Skip to content

C
charts
Commit ba40ab8b by Guangbo Chen
Options

fixed elasticsearch vm issue and added resource request to artifactory

parent e946dfae
Showing with 1873 additions and 33 deletions
.DS_Store deleted 100644 → 0
File deleted
charts/artifactory-ha/v0.2.2/questions.yml
...@@ -289,3 +289,91 @@ questions: ...@@ -289,3 +289,91 @@ questions:
label: External Database Password label: External Database Password
group: "Database Settings" group: "Database Settings"
show_if: "postgresql.enabled=false" show_if: "postgresql.enabled=false"
- variable: advancedOptions
default: false
description: "Show advanced configurations"
label: Show Advanced Configurations
type: boolean
show_subquestion_if: true
group: "Advanced Options"
subquestions:
- variable: artifactory.primary.resources.requests.cpu
default: "500m"
description: "Artifactory primary node initial cpu request"
type: string
label: Artifactory Primary Node Initial CPU Request
- variable: artifactory.primary.resources.requests.memory
default: "1Gi"
description: "Artifactory primary node initial memory request"
type: string
label: Artifactory Primary Node Initial Memory Request
- variable: artifactory.primary.javaOpts.xms
default: "1g"
description: "Artifactory primary node java Xms size"
type: string
label: Artifactory Primary Node Java Xms Size
- variable: artifactory.primary.resources.limits.cpu
default: "2"
description: "Artifactory primary node cpu limit"
type: string
label: Artifactory Primary Node CPU Limit
- variable: artifactory.primary.resources.limits.memory
default: "4Gi"
description: "Artifactory primary node memory limit"
type: string
label: Artifactory Primary Node Memory Limit
- variable: artifactory.primary.javaOpts.xmx
default: "4g"
description: "Artifactory primary node java Xmx size"
type: string
label: Artifactory Primary Node Java Xmx Size
- variable: artifactory.node.resources.requests.cpu
default: "500m"
description: "Artifactory member node initial cpu request"
type: string
label: Artifactory Member Node Initial CPU Request
- variable: artifactory.node.resources.requests.memory
default: "2Gi"
description: "Artifactory member node initial memory request"
type: string
label: Artifactory Member Node Initial Memory Request
- variable: artifactory.node.javaOpts.xms
default: "1g"
description: "Artifactory member node java Xms size"
type: string
label: Artifactory Member Node Java Xms Size
- variable: artifactory.node.resources.limits.cpu
default: "2"
description: "Artifactory member node cpu limit"
type: string
label: Artifactory Member Node CPU Limit
- variable: artifactory.node.resources.limits.memory
default: "4Gi"
description: "Artifactory member node memory limit"
type: string
label: Artifactory Member Node Memory Limit
- variable: artifactory.node.javaOpts.xmx
default: "4g"
description: "Artifactory member node java Xmx size"
type: string
label: Artifactory Member Node Java Xmx Size
- variable: postgresql.node.resources.requests.cpu
default: "200m"
description: "PostgreSQL initial cpu request"
type: string
label: PostgreSQL Initial CPU Request
- variable: postgresql.node.resources.requests.memory
default: "500Mi"
description: "PostgreSQL initial memory request"
type: string
label: PostgreSQL Initial Memory Request
- variable: postgresql.node.resources.limits.cpu
default: "1"
description: "PostgreSQL cpu limit"
type: string
label: PostgreSQL CPU Limit
- variable: postgresql.node.resources.limits.memory
default: "1Gi"
description: "PostgreSQL memory limit"
type: string
label: PostgreSQL Memory Limit
charts/artifactory-ha/v0.2.2/values.yaml
...@@ -37,13 +37,14 @@ postgresql: ...@@ -37,13 +37,14 @@ postgresql:
persistence: persistence:
enabled: true enabled: true
size: 50Gi size: 50Gi
resources: {} # resources: {}
# requests: resources:
# memory: "512Mi" requests:
# cpu: "100m" memory: "512Mi"
# limits: cpu: "100m"
# memory: "1Gi" limits:
# cpu: "500m" memory: "1Gi"
cpu: "500m"
## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), ## If NOT using the PostgreSQL in this chart (postgresql.enabled=false),
## you must specify the following database details ## you must specify the following database details
...@@ -179,18 +180,20 @@ artifactory: ...@@ -179,18 +180,20 @@ artifactory:
## If true, you must prepare a PVC with the name ## If true, you must prepare a PVC with the name
existingClaim: false existingClaim: false
## Resources for the primary node ## Resources for the primary node
resources: {} # resources: {}
# requests: resources:
# memory: "1Gi" requests:
# cpu: "500m" memory: "1Gi"
# limits: cpu: "500m"
# memory: "2Gi" limits:
# cpu: "1" memory: "2Gi"
cpu: "1"
## The following Java options are passed to the java process running Artifactory primary node. ## The following Java options are passed to the java process running Artifactory primary node.
## You should set them according to the resources set above ## You should set them according to the resources set above
javaOpts: {} # javaOpts: {}
# xms: "1g" javaOpts:
# xmx: "2g" xms: "1g"
xmx: "2g"
# other: # other:
node: node:
name: artifactory-ha-member name: artifactory-ha-member
...@@ -200,18 +203,20 @@ artifactory: ...@@ -200,18 +203,20 @@ artifactory:
existingClaim: false existingClaim: false
replicaCount: 2 replicaCount: 2
## Resources for the member nodes ## Resources for the member nodes
resources: {} # resources: {}
# requests: resources:
# memory: "1Gi" requests:
# cpu: "500m" memory: "1Gi"
# limits: cpu: "500m"
# memory: "2Gi" limits:
# cpu: "1" memory: "2Gi"
cpu: "1"
## The following Java options are passed to the java process running Artifactory member nodes. ## The following Java options are passed to the java process running Artifactory member nodes.
## You should set them according to the resources set above ## You should set them according to the resources set above
javaOpts: {} javaOpts: {}
# xms: "1g" javaOpts:
# xmx: "2g" xms: "1g"
xmx: "2g"
# other: # other:
# Nginx # Nginx
...@@ -280,10 +285,11 @@ nginx: ...@@ -280,10 +285,11 @@ nginx:
## GKE, AWS & OpenStack) ## GKE, AWS & OpenStack)
## ##
# storageClass: "-" # storageClass: "-"
resources: {} # resources: {}
# requests: resources:
# memory: "250Mi" requests:
# cpu: "100m" memory: "250Mi"
# limits: cpu: "100m"
# memory: "250Mi" limits:
# cpu: "500m" memory: "250Mi"
cpu: "500m"
charts/efk/v0.1.3/.helmignore 0 → 100644
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
charts/efk/v0.1.3/Chart.yaml 0 → 100644
apiVersion: v1
description: EFK(Elasticsearch + FluentBit + Kibana)
name: efk
version: 0.1.3
icon: https://image.slidesharecdn.com/challengesinamicroservicesage-170505115849/95/challenges-in-a-microservices-age-monitoring-logging-and-tracing-on-red-hat-openshift-68-638.jpg
sources:
- https://www.elastic.co/products/elasticsearch
- https://www.elastic.co/products/kibana
- https://fluentbit.io/
charts/efk/v0.1.3/README.md 0 → 100644
# Elasticsearch Chart
This chart is based on the [elasticsearch/elasticsearch](https://www.docker.elastic.co/) image.
