Merge "Update Keystore cert"

[oom.git] / kubernetes / aai / charts / aai-elasticsearch / templates / deployment.yaml

diff --git a/kubernetes/aai/charts/aai-elasticsearch/templates/deployment.yaml b/kubernetes/aai/charts/aai-elasticsearch/templates/deployment.yaml
index 6792d4c..785693a 100644 (file)
--- a/kubernetes/aai/charts/aai-elasticsearch/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-elasticsearch/templates/deployment.yaml
@@ -1,3 +1,17 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
@@ -17,16 +31,20 @@ spec:
     metadata:
       labels:
         app: {{ include "common.name" . }}
+        release: {{ .Release.Name }}
       name: {{ include "common.name" . }}
     spec:
+      hostname: {{ include "common.name" . }}
       initContainers:
       - command:
         - /bin/sh
         - -c
         - |
-          mkdir -p /logroot/elasticsearch/es-data
-          chmod -R 777 /logroot/elasticsearch/es-data
-          chown -R root:root /logroot
+          sysctl -w vm.max_map_count=262144
+          mkdir -p /logroot/elasticsearch/logs
+          mkdir -p /logroot/elasticsearch/data
+          chmod -R 777 /logroot/elasticsearch
+          chown -R 1000:1000 /logroot
         env:
         - name: NAMESPACE
           valueFrom:
@@ -36,18 +54,18 @@ spec:
         securityContext:
           privileged: true
         image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
         name: init-sysctl
         volumeMounts:
         - name: elasticsearch-data
           mountPath: /logroot/
-      hostname: {{ include "common.name" . }}
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.image }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}
+        - containerPort: {{ .Values.service.internalPort2 }}
         # disable liveness probe when breakpoints set in debugger
         # so K8s doesn't restart unresponsive container
         {{- if eq .Values.liveness.enabled true }}
@@ -69,10 +87,29 @@ spec:
           - name: elasticsearch-config
             subPath: elasticsearch.yml
             mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
+          - name: elasticsearch-config
+            subPath: jvm.options
+            mountPath: /usr/share/elasticsearch/config/jvm.options
+          - name: elasticsearch-config
+            subPath: log4j2.properties
+            mountPath: /usr/share/elasticsearch/config/log4j2.properties
+          - name: searchguard-scripts
+            subPath: run.sh
+            mountPath: /usr/share/elasticsearch/bin/run.sh
+          - name: searchguard-scripts
+            subPath: wait_until_started.sh
+            mountPath: /usr/share/elasticsearch/bin/wait_until_started.sh
+          - name: searchguard-scripts
+            subPath: init_sg.sh
+            mountPath: /usr/share/elasticsearch/bin/init_sg.sh
+          - name: searchguard-config
+            mountPath: /usr/share/elasticsearch/config/sg
+          - name: searchguard-auth-config
+            mountPath: /usr/share/elasticsearch/config/sg/auth
           - name: elasticsearch-data
             mountPath: /usr/share/elasticsearch/data
         resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 12 }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
@@ -88,9 +125,20 @@ spec:
           path: /etc/localtime
       - name: elasticsearch-config
         configMap:
-          name: {{ include "common.fullname" . }}
+          name: {{ include "common.fullname" . }}-es-config
+      - name: searchguard-scripts
+        configMap:
+          name: {{ include "common.fullname" . }}-sg-scripts
+          defaultMode: 0754
+      - name: searchguard-config
+        configMap:
+          name: {{ include "common.fullname" . }}-sg-config
+      - name: searchguard-auth-config
+        secret:
+          secretName: {{ include "common.fullname" . }}-sg-auth
       - name: elasticsearch-data
         hostPath:
-          path: {{ .Values.persistence.mountPath }}/{{ include "common.namespace" . }}/{{ .Values.persistence.mountSubPath }}
+          path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+      restartPolicy: {{ .Values.restartPolicy }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"