diff --git a/helm/templates/elasticsearch/configmap-elasticsearch.yaml b/helm/templates/elasticsearch/configmap-elasticsearch.yaml index 6a2a27d..3267f19 100644 --- a/helm/templates/elasticsearch/configmap-elasticsearch.yaml +++ b/helm/templates/elasticsearch/configmap-elasticsearch.yaml @@ -11,7 +11,6 @@ data: cluster.name: "wwwgmo-es" discovery.type: "single-node" ES_JAVA_OPTS: "-Xms512m -Xmx512m" - ELASTIC_USERNAME: elastic ELASTIC_HOST: "service-elasticsearch" xpack.security.enabled: "true" - xpack.security.transport.ssl.enabled: "true" + xpack.security.transport.ssl.enabled: "false" diff --git a/helm/templates/elasticsearch/create-kibana-user-job.yaml b/helm/templates/elasticsearch/create-kibana-user-job.yaml new file mode 100644 index 0000000..5906c70 --- /dev/null +++ b/helm/templates/elasticsearch/create-kibana-user-job.yaml @@ -0,0 +1,44 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: create-kibana-user + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: create-kibana-user + image: curlimages/curl:8.6.0 + command: ["/bin/sh", "-c"] + args: + - | + echo "⏳ Waiting for Elasticsearch..." + until curl -s -u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD} http://service-elasticsearch:9200/_cluster/health | grep -q '"status":"green"'; do + echo "🟡 Elasticsearch not ready yet..." + sleep 5 + done + + echo "🔍 Checking if user '${KIBANA_USERNAME}' exists..." + USER_EXISTS=$(curl -s -o /dev/null -w "%{http_code}" -u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD} http://elasticsearch:9200/_security/user/${KIBANA_USERNAME}) + + if [ "$USER_EXISTS" -eq 200 ]; then + echo "✅ User '${KIBANA_USERNAME}' already exists." + else + echo "➕ Creating user '${KIBANA_USERNAME}'..." + curl -s -u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD} -X POST http://elasticsearch:9200/_security/user/${KIBANA_USERNAME} \ + -H "Content-Type: application/json" \ + -d "{ + \"password\": \"${KIBANA_PASSWORD}\", + \"roles\": [\"kibana_system\"], + \"full_name\": \"Kibana System User\", + \"enabled\": true + }" + echo "✅ User '${KIBANA_USERNAME}' created." + fi + envFrom: + - secretRef: + name: secret-elasticsearch diff --git a/helm/templates/elasticsearch/secret-elasticsearch.yaml b/helm/templates/elasticsearch/secret-elasticsearch.yaml index 2f999c8..e97cd11 100644 --- a/helm/templates/elasticsearch/secret-elasticsearch.yaml +++ b/helm/templates/elasticsearch/secret-elasticsearch.yaml @@ -9,4 +9,7 @@ metadata: {{- include "site.labels" . | nindent 4 }} type: Opaque stringData: + ELASTIC_USERNAME: elastic ELASTIC_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}" + KIBANA_PASSWORD: kibanaPass55w0rd + KIBANA_USERNAME: kibana_system_user \ No newline at end of file diff --git a/helm/templates/elasticsearch/statefulset-elasticsearch.yaml b/helm/templates/elasticsearch/statefulset-elasticsearch.yaml index c8503fd..b563156 100644 --- a/helm/templates/elasticsearch/statefulset-elasticsearch.yaml +++ b/helm/templates/elasticsearch/statefulset-elasticsearch.yaml @@ -122,6 +122,10 @@ spec: accessModes: [ "ReadWriteOnce" ] storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.k3sStorageClassName }} {{- end }} +{{- if eq "kind" $.Values.kube }} + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.kindStorageClassName }} +{{- end }} {{- if eq "k8s" $.Values.kube }} accessModes: [ "ReadWriteMany" ] storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.k8sStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.k8sStorageClassName }} diff --git a/helm/templates/kibana/secret-kibana.yaml b/helm/templates/kibana/secret-kibana.yaml deleted file mode 100644 index b4ded84..0000000 --- a/helm/templates/kibana/secret-kibana.