apiVersion: apps/v1beta1 kind: Deployment metadata: name: es-master labels: component: elasticsearch role: master spec: replicas: 1 template: metadata: labels: component: elasticsearch role: master spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: role operator: In values: - master topologyKey: "kubernetes.io/hostname" initContainers: - name: init-sysctl image: busybox:1.27.2 command: - sysctl - -w - vm.max_map_count=262144 securityContext: privileged: true containers: - name: es-master image: xanthoustech/es-k8s-search-guard:latest env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: NODE_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: CLUSTER_NAME value: lionstep-elasticsearch - name: NUMBER_OF_MASTERS value: "3" - name: NODE_MASTER value: "true" - name: NODE_INGEST value: "false" - name: NODE_DATA value: "false" - name: HTTP_ENABLE value: "false" - name: ES_JAVA_OPTS value: -Xms1g -Xmx1g - name: PROCESSORS valueFrom: resourceFieldRef: resource: limits.cpu resources: requests: cpu: 0.25 limits: cpu: 1 memory: "2Gi" ports: - containerPort: 9300 name: transport livenessProbe: tcpSocket: port: transport initialDelaySeconds: 20 periodSeconds: 10 volumeMounts: - name: storage mountPath: /data - name: config-volume mountPath: /elasticsearch/config # lifecycle: # postStart: # exec: # command: # - /elasticsearch/plugins/search-guard-6/tools/sgadmin.sh # - -cd # - /elasticsearch/plugins/search-guard-6/sgconfig # - -icl # - -key # - /elasticsearch/config/pipeline.key # - -cert # - /elasticsearch/config/pipeline.pem # - -cacert # - /elasticsearch/config/root-ca.pem # - -nhnv volumes: - name: "storage" emptyDir: medium: "" - name: config-volume configMap: name: es-config