Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 9a994243c2da301f63270776bf613c329d1ff588 / . / kubernetes / common / elasticsearch / values.yaml
blob: 7fb097b3a02dc246310691ba52a4178be449c662 [file] [log] [blame]
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#################################################################
# Global configuration defaults.
#################################################################
global:
aafEnabled: true
nodePortPrefix: 302
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
busyboxRepository: docker.io
busyboxImage: library/busybox:latest
clusterName: cluster.local
persistence:
mountPath: /dockerdata-nfs
backup:
mountPath: /dockerdata-nfs/backup
storageClass:
repositoryOverride: docker.io
#################################################################
# Application configuration defaults.
#################################################################
## Init containers parameters:
sysctlImage:
enabled: true
# application image
image: bitnami/elasticsearch:7.6.1
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Set to true if you would like to see extra information on logs
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
##
debug: false
## String to partially override common.fullname template (will maintain the release name)
##
# nameOverride:
## String to fully override common.fullname template
##
# fullnameOverride:
## updateStrategy for ElasticSearch coordinating deployment
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
##
updateStrategy:
type: RollingUpdate
heapSize: 128m
## Provide annotations for the coordinating-only pods.
##
podAnnotations: {}
## Pod Security Context for coordinating-only pods.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
## Affinity for pod assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Elasticsearch coordinating-only container's resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube.
limits: {}
# cpu: 100m
# memory: 128Mi
requests:
cpu: 25m
memory: 256Mi
## Elasticsearch coordinating-only container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: false
# initialDelaySeconds: 90
# periodSeconds: 10
# timeoutSeconds: 5
# successThreshold: 1
# failureThreshold: 5
readinessProbe:
enabled: false
# initialDelaySeconds: 90
# periodSeconds: 10
# timeoutSeconds: 5
# successThreshold: 1
# failureThreshold: 5
## Service parameters for coordinating-only node(s)
##
serviceAccount:
## Specifies whether a ServiceAccount should be created for the coordinating node
##
create: false
## The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the fullname template
##
# name:
## Bitnami Minideb image version
## ref: https://hub.docker.com/r/bitnami/minideb/tags/
##
sysctlImage:
enabled: true
imageName: bitnami/minideb
tag: stretch
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
# nginx image
nginx:
imageName: bitnami/nginx
tag: 1.16-debian-9
pullPolicy: IfNotPresent
service:
name: nginx
ports:
- name: elasticsearch
port: 8080
## Custom server block to be added to NGINX configuration
## PHP-FPM example server block:
serverBlock:
https: |-
server {
listen 9200 ssl;
#server_name ;
# auth_basic "server auth";
# auth_basic_user_file /etc/nginx/passwords;
ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
location / {
# deny node shutdown api
if ($request_filename ~ "_shutdown") {
return 403;
break;
}
proxy_pass http://localhost:9000;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location = / {
proxy_pass http://localhost:9000;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_redirect off;
auth_basic "off";
}
}
http: |-
server {
listen 9200 ;
#server_name ;
location / {
# deny node shutdown api
if ($request_filename ~ "_shutdown") {
return 403;
break;
}
proxy_pass http://localhost:9000;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location = / {
proxy_pass http://localhost:9000;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_redirect off;
auth_basic "off";
}
}
#################################################################
# coordinating service configuration defaults.
#################################################################
service:
name: ""
suffix: ""
## coordinating-only service type
##
type: ClusterIP
headlessPorts:
- name: http-transport
port: 9300
headless:
suffix: discovery
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
publishNotReadyAddresses: true
## Elasticsearch tREST API port
##
ports:
- name: elasticsearch
port: 9200
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
## Set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
# loadBalancerIP:
## Provide functionality to use RBAC
##
#################################################################
# Certificate configuration
#################################################################
certInitializer:
nameOverride: elasticsearch-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
# aafDeployCredsExternalSecret: some secret
fqdn: "elastic"
app_ns: "org.osaaf.aaf"
fqi_namespace: "org.onap.elastic"
fqi: "elastic@elastic.onap.org"
public_fqdn: "aaf.osaaf.org"
cadi_longitude: "0.0"
cadi_latitude: "0.0"
credsPath: /opt/app/osaaf/local
aaf_add_config: >
cd {{ .Values.credsPath }};
mkdir -p certs;
export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
cp {{ .Values.fqi_namespace }}.key certs/key.pem;
chmod -R 755 certs;
#################################################################
# subcharts configuration defaults.
#################################################################
#data:
# enabled: false
#curator:
# enabled: false
## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
master:
replicaCount: 3
# dedicatednode: "yes"
# working as master node only, in this case increase replicaCount for elasticsearch-data
# dedicatednode: "no"
# handles master and data node functionality
dedicatednode: "no"
data:
enabled: false
curator:
enabled: false