - name : config
           mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
           subPath: elasticsearch.yml
           readOnly: false
       initContainers:
       - name: init-elasticsearch
         image: docker.elastic.co/elasticsearch/elasticsearch:8.1.2
         imagePullPolicy: IfNotPresent
         command: ['/bin/bash', '-c', '/usr/share/elasticsearch/bin/setup_certs.sh']
         volumeMounts:
         - name: elasticsearch-certs
           mountPath: "/certs-dir"
         - name: elasticsearch-cert-init
           mountPath: /usr/share/elasticsearch/bin/setup_certs.sh
           subPath: setup_certs.sh
       volumes:
       - name: elasticsearch-storage
         persistentVolumeClaim:
           claimName: elasticsearch-storage-pv-claim
       - name: elasticsearch-certs
         hostPath:
           # Ensure the file directory is created.
            path: /var/elasticsearch/config/certs
            type: DirectoryOrCreate
       - name: config
         configMap:
           name: elasticsearch-config
       - name: elasticsearch-cert-init
         configMap:
           name: elasticsearch-init-script
           defaultMode: 0755
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: elasticsearch
   namespace: logging
   labels:
     service: elasticsearch
 spec:
   type: NodePort
   selector:
     component: elasticsearch
   ports:
   - port: 9200
     targetPort: 9200
 ---
 apiVersion: networking.istio.io/v1alpha3
 kind: Gateway
 metadata:
   name: esgateway
 spec:
   selector:
     istio: ingressgateway # use istio default ingress gateway
   servers:
   - port:
       number: 443
       name: https
       protocol: HTTPS
     tls:
       mode: PASSTHROUGH
     hosts:
     - elasticsearch.est.tech
 ---
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: esvirtualservice
 spec:
   hosts:
   - "elasticsearch.est.tech"
   gateways:
   - esgateway
   tls:
   - match:
     - port: 443
       sniHosts:
       - elasticsearch.est.tech
     route:
     - destination:
         host: elasticsearch.logging.svc.cluster.local
         port:
           number: 9200
 ---
	#
	# ============LICENSE_START=======================================================
	# Copyright (C) 2022 Nordix Foundation.
	# ================================================================================
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#
	# SPDX-License-Identifier: Apache-2.0
	# ============LICENSE_END=========================================================
	#
	apiVersion: v1
	kind: PersistentVolume
	metadata:
	name: elasticsearch-storage-pv-volume
	namespace: logging
	labels:
	type: local
	app: elasticsearch
	spec:
	storageClassName: manual
	capacity:
	storage: 100Mi
	accessModes:
	- ReadWriteOnce
	hostPath:
	path: "/var/elasticsearch/data"
	---
	apiVersion: v1
	kind: PersistentVolumeClaim
	metadata:
	name: elasticsearch-storage-pv-claim
	namespace: logging
	labels:
	app: elasticsearch
	spec:
	storageClassName: manual
	accessModes:
	- ReadWriteOnce
	resources:
	requests:
	storage: 100Mi
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: elasticsearch-init-script
	namespace: logging
	data:
	setup_certs.sh: \|
	#!/bin/bash
	ELASTIC_HOME=/usr/share/elasticsearch
	# If the ca directory already exists, delete it
	if [ -d /certs-dir/ca ]; then
	rm -rf /certs-dir/ca
	fi
	# If the elasticsearch directory already exists, delete it
	if [ -d /certs-dir/elasticsearch ]; then
	rm -rf /certs-dir/elasticsearch
	fi
	echo "Creating CA";
	$ELASTIC_HOME/bin/elasticsearch-certutil ca --silent --pem -out /certs-dir/ca.zip;
	unzip -o /certs-dir/ca.zip -d /certs-dir;
	echo "Creating certs";
	echo -ne \
	"instances:\n"\
	" - name: elasticsearch\n"\
	" dns:\n"\
	" - elasticsearch\n"\
	" - elasticsearch.logging\n"\
	" - elasticsearch.est.tech\n"\
	" - localhost\n"\
	" ip:\n"\
	" - 127.0.0.1\n"\
	" - 192.168.49.2\n"\
	> /certs-dir/instances.yml;
