Code development platform for open source projects from the European Union institutions

Skip to content
Snippets Groups Projects
Commit 9e72f4f6 authored by Natalia Szakiel's avatar Natalia Szakiel
Browse files

initial commit

parents
No related branches found
No related tags found
2 merge requests!48Develop,!46Develop
Hide whitespace changes
Inline Side-by-side
.gitignore 0 → 100644
+ 3
0
View file @ 9e72f4f6
*.lock
*.tgz
\ No newline at end of file
.helmignore 0 → 100644
+ 1
0
View file @ 9e72f4f6
.git
Chart.yaml 0 → 100644
+ 2
0
View file @ 9e72f4f6
name: eck-monitoring
version: 0.1
templates/elasticsearch.yaml 0 → 100644
+ 119
0
View file @ 9e72f4f6
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: {{ .Release.Name }}-elasticsearch
spec:
version: {{ .Values.elasticVersion }}
image: {{ .Values.elasticsearch.image }}:{{ default .Values.elasticVersion .Values.elasticsearch.imageTag }}
nodeSets:
{{- range .Values.elasticsearch.nodeSets }}
- name: {{ .name }}
count: {{ .count}}
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .diskSpace }}
storageClassName: {{ .storageClassName }}
podTemplate:
metadata:
labels:
stack-namespace: {{$.Release.Namespace}}
spec:
initContainers:
- name: sysctl
imagePullPolicy: Always
command: ["/bin/bash", "-c"]
args:
- |
sysctl -w vm.max_map_count=2628576 &&
sysctl -w net.ipv4.tcp_retries2=5 &&
sysctl -w vm.swappiness=1
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
privileged: true
containers:
- name: elasticsearch
imagePullPolicy: Always
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
{{- with .resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /usr/share/elasticsearch/config/jvm.options
name: elasticsearch-jvm-options-vol
subPath: jvm.options
env:
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ $.Release.Name -}}-elasticsearch-es-elastic-user
key: elastic
{{- with $.Values.elasticsearch.env }}
{{- toYaml . | nindent 10 }}
{{- end }}
volumes:
- name: elasticsearch-jvm-options-vol
configMap:
defaultMode: 0640
name: elasticsearch-jvm-options
{{- end }}
http:
tls:
certificate:
secretName: {{ .Release.Name }}-elasticsearch-http-cert-secret
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Release.Name }}-elasticsearch-http
annotations:
ngnix.ingress.kubernetes.io/router.entrypoints: elasticsearch {{- if .Values.openStandardHttpsPorts -}} , websecure {{- end }}
ngnix.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/hostname: {{ template "elasticsearch.dns" . }}
spec:
ingressClassName: ngnix
tls:
- hosts:
- {{ template "elasticsearch.dns" . }}
secretName: {{ .Release.Name }}-elasticsearch-http-cert-secret
rules:
- host: {{ template "elasticsearch.dns" . }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ .Release.Name }}-elasticsearch-es-http
port:
number: 9200
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .Release.Name }}-elasticsearch-http-cert
spec:
dnsNames:
- {{ template "elasticsearch.dns" . }}
- {{ .Release.Name }}-elasticsearch-es-http.{{ .Release.Namespace }}
- {{ .Release.Name }}-elasticsearch-es-http.{{ .Release.Namespace }}.svc
secretName: {{ .Release.Name }}-elasticsearch-http-cert-secret
duration: {{ .Values.elasticsearch.cert.duration }}
renewBefore: {{ .Values.elasticsearch.cert.renewBefore }}
issuerRef:
name: ca-issuer
kind: ClusterIssuer
---
templates/kibana.yaml 0 → 100644
+ 104
0
View file @ 9e72f4f6
{{- if gt (.Values.kibana.count |int) 0}}
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: {{ .Release.Name }}-kibana
spec:
version: {{ .Values.elasticVersion }}
count: {{ .Values.kibana.count }}
image: {{ .Values.kibana.image }}:{{ default .Values.elasticVersion .Values.kibana.imageTag }}
config:
elasticsearch.requestTimeout: 120000
server.publicBaseUrl: "{{ template "kibana.dns.fullPath" . }}"
{{- if and (.Values.kibana.ingressSubpath) (ne "/" .Values.kibana.ingressSubpath) }}
server.basePath: {{ .Values.kibana.ingressSubpath }}
server.rewriteBasePath: true
{{- end }}
{{- with .Values.kibana.config }}
{{- toYaml .| nindent 4 }}
{{- end }}
elasticsearchRef:
name: {{ default .Values.kibana.elasticsearchReleaseName .Release.Name }}-elasticsearch
podTemplate:
metadata:
labels:
stack-namespace: {{.Release.Namespace}}
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: kibana
imagePullPolicy: Always
{{- with .Values.kibana.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /usr/share/kibana/config/elasticsearch-secrets-certs
name: secrets-certs
readinessProbe:
httpGet:
scheme: HTTPS
path: {{- with .Values.kibana.ingressSubpath }} {{ . }} {{- end }}
port: 5601
env:
- name: NODE_EXTRA_CA_CERTS
value: /usr/share/kibana/config/elasticsearch-secrets-certs/ca.crt
{{- with .Values.kibana.env }}
{{- toYaml . | nindent 10 }}
{{- end }}
volumes:
- name: secrets-certs
projected:
sources:
- secret:
name: elastic-kibana-cert-secret
http:
tls:
certificate:
secretName: {{ .Release.Name }}-kibana-cert-secret
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Release.Name }}-kibana-dashboard
annotations:
ngnix.ingress.kubernetes.io/router.tls: "true"
ngnix.ingress.kubernetes.io/router.entrypoints: kibana {{- if .Values.openStandardHttpsPorts -}} , websecure {{- end }}
external-dns.alpha.kubernetes.io/hostname: {{ template "kibana.dns" . }}
spec:
ingressClassName: ngnix
tls:
- hosts:
- {{ template "kibana.dns" . }}
secretName: {{ .Release.Name }}-kibana-cert-secret
rules:
- host: {{ template "kibana.dns" . }}
http:
paths:
- path: {{ default "/" .Values.kibana.ingressSubpath }}
pathType: Prefix
backend:
service:
name: {{ .Release.Name }}-kibana-kb-http
port:
number: 5601
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .Release.Name }}-kibana-cert
spec:
dnsNames:
- "{{ template "kibana.dns" . }}"
- {{ .Release.Name }}-kibana-kb-http.{{ .Release.Namespace }}
- {{ .Release.Name }}-kibana-kb-http.{{ .Release.Namespace }}.svc
secretName: {{ .Release.Name }}-kibana-cert-secret
duration: {{ .Values.kibana.cert.duration }}
renewBefore: {{ .Values.kibana.cert.renewBefore }}
issuerRef:
name: ca-issuer
kind: ClusterIssuer
{{- end }}
values-operator.yaml 0 → 100644
+ 9
0
View file @ 9e72f4f6
installCRDs: false
createClusterScopedResources: false
webhook:
enabled: false
config:
validateStorageClass: false
\ No newline at end of file
values.yaml 0 → 100644
+ 97
0
View file @ 9e72f4f6
# version of all elastic applications
elasticVersion: 8.11.1
# Name of aws environment
envTag: "test"
# This suffix will be used to create subdomain of following template:
# kibana.NAMESPACE_TAG.DOMAIN_SUFFIX
domainSuffix: "simpl"
# This value is used to create unique dns for each deployment. By default it equals to namespace.
namespaceTag: ""
# Spread pods evenly between subnets
createTopologySpreadConstraints: true
# Force pods to be scheduled evenly between separete AZ, this means if all nodes in AZ will be full pod won't be scheduled.
# Turning this off will still create pods in seperate AZ, but k8s scheduler won't be able to respect topologySpreadConstrains, will schedule pods in the same AZ.
forceDeployInSeperateAZ: true
# Open port 443 for each component on the Traefik level.
openStandardHttpsPorts: true
# imagePullSecrets defines the secrets with credentials to docker registry, for example nexus.
imagePullSecrets: []
# Precise on which nodes should pods be deployed if label is available - if not, it will go on random nodes.
affinity:
purpose: simpl
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch
# Elasticsearch's image tag, by default it equals to elasticVersion
ccr_remote_ca_file: ccr-remote-ca.pem
imageTag: ""
jvm_options_xms: 1g
jvm_options_xmx: 1g
cert:
duration: 2160h0m0s # 90d
renewBefore: 360h0m0s # 15d
#Environment variables to set in kibana pod
#Usage from cli:
# --set "elasticsearch.env[0].name=VARIABLE_NAME" --set "elasticsearch.env[0].value=VARIABLE_VALUE"
env: []
# here you can specify several node groups (e.g. master, data groups)
nodeSets:
- name: "node"
# number of elasticsearch nodes in each group
count: 3
# persistent volume claim size
diskSpace: 3Gi
# name of StorageClass that will be used to create VolumeClaims. (StorageClass must exist)
storageClassName: csi-cinder-high-speed
# here you can specify elasticsearch config e.g
# config:
# node.roles: ["master"]
config: {}
kibana:
# set >0 to deploy kibana, 0 otherwise
count: 2
image: docker.elastic.co/kibana/kibana
# Kibana's image tag, by default it equals to elasticVersion
imageTag: ""
# name of helm release where elasticsearch is installed. If you install kibana together with elasticsearch, leave it empty.
elasticsearchReleaseName: ""
# Kibana server will listen on that subpath
ingressSubpath: "/celk"
cert:
duration: 2160h0m0s # 90d
renewBefore: 360h0m0s # 15d
# Additional kibana's config according to this link: https://www.elastic.co/guide/en/kibana/current/settings.html
config:
xpack.reporting.roles.enabled: false
resources:
requests:
memory: 1Gi
limits:
memory: 1Gi
#Environment variables to set in kibana pod
#Usage from cli:
# --set "kibana.env[0].name=VARIABLE_NAME" --set "kibana.env[0].value=VARIABLE_VALUE"
env: []
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

For further information about the platform and support, please see https://code.europa.eu/info/about