kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml

---
# Copyright © 2020  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Name of the Elasticsearch cluster.
# A node can only join a cluster when it shares its cluster.name with all the other nodes in the cluster.
# The default name is elasticsearch, but you should change it to an appropriate name which describes the
# purpose of the cluster.
#
## Default Elasticsearch configuration from elasticsearch-docker.
## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
#

cluster.name: "clamp-dashboard"
node.name: "cldash-es-node1"
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
# non-loopback address.
network.host: 0.0.0.0
#
# Set a custom port for HTTP: If required, default is 9200-9300
#
#http.port: $http.port
#
# For more information, consult the network module documentation.
# ----------------------------------- Paths ------------------------------------
#
# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
# In production, we should not keep this default to "/elasticsearch/data", as on upgrading Elasticsearch, directory structure
# may change & can deal to data loss.
path.data: /usr/share/elasticsearch/data
#
# Elasticsearch's log files location. In production, we should not keep this default to "/elasticsearch/logs",
# as on upgrading Elasticsearch, directory structure may change.
path.logs: /usr/share/elasticsearch/logs
#
# ----------------------------------- Memory -----------------------------------
#
# It is vitally important to the health of your node that none of the JVM is ever swapped out to disk.
# Lock the memory on startup.
#
bootstrap.memory_lock: false
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started
# To form a cluster with nodes on other servers, you have to provide a seed list of other nodes in the cluster
# that are likely to be live and contactable.
# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
# to connect to other nodes running on the same server.
# # minimum_master_nodes need to be explicitly set when bound on a public IP
# # set to 1 to allow single node clusters
# # Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
discovery.seed_hosts: []
# # Breaking change in 7.0
# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
cluster.initial_master_nodes:
    - cldash-es-node1
#    - docker-test-node-1
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
# Set a custom port for HTTP: If required, default is 9200-9300
# This is used for REST APIs
http.port: {{.Values.service.externalPort}}
# Port to bind for communication between nodes. Accepts a single value or a range.
# If a range is specified, the node will bind to the first available port in the range.
# Defaults to 9300-9400.
# More info:
transport.tcp.port: {{.Values.service.externalPort2}}

######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
{{- if .Values.global.aafEnabled }}
opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
{{- else }}
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
{{- end }}
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}

opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
  - CN=kirk,OU=client,O=client,L=test, C=de

opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
######## End OpenDistro for Elasticsearch Security Demo Configuration ########