From 32199771d861be1a0681291e64ef2079e7a329f0 Mon Sep 17 00:00:00 2001 From: framsouza Date: Mon, 11 Oct 2021 12:50:44 +0200 Subject: [PATCH 01/12] Adding support to Ingress networking.k8s.io/v1 --- apm-server/templates/ingress.yaml | 27 ++++++----- apm-server/values.yaml | 4 +- elasticsearch/templates/ingress.yaml | 68 +++++++++++++++------------- elasticsearch/values.yaml | 18 +++++--- kibana/templates/ingress.yaml | 58 +++++++++++++----------- kibana/values.yaml | 10 ++-- logstash/templates/ingress.yaml | 45 ++++++++++++------ logstash/values.yaml | 15 +++--- 8 files changed, 142 insertions(+), 103 deletions(-) diff --git a/apm-server/templates/ingress.yaml b/apm-server/templates/ingress.yaml index 64ebcced9..91e7b3d42 100644 --- a/apm-server/templates/ingress.yaml +++ b/apm-server/templates/ingress.yaml @@ -1,8 +1,9 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "apm.fullname" . -}} {{- $servicePort := .Values.service.port -}} +{{- $pathtype := .Values.ingress.pathtype -}} {{- $ingressPath := .Values.ingress.path -}} -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ template "apm.fullname" . }} @@ -12,23 +13,25 @@ metadata: {{- range $key, $value := .Values.labels }} {{ $key }}: {{ $value | quote }} {{- end }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className | quote }} + {{- end }} {{- if .Values.ingress.tls }} tls: {{ toYaml .Values.ingress.tls | indent 4 }} {{- end }} rules: {{- range .Values.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + pathType: {{ $pathtype }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} {{- end }} {{- end }} diff --git a/apm-server/values.yaml b/apm-server/values.yaml index fa8a2e959..7034ef4b9 100755 --- a/apm-server/values.yaml +++ b/apm-server/values.yaml @@ -158,7 +158,9 @@ autoscaling: averageCpuUtilization: 50 ingress: - enabled: false + enabled: true + className: "" + pathtype: ImplementationSpecific annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" diff --git a/elasticsearch/templates/ingress.yaml b/elasticsearch/templates/ingress.yaml index bcb2befa6..0277e8641 100644 --- a/elasticsearch/templates/ingress.yaml +++ b/elasticsearch/templates/ingress.yaml @@ -1,8 +1,9 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "elasticsearch.uname" . -}} {{- $httpPort := .Values.httpPort -}} +{{- $pathtype := .Values.ingress.pathtype -}} {{- $ingressPath := .Values.ingress.path -}} -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} @@ -10,45 +11,50 @@ metadata: app: {{ .Chart.Name }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className | quote }} + {{- end }} {{- if .Values.ingress.tls }} tls: {{- if .ingressPath }} - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - secretName: {{ .secretName }} + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} {{- end }} - {{- else }} + secretName: {{ .secretName }} + {{- end }} +{{- else }} {{ toYaml .Values.ingress.tls | indent 4 }} {{- end }} -{{- end }} +{{end}} rules: {{- range .Values.ingress.hosts }} {{- if $ingressPath }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $httpPort }} - {{- else }} - - host: {{ .host }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ .servicePort | default $httpPort }} - {{- end }} - {{- end }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + pathType: {{ $pathtype }} + backend: + service: + name: {{ $fullName }} + port: + number:: {{ $httpPort }} + {{- else }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ $pathtype }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ .servicePort | default $httpPort }} + {{- end }} {{- end }} + {{- end }} {{- end }} diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 4756ca37e..0db1e953f 100755 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -1,10 +1,10 @@ --- -clusterName: "elasticsearch" -nodeGroup: "master" +clusterName: "my-es" +nodeGroup: "helm" # The service that non master groups will try to connect to when joining the cluster # This should be set to clusterName + "-" + nodeGroup for your master group -masterService: "" +masterService: "my-es-helm" # Elasticsearch roles that will be applied to this nodeGroup # These will be set as environment variables. E.g. node.roles=master @@ -28,13 +28,15 @@ esMajorVersion: "" # Allows you to add any config files in /usr/share/elasticsearch/config/ # such as elasticsearch.yml and log4j2.properties -esConfig: {} -# elasticsearch.yml: | +esConfig: + elasticsearch.yml: | + xpack.security.enabled: false # key: # nestedkey: value # log4j2.properties: | # key = value + # Extra environment variables to append to this nodeGroup # This will be appended to the current 'env:' key. You can use any of the kubernetes env # syntax here @@ -239,10 +241,12 @@ tolerations: [] # Enabling this will publicly expose your Elasticsearch instance. # Only enable this if you have security enabled on your cluster ingress: - enabled: false - annotations: {} + enabled: true + className: "" + #annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" + pathtype: ImplementationSpecific hosts: - host: chart-example.local paths: diff --git a/kibana/templates/ingress.yaml b/kibana/templates/ingress.yaml index f79255f30..d60ea3aff 100644 --- a/kibana/templates/ingress.yaml +++ b/kibana/templates/ingress.yaml @@ -1,17 +1,17 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "kibana.fullname" . -}} {{- $httpPort := .Values.httpPort -}} +{{- $pathtype := .Values.ingress.pathtype -}} {{- $ingressPath := .Values.ingress.path -}} -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} labels: {{ include "kibana.labels" . | nindent 4 }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className | quote }} + {{- end }} {{- if .Values.ingress.tls }} tls: {{- if .ingressPath }} @@ -21,31 +21,37 @@ spec: - {{ . }} {{- end }} secretName: {{ .secretName }} - {{- end }} - {{- else }} + {{- end }} +{{- else }} {{ toYaml .Values.ingress.tls | indent 4 }} {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} {{- if $ingressPath }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $httpPort }} - {{- else }} - - host: {{ .host }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ .servicePort | default $httpPort }} - {{- end }} - {{- end }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + pathType: {{ $pathtype }} + backend: + service: + name: {{ $fullName }} + port: + number:{{ $httpPort }} + {{- else }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ $pathtype }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ .servicePort | default $httpPort }} + {{- end }} {{- end }} -{{- end }} + {{- end }} +#{{- end }} diff --git a/kibana/values.yaml b/kibana/values.yaml index f62775654..4bf57ec9f 100755 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -1,5 +1,5 @@ --- -elasticsearchHosts: "http://elasticsearch-master:9200" +elasticsearchHosts: "http://my-es-helm:9200" replicas: 1 @@ -127,15 +127,17 @@ service: httpPortName: http ingress: - enabled: false + enabled: true + className: "" + pathtype: ImplementationSpecific annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - - host: chart-example.local + - host: kibana-example.local paths: - path: / - tls: [] + #tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local diff --git a/logstash/templates/ingress.yaml b/logstash/templates/ingress.yaml index a4aeb145e..ac244c9aa 100644 --- a/logstash/templates/ingress.yaml +++ b/logstash/templates/ingress.yaml @@ -1,6 +1,9 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "logstash.fullname" . -}} -apiVersion: networking.k8s.io/v1beta1 +{{- $httpPort := .Values.httpPort -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- $pathtype := .Values.ingress.pathtype -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} @@ -9,25 +12,37 @@ metadata: chart: "{{ .Chart.Name }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className | quote }} + {{- end }} {{- if .Values.ingress.tls }} tls: + {{- if .ingressPath }} + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- else }} {{ toYaml .Values.ingress.tls | indent 4 }} -{{- end }} + {{- end }} +{{end}} rules: {{- range $.Values.ingress.hosts }} - - host: {{ .host }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ .servicePort }} - {{- end }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ $pathtype }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ $httpPort }} + {{- end }} {{- end }} {{- end }} diff --git a/logstash/values.yaml b/logstash/values.yaml index 44b542df9..77b8c744f 100755 --- a/logstash/values.yaml +++ b/logstash/values.yaml @@ -269,11 +269,12 @@ service: {} # targetPort: 8080 ingress: - enabled: false + enabled: true + className: "" + pathtype: ImplementationSpecific + hosts: + - host: logstash-example.local + paths: + - path: / + tls: [] # annotations: {} -# hosts: -# - host: logstash.local -# paths: -# - path: /logs -# servicePort: 8080 -# tls: [] From ca298fd2ac16337b9ab93d0abe6278a2f0a47867 Mon Sep 17 00:00:00 2001 From: framsouza Date: Mon, 11 Oct 2021 13:22:27 +0200 Subject: [PATCH 02/12] Adjusting ES service name --- elasticsearch/templates/ingress.yaml | 6 +++++- elasticsearch/values.yaml | 14 +++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/elasticsearch/templates/ingress.yaml b/elasticsearch/templates/ingress.yaml index 0277e8641..de8e68fc3 100644 --- a/elasticsearch/templates/ingress.yaml +++ b/elasticsearch/templates/ingress.yaml @@ -3,7 +3,11 @@ {{- $httpPort := .Values.httpPort -}} {{- $pathtype := .Values.ingress.pathtype -}} {{- $ingressPath := .Values.ingress.path -}} +{{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} apiVersion: networking.k8s.io/v1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }} @@ -57,4 +61,4 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} + {{- end }} diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 0db1e953f..5e4d71845 100755 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -1,10 +1,10 @@ --- -clusterName: "my-es" -nodeGroup: "helm" +clusterName: "elasticsearch" +nodeGroup: "master" # The service that non master groups will try to connect to when joining the cluster # This should be set to clusterName + "-" + nodeGroup for your master group -masterService: "my-es-helm" +masterService: "" # Elasticsearch roles that will be applied to this nodeGroup # These will be set as environment variables. E.g. node.roles=master @@ -28,9 +28,9 @@ esMajorVersion: "" # Allows you to add any config files in /usr/share/elasticsearch/config/ # such as elasticsearch.yml and log4j2.properties -esConfig: - elasticsearch.yml: | - xpack.security.enabled: false +esConfig: {} +# elasticsearch.yml: | +# xpack.security.enabled: false # key: # nestedkey: value # log4j2.properties: | @@ -241,7 +241,7 @@ tolerations: [] # Enabling this will publicly expose your Elasticsearch instance. # Only enable this if you have security enabled on your cluster ingress: - enabled: true + enabled: false className: "" #annotations: {} # kubernetes.io/ingress.class: nginx From 