diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/elasticsearch/statefulset.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/elasticsearch/statefulset.yaml index 2be558d77..2aad6176d 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/elasticsearch/statefulset.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/elasticsearch/statefulset.yaml @@ -14,33 +14,67 @@ spec: labels: app: elasticsearch spec: + securityContext: + fsGroup: 1000 + runAsUser: 1000 containers: - name: elasticsearch image: ghcr.io/giganticminecraft/growi-elasticsearch:sha-a6d1213 + securityContext: + privileged: false + readOnlyRootFilesystem: false + runAsUser: 1000 + capabilities: + add: + - IPC_LOCK + - SYS_RESOURCE resources: requests: cpu: 1 - memory: 1Gi + memory: 4Gi limits: cpu: 1 - memory: 1Gi + memory: 4Gi env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: ES_JAVA_OPTS - value: "-Xms512m -Xmx512m" + value: "-Xms1024m -Xmx1024m" - name: bootstrap.memory_lock value: "true" ports: - name: http containerPort: 9200 + livenessProbe: + httpGet: + path: "/_cluster/health" + port: http + initialDelaySeconds: 20 + periodSeconds: 10 + readinessProbe: + httpGet: + path: "/_cluster/health" + port: http + initialDelaySeconds: 20 + periodSeconds: 10 volumeMounts: - - name: config-volume - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml - subPath: elasticsearch.yml + - name: config-volume + mountPath: /usr/share/elasticsearch/config/elasticsearch.yml + subPath: elasticsearch.yml + - name: data-volume + mountPath: /usr/share/elasticsearch/data volumes: - - name: config-volume - configMap: - name: elasticsearch-config + - name: config-volume + configMap: + name: elasticsearch-config + volumeClaimTemplates: + - metadata: + name: data-volume + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 10Gi +