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: secret-kibana - namespace: {{ .Release.Namespace }} - labels: - {{- include "site.labels" . | nindent 4 }} -type: Opaque -stringData: - ELASTICSEARCH_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}" diff --git a/helm/templates/php-fpm/configmap-site.yaml b/helm/templates/php-fpm/configmap-site.yaml index 167ff6e..e9b4423 100644 --- a/helm/templates/php-fpm/configmap-site.yaml +++ b/helm/templates/php-fpm/configmap-site.yaml @@ -17,4 +17,4 @@ data: ES_HOST: "{{ required ".Values.site.phpfpmSite.es.host entry is required!" .Values.site.phpfpmSite.es.host }}" ES_USER: "{{ required ".Values.site.phpfpmSite.es.user entry is required!" .Values.site.phpfpmSite.es.user }}" ES_INDEX: "{{ required ".Values.site.phpfpmSite.es.index entry is required!" .Values.site.phpfpmSite.es.index }}" - KIBANA_URL: "https://{{ required ".Values.site.utlKibana entry is required!" .Values.site.urlKibana }}" + KIBANA_URL: "https://{{ required ".Values.site.urlKibana entry is required!" .Values.site.urlKibana }}" diff --git a/helm/templates/php-fpm/pvc-site.yaml b/helm/templates/php-fpm/pvc-site.yaml index 380fbff..3b13075 100644 --- a/helm/templates/php-fpm/pvc-site.yaml +++ b/helm/templates/php-fpm/pvc-site.yaml @@ -15,6 +15,11 @@ spec: - ReadWriteOnce storageClassName: {{ required ".Values.site.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.site.persistentVolumeClaim.k3sStorageClassName }} {{- end }} +{{- if eq "kind" $.Values.kube }} + accessModes: + - ReadWriteOnce + storageClassName: {{ required ".Values.site.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.site.persistentVolumeClaim.kindStorageClassName }} +{{- end }} {{- if eq "k8s" $.Values.kube }} accessModes: - ReadWriteMany diff --git a/helm/values-configs.yaml b/helm/values-configs.yaml index 665c4a6..5214d17 100644 --- a/helm/values-configs.yaml +++ b/helm/values-configs.yaml @@ -5,17 +5,19 @@ # elasticsearch elastic: priorityClassName: system-cluster-critical - imageTag: 8.18.2 + imageTag: 9.0.2 persistentVolumeClaim: #storageRequest: 1Gi storageRequest: 500M k3sStorageClassName: local-path + kindStorageClassName: standard k8sStorageClassName: longhorn kibana: - username: elastic + imageTag: 9.0.2 + username: kibana_system_user priorityClassName: system-node-critical - host: http://statefulset-elasticsearch-0.service-elasticsearch:9200 + host: http://service-elasticsearch:9200 mariadb: repository: mariadb @@ -38,6 +40,7 @@ mariadb: storageRequest: 500M backupdDbStorageRequest: 500M k3sStorageClassName: local-path + kindStorageClassName: standard k8sStorageClassName: longhorn site: @@ -103,8 +106,7 @@ site: persistentVolumeClaim: storageRequest: 500M k3sStorageClassName: local-path + kindStorageClassName: standard k8sStorageClassName: longhorn - - - + \ No newline at end of file diff --git a/helm/values-secrets.yaml b/helm/values-secrets.yaml index 39eea08..609f0c5 100644 --- a/helm/values-secrets.yaml +++ b/helm/values-secrets.yaml @@ -7,4 +7,7 @@ mariadb: elastic: password: pa55w0rd + +kibana: + password: kibanaPass55w0rd diff --git a/helm/templates/kibana/configmap-kibana.yaml b/parcage/kibana/configmap-kibana.yaml similarity index 51% rename from helm/templates/kibana/configmap-kibana.yaml rename to parcage/kibana/configmap-kibana.yaml index 5324ffb..a68b03e 100644 --- a/helm/templates/kibana/configmap-kibana.yaml +++ b/parcage/kibana/configmap-kibana.yaml @@ -7,6 +7,10 @@ metadata: app: site tier: kibana {{- include "site.labels" . | nindent 4 }} +# envFrom: +# - secretRef: +# name: secret-elasticsearch data: ELASTICSEARCH_HOSTS: "{{ required ".Values.kibana.host entry is required!" .Values.kibana.host }}" - ELASTICSEARCH_USERNAME: "{{ required ".Values.kibana.username entry is required!" .Values.kibana.username }}" + #ELASTICSEARCH_USERNAME: "{{ required ".Values.kibana.username entry is required!" .Values.kibana.username }}" + #KIBANA_USERNAME: "{{ required ".Values.kibana.username entry is required!" .Values.kibana.username }}" \ No newline at end of file diff --git a/helm/templates/kibana/deployment-kibana.yaml b/parcage/kibana/deployment-kibana.yaml similarity index 93% rename from helm/templates/kibana/deployment-kibana.yaml rename to parcage/kibana/deployment-kibana.yaml index 46713ac..5338f18 100644 --- a/helm/templates/kibana/deployment-kibana.yaml +++ b/parcage/kibana/deployment-kibana.yaml @@ -24,7 +24,7 @@ spec: automountServiceAccountToken: false containers: - name: kibana - image: docker.elastic.co/kibana/kibana:7.17.10 + image: docker.elastic.co/kibana/kibana:{{ required ".Values.elastic.imageTag entry is required!" .Values.elastic.imageTag }} imagePullPolicy: IfNotPresent envFrom: diff --git a/helm/templates/kibana/ingress-kibana.yaml