shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187
							apiVersion: "v1"
kind: "DeploymentConfig"
metadata:
  name: "{{deploy_name}}"
  labels:
    provider: openshift
    component: "{{component}}"
    deployment: "{{deploy_name}}"
    logging-infra: "{{logging_component}}"
spec:
  replicas: {{es_replicas|default(1)}}
  revisionHistoryLimit: 0
  selector:
    provider: openshift
    component: "{{component}}"
    deployment: "{{deploy_name}}"
    logging-infra: "{{logging_component}}"
  strategy:
    type: Recreate
  triggers: []
  template:
    metadata:
      name: "{{deploy_name}}"
      labels:
        logging-infra: "{{logging_component}}"
        provider: openshift
        component: "{{component}}"
        deployment: "{{deploy_name}}"
    spec:
      terminationGracePeriod: 600
      serviceAccountName: aggregated-logging-elasticsearch
      securityContext:
        supplementalGroups:
{% for group in es_storage_groups %}
        - {{group}}
{% endfor %}
{% if es_node_selector is iterable and es_node_selector | length > 0 %}
      nodeSelector:
{% for key, value in es_node_selector.items() %}
        {{key}}: "{{value}}"
{% endfor %}
{% endif %}
      containers:
        - name: "elasticsearch"
          image: {{image}}
          imagePullPolicy: IfNotPresent
          resources:
            limits:
{% if es_cpu_limit is defined and es_cpu_limit is not none and es_cpu_limit != '' %}
              cpu: "{{es_cpu_limit}}"
{% endif %}
              memory: "{{es_memory_limit}}"
            requests:
              cpu: "{{es_cpu_request}}"
              memory: "{{es_memory_limit}}"
{% if es_container_security_context %}
          securityContext: {{ es_container_security_context | to_yaml }}
{% endif %}
          ports:
            -
              containerPort: 9200
              name: "restapi"
            -
              containerPort: 9300
              name: "cluster"
          env:
            -
              name: "DC_NAME"
              value: "{{deploy_name}}"
            -
              name: "NAMESPACE"
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            -
              name: "KUBERNETES_TRUST_CERT"
              value: "true"
            -
              name: "SERVICE_DNS"
              value: "logging-{{es_cluster_name}}-cluster"
            -
              name: "CLUSTER_NAME"
              value: "logging-{{es_cluster_name}}"
            -
              name: "INSTANCE_RAM"
              value: "{{openshift_logging_elasticsearch_memory_limit}}"
            -
              name: "HEAP_DUMP_LOCATION"
              value: "/elasticsearch/persistent/heapdump.hprof"
            -
              name: "NODE_QUORUM"
              value: "{{es_node_quorum | int}}"
            -
              name: "RECOVER_EXPECTED_NODES"
              value: "{{es_recover_expected_nodes}}"
            -
              name: "RECOVER_AFTER_TIME"
              value: "{{openshift_logging_elasticsearch_recover_after_time}}"
            -
              name: "READINESS_PROBE_TIMEOUT"
              value: "30"
            -
              name: "POD_LABEL"
              value: "component={{component}}"
            -
              name: "IS_MASTER"
              value: "{% if deploy_type in ['data-master', 'master'] %}true{% else %}false{% endif %}"

            -
              name: "HAS_DATA"
              value: "{% if deploy_type in ['data-master', 'data-client'] %}true{% else %}false{% endif %}"
            -
              name: "PROMETHEUS_USER"
              value: "{{openshift_logging_elasticsearch_prometheus_sa}}"

          volumeMounts:
            - name: elasticsearch
              mountPath: /etc/elasticsearch/secret
              readOnly: true
            - name: elasticsearch-config
              mountPath: /usr/share/java/elasticsearch/config
              readOnly: true
            - name: elasticsearch-storage
              mountPath: /elasticsearch/persistent
          readinessProbe:
            exec:
              command:
              - "/usr/share/java/elasticsearch/probe/readiness.sh"
            initialDelaySeconds: 10
            timeoutSeconds: 30
            periodSeconds: 5
        -
          name: proxy
          image: {{ proxy_image }}
          imagePullPolicy: IfNotPresent
          args:
           - --upstream-ca=/etc/elasticsearch/secret/admin-ca
           - --https-address=:4443
           - -provider=openshift
           - -client-id=system:serviceaccount:{{ openshift_logging_elasticsearch_namespace }}:aggregated-logging-elasticsearch
           - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
           - -cookie-secret={{ 16 | lib_utils_oo_random_word | b64encode }}
           - -basic-auth-password={{ basic_auth_passwd }}
           - -upstream=https://localhost:9200
           - '-openshift-sar={"namespace": "{{ openshift_logging_elasticsearch_namespace}}", "verb": "view", "resource": "prometheus", "group": "metrics.openshift.io"}'
           - '-openshift-delegate-urls={"/": {"resource": "prometheus", "verb": "view", "group": "metrics.openshift.io", "namespace": "{{ openshift_logging_elasticsearch_namespace}}"}}'
           - --tls-cert=/etc/tls/private/tls.crt
           - --tls-key=/etc/tls/private/tls.key
           - -pass-access-token
           - -pass-user-headers
          ports:
          - containerPort: 4443
            name: proxy
            protocol: TCP
          volumeMounts:
          - mountPath: /etc/tls/private
            name: proxy-tls
            readOnly: true
          - mountPath: /etc/elasticsearch/secret
            name: elasticsearch
            readOnly: true
          resources:
            limits:
              memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}"
            requests:
              cpu: "{{openshift_logging_elasticsearch_proxy_cpu_request }}"
              memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}"
      volumes:
        - name: proxy-tls
          secret:
            secretName: prometheus-tls
        - name: elasticsearch
          secret:
            secretName: logging-elasticsearch
        - name: elasticsearch-config
          configMap:
            name: logging-elasticsearch
        - name: elasticsearch-storage
{% if openshift_logging_elasticsearch_storage_type == 'pvc' %}
          persistentVolumeClaim:
            claimName: {{ openshift_logging_elasticsearch_pvc_name }}
{% elif openshift_logging_elasticsearch_storage_type == 'hostmount' %}
          hostPath:
            path: {{ openshift_logging_elasticsearch_hostmount_path }}
{% else %}
          emptydir: {}
{% endif %}