dev-20250622-#1

2025-06-22 17:22:04 +02:00 · 2025-06-22 17:22:04 +02:00 · 2d0643fa01
commit 2d0643fa01
parent 123ea0ba2a
23 changed files with 102 additions and 21 deletions
--- a/helm/templates/elasticsearch/configmap-elasticsearch.yaml
+++ b/helm/templates/elasticsearch/configmap-elasticsearch.yaml
@ -11,7 +11,6 @@ data:
  cluster.name: "wwwgmo-es"
  discovery.type: "single-node"
  ES_JAVA_OPTS: "-Xms512m -Xmx512m"
-  ELASTIC_USERNAME: elastic
  ELASTIC_HOST: "service-elasticsearch"
  xpack.security.enabled: "true"
-  xpack.security.transport.ssl.enabled: "true"
+  xpack.security.transport.ssl.enabled: "false"
--- a/helm/templates/elasticsearch/create-kibana-user-job.yaml
+++ b/helm/templates/elasticsearch/create-kibana-user-job.yaml
@ -0,0 +1,44 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: create-kibana-user
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      - name: create-kibana-user
+        image: curlimages/curl:8.6.0
+        command: ["/bin/sh", "-c"]
+        args:
+          - |
+            echo "⏳ Waiting for Elasticsearch..."
+            until curl -s -u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD} http://service-elasticsearch:9200/_cluster/health | grep -q '"status":"green"'; do
+              echo "🟡 Elasticsearch not ready yet..."
+              sleep 5
+            done
+
+            echo "🔍 Checking if user '${KIBANA_USERNAME}' exists..."
+            USER_EXISTS=$(curl -s -o /dev/null -w "%{http_code}" -u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD} http://elasticsearch:9200/_security/user/${KIBANA_USERNAME})
+
+            if [ "$USER_EXISTS" -eq 200 ]; then
+              echo "✅ User '${KIBANA_USERNAME}' already exists."
+            else
+              echo "➕ Creating user '${KIBANA_USERNAME}'..."
+              curl -s -u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD} -X POST http://elasticsearch:9200/_security/user/${KIBANA_USERNAME} \
+                -H "Content-Type: application/json" \
+                -d "{
+                  \"password\": \"${KIBANA_PASSWORD}\",
+                  \"roles\": [\"kibana_system\"],
+                  \"full_name\": \"Kibana System User\",
+                  \"enabled\": true
+                }"
+              echo "✅ User '${KIBANA_USERNAME}' created."
+            fi
+        envFrom:
+        - secretRef:
+            name: secret-elasticsearch
--- a/helm/templates/elasticsearch/secret-elasticsearch.yaml
+++ b/helm/templates/elasticsearch/secret-elasticsearch.yaml
@ -9,4 +9,7 @@ metadata:
    {{- include "site.labels" . | nindent 4 }}
 type: Opaque
 stringData:
+  ELASTIC_USERNAME: elastic
  ELASTIC_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}"
+  KIBANA_PASSWORD: kibanaPass55w0rd
+  KIBANA_USERNAME: kibana_system_user
--- a/helm/templates/elasticsearch/statefulset-elasticsearch.yaml
+++ b/helm/templates/elasticsearch/statefulset-elasticsearch.yaml
@ -122,6 +122,10 @@ spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.k3sStorageClassName }}
 {{- end }}
+{{- if eq "kind" $.Values.kube }} 
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.kindStorageClassName }}
+{{- end }}
 {{- if eq "k8s" $.Values.kube }} 
      accessModes: [ "ReadWriteMany" ]
      storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.k8sStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.k8sStorageClassName }}
--- a/helm/templates/kibana/secret-kibana.yaml
+++ b/helm/templates/kibana/secret-kibana.yaml
@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: secret-kibana
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "site.labels" . | nindent 4 }}
-type: Opaque
-stringData:
-  ELASTICSEARCH_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}"
--- a/helm/templates/php-fpm/configmap-site.yaml
+++ b/helm/templates/php-fpm/configmap-site.yaml
@ -17,4 +17,4 @@ data:
  ES_HOST: "{{ required ".Values.site.phpfpmSite.es.host entry is required!" .Values.site.phpfpmSite.es.host }}"
  ES_USER: "{{ required ".Values.site.phpfpmSite.es.user entry is required!" .Values.site.phpfpmSite.es.user }}"
  ES_INDEX: "{{ required ".Values.site.phpfpmSite.es.index entry is required!" .Values.site.phpfpmSite.es.index }}"
-  KIBANA_URL: "https://{{ required ".Values.site.utlKibana entry is required!" .Values.site.urlKibana }}"
+  KIBANA_URL: "https://{{ required ".Values.site.urlKibana entry is required!" .Values.site.urlKibana }}"
--- a/helm/templates/php-fpm/pvc-site.yaml
+++ b/helm/templates/php-fpm/pvc-site.yaml
@ -15,6 +15,11 @@ spec:
    - ReadWriteOnce
  storageClassName: {{ required ".Values.site.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.site.persistentVolumeClaim.k3sStorageClassName }}
 {{- end }}
+{{- if eq "kind" $.Values.kube }} 
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: {{ required ".Values.site.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.site.persistentVolumeClaim.kindStorageClassName }}
+{{- end }}
 {{- if eq "k8s" $.Values.kube }} 
  accessModes:
    - ReadWriteMany
--- a/helm/values-configs.yaml
+++ b/helm/values-configs.yaml
@ -5,17 +5,19 @@
 # elasticsearch
 elastic:
  priorityClassName: system-cluster-critical
-  imageTag: 8.18.2
+  imageTag: 9.0.2
  persistentVolumeClaim:
    #storageRequest: 1Gi
    storageRequest: 500M
    k3sStorageClassName: local-path
+    kindStorageClassName: standard
    k8sStorageClassName: longhorn

