release: {{ .Release.Name }}
name: {{ include "common.name" . }}
spec:
+ hostname: {{ include "common.name" . }}
initContainers:
- command:
- /bin/sh
- -c
- |
- mkdir -p /logroot/elasticsearch/es-data
- chmod -R 777 /logroot/elasticsearch/es-data
- chown -R root:root /logroot
+ sysctl -w vm.max_map_count=262144
+ mkdir -p /logroot/elasticsearch/logs
+ mkdir -p /logroot/elasticsearch/data
+ chmod -R 777 /logroot/elasticsearch
+ chown -R 1000:1000 /logroot
env:
- name: NAMESPACE
valueFrom:
securityContext:
privileged: true
image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
name: init-sysctl
volumeMounts:
- name: elasticsearch-data
mountPath: /logroot/
- hostname: {{ include "common.name" . }}
containers:
- name: {{ include "common.name" . }}
- image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
- name: elasticsearch-config
subPath: elasticsearch.yml
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
+ - name: elasticsearch-config
+ subPath: jvm.options
+ mountPath: /usr/share/elasticsearch/config/jvm.options
+ - name: elasticsearch-config
+ subPath: log4j2.properties
+ mountPath: /usr/share/elasticsearch/config/log4j2.properties
+ - name: searchguard-scripts
+ subPath: run.sh
+ mountPath: /usr/share/elasticsearch/bin/run.sh
+ - name: searchguard-scripts
+ subPath: wait_until_started.sh
+ mountPath: /usr/share/elasticsearch/bin/wait_until_started.sh
+ - name: searchguard-scripts
+ subPath: init_sg.sh
+ mountPath: /usr/share/elasticsearch/bin/init_sg.sh
+ - name: searchguard-config
+ mountPath: /usr/share/elasticsearch/config/sg
+ - name: searchguard-auth-config
+ mountPath: /usr/share/elasticsearch/config/sg/auth
- name: elasticsearch-data
mountPath: /usr/share/elasticsearch/data
resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
path: /etc/localtime
- name: elasticsearch-config
configMap:
- name: {{ include "common.fullname" . }}
+ name: {{ include "common.fullname" . }}-es-config
+ - name: searchguard-scripts
+ configMap:
+ name: {{ include "common.fullname" . }}-sg-scripts
+ defaultMode: 0754
+ - name: searchguard-config
+ configMap:
+ name: {{ include "common.fullname" . }}-sg-config
+ - name: searchguard-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-sg-auth
- name: elasticsearch-data
hostPath:
path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+ restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
Code Review / oom.git / blobdiff