kubernetes/common/elasticsearch/values.yaml

   1 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
   2 #
   3 # Licensed under the Apache License, Version 2.0 (the "License");
   4 # you may not use this file except in compliance with the License.
   5 # You may obtain a copy of the License at
   6 #
   7 #       http://www.apache.org/licenses/LICENSE-2.0
   8 #
   9 # Unless required by applicable law or agreed to in writing, software
  10 # distributed under the License is distributed on an "AS IS" BASIS,
  11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 # See the License for the specific language governing permissions and
  13 # limitations under the License.
  14
  15 #################################################################
  16 # Global configuration defaults.
  17 #################################################################
  18 global:
  19   aafEnabled: true
  20   nodePortPrefix: 302
  21   readinessImage: onap/oom/readiness:3.0.1
  22   loggingRepository: docker.elastic.co
  23   loggingImage: beats/filebeat:5.5.0
  24   busyboxRepository: registry.hub.docker.com
  25   busyboxImage: library/busybox:latest
  26   clusterName: cluster.local
  27
  28 persistence:
  29   mountPath: /dockerdata-nfs
  30   backup:
  31     mountPath: /dockerdata-nfs/backup
  32   storageClass:
  33 repositoryOverride: docker.io
  34
  35 #################################################################
  36 # Application configuration defaults.
  37 #################################################################
  38 ## Init containers parameters:
  39 sysctlImage:
  40   enabled: true
  41
  42 # application image
  43 image:
  44   imageName: bitnami/elasticsearch
  45   tag: 6.8.6-debian-9-r23
  46   ## Specify a imagePullPolicy
  47   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  48   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
  49   ##
  50   pullPolicy: IfNotPresent
  51   ## Optionally specify an array of imagePullSecrets.
  52   ## Secrets must be manually created in the namespace.
  53   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  54   ##
  55   # pullSecrets:
  56   #   - myRegistryKeySecretName
  57   ## Set to true if you would like to see extra information on logs
  58   ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
  59   ##
  60   debug: false
  61
  62 ## String to partially override common.fullname template (will maintain the release name)
  63 ##
  64 # nameOverride:
  65
  66 ## String to fully override common.fullname template
  67 ##
  68 # fullnameOverride:
  69 ## updateStrategy for ElasticSearch coordinating deployment
  70 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  71 ##
  72 updateStrategy:
  73   type: RollingUpdate
  74 heapSize: 128m
  75 ## Provide annotations for the coordinating-only pods.
  76 ##
  77 podAnnotations: {}
  78 ## Pod Security Context for coordinating-only pods.
  79 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  80 ##
  81 securityContext:
  82   enabled: true
  83   fsGroup: 1001
  84   runAsUser: 1001
  85 ## Affinity for pod assignment.
  86 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  87 ##
  88 affinity: {}
  89 ## Node labels for pod assignment. Evaluated as a template.
  90 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  91 ##
  92 nodeSelector: {}
  93 ## Tolerations for pod assignment. Evaluated as a template.
  94 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  95 ##
  96 tolerations: []
  97 ## Elasticsearch coordinating-only container's resource requests and limits
  98 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  99 ##
 100 resources:
 101   ## We usually recommend not to specify default resources and to leave this as a conscious
 102   ## choice for the user. This also increases chances charts run on environments with little
 103   ## resources, such as Minikube.
 104   limits: {}
 105   #   cpu: 100m
 106   #   memory: 128Mi
 107   requests:
 108     cpu: 25m
 109     memory: 256Mi
 110 ## Elasticsearch coordinating-only container's liveness and readiness probes
 111 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 112 ##
 113 livenessProbe:
 114   enabled: false
 115 #  initialDelaySeconds: 90
 116 #  periodSeconds: 10
 117 #  timeoutSeconds: 5
 118 #  successThreshold: 1
 119 #  failureThreshold: 5
 120 readinessProbe:
 121   enabled: false
 122 #  initialDelaySeconds: 90
 123 #  periodSeconds: 10
 124 #  timeoutSeconds: 5
 125 #  successThreshold: 1
 126 #  failureThreshold: 5
 127 ## Service parameters for coordinating-only node(s)
 128 ##
 129 serviceAccount:
 130   ## Specifies whether a ServiceAccount should be created for the coordinating node
 131   ##
 132   create: false
 133   ## The name of the ServiceAccount to use.
 134   ## If not set and create is true, a name is generated using the fullname template
 135   ##
 136   # name:
 137
 138 ## Bitnami Minideb image version
 139 ## ref: https://hub.docker.com/r/bitnami/minideb/tags/
 140 ##
 141 sysctlImage:
 142   enabled: true
 143   imageName: bitnami/minideb
 144   tag: stretch
 145   ## Specify a imagePullPolicy
 146   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
 147   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
 148   ##
 149   pullPolicy: Always
 150   ## Optionally specify an array of imagePullSecrets.
 151   ## Secrets must be manually created in the namespace.
