Gitiles
Code Review Sign In
gerrit.nordix.org / local / oransc / nonrtric-prototyping / c01049918fe84d05d39baca931502c3cd85c02c1 / . / rapps / elastic-8.1.2.yaml
blob: 6eae596f662afc2a64870a2801579806c0df8287 [file] [log] [blame]
ktimoney3570d5a2022-05-24 13:54:55 +0100[diff] [blame]1#
2# ============LICENSE_START=======================================================
3# Copyright (C) 2022 Nordix Foundation.
4# ================================================================================
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#
17# SPDX-License-Identifier: Apache-2.0
18# ============LICENSE_END=========================================================
19#
20apiVersion: v1
21kind: PersistentVolume
22metadata:
23 name: elasticsearch-storage-pv-volume
24 namespace: logging
25 labels:
26 type: local
27 app: elasticsearch
28spec:
29 storageClassName: manual
30 capacity:
31 storage: 100Mi
32 accessModes:
33 - ReadWriteOnce
34 hostPath:
35 path: "/var/elasticsearch/data"
36---
37apiVersion: v1
38kind: PersistentVolumeClaim
39metadata:
40 name: elasticsearch-storage-pv-claim
41 namespace: logging
42 labels:
43 app: elasticsearch
44spec:
45 storageClassName: manual
46 accessModes:
47 - ReadWriteOnce
48 resources:
49 requests:
50 storage: 100Mi
51---
ktimoney90fcec92022-04-29 15:46:50 +0100[diff] [blame]52apiVersion: v1
53kind: ConfigMap
54metadata:
55 name: elasticsearch-init-script
56 namespace: logging
57data:
58 setup_certs.sh: |
59 #!/bin/bash
60 ELASTIC_HOME=/usr/share/elasticsearch
61 # If the ca directory already exists, delete it
62 if [ -d /certs-dir/ca ]; then
63 rm -rf /certs-dir/ca
64 fi
65 # If the elasticsearch directory already exists, delete it
66 if [ -d /certs-dir/elasticsearch ]; then
67 rm -rf /certs-dir/elasticsearch
68 fi
69 echo "Creating CA";
70 $ELASTIC_HOME/bin/elasticsearch-certutil ca --silent --pem -out /certs-dir/ca.zip;
71 unzip -o /certs-dir/ca.zip -d /certs-dir;
72 echo "Creating certs";
73 echo -ne \
74 "instances:\n"\
75 " - name: elasticsearch\n"\
76 " dns:\n"\
77 " - elasticsearch\n"\
78 " - elasticsearch.logging\n"\
79 " - elasticsearch.est.tech\n"\
80 " - localhost\n"\
81 " ip:\n"\
82 " - 127.0.0.1\n"\
83 " - 192.168.49.2\n"\
84 > /certs-dir/instances.yml;
85 $ELASTIC_HOME/bin/elasticsearch-certutil cert --silent --pem -out /certs-dir/certs.zip --in /certs-dir/instances.yml \
86 --ca-cert /certs-dir/ca/ca.crt --ca-key /certs-dir/ca/ca.key;
87 unzip -o /certs-dir/certs.zip -d /certs-dir;
88
89 echo "Removing zip files"
90 rm -f /certs-dir/ca.zip
91 rm -f /certs-dir/certs.zip
92 echo "Setting file permissions"
93 chmod 750 /certs-dir/ca
94 chmod 750 /certs-dir/elasticsearch
95 chmod 640 /certs-dir/ca/*
96 chmod 640 /certs-dir/elasticsearch/*
97 echo "All done!";
98---
99apiVersion: v1
100kind: ConfigMap
101metadata:
102 name: elasticsearch-config
103 namespace: logging
104data:
105 elasticsearch.yml: |
106 discovery.type: single-node
107 cluster.name: "docker-cluster"
108 network.host: 0.0.0.0
109 node.name: elasticsearch
110 ingest.geoip.downloader.enabled: false
111 xpack.license.self_generated.type: basic
112 xpack.security.enabled: true
113 xpack.security.http.ssl.enabled: true
114 xpack.security.http.ssl.key: certs/elasticsearch/elasticsearch.key
115 xpack.security.http.ssl.certificate: certs/elasticsearch/elasticsearch.crt
116 xpack.security.http.ssl.certificate_authorities: certs/ca/ca.crt
