From 3257ed1db8fc83324756242122397a90bc82a2cc Mon Sep 17 00:00:00 2001 From: Steven Fitzpatrick Date: Wed, 15 Jul 2020 08:20:26 -0500 Subject: [PATCH] Remove the Elasticsearch Wait job from the chart The elastic-cluster-wait job was meant to serve as a dependency check for a couple of other jobs, such that when this wait job was complete the other jobs could procede successfully. This goal can be achieved by using our HTK init container's dependency check however. The two jobs that waited on this wait job just need to use the elasticsearch API, which is available once the `elasticsearch-logging` service has endpoints. Change-Id: I87e1c1fe3d61680a73701d48f85e5c48c11b6325 --- .../templates/bin/_es-cluster-wait.sh.tpl | 30 ------- .../configmap-bin-elasticsearch.yaml | 2 - .../templates/job-es-cluster-wait.yaml | 80 ------------------- elasticsearch/values.yaml | 29 +------ elasticsearch/values_overrides/apparmor.yaml | 3 - 5 files changed, 4 insertions(+), 140 deletions(-) delete mode 100644 elasticsearch/templates/bin/_es-cluster-wait.sh.tpl delete mode 100644 elasticsearch/templates/job-es-cluster-wait.yaml diff --git a/elasticsearch/templates/bin/_es-cluster-wait.sh.tpl b/elasticsearch/templates/bin/_es-cluster-wait.sh.tpl deleted file mode 100644 index d853503cd..000000000 --- a/elasticsearch/templates/bin/_es-cluster-wait.sh.tpl +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -function check_cluster_health() { - RESPONSE=$(curl -s -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \ - "${ELASTICSEARCH_HOST}/_cat/health?format=json&pretty" ) - echo "Response: $RESPONSE" - STATUS=$(echo $RESPONSE | jq -r .[].status) - echo "Status: $STATUS" -} - -check_cluster_health -while [[ $STATUS != "yellow" ]] && [[ $STATUS != "green" ]]; do - echo "Waiting for cluster to become ready." - sleep 30 - check_cluster_health -done -echo "Cluster is ready." diff --git a/elasticsearch/templates/configmap-bin-elasticsearch.yaml b/elasticsearch/templates/configmap-bin-elasticsearch.yaml index 823a22518..9168c6334 100644 --- a/elasticsearch/templates/configmap-bin-elasticsearch.yaml +++ b/elasticsearch/templates/configmap-bin-elasticsearch.yaml @@ -34,8 +34,6 @@ data: {{- include "helm-toolkit.scripts.create_s3_user" . | indent 4 }} register-repository.sh: | {{ tuple "bin/_register-repository.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - es-cluster-wait.sh: | -{{ tuple "bin/_es-cluster-wait.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} create_template.sh: | {{ tuple "bin/_create_template.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} verify-repositories.sh: | diff --git a/elasticsearch/templates/job-es-cluster-wait.yaml b/elasticsearch/templates/job-es-cluster-wait.yaml deleted file mode 100644 index 27b94f92b..000000000 --- a/elasticsearch/templates/job-es-cluster-wait.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.job_cluster_wait }} -{{- $envAll := . }} - -{{- $esUserSecret := .Values.secrets.elasticsearch.user }} - -{{- $serviceAccountName := "elasticsearch-cluster-wait" }} -{{ tuple $envAll "es_cluster_wait" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: elasticsearch-cluster-wait - annotations: - {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -spec: - backoffLimit: {{ .Values.jobs.es_cluster_wait.backoffLimit }} - template: - metadata: - labels: -{{ tuple $envAll "elasticsearch" "es_cluster_wait" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - annotations: -{{ dict "envAll" $envAll "podName" "elastic-cluster-wait" "containerNames" (list "elasticsearch-cluster-wait" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} - spec: -{{ dict "envAll" $envAll "application" "es_cluster_wait" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} - serviceAccountName: {{ $serviceAccountName }} - activeDeadlineSeconds: {{ .Values.jobs.es_cluster_wait.activeDeadlineSeconds }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value | quote }} - initContainers: -{{ tuple $envAll "es_cluster_wait" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: elasticsearch-cluster-wait -{{ tuple $envAll "es_cluster_wait" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.es_cluster_wait | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -{{ dict "envAll" $envAll "application" "es_cluster_wait" "container" "elasticsearch_cluster_wait" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} - env: - - name: ELASTICSEARCH_USERNAME - valueFrom: - secretKeyRef: - name: {{ $esUserSecret }} - key: ELASTICSEARCH_USERNAME - - name: ELASTICSEARCH_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $esUserSecret }} - key: ELASTICSEARCH_PASSWORD - - name: ELASTICSEARCH_HOST - value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} - command: - - /tmp/es-cluster-wait.sh - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: elasticsearch-bin - mountPath: /tmp/es-cluster-wait.sh - subPath: es-cluster-wait.sh - readOnly: true - volumes: - - name: pod-tmp - emptyDir: {} - - name: elasticsearch-bin - configMap: - name: elasticsearch-bin - defaultMode: 0555 -{{- end }} diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 3c29efcd2..df23a5a4c 100644 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -28,7 +28,6 @@ images: prometheus_elasticsearch_exporter: docker.io/justwatch/elasticsearch_exporter:1.1.0 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 snapshot_repository: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20191216 - es_cluster_wait: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20191216 elasticsearch_templates: docker.io/openstackhelm/heat:newton image_repo_sync: docker.io/docker:17.07.0 pull_policy: "IfNotPresent" @@ -100,14 +99,10 @@ dependencies: elasticsearch_master: services: null jobs: null - es_cluster_wait: + elasticsearch_templates: services: - endpoint: internal service: elasticsearch - elasticsearch_templates: - services: null - jobs: - - elasticsearch-cluster-wait image_repo_sync: services: - endpoint: internal @@ -117,10 +112,11 @@ dependencies: - endpoint: internal service: elasticsearch snapshot_repository: - services: null + services: + - endpoint: internal + service: elasticsearch jobs: - elasticsearch-s3-bucket - - elasticsearch-cluster-wait verify_repositories: services: null jobs: @@ -192,12 +188,6 @@ pod: - IPC_LOCK - SYS_RESOURCE readOnlyRootFilesystem: false - es_cluster_wait: - pod: - runAsUser: 0 - container: - elasticsearch_cluster_wait: - readOnlyRootFilesystem: true snapshot_repository: pod: runAsUser: 0 @@ -371,13 +361,6 @@ pod: limits: memory: "1024Mi" cpu: "2000m" - es_cluster_wait: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" storage_init: requests: memory: "128Mi" @@ -436,9 +419,6 @@ jobs: history: success: 3 failed: 1 - es_cluster_wait: - backoffLimit: 6 - activeDeadlineSeconds: 1200 verify_repositories: cron: "*/30 * * * *" history: @@ -949,7 +929,6 @@ manifests: cron_verify_repositories: true deployment_client: true ingress: true - job_cluster_wait: true job_elasticsearch_templates: true job_image_repo_sync: true job_snapshot_repository: true diff --git a/elasticsearch/values_overrides/apparmor.yaml b/elasticsearch/values_overrides/apparmor.yaml index f1298e397..d1d6b6222 100644 --- a/elasticsearch/values_overrides/apparmor.yaml +++ b/elasticsearch/values_overrides/apparmor.yaml @@ -6,9 +6,6 @@ pod: master: null mandatory_access_control: type: apparmor - elastic-cluster-wait: - elasticsearch-cluster-wait: runtime/default - init: runtime/default elasticsearch-register-snapshot-repository: register-snapshot-repository: runtime/default init: runtime/default