From 4fe719dae08695a0d2e2fe00c82cf0f3b2ad4c65 Mon Sep 17 00:00:00 2001 From: Bob Ong Date: Mon, 8 Jul 2024 11:08:24 +0800 Subject: [PATCH] [Deployment] Fixed elasticsearch k8s access policy --- .../allowaccess-network-policy.yaml | 22 +++++++++++++- kube/base-components/kibana-deployment.yaml | 4 +-- .../stc-scan/stcscan-vega-deployment.yaml | 29 ++++++++++--------- 3 files changed, 39 insertions(+), 16 deletions(-) diff --git a/kube/base-components/allowaccess-network-policy.yaml b/kube/base-components/allowaccess-network-policy.yaml index 896610d..dd4c0f2 100644 --- a/kube/base-components/allowaccess-network-policy.yaml +++ b/kube/base-components/allowaccess-network-policy.yaml @@ -69,4 +69,24 @@ spec: - from: - namespaceSelector: matchLabels: - name: starcoin-api \ No newline at end of file + name: starcoin-api + +--- +# Default namespace access for elasticsearch +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-internal-elasticsearch + namespace: default +spec: + podSelector: + matchLabels: + app: elasticsearch + policyTypes: + - Ingress + ingress: + - from: + - podSelector: {} + ports: + - protocol: TCP + port: 9200 diff --git a/kube/base-components/kibana-deployment.yaml b/kube/base-components/kibana-deployment.yaml index 314fc7c..20f52c7 100644 --- a/kube/base-components/kibana-deployment.yaml +++ b/kube/base-components/kibana-deployment.yaml @@ -31,7 +31,7 @@ spec: subPath: kibana.yml env: - name: ELASTICSEARCH_HOSTS - value: "http://elasticsearch:9200" + value: "http://elasticsearch.default.svc.cluster.local:9200" - name: ES_USERNAME valueFrom: secretKeyRef: @@ -55,7 +55,7 @@ data: kibana.yml: | server.name: kibana server.host: "0.0.0.0" - elasticsearch.hosts: ["http://elasticsearch:9200"] + elasticsearch.hosts: ["http://elasticsearch.default.svc.cluster.local:9200"] elasticsearch.username: "${ES_USERNAME}" elasticsearch.password: "${ES_PASSWORD}" --- diff --git a/kube/indexer/stc-scan/stcscan-vega-deployment.yaml b/kube/indexer/stc-scan/stcscan-vega-deployment.yaml index 154d187..afe6dcd 100644 --- a/kube/indexer/stc-scan/stcscan-vega-deployment.yaml +++ b/kube/indexer/stc-scan/stcscan-vega-deployment.yaml @@ -1,22 +1,22 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: starcoin-indexer-deployment + name: starcoin-indexer-stcscan-deployment namespace: starcoin-vega labels: - app: starcoin-indexer + app: starcoin-indexer-stcscan spec: replicas: 1 selector: matchLabels: - app: starcoin-indexer + app: starcoin-indexer-stcscan template: metadata: labels: - app: starcoin-indexer + app: starcoin-indexer-stcscan spec: containers: - - name: starcoin-indexer + - name: starcoin-indexer-stcscan image: starcoin/starcoin_indexer:dag_inspector_vega_6 ports: - containerPort: 8300 @@ -28,20 +28,20 @@ spec: - name: BG_TASK_JOBS value: "indexer,secondary,market_cap,txn_payload,swap_stats,txn_global_idx_update" - name: BULK_SIZE - value: "80" + value: "100" - name: STARCOIN_ES_PWD valueFrom: secretKeyRef: - name: elasticsearch-pw-elastic + name: elasticsearch key: password - name: STARCOIN_ES_URL - value: "search-starcoin-es2-47avtmhexhbg7qtynzebcnnu64.ap-northeast-1.es.amazonaws.com" + value: "elasticsearch.default.svc.cluster.local" - name: TXN_OFFSET value: "0" - name: STARCOIN_ES_PROTOCOL - value: "https" + value: "http" - name: STARCOIN_ES_PORT - value: "443" + value: "9200" - name: STARCOIN_ES_USER value: elastic - name: SWAP_API_URL @@ -49,13 +49,16 @@ spec: - name: SWAP_CONTRACT_ADDR value: "0xbd7e8be8fae9f60f2f5136433e36a091" - name: DS_URL - value: "jdbc:postgresql://database-1.c0bz9kehdvnb.ap-northeast-1.rds.amazonaws.com/starcoin" + value: "jdbc:postgresql://postgres-service.default.svc.cluster.local/starcoin" - name: DB_USER_NAME - value: "starcoin" + valueFrom: + secretKeyRef: + name: postgresql + key: username - name: DB_PWD valueFrom: secretKeyRef: - name: postgresql-starcoin-yu + name: postgresql key: password - name: DB_SCHEMA value: "vega"