117 xpack.security.http.ssl.verification_mode: certificate
118 xpack.security.transport.ssl.enabled: true
119 xpack.security.transport.ssl.key: certs/elasticsearch/elasticsearch.key
120 xpack.security.transport.ssl.certificate: certs/elasticsearch/elasticsearch.crt
121 xpack.security.transport.ssl.certificate_authorities: certs/ca/ca.crt
122 xpack.security.transport.ssl.verification_mode: certificate
123---
124apiVersion: apps/v1
125kind: Deployment
126metadata:
127 name: elasticsearch
128 namespace: logging
129spec:
130 selector:
131 matchLabels:
132 component: elasticsearch
133 template:
134 metadata:
135 labels:
136 component: elasticsearch
137 spec:
138 containers:
139 - name: elasticsearch
140 imagePullPolicy: IfNotPresent
141 image: docker.elastic.co/elasticsearch/elasticsearch:8.1.2
142 env:
143 - name: ELASTIC_PASSWORD
144 value: "secret"
145 ports:
146 - containerPort: 9200
147 name: http
148 protocol: TCP
149 resources:
150 limits:
151 cpu: 500m
152 memory: 4Gi
153 requests:
154 cpu: 500m
155 memory: 4Gi
156 volumeMounts:
157 - name: elasticsearch-storage
158 mountPath: /usr/share/elasticsearch/data
ktimoney90fcec92022-04-29 15:46:50 +0100[diff] [blame]159 - name: elasticsearch-certs
160 mountPath: /usr/share/elasticsearch/config/certs
161 readOnly: true
162 - name : config
163 mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
164 subPath: elasticsearch.yml
165 readOnly: false
166 initContainers:
167 - name: init-elasticsearch
168 image: docker.elastic.co/elasticsearch/elasticsearch:8.1.2
169 imagePullPolicy: IfNotPresent
170 command: ['/bin/bash', '-c', '/usr/share/elasticsearch/bin/setup_certs.sh']
171 volumeMounts:
172 - name: elasticsearch-certs
173 mountPath: "/certs-dir"
174 - name: elasticsearch-cert-init
175 mountPath: /usr/share/elasticsearch/bin/setup_certs.sh
176 subPath: setup_certs.sh
177 volumes:
178 - name: elasticsearch-storage
ktimoney3570d5a2022-05-24 13:54:55 +0100[diff] [blame]179 persistentVolumeClaim:
180 claimName: elasticsearch-storage-pv-claim
ktimoney90fcec92022-04-29 15:46:50 +0100[diff] [blame]181 - name: elasticsearch-certs
182 hostPath:
183 # Ensure the file directory is created.
184 path: /var/elasticsearch/config/certs
185 type: DirectoryOrCreate
186 - name: config
187 configMap:
188 name: elasticsearch-config
189 - name: elasticsearch-cert-init
190 configMap:
191 name: elasticsearch-init-script
192 defaultMode: 0755
193---
194apiVersion: v1
195kind: Service
196metadata:
197 name: elasticsearch
198 namespace: logging
199 labels:
200 service: elasticsearch
201spec:
202 type: NodePort
203 selector:
204 component: elasticsearch
205 ports:
206 - port: 9200
207 targetPort: 9200
208---
209apiVersion: networking.istio.io/v1alpha3
210kind: Gateway
211metadata:
212 name: esgateway
213spec:
214 selector:
215 istio: ingressgateway # use istio default ingress gateway
216 servers:
217 - port:
218 number: 443
219 name: https
220 protocol: HTTPS
221 tls:
222 mode: PASSTHROUGH
223 hosts:
224 - elasticsearch.est.tech
225---
226apiVersion: networking.istio.io/v1alpha3
227kind: VirtualService
228metadata:
229 name: esvirtualservice
230spec:
231 hosts:
232 - "elasticsearch.est.tech"
233 gateways:
234 - esgateway
235 tls:
236 - match:
237 - port: 443
238 sniHosts:
239 - elasticsearch.est.tech
240 route:
241 - destination:
242 host: elasticsearch.logging.svc.cluster.local
243 port:
244 number: 9200
245---