--- # Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. # Before you set out to tweak and tune the configuration, make sure you # understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please consult the documentation for further information on configuration options: # https://www.elastic.co/guide/en/elasticsearch/reference/index.html # # ---------------------------------- Cluster ----------------------------------- # # Name of the Elasticsearch cluster. # A node can only join a cluster when it shares its cluster.name with all the other nodes in the cluster. # The default name is elasticsearch, but you should change it to an appropriate name which describes the # purpose of the cluster. # ## Default Elasticsearch configuration from elasticsearch-docker. ## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/ # cluster.name: "clamp-dashboard" node.name: "cldash-es-node1" # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): # In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a # non-loopback address. network.host: 0.0.0.0 # # Set a custom port for HTTP: If required, default is 9200-9300 # #http.port: $http.port # # For more information, consult the network module documentation. # ----------------------------------- Paths ------------------------------------ # # The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma. # In production, we should not keep this default to "/elasticsearch/data", as on upgrading Elasticsearch, directory structure # may change & can deal to data loss. path.data: /usr/share/elasticsearch/data # # Elasticsearch's log files location. In production, we should not keep this default to "/elasticsearch/logs", # as on upgrading Elasticsearch, directory structure may change. path.logs: /usr/share/elasticsearch/logs # # ----------------------------------- Memory ----------------------------------- # # It is vitally important to the health of your node that none of the JVM is ever swapped out to disk. # Lock the memory on startup. # bootstrap.memory_lock: false # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when new node is started # To form a cluster with nodes on other servers, you have to provide a seed list of other nodes in the cluster # that are likely to be live and contactable. # By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try # to connect to other nodes running on the same server. # # minimum_master_nodes need to be explicitly set when bound on a public IP # # set to 1 to allow single node clusters # # Details: https://github.com/elastic/elasticsearch/pull/17288 discovery.zen.minimum_master_nodes: 1 discovery.seed_hosts: [] # # Breaking change in 7.0 # # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes cluster.initial_master_nodes: - cldash-es-node1 # - docker-test-node-1 # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: # #action.destructive_requires_name: true # Set a custom port for HTTP: If required, default is 9200-9300 # This is used for REST APIs http.port: {{.Values.service.externalPort}} # Port to bind for communication between nodes. Accepts a single value or a range. # If a range is specified, the node will bind to the first available port in the range. # Defaults to 9300-9400. # More info: transport.tcp.port: {{.Values.service.externalPort2}} ######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## # WARNING: revise all the lines below before you go into production {{- if .Values.global.aafEnabled }} opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} {{- else }} opendistro_security.ssl.transport.pemcert_filepath: esnode.pem opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem opendistro_security.ssl.http.pemcert_filepath: esnode.pem opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem {{- end }} opendistro_security.ssl.transport.enforce_hostname_verification: false opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} opendistro_security.allow_unsafe_democertificates: true opendistro_security.allow_default_init_securityindex: true opendistro_security.authcz.admin_dn: - CN=kirk,OU=client,O=client,L=test, C=de opendistro_security.audit.type: internal_elasticsearch opendistro_security.enable_snapshot_restore_privilege: true opendistro_security.check_snapshot_restore_write_privileges: true opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] cluster.routing.allocation.disk.threshold_enabled: false node.max_local_storage_nodes: 3 ######## End OpenDistro for Elasticsearch Security Demo Configuration ########