dev-20250622-#1
This commit is contained in:
parent
123ea0ba2a
commit
2d0643fa01
@ -11,7 +11,6 @@ data:
|
|||||||
cluster.name: "wwwgmo-es"
|
cluster.name: "wwwgmo-es"
|
||||||
discovery.type: "single-node"
|
discovery.type: "single-node"
|
||||||
ES_JAVA_OPTS: "-Xms512m -Xmx512m"
|
ES_JAVA_OPTS: "-Xms512m -Xmx512m"
|
||||||
ELASTIC_USERNAME: elastic
|
|
||||||
ELASTIC_HOST: "service-elasticsearch"
|
ELASTIC_HOST: "service-elasticsearch"
|
||||||
xpack.security.enabled: "true"
|
xpack.security.enabled: "true"
|
||||||
xpack.security.transport.ssl.enabled: "true"
|
xpack.security.transport.ssl.enabled: "false"
|
||||||
|
|||||||
44
helm/templates/elasticsearch/create-kibana-user-job.yaml
Normal file
44
helm/templates/elasticsearch/create-kibana-user-job.yaml
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: create-kibana-user
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": post-install,post-upgrade
|
||||||
|
"helm.sh/hook-delete-policy": before-hook-creation
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
containers:
|
||||||
|
- name: create-kibana-user
|
||||||
|
image: curlimages/curl:8.6.0
|
||||||
|
command: ["/bin/sh", "-c"]
|
||||||
|
args:
|
||||||
|
- |
|
||||||
|
echo "⏳ Waiting for Elasticsearch..."
|
||||||
|
until curl -s -u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD} http://service-elasticsearch:9200/_cluster/health | grep -q '"status":"green"'; do
|
||||||
|
echo "🟡 Elasticsearch not ready yet..."
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "🔍 Checking if user '${KIBANA_USERNAME}' exists..."
|
||||||
|
USER_EXISTS=$(curl -s -o /dev/null -w "%{http_code}" -u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD} http://elasticsearch:9200/_security/user/${KIBANA_USERNAME})
|
||||||
|
|
||||||
|
if [ "$USER_EXISTS" -eq 200 ]; then
|
||||||
|
echo "✅ User '${KIBANA_USERNAME}' already exists."
|
||||||
|
else
|
||||||
|
echo "➕ Creating user '${KIBANA_USERNAME}'..."
|
||||||
|
curl -s -u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD} -X POST http://elasticsearch:9200/_security/user/${KIBANA_USERNAME} \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
-d "{
|
||||||
|
\"password\": \"${KIBANA_PASSWORD}\",
|
||||||
|
\"roles\": [\"kibana_system\"],
|
||||||
|
\"full_name\": \"Kibana System User\",
|
||||||
|
\"enabled\": true
|
||||||
|
}"
|
||||||
|
echo "✅ User '${KIBANA_USERNAME}' created."
|
||||||
|
fi
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: secret-elasticsearch
|
||||||
@ -9,4 +9,7 @@ metadata:
|
|||||||
{{- include "site.labels" . | nindent 4 }}
|
{{- include "site.labels" . | nindent 4 }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
stringData:
|
stringData:
|
||||||
|
ELASTIC_USERNAME: elastic
|
||||||
ELASTIC_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}"
|
ELASTIC_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}"
|
||||||
|
KIBANA_PASSWORD: kibanaPass55w0rd
|
||||||
|
KIBANA_USERNAME: kibana_system_user
|
||||||
@ -122,6 +122,10 @@ spec:
|
|||||||
accessModes: [ "ReadWriteOnce" ]
|
accessModes: [ "ReadWriteOnce" ]
|
||||||
storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.k3sStorageClassName }}
|
storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.k3sStorageClassName }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if eq "kind" $.Values.kube }}
|
||||||
|
accessModes: [ "ReadWriteOnce" ]
|
||||||
|
storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.kindStorageClassName }}
|
||||||
|
{{- end }}
|
||||||
{{- if eq "k8s" $.Values.kube }}
|
{{- if eq "k8s" $.Values.kube }}
|
||||||
accessModes: [ "ReadWriteMany" ]
|
accessModes: [ "ReadWriteMany" ]
|
||||||
storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.k8sStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.k8sStorageClassName }}
|
storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.k8sStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.k8sStorageClassName }}
|
||||||
|
|||||||
@ -1,10 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: secret-kibana
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
labels:
|
|
||||||
{{- include "site.labels" . | nindent 4 }}
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
ELASTICSEARCH_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}"
|
|
||||||
@ -17,4 +17,4 @@ data:
|
|||||||
ES_HOST: "{{ required ".Values.site.phpfpmSite.es.host entry is required!" .Values.site.phpfpmSite.es.host }}"
|
ES_HOST: "{{ required ".Values.site.phpfpmSite.es.host entry is required!" .Values.site.phpfpmSite.es.host }}"
|
||||||
ES_USER: "{{ required ".Values.site.phpfpmSite.es.user entry is required!" .Values.site.phpfpmSite.es.user }}"
|
ES_USER: "{{ required ".Values.site.phpfpmSite.es.user entry is required!" .Values.site.phpfpmSite.es.user }}"
|
||||||
ES_INDEX: "{{ required ".Values.site.phpfpmSite.es.index entry is required!" .Values.site.phpfpmSite.es.index }}"
|
ES_INDEX: "{{ required ".Values.site.phpfpmSite.es.index entry is required!" .Values.site.phpfpmSite.es.index }}"
|
||||||
KIBANA_URL: "https://{{ required ".Values.site.utlKibana entry is required!" .Values.site.urlKibana }}"
|
KIBANA_URL: "https://{{ required ".Values.site.urlKibana entry is required!" .Values.site.urlKibana }}"
|
||||||
|
|||||||
@ -15,6 +15,11 @@ spec:
|
|||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
storageClassName: {{ required ".Values.site.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.site.persistentVolumeClaim.k3sStorageClassName }}
|
storageClassName: {{ required ".Values.site.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.site.persistentVolumeClaim.k3sStorageClassName }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if eq "kind" $.Values.kube }}
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
storageClassName: {{ required ".Values.site.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.site.persistentVolumeClaim.kindStorageClassName }}
|
||||||
|
{{- end }}
|
||||||
{{- if eq "k8s" $.Values.kube }}
|
{{- if eq "k8s" $.Values.kube }}
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteMany
|
- ReadWriteMany
|
||||||
|
|||||||
@ -5,17 +5,19 @@
|
|||||||
# elasticsearch
|
# elasticsearch
|
||||||
elastic:
|
elastic:
|
||||||
priorityClassName: system-cluster-critical
|
priorityClassName: system-cluster-critical
|
||||||
imageTag: 8.18.2
|
imageTag: 9.0.2
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
#storageRequest: 1Gi
|
#storageRequest: 1Gi
|
||||||
storageRequest: 500M
|
storageRequest: 500M
|
||||||
k3sStorageClassName: local-path
|
k3sStorageClassName: local-path
|
||||||
|
kindStorageClassName: standard
|
||||||
k8sStorageClassName: longhorn
|
k8sStorageClassName: longhorn
|
||||||
|
|
||||||
kibana:
|
kibana:
|
||||||
username: elastic
|
imageTag: 9.0.2
|
||||||
|
username: kibana_system_user
|
||||||
priorityClassName: system-node-critical
|
priorityClassName: system-node-critical
|
||||||
host: http://statefulset-elasticsearch-0.service-elasticsearch:9200
|
host: http://service-elasticsearch:9200
|
||||||
|
|
||||||
mariadb:
|
mariadb:
|
||||||
repository: mariadb
|
repository: mariadb
|
||||||
@ -38,6 +40,7 @@ mariadb:
|
|||||||
storageRequest: 500M
|
storageRequest: 500M
|
||||||
backupdDbStorageRequest: 500M
|
backupdDbStorageRequest: 500M
|
||||||
k3sStorageClassName: local-path
|
k3sStorageClassName: local-path
|
||||||
|
kindStorageClassName: standard
|
||||||
k8sStorageClassName: longhorn
|
k8sStorageClassName: longhorn
|
||||||
|
|
||||||
site:
|
site:
|
||||||
@ -103,8 +106,7 @@ site:
|
|||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
storageRequest: 500M
|
storageRequest: 500M
|
||||||
k3sStorageClassName: local-path
|
k3sStorageClassName: local-path
|
||||||