# Fluent-Bit Chart
[Fluent Bit](http://fluentbit.io/) is an open source and multi-platform Log Forwarder.
This chart will do the following:
* Install a configmap for Fluent Bit
* Install a daemonset that provisions Fluent Bit [per-host architecture]
# kibana
[kibana](https://github.com/elastic/kibana) is your window into the Elastic Stack. Specifically, it's an open source (Apache Licensed), browser-based analytics and search dashboard for Elasticsearch.
# Configurations
## Elasticsearch
The following table lists the configurable parameters of the elasticsearch chart and their default values.
| Parameter | Description | Default |
| ------------------------------------ | ------------------------------------------------------------------- | ------------------------------------ |
| `image.repository` | Container image name | `docker.elastic.co/elasticsearch/elasticsearch-oss` |
| `image.tag` | Container image tag | `6.2.4` |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `master.exposeHttp` | Expose http port 9200 on master Pods for monitoring, etc | `true` |
| `master.replicas` | Master node replicas (statefulset) | `3` |
| `master.resources` | Master node resources requests & limits | `{} - cpu limit must be an integer` |
| `master.heapSize` | Master node heap size | `512m` |
| `master.name` | Master component name | `master` |
| `master.persistence.enabled` | Master persistent enabled/disabled | `true` |
| `master.persistence.name` | Master statefulset PVC template name | `data` |
| `master.persistence.size` | Master persistent volume size | `10Gi` |
| `master.persistence.storageClass` | Master persistent volume Class | `nil` |
| `master.persistence.accessMode` | Master persistent Access Mode | `ReadWriteOnce` |
| `master.antiAffinity` | Data anti-affinity policy | `soft` |
| `rbac.create` | Create service account and ClusterRoleBinding for Kubernetes plugin | `false` |
## Kibana
The following table lists the configurable parameters of the kibana chart and their default values.
Parameter | Description | Default
--- | --- | ---
`affinity` | node/pod affinities | None
`env` | Environment variables to configure Kibana | `{}`
`image.pullPolicy` | Image pull policy | `IfNotPresent`
`image.repository` | Image repository | `kibana`
`image.tag` | Image tag | `6.0.0`
`image.pullSecrets` |Specify image pull secrets | `nil`
`commandline.args` | add additional commandline args | `nil`
`ingress.enabled` | Enables Ingress | `false`
`ingress.annotations` | Ingress annotations | None:
`ingress.hosts` | Ingress accepted hostnames | None:
`ingress.tls` | Ingress TLS configuration | None:
`nodeSelector` | node labels for pod assignment | `{}`
`podAnnotations` | annotations to add to each pod | `{}`
`replicaCount` | desired number of pods | `1`
`resources` | pod resource requests & limits | `{}`
`service.externalPort` | external port for the service | `443`
`service.internalPort` | internal port for the service | `4180`
`service.externalIPs` | external IP addresses | None:
`service.loadBalancerIP` | Load Balancer IP address (to use with service.type LoadBalancer) | None:
`service.type` | type of service | `ClusterIP`
`service.annotations` | Kubernetes service annotations | None:
`tolerations` | List of node taints to tolerate | `[]`
## Fluent-Bit
The following tables lists the configurable parameters of the Fluent-Bit chart and the default values.
| Parameter | Description | Default |
| ----------------------- | ---------------------------------- | ----------------------- |
| **Backend Selection** |
| `backend.type` | Set the backend to which Fluent-Bit should flush the information it gathers | `forward` |
| **Forward Backend** |
| `backend.forward.host` | Target host where Fluent-Bit or Fluentd are listening for Forward messages | `fluentd` |
| `backend.forward.port` | TCP Port of the target service | `24284` |
| **ElasticSearch Backend** |
| `backend.es.host` | IP address or hostname of the target Elasticsearch instance | `elasticsearch` |
| `backend.es.port` | TCP port of the target Elasticsearch instance. | `9200` |
| `backend.es.index` | Elastic Index name | `kubernetes_cluster` |
| `backend.es.type` | Elastic Type name | `flb_type` |
| `backend.es.logstash_prefix` | Index Prefix. If Logstash_Prefix is equals to 'mydata' your index will become 'mydata-YYYY.MM.DD'. | `kubernetes_cluster` |
| `backend.es.http_user` | Optional username credential for Elastic X-Pack access. | `` |
| `backend.es.http_passwd:` | Password for user defined in HTTP_User. | `` |
| `backend.es.tls` | Enable or disable TLS support | `off` |
| `backend.es.tls_verify` | Force certificate validation | `on` |
| `backend.es.tls_ca` | TLS CA certificate for the Elastic instance (in PEM format). Specify if tls: on. | `` |
| `backend.es.tls_debug` | Set TLS debug verbosity level. It accept the following values: 0-4 | `1` |
| **HTTP Backend** |
| `backend.http.host` | IP address or hostname of the target HTTP Server | `127.0.0.1` |
| `backend.http.port` | TCP port of the target HTTP Server | `80` |
| `backend.http.uri` | Specify an optional HTTP URI for the target web server, e.g: /something | `"/"`
| `backend.http.format` | Specify the data format to be used in the HTTP request body, by default it uses msgpack, optionally it can be set to json. | `msgpack` |
| **Parsers** |
| `parsers.regex` | List of regex parsers | `NULL` |
| `parsers.json` | List of json parsers | `NULL` |
| **General** |
| `annotations` | Optional deamonset set annotations | `NULL` |
| `podAnnotations` | Optional pod annotations | `NULL` |
| `existingConfigMap` | ConfigMap override | `` |
| `extraVolumeMounts` | Mount an extra volume, required to mount ssl certificates when elasticsearch has tls enabled | |
| `extraVolume` | Extra volume | |
| `filter.kubeURL` | Optional custom configmaps | `https://kubernetes.default.svc:443` |
| `filter.kubeCAFile` | Optional custom configmaps | `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt` |
| `filter.kubeTokenFile` | Optional custom configmaps | `/var/run/secrets/kubernetes.io/serviceaccount/token` |
| `filter.kubeTag` | Optional top-level tag for matching in filter | `kube` |
| `image.fluent_bit.repository` | Image | `fluent/fluent-bit` |
| `image.fluent_bit.tag` | Image tag | `0.13.0` |
| `image.pullPolicy` | Image pull policy | `Always` |
| `rbac.create` | Specifies whether RBAC resources should be created. | `true` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created. | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `NULL` |
| `resources.limits.cpu` | CPU limit | `100m` |
| `resources.limits.memory` | Memory limit | `500Mi` |
| `resources.requests.cpu` | CPU request | `100m` |
| `resources.requests.memory` | Memory request | `200Mi` |
| `tolerations` | Optional daemonset tolerations | `NULL` |
| `nodeSelector` | Node labels for fluent-bit pod assignment | `NULL` |
| `metrics.enabled` | Specifies whether a service for metrics should be exposed | `false` |
| `metrics.service.port` | Port on where metrics should be exposed | `2020` |
| `metrics.service.type` | Service type for metrics | `ClusterIP` |
| | | |
charts/efk/v0.1.3/app-readme.md 0 → 100644
# EFK
EFK(Elasticsearch + FluentBit + Kibana) are flexible and powerful open source projects, provides distributed real-time search and analytics tools.</br>
This chart bootstraps a EFK deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. The chart has the following components,
- Fluent-Bit
- Elasticsearch
- Kibana
charts/efk/v0.1.3/charts/elasticsearch/Chart.yaml 0 → 100755
name: elasticsearch
home: https://www.elastic.co/products/elasticsearch
version: 0.1.0
appVersion: 6.2.4
description: Flexible and powerful open source, distributed real-time search and analytics engine.
