kubernetes/common/elasticsearch/values.yaml

   1 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
   2 #
   3 # Licensed under the Apache License, Version 2.0 (the "License");
   4 # you may not use this file except in compliance with the License.
   5 # You may obtain a copy of the License at
   6 #
   7 #       http://www.apache.org/licenses/LICENSE-2.0
   8 #
   9 # Unless required by applicable law or agreed to in writing, software
  10 # distributed under the License is distributed on an "AS IS" BASIS,
  11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 # See the License for the specific language governing permissions and
  13 # limitations under the License.
  14
  15 #################################################################
  16 # Global configuration defaults.
  17 #################################################################
  18 global:
  19   aafEnabled: true
  20   aafAgentImage: onap/aaf/aaf_agent:2.1.15
  21   nodePortPrefix: 302
  22   readinessRepository: oomk8s
  23   readinessImage: readiness-check:2.0.2
  24   loggingRepository: docker.elastic.co
  25   loggingImage: beats/filebeat:5.5.0
  26   busyboxRepository: registry.hub.docker.com
  27   busyboxImage: library/busybox:latest
  28   clusterName: cluster.local
  29
  30 persistence:
  31   mountPath: /dockerdata-nfs
  32   backup:
  33     mountPath: /dockerdata-nfs/backup
  34   storageClass:
  35 repositoryOverride: docker.io
  36
  37 #################################################################
  38 # Application configuration defaults.
  39 #################################################################
  40 ## Init containers parameters:
  41 sysctlImage:
  42   enabled: true
  43
  44 # application image
  45 image:
  46   imageName: bitnami/elasticsearch
  47   tag: 6.8.6-debian-9-r23
  48   ## Specify a imagePullPolicy
  49   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  50   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
  51   ##
  52   pullPolicy: IfNotPresent
  53   ## Optionally specify an array of imagePullSecrets.
  54   ## Secrets must be manually created in the namespace.
  55   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  56   ##
  57   # pullSecrets:
  58   #   - myRegistryKeySecretName
  59   ## Set to true if you would like to see extra information on logs
  60   ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
  61   ##
  62   debug: false
  63
  64 ## String to partially override common.fullname template (will maintain the release name)
  65 ##
  66 # nameOverride:
  67
  68 ## String to fully override common.fullname template
  69 ##
  70 # fullnameOverride:
  71 ## updateStrategy for ElasticSearch coordinating deployment
  72 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  73 ##
  74 updateStrategy:
  75   type: RollingUpdate
  76 heapSize: 128m
  77 ## Provide annotations for the coordinating-only pods.
  78 ##
  79 podAnnotations: {}
  80 ## Pod Security Context for coordinating-only pods.
  81 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  82 ##
  83 securityContext:
  84   enabled: true
  85   fsGroup: 1001
  86   runAsUser: 1001
  87 ## Affinity for pod assignment.
  88 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  89 ##
  90 affinity: {}
  91 ## Node labels for pod assignment. Evaluated as a template.
  92 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  93 ##
  94 nodeSelector: {}
  95 ## Tolerations for pod assignment. Evaluated as a template.
  96 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  97 ##
  98 tolerations: []
  99 ## Elasticsearch coordinating-only container's resource requests and limits
 100 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
 101 ##
 102 resources:
 103   ## We usually recommend not to specify default resources and to leave this as a conscious
 104   ## choice for the user. This also increases chances charts run on environments with little
 105   ## resources, such as Minikube.
 106   limits: {}
 107   #   cpu: 100m
 108   #   memory: 128Mi
 109   requests:
 110     cpu: 25m
 111     memory: 256Mi
 112 ## Elasticsearch coordinating-only container's liveness and readiness probes
 113 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 114 ##
 115 livenessProbe:
 116   enabled: false
 117 #  initialDelaySeconds: 90
 118 #  periodSeconds: 10
 119 #  timeoutSeconds: 5
 120 #  successThreshold: 1
 121 #  failureThreshold: 5
 122 readinessProbe:
 123   enabled: false
 124 #  initialDelaySeconds: 90
 125 #  periodSeconds: 10
 126 #  timeoutSeconds: 5
 127 #  successThreshold: 1
 128 #  failureThreshold: 5
 129 ## Service parameters for coordinating-only node(s)
 130 ##
 131 serviceAccount:
 132   ## Specifies whether a ServiceAccount should be created for the coordinating node
 133   ##
 134   create: false
 135   ## The name of the ServiceAccount to use.
 136   ## If not set and create is true, a name is generated using the fullname template
 137   ##
 138   # name:
 139
 140 ## Bitnami Minideb image version
 141 ## ref: https://hub.docker.com/r/bitnami/minideb/tags/
 142 ##
 143 sysctlImage:
 144   enabled: true
 145   imageName: bitnami/minideb
 146   tag: stretch
 147   ## Specify a imagePullPolicy
 148   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
 149   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
 150   ##
 151   pullPolicy: Always
 152   ## Optionally specify an array of imagePullSecrets.
 153   ## Secrets must be manually created in the namespace.
