diff --git a/.github/workflows/charts_tests.yaml b/.github/workflows/charts_tests.yaml index 356fbfcdd8..6e4c4594f5 100644 --- a/.github/workflows/charts_tests.yaml +++ b/.github/workflows/charts_tests.yaml @@ -38,7 +38,7 @@ jobs: python-version: "3.10" - name: Set up chart-testing - uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec # tag=v2.3.1 + uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # tag=v2.4.0 - name: Run chart-testing (lint) id: lint diff --git a/library/ix-dev/charts/elastic-search/Chart.lock b/library/ix-dev/charts/elastic-search/Chart.lock new file mode 100644 index 0000000000..2378c1fe5e --- /dev/null +++ b/library/ix-dev/charts/elastic-search/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.0.3 +digest: sha256:1a090020cfa582aff29906320874ffe9b543fcc6c2423c281f434514f2653e02 +generated: "2023-04-05T18:36:45.107184615+03:00" diff --git a/library/ix-dev/charts/elastic-search/Chart.yaml b/library/ix-dev/charts/elastic-search/Chart.yaml new file mode 100644 index 0000000000..3494f485e0 --- /dev/null +++ b/library/ix-dev/charts/elastic-search/Chart.yaml @@ -0,0 +1,25 @@ +name: elastic-search +description: Elasticsearch is the distributed, RESTful search and analytics engine at the heart of the Elastic Stack. +annotations: + title: Elastic Search +type: application +version: 1.0.0 +apiVersion: v2 +appVersion: '8.7.0' +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ +dependencies: + - name: common + repository: file://../../../common + version: 1.0.3 +home: https://www.elastic.co +icon: https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt280217a63b82a734/6202d3378b1f312528798412/elastic-logo.svg +sources: + - https://www.elastic.co/ + - https://github.com/truenas/charts/tree/master/charts/elastic-search + - https://www.elastic.co/guide/en/elasticsearch/reference/master/docker.html#docker-configuration-methods +keywords: + - search + - elastic diff --git a/library/ix-dev/charts/elastic-search/README.md b/library/ix-dev/charts/elastic-search/README.md new file mode 100644 index 0000000000..beec2c1bc3 --- /dev/null +++ b/library/ix-dev/charts/elastic-search/README.md @@ -0,0 +1,10 @@ +# Elastic Search + +> During the installation process, a container will be launched with **root** privileges. This is required +> in order to apply the correct permissions to the `Elastic Search` data directory. Afterward, the `Elastic Search` container +> will run as a **non**-root user (default `568`). + +If you want to apply additional configuration you can by using additional environment variables. + +See the [Elastic Search documentation](https://www.elastic.co/guide/en/elasticsearch/reference/master/docker.html#docker-configuration-methods) +for more information. diff --git a/library/ix-dev/charts/elastic-search/app-readme.md b/library/ix-dev/charts/elastic-search/app-readme.md new file mode 100644 index 0000000000..beec2c1bc3 --- /dev/null +++ b/library/ix-dev/charts/elastic-search/app-readme.md @@ -0,0 +1,10 @@ +# Elastic Search + +> During the installation process, a container will be launched with **root** privileges. This is required +> in order to apply the correct permissions to the `Elastic Search` data directory. Afterward, the `Elastic Search` container +> will run as a **non**-root user (default `568`). + +If you want to apply additional configuration you can by using additional environment variables. + +See the [Elastic Search documentation](https://www.elastic.co/guide/en/elasticsearch/reference/master/docker.html#docker-configuration-methods) +for more information. diff --git a/library/ix-dev/charts/elastic-search/charts/common-1.0.3.tgz b/library/ix-dev/charts/elastic-search/charts/common-1.0.3.tgz new file mode 100644 index 0000000000..7446e33b5f Binary files /dev/null and b/library/ix-dev/charts/elastic-search/charts/common-1.0.3.tgz differ diff --git a/library/ix-dev/charts/elastic-search/ci/basic-values.yaml b/library/ix-dev/charts/elastic-search/ci/basic-values.yaml new file mode 100644 index 0000000000..5e6c993ef6 --- /dev/null +++ b/library/ix-dev/charts/elastic-search/ci/basic-values.yaml @@ -0,0 +1,8 @@ +esStorage: + data: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/data + +esConfig: + password: some-secret + nodeName: Elastic Search Basic diff --git a/library/ix-dev/charts/elastic-search/ci/https-values.yaml b/library/ix-dev/charts/elastic-search/ci/https-values.yaml new file mode 100644 index 0000000000..ce7d041923 --- /dev/null +++ b/library/ix-dev/charts/elastic-search/ci/https-values.yaml @@ -0,0 +1,97 @@ +esStorage: + data: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/data + +esConfig: + password: some-https-secret + nodeName: Elastic Search HTTPS + +esNetwork: + certificateID: 1 + +ixCertificates: + "1": + certificate: | + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + privatekey: | + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT + HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk + H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI + 4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d + NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB + +Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7 + A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu + eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5 + N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe + EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL + PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR + 0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA + 6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z + FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo + L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL + d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA + 0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu + MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2 + wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd + DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7 + wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc + nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S + dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P + //L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY + qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc + 3G15AKCXo7jjOUtHY01DCQ== + -----END PRIVATE KEY----- diff --git a/library/ix-dev/charts/elastic-search/item.yaml b/library/ix-dev/charts/elastic-search/item.yaml new file mode 100644 index 0000000000..435fe66ca3 --- /dev/null +++ b/library/ix-dev/charts/elastic-search/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt280217a63b82a734/6202d3378b1f312528798412/elastic-logo.svg +categories: + - search + - elastic diff --git a/library/ix-dev/charts/elastic-search/questions.yaml b/library/ix-dev/charts/elastic-search/questions.yaml new file mode 100644 index 0000000000..f2ad591d83 --- /dev/null +++ b/library/ix-dev/charts/elastic-search/questions.yaml @@ -0,0 +1,176 @@ +groups: + - name: Elastic Search Configuration + description: Configure Elastic Search + - name: User and Group Configuration + description: Configure User and Group for Elastic Search + - name: Network Configuration + description: Configure Network for Elastic Search + - name: Storage Configuration + description: Configure Storage for Elastic Search + - name: Resources Configuration + description: Configure Resources for Elastic Search + +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "$kubernetes-resource_configmap_portal_path" + +questions: + + - variable: esConfig + label: "" + group: Elastic Search Configuration + schema: + type: dict + attrs: + - variable: password + label: Password + description: The password for the Elastic Search (elastic) user. + schema: + type: string + default: "" + required: true + - variable: nodeName + label: Node Name + description: The name of the Elastic Search node. + schema: + type: string + default: "elastic_search_node" + required: true + - variable: heapSize + label: Heap Size + description: The heap size for Elastic Search. + schema: + type: string + default: "512m" + required: true + - variable: additionalEnvs + label: Additional Environment Variables + description: Configure additional environment variables for Elastic Search. + schema: + type: list + default: [] + items: + - variable: env + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: esNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: httpPort + label: HTTP Port + description: The port for the Elastic Search HTTP + schema: + type: int + default: 30000 + min: 9000 + max: 65535 + required: true + - variable: hostNetwork + label: Host Network + description: | + Bind to the host network. It's recommended to keep this disabled. + schema: + type: boolean + default: false + - variable: certificateID + label: Certificate + description: | + The certificate to use for Elastic Search