sources:
- https://www.elastic.co/products/elasticsearch
icon: https://static-www.elastic.co/assets/blteb1c97719574938d/logo-elastic-elasticsearch-lt.svg
maintainers:
- name: Rancher Labs
email: guangbo@rancher.com
charts/efk/v0.1.3/charts/elasticsearch/README.md 0 → 100644
# Elasticsearch Chart
This chart is based on the [elasticsearch/elasticsearch](https://www.docker.elastic.co/) image.
## Prerequisites Details
* Kubernetes 1.6+
* PV dynamic provisioning support on the underlying infrastructure
## StatefulSets Details
* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
## StatefulSets Caveats
* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations
## Todo
* Implement TLS/Auth/Security
* Smarter upscaling/downscaling
* Solution for memory locking
* Multi-role deployment: master, client (coordinating) and data nodes
## Chart Details
This chart will do the following:
* Implemented a dynamically scalable elasticsearch cluster using Kubernetes StatefulSets/Deployments
* Statefulset Supports scaling down without degrading the cluster
## Configuration
The following table lists the configurable parameters of the elasticsearch chart and their default values.
| Parameter | Description | Default |
| ------------------------------------ | ------------------------------------------------------------------- | ------------------------------------ |
| `image.repository` | Container image name | `docker.elastic.co/elasticsearch/elasticsearch-oss` |
| `image.tag` | Container image tag | `6.2.4` |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `master.exposeHttp` | Expose http port 9200 on master Pods for monitoring, etc | `true` |
| `master.replicas` | Master node replicas (statefulset) | `3` |
| `master.resources` | Master node resources requests & limits | `{} - cpu limit must be an integer` |
| `master.heapSize` | Master node heap size | `512m` |
| `master.name` | Master component name | `master` |
| `master.persistence.enabled` | Master persistent enabled/disabled | `true` |
| `master.persistence.name` | Master statefulset PVC template name | `data` |
| `master.persistence.size` | Master persistent volume size | `10Gi` |
| `master.persistence.storageClass` | Master persistent volume Class | `nil` |
| `master.persistence.accessMode` | Master persistent Access Mode | `ReadWriteOnce` |
| `master.antiAffinity` | Data anti-affinity policy | `soft` |
| `rbac.create` | Create service account and ClusterRoleBinding for Kubernetes plugin | `false` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
In terms of Memory resources you should make sure that you follow that equation:
- `${role}HeapSize < ${role}MemoryRequests < ${role}MemoryLimits`
The YAML value of cluster.config is appended to elasticsearch.yml file for additional customization ("script.inline: on" for example to allow inline scripting)
# Deep dive
## Application Version
This chart aims to support Elasticsearch v6 deployments by specifying the `values.yaml` parameter `appVersion`.
### Version Specific Features
* Memory Locking *(variable renamed)*
* Ingest Node *(v6)*
* X-Pack Plugin *(v6)*
Upgrade paths & more info: https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-upgrade.html
## Mlocking
This is a limitation in kubernetes right now. There is no way to raise the
limits of lockable memory, so that these memory areas won't be swapped. This
would degrade performance heavily. The issue is tracked in
[kubernetes/#3595](https://github.com/kubernetes/kubernetes/issues/3595).
```
[WARN ][bootstrap] Unable to lock JVM Memory: error=12,reason=Cannot allocate memory
[WARN ][bootstrap] This can result in part of the JVM being swapped out.
[WARN ][bootstrap] Increase RLIMIT_MEMLOCK, soft limit: 65536, hard limit: 65536
```
## Minimum Master Nodes
> The minimum_master_nodes setting is extremely important to the stability of your cluster. This setting helps prevent split brains, the existence of two masters in a single cluster.
>When you have a split brain, your cluster is at danger of losing data. Because the master is considered the supreme ruler of the cluster, it decides when new indices can be created, how shards are moved, and so forth. If you have two masters, data integrity becomes perilous, since you have two nodes that think they are in charge.
>This setting tells Elasticsearch to not elect a master unless there are enough master-eligible nodes available. Only then will an election take place.
>This setting should always be configured to a quorum (majority) of your master-eligible nodes. A quorum is (number of master-eligible nodes / 2) + 1
More info: https://www.elastic.co/guide/en/elasticsearch/guide/1.x/_important_configuration_changes.html#_minimum_master_nodes
# Client and Coordinating Nodes(Not Implemented)
Elasticsearch v5 terminology has updated, and now refers to a `Client Node` as a `Coordinating Node`.
