kubernetes/common/elasticsearch/values.yaml

# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
# Modification Copyright (c) 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#################################################################
# Global configuration defaults.
#################################################################
global:
  aafEnabled: true
  nodePortPrefix: 302
  clusterName: cluster.local

persistence:
  mountPath: /dockerdata-nfs
  backup:
    mountPath: /dockerdata-nfs/backup
  storageClass:

#################################################################
# Application configuration defaults.
#################################################################
## Init containers parameters:
sysctlImage:
  enabled: true

# application image
image: bitnami/elasticsearch:7.9.3
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
#   - myRegistryKeySecretName
## Set to true if you would like to see extra information on logs
## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
##
debug: false

## String to partially override common.fullname template (will maintain the release name)
##
# nameOverride:

## String to fully override common.fullname template
##
# fullnameOverride:
## updateStrategy for ElasticSearch coordinating deployment
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
##
updateStrategy:
  type: RollingUpdate
heapSize: 128m
## Provide annotations for the coordinating-only pods.
##
podAnnotations: {}
## Pod Security Context for coordinating-only pods.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
  enabled: true
  fsGroup: 1001
  runAsUser: 1001
## Affinity for pod assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Elasticsearch coordinating-only container's resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube.
  limits: {}
  #   cpu: 100m
  #   memory: 128Mi
  requests:
    cpu: 25m
    memory: 256Mi
## Elasticsearch coordinating-only container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
  enabled: false
#  initialDelaySeconds: 90
#  periodSeconds: 10
#  timeoutSeconds: 5
#  successThreshold: 1
#  failureThreshold: 5
readinessProbe:
  enabled: false
#  initialDelaySeconds: 90
#  periodSeconds: 10
#  timeoutSeconds: 5
#  successThreshold: 1
#  failureThreshold: 5
## Service parameters for coordinating-only node(s)
##
serviceAccount:
  ## Specifies whether a ServiceAccount should be created for the coordinating node
  ##
  create: false
  ## The name of the ServiceAccount to use.
  ## If not set and create is true, a name is generated using the fullname template
  ##
  # name:

sysctlImage:
  enabled: true
  ## Specify a imagePullPolicy
  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
  ##
  pullPolicy: Always
  ## Optionally specify an array of imagePullSecrets.
  ## Secrets must be manually created in the namespace.
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ##
  # pullSecrets:
  #   - myRegistryKeySecretName

# nginx image
nginx:
  pullPolicy: IfNotPresent
  service:
    name: nginx
    ports:
    - name: elasticsearch
      port: 8080
## Custom server block to be added to NGINX configuration
## PHP-FPM example server block:
  serverBlock:
    https: |-
      server {
        listen 9200 ssl;
        #server_name ;
        # auth_basic "server auth";
        # auth_basic_user_file /etc/nginx/passwords;
        ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
        ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
        location / {
          # deny node shutdown api
          if ($request_filename ~ "_shutdown") {
            return 403;
            break;
          }

          proxy_pass http://localhost:9000;
          proxy_http_version 1.1;
          proxy_set_header Connection "Keep-Alive";
          proxy_set_header Proxy-Connection "Keep-Alive";
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header Host $http_host;
          proxy_redirect off;
        }

        location = / {
          proxy_pass http://localhost:9000;
          proxy_http_version 1.1;
          proxy_set_header Connection "Keep-Alive";
          proxy_set_header Proxy-Connection "Keep-Alive";
          proxy_redirect off;
          auth_basic "off";
        }
      }
    http: |-
      server {
        listen 9200 ;
        #server_name ;
        location / {
          # deny node shutdown api
          if ($request_filename ~ "_shutdown") {
            return 403;
            break;
          }

          proxy_pass http://localhost:9000;
          proxy_http_version 1.1;
          proxy_set_header Connection "Keep-Alive";
          proxy_set_header Proxy-Connection "Keep-Alive";
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header Host $http_host;
          proxy_redirect off;
        }

        location = / {
          proxy_pass http://localhost:9000;
          proxy_http_version 1.1;
          proxy_set_header Connection "Keep-Alive";
          proxy_set_header Proxy-Connection "Keep-Alive";
          proxy_redirect off;
          auth_basic "off";
        }
      }
#################################################################
# coordinating service configuration defaults.
#################################################################

service:
  name: ""
  suffix: ""
  ## coordinating-only service type
  ##
  type: ClusterIP
  headlessPorts:
  - name: http-transport
    port: 9300
  headless:
    suffix: discovery
    annotations:
      service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
    publishNotReadyAddresses: true
  ## Elasticsearch tREST API port
  ##
  ports:
  - name: elasticsearch
    port: 9200


  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
  ##
  # nodePort:
  ## Provide any additional annotations which may be required. This can be used to
  ## set the LoadBalancer service type to internal only.
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
  ##
  annotations: {}
  ## Set the LoadBalancer service type to internal only.
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
  ##
  # loadBalancerIP:
  ## Provide functionality to use RBAC
  ##

#################################################################
# Certificate configuration
#################################################################
certInitializer:
  nameOverride: elasticsearch-cert-initializer
  aafDeployFqi: deployer@people.osaaf.org
  aafDeployPass: demo123456!
  # aafDeployCredsExternalSecret: some secret
  fqdn: "elastic"
  app_ns: "org.osaaf.aaf"
  fqi_namespace: "org.onap.elastic"
  fqi: "elastic@elastic.onap.org"
  public_fqdn: "aaf.osaaf.org"
  cadi_longitude: "0.0"
  cadi_latitude: "0.0"
  credsPath: /opt/app/osaaf/local
  aaf_add_config: >
    cd {{ .Values.credsPath }};
    mkdir -p certs;
    keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
    openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
    cp {{ .Values.fqi_namespace }}.key certs/key.pem;
    chmod -R 755 certs;

#################################################################
# subcharts configuration defaults.
#################################################################


#data:
#  enabled: false

#curator:
#  enabled: false

## Change nameOverride to be consistent accross all elasticsearch (sub)-charts

master:
  replicaCount: 3
  # dedicatednode: "yes"
  # working as master node only, in this case increase replicaCount for elasticsearch-data
  # dedicatednode: "no"
  # handles master and data node functionality
  dedicatednode: "no"
  cluster_name: elasticsearch
data:
  enabled: false
  cluster_name: elasticsearch
curator:
  enabled: false