elasticsearch
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
15
## @param global.imageRegistry Global Docker image registry
16
## @param global.imagePullSecrets Global Docker registry secret names as an array
17
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
18
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
19
## @param global.elasticsearch.service.name Elasticsearch service name to be referenced by the Kibana subchart (ignored if kibanaEnabled=false or global.elasticsearch.service.fullname is set)
20
## @param global.elasticsearch.service.fullname Full Elasticsearch service name to be referenced by the Kibana subchart (ignored if kibanaEnabled=false)
21
## @param global.elasticsearch.service.ports.restAPI Elasticsearch service restAPI port to be used in the Kibana subchart (ignored if kibanaEnabled=false)
22
## @param global.kibanaEnabled Whether or not to enable Kibana
23
##
24
global:
25
imageRegistry: ""
26
## E.g.
27
## imagePullSecrets:
28
## - myRegistryKeySecretName
29
##
30
imagePullSecrets: []
31
defaultStorageClass: ""
32
storageClass: ""
33
## Security parameters
34
##
35
security:
36
## @param global.security.allowInsecureImages Allows skipping image verification
37
allowInsecureImages: false
38
elasticsearch:
39
service:
40
name: elasticsearch
41
fullname: ""
42
ports:
43
restAPI: 9200
44
kibanaEnabled: false
45
## Compatibility adaptations for Kubernetes platforms
46
##
47
compatibility:
48
## Compatibility adaptations for Openshift
49
##
50
openshift:
51
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
52
##
53
adaptSecurityContext: auto
54
org: ""
55
## @section Common parameters
56
57
## @param kubeVersion Override Kubernetes version
58
##
59
kubeVersion: ""
60
## @param nameOverride String to partially override common.names.fullname
61
##
62
nameOverride: ""
63
## @param fullnameOverride String to fully override common.names.fullname
64
##
65
fullnameOverride: ""
66
## @param commonLabels Labels to add to all deployed objects
67
##
68
commonLabels: {}
69
## @param commonAnnotations Annotations to add to all deployed objects
70
##
71
commonAnnotations: {}
72
## @param clusterDomain Kubernetes cluster domain name
73
##
74
clusterDomain: cluster.local
75
## @param extraDeploy Array of extra objects to deploy with the release
76
##
77
extraDeploy: []
78
## @param namespaceOverride String to fully override common.names.namespace
79
##
80
namespaceOverride: ""
81
## @param usePasswordFiles Mount credentials as files instead of using environment variables
82
##
83
usePasswordFiles: true
84
## Enable diagnostic mode in the deployment
85
##
86
diagnosticMode:
87
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
88
##
89
enabled: false
90
## @param diagnosticMode.command Command to override all containers in the deployment
91
##
92
command:
93
- sleep
94
## @param diagnosticMode.args Args to override all containers in the deployment
95
##
96
args:
97
- infinity
98
## @section Elasticsearch cluster Parameters
99
100
## @param clusterName Elasticsearch cluster name
101
##
102
clusterName: elastic
103
## @param containerPorts.restAPI Elasticsearch REST API port
104
## @param containerPorts.transport Elasticsearch Transport port
105
##
106
containerPorts:
107
restAPI: 9200
108
transport: 9300
109
## @param plugins Comma, semi-colon or space separated list of plugins to install at initialization
110
## ref: https://github.com/iamguarded/containers/tree/main/iamguarded/elasticsearch#environment-variables
111
##
112
plugins: ""
113
## @param snapshotRepoPath File System snapshot repository path
114
## ref: https://github.com/iamguarded/containers/tree/main/iamguarded/elasticsearch#environment-variables
115
##
116
snapshotRepoPath: ""
117
## @param config Override elasticsearch configuration
118
##
119
config: {}
120
## @param extraConfig Append extra configuration to the elasticsearch node configuration
121
## Use this instead of `config` to add more configuration
122
## See below example:
123
## extraConfig:
124
## node:
125
## store:
126
## allow_mmap: false
127
## ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html
128
##
129
extraConfig: {}
130
## @param extraHosts A list of external hosts which are part of this cluster
131
## Example Use Case: When you have a cluster with nodes spaned acorss multiple K8s or namespaces
132
## extraHosts:
133
## - datacenter2-elasticsearch-master-hl.namespace2.svc
134
## - datacenter2-elasticsearch-data-hl.namespace2.svc
135
extraHosts: []
136
## @param extraVolumes A list of volumes to be added to the pod
137
## Example Use Case: mount ssl certificates when elasticsearch has tls enabled
138
## extraVolumes:
139
## - name: es-certs
140
## secret:
141
## defaultMode: 420
142
## secretName: es-certs
143
extraVolumes: []
144
## @param extraVolumeMounts A list of volume mounts to be added to the pod
145
## extraVolumeMounts:
146
## - name: es-certs
147
## mountPath: /certs
148
## readOnly: true
149
extraVolumeMounts: []
150
## @param initScripts Dictionary of init scripts. Evaluated as a template.
151
## Specify dictionary of scripts to be run at first boot
152
## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
153
## For example:
154
## initScripts:
155
## my_init_script.sh: |
156
## #!/bin/sh
157
## echo "Do something."
158
##
159
initScripts: {}
160
## @param initScriptsCM ConfigMap with the init scripts. Evaluated as a template.
161
## Note: This will override initScripts
162
##
163
initScriptsCM: ""
164
## @param initScriptsSecret Secret containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time that contain sensitive data. Evaluated as a template.
165
##
166
initScriptsSecret: ""
167
## @param extraEnvVars Array containing extra env vars to be added to all pods (evaluated as a template)
168
## For example:
169
## extraEnvVars:
170
## - name: MY_ENV_VAR
171
## value: env_var_value
172
##
173
extraEnvVars: []
174
## @param extraEnvVarsCM ConfigMap containing extra env vars to be added to all pods (evaluated as a template)
175
##
176
extraEnvVarsCM: ""
177
## @param extraEnvVarsSecret Secret containing extra env vars to be added to all pods (evaluated as a template)
178
##
179
extraEnvVarsSecret: ""
180
## @param sidecars Add additional sidecar containers to the all elasticsearch node pod(s)
181
## e.g:
182
## sidecars:
183
## - name: your-image-name
184
## image: your-image
185
## imagePullPolicy: Always
186
## ports:
187
## - name: portname
188
## containerPort: 1234
189
##
190
sidecars: []
191
## @param initContainers Add additional init containers to the all elasticsearch node pod(s)
192
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
193
## e.g:
194
## initContainers:
195
## - name: your-image-name
196
## image: your-image
197
## imagePullPolicy: Always
198
## command: ['sh', '-c', 'echo "hello world"']
199
##
200
initContainers: []
201
## @param enableDefaultInitContainers enables (or disables if false) the default init containers (sysctl, volume permissions, copy plugins etc...)