 154   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 155   ##
 156   # pullSecrets:
 157   #   - myRegistryKeySecretName
 158
 159 # nginx image
 160 nginx:
 161   imageName: bitnami/nginx
 162   tag: 1.16-debian-9
 163   pullPolicy: IfNotPresent
 164   service:
 165     name: nginx
 166     ports:
 167     - name: elasticsearch
 168       port: 8080
 169 ## Custom server block to be added to NGINX configuration
 170 ## PHP-FPM example server block:
 171   serverBlock:
 172     https: |-
 173       server {
 174         listen 9200 ssl;
 175         #server_name ;
 176         # auth_basic "server auth";
 177         # auth_basic_user_file /etc/nginx/passwords;
 178         ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
 179         ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
 180         location / {
 181           # deny node shutdown api
 182           if ($request_filename ~ "_shutdown") {
 183             return 403;
 184             break;
 185           }
 186
 187           proxy_pass http://localhost:9000;
 188           proxy_http_version 1.1;
 189           proxy_set_header Connection "Keep-Alive";
 190           proxy_set_header Proxy-Connection "Keep-Alive";
 191           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 192           proxy_set_header X-Forwarded-Proto $scheme;
 193           proxy_set_header X-Real-IP $remote_addr;
 194           proxy_set_header Host $http_host;
 195           proxy_redirect off;
 196         }
 197
 198         location = / {
 199           proxy_pass http://localhost:9000;
 200           proxy_http_version 1.1;
 201           proxy_set_header Connection "Keep-Alive";
 202           proxy_set_header Proxy-Connection "Keep-Alive";
 203           proxy_redirect off;
 204           auth_basic "off";
 205         }
 206       }
 207     http: |-
 208       server {
 209         listen 9200 ;
 210         #server_name ;
 211         location / {
 212           # deny node shutdown api
 213           if ($request_filename ~ "_shutdown") {
 214             return 403;
 215             break;
 216           }
 217
 218           proxy_pass http://localhost:9000;
 219           proxy_http_version 1.1;
 220           proxy_set_header Connection "Keep-Alive";
 221           proxy_set_header Proxy-Connection "Keep-Alive";
 222           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 223           proxy_set_header X-Forwarded-Proto $scheme;
 224           proxy_set_header X-Real-IP $remote_addr;
 225           proxy_set_header Host $http_host;
 226           proxy_redirect off;
 227         }
 228
 229         location = / {
 230           proxy_pass http://localhost:9000;
 231           proxy_http_version 1.1;
 232           proxy_set_header Connection "Keep-Alive";
 233           proxy_set_header Proxy-Connection "Keep-Alive";
 234           proxy_redirect off;
 235           auth_basic "off";
 236         }
 237       }
 238 #################################################################
 239 # coordinating service configuration defaults.
 240 #################################################################
 241
 242 service:
 243   name: ""
 244   suffix: ""
 245   ## coordinating-only service type
 246   ##
 247   type: ClusterIP
 248   headlessPorts:
 249   - name: http-transport
 250     port: 9300
 251   headless:
 252     suffix: discovery
 253     annotations:
 254       service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 255     publishNotReadyAddresses: true
 256   ## Elasticsearch tREST API port
 257   ##
 258   ports:
 259   - name: elasticsearch
 260     port: 9200
 261
 262
 263   ## Specify the nodePort value for the LoadBalancer and NodePort service types.
 264   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
 265   ##
 266   # nodePort:
 267   ## Provide any additional annotations which may be required. This can be used to
 268   ## set the LoadBalancer service type to internal only.
 269   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
 270   ##
 271   annotations: {}
 272   ## Set the LoadBalancer service type to internal only.
 273   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
 274   ##
 275   # loadBalancerIP:
 276   ## Provide functionality to use RBAC
 277   ##
 278 #################################################################
 279 # Secrets metaconfig
 280 #################################################################
 281 secrets:
 282   - uid: &aaf_secret_uid elasticsearch-aaf-deploy-creds
 283     type: basicAuth
 284     externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
 285     login: '{{ .Values.aafConfig.aafDeployFqi }}'
 286     password: '{{ .Values.aafConfig.aafDeployPass }}'
 287     passwordPolicy: required
 288 #################################################################
 289 # aaf configuration defaults.
 290 #################################################################
 291 aafConfig:
 292   addconfig: true
 293   fqdn: "elastic"
 294   image: onap/aaf/aaf_agent:2.1.15
 295   app_ns: "org.osaaf.aaf"
 296   fqi_namespace: org.onap.elastic
 297   fqi: "elastic@elastic.onap.org"
 298   public_fqdn: "aaf.osaaf.org"
 299   deploy_fqi: "deployer@people.osaaf.org"
 300   aafDeployFqi: "deployer@people.osaaf.org"
 301   aafDeployPass: demo123456!
 302   #aafDeployCredsExternalSecret: some secret
 303   #cadi_latitude: "52.5"
 304   #cadi_longitude: "13.4"
 305   secret_uid: *aaf_secret_uid
 306 #################################################################
 307 # subcharts configuration defaults.
 308 #################################################################
 309
 310
 311 #data:
 312 #  enabled: false
 313
 314 #curator:
 315 #  enabled: false
 316
 317 ## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
 318
 319 master:
 320   replicaCount: 3
 321   # dedicatednode: "yes"
 322   # working as master node only, in this case increase replicaCount for elasticsearch-data
 323   # dedicatednode: "no"
 324   # handles master and data node functionality
 325   dedicatednode: "no"
 326 data:
 327   enabled: false
 328 curator:
 329   enabled: false