-
Notifications
You must be signed in to change notification settings - Fork 2
/
es.yaml
163 lines (163 loc) · 4.15 KB
/
es.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# This sample sets up an Elasticsearch cluster with 3 nodes.
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elasticsearch-prod
spec:
version: 7.5.0
nodeSets:
- name: es-cluster-name
count: 3
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
storageClassName: "alicloud-disk-ssd"
config:
# most Elasticsearch configuration parameters are possible to set, e.g:
# node.attr.attr_name: attr_value
node.master: true
node.data: true
node.ingest: false
node.ml: false
# this allows ES to run on nodes even if their vm.max_map_count has not been increased, at a performance cost
node.store.allow_mmap: false
podTemplate:
metadata:
labels:
# additional labels for pods
app: elasticsearch
spec:
# this changes the kernel setting on the node to allow ES to use mmap
# if you uncomment this init container you will likely also want to remove the
# "node.store.allow_mmap: false" setting above
# initContainers:
# - name: sysctl
# securityContext:
# privileged: true
# command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
containers:
- name: elasticsearch
# specify resource limits and requests
resources:
limits:
memory: 4Gi
cpu: 1
env:
- name: ES_JAVA_OPTS
value: "-Xms2g -Xmx2g"
http:
service:
spec:
# expose this cluster Service with a ClusterIP and add public ingress for access
type: ClusterIP
tls:
certificate:
secretName: wildcard-cert-tls
---
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: kibana-prod
spec:
version: 7.5.0
count: 1
elasticsearchRef:
name: "elasticsearch-prod"
http:
# service:
# spec:
# type: ClusterIP
tls:
certificate:
secretName: wildcard-cert-tls
# selfSignedCertificate:
# disabled: true
podTemplate:
metadata:
labels:
app: kibana
spec:
containers:
- name: kibana
resources:
limits:
memory: 1Gi
cpu: 1
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: es-ingress
namespace: elasticsearch
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: es.example.com
http:
paths:
- path: /
backend:
serviceName: elasticsearch-prod-es-http
servicePort: 9200
tls:
# TLS termination configuration
# see https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/tls-termination
- hosts:
- es.example.com
secretName: wildcard-cert-tls
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: es-ingress-internal
namespace: elasticsearch
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: es.example.com
http:
paths:
- path: /
backend:
serviceName: elasticsearch-prod-es-http
servicePort: 9200
tls:
# TLS termination configuration
# see https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/tls-termination
- hosts:
- es.example.com
secretName: wildcard-cert-tls
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: kibana-ingress
namespace: elasticsearch
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: kibana.example.com
http:
paths:
- path: /
backend:
serviceName: kibana-prod-kb-http
servicePort: 5601
tls:
# TLS termination configuration
# see https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/tls-termination
- hosts:
- kibana.example.com
secretName: wildcard-cert-tls