1caaa0253832289b6bb7b0736ff0f17de52bb576 Mon Sep 17 00:00:00 2001 From: framsouza Date: Mon, 11 Oct 2021 13:53:10 +0200 Subject: [PATCH 03/12] Removing ingress typo & adjusting python test --- elasticsearch/templates/ingress.yaml | 2 +- elasticsearch/tests/elasticsearch_test.py | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/elasticsearch/templates/ingress.yaml b/elasticsearch/templates/ingress.yaml index de8e68fc3..84f3bd513 100644 --- a/elasticsearch/templates/ingress.yaml +++ b/elasticsearch/templates/ingress.yaml @@ -45,7 +45,7 @@ spec: service: name: {{ $fullName }} port: - number:: {{ $httpPort }} + number: {{ $httpPort }} {{- else }} - host: {{ .host }} http: diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py index 20e2446dc..7b6f418ac 100755 --- a/elasticsearch/tests/elasticsearch_test.py +++ b/elasticsearch/tests/elasticsearch_test.py @@ -644,19 +644,19 @@ def test_adding_an_ingress_rule(): assert i["rules"][0]["host"] == "elasticsearch.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" - assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == uname - assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 9200 + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == uname + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9200 assert i["rules"][1]["host"] == None assert i["rules"][1]["http"]["paths"][0]["path"] == "/" - assert i["rules"][1]["http"]["paths"][0]["backend"]["serviceName"] == uname - assert i["rules"][1]["http"]["paths"][0]["backend"]["servicePort"] == 9200 + assert i["rules"][1]["http"]["paths"][0]["backend"]["service"]["name"] == uname + assert i["rules"][1]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9200 assert i["rules"][1]["http"]["paths"][1]["path"] == "/mypath" - assert i["rules"][1]["http"]["paths"][1]["backend"]["serviceName"] == uname - assert i["rules"][1]["http"]["paths"][1]["backend"]["servicePort"] == 8888 + assert i["rules"][1]["http"]["paths"][1]["backend"]["service"]["name"] == uname + assert i["rules"][1]["http"]["paths"][1]["backend"]["service"]["port"]["number"] == 8888 assert i["rules"][2]["host"] == "elasticsearch.hello.there" assert i["rules"][2]["http"]["paths"][0]["path"] == "/" - assert i["rules"][2]["http"]["paths"][0]["backend"]["serviceName"] == uname - assert i["rules"][2]["http"]["paths"][0]["backend"]["servicePort"] == 9999 + assert i["rules"][2]["http"]["paths"][0]["backend"]["service"]["name"] == uname + assert i["rules"][2]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9999 def test_adding_a_deprecated_ingress_rule(): @@ -682,8 +682,8 @@ def test_adding_a_deprecated_ingress_rule(): assert i["rules"][0]["host"] == "elasticsearch.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" - assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == uname - assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 9200 + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == uname + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9200 def test_changing_the_protocol(): From 4b2b7bf410052eb7ce208fdb0285f1a22bda07a9 Mon Sep 17 00:00:00 2001 From: framsouza Date: Mon, 11 Oct 2021 14:41:44 +0200 Subject: [PATCH 04/12] Adjusting python tests to use the new ingress version --- kibana/templates/ingress.yaml | 4 ++-- kibana/tests/kibana_test.py | 28 ++++++++++++++-------------- kibana/values.yaml | 4 ++-- logstash/tests/logstash_test.py | 25 +++++++++++++++---------- logstash/values.yaml | 2 +- 5 files changed, 34 insertions(+), 29 deletions(-) diff --git a/kibana/templates/ingress.yaml b/kibana/templates/ingress.yaml index d60ea3aff..8a6c9edc3 100644 --- a/kibana/templates/ingress.yaml +++ b/kibana/templates/ingress.yaml @@ -38,7 +38,7 @@ spec: service: name: {{ $fullName }} port: - number:{{ $httpPort }} + number: {{ $httpPort }} {{- else }} - host: {{ .host }} http: @@ -54,4 +54,4 @@ spec: {{- end }} {{- end }} {{- end }} -#{{- end }} + {{- end }} diff --git a/kibana/tests/kibana_test.py b/kibana/tests/kibana_test.py index a7411f358..10d028786 100644 --- a/kibana/tests/kibana_test.py +++ b/kibana/tests/kibana_test.py @@ -260,19 +260,19 @@ def test_adding_an_ingress_rule(): assert i["rules"][0]["host"] == "kibana.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" - assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == name - assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == name + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 5601 assert i["rules"][0]["http"]["paths"][1]["path"] == "/testpath" - assert i["rules"][0]["http"]["paths"][1]["backend"]["serviceName"] == name - assert i["rules"][0]["http"]["paths"][1]["backend"]["servicePort"] == 8888 + assert i["rules"][0]["http"]["paths"][1]["backend"]["service"]["name"] == name + assert i["rules"][0]["http"]["paths"][1]["backend"]["service"]["port"]["number"] == 8888 assert i["rules"][1]["host"] == None assert i["rules"][1]["http"]["paths"][0]["path"] == "/" - assert i["rules"][1]["http"]["paths"][0]["backend"]["serviceName"] == name - assert i["rules"][1]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + assert i["rules"][1]["http"]["paths"][0]["backend"]["service"]["name"] == name + assert i["rules"][1]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 5601 assert i["rules"][2]["host"] == "kibana.hello.there" assert i["rules"][2]["http"]["paths"][0]["path"] == "/mypath" - assert i["rules"][2]["http"]["paths"][0]["backend"]["serviceName"] == name - assert i["rules"][2]["http"]["paths"][0]["backend"]["servicePort"] == 9999 + assert i["rules"][2]["http"]["paths"][0]["backend"]["service"]["name"] == name + assert i["rules"][2]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9999 def test_adding_a_deprecated_ingress_rule(): @@ -298,8 +298,8 @@ def test_adding_a_deprecated_ingress_rule(): assert i["rules"][0]["host"] == "kibana.