 152   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 153   ##
 154   # pullSecrets:
 155   #   - myRegistryKeySecretName
 156
 157 # nginx image
 158 nginx:
 159   imageName: bitnami/nginx
 160   tag: 1.16-debian-9
 161   pullPolicy: IfNotPresent
 162   service:
 163     name: nginx
 164     ports:
 165     - name: elasticsearch
 166       port: 8080
 167 ## Custom server block to be added to NGINX configuration
 168 ## PHP-FPM example server block:
 169   serverBlock:
 170     https: |-
 171       server {
 172         listen 9200 ssl;
 173         #server_name ;
 174         # auth_basic "server auth";
 175         # auth_basic_user_file /etc/nginx/passwords;
 176         ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
 177         ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
 178         location / {
 179           # deny node shutdown api
 180           if ($request_filename ~ "_shutdown") {
 181             return 403;
 182             break;
 183           }
 184
 185           proxy_pass http://localhost:9000;
 186           proxy_http_version 1.1;
 187           proxy_set_header Connection "Keep-Alive";
 188           proxy_set_header Proxy-Connection "Keep-Alive";
 189           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 190           proxy_set_header X-Forwarded-Proto $scheme;
 191           proxy_set_header X-Real-IP $remote_addr;
 192           proxy_set_header Host $http_host;
 193           proxy_redirect off;
 194         }
 195
 196         location = / {
 197           proxy_pass http://localhost:9000;
 198           proxy_http_version 1.1;
 199           proxy_set_header Connection "Keep-Alive";
 200           proxy_set_header Proxy-Connection "Keep-Alive";
 201           proxy_redirect off;
 202           auth_basic "off";
 203         }
 204       }
 205     http: |-
 206       server {
 207         listen 9200 ;
 208         #server_name ;
 209         location / {
 210           # deny node shutdown api
 211           if ($request_filename ~ "_shutdown") {
 212             return 403;
 213             break;
 214           }
 215
 216           proxy_pass http://localhost:9000;
 217           proxy_http_version 1.1;
 218           proxy_set_header Connection "Keep-Alive";
 219           proxy_set_header Proxy-Connection "Keep-Alive";
 220           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 221           proxy_set_header X-Forwarded-Proto $scheme;
 222           proxy_set_header X-Real-IP $remote_addr;
 223           proxy_set_header Host $http_host;
 224           proxy_redirect off;
 225         }
 226
 227         location = / {
 228           proxy_pass http://localhost:9000;
 229           proxy_http_version 1.1;
 230           proxy_set_header Connection "Keep-Alive";
 231           proxy_set_header Proxy-Connection "Keep-Alive";
 232           proxy_redirect off;
 233           auth_basic "off";
 234         }
 235       }
 236 #################################################################
 237 # coordinating service configuration defaults.
 238 #################################################################
 239
 240 service:
 241   name: ""
 242   suffix: ""
 243   ## coordinating-only service type
 244   ##
 245   type: ClusterIP
 246   headlessPorts:
 247   - name: http-transport
 248     port: 9300
 249   headless:
 250     suffix: discovery
 251     annotations:
 252       service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 253     publishNotReadyAddresses: true
 254   ## Elasticsearch tREST API port
 255   ##
 256   ports:
 257   - name: elasticsearch
 258     port: 9200
 259
 260
 261   ## Specify the nodePort value for the LoadBalancer and NodePort service types.
 262   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
 263   ##
 264   # nodePort:
 265   ## Provide any additional annotations which may be required. This can be used to
 266   ## set the LoadBalancer service type to internal only.
 267   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
 268   ##
 269   annotations: {}
 270   ## Set the LoadBalancer service type to internal only.
 271   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
 272   ##
 273   # loadBalancerIP:
 274   ## Provide functionality to use RBAC
 275   ##
 276
 277 #################################################################
 278 # Certificate configuration
 279 #################################################################
 280 certInitializer:
 281   nameOverride: elasticsearch-cert-initializer
 282   aafDeployFqi: deployer@people.osaaf.org
 283   aafDeployPass: demo123456!
 284   # aafDeployCredsExternalSecret: some secret
 285   fqdn: "elastic"
 286   app_ns: "org.osaaf.aaf"
 287   fqi_namespace: "org.onap.elastic"
 288   fqi: "elastic@elastic.onap.org"
 289   public_fqdn: "aaf.osaaf.org"
 290   cadi_longitude: "0.0"
 291   cadi_latitude: "0.0"
 292   credsPath: /opt/app/osaaf/local
 293   aaf_add_config: >
 294     cd {{ .Values.credsPath }};
 295     mkdir -p certs;
 296     export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
 297     keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
 298     openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
 299     cp {{ .Values.fqi_namespace }}.key certs/key.pem;
 300     chmod -R 755 certs;
 301
 302 #################################################################
 303 # subcharts configuration defaults.
 304 #################################################################
 305
 306
 307 #data:
 308 #  enabled: false
 309
 310 #curator:
 311 #  enabled: false
 312
 313 ## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
 314
 315 master:
 316   replicaCount: 3
 317   # dedicatednode: "yes"
 318   # working as master node only, in this case increase replicaCount for elasticsearch-data
 319   # dedicatednode: "no"
 320   # handles master and data node functionality
 321   dedicatednode: "no"
 322 data:
 323   enabled: false
 324 curator:
 325   enabled: false