diff --git a/efk/Chart.yaml b/efk/Chart.yaml index 5a5ae6e80d3f937e056f4183035450c63a8bdece..feb8cb1ccc94fa250d7b301d82a00dad6474082f 100644 --- a/efk/Chart.yaml +++ b/efk/Chart.yaml @@ -2,7 +2,14 @@ apiVersion: v1 appVersion: "1.0" description: EFK stack cluster name: efk -version: 0.1.1 +version: 0.1.4 +home: https://github.com/justwatchcom/elasticsearch_exporter +sources: + - https://github.com/justwatchcom/elasticsearch_exporter +keywords: + - metrics + - elasticsearch + - monitoring maintainers: - name: Alexandr Ivanov email: ivanov.ua@ukr.net diff --git a/efk/templates/_helpers.tpl b/efk/templates/_helpers.tpl index 216a2189db87e880981e4ebcff330f2f43a54b84..84d7a7ee766a4c8a79648a526edfc11f26aa96f0 100644 --- a/efk/templates/_helpers.tpl +++ b/efk/templates/_helpers.tpl @@ -6,6 +6,10 @@ Expand the name of the chart. {{- default .Chart.Name .Values.nameOverride | trunc 53 | trimSuffix "-" -}} {{- end -}} +{{- define "elasticsearch-exporter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create a default fully qualified app name. We truncate at 53 chars (63 - len("-discovery")) because some Kubernetes name fields are limited to 63 (by the DNS naming spec). @@ -15,4 +19,24 @@ We truncate at 53 chars (63 - len("-discovery")) because some Kubernetes name fi {{- printf "%s-%s" .Release.Name $name | trunc 53 | trimSuffix "-" -}} {{- end -}} +{{- define "elasticsearch-exporter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" $name .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "elasticsearch-exporter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/efk/templates/es-exporter-cert-secret.yaml b/efk/templates/es-exporter-cert-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..06f6333c117f3739421c9f11a59fc6197e23a139 --- /dev/null +++ b/efk/templates/es-exporter-cert-secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.elasticsearchexporter.es.ssl.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "elasticsearch-exporter.fullname" . }}-cert + labels: + chart: {{ template "elasticsearch-exporter.chart" . }} + app: {{ template "elasticsearch-exporter.name" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + ca.pem: {{ .Values.elasticsearchexporter.es.ssl.ca.pem | b64enc }} + client.pem: {{ .Values.elasticsearchexporter.es.ssl.client.pem | b64enc }} + client.key: {{ .Values.elasticsearchexporter.es.ssl.client.key | b64enc }} +{{- end }} \ No newline at end of file diff --git a/efk/templates/es-exporter-deployment.yaml b/efk/templates/es-exporter-deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..51bb7546f30233859eb99bbc9f3916830fd5eac5 --- /dev/null +++ b/efk/templates/es-exporter-deployment.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ template "elasticsearch-exporter.fullname" . }} + labels: + chart: {{ template "elasticsearch-exporter.chart" . }} + app: {{ template "elasticsearch-exporter.name" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: {{ .Values.elasticsearchexporter.replicaCount }} + selector: + matchLabels: + app: {{ template "elasticsearch-exporter.name" . }} + release: "{{ .Release.Name }}" + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: {{ template "elasticsearch-exporter.name" . }} + release: "{{ .Release.Name }}" + {{- if .Values.elasticsearchexporter.podAnnotations }} + annotations: +{{ toYaml .Values.elasticsearchexporter.podAnnotations | indent 8 }} + {{- end }} + spec: +{{- if .Values.elasticsearchexporter.priorityClassName }} + priorityClassName: "{{ .Values.elasticsearchexporter.priorityClassName }}" +{{- end }} + restartPolicy: {{ .Values.elasticsearchexporter.restartPolicy }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.elasticsearchexporter.image.repository }}:{{ .Values.elasticsearchexporter.image.tag }}" + imagePullPolicy: {{ .Values.elasticsearchexporter.image.pullPolicy }} + command: ["elasticsearch_exporter", + "-es.uri={{ .Values.elasticsearchexporter.es.uri }}", + "-es.all={{ .Values.elasticsearchexporter.es.all }}", + "-es.indices={{ .Values.elasticsearchexporter.es.indices }}", + "-es.timeout={{ .Values.elasticsearchexporter.es.timeout }}", + {{- if .Values.elasticsearchexporter.es.ssl.enabled }} + "-es.ca=/ssl/ca.pem", + "-es.client-cert=/ssl/client.pem", + "-es.client-private-key=/ssl/client.key", + {{- end }} + "-web.listen-address=:{{ .Values.elasticsearchexporter.service.httpPort }}", + "-web.telemetry-path={{ .Values.elasticsearchexporter.web.path }}"] + securityContext: + capabilities: + drop: + - SETPCAP + - MKNOD + - AUDIT_WRITE + - CHOWN + - NET_RAW + - DAC_OVERRIDE + - FOWNER + - FSETID + - KILL + - SETGID + - SETUID + - NET_BIND_SERVICE + - SYS_CHROOT + - SETFCAP + readOnlyRootFilesystem: true + resources: +{{ toYaml .Values.elasticsearchexporter.resources | indent 12 }} + ports: + - containerPort: {{ .Values.elasticsearchexporter.service.httpPort }} + name: http + livenessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 30 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 10 + timeoutSeconds: 10 + volumeMounts: + {{- if .Values.elasticsearchexporter.es.ssl.enabled }} + - mountPath: /ssl + name: ssl + {{- end }} +{{- if .Values.elasticsearchexporter.nodeSelector }} + nodeSelector: +{{ toYaml .Values.elasticsearchexporter.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.elasticsearchexporter.tolerations }} + tolerations: +{{ toYaml .Values.elasticsearchexporter.tolerations | indent 8 }} +{{- end }} + volumes: + {{- if .Values.elasticsearchexporter.es.ssl.enabled }} + - name: ssl + secret: + secretName: {{ template "elasticsearch-exporter.fullname" . }}-cert + {{- end }} \ No newline at end of file diff --git a/efk/templates/es-exporter-service.yaml b/efk/templates/es-exporter-service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f1b9543e76a0d4c8f66b23d191da831132744a97 --- /dev/null +++ b/efk/templates/es-exporter-service.yaml @@ -0,0 +1,22 @@ +kind: Service +apiVersion: v1 +metadata: + name: {{ template "elasticsearch-exporter.fullname" . }} + labels: + chart: {{ template "elasticsearch-exporter.chart" . }} + app: {{ template "elasticsearch-exporter.name" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.elasticsearchexporter.service.annotations }} + annotations: +{{ toYaml .Values.elasticsearchexporter.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.elasticsearchexporter.service.type }} + ports: + - name: http + port: {{ .Values.elasticsearchexporter.service.httpPort }} + protocol: TCP + selector: + app: {{ template "elasticsearch-exporter.name" . }} + release: "{{ .Release.Name }}" \ No newline at end of file diff --git a/efk/values.yaml b/efk/values.yaml index 060283486a1e9d78f5ea4cd76eb874f2f3f5f3b8..f16fceb69a4ace1094d31830925c4d1e7cb41db8 100644 --- a/efk/values.yaml +++ b/efk/values.yaml @@ -80,3 +80,89 @@ curator: timestring: "%Y.%m.%d" unit: "days" unit_count: 7 + +elasticsearchexporter: + ## number of exporter instances + ## + replicaCount: 1 + + ## restart policy for all containers + ## + restartPolicy: Always + + image: + repository: justwatch/elasticsearch_exporter + tag: 1.0.2 + pullPolicy: IfNotPresent + + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 100m + memory: 128Mi + + priorityClassName: "" + + nodeSelector: {} + + tolerations: {} + + podAnnotations: {} + + service: + type: ClusterIP + httpPort: 9108 + annotations: + nynja.biz/scrape: "true" + nynja.biz/scrape_port: "9108" + nynja.biz/env: "dev" + nynja.biz/probe: "efkexporter" + + es: + ## Address (host and port) of the Elasticsearch node we should connect to. + ## This could be a local node (localhost:9200, for instance), or the address + ## of a remote Elasticsearch server. When basic auth is needed, + ## specify as: ://:@:. e.g., http://admin:pass@localhost:9200. + ## + uri: http://elasticsearch:9200 + + ## If true, query stats for all nodes in the cluster, rather than just the + ## node we connect to. + ## + all: true + + ## If true, query stats for all indices in the cluster. + ## + indices: true + + ## Timeout for trying to get stats from Elasticsearch. (ex: 20s) + ## + timeout: 30s + + ssl: + ## If true, a secure connection to ES cluster is used (requires SSL certs below) + ## + enabled: false + + ca: + + ## PEM that contains trusted CAs used for setting up secure Elasticsearch connection + ## + # pem: + + client: + + ## PEM that contains the client cert to connect to Elasticsearch. + ## + # pem: + + ## Private key for client auth when connecting to Elasticsearch + ## + # key: + + web: + ## Path under which to expose metrics. + ## + path: /metrics