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" - assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == name - assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == name + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 5601 def test_adding_an_ingress_rule_wildcard(): @@ -326,8 +326,8 @@ def test_adding_an_ingress_rule_wildcard(): assert i["rules"][0]["host"] == "kibana.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" - assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == name - assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == name + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 5601 def test_adding_a_deprecated_ingress_rule_wildcard(): @@ -353,8 +353,8 @@ def test_adding_a_deprecated_ingress_rule_wildcard(): assert i["rules"][0]["host"] == "kibana.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" - assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == name - assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == name + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 5601 def test_override_the_default_update_strategy(): diff --git a/kibana/values.yaml b/kibana/values.yaml index 4bf57ec9f..9a1a2f348 100755 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -1,5 +1,5 @@ --- -elasticsearchHosts: "http://my-es-helm:9200" +elasticsearchHosts: "http://elasticsearch-master:9200" replicas: 1 @@ -127,7 +127,7 @@ service: httpPortName: http ingress: - enabled: true + enabled: false className: "" pathtype: ImplementationSpecific annotations: {} diff --git a/logstash/tests/logstash_test.py b/logstash/tests/logstash_test.py index 0f539aca2..8c1ecfe9f 100755 --- a/logstash/tests/logstash_test.py +++ b/logstash/tests/logstash_test.py @@ -932,20 +932,25 @@ def test_adding_an_ingress(): - host: logstash.local paths: - path: /logs - servicePort: 8080 + servicePort: 9600 """ r = helm_template(config) s = r["ingress"][name] assert s["metadata"]["name"] == name - assert len(s["spec"]["rules"]) == 1 - assert s["spec"]["rules"][0] == { - "host": "logstash.local", - "http": { - "paths": [ - {"path": "/logs", "backend": {"serviceName": name, "servicePort": 8080}} - ] - }, - } + #assert len(s["spec"]["rules"]) == 1 + #assert s["spec"]["rules"][0] == { + # "host": "logstash.local", + # "http": { + # "paths": [ + # {"path": "/logs", "backend": {"service": ["name" == name , "port","number" == 8080 ]}} + # ] + # }, + #} + + assert s["spec"]["rules"][0]["host"] == "logstash.local" + assert s["spec"]["rules"][0]["http"]["paths"][0]["path"] == "/logs" + assert s["spec"]["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == name + assert s["spec"]["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9600 def test_hostaliases(): diff --git a/logstash/values.yaml b/logstash/values.yaml index 77b8c744f..bab003e8e 100755 --- a/logstash/values.yaml +++ b/logstash/values.yaml @@ -269,7 +269,7 @@ service: {} # targetPort: 8080 ingress: - enabled: true + enabled: false className: "" pathtype: ImplementationSpecific hosts: From 2611e2817058f1cf40b3dca8df515be94537f7ce Mon Sep 17 00:00:00 2001 From: framsouza Date: Tue, 12 Oct 2021 13:50:40 +0200 Subject: [PATCH 05/12] fixing conflict --- elasticsearch/values.yaml | 348 -------------------------------------- 1 file changed, 348 deletions(-) delete mode 100755 elasticsearch/values.yaml diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml deleted file mode 100755 index 5e4d71845..000000000 --- a/elasticsearch/values.yaml +++ /dev/null @@ -1,348 +0,0 @@ ---- -clusterName: "elasticsearch" -nodeGroup: "master" - -# The service that non master groups will try to connect to when joining the cluster -# This should be set to clusterName + "-" + nodeGroup for your master group -masterService: "" - -# Elasticsearch roles that will be applied to this nodeGroup -# These will be set as environment variables. E.g. node.roles=master -# https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html#node-roles -roles: - - master - - data - - data_content - - data_hot - - data_warm - - data_cold - - ingest - - ml - - remote_cluster_client - - transform - -replicas: 3 -minimumMasterNodes: 2 - -esMajorVersion: "" - -# Allows you to add any config files in /usr/share/elasticsearch/config/ -# such as elasticsearch.yml and log4j2.properties -esConfig: {} -# elasticsearch.yml: | -# xpack.security.enabled: false -# key: -# nestedkey: value -# log4j2.properties: | -# key = value - - -# Extra environment variables to append to this nodeGroup -# This will be appended to the current 'env:' key. You can use any of the kubernetes env -# syntax here -extraEnvs: [] -# - name: MY_ENVIRONMENT_VAR -# value: the_value_goes_here - -# Allows you to load environment variables from kubernetes secret or config map -envFrom: [] -# - secretRef: -# name: env-secret -# - configMapRef: -# name: config-map - -# A list of secrets and their paths to mount inside the pod -# This is useful for mounting certificates for security and for mounting -# the X-Pack license -secretMounts: [] -# - name: elastic-certificates -# secretName: elastic-certificates -# path: /usr/share/elasticsearch/config/certs -# defaultMode: 