Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / c3a7cf6f1b69667132e5f98f1d9d13caf6a71d80 / . / kubernetes / common / elasticsearch / values.yaml
blob: 7722af9215f81953eb81742165fc9a06bb44248e [file] [log] [blame]
Grzegorz-Lisc3a7cf62020-11-09 09:59:53 +0000[diff] [blame^]1# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
2# Modification Copyright (c) 2020 Nokia
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16#################################################################
17# Global configuration defaults.
18#################################################################
19global:
20 aafEnabled: true
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]21 nodePortPrefix: 302
Sylvain Desbureaux1694e1d2020-08-21 09:58:25 +0200[diff] [blame]22 readinessImage: onap/oom/readiness:3.0.1
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]23 loggingRepository: docker.elastic.co
24 loggingImage: beats/filebeat:5.5.0
Sylvain Desbureaux23a38b32020-11-20 08:57:12 +0100[diff] [blame]25 busyboxRepository: docker.io
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]26 busyboxImage: library/busybox:latest
27 clusterName: cluster.local
28
29persistence:
30 mountPath: /dockerdata-nfs
31 backup:
32 mountPath: /dockerdata-nfs/backup
33 storageClass:
34repositoryOverride: docker.io
35
36#################################################################
37# Application configuration defaults.
38#################################################################
39## Init containers parameters:
40sysctlImage:
41 enabled: true
42
43# application image
Grzegorz-Lisc3a7cf62020-11-09 09:59:53 +0000[diff] [blame^]44image: bitnami/elasticsearch:7.9.3
Alexander Dehnc2a36862020-09-02 11:48:20 +0000[diff] [blame]45## Specify a imagePullPolicy
46## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
47## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
48##
49pullPolicy: IfNotPresent
50## Optionally specify an array of imagePullSecrets.
51## Secrets must be manually created in the namespace.
52## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
53##
54# pullSecrets:
55# - myRegistryKeySecretName
56## Set to true if you would like to see extra information on logs
57## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
58##
59debug: false
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]60
61## String to partially override common.fullname template (will maintain the release name)
62##
63# nameOverride:
64
65## String to fully override common.fullname template
66##
67# fullnameOverride:
68## updateStrategy for ElasticSearch coordinating deployment
69## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
70##
71updateStrategy:
72 type: RollingUpdate
73heapSize: 128m
74## Provide annotations for the coordinating-only pods.
75##
76podAnnotations: {}
77## Pod Security Context for coordinating-only pods.
78## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
79##
80securityContext:
81 enabled: true
82 fsGroup: 1001
83 runAsUser: 1001
84## Affinity for pod assignment.
85## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
86##
87affinity: {}
88## Node labels for pod assignment. Evaluated as a template.
89## Ref: https://kubernetes.io/docs/user-guide/node-selection/
90##
91nodeSelector: {}
92## Tolerations for pod assignment. Evaluated as a template.
93## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
94##
95tolerations: []
96## Elasticsearch coordinating-only container's resource requests and limits
97## ref: http://kubernetes.io/docs/user-guide/compute-resources/
98##
99resources:
100 ## We usually recommend not to specify default resources and to leave this as a conscious
101 ## choice for the user. This also increases chances charts run on environments with little
102 ## resources, such as Minikube.
103 limits: {}
104 # cpu: 100m
105 # memory: 128Mi
106 requests:
107 cpu: 25m
108 memory: 256Mi
109## Elasticsearch coordinating-only container's liveness and readiness probes
110## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
111##
112livenessProbe:
113 enabled: false
114# initialDelaySeconds: 90
115# periodSeconds: 10
116# timeoutSeconds: 5
117# successThreshold: 1
118# failureThreshold: 5
119readinessProbe:
120 enabled: false
121# initialDelaySeconds: 90
122# periodSeconds: 10
123# timeoutSeconds: 5
124# successThreshold: 1
125# failureThreshold: 5
126## Service parameters for coordinating-only node(s)
127##
128serviceAccount:
129 ## Specifies whether a ServiceAccount should be created for the coordinating node
130 ##
131 create: false
132 ## The name of the ServiceAccount to use.
133 ## If not set and create is true, a name is generated using the fullname template
134 ##
135 # name:
136
137## Bitnami Minideb image version
138## ref: https://hub.docker.com/r/bitnami/minideb/tags/
139##
140sysctlImage:
141 enabled: true
142 imageName: bitnami/minideb
143 tag: stretch
144 ## Specify a imagePullPolicy
145 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
146 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
147 ##
148 pullPolicy: Always
149 ## Optionally specify an array of imagePullSecrets.
150 ## Secrets must be manually created in the namespace.
