-
Notifications
You must be signed in to change notification settings - Fork 697
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Elasticsearch/Kibana Helm ECK-Stack Ingress support (#7941)
* Elasticsearch/Kibana ECK Charts Helm Ingress. --------- Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
- Loading branch information
Showing
16 changed files
with
789 additions
and
0 deletions.
There are no files selected for viewing
26 changes: 26 additions & 0 deletions
26
deploy/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-aks.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
--- | ||
# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in an AKS cluster. | ||
# | ||
ingress: | ||
enabled: true | ||
className: webapprouting.kubernetes.azure.com | ||
annotations: | ||
# This is required for AKS Loadbalancing to understand that it's communicating with | ||
# an HTTPS backend. | ||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" | ||
labels: | ||
my: label | ||
pathType: Prefix | ||
hosts: | ||
- host: "elasticsearch.company.dev" | ||
path: "/" | ||
nodeSets: | ||
- name: default | ||
count: 3 | ||
# Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive. | ||
# For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144 | ||
# and leave node.store.allow_mmap unset. | ||
# ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html | ||
# | ||
config: | ||
node.store.allow_mmap: false |
37 changes: 37 additions & 0 deletions
37
...oy/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-alb.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
--- | ||
# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in an EKS cluster | ||
# which provisions an application load balancer. | ||
# | ||
ingress: | ||
enabled: true | ||
className: alb | ||
annotations: | ||
alb.ingress.kubernetes.io/scheme: "internet-facing" | ||
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' | ||
alb.ingress.kubernetes.io/backend-protocol: "HTTPS" | ||
alb.ingress.kubernetes.io/target-type: "ip" | ||
# To use an ALB with ECK, you must provide a valid ACM certificate ARN or use certificate discovery. | ||
# There are 2 options for EKS: | ||
# 1. Create a valid ACM certificate, and uncomment the following annotation and update it to the correct ARN. | ||
# 2. Create a valid ACM certificate and ensure that the hosts[0].host matches the certificate's Common Name (CN) and | ||
# certificate discovery *should* find the certificate automatically and use it. | ||
# | ||
# ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/cert_discovery/ | ||
# | ||
# alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:us-east-1:00000000000:certificate/b65be571-8220-4f2e-8cb1-94194535d877" | ||
labels: | ||
my: label | ||
pathType: Prefix | ||
hosts: | ||
- host: "elasticsearch.company.dev" | ||
path: "/" | ||
nodeSets: | ||
- name: default | ||
count: 3 | ||
# Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive. | ||
# For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144 | ||
# and leave node.store.allow_mmap unset. | ||
# ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html | ||
# | ||
config: | ||
node.store.allow_mmap: false |
27 changes: 27 additions & 0 deletions
27
...oy/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-nlb.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
# The following is an example of an Elasticsearch resource that is configured to deploy a | ||
# network load balancer (NLB) in an EKS cluster. To provision an NLB "ingress" for the | ||
# Elasticsearch cluster, you are required to set annotations on the service, | ||
# and not an Ingress resource. | ||
ingress: | ||
enabled: false | ||
http: | ||
service: | ||
metadata: | ||
annotations: | ||
service.beta.kubernetes.io/aws-load-balancer-type: external | ||
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip | ||
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing | ||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl | ||
spec: | ||
type: LoadBalancer | ||
nodeSets: | ||
- name: default | ||
count: 3 | ||
# Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive. | ||
# For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144 | ||
# and leave node.store.allow_mmap unset. | ||
# ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html | ||
# | ||
config: | ||
node.store.allow_mmap: false |
36 changes: 36 additions & 0 deletions
36
deploy/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-gke.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
--- | ||
# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in a GKE cluster. | ||
# | ||
ingress: | ||
enabled: true | ||
annotations: | ||
my: annotation | ||
labels: | ||
my: label | ||
pathType: Prefix | ||
hosts: | ||
- host: "elasticsearch.company.dev" | ||
path: "/" | ||
http: | ||
service: | ||
metadata: | ||
annotations: | ||
# This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters. | ||
cloud.google.com/neg: '{"ingress": true}' | ||
# This is required to enable the GKE Ingress Controller to use HTTPS as the backend protocol. | ||
cloud.google.com/app-protocols: '{"https":"HTTPS"}' | ||
nodeSets: | ||
- name: default | ||
count: 3 | ||
# Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive. | ||
# For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144 | ||
# and leave node.store.allow_mmap unset. | ||
# ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html | ||
# | ||
config: | ||
node.store.allow_mmap: false | ||
# Enable anonymous access to allow GCLB health probes to succeed | ||
xpack.security.authc: | ||
anonymous: | ||
username: anon | ||
roles: monitoring_user |
48 changes: 48 additions & 0 deletions
48
deploy/eck-stack/charts/eck-elasticsearch/templates/ingress.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
{{- if .Values.ingress.enabled -}} | ||
{{- $pathType := .Values.ingress.pathType | default "Prefix" -}} | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
name: {{ include "elasticsearch.fullname" . }} | ||
labels: | ||
{{- include "elasticsearch.labels" . | nindent 4 }} | ||
{{- with .Values.ingress.labels }} | ||
{{- toYaml . | nindent 4 }} | ||
{{- end }} | ||
{{- if .Values.ingress.annotations }} | ||
annotations: | ||
{{- with .Values.ingress.annotations }} | ||
{{- toYaml . | nindent 4 }} | ||
{{- end }} | ||
{{- end }} | ||
spec: | ||
{{- if .Values.ingress.className }} | ||
ingressClassName: {{ .Values.ingress.className | quote }} | ||
{{- end }} | ||
{{- if .Values.ingress.tls.enabled }} | ||
tls: | ||
- hosts: | ||
{{- range .Values.ingress.hosts }} | ||
- {{ .host | quote }} | ||
{{- end }} | ||
{{- if .Values.ingress.tls.secretName }} | ||
secretName: {{ .Values.ingress.tls.secretName }} | ||
{{- else }} | ||
secretName: {{ include "elasticsearch.fullname" . }}-es-http-certs-internal | ||
{{- end }} | ||
{{- end }} | ||
rules: | ||
{{- range .Values.ingress.hosts }} | ||
{{- $hostPath := .path | default "/" }} | ||
- host: {{ .host | quote }} | ||
http: | ||
paths: | ||
- path: {{ $hostPath }} | ||
pathType: {{ $pathType }} | ||
backend: | ||
service: | ||
name: {{ include "elasticsearch.fullname" $ }}-es-http | ||
port: | ||
number: 9200 | ||
{{- end }} | ||
{{ end }} |
88 changes: 88 additions & 0 deletions
88
deploy/eck-stack/charts/eck-elasticsearch/templates/tests/ingress_test.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
suite: test elasticsearch ingress | ||
templates: | ||
- templates/ingress.yaml | ||
tests: | ||
- it: should render quickstart properly | ||
set: | ||
ingress.enabled: true | ||
release: | ||
name: quickstart | ||
asserts: | ||
- isKind: | ||
of: Ingress | ||
- equal: | ||
path: metadata.name | ||
value: quickstart-eck-elasticsearch | ||
- it: name override should work properly | ||
set: | ||
nameOverride: override | ||
ingress.enabled: true | ||
release: | ||
name: quickstart | ||
asserts: | ||
- isKind: | ||
of: Ingress | ||
- equal: | ||
path: metadata.name | ||
value: quickstart-override | ||
- it: fullname override should work properly | ||
set: | ||
fullnameOverride: override | ||
ingress.enabled: true | ||
release: | ||
name: quickstart | ||
asserts: | ||
- isKind: | ||
of: Ingress | ||
- equal: | ||
path: metadata.name | ||
value: override | ||
- it: should render custom labels, and annotations values properly | ||
set: | ||
ingress: | ||
enabled: true | ||
labels: | ||
test: label | ||
annotations: | ||
test: annotation | ||
release: | ||
name: quickstart | ||
asserts: | ||
- isKind: | ||
of: Ingress | ||
- equal: | ||
path: metadata.labels | ||
value: | ||
app.kubernetes.io/instance: quickstart | ||
app.kubernetes.io/managed-by: Helm | ||
app.kubernetes.io/name: eck-elasticsearch | ||
helm.sh/chart: eck-elasticsearch-0.12.0-SNAPSHOT | ||
test: label | ||
- equal: | ||
path: metadata.annotations | ||
value: | ||
test: annotation | ||
- it: should render ingress properly | ||
values: | ||
- ../../examples/ingress/elasticsearch-ingress-gke.yaml | ||
release: | ||
name: quickstart | ||
asserts: | ||
- isKind: | ||
of: Ingress | ||
- equal: | ||
path: metadata.name | ||
value: quickstart-eck-elasticsearch | ||
- contains: | ||
path: spec.rules | ||
content: | ||
host: "elasticsearch.company.dev" | ||
http: | ||
paths: | ||
- backend: | ||
service: | ||
name: quickstart-eck-elasticsearch-es-http | ||
port: | ||
number: 9200 | ||
path: / | ||
pathType: Prefix |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 29 additions & 0 deletions
29
deploy/eck-stack/charts/eck-kibana/examples/ingress/kibana-aks.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# The following is an example of a Kibana resource that is configured to use an Ingress resource in an AKS cluster. | ||
# | ||
|
||
# Name of the Kibana instance. | ||
# | ||
fullnameOverride: kibana | ||
|
||
spec: | ||
# Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }} | ||
# | ||
elasticsearchRef: | ||
name: elasticsearch | ||
config: | ||
server: | ||
publicBaseUrl: "https://kibana.company.dev" | ||
|
||
ingress: | ||
enabled: true | ||
className: webapprouting.kubernetes.azure.com | ||
annotations: | ||
# This is required for AKS Loadbalancing to understand that it's communicating with | ||
# an HTTPS backend. | ||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" | ||
labels: | ||
my: label | ||
pathType: Prefix | ||
hosts: | ||
- host: "kibana.company.dev" | ||
path: "/" |
Oops, something went wrong.