 kibana:
-  username: elastic
+  imageTag: 9.0.2
+  username: kibana_system_user
  priorityClassName: system-node-critical
-  host: http://statefulset-elasticsearch-0.service-elasticsearch:9200
+  host: http://service-elasticsearch:9200
  
 mariadb:
  repository: mariadb
@ -38,6 +40,7 @@ mariadb:
    storageRequest: 500M
    backupdDbStorageRequest: 500M
    k3sStorageClassName: local-path
+    kindStorageClassName: standard
    k8sStorageClassName: longhorn
   
 site:
@ -103,8 +106,7 @@ site:
  persistentVolumeClaim:
    storageRequest: 500M
    k3sStorageClassName: local-path
+    kindStorageClassName: standard
    k8sStorageClassName: longhorn

 
-  
-    
--- a/helm/values-secrets.yaml
+++ b/helm/values-secrets.yaml
@ -8,3 +8,6 @@ mariadb:
 elastic:
  password: pa55w0rd

+kibana:
+  password: kibanaPass55w0rd
+    
--- a/helm/templates/kibana/configmap-kibana.yaml
+++ b/helm/templates/kibana/configmap-kibana.yaml
@ -7,6 +7,10 @@ metadata:
    app: site
    tier: kibana
    {{- include "site.labels" . | nindent 4 }}
+#  envFrom:
+#  - secretRef:
+#    name: secret-elasticsearch
 data:
  ELASTICSEARCH_HOSTS: "{{ required ".Values.kibana.host entry is required!" .Values.kibana.host }}"
-  ELASTICSEARCH_USERNAME: "{{ required ".Values.kibana.username entry is required!" .Values.kibana.username }}"
+  #ELASTICSEARCH_USERNAME: "{{ required ".Values.kibana.username entry is required!" .Values.kibana.username }}"
+  #KIBANA_USERNAME: "{{ required ".Values.kibana.username entry is required!" .Values.kibana.username }}"
--- a/helm/templates/kibana/deployment-kibana.yaml
+++ b/helm/templates/kibana/deployment-kibana.yaml
@ -24,7 +24,7 @@ spec:
      automountServiceAccountToken: false
      containers:
      - name: kibana
-        image: docker.elastic.co/kibana/kibana:7.17.10
+        image: docker.elastic.co/kibana/kibana:{{ required ".Values.elastic.imageTag entry is required!" .Values.elastic.imageTag }}
        imagePullPolicy: IfNotPresent
        
        envFrom:
--- a/helm/templates/kibana/ingress-kibana.yaml
+++ b/helm/templates/kibana/ingress-kibana.yaml
@ -7,6 +7,9 @@ spec:
 {{- if eq "k3s" $.Values.kube }} 
  ingressClassName: traefik
 {{- end }}
+{{- if eq "kind" $.Values.kube }} 
+  ingressClassName: nginx
+{{- end }}
 {{- if eq "k8s" $.Values.kube }} 
  ingressClassName: nginx
 {{- end }}
--- a/parcage/kibana/secret-kibana.yaml
+++ b/parcage/kibana/secret-kibana.yaml
@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-kibana
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "site.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  #ELASTICSEARCH_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}"
+  #ELASTIC_USERNAME: elastic
+  #ELASTIC_PASSWORD: "{{ required ".Values.elastic.password entry is required!" .Values.elastic.password }}"
+  KIBANA_PASSWORD: kibanaPass55w0rd
+  KIBANA_USERNAME: kibana_system_user
--- a/helm/templates/kibana/service-kibana.yaml
+++ b/helm/templates/kibana/service-kibana.yaml
--- a/helm/templates/mariadb/configmap-mariadb.yaml
+++ b/helm/templates/mariadb/configmap-mariadb.yaml
--- a/helm/templates/mariadb/cronjob-mariadb-bckdb.yaml
+++ b/helm/templates/mariadb/cronjob-mariadb-bckdb.yaml
--- a/helm/templates/mariadb/pvc-mariadb.yaml
+++ b/helm/templates/mariadb/pvc-mariadb.yaml
@ -13,6 +13,11 @@ spec:
    - ReadWriteOnce
  storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.k3sStorageClassName }}
 {{- end }}
+{{- if eq "kind" $.Values.kube }} 
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.kindStorageClassName }}
+{{- end }}
 {{- if eq "k8s" $.Values.kube }} 
  accessModes:
    - ReadWriteMany
@ -37,6 +42,11 @@ spec:
    - ReadWriteOnce
  storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.k3sStorageClassName }}
 {{- end }}
+{{- if eq "kind" $.Values.kube }} 
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: {{ required ".Values.mariadb.persistentVolumeClaim.kindStorageClassName entry is required!" .Values.mariadb.persistentVolumeClaim.kindStorageClassName }}
+{{- end }}
 {{- if eq "k8s" $.Values.kube }} 
  accessModes:
    - ReadWriteMany
--- a/helm/templates/mariadb/secret-mariadb.yaml
+++ b/helm/templates/mariadb/secret-mariadb.yaml
--- a/helm/templates/mariadb/service-mariadb.yaml
+++ b/helm/templates/mariadb/service-mariadb.yaml
--- a/helm/templates/mariadb/statefulset-mariadb.yaml
+++ b/helm/templates/mariadb/statefulset-mariadb.yaml
--- a/helm/templates/phpmyadmin/deployment-pma.yaml
+++ b/helm/templates/phpmyadmin/deployment-pma.yaml
--- a/helm/templates/phpmyadmin/ingress-pma.yaml
+++ b/helm/templates/phpmyadmin/ingress-pma.yaml
--- a/helm/templates/phpmyadmin/service-pma.yaml
+++ b/helm/templates/phpmyadmin/service-pma.yaml