apiVersion: apps/v1 kind: StatefulSet metadata: name: statefulset-elasticsearch namespace: {{ .Release.Namespace }} labels: app: site tier: elastic {{- include "site.labels" . | nindent 4 }} spec: serviceName: service-elasticsearch # do not modify replica replicas: 1 selector: matchLabels: app: site tier: elastic template: metadata: labels: app: site tier: elastic {{- include "site.labels" . | nindent 8 }} annotations: checksum/configmap-env: {{ include (print $.Chart.Name "/templates/elasticsearch/configmap-elasticsearch.yaml") . | sha256sum }} checksum/secret-env: {{ include (print $.Chart.Name "/templates/elasticsearch/secret-elasticsearch.yaml") . | sha256sum }} spec: priorityClassName: {{ required ".Values.elastic.priorityClassName entry is required!" .Values.elastic.priorityClassName }} automountServiceAccountToken: false containers: - name: elasticsearch image: docker.elastic.co/elasticsearch/elasticsearch:{{ required ".Values.elastic.imageTag entry is required!" .Values.elastic.imageTag }} imagePullPolicy: IfNotPresent ports: - containerPort: 9200 name: rest protocol: TCP - containerPort: 9300 name: inter-node protocol: TCP volumeMounts: - name: data mountPath: /usr/share/elasticsearch/data envFrom: - configMapRef: name: configmap-elasticsearch - secretRef: name: secret-elasticsearch env: - name: node.name valueFrom: fieldRef: fieldPath: metadata.name resources: requests: cpu: 100m memory: 850Mi ephemeral-storage: 128M limits: cpu: 1000m memory: 1250Mi ephemeral-storage: 512M #No readiness probe : The node has to be immediatly resolvable #No startup probe : The node has to be immediatly resolvable livenessProbe: exec: command: - "/bin/sh" - "-c" #- "curl -s --cacert /usr/share/elasticsearch/config/certificates/ca.pem https://localhost:9200 | grep -q 'missing authentication credentials'" - "curl -s http://localhost:9200 | grep -q 'missing authentication credentials'" periodSeconds: 10 failureThreshold: 3 initialDelaySeconds: 30 timeoutSeconds: 5 initContainers: - name: fix-permissions image: busybox imagePullPolicy: IfNotPresent command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"] securityContext: privileged: true volumeMounts: - name: data mountPath: /usr/share/elasticsearch/data - name: increase-vm-max-map image: busybox imagePullPolicy: IfNotPresent command: ["sysctl", "-w", "vm.max_map_count=262144"] securityContext: privileged: true - name: increase-fd-ulimit image: busybox imagePullPolicy: IfNotPresent command: ["sh", "-c", "ulimit -n 65536"] securityContext: privileged: true topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app: elasticsearch tier: elasticsearch volumeClaimTemplates: - metadata: name: data labels: app: elastic tier: elastic spec: {{- if eq "k3s" $.Values.kube }} accessModes: [ "ReadWriteOnce" ] storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.k3sStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.k3sStorageClassName }} {{- end }} {{- if eq "k8s" $.Values.kube }} accessModes: [ "ReadWriteMany" ] storageClassName: {{ required ".Values.elastic.persistentVolumeClaim.k8sStorageClassName entry is required!" .Values.elastic.persistentVolumeClaim.k8sStorageClassName }} {{- end }} resources: requests: storage: {{ required ".Values.elastic.persistentVolumeClaim.storageRequest entry is required!" .Values.elastic.persistentVolumeClaim.storageRequest }}