202
##
203
enableDefaultInitContainers: true
204
## @param useIstioLabels Use this variable to add Istio labels to all pods
205
##
206
useIstioLabels: true
207
## Iamguarded Elasticsearch image
208
## @param image.registry [default: REGISTRY_NAME] Elasticsearch image registry
209
## @param image.repository [default: REPOSITORY_NAME/elasticsearch] Elasticsearch image repository
210
## @skip image.tag Elasticsearch image tag (immutable tags are recommended)
211
## @param image.digest Elasticsearch image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
212
## @param image.pullPolicy Elasticsearch image pull policy
213
## @param image.pullSecrets Elasticsearch image pull secrets
214
## @param image.debug Enable Elasticsearch image debug mode
215
##
216
image:
217
registry: cgr.dev
218
repository: chainguard-private/elasticsearch-iamguarded
219
tag: 9.3.1
220
digest: ""
221
## Specify a imagePullPolicy
222
## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
223
##
224
pullPolicy: IfNotPresent
225
## Optionally specify an array of imagePullSecrets.
226
## Secrets must be manually created in the namespace.
227
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
228
## e.g:
229
## pullSecrets:
230
## - myRegistryKeySecretName
231
##
232
pullSecrets: []
233
## Enable debug mode
234
##
235
debug: false
236
## X-Pack security parameters
237
## Note: TLS configuration is required in order to configure password authentication
238
##
239
security:
240
## @param security.enabled Enable X-Pack Security settings
241
##
242
enabled: false
243
## @param security.elasticPassword Password for 'elastic' user
244
## Ref: https://github.com/iamguarded/containers/tree/main/iamguarded/elasticsearch#security
245
##
246
elasticPassword: ""
247
## @param security.existingSecret Name of the existing secret containing the Elasticsearch password (expected key: `elasticsearch-password`)
248
##
249
existingSecret: ""
250
## FIPS mode
251
## @param security.fipsMode Configure elasticsearch with FIPS 140 compliant mode
252
## Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/fips-140-compliance.html
253
##
254
fipsMode: false
255
## TLS configuration
256
##
257
tls:
258
## @param security.tls.restEncryption Enable SSL/TLS encryption for Elasticsearch REST API.
259
##
260
restEncryption: true
261
## @param security.tls.autoGenerated Create self-signed TLS certificates.
262
## NOTE: If autoGenerated certs are enabled and a new node type is enabled using helm upgrade, make sure you remove previously existing Elasticsearch TLS secrets.
263
## Otherwise, the new node certs won't match the existing certs.
264
##
265
autoGenerated: false
266
## @param security.tls.verificationMode Verification mode for SSL communications.
267
## Supported values: full, certificate, none.
268
## Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html
269
##
270
verificationMode: "full"
271
## @param security.tls.master.existingSecret Existing secret containing the certificates for the master nodes
272
## @param security.tls.data.existingSecret Existing secret containing the certificates for the data nodes
273
## @param security.tls.ingest.existingSecret Existing secret containing the certificates for the ingest nodes
274
## @param security.tls.coordinating.existingSecret Existing secret containing the certificates for the coordinating nodes
275
##
276
master:
277
existingSecret: ""
278
data:
279
existingSecret: ""
280
ingest:
281
existingSecret: ""
282
coordinating:
283
existingSecret: ""
284
## @param security.tls.keystoreFilename Name of the keystore file
285
##
286
keystoreFilename: elasticsearch.keystore.jks
287
## @param security.tls.truststoreFilename Name of the truststore
288
##
289
truststoreFilename: elasticsearch.truststore.jks
290
## @param security.tls.usePemCerts Use this variable if your secrets contain PEM certificates instead of JKS/PKCS12
291
## Ignored when using autoGenerated certs.
292
##
293
usePemCerts: false
294
## @param security.tls.passwordsSecret Existing secret containing the Keystore and Truststore passwords, or key password if PEM certs are used
295
##
296
passwordsSecret: ""
297
## @param security.tls.keystorePassword Password to access the JKS/PKCS12 keystore or PEM key when they are password-protected.
298
## Ignored if security.tls.passwordsSecret is provided.
299
##
300
keystorePassword: ""
301
## @param security.tls.truststorePassword Password to access the JKS/PKCS12 truststore when they are password-protected.
302
## Ignored if security.tls.passwordsSecret is provided.
303
##
304
truststorePassword: ""
305
## @param security.tls.keyPassword Password to access the PEM key when they are password-protected.
306
## Ignored if security.tls.passwordsSecret is provided.
307
##
308
keyPassword: ""
309
## @param security.tls.secretKeystoreKey Name of the secret key containing the Keystore password
310
##
311
secretKeystoreKey: ""
312
## @param security.tls.secretTruststoreKey Name of the secret key containing the Truststore password
313
##
314
secretTruststoreKey: ""
315
## @param security.tls.secretKey Name of the secret key containing the PEM key password
316
##
317
secretKey: ""
318
## @section Traffic Exposure Parameters
319
##
320
321
## Elasticsearch service parameters
322
##
323
service:
324
## @param service.type Elasticsearch service type
325
##
326
type: ClusterIP
327
## @param service.ports.restAPI Elasticsearch service REST API port
328
## @param service.ports.transport Elasticsearch service transport port
329
##
330
ports:
331
restAPI: 9200
332
transport: 9300
333
## Node ports to expose
334
## @param service.nodePorts.restAPI Node port for REST API
335
## @param service.nodePorts.transport Node port for REST API
336
## NOTE: choose port between <30000-32767>
337
##
338
nodePorts:
339
restAPI: ""
340
transport: ""
341
## @param service.clusterIP Elasticsearch service Cluster IP
342
## e.g.:
343
## clusterIP: None
344
##
345
clusterIP: ""
346
## @param service.loadBalancerIP Elasticsearch service Load Balancer IP
347
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
348
##
349
loadBalancerIP: ""
350
## @param service.loadBalancerSourceRanges Elasticsearch service Load Balancer sources
351
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
352
## e.g:
353
## loadBalancerSourceRanges:
354
## - 10.10.10.0/24
355
##
356
loadBalancerSourceRanges: []
357
## @param service.externalTrafficPolicy Elasticsearch service external traffic policy
358
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
359
##
360
externalTrafficPolicy: Cluster
361
## @param service.annotations Additional custom annotations for Elasticsearch service
362
##
363
annotations: {}
364
## @param service.extraPorts Extra ports to expose in Elasticsearch service (normally used with the `sidecars` value)
365
##
366
extraPorts: []
367
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
368
## If "ClientIP", consecutive client requests will be directed to the same Pod
369
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
370
##
371
sessionAffinity: None
372
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
373
## sessionAffinityConfig:
374
## clientIP:
375
## timeoutSeconds: 300
376
##
377
sessionAffinityConfig: {}
378
## Elasticsearch ingress parameters
379
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
380
##
381
ingress:
382
## @param ingress.enabled Enable ingress record generation for Elasticsearch
383
##
384
enabled: false
385
## @param ingress.pathType Ingress path type
386
##
387
pathType: ImplementationSpecific
388
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
389
##
390
apiVersion: ""
391
## @param ingress.hostname Default host for the ingress record
392
##
393
hostname: elasticsearch.local
394
## @param ingress.path Default path for the ingress record
395
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
396
##
397
path: /
398
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
399
## Use this parameter to set the required annotations for cert-manager, see
400
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
401
## e.g:
402
## annotations:
403
## kubernetes.io/ingress.class: nginx
404
## cert-manager.io/cluster-issuer: cluster-issuer-name
405
##
406
annotations: {}
407
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
408
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
409
## You can:
410
## - Use the `ingress.secrets` parameter to create this TLS secret
411
## - Rely on cert-manager to create it by setting the corresponding annotations
412
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
413
##
414
tls: false
415
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
416
##
417
selfSigned: false
418
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
419
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
420
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
421
##
422
ingressClassName: ""
423
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
424
## e.g:
425
## extraHosts:
426
## - name: elasticsearch.local
427
## path: /
428
##
429
extraHosts: []
430
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
431
## e.g:
432
## extraPaths:
433
## - path: /*
434
## backend:
435
## serviceName: ssl-redirect
436
## servicePort: use-annotation
437
##
438
extraPaths: []
439
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
440
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
441
## e.g:
442
## extraTls:
443
## - hosts:
444
## - elasticsearch.local
445
## secretName: elasticsearch.local-tls
446
##
447
extraTls: []
