Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 6c501a9f713405e5189cee738389805f18b2a695 / . / kubernetes / common / elasticsearch / values.yaml
blob: b1289431a5b4b392dc033a80b92b18b18323ebfb [file] [log] [blame]
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]1# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15#################################################################
16# Global configuration defaults.
17#################################################################
18global:
19 aafEnabled: true
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]20 nodePortPrefix: 302
21 readinessRepository: oomk8s
22 readinessImage: readiness-check:2.0.2
23 loggingRepository: docker.elastic.co
24 loggingImage: beats/filebeat:5.5.0
25 busyboxRepository: registry.hub.docker.com
26 busyboxImage: library/busybox:latest
27 clusterName: cluster.local
28
29persistence:
30 mountPath: /dockerdata-nfs
31 backup:
32 mountPath: /dockerdata-nfs/backup
33 storageClass:
34repositoryOverride: docker.io
35
36#################################################################
37# Application configuration defaults.
38#################################################################
39## Init containers parameters:
40sysctlImage:
41 enabled: true
42
43# application image
44image:
45 imageName: bitnami/elasticsearch
46 tag: 6.8.6-debian-9-r23
47 ## Specify a imagePullPolicy
48 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
49 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
50 ##
51 pullPolicy: IfNotPresent
52 ## Optionally specify an array of imagePullSecrets.
53 ## Secrets must be manually created in the namespace.
54 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
55 ##
56 # pullSecrets:
57 # - myRegistryKeySecretName
58 ## Set to true if you would like to see extra information on logs
59 ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
60 ##
61 debug: false
62
63## String to partially override common.fullname template (will maintain the release name)
64##
65# nameOverride:
66
67## String to fully override common.fullname template
68##
69# fullnameOverride:
70## updateStrategy for ElasticSearch coordinating deployment
71## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
72##
73updateStrategy:
74 type: RollingUpdate
75heapSize: 128m
76## Provide annotations for the coordinating-only pods.
77##
78podAnnotations: {}
79## Pod Security Context for coordinating-only pods.
80## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
81##
82securityContext:
83 enabled: true
84 fsGroup: 1001
85 runAsUser: 1001
86## Affinity for pod assignment.
87## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
88##
89affinity: {}
90## Node labels for pod assignment. Evaluated as a template.
91## Ref: https://kubernetes.io/docs/user-guide/node-selection/
92##
93nodeSelector: {}
94## Tolerations for pod assignment. Evaluated as a template.
95## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
96##
97tolerations: []
98## Elasticsearch coordinating-only container's resource requests and limits
99## ref: http://kubernetes.io/docs/user-guide/compute-resources/
100##
101resources:
102 ## We usually recommend not to specify default resources and to leave this as a conscious
103 ## choice for the user. This also increases chances charts run on environments with little
104 ## resources, such as Minikube.
105 limits: {}
106 # cpu: 100m
107 # memory: 128Mi
108 requests:
109 cpu: 25m
110 memory: 256Mi
111## Elasticsearch coordinating-only container's liveness and readiness probes
112## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
113##
114livenessProbe:
115 enabled: false
116# initialDelaySeconds: 90
117# periodSeconds: 10
118# timeoutSeconds: 5
119# successThreshold: 1
120# failureThreshold: 5
121readinessProbe:
122 enabled: false
123# initialDelaySeconds: 90
124# periodSeconds: 10
125# timeoutSeconds: 5
126# successThreshold: 1
127# failureThreshold: 5
128## Service parameters for coordinating-only node(s)
129##
130serviceAccount:
131 ## Specifies whether a ServiceAccount should be created for the coordinating node
132 ##
133 create: false
134 ## The name of the ServiceAccount to use.
135 ## If not set and create is true, a name is generated using the fullname template
136 ##
137 # name:
138
139## Bitnami Minideb image version
140## ref: https://hub.docker.com/r/bitnami/minideb/tags/
141##
142sysctlImage:
143 enabled: true
144 imageName: bitnami/minideb
145 tag: stretch
146 ## Specify a imagePullPolicy
147 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
148 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
149 ##
150 pullPolicy: Always
151 ## Optionally specify an array of imagePullSecrets.
152 ## Secrets must be manually created in the namespace.