More info: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/modules-node.html#coordinating-node
charts/efk/v0.1.3/charts/elasticsearch/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "elasticsearch.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "elasticsearch.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "elasticsearch.primary.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s-%s" .Release.Name $name "primary" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "elasticsearch.secondary.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s-%s" .Release.Name $name "secondary" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
charts/efk/v0.1.3/charts/elasticsearch/templates/clusterrole.yaml 0 → 100644
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ template "elasticsearch.fullname" . }}
labels:
app: {{ template "elasticsearch.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- nonResourceURLs:
- /
verbs:
- get
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- apps
resources:
- statefulsets/status
verbs:
- get
{{- end -}}
charts/efk/v0.1.3/charts/elasticsearch/templates/clusterrolebinding.yaml 0 → 100644
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ template "elasticsearch.fullname" . }}
labels:
app: {{ template "elasticsearch.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "elasticsearch.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "elasticsearch.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}
charts/efk/v0.1.3/charts/elasticsearch/templates/service-account.yaml 0 → 100644
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "elasticsearch.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: {{ template "elasticsearch.fullname" . }}
charts/efk/v0.1.3/charts/elasticsearch/templates/service.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
name: {{ template "elasticsearch.fullname" . }}
labels:
app: {{ template "elasticsearch.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: {{ .Values.master.service.type }}
ports:
{{ if .Values.master.exposeHttp }}
- name: http
port: 9200
targetPort: http
{{ end }}
- name: transport
port: 9300
targetPort: transport
selector:
app: {{ template "elasticsearch.name" . }}
release: {{ .Release.Name }}
component: "{{ .Values.master.name }}"
charts/efk/v0.1.3/charts/elasticsearch/templates/statefulsets.yaml 0 → 100644
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: {{ template "elasticsearch.fullname" . }}
labels:
app: {{ template "elasticsearch.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
podManagementPolicy: Parallel
serviceName: {{ template "elasticsearch.fullname" . }}
replicas: {{ .Values.master.replicas }}
template:
metadata:
labels:
app: {{ template "elasticsearch.name" . }}
component: "{{ .Values.master.name }}"
release: {{ .Release.Name }}
{{- if .Values.master.podAnnotations }}
annotations:
{{ toYaml .Values.master.podAnnotations | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "elasticsearch.fullname" . }}
{{- if .Values.securityContextEnable }}
securityContext:
fsGroup: 1000
{{- end }}
{{- if eq .Values.master.antiAffinity "hard" }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: "kubernetes.io/hostname"
labelSelector:
matchLabels:
app: "{{ template "elasticsearch.name" . }}"
release: "{{ .Release.Name }}"
component: "{{ .Values.master.name }}"
{{- else if eq .Values.master.antiAffinity "soft" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app: "{{ template "elasticsearch.name" . }}"
release: "{{ .Release.Name }}"
component: "{{ .Values.master.name }}"
{{- end }}
initContainers:
# see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html
# and https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall
- name: "sysctl"
image: "busybox"
imagePullPolicy: "Always"
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
allowPrivilegeEscalation: true
privileged: true
containers:
- name: elasticsearch
env:
- name: cluster.name
value: {{ .Release.Name }}-cluster
- name: discovery.zen.ping.unicast.hosts
value: {{ template "elasticsearch.fullname" . }}
- name: discovery.zen.minimum_master_nodes
value: "{{ .Values.master.minimum_master_nodes }}"
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# node roles, default to all true
# - name: NODE_MASTER
# value: "true"
# - name: NODE_DATA
# value: "true"
# - name: NODE_INGEST
# value: "true"
- name: PROCESSORS
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: ES_JAVA_OPTS
value: "-Djava.net.preferIPv4Stack=true -Xms{{ .Values.master.heapSize }} -Xmx{{ .Values.master.heapSize }}"
{{- range $key, $value := .Values.master.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
resources:
{{ toYaml .Values.master.resources | indent 12 }}
readinessProbe:
httpGet:
path: /_cluster/health?local=true
port: 9200
initialDelaySeconds: 5
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
ports:
- containerPort: 9300
name: transport
{{- if .Values.master.exposeHttp }}
- containerPort: 9200
name: http
{{- end }}
volumeMounts:
- mountPath: /usr/share/elasticsearch/data
name: es-data
volumes:
{{- if not .Values.master.persistence.enabled }}
- name: es-data
emptyDir: {}
{{- else }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
volumeClaimTemplates:
- metadata:
name: {{ .Values.master.persistence.name }}
spec:
accessModes:
- {{ .Values.master.persistence.accessMode | quote }}
{{- if .Values.master.persistence.storageClass }}
{{- if (eq "-" .Values.master.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.master.persistence.storageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: "{{ .Values.master.persistence.size }}"
{{ end }}
charts/efk/v0.1.3/charts/elasticsearch/values.yaml 0 → 100644
# Default values for efk.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
rbac:
create: true
securityContextEnable: true
image:
repository: "docker.elastic.co/elasticsearch/elasticsearch-oss"
tag: "6.2.4"
pullPolicy: "IfNotPresent"
terminationGracePeriodSeconds: 30 # Duration in seconds a elasticsearch pod needs to terminate gracefully.
# config elasticsearch master nodes
master:
name: master
exposeHttp: true
replicas: 3
minimum_master_nodes: "2"
heapSize: "512m"
antiAffinity: "soft"
resources:
limits:
cpu: "1"
# memory: "1024Mi"
requests:
cpu: "25m"
memory: "512Mi"
service:
name: elasticsearch
type: ClusterIP
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
name: es-data
enabled: false
## data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
##
## If you want to reuse an existing claim, you can pass the name of the PVC using
## the existingClaim variable
# existingClaim: your-claim
accessMode: ReadWriteOnce
size: 10Gi
charts/efk/v0.1.3/charts/fluent-bit/Chart.yaml 0 → 100755
name: fluent-bit
version: 0.5.1
appVersion: 0.13.0
description: Fast and Lightweight Log/Data Forwarder for Linux, BSD and OSX
keywords:
- logging
- monitoring
- fluent
- fluentd
sources:
- http://fluentbit.io
icon: http://fluentbit.io/assets/img/logo1-default.png
home: http://fluentbit.io
maintainers:
- name: kfox1111
email: Kevin.Fox@pnnl.gov
- name: edsiper
email: eduardo@treasure-data.com
charts/efk/v0.1.3/charts/fluent-bit/README.md 0 → 100644
# Fluent-Bit Chart
[Fluent Bit](http://fluentbit.io/) is an open source and multi-platform Log Forwarder.
## Chart Details
This chart will do the following:
* Install a configmap for Fluent Bit
* Install a daemonset that provisions Fluent Bit [per-host architecture]
## Installing the Chart
To install the chart with the release name `my-release`:
```bash
$ helm install --name my-release stable/fluent-bit
```
When installing this chart on [Minikube](https://kubernetes.io/docs/getting-started-guides/minikube/), it's required to specify that so the DaemonSet will be able to mount the log files properly, make sure to append the _--set on\_minikube=true_ option at the end of the _helm_ command, e.g:
```bash
$ helm install --name my-release stable/fluent-bit --set on_minikube=true
```
## Configuration
The following tables lists the configurable parameters of the Fluent-Bit chart and the default values.