b/parcage/kibana/ingress-kibana.yaml similarity index 89% rename from helm/templates/kibana/ingress-kibana.yaml rename to parcage/kibana/ingress-kibana.yaml index 5673629..62a9830 100644 --- a/helm/templates/kibana/ingress-kibana.yaml +++ b/parcage/kibana/ingress-kibana.yaml @@ -7,6 +7,9 @@ spec: {{- if eq "k3s" $.Values.kube }} ingressClassName: traefik {{- end }} +{{- if eq "kind" $.Values.kube }} + ingressClassName: nginx +{{- end }} {{- if eq "k8s" $.Values.kube }} ingressClassName: nginx {{- end }} diff --git a/parcage/kibana/secret-kibana.yaml b/parcage/kibana/secret-kibana.yaml new file mode 100644 index 0000000..b7dd434 --- /dev/null +++ b/parcage/kibana/secret-kibana.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: secret-kibana + namespace: {{ .Release.Namespace }} + labels: + {{- include "site.labels" . | nindent 4 }} +type: Opaque +stringData: + #ELASTICSEARCH_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}" + #ELASTIC_USERNAME: elastic + #ELASTIC_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}" + KIBANA_PASSWORD: kibanaPass55w0rd + KIBANA_USERNAME: kibana_system_user \ No newline at end of file diff --git a/helm/templates/kibana/service-kibana.yaml b/parcage/kibana/service-kibana.yaml similarity index 100% rename from helm/templates/kibana/service-kibana.yaml rename to parcage/kibana/service-kibana.yaml diff --git a/helm/templates/mariadb/configmap-mariadb.yaml b/parcage/mariadb/configmap-mariadb.yaml similarity index 100% rename from helm/templates/mariadb/configmap-mariadb.yaml rename to parcage/mariadb/configmap-mariadb.yaml diff --git a/helm/templates/mariadb/cronjob-mariadb-bckdb.yaml b/parcage/mariadb/cronjob-mariadb-bckdb.yaml similarity index 100% rename from helm/templates/mariadb/cronjob-mariadb-bckdb.yaml rename to parcage/mariadb/cronjob-mariadb-bckdb.yaml diff --git a/helm/templates/mariadb/pvc-mariadb.yaml b/parcage/mariadb/pvc-mariadb.yaml similarity index 78% rename from helm/templates/mariadb/pvc-mariadb.yaml rename to parcage/mariadb/pvc-mariadb.yaml index ad990ab..9e82db2 100644 --- a/helm/templates/mariadb/pvc-mariadb.yaml +++ b/parcage/mariadb/pvc-mariadb.yaml @@ -13,6 +13,11 @@ spec: - ReadWriteOnce storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.k3sStorageClassName }} {{- end }} +{{- if eq "kind" $.Values.kube }} + accessModes: + - ReadWriteOnce + storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.kindStorageClassName }} +{{- end }} {{- if eq "k8s" $.Values.kube }} accessModes: - ReadWriteMany @@ -37,6 +42,11 @@ spec: - ReadWriteOnce storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.k3sStorageClassName }} {{- end }} +{{- if eq "kind" $.Values.kube }} + accessModes: + - ReadWriteOnce + storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.kindStorageClassName }} +{{- end }} {{- if eq "k8s" $.Values.kube }} accessModes: - ReadWriteMany diff --git a/helm/templates/mariadb/secret-mariadb.yaml b/parcage/mariadb/secret-mariadb.yaml similarity index 100% rename from helm/templates/mariadb/secret-mariadb.yaml rename to parcage/mariadb/secret-mariadb.yaml diff --git a/helm/templates/mariadb/service-mariadb.yaml b/parcage/mariadb/service-mariadb.yaml similarity index 100% rename from helm/templates/mariadb/service-mariadb.yaml rename to parcage/mariadb/service-mariadb.yaml diff --git a/helm/templates/mariadb/statefulset-mariadb.yaml b/parcage/mariadb/statefulset-mariadb.yaml similarity index 100% rename from helm/templates/mariadb/statefulset-mariadb.yaml rename to parcage/mariadb/statefulset-mariadb.yaml diff --git a/helm/templates/phpmyadmin/deployment-pma.yaml b/parcage/phpmyadmin/deployment-pma.yaml similarity index 100% rename from helm/templates/phpmyadmin/deployment-pma.yaml rename to parcage/phpmyadmin/deployment-pma.yaml diff --git a/helm/templates/phpmyadmin/ingress-pma.yaml b/parcage/phpmyadmin/ingress-pma.yaml similarity index 100% rename from helm/templates/phpmyadmin/ingress-pma.yaml rename to parcage/phpmyadmin/ingress-pma.yaml diff --git a/helm/templates/phpmyadmin/service-pma.yaml b/parcage/phpmyadmin/service-pma.yaml similarity index 100% rename from helm/templates/phpmyadmin/service-pma.yaml rename to parcage/phpmyadmin/service-pma.yaml