kubernetes/common/elasticsearch/values.yaml

   1 # Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
   2 # Modification Copyright (c) 2020 Nokia
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 #################################################################
  17 # Global configuration defaults.
  18 #################################################################
  19 global:
  20   aafEnabled: true
  21   nodePortPrefix: 302
  22   readinessImage: onap/oom/readiness:3.0.1
  23   loggingRepository: docker.elastic.co
  24   loggingImage: beats/filebeat:5.5.0
  25   busyboxRepository: docker.io
  26   busyboxImage: library/busybox:latest
  27   clusterName: cluster.local
  28
  29 persistence:
  30   mountPath: /dockerdata-nfs
  31   backup:
  32     mountPath: /dockerdata-nfs/backup
  33   storageClass:
  34 repositoryOverride: docker.io
  35
  36 #################################################################
  37 # Application configuration defaults.
  38 #################################################################
  39 ## Init containers parameters:
  40 sysctlImage:
  41   enabled: true
  42
  43 # application image
  44 image: bitnami/elasticsearch:7.9.3
  45 ## Specify a imagePullPolicy
  46 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  47 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
  48 ##
  49 pullPolicy: IfNotPresent
  50 ## Optionally specify an array of imagePullSecrets.
  51 ## Secrets must be manually created in the namespace.
  52 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  53 ##
  54 # pullSecrets:
  55 #   - myRegistryKeySecretName
  56 ## Set to true if you would like to see extra information on logs
  57 ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
  58 ##
  59 debug: false
  60
  61 ## String to partially override common.fullname template (will maintain the release name)
  62 ##
  63 # nameOverride:
  64
  65 ## String to fully override common.fullname template
  66 ##
  67 # fullnameOverride:
  68 ## updateStrategy for ElasticSearch coordinating deployment
  69 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  70 ##
  71 updateStrategy:
  72   type: RollingUpdate
  73 heapSize: 128m
  74 ## Provide annotations for the coordinating-only pods.
  75 ##
  76 podAnnotations: {}
  77 ## Pod Security Context for coordinating-only pods.
  78 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  79 ##
  80 securityContext:
  81   enabled: true
  82   fsGroup: 1001
  83   runAsUser: 1001
  84 ## Affinity for pod assignment.
  85 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  86 ##
  87 affinity: {}
  88 ## Node labels for pod assignment. Evaluated as a template.
  89 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  90 ##
  91 nodeSelector: {}
  92 ## Tolerations for pod assignment. Evaluated as a template.
  93 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  94 ##
  95 tolerations: []
  96 ## Elasticsearch coordinating-only container's resource requests and limits
  97 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  98 ##
  99 resources:
 100   ## We usually recommend not to specify default resources and to leave this as a conscious
 101   ## choice for the user. This also increases chances charts run on environments with little
 102   ## resources, such as Minikube.
 103   limits: {}
 104   #   cpu: 100m
 105   #   memory: 128Mi
 106   requests:
 107     cpu: 25m
 108     memory: 256Mi
 109 ## Elasticsearch coordinating-only container's liveness and readiness probes
 110 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 111 ##
 112 livenessProbe:
 113   enabled: false
 114 #  initialDelaySeconds: 90
 115 #  periodSeconds: 10
 116 #  timeoutSeconds: 5
 117 #  successThreshold: 1
 118 #  failureThreshold: 5
 119 readinessProbe:
 120   enabled: false
 121 #  initialDelaySeconds: 90
 122 #  periodSeconds: 10
 123 #  timeoutSeconds: 5
 124 #  successThreshold: 1
 125 #  failureThreshold: 5
 126 ## Service parameters for coordinating-only node(s)
 127 ##
 128 serviceAccount:
 129   ## Specifies whether a ServiceAccount should be created for the coordinating node
 130   ##
 131   create: false
 132   ## The name of the ServiceAccount to use.
 133   ## If not set and create is true, a name is generated using the fullname template
 134   ##
 135   # name:
 136
 137 ## Bitnami Minideb image version
 138 ## ref: https://hub.docker.com/r/bitnami/minideb/tags/
 139 ##
 140 sysctlImage:
 141   enabled: true
 142   imageName: bitnami/minideb
 143   tag: stretch
 144   ## Specify a imagePullPolicy
 145   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
 146   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
 147   ##
 148   pullPolicy: Always
 149   ## Optionally specify an array of imagePullSecrets.
 150   ## Secrets must be manually created in the namespace.
