11---
2+ # Note: The elastic-internal-suspend container is automatically injected by ECK.
3+ # To control its resources, you may need to use ECK-specific configuration or
4+ # modify the ECK operator deployment settings.
25apiVersion : elasticsearch.k8s.elastic.co/v1
36kind : Elasticsearch
47metadata :
58 name : pl-elastic
69spec :
7- # yamllint disable-line rule:line-length
8- image : gcr.io/pixie-oss/pixie-dev-public/elasticsearch:7.6.0-patched1@sha256:f734909115be9dba66736c4b7356fd52da58b1ffdb895ba74cb5c2fca2b133dd
9- version : 7.6.0
10+ version : 9.0.4
1011 nodeSets :
1112 - name : master
1213 count : 3
1314 config :
14- node.master : true
15- node.data : false
16- node.ingest : false
15+ node.roles : ["master"]
1716 node.store.allow_mmap : true
1817 podTemplate :
18+ metadata :
19+ annotations :
20+ co.elastic.logs/module : elasticsearch
1921 spec :
2022 containers :
2123 - name : elasticsearch
2224 securityContext :
2325 allowPrivilegeEscalation : false
2426 capabilities :
25- add :
26- - SYS_CHROOT
27- - SETUID
2827 drop :
2928 - ALL
30- runAsUser : 0
29+ runAsUser : 1000
3130 seccompProfile :
3231 type : RuntimeDefault
3332 initContainers :
34- - name : install-plugins
35- command :
36- - sh
37- - -c
38- - |
39- bin/elasticsearch-plugin install --batch repository-gcs
4033 - name : sysctl
4134 securityContext :
4235 allowPrivilegeEscalation : true
4336 privileged : true
37+ runAsUser : 0
4438 seccompProfile :
4539 type : RuntimeDefault
4640 command : ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
41+ resources :
42+ limits :
43+ memory : 128Mi
44+ cpu : 100m
45+ requests :
46+ memory : 64Mi
47+ cpu : 50m
4748 - name : elastic-internal-init-filesystem
4849 securityContext :
4950 allowPrivilegeEscalation : false
50- runAsUser : 0
51+ runAsUser : 1000
5152 seccompProfile :
5253 type : RuntimeDefault
54+ resources :
55+ limits :
56+ memory : 256Mi
57+ cpu : 200m
58+ requests :
59+ memory : 128Mi
60+ cpu : 100m
5361 securityContext :
62+ fsGroup : 1000
63+ runAsUser : 1000
5464 seccompProfile :
5565 type : RuntimeDefault
5666 volumeClaimTemplates :
@@ -67,25 +77,23 @@ spec:
6777 # pods can be disrupted for nodepool upgrades.
6878 count : 5
6979 config :
70- node.master : false
71- node.data : true
72- node.ingest : true
80+ node.roles : ["data", "ingest"]
7381 node.store.allow_mmap : true
7482 node.attr.data : hot
7583 podTemplate :
84+ metadata :
85+ annotations :
86+ co.elastic.logs/module : elasticsearch
7687 spec :
7788 containers :
78- - env :
79- - name : ES_JAVA_OPTS
80- value : -Xms2g -Xmx2g -Dlog4j2.formatMsgNoLookups=True
81- name : elasticsearch
89+ - name : elasticsearch
8290 resources :
8391 limits :
8492 cpu : 2
85- memory : 4Gi
93+ memory : 2Gi
8694 requests :
8795 cpu : 0.5
88- memory : 4Gi
96+ memory : 2Gi
8997 securityContext :
9098 allowPrivilegeEscalation : false
9199 capabilities :
@@ -94,30 +102,41 @@ spec:
94102 - SETUID
95103 drop :
96104 - ALL
97- runAsUser : 0
105+ runAsUser : 1000
98106 seccompProfile :
99107 type : RuntimeDefault
100108 initContainers :
101- - name : install-plugins
102- command :
103- - sh
104- - -c
105- - |
106- bin/elasticsearch-plugin install --batch repository-gcs
107109 - name : sysctl
108110 securityContext :
109111 allowPrivilegeEscalation : true
110112 privileged : true
113+ runAsUser : 0
111114 seccompProfile :
112115 type : RuntimeDefault
113116 command : ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
117+ resources :
118+ limits :
119+ memory : 128Mi
120+ cpu : 100m
121+ requests :
122+ memory : 64Mi
123+ cpu : 50m
114124 - name : elastic-internal-init-filesystem
115125 securityContext :
116126 allowPrivilegeEscalation : false
117- runAsUser : 0
127+ runAsUser : 1000
118128 seccompProfile :
119129 type : RuntimeDefault
130+ resources :
131+ limits :
132+ memory : 256Mi
133+ cpu : 200m
134+ requests :
135+ memory : 128Mi
136+ cpu : 100m
120137 securityContext :
138+ fsGroup : 1000
139+ runAsUser : 1000
121140 seccompProfile :
122141 type : RuntimeDefault
123142 volumeClaimTemplates :
0 commit comments