448
## @param ingress.secrets Custom TLS certificates as secrets
449
## NOTE: 'key' and 'certificate' are expected in PEM format
450
## NOTE: 'name' should line up with a 'secretName' set further up
451
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
452
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
453
## It is also possible to create and manage the certificates outside of this helm chart
454
## Please see README.md for more information
455
## e.g:
456
## secrets:
457
## - name: elasticsearch.local-tls
458
## key: |-
459
## -----BEGIN RSA PRIVATE KEY-----
460
## ...
461
## -----END RSA PRIVATE KEY-----
462
## certificate: |-
463
## -----BEGIN CERTIFICATE-----
464
## ...
465
## -----END CERTIFICATE-----
466
##
467
secrets: []
468
## @param ingress.extraRules Additional rules to be covered with this ingress record
469
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
470
## e.g:
471
## extraRules:
472
## - host: example.local
473
## http:
474
## path: /
475
## backend:
476
## service:
477
## name: example-svc
478
## port:
479
## name: http
480
##
481
extraRules: []
482
## @section Master-elegible nodes parameters
483
master:
484
## @param master.masterOnly Deploy the Elasticsearch master-elegible nodes as master-only nodes. Recommended for high-demand deployments.
485
## If you are
486
masterOnly: true
487
## @param master.replicaCount Number of master-elegible replicas to deploy
488
##
489
replicaCount: 2
490
## @param master.extraRoles Append extra roles to the node role
491
##
492
extraRoles: []
493
## Pod Disruption Budget configuration
494
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
495
## @param master.pdb.create Enable/disable a Pod Disruption Budget creation
496
## @param master.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
497
## @param master.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
498
##
499
pdb:
500
create: true
501
minAvailable: ""
502
maxUnavailable: ""
503
## @param master.nameOverride String to partially override elasticsearch.master.fullname
504
##
505
nameOverride: ""
506
## @param master.fullnameOverride String to fully override elasticsearch.master.fullname
507
##
508
fullnameOverride: ""
509
## @param master.servicenameOverride String to fully override elasticsearch.master.servicename
510
##
511
servicenameOverride: ""
512
## @param master.annotations [object] Annotations for the master statefulset
513
##
514
annotations: {}
515
## @param master.updateStrategy.type Master-elegible nodes statefulset stategy type
516
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
517
##
518
updateStrategy:
519
type: RollingUpdate
520
## Elasticsearch resource requests and limits
521
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
522
## We usually recommend not to specify default resources and to leave this as a conscious
523
## choice for the user. This also increases chances charts run on environments with little
524
## resources, such as Minikube. If you do want to specify resources, uncomment the following
525
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
526
## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
527
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
528
##
529
resourcesPreset: "small"
530
## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
531
## Example:
532
## resources:
533
## requests:
534
## cpu: 2
535
## memory: 512Mi
536
## limits:
537
## cpu: 3
538
## memory: 1024Mi
539
##
540
resources: {}
541
## @param master.heapSize Elasticsearch master-eligible node heap size.
542
## Note: The recommended heapSize is half of the container's memory.
543
## If omitted, it will be automatically set.
544
## Example:
545
## heapSize: 128m
546
##
547
heapSize: 128m
548
## Configure Pods Security Context
549
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
550
## @param master.podSecurityContext.enabled Enabled master-elegible pods' Security Context
551
## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
552
## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface
553
## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups
554
## @param master.podSecurityContext.fsGroup Set master-elegible pod's Security Context fsGroup
555
##
556
podSecurityContext:
557
enabled: true
558
fsGroupChangePolicy: Always
559
sysctls: []
560
supplementalGroups: []
561
fsGroup: 1001
562
## Configure Container Security Context
563
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
564
## @param master.containerSecurityContext.enabled Elasticseacrh master-eligible container securityContext
565
## @param master.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
566
## @param master.containerSecurityContext.runAsUser User ID for the Elasticseacrh master-eligible container
567
## @param master.containerSecurityContext.runAsGroup Group ID for the Elasticseacrh master-eligible container
568
## @param master.containerSecurityContext.runAsNonRoot Set Elasticsearch master-eligible container's Security Context runAsNonRoot
569
## @param master.containerSecurityContext.privileged Set Elasticsearch master-eligible container's Security Context privileged
570
## @param master.containerSecurityContext.allowPrivilegeEscalation Set Elasticsearch master-eligible container's Security Context allowPrivilegeEscalation
571
## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
572
## @param master.containerSecurityContext.capabilities.drop List of capabilities to be dropped
573
## @param master.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
574
##
575
containerSecurityContext:
576
enabled: true
577
seLinuxOptions: {}
578
runAsUser: 1001
579
runAsGroup: 1001
580
runAsNonRoot: true
581
privileged: false
582
allowPrivilegeEscalation: false
583
readOnlyRootFilesystem: true
584
capabilities:
585
drop: ["ALL"]
586
seccompProfile:
587
type: "RuntimeDefault"
588
## Network Policies
589
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
590
##
591
networkPolicy:
592
## @param master.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
593
##
594
enabled: true
595
## @param master.networkPolicy.allowExternal Don't require server label for connections
596
## The Policy model to apply. When set to false, only pods with the correct
597
## server label will have network access to the ports server is listening
598
## on. When true, server will accept connections from any source
599
## (with the correct destination port).
600
##
601
allowExternal: true
602
## @param master.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
603
##
604
allowExternalEgress: true
605
## @param master.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
606
## e.g:
607
## extraIngress:
608
## - ports:
609
## - port: 1234
610
## from:
611
## - podSelector:
612
## - matchLabels:
613
## - role: frontend
614
## - podSelector:
615
## - matchExpressions:
616
## - key: role
617
## operator: In
618
## values:
619
## - frontend
620
extraIngress: []
621
## @param master.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
622
## e.g:
623
## extraEgress:
624
## - ports:
625
## - port: 1234
626
## to:
627
## - podSelector:
628
## - matchLabels:
629
## - role: frontend
630
## - podSelector:
631
## - matchExpressions:
632
## - key: role
633
## operator: In
634
## values:
635
## - frontend
636
##
637
extraEgress: []
638
## @param master.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
639
## @param master.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
640
##
641
ingressNSMatchLabels: {}
642
ingressNSPodMatchLabels: {}
643
## @param master.automountServiceAccountToken Mount Service Account token in pod
644
##
645
automountServiceAccountToken: false
646
## @param master.hostAliases master-elegible pods host aliases
647
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
648
##
649
hostAliases: []
650
## @param master.podLabels Extra labels for master-elegible pods
651
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
652
##
653
podLabels: {}
654
## @param master.podAnnotations Annotations for master-elegible pods
655
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
656
##
657
podAnnotations: {}
658
## @param master.shareProcessNamespace Share a single process namespace between all of the containers in pod
659
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
660
##
661
shareProcessNamespace: false
662
## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
663
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
664
##
665
podAffinityPreset: ""
666
## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
667
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
668
##
669
podAntiAffinityPreset: ""
670
## Node master.affinity preset
671
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
672
##
673
nodeAffinityPreset:
674
## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
675
##
676
type: ""
677
## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set
678
##
679
key: ""
680
## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set
681
## E.g.
682
## values:
683
## - e2e-az1
684
## - e2e-az2
685
##
686
values: []
687
## @param master.affinity Affinity for master-elegible pods assignment
688
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
689
## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set
690
##
691
affinity: {}
692
## @param master.nodeSelector Node labels for master-elegible pods assignment
693
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
694
##
695
nodeSelector: {}
696
## @param master.tolerations Tolerations for master-elegible pods assignment
697
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
698
##
699
tolerations: []
700
## @param master.priorityClassName master-elegible pods' priorityClassName
701
##
702
priorityClassName: ""
703
## @param master.schedulerName Name of the k8s scheduler (other than default) for master-elegible pods
704
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
705
##
706
schedulerName: ""
707
## @param master.terminationGracePeriodSeconds In seconds, time the given to the Elasticsearch Master pod needs to terminate gracefully
708
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
709
##
710
terminationGracePeriodSeconds: ""
711
## @param master.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
712
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
713
##
714
topologySpreadConstraints: []
715
## @param master.podManagementPolicy podManagementPolicy to manage scaling operation of Elasticsearch master pods
716
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
717
##
718
podManagementPolicy: "Parallel"
719
## Configure extra options for Elasticsearch master-elegible containers' liveness, readiness and startup probes
720
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
721
## @param master.startupProbe.enabled Enable/disable the startup probe (master nodes pod)
722
## @param master.startupProbe.initialDelaySeconds Delay before startup probe is initiated (master nodes pod)
723
## @param master.startupProbe.periodSeconds How often to perform the probe (master nodes pod)
724
## @param master.startupProbe.timeoutSeconds When the probe times out (master nodes pod)
725
## @param master.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (master nodes pod)
726
## @param master.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
727
##
728
startupProbe:
729
enabled: false
730
initialDelaySeconds: 90
731
periodSeconds: 10
732
timeoutSeconds: 5
733
successThreshold: 1
734
failureThreshold: 5
735
## @param master.livenessProbe.enabled Enable/disable the liveness probe (master-eligible nodes pod)
736
## @param master.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated (master-eligible nodes pod)
737
## @param master.livenessProbe.periodSeconds How often to perform the probe (master-eligible nodes pod)
738
## @param master.livenessProbe.timeoutSeconds When the probe times out (master-eligible nodes pod)
739
## @param master.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (master-eligible nodes pod)
740
## @param master.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
741
##
742
livenessProbe:
743
enabled: true
744
initialDelaySeconds: 180
745
periodSeconds: 10
746
timeoutSeconds: 5
747
successThreshold: 1
748
failureThreshold: 5
749
## @param master.readinessProbe.enabled Enable/disable the readiness probe (master-eligible nodes pod)
750
## @param master.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated (master-eligible nodes pod)
751
## @param master.readinessProbe.periodSeconds How often to perform the probe (master-eligible nodes pod)
752
## @param master.readinessProbe.timeoutSeconds When the probe times out (master-eligible nodes pod)
753
## @param master.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (master-eligible nodes pod)
754
## @param master.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
755
##
756
readinessProbe:
757
enabled: true
758
initialDelaySeconds: 90
759
periodSeconds: 10
760
timeoutSeconds: 5
761
successThreshold: 1
762
failureThreshold: 5
763
## @param master.customStartupProbe Override default startup probe
764
##
765
customStartupProbe: {}
766
## @param master.customLivenessProbe Override default liveness probe
767
##
768
customLivenessProbe: {}
769
## @param master.customReadinessProbe Override default readiness probe
770
##
771
customReadinessProbe: {}
772
## @param master.command Override default container command (useful when using custom images)
773
##
774
command: []
775
## @param master.args Override default container args (useful when using custom images)
776
##
777
args: []
778
## @param master.lifecycleHooks for the master-elegible container(s) to automate configuration before or after startup
779
##
780
lifecycleHooks: {}
781
## @param master.extraEnvVars Array with extra environment variables to add to master-elegible nodes
782
## e.g:
783
## extraEnvVars:
784
## - name: FOO
785
## value: "bar"
786
##
787
extraEnvVars: []
788
## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for master-elegible nodes
789
##
790
extraEnvVarsCM: ""
791
## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for master-elegible nodes
792
##
793
extraEnvVarsSecret: ""
794
## @param master.extraVolumes Optionally specify extra list of additional volumes for the master-elegible pod(s)
795
##
796
extraVolumes: []
797
## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the master-elegible container(s)
798
##
799
extraVolumeMounts: []
800
## @param master.sidecars Add additional sidecar containers to the master-elegible pod(s)
801
## e.g:
802
## sidecars:
803
## - name: your-image-name
804
## image: your-image
805
## imagePullPolicy: Always
806
## ports:
807
## - name: portname
808
## containerPort: 1234
809
##
810
sidecars: []
811
## @param master.initContainers Add additional init containers to the master-elegible pod(s)
812
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
813
## e.g:
814
## initContainers:
815
## - name: your-image-name
816
## image: your-image
817
## imagePullPolicy: Always
818
## command: ['sh', '-c', 'echo "hello world"']
819
##
820
initContainers: []
821
## Enable persistence using Persistent Volume Claims
822
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
823
##
824
persistence:
825
## @param master.persistence.enabled Enable persistence using a `PersistentVolumeClaim`
826
##
827
enabled: true
828
## @param master.persistence.storageClass Persistent Volume Storage Class
829
## If defined, storageClassName: <storageClass>
830
## If set to "-", storageClassName: "", which disables dynamic provisioning
831
## If undefined (the default) or set to null, no storageClassName spec is
832
## set, choosing the default provisioner. (gp2 on AWS, standard on
833
## GKE, AWS & OpenStack)
834
##
835
storageClass: ""
836
## @param master.persistence.existingClaim Existing Persistent Volume Claim
837
## then accept the value as an existing Persistent Volume Claim to which
838
## the container should be bound
839
##
840
existingClaim: ""
841
## @param master.persistence.existingVolume Existing Persistent Volume for use as volume match label selector to the `volumeClaimTemplate`. Ignored when `master.persistence.selector` is set.