151 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
152 ##
153 # pullSecrets:
154 # - myRegistryKeySecretName
155
156# nginx image
157nginx:
158 imageName: bitnami/nginx
159 tag: 1.16-debian-9
160 pullPolicy: IfNotPresent
161 service:
162 name: nginx
163 ports:
164 - name: elasticsearch
165 port: 8080
166## Custom server block to be added to NGINX configuration
167## PHP-FPM example server block:
168 serverBlock:
169 https: |-
170 server {
171 listen 9200 ssl;
172 #server_name ;
173 # auth_basic "server auth";
174 # auth_basic_user_file /etc/nginx/passwords;
175 ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
176 ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
177 location / {
178 # deny node shutdown api
179 if ($request_filename ~ "_shutdown") {
180 return 403;
181 break;
182 }
183
184 proxy_pass http://localhost:9000;
185 proxy_http_version 1.1;
186 proxy_set_header Connection "Keep-Alive";
187 proxy_set_header Proxy-Connection "Keep-Alive";
188 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
189 proxy_set_header X-Forwarded-Proto $scheme;
190 proxy_set_header X-Real-IP $remote_addr;
191 proxy_set_header Host $http_host;
192 proxy_redirect off;
193 }
194
195 location = / {
196 proxy_pass http://localhost:9000;
197 proxy_http_version 1.1;
198 proxy_set_header Connection "Keep-Alive";
199 proxy_set_header Proxy-Connection "Keep-Alive";
200 proxy_redirect off;
201 auth_basic "off";
202 }
203 }
204 http: |-
205 server {
206 listen 9200 ;
207 #server_name ;
208 location / {
209 # deny node shutdown api
210 if ($request_filename ~ "_shutdown") {
211 return 403;
212 break;
213 }
214
215 proxy_pass http://localhost:9000;
216 proxy_http_version 1.1;
217 proxy_set_header Connection "Keep-Alive";
218 proxy_set_header Proxy-Connection "Keep-Alive";
219 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
220 proxy_set_header X-Forwarded-Proto $scheme;
221 proxy_set_header X-Real-IP $remote_addr;
222 proxy_set_header Host $http_host;
223 proxy_redirect off;
224 }
225
226 location = / {
227 proxy_pass http://localhost:9000;
228 proxy_http_version 1.1;
229 proxy_set_header Connection "Keep-Alive";
230 proxy_set_header Proxy-Connection "Keep-Alive";
231 proxy_redirect off;
232 auth_basic "off";
233 }
234 }
235#################################################################
236# coordinating service configuration defaults.
237#################################################################
238
239service:
240 name: ""
241 suffix: ""
242 ## coordinating-only service type
243 ##
244 type: ClusterIP
245 headlessPorts:
246 - name: http-transport
247 port: 9300
248 headless:
249 suffix: discovery
250 annotations:
251 service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
252 publishNotReadyAddresses: true
253 ## Elasticsearch tREST API port
254 ##
255 ports:
256 - name: elasticsearch
257 port: 9200
258
259
260 ## Specify the nodePort value for the LoadBalancer and NodePort service types.
261 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
262 ##
263 # nodePort:
264 ## Provide any additional annotations which may be required. This can be used to
265 ## set the LoadBalancer service type to internal only.
266 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
267 ##
268 annotations: {}
269 ## Set the LoadBalancer service type to internal only.
270 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
271 ##
272 # loadBalancerIP:
273 ## Provide functionality to use RBAC
274 ##
Krzysztof Opasiakc6152ce2020-05-09 01:43:08 +0200[diff] [blame]275
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]276#################################################################
Krzysztof Opasiakc6152ce2020-05-09 01:43:08 +0200[diff] [blame]277# Certificate configuration
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]278#################################################################
Krzysztof Opasiakc6152ce2020-05-09 01:43:08 +0200[diff] [blame]279certInitializer:
280 nameOverride: elasticsearch-cert-initializer
281 aafDeployFqi: deployer@people.osaaf.org
282 aafDeployPass: demo123456!
283 # aafDeployCredsExternalSecret: some secret
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]284 fqdn: "elastic"
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]285 app_ns: "org.osaaf.aaf"
Krzysztof Opasiakc6152ce2020-05-09 01:43:08 +0200[diff] [blame]286 fqi_namespace: "org.onap.elastic"
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]287 fqi: "elastic@elastic.onap.org"
288 public_fqdn: "aaf.osaaf.org"
Krzysztof Opasiakc6152ce2020-05-09 01:43:08 +0200[diff] [blame]289 cadi_longitude: "0.0"
290 cadi_latitude: "0.0"
291 credsPath: /opt/app/osaaf/local
292 aaf_add_config: >
293 cd {{ .Values.credsPath }};
294 mkdir -p certs;
295 export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
296 keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
297 openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
298 cp {{ .Values.fqi_namespace }}.key certs/key.pem;
299 chmod -R 755 certs;
300
Alexander Dehnab86ec12020-02-05 14:38:54 +0000[diff] [blame]301#################################################################
302# subcharts configuration defaults.
303#################################################################
304
305
306#data:
307# enabled: false
308
309#curator:
310# enabled: false
311
312## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
313
314master:
315 replicaCount: 3
316 # dedicatednode: "yes"
317 # working as master node only, in this case increase replicaCount for elasticsearch-data
318 # dedicatednode: "no"
319 # handles master and data node functionality
320 dedicatednode: "no"
321data:
322 enabled: false
323curator:
324 enabled: false