+ schema: + type: int + "null": true + $ref: + - "definitions/certificate" + + - variable: esStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: data + label: Elastic Search Data Storage + description: The path to store Elastic Search data. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: "data" + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + + - variable: resources + label: "" + group: Resources Configuration + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for Elastic Search. + schema: + type: string + default: "4000m" + required: true + - variable: memory + label: Memory + description: Memory limit for Elastic Search. + schema: + type: string + default: "8Gi" + required: true diff --git a/library/ix-dev/charts/elastic-search/templates/NOTES.txt b/library/ix-dev/charts/elastic-search/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/library/ix-dev/charts/elastic-search/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/library/ix-dev/charts/elastic-search/templates/_es.tpl b/library/ix-dev/charts/elastic-search/templates/_es.tpl new file mode 100644 index 0000000000..a2f4c7be1b --- /dev/null +++ b/library/ix-dev/charts/elastic-search/templates/_es.tpl @@ -0,0 +1,119 @@ +{{- define "es.workload" -}} +workload: + es: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: {{ .Values.esNetwork.hostNetwork }} + containers: + es: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: {{ .Values.esRunAs.user }} + runAsGroup: {{ .Values.esRunAs.group }} + readOnlyRootFilesystem: false + env: + {{/* https://www.elastic.co/guide/en/elasticsearch/reference/master/docker.html#docker-configuration-methods */}} + ES_HEAP_SIZE: {{ .Values.esConfig.heapSize }} + ELASTIC_PASSWORD: {{ .Values.esConfig.password }} + ES_SETTING_HTTP_PORT: {{ .Values.esNetwork.httpPort }} + ES_SETTING_NODE_NAME: {{ .Values.esConfig.nodeName }} + ES_SETTING_NODE_ROLES: master + ES_SETTING_DISCOVERY_TYPE: single-node + ES_SETTING_XPACK_SECURITY_ENABLED: true + {{/* Transport is not used on single nodes */}} + ES_SETTING_XPACK_SECURITY_TRANSPORT_SSL_ENABLED: false + {{ if .Values.esNetwork.certificateID }} + ES_SETTING_XPACK_SECURITY_HTTP_SSL_ENABLED: true + ES_SETTING_XPACK_SECURITY_HTTP_SSL_KEY: /usr/share/elasticsearch/config/certs/tls.key + ES_SETTING_XPACK_SECURITY_HTTP_SSL_CERTIFICATE: /usr/share/elasticsearch/config/certs/tls.crt + ES_SETTING_XPACK_SECURITY_HTTP_SSL_CERTIFICATE__AUTHORITIES: /usr/share/elasticsearch/config/certs/ca.crt + {{ end }} + {{ with .Values.esConfig.additionalEnvs }} + {{ range $env := . }} + {{ $env.name }}: {{ $env.value }} + {{ end }} + {{ end }} + probes: + liveness: + enabled: true + type: {{ include "es.schema" . }} + path: /_cluster/health?local=true + port: {{ .Values.esNetwork.httpPort }} + httpHeaders: + Authorization: Basic {{ printf "elastic:%s" .Values.esConfig.password | b64enc }} + readiness: + enabled: true + type: {{ include "es.schema" . }} + path: /_cluster/health?local=true + port: {{ .Values.esNetwork.httpPort }} + httpHeaders: + Authorization: Basic {{ printf "elastic:%s" .Values.esConfig.password | b64enc }} + startup: + enabled: true + type: {{ include "es.schema" . }} + path: /_cluster/health?local=true + port: {{ .Values.esNetwork.httpPort }} + httpHeaders: + Authorization: Basic {{ printf "elastic:%s" .Values.esConfig.password | b64enc }} + initContainers: + {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions" + "UID" .Values.esRunAs.user + "GID" .Values.esRunAs.group + "type" "install") | nindent 8 }} +{{/* Service */}} +service: + es: + enabled: true + primary: true + type: NodePort + targetSelector: es + ports: + http: + enabled: true + primary: true + port: {{ .Values.esNetwork.httpPort }} + nodePort: {{ .Values.esNetwork.httpPort }} + targetSelector: es + +{{/* Persistence */}} +persistence: + data: + enabled: true + type: {{ .Values.esStorage.data.type }} + datasetName: {{ .Values.esStorage.data.datasetName | default "" }} + hostPath: {{ .Values.esStorage.data.hostPath | default "" }} + targetSelector: + es: + es: + mountPath: /usr/share/elasticsearch/data + 01-permissions: + mountPath: /mnt/directories/data + {{- if .Values.esNetwork.certificateID }} + certs: + enabled: true + type: secret + objectName: es-cert + defaultMode: "0600" + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + - key: tls.crt + path: ca.crt + targetSelector: + es: + es: + mountPath: /usr/share/elasticsearch/config/certs + readOnly: true + +scaleCertificate: + es-cert: + enabled: true + id: {{ .Values.esNetwork.certificateID }} + {{- end -}} +{{- end -}} diff --git a/library/ix-dev/charts/elastic-search/templates/_helper.tpl b/library/ix-dev/charts/elastic-search/templates/_helper.tpl new file mode 100644 index 0000000000..4c356539f1 --- /dev/null +++ b/library/ix-dev/charts/elastic-search/templates/_helper.tpl @@ -0,0 +1,7 @@ +{{- define "es.schema" -}} + {{- $protocol := "http" -}} + {{- if .Values.esNetwork.certificateID -}} + {{- $protocol = "https" -}} + {{- end -}} + {{- $protocol -}} +{{- end -}} diff --git a/library/ix-dev/charts/elastic-search/templates/_portal.tpl b/library/ix-dev/charts/elastic-search/templates/_portal.tpl new file mode 100644 index 0000000000..cc199986de --- /dev/null +++ b/library/ix-dev/charts/elastic-search/templates/_portal.tpl @@ -0,0 +1,12 @@ +{{- define "es.portal" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: portal +data: + path: / + port: {{ .Values.esNetwork.httpPort | quote }} + protocol: {{ include "es.schema" . }} + host: $node_ip +{{- end -}} diff --git a/library/ix-dev/charts/elastic-search/templates/common.yaml b/library/ix-dev/charts/elastic-search/templates/common.yaml new file mode 100644 index 0000000000..2d643edb7d --- /dev/null +++ b/library/ix-dev/charts/elastic-search/templates/common.yaml @@ -0,0 +1,9 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "es.workload" $ | fromYaml) -}} + +{{/* Create the configmap for portal manually*/}} +{{- include "es.portal" $ -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/library/ix-dev/charts/elastic-search/upgrade_info.json b/library/ix-dev/charts/elastic-search/upgrade_info.json new file mode 100644 index 0000000000..767388094a --- /dev/null +++ b/library/ix-dev/charts/elastic-search/upgrade_info.json @@ -0,0 +1 @@ +{"filename": "values.yaml", "keys": ["image"]} diff --git a/library/ix-dev/charts/elastic-search/upgrade_strategy b/library/ix-dev/charts/elastic-search/upgrade_strategy new file mode 100755 index 0000000000..13d38b0f3c --- /dev/null +++ b/library/ix-dev/charts/elastic-search/upgrade_strategy @@ -0,0 +1,26 @@ +#!/usr/bin/python3 +import json +import sys + +from catalog_update.upgrade_strategy import semantic_versioning + + +def newer_mapping(image_tags): + key = list(image_tags.keys())[0] + version = semantic_versioning(image_tags[key]) + if not version: + return {} + + return { + 'tags': {key: f'v{version}'}, + 'app_version': f'v{version}', + } + + +if __name__ == '__main__': + try: + versions_json = json.loads(sys.stdin.read()) + except ValueError: + raise ValueError('Invalid json specified') + + print(json.dumps(newer_mapping(versions_json))) diff --git a/library/ix-dev/charts/elastic-search/values.yaml b/library/ix-dev/charts/elastic-search/values.yaml new file mode 100644 index 0000000000..d8884202c1 --- /dev/null +++ b/library/ix-dev/charts/elastic-search/values.yaml @@ -0,0 +1,31 @@ +image: + repository: docker.elastic.co/elasticsearch/elasticsearch + pullPolicy: IfNotPresent + tag: '8.7.0' + +resources: + limits: + cpu: 4000m + memory: 8Gi + +esConfig: + password: "" + heapSize: 512m + nodeName: elastic_search_node + additionalEnvs: [] + +# Not user configurable +esRunAs: + user: 1000 + group: 1000 + +esNetwork: + httpPort: 30000 + hostNetwork: false + certificateID: "" + +esStorage: + data: + type: ixVolume + hostPath: '' + datasetName: data