-
Notifications
You must be signed in to change notification settings - Fork 213
/
Copy pathk8s-manifest-elastic.yml
212 lines (206 loc) · 6.08 KB
/
k8s-manifest-elastic.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# This is a simple k8s manifest to start Elasticsearch, Kibana and APM server
# with the same configuration as ../docker/docker-compose-elastic.yml
#
# For this reason, if trying to understand why a setting exists, look at the
# docker variant first. Similarly, updates to the docker variant should happen
# here as well.
apiVersion: v1
kind: Service
metadata:
name: elasticsearch
spec:
ports:
- port: 9200
targetPort: 9200
selector:
app: elasticsearch
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: elasticsearch
spec:
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:8.17.2
ports:
- containerPort: 9200
env:
- name: node.name
value: elasticsearch
- name: cluster.name
value: k8s-cluster
- name: discovery.type
value: single-node
- name: ELASTIC_PASSWORD
value: elastic
- name: bootstrap.memory_lock
value: "true"
- name: xpack.security.enabled
value: "true"
- name: xpack.security.http.ssl.enabled
value: "false"
- name: xpack.security.transport.ssl.enabled
value: "false"
- name: xpack.license.self_generated.type
value: trial
# Note that ELSER is recommended to have 2GB, but it is JNI (PyTorch).
# ELSER's memory is in addition to the heap and other overhead.
- name: ES_JAVA_OPTS
value: "-Xms2g -Xmx2g"
securityContext:
capabilities:
add: ["CHOWN", "DAC_OVERRIDE", "SETGID", "SETUID"]
drop: ["ALL"]
readinessProbe:
exec:
command: ["sh", "-c", "curl --max-time 1 -s http://localhost:9200 | grep -q 'missing authentication credentials'"]
initialDelaySeconds: 5
periodSeconds: 1
timeoutSeconds: 10
failureThreshold: 120
---
apiVersion: v1
kind: Service
metadata:
name: kibana
spec:
ports:
- port: 5601
targetPort: 5601
selector:
app: kibana
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana
spec:
replicas: 1
selector:
matchLabels:
app: kibana
template:
metadata:
labels:
app: kibana
spec:
initContainers:
# gen-ai assistants in kibana save state in a way that requires system
# access, so set kibana_system's password to a known value.
- name: setup-kibana-system-user
image: docker.elastic.co/elasticsearch/elasticsearch:8.17.2
command:
- bash
- -c
- |
echo "Setup the kibana_system password";
until curl --max-time 1 -s -u "elastic:elastic" \
-X POST http://elasticsearch.default.svc:9200/_security/user/kibana_system/_password \
-d "{\"password\":\"elastic\"}" \
-H "Content-Type: application/json" | grep -q "^{}"; do sleep 5; done;
containers:
- name: kibana
image: docker.elastic.co/kibana/kibana:8.17.2
ports:
- containerPort: 5601
env:
- name: SERVERNAME
value: kibana
- name: ELASTICSEARCH_HOSTS
value: http://elasticsearch.default.svc:9200
- name: ELASTICSEARCH_USERNAME
value: kibana_system
- name: ELASTICSEARCH_PASSWORD
value: elastic
- name: MONITORING_UI_CONTAINER_ELASTICSEARCH_ENABLED
value: "true"
- name: XPACK_SECURITY_ENCRYPTIONKEY
value: fhjskloppd678ehkdfdlliverpoolfcr
- name: XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY
value: fhjskloppd678ehkdfdlliverpoolfcr
- name: SERVER_HOST
value: 0.0.0.0
- name: SERVER_PUBLICBASEURL
value: http://127.0.0.1:5601
readinessProbe:
exec:
command: ["sh", "-c", "curl --max-time 1 -s http://localhost:5601/api/status | grep -q 'available'"]
initialDelaySeconds: 1
periodSeconds: 1
failureThreshold: 300
---
apiVersion: v1
kind: Service
metadata:
name: apm-server
spec:
ports:
- port: 8200
targetPort: 8200
selector:
app: apm-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apm-server
spec:
replicas: 1
selector:
matchLabels:
app: apm-server
template:
metadata:
labels:
app: apm-server
spec:
initContainers:
- name: await-kibana
image: docker.elastic.co/elasticsearch/elasticsearch:8.17.2
command:
- bash
- -xc
- |
echo "Waiting for kibana to be available";
until curl --max-time 1 -s http://kibana.default.svc:5601/api/status | grep -q 'available'; do sleep 1; done;
containers:
- name: apm-server
image: docker.elastic.co/apm/apm-server:8.17.2
command:
- apm-server
- -E
- apm-server.kibana.enabled=true
- -E
- apm-server.kibana.host=http://kibana.default.svc:5601
- -E
- apm-server.kibana.username=elastic
- -E
- apm-server.kibana.password=elastic
- -E
- output.elasticsearch.hosts=["http://elasticsearch.default.svc:9200"]
- -E
- output.elasticsearch.username=elastic
- -E
- output.elasticsearch.password=elastic
ports:
- containerPort: 8200
readinessProbe:
tcpSocket:
port: 8200
initialDelaySeconds: 1
periodSeconds: 1
failureThreshold: 300
securityContext:
capabilities:
add: ["CHOWN", "DAC_OVERRIDE", "SETGID", "SETUID"]
drop: ["ALL"]