fix example

Co-authored-by: anton.voskresensky <anton.voskresensky@flant.com>

Author: perhamm

config-example/helm-example/02-osctl-config.yaml

@@ -0,0 +1,124 @@
+{{- if .Values.curator.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: osctl-configmap
+  annotations:
+    argocd.argoproj.io/sync-options: Replace=true
+data:
+  config.yml: |-
+    ---
+    # Common settings shared across all commands
+    opensearch_url: "https://opendistro:{{ .Values.opendistro.port_http }}"
+    cert_file: "/etc/ssl/certs/admin-crt.pem"
+    key_file: "/etc/ssl/certs/admin-key.pem"
+    ca_file: ""
+    timeout: "300s"
+    retry_attempts: 3
+    date_format: {{ .Values.osctl.date_format | default "%Y.%m.%d" | quote }}
+    dry_run: false
+    {{- $snapshot_repo := "" }}
+    {{- range .Values.opendistro.s3_backup.repos }}
+    {{- if eq .client "default" }}
+    {{- $snapshot_repo = .repository }}
+    {{- end }}
+    {{- end }}
+    snapshot_repo: {{ $snapshot_repo | default "" | quote }}
+
+    # madison alerts settings
+    madison_url: "https://madison.flant.com/api/events/custom/"
+    {{- $madison_key := "" }}
+    {{- if and (hasKey .Values "admin") (hasKey .Values.admin "madison_key") }}
+    {{- $madison_key = .Values.admin.madison_key }}
+    {{- else if and (hasKey .Values "madison") (hasKey .Values.madison "key") }}
+    {{- $madison_key = .Values.madison.key }}
+    {{- end }}
+    madison_key: {{ $madison_key | quote }}
+    osd_url: "https://{{ .Values.kibana.host }}"
+
+    # Command-specific configurations
+
+    # coldstorage
+    {{- if hasKey .Values "coldCluster" }}
+    cold_attribute: {{ .Values.coldCluster.coldAttribute | default "cold" | quote }}
+    hot_count: {{ .Values.coldCluster.hotCount | default 4 | quote }}
+    {{- else }}
+    cold_attribute: ""
+    hot_count: ""
+    {{- end }}
+
+    # danglingchecker
+
+    # datasource
+    datasource_name: {{ .Values.datasource.datasource_name | default "recoverer" | quote }}
+    kibana_user: {{ .Values.apiuser.elasticsearch.username | quote }}
+    kibana_pass: {{ .Values.apiuser.elasticsearch.password | quote }}
+    datasource_kibana_multitenancy: {{ .Values.security.multitenancy | default false | quote }}
+    {{- if .Values.kibana.multidomain.enabled }}
+    kube_namespace: {{ .Release.Namespace | quote }}
+    {{- if hasKey .Values.kibana.multidomain "remote_crt" }}
+    datasource_remote_crt: {{ join "|" .Values.kibana.multidomain.remote_crt | quote }}
+    {{- else }}
+    datasource_remote_crt: ""
+    {{- end }}
+    {{- else }}
+    kube_namespace: ""
+    datasource_remote_crt: ""
+    {{- end }}
+    datasource_kibana_multidomain_enabled: {{ .Values.kibana.multidomain.enabled | default false | quote }}
+
+    # dereplicator:
+    dereplicator_days_count: {{ .Values.dereplicator.days_count | default 2 | quote }}
+    dereplicator_use_snapshot: {{ .Values.dereplicator.use_snapshot | default false | quote }}
+
+    # extracteddelete:
+    {{- if .Values.recoverer.enabled }}
+    opensearch_recoverer_url: "https://opendistro-recoverer:9200"
+    {{- else }}
+    opensearch_recoverer_url: "https://opendistro:{{ .Values.opendistro.port_http }}"
+    {{- end }}
+    extracted_pattern: {{ .Values.extracteddelete.extracted_pattern | default "extracted_" | quote }}
+    extracted_days: {{ .Values.extracteddelete.extracted_days | default 2 | quote }}
+    recoverer_date_format: {{ .Values.extracteddelete.recoverer_date_format | default "%d-%m-%Y" | quote }}
+
+    # indexpatterns:
+    kibana_index_regex: "^([\\w-]+)-([\\w-]*)(\\d{4}[\\.-]\\d{2}[\\.-]\\d{2}(?:[\\.-]\\d{2})*)$"
+    indexpatterns_kibana_multitenancy: {{ .Values.security.multitenancy | default false | quote }}
+    {{- if and (.Values.security.multitenancy | default false) (.Values.recoverer.enabled | default false) }}
+    indexpatterns_recoverer_enabled: false
+    {{- else if (.Values.recoverer.enabled | default false) }}
+    indexpatterns_recoverer_enabled: true
+    {{- else }}
+    indexpatterns_recoverer_enabled: false
+    {{- end }}
+
+    # indicesdelete:
+
+    # retention:
+    retention_threshold: {{ .Values.retention.threshold | default 75.0 | quote }}
+
+    # sharding:
+    sharding_target_size_gib: {{ .Values.sharding.target_size_gib | default 25 | quote }}
+    exclude_sharding: {{ .Values.sharding.exclude_indices | default "" | quote }}
+
+    # snapshots:
+
+    # snapshotschecker:
+
+    # snapshotsdelete:
+
+    # snapshotmanual:
+
+  osctlindicesconfig.yml: |-
+{{- if .Values.curator.enabled }}
+    ---
+{{ toYaml .Values.curator | indent 4 }}
+{{- end }}
+  osctltenants.yml: |-
+{{- if and (.Values.security.multitenancy | default false) (hasKey .Values.security "tenants") }}
+    ---
+    tenants:
+{{ toYaml .Values.security.tenants | indent 4 }}
+{{- end }}
+
+{{- end }}

