{{- if .Values.es.nodeSets }} apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: {{ template "kubezero-lib.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{ include "kubezero-lib.labels" . | indent 4 }} spec: version: {{ .Values.version }} nodeSets: {{- range .Values.es.nodeSets }} - name: {{ .name }} config: node.roles: [ master, data, ingest ] {{- if $.Values.es.prometheus }} prometheus.indices: false {{- end }} {{- if .zone }} node.attr.zone: {{ .zone }} cluster.routing.allocation.awareness.attributes: k8s_node_name,zone {{- end }} transport.compress: true {{- if .processors }} node.processors: {{ .processors }} {{- end }} indices.memory.index_buffer_size: "20%" podTemplate: # Remove once https://github.com/elastic/elasticsearch/pull/65923 is merged {{- if $.Values.es.s3Snapshot.iamrole }} metadata: annotations: iam.amazonaws.com/role: {{ $.Values.es.s3Snapshot.iamrole }} {{- end }} spec: {{- if or $.Values.es.prometheus $.Values.es.s3Snapshot.enabled }} initContainers: - name: install-plugins command: - sh - -c - | {{- if $.Values.es.s3Snapshot.enabled }} bin/elasticsearch-plugin install --batch repository-s3; {{- end }} {{- if $.Values.es.prometheus }} bin/elasticsearch-plugin install --batch https://github.com/vvanholl/elasticsearch-prometheus-exporter/releases/download/{{ $.Values.version }}.0/prometheus-exporter-{{ $.Values.version }}.0.zip; {{- end }} {{- end }} containers: - name: elasticsearch securityContext: capabilities: add: ["SYS_CHROOT"] {{- with .resources }} resources: {{ toYaml . | nindent 12 }} {{- end }} # {{- if or .jvm_heap $.Values.es.s3Snapshot.iamrole }} # env: # {{- end }} {{- if .jvm_heap }} env: - name: ES_JAVA_OPTS value: -Xms{{ .jvm_heap }}g -Xmx{{ .jvm_heap }}g {{- end }} #{{- if $.Values.es.s3Snapshot.iamrole }} # - name: AWS_ROLE_ARN # value: {{ $.Values.es.s3Snapshot.iamrole }} # - name: AWS_WEB_IDENTITY_TOKEN_FILE # value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" # - name: AWS_STS_REGIONAL_ENDPOINTS # value: regional # volumeMounts: # - name: aws-token # mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" # readOnly: true #volumes: #- name: aws-token # projected: # sources: # - serviceAccountToken: # path: token # expirationSeconds: 86400 # audience: "sts.amazonaws.com" #{{- end }} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: elasticsearch.k8s.elastic.co/cluster-name: {{ template "kubezero-lib.fullname" $ }} topologyKey: kubernetes.io/hostname {{- if or .zone .nodeAffinity }} nodeAffinity: {{- if .zone }} requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: topology.kubernetes.io/zone operator: In values: - {{ .zone }} {{- end }} {{- if .nodeAffinity }} preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: - key: {{ .nodeAffinity.key }} operator: In values: - {{ .nodeAffinity.value }} {{- end }} {{- end }} count: {{ .count }} volumeClaimTemplates: - metadata: name: elasticsearch-data spec: accessModes: - ReadWriteOnce resources: requests: storage: {{ .storage.size }} {{- with .storage.class }} storageClassName: {{ . }} {{- end }} {{- end }} http: tls: selfSignedCertificate: disabled: true {{- end }}