| Parameter | Description | Default |
| ----------------------- | ---------------------------------- | ----------------------- |
| **Backend Selection** |
| `backend.type` | Set the backend to which Fluent-Bit should flush the information it gathers | `forward` |
| **Forward Backend** |
| `backend.forward.host` | Target host where Fluent-Bit or Fluentd are listening for Forward messages | `fluentd` |
| `backend.forward.port` | TCP Port of the target service | `24284` |
| **ElasticSearch Backend** |
| `backend.es.host` | IP address or hostname of the target Elasticsearch instance | `elasticsearch` |
| `backend.es.port` | TCP port of the target Elasticsearch instance. | `9200` |
| `backend.es.index` | Elastic Index name | `kubernetes_cluster` |
| `backend.es.type` | Elastic Type name | `flb_type` |
| `backend.es.logstash_prefix` | Index Prefix. If Logstash_Prefix is equals to 'mydata' your index will become 'mydata-YYYY.MM.DD'. | `kubernetes_cluster` |
| `backend.es.http_user` | Optional username credential for Elastic X-Pack access. | `` |
| `backend.es.http_passwd:` | Password for user defined in HTTP_User. | `` |
| `backend.es.tls` | Enable or disable TLS support | `off` |
| `backend.es.tls_verify` | Force certificate validation | `on` |
| `backend.es.tls_ca` | TLS CA certificate for the Elastic instance (in PEM format). Specify if tls: on. | `` |
| `backend.es.tls_debug` | Set TLS debug verbosity level. It accept the following values: 0-4 | `1` |
| **HTTP Backend** |
| `backend.http.host` | IP address or hostname of the target HTTP Server | `127.0.0.1` |
| `backend.http.port` | TCP port of the target HTTP Server | `80` |
| `backend.http.uri` | Specify an optional HTTP URI for the target web server, e.g: /something | `"/"`
| `backend.http.format` | Specify the data format to be used in the HTTP request body, by default it uses msgpack, optionally it can be set to json. | `msgpack` |
| **Parsers** |
| `parsers.regex` | List of regex parsers | `NULL` |
| `parsers.json` | List of json parsers | `NULL` |
| **General** |
| `annotations` | Optional deamonset set annotations | `NULL` |
| `podAnnotations` | Optional pod annotations | `NULL` |
| `existingConfigMap` | ConfigMap override | `` |
| `extraVolumeMounts` | Mount an extra volume, required to mount ssl certificates when elasticsearch has tls enabled | |
| `extraVolume` | Extra volume | |
| `filter.kubeURL` | Optional custom configmaps | `https://kubernetes.default.svc:443` |
| `filter.kubeCAFile` | Optional custom configmaps | `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt` |
| `filter.kubeTokenFile` | Optional custom configmaps | `/var/run/secrets/kubernetes.io/serviceaccount/token` |
| `filter.kubeTag` | Optional top-level tag for matching in filter | `kube` |
| `image.fluent_bit.repository` | Image | `fluent/fluent-bit` |
| `image.fluent_bit.tag` | Image tag | `0.13.0` |
| `image.pullPolicy` | Image pull policy | `Always` |
| `rbac.create` | Specifies whether RBAC resources should be created. | `true` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created. | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `NULL` |
| `resources.limits.cpu` | CPU limit | `100m` |
| `resources.limits.memory` | Memory limit | `500Mi` |
| `resources.requests.cpu` | CPU request | `100m` |
| `resources.requests.memory` | Memory request | `200Mi` |
| `tolerations` | Optional daemonset tolerations | `NULL` |
| `nodeSelector` | Node labels for fluent-bit pod assignment | `NULL` |
| `metrics.enabled` | Specifies whether a service for metrics should be exposed | `false` |
| `metrics.service.port` | Port on where metrics should be exposed | `2020` |
| `metrics.service.type` | Service type for metrics | `ClusterIP` |
| | | |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
$ helm install --name my-release -f values.yaml stable/fluent-bit
```
> **Tip**: You can use the default [values.yaml](values.yaml)
charts/efk/v0.1.3/charts/fluent-bit/templates/NOTES.txt 0 → 100644
fluent-bit is now running.
{{- if eq .Values.backend.type "forward" }}
It will forward all container logs to the svc named {{ .Values.backend.forward.host }} on port: {{ .Values.backend.forward.port }}
{{- else if eq .Values.backend.type "es" }}
It will forward all container logs to the svc named {{ .Values.backend.es.host }} on port: {{ .Values.backend.es.port }}
{{- else if eq .Values.backend.type "http" }}
It will forward all container logs to the svc named {{ .Values.backend.http.host }} on port: {{ .Values.backend.http.port }}
{{- end }}
charts/efk/v0.1.3/charts/fluent-bit/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "fluent-bit.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "fluent-bit.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for RBAC APIs.
*/}}
{{- define "rbac.apiVersion" -}}
{{- if semverCompare "^1.8-0" .Capabilities.KubeVersion.GitVersion -}}
"rbac.authorization.k8s.io/v1"
{{- else -}}
"rbac.authorization.k8s.io/v1beta1"
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "fluent-bit.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "fluent-bit.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
charts/efk/v0.1.3/charts/fluent-bit/templates/cluster-role.yaml 0 → 100644
{{- if .Values.rbac.create -}}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: ClusterRole
metadata:
labels:
app: {{ template "fluent-bit.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "fluent-bit.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
{{- end -}}
charts/efk/v0.1.3/charts/fluent-bit/templates/cluster-rolebinding.yaml 0 → 100644
{{- if .Values.rbac.create -}}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "fluent-bit.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "fluent-bit.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "fluent-bit.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "fluent-bit.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}
charts/efk/v0.1.3/charts/fluent-bit/templates/config.yaml 0 → 100644
{{- if (empty .Values.existingConfigMap) -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "fluent-bit.fullname" . }}-config
labels:
app: {{ template "fluent-bit.fullname" . }}
data:
fluent-bit.conf: |-
[SERVICE]
Flush 1
Daemon Off
Log_Level info
Parsers_File parsers.conf
{{- if .Values.metrics.enabled }}
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port 2020
{{- end }}
[INPUT]
Name tail
Path /var/log/containers/*.log
Parser docker
