elasticsearch

apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app: elasticsearch
  name: elasticsearch
spec:
  replicas: {{ .Values.global.elasticsearch.replicas }}
  selector:
    matchLabels:
      app: elasticsearch
  serviceName: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      containers:
      - command: ["bash", "-c", "/entrypoint.sh"]
        image: docker.elastic.co/elasticsearch/elasticsearch:6.5.4
        imagePullPolicy: IfNotPresent
        name: elasticsearch
        ports:
        - containerPort: 9200
          name: db
          protocol: TCP
        - containerPort: 9300
          name: transport
          protocol: TCP
        resources:
          requests:
            cpu: "{{ .Values.global.elasticsearch.requests.cpu }}"
            memory: "{{ .Values.global.elasticsearch.requests.memory }}"
        livenessProbe:
          httpGet:
            path: "/_cluster/health?local=true"
            port: 9200
          initialDelaySeconds: 60
          periodSeconds: 60
        securityContext:
          privileged: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /elasticsearch/data
          name: datadir
        - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
          name: elasticsearch
          subPath: elasticsearch.yml
        - mountPath: /usr/share/elasticsearch/config/jvm.options
          name: elasticsearch
          subPath: jvm.options
        - mountPath: /usr/share/elasticsearch/config/log4j2.properties
          name: elasticsearch
          subPath: log4j2.properties
        - mountPath: /usr/share/elasticsearch/config/analysis/synonyms.txt
          name: elasticsearch
          subPath: synonyms.txt
        - mountPath: /usr/share/elasticsearch/.bash_profile
          name: elasticsearch
          subPath: .bash_profile
        - mountPath: /entrypoint.sh
          name: elasticsearch
          subPath: entrypoint.sh
        - mountPath: /run-as-es-user.sh
          name: elasticsearch
          subPath: run-as-es-user.sh
      dnsPolicy: ClusterFirst
      initContainers:
      - command: ["/bin/sh", "-c", "chown -R 1000 /data0/elasticsearch ; sysctl -w vm.max_map_count=262144"]
        image: alpine:3.6
        imagePullPolicy: IfNotPresent
        name: elasticsearch-init
        securityContext:
          privileged: true
        # We prefer to use hostPath in production.  For development (or any situation with multiple namespaces) we need to use PVCs
        volumeMounts:
        - mountPath: /data0/elasticsearch
          name: datadir
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        fsGroup: 0
        runAsUser: 0
      terminationGracePeriodSeconds: 30
      volumes:
      - configMap:
          defaultMode: 420
          items:
          - key: elasticsearch.yml
            path: elasticsearch.yml
          - key: jvm.options
            path: jvm.options
          - key: log4j2.properties
            path: log4j2.properties
          - key: synonyms.txt
            path: synonyms.txt
          - key: .bash_profile
            path: .bash_profile
          - key: entrypoint.sh
            mode: 448
            path: entrypoint.sh
          - key: run-as-es-user.sh
            mode: 448
            path: run-as-es-user.sh
          name: elasticsearch
        name: elasticsearch
      - name: elasticsearch-backups
        secret:
          defaultMode: 420
          secretName: elasticsearch-backups
      - hostPath:
          path: /data0/elasticsearch
          type: ""
        name: datadir

---
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: deploy
  name: elasticsearch

data:
  # this file needs to be named 'elasticsearch.yml' because elastic.co is evil: https://github.com/elastic/elasticsearch/pull/24689/files/53c58180662edf4f30b6d71d849d5e23e384dff1
  elasticsearch.yml: |
    network.host: 0.0.0.0
    bootstrap.memory_lock: true
    xpack.security.enabled: false