0755 - -hostAliases: [] -#- ip: "127.0.0.1" -# hostnames: -# - "foo.local" -# - "bar.local" - -image: "docker.elastic.co/elasticsearch/elasticsearch" -imageTag: "8.0.0-SNAPSHOT" -imagePullPolicy: "IfNotPresent" - -podAnnotations: {} - # iam.amazonaws.com/role: es-cluster - -# additionals labels -labels: {} - -esJavaOpts: "" # example: "-Xmx1g -Xms1g" - -resources: - requests: - cpu: "1000m" - memory: "2Gi" - limits: - cpu: "1000m" - memory: "2Gi" - -initResources: {} - # limits: - # cpu: "25m" - # # memory: "128Mi" - # requests: - # cpu: "25m" - # memory: "128Mi" - -networkHost: "0.0.0.0" - -volumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: 30Gi - -rbac: - create: false - serviceAccountAnnotations: {} - serviceAccountName: "" - automountToken: true - -podSecurityPolicy: - create: false - name: "" - spec: - privileged: true - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret - - configMap - - persistentVolumeClaim - - emptyDir - -persistence: - enabled: true - labels: - # Add default labels for the volumeClaimTemplate of the StatefulSet - enabled: false - annotations: {} - -extraVolumes: [] - # - name: extras - # emptyDir: {} - -extraVolumeMounts: [] - # - name: extras - # mountPath: /usr/share/extras - # readOnly: true - -extraContainers: [] - # - name: do-something - # image: busybox - # command: ['do', 'something'] - -extraInitContainers: [] - # - name: do-something - # image: busybox - # command: ['do', 'something'] - -# This is the PriorityClass settings as defined in -# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -priorityClassName: "" - -# By default this will make sure two pods don't end up on the same node -# Changing this to a region would allow you to spread pods across regions -antiAffinityTopologyKey: "kubernetes.io/hostname" - -# Hard means that by default pods will only be scheduled if there are enough nodes for them -# and that they will never end up on the same node. Setting this to soft will do this "best effort" -antiAffinity: "hard" - -# This is the node affinity settings as defined in -# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature -nodeAffinity: {} - -# The default is to deploy all pods serially. By setting this to parallel all pods are started at -# the same time when bootstrapping the cluster -podManagementPolicy: "Parallel" - -# The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when -# there are many services in the current namespace. -# If you experience slow pod startups you probably want to set this to `false`. -enableServiceLinks: true - -protocol: http -httpPort: 9200 -transportPort: 9300 - -service: - enabled: true - labels: {} - labelsHeadless: {} - type: ClusterIP - nodePort: "" - annotations: {} - httpPortName: http - transportPortName: transport - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalTrafficPolicy: "" - -updateStrategy: RollingUpdate - -# This is the max unavailable setting for the pod disruption budget -# The default value of 1 will make sure that kubernetes won't allow more than 1 -# of your pods to be unavailable during maintenance -maxUnavailable: 1 - -podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 - -securityContext: - capabilities: - drop: - - ALL - # readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - -# How long to wait for elasticsearch to stop gracefully -terminationGracePeriod: 120 - -sysctlVmMaxMapCount: 262144 - -readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 3 - timeoutSeconds: 5 - -# https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params wait_for_status -clusterHealthCheckParams: "wait_for_status=green&timeout=1s" - -## Use an alternate scheduler. -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" - -imagePullSecrets: [] -nodeSelector: {} -tolerations: [] - -# Enabling this will publicly expose your Elasticsearch instance. -# Only enable this if you have security enabled on your cluster -ingress: - enabled: false - className: "" - #annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - pathtype: ImplementationSpecific - hosts: - - host: chart-example.local - paths: - - path: / - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -nameOverride: "" -fullnameOverride: "" -healthNameOverride: "" - -lifecycle: {} - # preStop: - # exec: - # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] - # postStart: - # exec: - # command: - # - bash - # - -c - # - | - # #!/bin/bash - # # Add a template to adjust number of shards/replicas - # TEMPLATE_NAME=my_template - # INDEX_PATTERN="logstash-*" - # SHARD_COUNT=8 - # REPLICA_COUNT=1 - # ES_URL=http://localhost:9200 - # while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done - # curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}' - -sysctlInitContainer: - enabled: true - -keystore: [] - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## In order for a Pod to access Elasticsearch, it needs to have the following label: - ## {{ template "uname" . }}-client: "true" - ## Example for default configuration to access HTTP port: - ## elasticsearch-master-http-client: "true" - ## Example for default configuration to access transport port: - ## elasticsearch-master-transport-client: "true" - - http: - enabled: false - ## if explicitNamespacesSelector is not set or set to {}, only client Pods being in the networkPolicy's namespace - ## and matching all criteria can reach the DB. - ## But sometimes, we want the Pods to be accessible to clients from other namespaces, in this case, we can use this - ## parameter to select these namespaces - ## - # explicitNamespacesSelector: - # # Accept from namespaces with all those different rules (only from whitelisted Pods) - # matchLabels: - # role: frontend - # matchExpressions: - # - {key: role, operator: In, values: [frontend]} - - ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. - ## - # additionalRules: - # - podSelector: - # matchLabels: - # role: frontend - # - podSelector: - # matchExpressions: - # - key: role - # operator: In - # values: - # - frontend - - transport: - ## Note that all Elasticsearch Pods can talks to themselves using transport port even if enabled. - enabled: false - # explicitNamespacesSelector: - # matchLabels: - # role: frontend - # matchExpressions: - # - {key: role, operator: In, values: [frontend]} - # additionalRules: - # - podSelector: - # matchLabels: - # role: frontend - # - podSelector: - # matchExpressions: - # - key: role - # operator: In - # values: - # - frontend - -tests: - enabled: true - -# Deprecated -# please use the above podSecurityContext.fsGroup instead -fsGroup: "" From af7de17003f4cae37df1df075a297549c6112cad Mon Sep 17 00:00:00 2001 From: framsouza Date: Tue, 12 Oct 2021 15:12:46 +0200 Subject: [PATCH 06/12] Adding support to kubernetes ingress v1 & ClassName --- apm-server/templates/ingress.yaml | 4 ++++ apm-server/values.yaml | 4 ++-- elasticsearch/templates/ingress.yaml | 10 ++++------ elasticsearch/values.yaml | 2 ++ kibana/templates/ingress.yaml | 4 ++++ kibana/values.yaml | 2 +- logstash/templates/ingress.yaml | 4 ++++ logstash/values.yaml | 2 +- 8 files changed, 22 insertions(+), 10 deletions(-) diff --git a/apm-server/templates/ingress.yaml b/apm-server/templates/ingress.yaml index 91e7b3d42..487208bf3 100644 --- a/apm-server/templates/ingress.yaml +++ b/apm-server/templates/ingress.yaml @@ -13,6 +13,10 @@ metadata: {{- range $key, $value := .Values.labels }} {{ $key }}: {{ $value | quote }} {{- end }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} spec: {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className | quote }} diff --git a/apm-server/values.yaml b/apm-server/values.yaml index 7034ef4b9..6062f0f04 100755 --- a/apm-server/values.yaml +++ b/apm-server/values.yaml @@ -158,8 +158,8 @@ autoscaling: averageCpuUtilization: 50 ingress: - enabled: true - className: "" + enabled: false + className: "nginx" pathtype: ImplementationSpecific annotations: {} # kubernetes.io/ingress.class: nginx diff --git a/elasticsearch/templates/ingress.yaml b/elasticsearch/templates/ingress.yaml index 84f3bd513..263f5b842 100644 --- a/elasticsearch/templates/ingress.yaml +++ b/elasticsearch/templates/ingress.yaml @@ -3,11 +3,7 @@ {{- $httpPort := .Values.httpPort -}} {{- $pathtype := .Values.ingress.pathtype -}} {{- $ingressPath := .Values.ingress.path -}} -{{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} apiVersion: networking.k8s.io/v1 -{{- end }} kind: Ingress metadata: name: {{ $fullName }} @@ -15,10 +11,12 @@ metadata: app: {{ .Chart.Name }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} spec: - {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className | quote }} - {{- end }} {{- if .Values.ingress.tls }} tls: {{- if .ingressPath }} diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 0efde9c0d..c6ffe7789 100755 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -245,6 +245,8 @@ tolerations: [] # Only enable this if you have security enabled on your cluster ingress: enabled: false + className: "nginx" + pathtype: ImplementationSpecific annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" diff --git a/kibana/templates/ingress.yaml b/kibana/templates/ingress.yaml index 8a6c9edc3..002538057 100644 --- a/kibana/templates/ingress.yaml +++ b/kibana/templates/ingress.yaml @@ -8,6 +8,10 @@ kind: Ingress metadata: name: {{ $fullName }} labels: {{ include "kibana.labels" . | nindent 4 }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} spec: {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className | quote }} diff --git a/kibana/values.yaml b/kibana/values.yaml index 9a1a2f348..4b084d2e9 100755 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -128,7 +128,7 @@ service: ingress: enabled: false - className: "" + className: "nginx" pathtype: ImplementationSpecific annotations: {} # kubernetes.io/ingress.class: nginx diff --git a/logstash/templates/ingress.yaml b/logstash/templates/ingress.yaml index ac244c9aa..83e9c2307 100644 --- a/logstash/templates/ingress.yaml +++ b/logstash/templates/ingress.yaml @@ -12,6 +12,10 @@ metadata: chart: "{{ .Chart.Name }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} spec: {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className | quote }} diff --git a/logstash/values.yaml b/logstash/values.yaml index bab003e8e..4cabddaf7 100755 --- a/logstash/values.yaml +++ b/logstash/values.yaml @@ -270,7 +270,7 @@ service: {} ingress: enabled: false - className: "" + className: "nginx" pathtype: ImplementationSpecific hosts: - host: logstash-example.local From 10ee16daffd1320c92c5d1e4226848c869043fb1 Mon Sep 17 00:00:00 2001 From: framsouza Date: Tue, 12 Oct 2021 15:31:32 +0200 Subject: [PATCH 07/12] Adding reformatted files --- elasticsearch/tests/elasticsearch_test.py | 25 ++++++++++++---- kibana/tests/kibana_test.py | 35 ++++++++++++++++++----- logstash/tests/logstash_test.py | 17 +++++++---- 3 files changed, 60 insertions(+), 17 deletions(-) diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py index 7b6f418ac..ba78f2b5d 100755 --- a/elasticsearch/tests/elasticsearch_test.py +++ b/elasticsearch/tests/elasticsearch_test.py @@ -645,18 +645,30 @@ def test_adding_an_ingress_rule(): assert i["rules"][0]["host"] == "elasticsearch.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == uname - assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9200 + assert ( + i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 9200 + ) assert i["rules"][1]["host"] == None assert i["rules"][1]["http"]["paths"][0]["path"] == "/" assert i["rules"][1]["http"]["paths"][0]["backend"]["service"]["name"] == uname - assert i["rules"][1]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9200 + assert ( + i["rules"][1]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 9200 + ) assert i["rules"][1]["http"]["paths"][1]["path"] == "/mypath" assert i["rules"][1]["http"]["paths"][1]["backend"]["service"]["name"] == uname - assert i["rules"][1]["http"]["paths"][1]["backend"]["service"]["port"]["number"] == 8888 + assert ( + i["rules"][1]["http"]["paths"][1]["backend"]["service"]["port"]["number"] + == 8888 + ) assert i["rules"][2]["host"] == "elasticsearch.hello.there" assert i["rules"][2]["http"]["paths"][0]["path"] == "/" assert i["rules"][2]["http"]["paths"][0]["backend"]["service"]["name"] == uname - assert i["rules"][2]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9999 + assert ( + i["rules"][2]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 9999 + ) def test_adding_a_deprecated_ingress_rule(): @@ -683,7 +695,10 @@ def test_adding_a_deprecated_ingress_rule(): assert i["rules"][0]["host"] == "elasticsearch.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == uname - assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9200 + assert ( + i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 9200 + ) def test_changing_the_protocol(): diff --git a/kibana/tests/kibana_test.py b/kibana/tests/kibana_test.py index 10d028786..3a8924db2 100644 --- a/kibana/tests/kibana_test.py +++ b/kibana/tests/kibana_test.py @@ -261,18 +261,30 @@ def test_adding_an_ingress_rule(): assert i["rules"][0]["host"] == "kibana.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == name - assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 5601 + assert ( + i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 5601 + ) assert i["rules"][0]["http"]["paths"][1]["path"] == "/testpath" assert i["rules"][0]["http"]["paths"][1]["backend"]["service"]["name"] == name - assert i["rules"][0]["http"]["paths"][1]["backend"]["service"]["port"]["number"] == 8888 + assert ( + i["rules"][0]["http"]["paths"][1]["backend"]["service"]["port"]["number"] + == 8888 + ) assert i["rules"][1]["host"] == None assert i["rules"][1]["http"]["paths"][0]["path"] == "/" assert i["rules"][1]["http"]["paths"][0]["backend"]["service"]["name"] == name - assert i["rules"][1]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 5601 + assert ( + i["rules"][1]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 5601 + ) assert i["rules"][2]["host"] == "kibana.hello.there" assert i["rules"][2]["http"]["paths"][0]["path"] == "/mypath" assert i["rules"][2]["http"]["paths"][0]["backend"]["service"]["name"] == name - assert i["rules"][2]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9999 + assert ( + i["rules"][2]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 9999 + ) def test_adding_a_deprecated_ingress_rule(): @@ -299,7 +311,10 @@ def test_adding_a_deprecated_ingress_rule(): assert i["rules"][0]["host"] == "kibana.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == name - assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 5601 + assert ( + i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 5601 + ) def test_adding_an_ingress_rule_wildcard(): @@ -327,7 +342,10 @@ def test_adding_an_ingress_rule_wildcard(): assert i["rules"][0]["host"] == "kibana.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == name - assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 5601 + assert ( + i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 5601 + ) def test_adding_a_deprecated_ingress_rule_wildcard(): @@ -354,7 +372,10 @@ def test_adding_a_deprecated_ingress_rule_wildcard(): assert i["rules"][0]["host"] == "kibana.elastic.co" assert i["rules"][0]["http"]["paths"][0]["path"] == "/" assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == name - assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 5601 + assert ( + i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 5601 + ) def test_override_the_default_update_strategy(): diff --git a/logstash/tests/logstash_test.py b/logstash/tests/logstash_test.py index 8c1ecfe9f..0731da3bb 100755 --- a/logstash/tests/logstash_test.py +++ b/logstash/tests/logstash_test.py @@ -937,20 +937,27 @@ def test_adding_an_ingress(): r = helm_template(config) s = r["ingress"][name] assert s["metadata"]["name"] == name - #assert len(s["spec"]["rules"]) == 1 - #assert s["spec"]["rules"][0] == { + # assert len(s["spec"]["rules"]) == 1 + # assert s["spec"]["rules"][0] == { # "host": "logstash.local", # "http": { # "paths": [ # {"path": "/logs", "backend": {"service": ["name" == name , "port","number" == 8080 ]}} # ] # }, - #} + # } assert s["spec"]["rules"][0]["host"] == "logstash.local" assert s["spec"]["rules"][0]["http"]["paths"][0]["path"] == "/logs" - assert s["spec"]["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == name - assert s["spec"]["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] == 9600 + assert ( + s["spec"]["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == name + ) + assert ( + s["spec"]["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"][ + "number" + ] + == 9600 + ) def test_hostaliases(): From aefb05e1979798fc000282a914223257da911632 Mon Sep 17 00:00:00 2001 From: framsouza Date: Tue, 12 Oct 2021 20:16:13 +0200 Subject: [PATCH 08/12] fixing conflict --- elasticsearch/values.yaml | 2 -- 1 file changed, 2 deletions(-) mode change 100755 => 100644 elasticsearch/values.yaml diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml old mode 100755 new mode 100644 index c6ffe7789..0efde9c0d --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -245,8 +245,6 @@ tolerations: [] # Only enable this if you have security enabled on your cluster ingress: enabled: false - className: "nginx" - pathtype: ImplementationSpecific annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" From eb96b28e10d64ae7e5953d7535e35086c6df5506 Mon Sep 17 00:00:00 2001 From: framsouza Date: Wed, 13 Oct 2021 16:03:06 +0200 Subject: [PATCH 09/12] Adding ClassName & Pathtype on ingress settings --- elasticsearch/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 0efde9c0d..4019bc313 100644 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -246,6 +246,8 @@ tolerations: [] ingress: enabled: false annotations: {} + className: "nginx" + pathtype: ImplementationSpecific # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: From a6be99c8b8f9fa28b7a6c1ce636d3c4506c14fb7 Mon Sep 17 00:00:00 2001 From: framsouza Date: Wed, 13 Oct 2021 17:23:27 +0200 Subject: [PATCH 10/12] Performing syntax adjustments and removing comments --- elasticsearch/templates/ingress.yaml | 4 +++- logstash/templates/ingress.yaml | 2 +- logstash/tests/logstash_test.py | 10 ---------- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/elasticsearch/templates/ingress.yaml b/elasticsearch/templates/ingress.yaml index 263f5b842..e60cebf18 100644 --- a/elasticsearch/templates/ingress.yaml +++ b/elasticsearch/templates/ingress.yaml @@ -16,7 +16,9 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} spec: + {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className | quote }} + {{- end }} {{- if .Values.ingress.tls }} tls: {{- if .ingressPath }} @@ -30,7 +32,7 @@ spec: {{- else }} {{ toYaml .Values.ingress.tls | indent 4 }} {{- end }} -{{end}} +{{- end}} rules: {{- range .Values.ingress.hosts }} {{- if $ingressPath }} diff --git a/logstash/templates/ingress.yaml b/logstash/templates/ingress.yaml index 83e9c2307..db5f87b26 100644 --- a/logstash/templates/ingress.yaml +++ b/logstash/templates/ingress.yaml @@ -33,7 +33,7 @@ spec: {{- else }} {{ toYaml .Values.ingress.tls | indent 4 }} {{- end }} -{{end}} +{{- end}} rules: {{- range $.Values.ingress.hosts }} - host: {{ .host }} diff --git a/logstash/tests/logstash_test.py b/logstash/tests/logstash_test.py index 0731da3bb..4d6e7b2fe 100755 --- a/logstash/tests/logstash_test.py +++ b/logstash/tests/logstash_test.py @@ -937,16 +937,6 @@ def test_adding_an_ingress(): r = helm_template(config) s = r["ingress"][name] assert s["metadata"]["name"] == name - # assert len(s["spec"]["rules"]) == 1 - # assert s["spec"]["rules"][0] == { - # "host": "logstash.local", - # "http": { - # "paths": [ - # {"path": "/logs", "backend": {"service": ["name" == name , "port","number" == 8080 ]}} - # ] - # }, - # } - assert s["spec"]["rules"][0]["host"] == "logstash.local" assert s["spec"]["rules"][0]["http"]["paths"][0]["path"] == "/logs" assert ( From d164d6c93f97ef7f5cb83805fbfbffe49d24a675 Mon Sep 17 00:00:00 2001 From: framsouza Date: Mon, 18 Oct 2021 17:55:04 +0200 Subject: [PATCH 11/12] custerRole permissions for leader election in k8s 1.19+ --- metricbeat/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml index 6d01ae073..fddca7070 100755 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -259,6 +259,10 @@ clusterRoleRules: resources: - nodes/stats verbs: ["get"] + - apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["create", "get", "list", "update"] podAnnotations: {} # iam.amazonaws.com/role: es-cluster From 5ae9a7c9e7009179364510c67e0872b71c491cbd Mon Sep 17 00:00:00 2001 From: framsouza Date: Tue, 16 Nov 2021 12:32:05 +0100 Subject: [PATCH 12/12] Adding fb & mb role --- filebeat/templates/role.yaml | 14 ++++++++++++++ metricbeat/templates/role.yaml | 14 ++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 filebeat/templates/role.yaml create mode 100644 metricbeat/templates/role.yaml diff --git a/filebeat/templates/role.yaml b/filebeat/templates/role.yaml new file mode 100644 index 000000000..fe3cf924f --- /dev/null +++ b/filebeat/templates/role.yaml @@ -0,0 +1,14 @@ +{{- if .Values.managedServiceAccount }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "filebeat.serviceAccount" . }}-role + labels: + app: "{{ template "filebeat.fullname" . }}" +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +{{- end -}} diff --git a/metricbeat/templates/role.yaml b/metricbeat/templates/role.yaml new file mode 100644 index 000000000..2016e2894 --- /dev/null +++ b/metricbeat/templates/role.yaml @@ -0,0 +1,14 @@ +{{- if .Values.managedServiceAccount }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "metricbeat.serviceAccount" . }}-role + labels: + app: "{{ template "metricbeat.fullname" . }}" +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +{{- end -}}