Tag {{ .Values.filter.kubeTag }}.*
Refresh_Interval 5
Mem_Buf_Limit 5MB
Skip_Long_Lines On
[FILTER]
Name kubernetes
Match {{ .Values.filter.kubeTag }}.*
Kube_URL {{ .Values.filter.kubeURL }}
Kube_CA_File {{ .Values.filter.kubeCAFile }}
Kube_Token_File {{ .Values.filter.kubeTokenFile }}
{{- if .Values.filter.mergeJSONLog }}
Merge_JSON_Log On
{{- end }}
{{- if .Values.filter.enableParser }}
K8S-Logging.Parser On
{{- end }}
{{- if .Values.filter.enableExclude }}
K8S-Logging.Exclude On
{{- end }}
{{ if eq .Values.backend.type "test" }}
[OUTPUT]
Name file
Match *
Path /tmp/fluent-bit.log
{{ else if eq .Values.backend.type "forward" }}
[OUTPUT]
Name forward
Match *
Host {{ .Values.backend.forward.host }}
Port {{ .Values.backend.forward.port }}
Retry_Limit False
{{ else if eq .Values.backend.type "es" }}
[OUTPUT]
Name es
Match *
Host {{ .Release.Name }}-{{ .Values.backend.es.host }}
Port {{ .Values.backend.es.port }}
Logstash_Format On
Retry_Limit False
Type {{ .Values.backend.es.type }}
{{- if .Values.backend.es.logstash_prefix }}
Logstash_Prefix {{ .Values.backend.es.logstash_prefix }}
{{ else if .Values.backend.es.index }}
Index {{ .Values.backend.es.index }}
{{- end }}
{{- if .Values.backend.es.http_user }}
HTTP_User {{ .Values.backend.es.http_user }}
HTTP_Passwd {{ .Values.backend.es.http_passwd }}
{{- end }}
{{if eq .Values.backend.es.tls "on" }}
tls {{ .Values.backend.es.tls }}
tls.verify {{ .Values.backend.es.tls_verify }}
tls.debug {{ .Values.backend.es.tls_debug }}
{{- if .Values.backend.es.tls_ca }}
tls.ca_file /secure/es-tls-ca.crt
{{- end }}
{{- end }}
{{ else if eq .Values.backend.type "http" }}
[OUTPUT]
Name http
Match *
Host {{ .Values.backend.http.host }}
Port {{ .Values.backend.http.port }}
URI {{ .Values.backend.http.uri }}
{{- if .Values.backend.http.proxy }}
Proxy {{ .Values.backend.http.proxy }}
{{- end }}
Format {{ .Values.backend.http.format }}
{{- end }}
parsers.conf: |-
{{- if .Values.parsers.regex }}
{{- range .Values.parsers.regex }}
[PARSER]
Name {{ .name }}
Format regex
Regex {{ .regex }}
{{- if .timeKey }}
Time_Key {{ .timeKey }}
{{- end }}
{{- if .timeFormat }}
Time_Format {{ .timeFormat }}
{{- end }}
{{ end }}
{{- end }}
{{- if .Values.parsers.json }}
{{- range .Values.parsers.json }}
[PARSER]
Name {{ .name }}
Format json
{{- if .timeKeep }}
Time_Keep {{ .timeKeep }}
{{- end }}
{{- if .timeKey }}
Time_Key {{ .timeKey }}
{{- end }}
{{- if .timeFormat }}
Time_Format {{ .timeFormat }}
{{- end }}
{{- if .decodeFieldAs }}
Decode_Field_As {{ .decodeFieldAs }} {{ .decodeField | default "log" }}
{{- end }}
{{ end }}
{{- end }}
{{- end -}}
charts/efk/v0.1.3/charts/fluent-bit/templates/daemonset.yaml 0 → 100644
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: {{ .Release.Name }}-fluent-bit
labels:
app: {{ template "fluent-bit.fullname" . }}
spec:
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: {{ template "fluent-bit.fullname" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "fluent-bit.serviceAccountName" . }}
containers:
- name: fluent-bit
image: "{{ .Values.image.fluent_bit.repository }}:{{ .Values.image.fluent_bit.tag }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
env:
{{ toYaml .Values.env | indent 10 }}
resources:
{{ toYaml .Values.resources | indent 10 }}
{{- if .Values.metrics.enabled }}
ports:
- name: metrics
containerPort: 2020
protocol: TCP
{{- end }}
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: config
mountPath: /fluent-bit/etc/fluent-bit.conf
subPath: fluent-bit.conf
{{- if .Values.backend.es.tls_ca }}
- name: es-tls-secret
mountPath: /secure/es-tls-ca.crt
subPath: es-tls-ca.crt
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{ toYaml .Values.extraVolumeMounts | indent 8 }}
{{- end }}
{{ if .Values.on_minikube }}
- name: mnt
mountPath: /mnt
readOnly: true
{{ end }}
terminationGracePeriodSeconds: 10
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
{{- if .Values.backend.es.tls_ca }}
- name: es-tls-secret
secret:
secretName: "{{ template "fluent-bit.fullname" . }}-es-tls-secret"
{{- end }}
- name: config
configMap:
name: {{ if .Values.existingConfigMap }}{{ .Values.existingConfigMap }}{{- else }}{{ template "fluent-bit.fullname" . }}-config{{- end }}
{{- if .Values.extraVolumes }}
{{ toYaml .Values.extraVolumes | indent 6 }}
{{- end }}
{{ if .Values.on_minikube }}
- name: mnt
hostPath:
path: /mnt
{{ end }}
charts/efk/v0.1.3/charts/fluent-bit/templates/secret.yaml 0 → 100644
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "fluent-bit.fullname" . }}-es-tls-secret"
labels:
app: {{ template "fluent-bit.fullname" . }}
type: Opaque
data:
es-tls-ca.crt: {{ .Values.backend.es.tls_ca | b64enc | quote }}
charts/efk/v0.1.3/charts/fluent-bit/templates/service.yaml 0 → 100644
{{- if .Values.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "fluent-bit.fullname" . }}-metrics
labels:
app: {{ template "fluent-bit.fullname" . }}
spec:
type: {{ .Values.metrics.service.type}}
sessionAffinity: None
ports:
- port: {{ .Values.metrics.service.port }}
targetPort: metrics
name: metrics
selector:
app: {{ template "fluent-bit.fullname" . }}
{{- end }}
charts/efk/v0.1.3/charts/fluent-bit/templates/serviceaccount.yaml 0 → 100644
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "fluent-bit.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "fluent-bit.serviceAccountName" . }}
{{- end -}}
charts/efk/v0.1.3/charts/kibana/Chart.yaml 0 → 100644
name: kibana
version: 0.5.0
appVersion: 6.0.0
description: Kibana is an open source data visualization plugin for Elasticsearch
icon: https://raw.githubusercontent.com/elastic/kibana/master/src/ui/public/icons/kibana-color.svg
keywords:
- elasticsearch
- kibana
maintainers:
- name: compleatang
email: casey@monax.io
sources:
- https://github.com/elastic/kibana
engine: gotpl
home: https://www.elastic.co/products/kibana
charts/efk/v0.1.3/charts/kibana/README.md 0 → 100644
# kibana
[kibana](https://github.com/elastic/kibana) is your window into the Elastic Stack. Specifically, it's an open source (Apache Licensed), browser-based analytics and search dashboard for Elasticsearch.
## TL;DR;
```console
$ helm install stable/kibana
```
## Introduction
This chart bootstraps a kibana deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm install stable/kibana --name my-release
```
The command deploys kibana on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following table lists the configurable parameters of the kibana chart and their default values.