    # WARNING!!!!!!!!!
    # these values is required because we set "network.host"
    # be sure to modify it appropriately for the cluster (dev, prod, whatever)

    discovery.zen.minimum_master_nodes: {{ .Values.global.elasticsearch.minimum_master_nodes }}
    discovery.zen.ping.unicast.hosts: {{ .Values.global.elasticsearch.hosts }}

    action.auto_create_index: ".watches,.triggered_watches,.watcher-history-*"

    cluster.name: MyFancyCluster

    path.data: /elasticsearch/data
    path.logs: /usr/share/elasticsearch/data/logs

    http.port: 9200
    transport.tcp.port: 9300

# executed as root, before privileges are dropped.  Needed to remove ulimit, add plugins, etc
  entrypoint.sh: |
    # remove ulimit
    ulimit -l unlimited
    ln -s /opt/jdk-11.0.1/bin/java /usr/local/bin
    # install plugins here.  I use repository-s3, but anything else can go here.
    elasticsearch-plugin install --batch repository-s3
    su - elasticsearch /run-as-es-user.sh

  run-as-es-user.sh: |
    /usr/share/elasticsearch/bin/elasticsearch

# executed as elasticsearch, to start the ES server
  .bash_profile: |
    # Get the aliases and functions
    if [ -f ~/.bashrc ] ; then
    	. ~/.bashrc
    fi
    # User specific environment and startup programs
    PATH=$PATH:$HOME/.local/bin:$HOME/bin
    export PATH
    # use 45% of the host's physical RAM for the ES heap
    export JVM_HEAP=$(python -c "import os ; print(int(((os.sysconf('SC_PAGE_SIZE') * os.sysconf('SC_PHYS_PAGES'))/(1024.**2))*.45))")
    export ES_JAVA_OPTS="-Xms${JVM_HEAP}m -Xmx${JVM_HEAP}m"

  jvm.options: |
    ## JVM configuration
    # # Heap - This is now automatically calculated, refer to ~/.bash_profile
    # -Xms4g
    # -Xmx4g

    ## GC configuration
    -XX:+UseConcMarkSweepGC
    -XX:CMSInitiatingOccupancyFraction=75
    -XX:+UseCMSInitiatingOccupancyOnly

    ## optimizations
    # disable calls to System#gc
    -XX:+DisableExplicitGC

    # pre-touch memory pages used by the JVM during initialization
    -XX:+AlwaysPreTouch

    ## basic
    # force the server VM (remove on 32-bit client JVMs)
    -server

    # explicitly set the stack size (reduce to 320k on 32-bit client JVMs)
    -Xss1m

    # set to headless, just in case
    -Djava.awt.headless=true

    # ensure UTF-8 encoding by default (e.g. filenames)
    -Dfile.encoding=UTF-8

    # use our provided JNA always versus the system one
    -Djna.nosys=true

    # use old-style file permissions on JDK9
    -Djdk.io.permissionsUseCanonicalPath=true

    # flags to keep Netty from being unsafe
    -Dio.netty.noUnsafe=true
    -Dio.netty.noKeySetOptimization=true

    # log4j
    -Dlog4j.shutdownHookEnabled=false
    -Dlog4j2.disable.jmx=true
    -Dlog4j.skipJansi=true

    ## heap dumps
    # generate a heap dump when an allocation from the Java heap fails
    # heap dumps are created in the working directory of the JVM
    -XX:+HeapDumpOnOutOfMemoryError


  log4j2.properties: |
    status = error

    appender.console.type = Console
    appender.console.name = console
    appender.console.layout.type = PatternLayout
    appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n

    rootLogger.level = info
    rootLogger.appenderRef.console.ref = console

  synonyms.txt: |
    mon,monday
    tue,tuesday

---
  # A headless service to create DNS records
  apiVersion: v1
  kind: Service
  metadata:
    namespace: deploy
    annotations:
      service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
    name: elasticsearch
    labels:
      app: elasticsearch
  spec:
    ports:
    - port: 9200
      name: db
    - port: 9300
      name: transport
    # *.elasticsearch.default.svc.cluster.local
    clusterIP: None
    selector:
      app: elasticsearch