1 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
15 #################################################################
16 # Global configuration defaults.
17 #################################################################
21 readinessRepository: oomk8s
22 readinessImage: readiness-check:2.0.2
23 loggingRepository: docker.elastic.co
24 loggingImage: beats/filebeat:5.5.0
25 busyboxRepository: registry.hub.docker.com
26 busyboxImage: library/busybox:latest
27 clusterName: cluster.local
30 mountPath: /dockerdata-nfs
32 mountPath: /dockerdata-nfs/backup
34 repositoryOverride: docker.io
36 #################################################################
37 # Application configuration defaults.
38 #################################################################
39 ## Init containers parameters:
45 imageName: bitnami/elasticsearch
46 tag: 6.8.6-debian-9-r23
47 ## Specify a imagePullPolicy
48 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
49 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
51 pullPolicy: IfNotPresent
52 ## Optionally specify an array of imagePullSecrets.
53 ## Secrets must be manually created in the namespace.
54 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
57 # - myRegistryKeySecretName
58 ## Set to true if you would like to see extra information on logs
59 ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
63 ## String to partially override common.fullname template (will maintain the release name)
67 ## String to fully override common.fullname template
70 ## updateStrategy for ElasticSearch coordinating deployment
71 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
76 ## Provide annotations for the coordinating-only pods.
79 ## Pod Security Context for coordinating-only pods.
80 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
86 ## Affinity for pod assignment.
87 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
90 ## Node labels for pod assignment. Evaluated as a template.
91 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
94 ## Tolerations for pod assignment. Evaluated as a template.
95 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
98 ## Elasticsearch coordinating-only container's resource requests and limits
99 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
102 ## We usually recommend not to specify default resources and to leave this as a conscious
103 ## choice for the user. This also increases chances charts run on environments with little
104 ## resources, such as Minikube.
111 ## Elasticsearch coordinating-only container's liveness and readiness probes
112 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
116 # initialDelaySeconds: 90
119 # successThreshold: 1
120 # failureThreshold: 5
123 # initialDelaySeconds: 90
126 # successThreshold: 1
127 # failureThreshold: 5
128 ## Service parameters for coordinating-only node(s)
131 ## Specifies whether a ServiceAccount should be created for the coordinating node
134 ## The name of the ServiceAccount to use.
135 ## If not set and create is true, a name is generated using the fullname template
139 ## Bitnami Minideb image version
140 ## ref: https://hub.docker.com/r/bitnami/minideb/tags/
144 imageName: bitnami/minideb
146 ## Specify a imagePullPolicy
147 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
148 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
151 ## Optionally specify an array of imagePullSecrets.
152 ## Secrets must be manually created in the namespace.
153 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
156 # - myRegistryKeySecretName
160 imageName: bitnami/nginx
162 pullPolicy: IfNotPresent
166 - name: elasticsearch
168 ## Custom server block to be added to NGINX configuration
169 ## PHP-FPM example server block:
175 # auth_basic "server auth";
176 # auth_basic_user_file /etc/nginx/passwords;
177 ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
178 ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
180 # deny node shutdown api
181 if ($request_filename ~ "_shutdown") {
186 proxy_pass http://localhost:9000;
187 proxy_http_version 1.1;
188 proxy_set_header Connection "Keep-Alive";
189 proxy_set_header Proxy-Connection "Keep-Alive";
190 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
191 proxy_set_header X-Forwarded-Proto $scheme;
192 proxy_set_header X-Real-IP $remote_addr;
193 proxy_set_header Host $http_host;
198 proxy_pass http://localhost:9000;
199 proxy_http_version 1.1;
200 proxy_set_header Connection "Keep-Alive";
201 proxy_set_header Proxy-Connection "Keep-Alive";
211 # deny node shutdown api
212 if ($request_filename ~ "_shutdown") {
217 proxy_pass http://localhost:9000;
218 proxy_http_version 1.1;
219 proxy_set_header Connection "Keep-Alive";
220 proxy_set_header Proxy-Connection "Keep-Alive";
221 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
222 proxy_set_header X-Forwarded-Proto $scheme;
223 proxy_set_header X-Real-IP $remote_addr;
224 proxy_set_header Host $http_host;
229 proxy_pass http://localhost:9000;
230 proxy_http_version 1.1;
231 proxy_set_header Connection "Keep-Alive";
232 proxy_set_header Proxy-Connection "Keep-Alive";
237 #################################################################
238 # coordinating service configuration defaults.
239 #################################################################
244 ## coordinating-only service type
248 - name: http-transport
253 service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
254 publishNotReadyAddresses: true
255 ## Elasticsearch tREST API port
258 - name: elasticsearch
262 ## Specify the nodePort value for the LoadBalancer and NodePort service types.
263 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
266 ## Provide any additional annotations which may be required. This can be used to
267 ## set the LoadBalancer service type to internal only.
268 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
271 ## Set the LoadBalancer service type to internal only.
272 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
275 ## Provide functionality to use RBAC
278 #################################################################
279 # Certificate configuration
280 #################################################################
282 nameOverride: elasticsearch-cert-initializer
283 aafDeployFqi: deployer@people.osaaf.org
284 aafDeployPass: demo123456!
285 # aafDeployCredsExternalSecret: some secret
287 app_ns: "org.osaaf.aaf"
288 fqi_namespace: "org.onap.elastic"
289 fqi: "elastic@elastic.onap.org"
290 public_fqdn: "aaf.osaaf.org"
291 cadi_longitude: "0.0"
293 credsPath: /opt/app/osaaf/local
295 cd {{ .Values.credsPath }};
297 export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
298 keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
299 openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
300 cp {{ .Values.fqi_namespace }}.key certs/key.pem;
303 #################################################################
304 # subcharts configuration defaults.
305 #################################################################
314 ## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
318 # dedicatednode: "yes"
319 # working as master node only, in this case increase replicaCount for elasticsearch-data
320 # dedicatednode: "no"
321 # handles master and data node functionality