	$ELASTIC_HOME/bin/elasticsearch-certutil cert --silent --pem -out /certs-dir/certs.zip --in /certs-dir/instances.yml \
	--ca-cert /certs-dir/ca/ca.crt --ca-key /certs-dir/ca/ca.key;
	unzip -o /certs-dir/certs.zip -d /certs-dir;

	echo "Removing zip files"
	rm -f /certs-dir/ca.zip
	rm -f /certs-dir/certs.zip
	echo "Setting file permissions"
	chmod 750 /certs-dir/ca
	chmod 750 /certs-dir/elasticsearch
	chmod 640 /certs-dir/ca/*
	chmod 640 /certs-dir/elasticsearch/*
	echo "All done!";
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: elasticsearch-config
	namespace: logging
	data:
	elasticsearch.yml: \|
	discovery.type: single-node
	cluster.name: "docker-cluster"
	network.host: 0.0.0.0
	node.name: elasticsearch
	ingest.geoip.downloader.enabled: false
	xpack.license.self_generated.type: basic
	xpack.security.enabled: true
	xpack.security.http.ssl.enabled: true
	xpack.security.http.ssl.key: certs/elasticsearch/elasticsearch.key
	xpack.security.http.ssl.certificate: certs/elasticsearch/elasticsearch.crt
	xpack.security.http.ssl.certificate_authorities: certs/ca/ca.crt
	xpack.security.http.ssl.verification_mode: certificate
	xpack.security.transport.ssl.enabled: true
	xpack.security.transport.ssl.key: certs/elasticsearch/elasticsearch.key
	xpack.security.transport.ssl.certificate: certs/elasticsearch/elasticsearch.crt
	xpack.security.transport.ssl.certificate_authorities: certs/ca/ca.crt
	xpack.security.transport.ssl.verification_mode: certificate
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: elasticsearch
	namespace: logging
	spec:
	selector:
	matchLabels:
	component: elasticsearch
	template:
	metadata:
	labels:
	component: elasticsearch
	spec:
	containers:
	- name: elasticsearch
	imagePullPolicy: IfNotPresent
	image: docker.elastic.co/elasticsearch/elasticsearch:8.1.2
	env:
	- name: ELASTIC_PASSWORD
	value: "secret"
	ports:
	- containerPort: 9200
	name: http
	protocol: TCP
	resources:
	limits:
	cpu: 500m
	memory: 4Gi
	requests:
	cpu: 500m
	memory: 4Gi
	volumeMounts:
	- name: elasticsearch-storage
	mountPath: /usr/share/elasticsearch/data
	- name: elasticsearch-certs
	mountPath: /usr/share/elasticsearch/config/certs
	readOnly: true
	- name : config
	mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
	subPath: elasticsearch.yml
	readOnly: false
	initContainers:
	- name: init-elasticsearch
	image: docker.elastic.co/elasticsearch/elasticsearch:8.1.2
	imagePullPolicy: IfNotPresent
	command: ['/bin/bash', '-c', '/usr/share/elasticsearch/bin/setup_certs.sh']
	volumeMounts:
	- name: elasticsearch-certs
	mountPath: "/certs-dir"
	- name: elasticsearch-cert-init
	mountPath: /usr/share/elasticsearch/bin/setup_certs.sh
	subPath: setup_certs.sh
	volumes:
	- name: elasticsearch-storage
	persistentVolumeClaim:
	claimName: elasticsearch-storage-pv-claim
	- name: elasticsearch-certs
	hostPath:
	# Ensure the file directory is created.
	path: /var/elasticsearch/config/certs
	type: DirectoryOrCreate
	- name: config
	configMap:
	name: elasticsearch-config
	- name: elasticsearch-cert-init
	configMap:
	name: elasticsearch-init-script
	defaultMode: 0755
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: elasticsearch
	namespace: logging
	labels:
	service: elasticsearch
	spec:
	type: NodePort
	selector:
	component: elasticsearch
	ports:
	- port: 9200
	targetPort: 9200
	---
	apiVersion: networking.istio.io/v1alpha3
	kind: Gateway
	metadata:
	name: esgateway
	spec:
	selector:
	istio: ingressgateway # use istio default ingress gateway
	servers:
	- port:
	number: 443
	name: https
	protocol: HTTPS
	tls:
	mode: PASSTHROUGH
	hosts:
	- elasticsearch.est.tech
	---
	apiVersion: networking.istio.io/v1alpha3
	kind: VirtualService
	metadata:
	name: esvirtualservice
	spec:
	hosts:
	- "elasticsearch.est.tech"
	gateways:
	- esgateway
	tls:
	- match:
	- port: 443
	sniHosts:
	- elasticsearch.est.tech
	route:
	- destination:
	host: elasticsearch.logging.svc.cluster.local
	port:
	number: 9200
	---