config-example/helm-example/_helpers.yaml

@@ -0,0 +1,73 @@
+
+{{- define "osctl_volumes" }}
+          - name: osctl-config
+            configMap:
+              name: osctl-configmap
+              defaultMode: 420
+          - name: osctl-tenants
+            configMap:
+              name: osctltenants
+              defaultMode: 420
+          - name: osctl-indices-config
+            configMap:
+              name: osctlindicesconfig
+              defaultMode: 420
+{{- include "osctl_cert_volumes" . }}
+{{- end }}
+
+{{- define "osctl_cert_volumes" }}
+{{- if eq .Values.opendistro.certificates.type "custom" }}
+          - name: certs
+            secret:
+              secretName: opendistro-tls-data
+              defaultMode: 420
+{{- else if eq .Values.opendistro.certificates.type "cluster" }}
+          - name: certs
+            secret:
+              secretName: opendistro-certs
+              defaultMode: 420
+          - name: admin-certs
+            secret:
+              secretName: opendistro-admin-certs
+              defaultMode: 420
+{{- end }}
+{{- end }}
+
+{{- define "osctl_volume_mounts" }}
+            - name: osctl-config
+              mountPath: /app/config.yaml
+              subPath: config.yml
+              readOnly: true
+            - name: osctl-config
+              mountPath: /app/osctltenants.yaml
+              subPath: osctltenants.yml
+              readOnly: true
+            - name: osctl-config
+              mountPath: /app/osctlindicesconfig.yaml
+              subPath: osctlindicesconfig.yml
+              readOnly: true
+{{- include "osctl_cert_volume_mounts" . }}
+{{- end }}
+
+{{- define "osctl_cert_volume_mounts" }}
+{{- if eq .Values.opendistro.certificates.type "custom" }}
+            - mountPath: /etc/ssl/certs/admin-crt.pem
+              name: certs
+              subPath: admin-crt.pem
+              readOnly: true
+            - mountPath: /etc/ssl/certs/admin-key.pem
+              name: certs
+              subPath: admin-key.pem
+              readOnly: true
+{{- else if eq .Values.opendistro.certificates.type "cluster" }}
+            - mountPath: /etc/ssl/certs/admin-crt.pem
+              name: admin-certs
+              subPath: tls.crt
+              readOnly: true
+            - mountPath: /etc/ssl/certs/admin-key.pem
+              name: admin-certs
+              subPath: tls.key
+              readOnly: true
+{{- end }}
+{{- end }}
+