Parameter | Description | Default
--- | --- | ---
`affinity` | node/pod affinities | None
`env` | Environment variables to configure Kibana | `{}`
`image.pullPolicy` | Image pull policy | `IfNotPresent`
`image.repository` | Image repository | `kibana`
`image.tag` | Image tag | `6.0.0`
`image.pullSecrets` |Specify image pull secrets | `nil`
`commandline.args` | add additional commandline args | `nil`
`ingress.enabled` | Enables Ingress | `false`
`ingress.annotations` | Ingress annotations | None:
`ingress.hosts` | Ingress accepted hostnames | None:
`ingress.tls` | Ingress TLS configuration | None:
`nodeSelector` | node labels for pod assignment | `{}`
`podAnnotations` | annotations to add to each pod | `{}`
`replicaCount` | desired number of pods | `1`
`resources` | pod resource requests & limits | `{}`
`service.externalPort` | external port for the service | `443`
`service.internalPort` | internal port for the service | `4180`
`service.externalIPs` | external IP addresses | None:
`service.loadBalancerIP` | Load Balancer IP address (to use with service.type LoadBalancer) | None:
`service.type` | type of service | `ClusterIP`
`service.annotations` | Kubernetes service annotations | None:
`tolerations` | List of node taints to tolerate | `[]`
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install stable/kibana --name my-release \
--set=image.tag=v0.0.2,resources.limits.cpu=200m
```
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
$ helm install stable/kibana --name my-release -f values.yaml
```
> **Tip**: You can use the default [values.yaml](values.yaml)
charts/efk/v0.1.3/charts/kibana/templates/NOTES.txt 0 → 100644
To verify that {{ template "kibana.fullname" . }} has started, run:
kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "kibana.fullname" . }}"
charts/efk/v0.1.3/charts/kibana/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kibana.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kibana.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
charts/efk/v0.1.3/charts/kibana/templates/deployment.yaml 0 → 100644
apiVersion: apps/v1beta1
kind: Deployment
metadata:
labels:
app: {{ template "kibana.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "kibana.fullname" . }}
spec:
replicas: {{ .Values.replicaCount }}
template:
metadata:
{{- if .Values.podAnnotations }}
annotations:
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
labels:
app: {{ template "kibana.name" . }}
release: "{{ .Release.Name }}"
spec:
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.commandline.args }}
args:
- "/bin/bash"
- "/usr/local/bin/kibana-docker"
{{ toYaml .Values.commandline.args | indent 10 }}
{{- end }}
env:
{{- range $key, $value := .Values.env }}
- name: "{{ $key }}"
value: "{{ $value }}"
{{- end }}
{{- if .Values.envConfigMap.enabled }}
# Define the environment variable
envFrom:
- configMapRef:
{{- if .Values.envConfigMap.name }}
name: {{ .Values.envConfigMap.name }}
{{- else }}
name: {{ .Release.Name }}-kibana
{{- end }}
{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ template "kibana.name" . }}
protocol: TCP
# livenessProbe:
# httpGet:
# path: /ping
# port: {{ .Values.service.internalPort }}
# readinessProbe:
# httpGet:
# path: /ping
# port: {{ .Values.service.internalPort }}
resources:
{{ toYaml .Values.resources | indent 10 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
charts/efk/v0.1.3/charts/kibana/templates/ingress.yaml 0 → 100644
{{- if .Values.ingress.enabled -}}
{{- $serviceName := include "kibana.fullname" . -}}
{{- $servicePort := .Values.service.externalPort -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
labels:
app: {{ template "kibana.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "kibana.fullname" . }}
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host }}
http:
paths:
- path:
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
charts/efk/v0.1.3/charts/kibana/templates/service.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "kibana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: {{ template "kibana.fullname" . }}
annotations:
{{- range $key, $value := .Values.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
protocol: TCP
{{- if .Values.service.externalIPs }}
externalIPs:
{{ toYaml .Values.service.externalIPs | indent 4 }}
{{- end }}
selector:
app: {{ template "kibana.name" . }}
release: {{ .Release.Name }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
charts/efk/v0.1.3/questions.yml 0 → 100644
categories:
- elasticsearch
- logging
questions:
- variable: defaultImage
default: "true"
description: "Use default Docker image"
label: Use Default Image
type: boolean
group: "Container Images"
show_subquestion_if: false
subquestions:
- variable: elasticsearch.image.repository
default: "docker.elastic.co/elasticsearch/elasticsearch-oss"
description: "Elasticsearch image name"
type: string
label: ElasticSearch Image Name
- variable: elasticsearch.image.tag
default: "6.2.4"
description: "Elasticsearch image tag"
type: string
label: Elasticsearch Image Tag
- variable: kibana.image.repository
default: "docker.elastic.co/kibana/kibana-oss"
description: "Kibana image name"
type: string
label: Kibana Image Name
- variable: kibana.image.tag
default: "6.2.4"
description: "Kibana image tag"
type: string
label: Kibana Image Tag
- variable: fluent-bit.image.fluent_bit.repository
default: "fluent/fluent-bit"
description: "Fluent-Bit image name"
type: string
label: Fluent-Bit Image Name
- variable: fluent-bit.image.fluent_bit.tag
default: "0.13.0"
description: "Fluent-Bit image tag"
type: string
label: Fluent-Bit Image Tag
# elasticsearch settings
- variable: elasticsearch.master.heapSize
default: "512m"
description: "The value depends on the amount of RAM available on your server"
type: enum
label: Elasticsearch JVM Heap Size
required: true
group: "elasticsearch"
options:
- "512m"
- "1g"
- "2g"
- variable: elasticsearch.master.service.type
default: "NodePort"
description: "Elasticsearch service type"
type: enum
label: Elasticsearch Service Type
required: true
group: "elasticsearch"
options:
- "ClusterIP"
- "NodePort"
- variable: elasticsearch.master.persistence.enabled
default: "false"
description: "Enable persistent volume for elasticsearch"
type: boolean
required: true
label: Elasticsearch Persistent Volume Enabled
show_subquestion_if: true
group: "elasticsearch"
subquestions:
- variable: elasticsearch.master.persistence.storageClass
default: ""
description: "If undefined or set to null, using the default StorageClass. Defaults to null."
type: storageclass
label: Storage Class for Elasticsearch
- variable: elasticsearch.master.persistence.size
default: "10Gi"
description: "Elasticsearch persistent volume size"
required: true
type: string
label: Elasticsearch Persistent Volume Size
# kibana settings
- variable: kibana.ingress.enabled
default: true
description: "Expose kibana using Layer 7 Load Balancer - ingress"
type: boolean
group: "Kibana"
label: Expose Kibana using Layer 7 Load Balancer
show_subquestion_if: true
required: true
subquestions:
- variable: kibana.ingress.hosts[0]
default: "xip.io"
description: "Kibana server ingress hostname"
type: hostname
required: true
label: Hostname
# fluent-bit settings:
- variable: fluent-bit.enabled
default: true
group: "Fluent-Bit"
description: "Enable fluent-bit, the Kubernetes log forwarder"
type: boolean
label: Enable Fluent-Bit
required: true
charts/efk/v0.1.3/requirements.yaml 0 → 100644
dependencies:
- name: kibana
version: 0.5.0
condition: kibana.enabled
- name: fluent-bit
version: 0.5.1
condition: fluent-bit.enabled
- name: elasticsearch
version: 0.1.0
condition: elasticsearch.enabled
charts/efk/v0.1.3/templates/NOTES.txt 0 → 100644
1. Elasticsearch can be accessed:
* Within your cluster, at the following DNS name at port 9200:
{{ template "efk.fullname" . }}-elasticsearch.{{ .Release.Namespace }}.svc.cluster.local
* From outside the cluster, run these commands in the same shell:
{{- if contains "NodePort" .Values.elasticsearch.master.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "efk.fullname" . }}-elasticsearch)
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.elasticsearch.master.service.type }}
WARNING: You have likely exposed your Elasticsearch cluster direct to the internet.