842
##
843
existingVolume: ""
844
## @param master.persistence.selector Configure custom selector for existing Persistent Volume. Overwrites `master.persistence.existingVolume`
845
## selector:
846
## matchLabels:
847
## volume:
848
##
849
selector: {}
850
## @param master.persistence.annotations Persistent Volume Claim annotations
851
##
852
annotations: {}
853
## @param master.persistence.accessModes Persistent Volume Access Modes
854
##
855
accessModes:
856
- ReadWriteOnce
857
## @param master.persistence.size Persistent Volume Size
858
##
859
size: 8Gi
860
## Master Persistent Volume Claim Retention Policy
861
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
862
##
863
persistentVolumeClaimRetentionPolicy:
864
## @param master.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Master StatefulSet
865
##
866
enabled: false
867
## @param master.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
868
##
869
whenScaled: Retain
870
## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
871
##
872
whenDeleted: Retain
873
## Pods Service Account
874
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
875
## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created
876
## @param master.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
877
## @param master.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
878
## @param master.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
879
##
880
serviceAccount:
881
create: true
882
name: ""
883
automountServiceAccountToken: false
884
annotations: {}
885
## Enable HorizontalPodAutoscaler for Elasticsearch Master pods
886
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
887
## @param master.autoscaling.enabled Whether enable horizontal pod autoscale
888
## @param master.autoscaling.minReplicas Configure a minimum amount of pods
889
## @param master.autoscaling.maxReplicas Configure a maximum amount of pods
890
## @param master.autoscaling.targetCPU Define the CPU target to trigger the scaling actions (utilization percentage)
891
## @param master.autoscaling.targetMemory Define the memory target to trigger the scaling actions (utilization percentage)
892
##
893
autoscaling:
894
enabled: false
895
minReplicas: 3
896
maxReplicas: 11
897
targetCPU: ""
898
targetMemory: ""
899
## @section Data-only nodes parameters
900
data:
901
## @param data.replicaCount Number of data-only replicas to deploy
902
##
903
replicaCount: 2
904
## @param data.extraRoles Append extra roles to the node role
905
##
906
extraRoles: []
907
## Pod Disruption Budget configuration
908
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
909
## @param data.pdb.create Enable/disable a Pod Disruption Budget creation
910
## @param data.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
911
## @param data.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
912
##
913
pdb:
914
create: true
915
minAvailable: ""
916
maxUnavailable: ""
917
## @param data.nameOverride String to partially override elasticsearch.data.fullname
918
##
919
nameOverride: ""
920
## @param data.fullnameOverride String to fully override elasticsearch.data.fullname
921
##
922
fullnameOverride: ""
923
## @param data.servicenameOverride String to fully override elasticsearch.data.servicename
924
##
925
servicenameOverride: ""
926
## @param data.annotations [object] Annotations for the data statefulset
927
##
928
annotations: {}
929
## @param data.updateStrategy.type Data-only nodes statefulset stategy type
930
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
931
##
932
updateStrategy:
933
type: RollingUpdate
934
## Elasticsearch resource requests and limits
935
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
936
## @param data.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if data.resources is set (data.resources is recommended for production).
937
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
938
##
939
resourcesPreset: "medium"
940
## @param data.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
941
## Example:
942
## resources:
943
## requests:
944
## cpu: 2
945
## memory: 512Mi
946
## limits:
947
## cpu: 3
948
## memory: 1024Mi
949
##
950
resources: {}
951
## @param data.heapSize Elasticsearch data node heap size.
952
## Note: The recommended heapSize is half of the container's memory.
953
## If omitted, it will be automatically set.
954
## Example:
955
## heapSize: 128m
956
##
957
heapSize: 1024m
958
## Configure Pods Security Context
959
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
960
## @param data.podSecurityContext.enabled Enabled data pods' Security Context
961
## @param data.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
962
## @param data.podSecurityContext.sysctls Set kernel settings using the sysctl interface
963
## @param data.podSecurityContext.supplementalGroups Set filesystem extra groups
964
## @param data.podSecurityContext.fsGroup Set data pod's Security Context fsGroup
965
##
966
podSecurityContext:
967
enabled: true
968
fsGroupChangePolicy: Always
969
sysctls: []
970
supplementalGroups: []
971
fsGroup: 1001
972
## Configure Container Security Context
973
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
974
## @param data.containerSecurityContext.enabled Elasticseacrh data container securityContext
975
## @param data.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
976
## @param data.containerSecurityContext.runAsUser User ID for the Elasticseacrh data container
977
## @param data.containerSecurityContext.runAsGroup Group ID for the Elasticseacrh data container
978
## @param data.containerSecurityContext.runAsNonRoot Set Elasticsearch data container's Security Context runAsNonRoot
979
## @param data.containerSecurityContext.privileged Set Elasticsearch data container's Security Context privileged
980
## @param data.containerSecurityContext.allowPrivilegeEscalation Set Elasticsearch data container's Security Context allowPrivilegeEscalation
981
## @param data.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
982
## @param data.containerSecurityContext.capabilities.drop List of capabilities to be dropped
983
## @param data.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
984
##
985
containerSecurityContext:
986
enabled: true
987
seLinuxOptions: {}
988
runAsUser: 1001
989
runAsGroup: 1001
990
runAsNonRoot: true
991
privileged: false
992
allowPrivilegeEscalation: false
993
readOnlyRootFilesystem: true
994
capabilities:
995
drop: ["ALL"]
996
seccompProfile:
997
type: "RuntimeDefault"
998
## Network Policies
999
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1000
##
1001
networkPolicy:
1002
## @param data.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1003
##
1004
enabled: true
1005
## @param data.networkPolicy.allowExternal Don't require server label for connections
1006
## The Policy model to apply. When set to false, only pods with the correct
1007
## server label will have network access to the ports server is listening
1008
## on. When true, server will accept connections from any source
1009
## (with the correct destination port).
1010
##
1011
allowExternal: true
1012
## @param data.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1013
##
1014
allowExternalEgress: true
1015
## @param data.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1016
## e.g:
1017
## extraIngress:
1018
## - ports:
1019
## - port: 1234
1020
## from:
1021
## - podSelector:
1022
## - matchLabels:
1023
## - role: frontend
1024
## - podSelector:
1025
## - matchExpressions:
1026
## - key: role
1027
## operator: In
1028
## values:
1029
## - frontend
1030
extraIngress: []
1031
## @param data.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1032
## e.g:
1033
## extraEgress:
1034
## - ports:
1035
## - port: 1234
1036
## to:
1037
## - podSelector:
1038
## - matchLabels:
1039
## - role: frontend
1040
## - podSelector:
1041
## - matchExpressions:
1042
## - key: role
1043
## operator: In
1044
## values:
1045
## - frontend
1046
##
1047
extraEgress: []
1048
## @param data.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1049
## @param data.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1050
##
1051
ingressNSMatchLabels: {}
1052
ingressNSPodMatchLabels: {}
1053
## @param data.automountServiceAccountToken Mount Service Account token in pod
1054
##
1055
automountServiceAccountToken: false
1056
## @param data.hostAliases data pods host aliases
1057
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1058
##
1059
hostAliases: []
1060
## @param data.podLabels Extra labels for data pods
1061
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1062
##
1063
podLabels: {}
1064
## @param data.podAnnotations Annotations for data pods
1065
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1066
##
1067
podAnnotations: {}
1068
## @param data.shareProcessNamespace Share a single process namespace between all of the containers in pod
1069
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
1070
##
1071
shareProcessNamespace: false
1072
## @param data.podAffinityPreset Pod affinity preset. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard`
1073
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1074
##
1075
podAffinityPreset: ""
1076
## @param data.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard`
1077
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1078
##
1079
podAntiAffinityPreset: ""
1080
## Node data.affinity preset
1081
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1082
##
1083
nodeAffinityPreset:
1084
## @param data.nodeAffinityPreset.type Node affinity preset type. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard`
1085
##
1086
type: ""
1087
## @param data.nodeAffinityPreset.key Node label key to match. Ignored if `data.affinity` is set
1088
##
1089
key: ""
1090
## @param data.nodeAffinityPreset.values Node label values to match. Ignored if `data.affinity` is set
1091
## E.g.
1092
## values:
1093
## - e2e-az1
1094
## - e2e-az2
1095
##
1096
values: []
1097
## @param data.affinity Affinity for data pods assignment
1098
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1099
## NOTE: `data.podAffinityPreset`, `data.podAntiAffinityPreset`, and `data.nodeAffinityPreset` will be ignored when it's set
1100
##
1101
affinity: {}
1102
## @param data.nodeSelector Node labels for data pods assignment
1103
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1104
##
1105
nodeSelector: {}
1106
## @param data.tolerations Tolerations for data pods assignment
1107
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1108
##
1109
tolerations: []
1110
## @param data.priorityClassName data pods' priorityClassName
1111
##
1112
priorityClassName: ""
1113
## @param data.schedulerName Name of the k8s scheduler (other than default) for data pods
1114
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1115
##
1116
schedulerName: ""
1117
## @param data.terminationGracePeriodSeconds In seconds, time the given to the Elasticsearch data pod needs to terminate gracefully
1118
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
1119
##
1120
terminationGracePeriodSeconds: ""
1121
## @param data.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
1122
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1123
##
1124
topologySpreadConstraints: []
1125
## @param data.podManagementPolicy podManagementPolicy to manage scaling operation of Elasticsearch data pods
1126
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1127
##
1128
podManagementPolicy: "Parallel"
1129
## Configure extra options for Elasticsearch data containers' liveness, readiness and startup probes
1130
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1131
## @param data.startupProbe.enabled Enable/disable the startup probe (data nodes pod)
1132
## @param data.startupProbe.initialDelaySeconds Delay before startup probe is initiated (data nodes pod)
1133
## @param data.startupProbe.periodSeconds How often to perform the probe (data nodes pod)
1134
## @param data.startupProbe.timeoutSeconds When the probe times out (data nodes pod)
1135
## @param data.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod)
1136
## @param data.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1137
##
1138
startupProbe:
1139
enabled: false
1140
initialDelaySeconds: 90
1141
periodSeconds: 10
1142
timeoutSeconds: 5
1143
successThreshold: 1
1144
failureThreshold: 5
1145
## @param data.livenessProbe.enabled Enable/disable the liveness probe (data nodes pod)
1146
## @param data.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated (data nodes pod)
1147
## @param data.livenessProbe.periodSeconds How often to perform the probe (data nodes pod)
1148
## @param data.livenessProbe.timeoutSeconds When the probe times out (data nodes pod)
1149
## @param data.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod)
1150
## @param data.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1151
##
1152
livenessProbe:
1153
enabled: true
1154
initialDelaySeconds: 180
1155
periodSeconds: 10
1156
timeoutSeconds: 5
1157
successThreshold: 1
1158
failureThreshold: 5
1159
## @param data.readinessProbe.enabled Enable/disable the readiness probe (data nodes pod)
1160
## @param data.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated (data nodes pod)
1161
## @param data.readinessProbe.periodSeconds How often to perform the probe (data nodes pod)
1162
## @param data.readinessProbe.timeoutSeconds When the probe times out (data nodes pod)
1163
## @param data.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod)
1164
## @param data.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1165
##
1166
readinessProbe:
1167
enabled: true
1168
initialDelaySeconds: 90
1169
periodSeconds: 10
1170
timeoutSeconds: 5
1171
successThreshold: 1
1172
failureThreshold: 5
1173
## @param data.customStartupProbe Override default startup probe
1174
##
1175
customStartupProbe: {}
1176
## @param data.customLivenessProbe Override default liveness probe
1177
##
1178
customLivenessProbe: {}
1179
## @param data.customReadinessProbe Override default readiness probe
1180
##
1181
customReadinessProbe: {}
1182
## @param data.command Override default container command (useful when using custom images)
1183
##
1184
command: []
1185
## @param data.args Override default container args (useful when using custom images)
1186
##
1187
args: []
1188
## @param data.lifecycleHooks for the data container(s) to automate configuration before or after startup
1189
##
1190
lifecycleHooks: {}
1191
## @param data.extraEnvVars Array with extra environment variables to add to data nodes
1192
## e.g:
1193
## extraEnvVars:
1194
## - name: FOO
1195
## value: "bar"
1196
##
1197
extraEnvVars: []
1198
## @param data.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for data nodes
1199
##
1200
extraEnvVarsCM: ""
1201
## @param data.extraEnvVarsSecret Name of existing Secret containing extra env vars for data nodes
1202
##
1203
extraEnvVarsSecret: ""
1204
## @param data.extraVolumes Optionally specify extra list of additional volumes for the data pod(s)
1205
##
1206
extraVolumes: []
1207
## @param data.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the data container(s)
1208
##
1209
extraVolumeMounts: []
1210
## @param data.sidecars Add additional sidecar containers to the data pod(s)
1211
## e.g:
1212
## sidecars:
1213
## - name: your-image-name
1214
## image: your-image
1215
## imagePullPolicy: Always
1216
## ports:
1217
## - name: portname
1218
## containerPort: 1234
1219
##
1220
sidecars: []
1221
## @param data.initContainers Add additional init containers to the data pod(s)
1222
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1223
## e.g:
1224
## initContainers:
1225
## - name: your-image-name
1226
## image: your-image
1227
## imagePullPolicy: Always
1228
## command: ['sh', '-c', 'echo "hello world"']
1229
##
1230
initContainers: []
1231
## Enable persistence using Persistent Volume Claims
1232
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
1233
##
1234
persistence:
1235
## @param data.persistence.enabled Enable persistence using a `PersistentVolumeClaim`
1236
##
1237
enabled: true
1238
## @param data.persistence.storageClass Persistent Volume Storage Class
1239
## If defined, storageClassName: <storageClass>
1240
## If set to "-", storageClassName: "", which disables dynamic provisioning
1241
## If undefined (the default) or set to null, no storageClassName spec is
1242
## set, choosing the default provisioner. (gp2 on AWS, standard on
1243
## GKE, AWS & OpenStack)
1244
##
1245
storageClass: ""
1246
## @param data.persistence.existingClaim Existing Persistent Volume Claim
1247
## then accept the value as an existing Persistent Volume Claim to which
1248
## the container should be bound
1249
##
1250
existingClaim: ""
1251
## @param data.persistence.existingVolume Existing Persistent Volume for use as volume match label selector to the `volumeClaimTemplate`. Ignored when `data.persistence.selector` is set.
