kubernetes/common/elasticsearch/values.yaml

   1 # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
   2 #
   3 # Licensed under the Apache License, Version 2.0 (the "License");
   4 # you may not use this file except in compliance with the License.
   5 # You may obtain a copy of the License at
   6 #
   7 #       http://www.apache.org/licenses/LICENSE-2.0
   8 #
   9 # Unless required by applicable law or agreed to in writing, software
  10 # distributed under the License is distributed on an "AS IS" BASIS,
  11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 # See the License for the specific language governing permissions and
  13 # limitations under the License.
  14
  15 #################################################################
  16 # Global configuration defaults.
  17 #################################################################
  18 global:
  19   aafEnabled: true
  20   nodePortPrefix: 302
  21   readinessRepository: oomk8s
  22   readinessImage: readiness-check:2.0.2
  23   loggingRepository: docker.elastic.co
  24   loggingImage: beats/filebeat:5.5.0
  25   busyboxRepository: registry.hub.docker.com
  26   busyboxImage: library/busybox:latest
  27   clusterName: cluster.local
  28
  29 persistence:
  30   mountPath: /dockerdata-nfs
  31   backup:
  32     mountPath: /dockerdata-nfs/backup
  33   storageClass:
  34 repositoryOverride: docker.io
  35
  36 #################################################################
  37 # Application configuration defaults.
  38 #################################################################
  39 ## Init containers parameters:
  40 sysctlImage:
  41   enabled: true
  42
  43 # application image
  44 image:
  45   imageName: bitnami/elasticsearch
  46   tag: 6.8.6-debian-9-r23
  47   ## Specify a imagePullPolicy
  48   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  49   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
  50   ##
  51   pullPolicy: IfNotPresent
  52   ## Optionally specify an array of imagePullSecrets.
  53   ## Secrets must be manually created in the namespace.
  54   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  55   ##
  56   # pullSecrets:
  57   #   - myRegistryKeySecretName
  58   ## Set to true if you would like to see extra information on logs
  59   ## ref:  https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
  60   ##
  61   debug: false
  62
  63 ## String to partially override common.fullname template (will maintain the release name)
  64 ##
  65 # nameOverride:
  66
  67 ## String to fully override common.fullname template
  68 ##
  69 # fullnameOverride:
  70 ## updateStrategy for ElasticSearch coordinating deployment
  71 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  72 ##
  73 updateStrategy:
  74   type: RollingUpdate
  75 heapSize: 128m
  76 ## Provide annotations for the coordinating-only pods.
  77 ##
  78 podAnnotations: {}
  79 ## Pod Security Context for coordinating-only pods.
  80 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  81 ##
  82 securityContext:
  83   enabled: true
  84   fsGroup: 1001
  85   runAsUser: 1001
  86 ## Affinity for pod assignment.
  87 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  88 ##
  89 affinity: {}
  90 ## Node labels for pod assignment. Evaluated as a template.
  91 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  92 ##
  93 nodeSelector: {}
  94 ## Tolerations for pod assignment. Evaluated as a template.
  95 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  96 ##
  97 tolerations: []
  98 ## Elasticsearch coordinating-only container's resource requests and limits
  99 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
 100 ##
 101 resources:
 102   ## We usually recommend not to specify default resources and to leave this as a conscious
 103   ## choice for the user. This also increases chances charts run on environments with little
 104   ## resources, such as Minikube.
 105   limits: {}
 106   #   cpu: 100m
 107   #   memory: 128Mi
 108   requests:
 109     cpu: 25m
 110     memory: 256Mi
 111 ## Elasticsearch coordinating-only container's liveness and readiness probes
 112 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 113 ##
 114 livenessProbe:
 115   enabled: false
 116 #  initialDelaySeconds: 90
 117 #  periodSeconds: 10
 118 #  timeoutSeconds: 5
 119 #  successThreshold: 1
 120 #  failureThreshold: 5
 121 readinessProbe:
 122   enabled: false
 123 #  initialDelaySeconds: 90
 124 #  periodSeconds: 10
 125 #  timeoutSeconds: 5
 126 #  successThreshold: 1
 127 #  failureThreshold: 5
 128 ## Service parameters for coordinating-only node(s)
 129 ##
 130 serviceAccount:
 131   ## Specifies whether a ServiceAccount should be created for the coordinating node
 132   ##
 133   create: false
 134   ## The name of the ServiceAccount to use.
 135   ## If not set and create is true, a name is generated using the fullname template
 136   ##
 137   # name:
 138
 139 ## Bitnami Minideb image version
 140 ## ref: https://hub.docker.com/r/bitnami/minideb/tags/
 141 ##
 142 sysctlImage:
 143   enabled: true
 144   imageName: bitnami/minideb
 145   tag: stretch
 146   ## Specify a imagePullPolicy
 147   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
 148   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
 149   ##
 150   pullPolicy: Always
 151   ## Optionally specify an array of imagePullSecrets.
 152   ## Secrets must be manually created in the namespace.
 153   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 154   ##
 155   # pullSecrets:
 156   #   - myRegistryKeySecretName
 157
 158 # nginx image
 159 nginx:
 160   imageName: bitnami/nginx
 161   tag: 1.16-debian-9
 162   pullPolicy: IfNotPresent
 163   service:
 164     name: nginx
 165     ports:
 166     - name: elasticsearch
 167       port: 8080
 168 ## Custom server block to be added to NGINX configuration
 169 ## PHP-FPM example server block:
 170   serverBlock:
 171     https: |-
 172       server {
 173         listen 9200 ssl;
 174         #server_name ;
 175         # auth_basic "server auth";
 176         # auth_basic_user_file /etc/nginx/passwords;
 177         ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
 178         ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
 179         location / {
 180           # deny node shutdown api
 181           if ($request_filename ~ "_shutdown") {
 182             return 403;
 183             break;
 184           }
 185
 186           proxy_pass http://localhost:9000;
 187           proxy_http_version 1.1;
 188           proxy_set_header Connection "Keep-Alive";
 189           proxy_set_header Proxy-Connection "Keep-Alive";
 190           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 191           proxy_set_header X-Forwarded-Proto $scheme;
 192           proxy_set_header X-Real-IP $remote_addr;
 193           proxy_set_header Host $http_host;
 194           proxy_redirect off;
 195         }
 196
 197         location = / {
 198           proxy_pass http://localhost:9000;
 199           proxy_http_version 1.1;
 200           proxy_set_header Connection "Keep-Alive";
 201           proxy_set_header Proxy-Connection "Keep-Alive";
 202           proxy_redirect off;
 203           auth_basic "off";
 204         }
 205       }
 206     http: |-
 207       server {
 208         listen 9200 ;
 209         #server_name ;
 210         location / {
 211           # deny node shutdown api
 212           if ($request_filename ~ "_shutdown") {
 213             return 403;
 214             break;
 215           }
 216
 217           proxy_pass http://localhost:9000;
 218           proxy_http_version 1.1;
 219           proxy_set_header Connection "Keep-Alive";
 220           proxy_set_header Proxy-Connection "Keep-Alive";
 221           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 222           proxy_set_header X-Forwarded-Proto $scheme;
 223           proxy_set_header X-Real-IP $remote_addr;
 224           proxy_set_header Host $http_host;
 225           proxy_redirect off;
 226         }
 227
 228         location = / {
 229           proxy_pass http://localhost:9000;
 230           proxy_http_version 1.1;
 231           proxy_set_header Connection "Keep-Alive";
 232           proxy_set_header Proxy-Connection "Keep-Alive";
 233           proxy_redirect off;
 234           auth_basic "off";
 235         }
 236       }
 237 #################################################################
 238 # coordinating service configuration defaults.
 239 #################################################################
 240
 241 service:
 242   name: ""
 243   suffix: ""
 244   ## coordinating-only service type
 245   ##
 246   type: ClusterIP
 247   headlessPorts:
 248   - name: http-transport
 249     port: 9300
 250   headless:
 251     suffix: discovery
 252     annotations:
 253       service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 254     publishNotReadyAddresses: true
 255   ## Elasticsearch tREST API port
 256   ##
 257   ports:
 258   - name: elasticsearch
 259     port: 9200
 260
 261
 262   ## Specify the nodePort value for the LoadBalancer and NodePort service types.
 263   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
 264   ##
 265   # nodePort:
 266   ## Provide any additional annotations which may be required. This can be used to
 267   ## set the LoadBalancer service type to internal only.
 268   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
 269   ##
 270   annotations: {}
 271   ## Set the LoadBalancer service type to internal only.
 272   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
 273   ##
 274   # loadBalancerIP:
 275   ## Provide functionality to use RBAC
 276   ##
 277
 278 #################################################################
 279 # Certificate configuration
 280 #################################################################
 281 certInitializer:
 282   nameOverride: elasticsearch-cert-initializer
 283   aafDeployFqi: deployer@people.osaaf.org
 284   aafDeployPass: demo123456!
 285   # aafDeployCredsExternalSecret: some secret
 286   fqdn: "elastic"
 287   app_ns: "org.osaaf.aaf"
 288   fqi_namespace: "org.onap.elastic"
 289   fqi: "elastic@elastic.onap.org"
 290   public_fqdn: "aaf.osaaf.org"
 291   cadi_longitude: "0.0"
 292   cadi_latitude: "0.0"
 293   credsPath: /opt/app/osaaf/local
 294   aaf_add_config: >
 295     cd {{ .Values.credsPath }};
 296     mkdir -p certs;
 297     export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
 298     keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
 299     openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
 300     cp {{ .Values.fqi_namespace }}.key certs/key.pem;
 301     chmod -R 755 certs;
 302
 303 #################################################################
 304 # subcharts configuration defaults.
 305 #################################################################
 306
 307
 308 #data:
 309 #  enabled: false
 310
 311 #curator:
 312 #  enabled: false
 313
 314 ## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
 315
 316 master:
 317   replicaCount: 3
 318   # dedicatednode: "yes"
 319   # working as master node only, in this case increase replicaCount for elasticsearch-data
 320   # dedicatednode: "no"
 321   # handles master and data node functionality
 322   dedicatednode: "no"
 323 data:
 324   enabled: false
 325 curator:
 326   enabled: false