 151   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 152   ##
 153   # pullSecrets:
 154   #   - myRegistryKeySecretName
 155
 156 # nginx image
 157 nginx:
 158   imageName: bitnami/nginx
 159   tag: 1.16-debian-9
 160   pullPolicy: IfNotPresent
 161   service:
 162     name: nginx
 163     ports:
 164     - name: elasticsearch
 165       port: 8080
 166 ## Custom server block to be added to NGINX configuration
 167 ## PHP-FPM example server block:
 168   serverBlock:
 169     https: |-
 170       server {
 171         listen 9200 ssl;
 172         #server_name ;
 173         # auth_basic "server auth";
 174         # auth_basic_user_file /etc/nginx/passwords;
 175         ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
 176         ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
 177         location / {
 178           # deny node shutdown api
 179           if ($request_filename ~ "_shutdown") {
 180             return 403;
 181             break;
 182           }
 183
 184           proxy_pass http://localhost:9000;
 185           proxy_http_version 1.1;
 186           proxy_set_header Connection "Keep-Alive";
 187           proxy_set_header Proxy-Connection "Keep-Alive";
 188           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 189           proxy_set_header X-Forwarded-Proto $scheme;
 190           proxy_set_header X-Real-IP $remote_addr;
 191           proxy_set_header Host $http_host;
 192           proxy_redirect off;
 193         }
 194
 195         location = / {
 196           proxy_pass http://localhost:9000;
 197           proxy_http_version 1.1;
 198           proxy_set_header Connection "Keep-Alive";
 199           proxy_set_header Proxy-Connection "Keep-Alive";
 200           proxy_redirect off;
 201           auth_basic "off";
 202         }
 203       }
 204     http: |-
 205       server {
 206         listen 9200 ;
 207         #server_name ;
 208         location / {
 209           # deny node shutdown api
 210           if ($request_filename ~ "_shutdown") {
 211             return 403;
 212             break;
 213           }
 214
 215           proxy_pass http://localhost:9000;
 216           proxy_http_version 1.1;
 217           proxy_set_header Connection "Keep-Alive";
 218           proxy_set_header Proxy-Connection "Keep-Alive";
 219           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 220           proxy_set_header X-Forwarded-Proto $scheme;
 221           proxy_set_header X-Real-IP $remote_addr;
 222           proxy_set_header Host $http_host;
 223           proxy_redirect off;
 224         }
 225
 226         location = / {
 227           proxy_pass http://localhost:9000;
 228           proxy_http_version 1.1;
 229           proxy_set_header Connection "Keep-Alive";
 230           proxy_set_header Proxy-Connection "Keep-Alive";
 231           proxy_redirect off;
 232           auth_basic "off";
 233         }
 234       }
 235 #################################################################
 236 # coordinating service configuration defaults.
 237 #################################################################
 238
 239 service:
 240   name: ""
 241   suffix: ""
 242   ## coordinating-only service type
 243   ##
 244   type: ClusterIP
 245   headlessPorts:
 246   - name: http-transport
 247     port: 9300
 248   headless:
 249     suffix: discovery
 250     annotations:
 251       service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 252     publishNotReadyAddresses: true
 253   ## Elasticsearch tREST API port
 254   ##
 255   ports:
 256   - name: elasticsearch
 257     port: 9200
 258
 259
 260   ## Specify the nodePort value for the LoadBalancer and NodePort service types.
 261   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
 262   ##
 263   # nodePort:
 264   ## Provide any additional annotations which may be required. This can be used to
 265   ## set the LoadBalancer service type to internal only.
 266   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
 267   ##
 268   annotations: {}
 269   ## Set the LoadBalancer service type to internal only.
 270   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
 271   ##
 272   # loadBalancerIP:
 273   ## Provide functionality to use RBAC
 274   ##
 275
 276 #################################################################
 277 # Certificate configuration
 278 #################################################################
 279 certInitializer:
 280   nameOverride: elasticsearch-cert-initializer
 281   aafDeployFqi: deployer@people.osaaf.org
 282   aafDeployPass: demo123456!
 283   # aafDeployCredsExternalSecret: some secret
 284   fqdn: "elastic"
 285   app_ns: "org.osaaf.aaf"
 286   fqi_namespace: "org.onap.elastic"
 287   fqi: "elastic@elastic.onap.org"
 288   public_fqdn: "aaf.osaaf.org"
 289   cadi_longitude: "0.0"
 290   cadi_latitude: "0.0"
 291   credsPath: /opt/app/osaaf/local
 292   aaf_add_config: >
 293     cd {{ .Values.credsPath }};
 294     mkdir -p certs;
 295     export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
 296     keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
 297     openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
 298     cp {{ .Values.fqi_namespace }}.key certs/key.pem;
 299     chmod -R 755 certs;
 300
 301 #################################################################
 302 # subcharts configuration defaults.
 303 #################################################################
 304
 305
 306 #data:
 307 #  enabled: false
 308
 309 #curator:
 310 #  enabled: false
 311
 312 ## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
 313
 314 master:
 315   replicaCount: 3
 316   # dedicatednode: "yes"
 317   # working as master node only, in this case increase replicaCount for elasticsearch-data
 318   # dedicatednode: "no"
 319   # handles master and data node functionality
 320   dedicatednode: "no"
 321 data:
 322   enabled: false
 323 curator:
 324   enabled: false