Elasticsearch does not implement any security for public facing clusters by default.
As a minimum level of security; switch to ClusterIP/NodePort and place an Nginx gateway infront of the cluster in order to lock down access to dangerous HTTP endpoints and verbs.
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ template "efk.fullname" . }}-elasticsearch'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "efk.fullname" . }}-elasticsearch -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:9200
{{- else if contains "ClusterIP" .Values.elasticsearch.master.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "efk.name" . }},component={{ .Values.elasticsearch.master.name }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:9200 to use Elasticsearch"
kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 9200:9200
{{- end }}
2. Elasticsearch data and log file are stored in the following path within the containers:
1. logs: /var/log/elasticsearch
2. data: /var/data/elasticsearch
3. To verify that {{ template "efk.fullname" . }}-kibana has started, run:
kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "efk.fullname" . }}-kibana"
charts/efk/v0.1.3/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "efk.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "efk.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "efk.elasticsearch.url" -}}
{{- $clientUrl := (include "elasticsearch.fullname" .) -}}
{{- printf "http://%s-%s:9200" $clientUrl "elasticsearch" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
charts/efk/v0.1.3/templates/kibana-config.yaml 0 → 100644
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-kibana
labels:
app: {{ template "efk.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
ELASTICSEARCH_URL: {{ template "efk.elasticsearch.url" . }}
SERVER_PORT: "5601"
LOGGING_VERBOSE: "true"
SERVER_DEFAULTROUTE: "/app/kibana"
charts/efk/v0.1.3/values.yaml 0 → 100644
# Default values for efk.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
elasticsearch:
rbac:
create: true
securityContextEnable: true
image:
repository: "docker.elastic.co/elasticsearch/elasticsearch-oss"
tag: "6.2.4"
pullPolicy: "IfNotPresent"
terminationGracePeriodSeconds: 30 # Duration in seconds a pod needs to terminate gracefully.
# config elasticsearch master nodes
master:
name: master
exposeHttp: true
replicas: 3
minimum_master_nodes: "2"
heapSize: "512m"
antiAffinity: "soft"
resources:
limits:
cpu: "1"
# memory: "1024Mi"
requests:
cpu: "25m"
memory: "512Mi"
service:
name: elasticsearch
type: NodePort
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
name: es-data
enabled: false
## wordpress data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
##
## If you want to reuse an existing claim, you can pass the name of the PVC using
## the existingClaim variable
# existingClaim: your-claim
accessMode: ReadWriteOnce
size: 10Gi
kibana:
enabled: true
#Secure Kibana Dashboard with Rancher Magic Proxy
proxyEnabled: true
image:
repository: "docker.elastic.co/kibana/kibana-oss"
tag: "6.2.4"
pullPolicy: "IfNotPresent"
commandline:
args:
env:
# All Kibana configuration options are adjustable via env vars.
# To adjust a config option to an env var uppercase + replace `.` with `_`
# Ref: https://www.elastic.co/guide/en/kibana/current/settings.html
#
# ELASTICSEARCH_URL: http://elasticsearch:9200
# SERVER_PORT: 5601
# LOGGING_VERBOSE: "true"
# SERVER_DEFAULTROUTE: "/app/kibana"
# use configmap for its env configmap
envConfigMap:
enabled: true
# name: kibana
service:
type: NodePort
externalPort: 443
internalPort: 5601
## External IP addresses of service
## Default: nil
##
# externalIPs:
# - 192.168.0.1
#
## LoadBalancer IP if service.type is LoadBalancer
## Default: nil
##
# loadBalancerIP: 10.2.2.2
annotations:
# Annotation example: setup ssl with aws cert when service.type is LoadBalancer
# service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:EXAMPLE_CERT
ingress:
enabled: false
# hosts:
# - chart-example.local
# annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# tls:
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# limits:
# cpu: 100m
# memory: 300Mi
# requests:
# cpu: 100m
# memory: 300Mi
# Affinity for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
# affinity: {}
# Tolerations for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
podAnnotations: {}
replicaCount: 1
fluent-bit:
enabled: false
# Minikube stores its logs in a separate directory.
# enable if started in minikube.
on_minikube: false
image:
fluent_bit:
repository: fluent/fluent-bit
tag: 0.13.0
pullPolicy: Always
# When enabled, exposes json and prometheus metrics on {{ .Release.Name }}-metrics service
metrics:
enabled: false
service:
port: 2020
type: ClusterIP
backend:
type: es
forward:
host: fluentd
port: 24284
es:
host: elasticsearch
port: 9200
# Elastic Index Name
index: kubernetes_cluster
type: flb_type
logstash_prefix: kubernetes_cluster
# Optional username credential for Elastic X-Pack access
http_user:
# Password for user defined in HTTP_User
http_passwd:
# Optional TLS encryption to ElasticSearch instance
tls: "off"
tls_verify: "on"
# TLS certificate for the Elastic (in PEM format). Use if tls=on and tls_verify=on.
tls_ca: ""
# TLS debugging levels = 1-5
tls_debug: 1
parsers:
## List the respective parsers in key: value format per entry
## Regex required fields are name and regex. JSON required field
## is name.
regex: []
json: []
##
## Ref: http://fluentbit.io/documentation/current/output/http.html
##
http:
host: 127.0.0.1
port: 80
uri: "/"
## Specify the data format to be used in the HTTP request body
## Can be either 'msgpack' or 'json'
format: msgpack
env: []
## Annotations to add to the DaemonSet's Pods
podAnnotations: {}
## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.existingConfigMap}}
## Defining existingConfigMap will cause templates/config.yaml
## to NOT generate a ConfigMap resource
##
existingConfigMap: ""
## Extra volumes containing additional files required for fluent-bit to work
## (eg. CA certificates)
## Ref: https://kubernetes.io/docs/concepts/storage/volumes/
##
extraVolumes: []
## Extra volume mounts for the fluent-bit pod.
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/
##
extraVolumeMounts: []
resources:
limits:
memory: 100Mi
requests:
cpu: 100m
memory: 100Mi
## Node tolerations for fluent-bit scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node labels for fluent-bit pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
filter:
kubeURL: https://kubernetes.default.svc:443
kubeCAFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
kubeTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
kubeTag: kube
# If true, check to see if the log field content is a JSON string map, if so,
# it append the map fields as part of the log structure.
# mergeJSONLog: true
# If true, enable the use of monitoring for a pod annotation of
# fluentbit.io/parser: parser_name. parser_name must be the name
# of a parser contained within parsers.conf
# enableParser: true
# If true, enable the use of monitoring for a pod annotation of
# fluentbit.io/exclude: true. If present, discard logs from that pod.
# enableExclude: true
rbac:
# Specifies whether RBAC resources should be created
create: true
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment