github.com/kubearmor/cilium@v1.6.12/examples/kubernetes-es/es-sw-app.yaml

github.com/kubearmor/cilium@v1.6.12/examples/kubernetes-es/es-sw-app.yaml (about)

     1  ---
     2  apiVersion: v1
     3  kind: ServiceAccount
     4  metadata:
     5    name: elasticsearch
     6  ---
     7  apiVersion: v1
     8  kind: Service
     9  metadata:
    10    name: elasticsearch
    11    labels:
    12      component: elasticsearch
    13  spec:
    14    type: NodePort
    15    selector:
    16      component: elasticsearch
    17    ports:
    18    - name: http
    19      port: 9200
    20      protocol: TCP
    21    - name: transport
    22      port: 9300
    23      protocol: TCP
    24  ---
    25  apiVersion: v1
    26  kind: ReplicationController
    27  metadata:
    28    name: es
    29    labels:
    30      component: elasticsearch
    31  spec:
    32    replicas: 1
    33    template:
    34      metadata:
    35        labels:
    36          component: elasticsearch
    37      spec:
    38        serviceAccount: elasticsearch
    39        initContainers:
    40        - name: init-sysctl
    41          image: docker.io/library/busybox
    42          imagePullPolicy: IfNotPresent
    43          command: ["sysctl", "-w", "vm.max_map_count=262144"]
    44          securityContext:
    45            privileged: true
    46        containers:
    47        - name: es
    48          securityContext:
    49            capabilities:
    50              add:
    51                - IPC_LOCK
    52          image: quay.io/pires/docker-elasticsearch-kubernetes:5.6.2
    53          env:
    54          - name: KUBERNETES_CA_CERTIFICATE_FILE
    55            value: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
    56          - name: NAMESPACE
    57            valueFrom:
    58              fieldRef:
    59                fieldPath: metadata.namespace
    60          - name: "CLUSTER_NAME"
    61            value: "myesdb"
    62          - name: "DISCOVERY_SERVICE"
    63            value: "elasticsearch"
    64          - name: NODE_MASTER
    65            value: "true"
    66          - name: NODE_DATA
    67            value: "true"
    68          - name: HTTP_ENABLE
    69            value: "true"
    70          ports:
    71          - containerPort: 9200
    72            name: http
    73            protocol: TCP
    74          - containerPort: 9300
    75            name: transport
    76            protocol: TCP
    77          volumeMounts:
    78          - mountPath: /data
    79            name: storage
    80        volumes:
    81        - name: storage
    82          emptyDir: {}
    83  ---
    84  apiVersion: rbac.authorization.k8s.io/v1
    85  kind: Role
    86  metadata:
    87    name: elasticsearch
    88  rules:
    89  - apiGroups:
    90    - ""
    91    resources:
    92    - endpoints
    93    verbs:
    94    - get
    95  ---
    96  apiVersion: rbac.authorization.k8s.io/v1
    97  kind: RoleBinding
    98  metadata:
    99    name: elasticsearch
   100  roleRef:
   101    apiGroup: rbac.authorization.k8s.io
   102    kind: Role
   103    name: elasticsearch
   104  subjects:
   105  - kind: ServiceAccount
   106    name: elasticsearch
   107    namespace: default
   108  ---
   109  apiVersion: v1
   110  kind: Pod
   111  metadata:
   112    name: outpost
   113    labels:
   114      app: outpost
   115  spec:
   116    containers:
   117    - name: esclient
   118      image: docker.io/cilium/esclient:v2 
   119  ---
   120  apiVersion: v1
   121  kind: Pod
   122  metadata:
   123    name: empire-hq
   124    labels:
   125      app: empire-hq
   126  spec:
   127    containers:
   128    - name: esclient
   129      image: docker.io/cilium/esclient:v2 
   130  ---
   131  apiVersion: v1
   132  kind: Pod
   133  metadata:
   134    name: spaceship
   135    labels:
   136      app: spaceship
   137  spec:
   138    containers:
   139    - name: esclient
   140      image: docker.io/cilium/esclient:v2
   141