kubernetes/common/elasticsearch/values.yaml

   1 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
   2 #
   3 # Licensed under the Apache License, Version 2.0 (the "License");
   4 # you may not use this file except in compliance with the License.
   5 # You may obtain a copy of the License at
   6 #
   7 #       http://www.apache.org/licenses/LICENSE-2.0
   8 #
   9 # Unless required by applicable law or agreed to in writing, software
  10 # distributed under the License is distributed on an "AS IS" BASIS,
  11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 # See the License for the specific language governing permissions and
  13 # limitations under the License.
  14
  15 #################################################################
  16 # Global configuration defaults.
  17 #################################################################
  18 global:
  19   aafEnabled: true
  20   nodePortPrefix: 302
  21   readinessImage: onap/oom/readiness:3.0.1
  22   loggingRepository: docker.elastic.co
  23   loggingImage: beats/filebeat:5.5.0
  24   busyboxRepository: docker.io
  25   busyboxImage: library/busybox:latest
  26   clusterName: cluster.local
  27
  28 persistence:
  29   mountPath: /dockerdata-nfs
  30   backup:
  31     mountPath: /dockerdata-nfs/backup
  32   storageClass:
  33 repositoryOverride: docker.io
  34
  35 #################################################################
  36 # Application configuration defaults.
  37 #################################################################
  38 ## Init containers parameters:
  39 sysctlImage:
  40   enabled: true
  41
  42 # application image
  43 image: bitnami/elasticsearch:7.6.1
  44 ## Specify a imagePullPolicy
  45 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  46 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
  47 ##
  48 pullPolicy: IfNotPresent
  49 ## Optionally specify an array of imagePullSecrets.
  50 ## Secrets must be manually created in the namespace.
  51 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  52 ##
  53 # pullSecrets:
  54 #   - myRegistryKeySecretName
  55 ## Set to true if you would like to see extra information on logs
  56 ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
  57 ##
  58 debug: false
  59
  60 ## String to partially override common.fullname template (will maintain the release name)
  61 ##
  62 # nameOverride:
  63
  64 ## String to fully override common.fullname template
  65 ##
  66 # fullnameOverride:
  67 ## updateStrategy for ElasticSearch coordinating deployment
  68 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  69 ##
  70 updateStrategy:
  71   type: RollingUpdate
  72 heapSize: 128m
  73 ## Provide annotations for the coordinating-only pods.
  74 ##
  75 podAnnotations: {}
  76 ## Pod Security Context for coordinating-only pods.
  77 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  78 ##
  79 securityContext:
  80   enabled: true
  81   fsGroup: 1001
  82   runAsUser: 1001
  83 ## Affinity for pod assignment.
  84 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  85 ##
  86 affinity: {}
  87 ## Node labels for pod assignment. Evaluated as a template.
  88 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  89 ##
  90 nodeSelector: {}
  91 ## Tolerations for pod assignment. Evaluated as a template.
  92 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  93 ##
  94 tolerations: []
  95 ## Elasticsearch coordinating-only container's resource requests and limits
  96 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  97 ##
  98 resources:
  99   ## We usually recommend not to specify default resources and to leave this as a conscious
 100   ## choice for the user. This also increases chances charts run on environments with little
 101   ## resources, such as Minikube.
 102   limits: {}
 103   #   cpu: 100m
 104   #   memory: 128Mi
 105   requests:
 106     cpu: 25m
 107     memory: 256Mi
 108 ## Elasticsearch coordinating-only container's liveness and readiness probes
 109 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 110 ##
 111 livenessProbe:
 112   enabled: false
 113 #  initialDelaySeconds: 90
 114 #  periodSeconds: 10
 115 #  timeoutSeconds: 5
 116 #  successThreshold: 1
 117 #  failureThreshold: 5
 118 readinessProbe:
 119   enabled: false
 120 #  initialDelaySeconds: 90
 121 #  periodSeconds: 10
 122 #  timeoutSeconds: 5
 123 #  successThreshold: 1
 124 #  failureThreshold: 5
 125 ## Service parameters for coordinating-only node(s)
 126 ##
 127 serviceAccount:
 128   ## Specifies whether a ServiceAccount should be created for the coordinating node
 129   ##
 130   create: false
 131   ## The name of the ServiceAccount to use.
 132   ## If not set and create is true, a name is generated using the fullname template
 133   ##
 134   # name:
 135
 136 ## Bitnami Minideb image version
 137 ## ref: https://hub.docker.com/r/bitnami/minideb/tags/
 138 ##
 139 sysctlImage:
 140   enabled: true
 141   imageName: bitnami/minideb
 142   tag: stretch
 143   ## Specify a imagePullPolicy
 144   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
 145   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
 146   ##
 147   pullPolicy: Always
 148   ## Optionally specify an array of imagePullSecrets.
 149   ## Secrets must be manually created in the namespace.
 150   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 151   ##
 152   # pullSecrets:
 153   #   - myRegistryKeySecretName
 154
 155 # nginx image
 156 nginx:
 157   imageName: bitnami/nginx
 158   tag: 1.16-debian-9
 159   pullPolicy: IfNotPresent
 160   service:
 161     name: nginx
 162     ports:
 163     - name: elasticsearch
 164       port: 8080
 165 ## Custom server block to be added to NGINX configuration
 166 ## PHP-FPM example server block:
 167   serverBlock:
 168     https: |-
 169       server {
 170         listen 9200 ssl;
 171         #server_name ;
 172         # auth_basic "server auth";
 173         # auth_basic_user_file /etc/nginx/passwords;
 174         ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
 175         ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
 176         location / {
 177           # deny node shutdown api
 178           if ($request_filename ~ "_shutdown") {
 179             return 403;
 180             break;
 181           }
 182
 183           proxy_pass http://localhost:9000;
 184           proxy_http_version 1.1;
 185           proxy_set_header Connection "Keep-Alive";
 186           proxy_set_header Proxy-Connection "Keep-Alive";
 187           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 188           proxy_set_header X-Forwarded-Proto $scheme;
 189           proxy_set_header X-Real-IP $remote_addr;
 190           proxy_set_header Host $http_host;
 191           proxy_redirect off;
 192         }
 193
 194         location = / {
 195           proxy_pass http://localhost:9000;
 196           proxy_http_version 1.1;
 197           proxy_set_header Connection "Keep-Alive";
 198           proxy_set_header Proxy-Connection "Keep-Alive";
 199           proxy_redirect off;
 200           auth_basic "off";
 201         }
 202       }
 203     http: |-
 204       server {
 205         listen 9200 ;
 206         #server_name ;
 207         location / {
 208           # deny node shutdown api
 209           if ($request_filename ~ "_shutdown") {
 210             return 403;
 211             break;
 212           }
 213
 214           proxy_pass http://localhost:9000;
 215           proxy_http_version 1.1;
 216           proxy_set_header Connection "Keep-Alive";
 217           proxy_set_header Proxy-Connection "Keep-Alive";
 218           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 219           proxy_set_header X-Forwarded-Proto $scheme;
 220           proxy_set_header X-Real-IP $remote_addr;
 221           proxy_set_header Host $http_host;
 222           proxy_redirect off;
 223         }
 224
 225         location = / {
 226           proxy_pass http://localhost:9000;
 227           proxy_http_version 1.1;
 228           proxy_set_header Connection "Keep-Alive";
 229           proxy_set_header Proxy-Connection "Keep-Alive";
 230           proxy_redirect off;
 231           auth_basic "off";
 232         }
 233       }
 234 #################################################################
 235 # coordinating service configuration defaults.
 236 #################################################################
 237
 238 service:
 239   name: ""
 240   suffix: ""
 241   ## coordinating-only service type
 242   ##
 243   type: ClusterIP
 244   headlessPorts:
 245   - name: http-transport
 246     port: 9300
 247   headless:
 248     suffix: discovery
 249     annotations:
 250       service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 251     publishNotReadyAddresses: true
 252   ## Elasticsearch tREST API port
 253   ##
 254   ports:
 255   - name: elasticsearch
 256     port: 9200
 257
 258
 259   ## Specify the nodePort value for the LoadBalancer and NodePort service types.
 260   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
 261   ##
 262   # nodePort:
 263   ## Provide any additional annotations which may be required. This can be used to
 264   ## set the LoadBalancer service type to internal only.
 265   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
 266   ##
 267   annotations: {}
 268   ## Set the LoadBalancer service type to internal only.
 269   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
 270   ##
 271   # loadBalancerIP:
 272   ## Provide functionality to use RBAC
 273   ##
 274
 275 #################################################################
 276 # Certificate configuration
 277 #################################################################
 278 certInitializer:
 279   nameOverride: elasticsearch-cert-initializer
 280   aafDeployFqi: deployer@people.osaaf.org
 281   aafDeployPass: demo123456!
 282   # aafDeployCredsExternalSecret: some secret
 283   fqdn: "elastic"
 284   app_ns: "org.osaaf.aaf"
 285   fqi_namespace: "org.onap.elastic"
 286   fqi: "elastic@elastic.onap.org"
 287   public_fqdn: "aaf.osaaf.org"
 288   cadi_longitude: "0.0"
 289   cadi_latitude: "0.0"
 290   credsPath: /opt/app/osaaf/local
 291   aaf_add_config: >
 292     cd {{ .Values.credsPath }};
 293     mkdir -p certs;
 294     export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
 295     keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
 296     openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
 297     cp {{ .Values.fqi_namespace }}.key certs/key.pem;
 298     chmod -R 755 certs;
 299
 300 #################################################################
 301 # subcharts configuration defaults.
 302 #################################################################
 303
 304
 305 #data:
 306 #  enabled: false
 307
 308 #curator:
 309 #  enabled: false
 310
 311 ## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
 312
 313 master:
 314   replicaCount: 3
 315   # dedicatednode: "yes"
 316   # working as master node only, in this case increase replicaCount for elasticsearch-data
 317   # dedicatednode: "no"
 318   # handles master and data node functionality
 319   dedicatednode: "no"
 320 data:
 321   enabled: false
 322 curator:
 323   enabled: false