|
kindStorageClassName: standard
|
||||||
k8sStorageClassName: longhorn
|
k8sStorageClassName: longhorn
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -7,4 +7,7 @@ mariadb:
|
|||||||
|
|
||||||
elastic:
|
elastic:
|
||||||
password: pa55w0rd
|
password: pa55w0rd
|
||||||
|
|
||||||
|
kibana:
|
||||||
|
password: kibanaPass55w0rd
|
||||||
|
|
||||||
|
|||||||
@ -7,6 +7,10 @@ metadata:
|
|||||||
app: site
|
app: site
|
||||||
tier: kibana
|
tier: kibana
|
||||||
{{- include "site.labels" . | nindent 4 }}
|
{{- include "site.labels" . | nindent 4 }}
|
||||||
|
# envFrom:
|
||||||
|
# - secretRef:
|
||||||
|
# name: secret-elasticsearch
|
||||||
data:
|
data:
|
||||||
ELASTICSEARCH_HOSTS: "{{ required ".Values.kibana.host entry is required!" .Values.kibana.host }}"
|
ELASTICSEARCH_HOSTS: "{{ required ".Values.kibana.host entry is required!" .Values.kibana.host }}"
|
||||||
ELASTICSEARCH_USERNAME: "{{ required ".Values.kibana.username entry is required!" .Values.kibana.username }}"
|
#ELASTICSEARCH_USERNAME: "{{ required ".Values.kibana.username entry is required!" .Values.kibana.username }}"
|
||||||
|
#KIBANA_USERNAME: "{{ required ".Values.kibana.username entry is required!" .Values.kibana.username }}"
|
||||||
@ -24,7 +24,7 @@ spec:
|
|||||||
automountServiceAccountToken: false
|
automountServiceAccountToken: false
|
||||||
containers:
|
containers:
|
||||||
- name: kibana
|
- name: kibana
|
||||||
image: docker.elastic.co/kibana/kibana:7.17.10
|
image: docker.elastic.co/kibana/kibana:{{ required ".Values.elastic.imageTag entry is required!" .Values.elastic.imageTag }}
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
|
|
||||||
envFrom:
|
envFrom:
|
||||||
@ -7,6 +7,9 @@ spec:
|
|||||||
{{- if eq "k3s" $.Values.kube }}
|
{{- if eq "k3s" $.Values.kube }}
|
||||||
ingressClassName: traefik
|
ingressClassName: traefik
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if eq "kind" $.Values.kube }}
|
||||||
|
ingressClassName: nginx
|
||||||
|
{{- end }}
|
||||||
{{- if eq "k8s" $.Values.kube }}
|
{{- if eq "k8s" $.Values.kube }}
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
{{- end }}
|
{{- end }}
|
||||||
14
parcage/kibana/secret-kibana.yaml
Normal file
14
parcage/kibana/secret-kibana.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: secret-kibana
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "site.labels" . | nindent 4 }}
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
#ELASTICSEARCH_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}"
|
||||||
|
#ELASTIC_USERNAME: elastic
|
||||||
|
#ELASTIC_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}"
|
||||||
|
KIBANA_PASSWORD: kibanaPass55w0rd
|
||||||
|
KIBANA_USERNAME: kibana_system_user
|
||||||
@ -13,6 +13,11 @@ spec:
|
|||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.k3sStorageClassName }}
|
storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.k3sStorageClassName }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if eq "kind" $.Values.kube }}
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.kindStorageClassName }}
|
||||||
|
{{- end }}
|
||||||
{{- if eq "k8s" $.Values.kube }}
|
{{- if eq "k8s" $.Values.kube }}
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteMany
|
- ReadWriteMany
|
||||||
@ -37,6 +42,11 @@ spec:
|
|||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.k3sStorageClassName }}
|
storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.k3sStorageClassName }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if eq "kind" $.Values.kube }}
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.kindStorageClassName }}
|
||||||
|
{{- end }}
|
||||||
{{- if eq "k8s" $.Values.kube }}
|
{{- if eq "k8s" $.Values.kube }}
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteMany
|
- ReadWriteMany
|
||||||
Loading…
x
Reference in New Issue
Block a user