config-example/helm-example/cronjobs/coldstorage/20-coldstorage-cronjob.yaml

@@ -0,0 +1,48 @@
+{{- if hasKey .Values "coldCluster" }}
+{{- if hasKey .Values.coldCluster "enabled" }}
+{{- if and .Values.opendistro.enabled .Values.curator.enabled .Values.coldCluster.enabled }}
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: cold-storage
+  labels:
+    job: cold-storage
+    service: osctl
+spec:
+  schedule: {{ .Values.coldCluster.schedule | quote }}
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1
+  jobTemplate:
+    metadata:
+      labels:
+        job: cold-storage
+        service: osctl
+    spec:
+      ttlSecondsAfterFinished: {{ .Values.osctl.ttlSecondsAfterFinished | default 3600 }}
+      template:
+        metadata:
+          labels:
+            job: cold-storage
+            service: osctl
+        spec:
+{{- include "toleration_common" . | indent 10 }}
+          affinity:
+{{- include "nodeselector_common" . | indent 10 }}
+          volumes:
+{{- include "osctl_volumes" . | indent 10 }}
+          containers:
+          - name: app
+            image: {{ printf "%s%s:%s" .Values.osctl.image.repo .Values.osctl.image.name .Values.osctl.image.tag }}
+            imagePullPolicy: {{ .Values.imagePullPolicy }}
+            command:
+            - /app/osctl
+            args:
+            - coldstorage
+            workingDir: /app
+            volumeMounts:
+{{- include "osctl_volume_mounts" . | indent 12 }}
+          restartPolicy: Never
+{{- end }}
+{{- end }}
+{{- end }}

config-example/helm-example/cronjobs/danglingchecker/20-danglingchecker-cronjob.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.danglingChecker.enabled }}
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: dangling-checker
+  labels:
+    job: dangling-checker
+spec:
+  schedule: {{ .Values.danglingChecker.schedule | quote }}
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1
+  jobTemplate:
+    metadata:
+      labels:
+        job: dangling-checker
+    spec:
+      ttlSecondsAfterFinished: {{ .Values.osctl.ttlSecondsAfterFinished | default 3600 }}
+      template:
+        metadata:
+          labels:
+            job: dangling-checker
+        spec:
+{{- include "toleration_common" . | indent 10 }}
+          affinity:
+{{- include "nodeselector_common" . | indent 10 }}
+          volumes:
+{{- include "osctl_volumes" . | indent 10 }}
+          containers:
+          - name: app
+            image: {{ printf "%s%s:%s" .Values.osctl.image.repo .Values.osctl.image.name .Values.osctl.image.tag }}
+            imagePullPolicy: {{ .Values.imagePullPolicy }}
+            command:
+            - /app/osctl
+            args:
+            - danglingchecker
+            workingDir: /app
+            volumeMounts:
+{{- include "osctl_volume_mounts" . | indent 12 }}
+          restartPolicy: Never
+{{- end }}

config-example/helm-example/cronjobs/datasource/01-osctl-rbac-and-sa.yaml

@@ -0,0 +1,30 @@
+{{- if and .Values.opendistro.enabled .Values.kibana.enabled .Values.recoverer.enabled .Values.opendistro.s3_backup.enabled .Values.kibana.multidomain.enabled }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: osctl-restarter-{{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: osctl-restarter-role-{{ .Release.Namespace }}
+rules:
+  - apiGroups: ["","apps"]
+    resources: ["statefulsets","pods","deployments","secrets"]
+    verbs: ["get", "patch", "watch", "update", "list", "create", "delete"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: osctl-restarter-rb-{{ .Release.Namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: osctl-restarter-{{ .Release.Namespace }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: osctl-restarter-role-{{ .Release.Namespace }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}

config-example/helm-example/cronjobs/datasource/20-datasource-cronjob.yaml

@@ -0,0 +1,47 @@
+{{- if and .Values.opendistro.enabled .Values.kibana.enabled .Values.recoverer.enabled .Values.opendistro.s3_backup.enabled }}
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: datasource
+  labels:
+    job: datasource
+    service: kibana
+spec:
+  schedule: {{ .Values.datasource.schedule | quote }}
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1
+  jobTemplate:
+    metadata:
+      labels:
+        job: datasource
+        service: kibana
+    spec:
+      ttlSecondsAfterFinished: {{ .Values.osctl.ttlSecondsAfterFinished | default 3600 }}
+      template:
+        metadata:
+          labels:
+            job: datasource
+            service: kibana
+        spec:
+{{- include "toleration_common" . | indent 10 }}
+          affinity:
+{{- include "nodeselector_common" . | indent 10 }}
+{{- if .Values.kibana.multidomain.enabled }}
+          serviceAccountName: osctl-restarter-{{ .Release.Namespace }}
+{{- end }}
+          volumes:
+{{- include "osctl_volumes" . | indent 10 }}
+          containers:
+          - name: app
+            image: {{ printf "%s%s:%s" .Values.osctl.image.repo .Values.osctl.image.name .Values.osctl.image.tag }}
+            imagePullPolicy: {{ .Values.imagePullPolicy }}
+            command:
+            - /app/osctl
+            args:
+            - datasource
+            workingDir: /app
+            volumeMounts:
+{{- include "osctl_volume_mounts" . | indent 12 }}
+          restartPolicy: Never
+{{- end }}