| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185 |
- apiVersion: "v1"
- kind: "DeploymentConfig"
- metadata:
- name: "{{deploy_name}}"
- labels:
- provider: openshift
- component: "{{component}}"
- deployment: "{{deploy_name}}"
- logging-infra: "{{logging_component}}"
- spec:
- replicas: {{es_replicas|default(1)}}
- revisionHistoryLimit: 0
- selector:
- provider: openshift
- component: "{{component}}"
- deployment: "{{deploy_name}}"
- logging-infra: "{{logging_component}}"
- strategy:
- type: Recreate
- template:
- metadata:
- name: "{{deploy_name}}"
- labels:
- logging-infra: "{{logging_component}}"
- provider: openshift
- component: "{{component}}"
- deployment: "{{deploy_name}}"
- spec:
- terminationGracePeriod: 600
- serviceAccountName: aggregated-logging-elasticsearch
- securityContext:
- supplementalGroups:
- {% for group in es_storage_groups %}
- - {{group}}
- {% endfor %}
- {% if es_node_selector is iterable and es_node_selector | length > 0 %}
- nodeSelector:
- {% for key, value in es_node_selector.items() %}
- {{key}}: "{{value}}"
- {% endfor %}
- {% endif %}
- containers:
- - name: proxy
- image: {{ proxy_image }}
- imagePullPolicy: IfNotPresent
- args:
- - --upstream-ca=/etc/elasticsearch/secret/admin-ca
- - --https-address=:4443
- - -provider=openshift
- - -client-id={{openshift_logging_elasticsearch_prometheus_sa}}
- - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
- - -cookie-secret={{ 16 | oo_random_word | b64encode }}
- - -upstream=https://localhost:9200
- - '-openshift-sar={"namespace": "{{ openshift_logging_elasticsearch_namespace}}", "verb": "view", "resource": "prometheus", "group": "metrics.openshift.io"}'
- - '-openshift-delegate-urls={"/": {"resource": "prometheus", "verb": "view", "group": "metrics.openshift.io", "namespace": "{{ openshift_logging_elasticsearch_namespace}}"}}'
- - --tls-cert=/etc/tls/private/tls.crt
- - --tls-key=/etc/tls/private/tls.key
- - -pass-access-token
- - -pass-user-headers
- ports:
- - containerPort: 4443
- name: proxy
- protocol: TCP
- volumeMounts:
- - mountPath: /etc/tls/private
- name: proxy-tls
- readOnly: true
- - mountPath: /etc/elasticsearch/secret
- name: elasticsearch
- readOnly: true
- resources:
- limits:
- memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}"
- requests:
- cpu: "{{openshift_logging_elasticsearch_proxy_cpu_request }}"
- memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}"
- -
- name: "elasticsearch"
- image: {{image}}
- imagePullPolicy: IfNotPresent
- resources:
- limits:
- {% if es_cpu_limit is defined and es_cpu_limit is not none and es_cpu_limit != '' %}
- cpu: "{{es_cpu_limit}}"
- {% endif %}
- memory: "{{es_memory_limit}}"
- requests:
- cpu: "{{es_cpu_request}}"
- memory: "{{es_memory_limit}}"
- {% if es_container_security_context %}
- securityContext: {{ es_container_security_context | to_yaml }}
- {% endif %}
- ports:
- -
- containerPort: 9200
- name: "restapi"
- -
- containerPort: 9300
- name: "cluster"
- env:
- -
- name: "DC_NAME"
- value: "{{deploy_name}}"
- -
- name: "NAMESPACE"
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- -
- name: "KUBERNETES_TRUST_CERT"
- value: "true"
- -
- name: "SERVICE_DNS"
- value: "logging-{{es_cluster_name}}-cluster"
- -
- name: "CLUSTER_NAME"
- value: "logging-{{es_cluster_name}}"
- -
- name: "INSTANCE_RAM"
- value: "{{openshift_logging_elasticsearch_memory_limit}}"
- -
- name: "HEAP_DUMP_LOCATION"
- value: "/elasticsearch/persistent/heapdump.hprof"
- -
- name: "NODE_QUORUM"
- value: "{{es_node_quorum | int}}"
- -
- name: "RECOVER_EXPECTED_NODES"
- value: "{{es_recover_expected_nodes}}"
- -
- name: "RECOVER_AFTER_TIME"
- value: "{{openshift_logging_elasticsearch_recover_after_time}}"
- -
- name: "READINESS_PROBE_TIMEOUT"
- value: "30"
- -
- name: "POD_LABEL"
- value: "component={{component}}"
- -
- name: "IS_MASTER"
- value: "{% if deploy_type in ['data-master', 'master'] %}true{% else %}false{% endif %}"
- -
- name: "HAS_DATA"
- value: "{% if deploy_type in ['data-master', 'data-client'] %}true{% else %}false{% endif %}"
- -
- name: "PROMETHEUS_USER"
- value: "{{openshift_logging_elasticsearch_prometheus_sa}}"
- volumeMounts:
- - name: elasticsearch
- mountPath: /etc/elasticsearch/secret
- readOnly: true
- - name: elasticsearch-config
- mountPath: /usr/share/java/elasticsearch/config
- readOnly: true
- - name: elasticsearch-storage
- mountPath: /elasticsearch/persistent
- readinessProbe:
- exec:
- command:
- - "/usr/share/java/elasticsearch/probe/readiness.sh"
- initialDelaySeconds: 10
- timeoutSeconds: 30
- periodSeconds: 5
- volumes:
- - name: proxy-tls
- secret:
- secretName: prometheus-tls
- - name: elasticsearch
- secret:
- secretName: logging-elasticsearch
- - name: elasticsearch-config
- configMap:
- name: logging-elasticsearch
- - name: elasticsearch-storage
- {% if openshift_logging_elasticsearch_storage_type == 'pvc' %}
- persistentVolumeClaim:
- claimName: {{ openshift_logging_elasticsearch_pvc_name }}
- {% elif openshift_logging_elasticsearch_storage_type == 'hostmount' %}
- hostPath:
- path: {{ openshift_logging_elasticsearch_hostmount_path }}
- {% else %}
- emptydir: {}
- {% endif %}
|