153 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
154 ##
155 # pullSecrets:
156 # - myRegistryKeySecretName
157
158# nginx image
159nginx:
160 imageName: bitnami/nginx
161 tag: 1.16-debian-9
162 pullPolicy: IfNotPresent
163 service:
164 name: nginx
165 ports:
166 - name: elasticsearch
167 port: 8080
168## Custom server block to be added to NGINX configuration
169## PHP-FPM example server block:
170 serverBlock:
171 https: |-
172 server {
173 listen 9200 ssl;
174 #server_name ;
175 # auth_basic "server auth";
176 # auth_basic_user_file /etc/nginx/passwords;
177 ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
178 ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
179 location / {
180 # deny node shutdown api
181 if ($request_filename ~ "_shutdown") {
182 return 403;
183 break;
184 }
185
186 proxy_pass http://localhost:9000;
187 proxy_http_version 1.1;
188 proxy_set_header Connection "Keep-Alive";
189 proxy_set_header Proxy-Connection "Keep-Alive";
190 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
191 proxy_set_header X-Forwarded-Proto $scheme;
192 proxy_set_header X-Real-IP $remote_addr;
193 proxy_set_header Host $http_host;
194 proxy_redirect off;
195 }
196
197 location = / {
198 proxy_pass http://localhost:9000;
199 proxy_http_version 1.1;
200 proxy_set_header Connection "Keep-Alive";
201 proxy_set_header Proxy-Connection "Keep-Alive";
202 proxy_redirect off;
203 auth_basic "off";
204 }
205 }
206 http: |-
207 server {
208 listen 9200 ;
209 #server_name ;
210 location / {
211 # deny node shutdown api
212 if ($request_filename ~ "_shutdown") {
213 return 403;
214 break;
215 }
216
217 proxy_pass http://localhost:9000;
218 proxy_http_version 1.1;
219 proxy_set_header Connection "Keep-Alive";
220 proxy_set_header Proxy-Connection "Keep-Alive";
221 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
222 proxy_set_header X-Forwarded-Proto $scheme;
223 proxy_set_header X-Real-IP $remote_addr;
224 proxy_set_header Host $http_host;
225 proxy_redirect off;
226 }
227
228 location = / {
229 proxy_pass http://localhost:9000;
230 proxy_http_version 1.1;
231 proxy_set_header Connection "Keep-Alive";
232 proxy_set_header Proxy-Connection "Keep-Alive";
233 proxy_redirect off;
234 auth_basic "off";
235 }
236 }
237#################################################################
238# coordinating service configuration defaults.
239#################################################################
240
241service:
242 name: ""
243 suffix: ""
244 ## coordinating-only service type
245 ##
246 type: ClusterIP
247 headlessPorts:
248 - name: http-transport
249 port: 9300
250 headless:
251 suffix: discovery
252 annotations:
253 service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
254 publishNotReadyAddresses: true
255 ## Elasticsearch tREST API port
256 ##
257 ports:
258 - name: elasticsearch
259 port: 9200
260
261
262 ## Specify the nodePort value for the LoadBalancer and NodePort service types.
263 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
264 ##
265 # nodePort:
266 ## Provide any additional annotations which may be required. This can be used to
267 ## set the LoadBalancer service type to internal only.
268 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
269 ##
270 annotations: {}
271 ## Set the LoadBalancer service type to internal only.
272 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
273 ##
274 # loadBalancerIP:
275 ## Provide functionality to use RBAC
276 ##
Krzysztof Opasiakc6152ce2020-05-09 01:43:08 +0200[diff] [blame]277
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]278#################################################################
Krzysztof Opasiakc6152ce2020-05-09 01:43:08 +0200[diff] [blame]279# Certificate configuration
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]280#################################################################
Krzysztof Opasiakc6152ce2020-05-09 01:43:08 +0200[diff] [blame]281certInitializer:
282 nameOverride: elasticsearch-cert-initializer
283 aafDeployFqi: deployer@people.osaaf.org
284 aafDeployPass: demo123456!
285 # aafDeployCredsExternalSecret: some secret
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]286 fqdn: "elastic"
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]287 app_ns: "org.osaaf.aaf"
Krzysztof Opasiakc6152ce2020-05-09 01:43:08 +0200[diff] [blame]288 fqi_namespace: "org.onap.elastic"
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]289 fqi: "elastic@elastic.onap.org"
290 public_fqdn: "aaf.osaaf.org"
Krzysztof Opasiakc6152ce2020-05-09 01:43:08 +0200[diff] [blame]291 cadi_longitude: "0.0"
292 cadi_latitude: "0.0"
293 credsPath: /opt/app/osaaf/local
294 aaf_add_config: >
295 cd {{ .Values.credsPath }};
296 mkdir -p certs;
297 export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
298 keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
299 openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
300 cp {{ .Values.fqi_namespace }}.key certs/key.pem;
301 chmod -R 755 certs;
302
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]303#################################################################
304# subcharts configuration defaults.
305#################################################################
306
307
308#data:
309# enabled: false
310
311#curator:
312# enabled: false
313
314## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
315
316master:
317 replicaCount: 3
318 # dedicatednode: "yes"
319 # working as master node only, in this case increase replicaCount for elasticsearch-data
320 # dedicatednode: "no"
321 # handles master and data node functionality
322 dedicatednode: "no"
323data:
324 enabled: false
325curator:
326 enabled: false