1252
##
1253
existingVolume: ""
1254
## @param data.persistence.selector Configure custom selector for existing Persistent Volume. Overwrites `data.persistence.existingVolume`
1255
## selector:
1256
## matchLabels:
1257
## volume:
1258
##
1259
selector: {}
1260
## @param data.persistence.annotations Persistent Volume Claim annotations
1261
##
1262
annotations: {}
1263
## @param data.persistence.accessModes Persistent Volume Access Modes
1264
##
1265
accessModes:
1266
- ReadWriteOnce
1267
## @param data.persistence.size Persistent Volume Size
1268
##
1269
size: 8Gi
1270
## Data Persistent Volume Claim Retention Policy
1271
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1272
##
1273
persistentVolumeClaimRetentionPolicy:
1274
## @param data.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Data StatefulSet
1275
##
1276
enabled: false
1277
## @param data.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1278
##
1279
whenScaled: Retain
1280
## @param data.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1281
##
1282
whenDeleted: Retain
1283
## Pods Service Account
1284
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1285
## @param data.serviceAccount.create Specifies whether a ServiceAccount should be created
1286
## @param data.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
1287
## @param data.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
1288
## @param data.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
1289
##
1290
serviceAccount:
1291
create: true
1292
name: ""
1293
automountServiceAccountToken: false
1294
annotations: {}
1295
## Enable HorizontalPodAutoscaler for Elasticsearch data pods
1296
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
1297
## @param data.autoscaling.enabled Whether enable horizontal pod autoscale
1298
## @param data.autoscaling.minReplicas Configure a minimum amount of pods
1299
## @param data.autoscaling.maxReplicas Configure a maximum amount of pods
1300
## @param data.autoscaling.targetCPU Define the CPU target to trigger the scaling actions (utilization percentage)
1301
## @param data.autoscaling.targetMemory Define the memory target to trigger the scaling actions (utilization percentage)
1302
##
1303
autoscaling:
1304
enabled: false
1305
minReplicas: 3
1306
maxReplicas: 11
1307
targetCPU: ""
1308
targetMemory: ""
1309
## @section Coordinating-only nodes parameters
1310
coordinating:
1311
## @param coordinating.replicaCount Number of coordinating-only replicas to deploy
1312
##
1313
replicaCount: 2
1314
## @param coordinating.extraRoles Append extra roles to the node role
1315
## NOTE: In Elasticsearch, all nodes act as coordinators, coordinating-only nodes do not have any other role by default.
1316
##
1317
extraRoles: []
1318
## Pod Disruption Budget configuration
1319
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1320
## @param coordinating.pdb.create Enable/disable a Pod Disruption Budget creation
1321
## @param coordinating.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
1322
## @param coordinating.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
1323
##
1324
pdb:
1325
create: true
1326
minAvailable: ""
1327
maxUnavailable: ""
1328
## @param coordinating.nameOverride String to partially override elasticsearch.coordinating.fullname
1329
##
1330
nameOverride: ""
1331
## @param coordinating.fullnameOverride String to fully override elasticsearch.coordinating.fullname
1332
##
1333
fullnameOverride: ""
1334
## @param coordinating.servicenameOverride String to fully override elasticsearch.coordinating.servicename
1335
##
1336
servicenameOverride: ""
1337
## @param coordinating.annotations [object] Annotations for the coordinating-only statefulset
1338
##
1339
annotations: {}
1340
## @param coordinating.updateStrategy.type Coordinating-only nodes statefulset stategy type
1341
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1342
##
1343
updateStrategy:
1344
type: RollingUpdate
1345
## Elasticsearch resource requests and limits
1346
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1347
## @param coordinating.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if coordinating.resources is set (coordinating.resources is recommended for production).
1348
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
1349
##
1350
resourcesPreset: "small"
1351
## @param coordinating.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1352
## Example:
1353
## resources:
1354
## requests:
1355
## cpu: 2
1356
## memory: 512Mi
1357
## limits:
1358
## cpu: 3
1359
## memory: 1024Mi
1360
##
1361
resources: {}
1362
## @param coordinating.heapSize Elasticsearch coordinating node heap size.
1363
## Note: The recommended heapSize is half of the container's memory.
1364
## If omitted, it will be automatically set.
1365
## Example:
1366
## heapSize: 128m
1367
##
1368
heapSize: 128m
1369
## Configure Pods Security Context
1370
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1371
## @param coordinating.podSecurityContext.enabled Enabled coordinating-only pods' Security Context
1372
## @param coordinating.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1373
## @param coordinating.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1374
## @param coordinating.podSecurityContext.supplementalGroups Set filesystem extra groups
1375
## @param coordinating.podSecurityContext.fsGroup Set coordinating-only pod's Security Context fsGroup
1376
##
1377
podSecurityContext:
1378
enabled: true
1379
fsGroupChangePolicy: Always
1380
sysctls: []
1381
supplementalGroups: []
1382
fsGroup: 1001
1383
## Configure Container Security Context
1384
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1385
## @param coordinating.containerSecurityContext.enabled Elasticseacrh coordinating container securityContext
1386
## @param coordinating.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1387
## @param coordinating.containerSecurityContext.runAsUser User ID for the Elasticseacrh coordinating container
1388
## @param coordinating.containerSecurityContext.runAsGroup Group ID for the Elasticseacrh coordinating container
1389
## @param coordinating.containerSecurityContext.runAsNonRoot Set Elasticsearch coordinating container's Security Context runAsNonRoot
1390
## @param coordinating.containerSecurityContext.privileged Set Elasticsearch coordinating container's Security Context privileged
1391
## @param coordinating.containerSecurityContext.allowPrivilegeEscalation Set Elasticsearch coordinating container's Security Context allowPrivilegeEscalation
1392
## @param coordinating.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1393
## @param coordinating.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1394
## @param coordinating.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1395
##
1396
containerSecurityContext:
1397
enabled: true
1398
seLinuxOptions: {}
1399
runAsUser: 1001
1400
runAsGroup: 1001
1401
runAsNonRoot: true
1402
privileged: false
1403
allowPrivilegeEscalation: false
1404
readOnlyRootFilesystem: true
1405
capabilities:
1406
drop: ["ALL"]
1407
seccompProfile:
1408
type: "RuntimeDefault"
1409
## Network Policies
1410
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1411
##
1412
networkPolicy:
1413
## @param coordinating.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1414
##
1415
enabled: true
1416
## @param coordinating.networkPolicy.allowExternal Don't require server label for connections
1417
## The Policy model to apply. When set to false, only pods with the correct
1418
## server label will have network access to the ports server is listening
1419
## on. When true, server will accept connections from any source
1420
## (with the correct destination port).
1421
##
1422
allowExternal: true
1423
## @param coordinating.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1424
##
1425
allowExternalEgress: true
1426
## @param coordinating.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1427
## e.g:
1428
## extraIngress:
1429
## - ports:
1430
## - port: 1234
1431
## from:
1432
## - podSelector:
1433
## - matchLabels:
1434
## - role: frontend
1435
## - podSelector:
1436
## - matchExpressions:
1437
## - key: role
1438
## operator: In
1439
## values:
1440
## - frontend
1441
extraIngress: []
1442
## @param coordinating.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1443
## e.g:
1444
## extraEgress:
1445
## - ports:
1446
## - port: 1234
1447
## to:
1448
## - podSelector:
1449
## - matchLabels:
1450
## - role: frontend
1451
## - podSelector:
1452
## - matchExpressions:
1453
## - key: role
1454
## operator: In
1455
## values:
1456
## - frontend
1457
##
1458
extraEgress: []
1459
## @param coordinating.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1460
## @param coordinating.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1461
##
1462
ingressNSMatchLabels: {}
1463
ingressNSPodMatchLabels: {}
1464
## @param coordinating.automountServiceAccountToken Mount Service Account token in pod
1465
##
1466
automountServiceAccountToken: false
1467
## @param coordinating.hostAliases coordinating-only pods host aliases
1468
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1469
##
1470
hostAliases: []
1471
## @param coordinating.podLabels Extra labels for coordinating-only pods
1472
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1473
##
1474
podLabels: {}
1475
## @param coordinating.podAnnotations Annotations for coordinating-only pods
1476
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1477
##
1478
podAnnotations: {}
1479
## @param coordinating.shareProcessNamespace Share a single process namespace between all of the containers in pod
1480
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
1481
##
1482
shareProcessNamespace: false
1483
## @param coordinating.podAffinityPreset Pod affinity preset. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard`
1484
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1485
##
1486
podAffinityPreset: ""
1487
## @param coordinating.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard`
1488
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1489
##
1490
podAntiAffinityPreset: ""
1491
## Node coordinating.affinity preset
1492
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1493
##
1494
nodeAffinityPreset:
1495
## @param coordinating.nodeAffinityPreset.type Node affinity preset type. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard`
1496
##
1497
type: ""
1498
## @param coordinating.nodeAffinityPreset.key Node label key to match. Ignored if `coordinating.affinity` is set
1499
##
1500
key: ""
1501
## @param coordinating.nodeAffinityPreset.values Node label values to match. Ignored if `coordinating.affinity` is set
1502
## E.g.
1503
## values:
1504
## - e2e-az1
1505
## - e2e-az2
1506
##
1507
values: []
1508
## @param coordinating.affinity Affinity for coordinating-only pods assignment
1509
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1510
## NOTE: `coordinating.podAffinityPreset`, `coordinating.podAntiAffinityPreset`, and `coordinating.nodeAffinityPreset` will be ignored when it's set
1511
##
1512
affinity: {}
1513
## @param coordinating.nodeSelector Node labels for coordinating-only pods assignment
1514
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1515
##
1516
nodeSelector: {}
1517
## @param coordinating.tolerations Tolerations for coordinating-only pods assignment
1518
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1519
##
1520
tolerations: []
1521
## @param coordinating.priorityClassName coordinating-only pods' priorityClassName
1522
##
1523
priorityClassName: ""
1524
## @param coordinating.schedulerName Name of the k8s scheduler (other than default) for coordinating-only pods
1525
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1526
##
1527
schedulerName: ""
1528
## @param coordinating.terminationGracePeriodSeconds In seconds, time the given to the Elasticsearch coordinating pod needs to terminate gracefully
1529
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
1530
##
1531
terminationGracePeriodSeconds: ""
1532
## @param coordinating.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
1533
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1534
##
1535
topologySpreadConstraints: []
1536
## @param coordinating.podManagementPolicy podManagementPolicy to manage scaling operation of Elasticsearch coordinating pods
1537
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1538
##
1539
podManagementPolicy: "Parallel"
1540
## Configure extra options for Elasticsearch coordinating-only containers' liveness, readiness and startup probes
1541
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1542
## @param coordinating.startupProbe.enabled Enable/disable the startup probe (coordinating-only nodes pod)
1543
## @param coordinating.startupProbe.initialDelaySeconds Delay before startup probe is initiated (coordinating-only nodes pod)
1544
## @param coordinating.startupProbe.periodSeconds How often to perform the probe (coordinating-only nodes pod)
1545
## @param coordinating.startupProbe.timeoutSeconds When the probe times out (coordinating-only nodes pod)
1546
## @param coordinating.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod)
1547
## @param coordinating.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1548
##
1549
startupProbe:
1550
enabled: false
1551
initialDelaySeconds: 90
1552
periodSeconds: 10
1553
timeoutSeconds: 5
1554
successThreshold: 1
1555
failureThreshold: 5
1556
## @param coordinating.livenessProbe.enabled Enable/disable the liveness probe (coordinating-only nodes pod)
1557
## @param coordinating.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated (coordinating-only nodes pod)
1558
## @param coordinating.livenessProbe.periodSeconds How often to perform the probe (coordinating-only nodes pod)
1559
## @param coordinating.livenessProbe.timeoutSeconds When the probe times out (coordinating-only nodes pod)
1560
## @param coordinating.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod)
1561
## @param coordinating.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1562
##
1563
livenessProbe:
1564
enabled: true
1565
initialDelaySeconds: 180
1566
periodSeconds: 10
1567
timeoutSeconds: 5
1568
successThreshold: 1
1569
failureThreshold: 5
1570
## @param coordinating.readinessProbe.enabled Enable/disable the readiness probe (coordinating-only nodes pod)
1571
## @param coordinating.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated (coordinating-only nodes pod)
1572
## @param coordinating.readinessProbe.periodSeconds How often to perform the probe (coordinating-only nodes pod)
1573
## @param coordinating.readinessProbe.timeoutSeconds When the probe times out (coordinating-only nodes pod)
1574
## @param coordinating.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod)
1575
## @param coordinating.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1576
##
1577
readinessProbe:
1578
enabled: true
1579
initialDelaySeconds: 90
1580
periodSeconds: 10
1581
timeoutSeconds: 5
1582
successThreshold: 1
1583
failureThreshold: 5
1584
## @param coordinating.customStartupProbe Override default startup probe
1585
##
1586
customStartupProbe: {}
1587
## @param coordinating.customLivenessProbe Override default liveness probe
1588
##
1589
customLivenessProbe: {}
1590
## @param coordinating.customReadinessProbe Override default readiness probe
1591
##
1592
customReadinessProbe: {}
1593
## @param coordinating.command Override default container command (useful when using custom images)
1594
##
1595
command: []
1596
## @param coordinating.args Override default container args (useful when using custom images)
1597
##
1598
args: []
1599
## @param coordinating.lifecycleHooks for the coordinating-only container(s) to automate configuration before or after startup
1600
##
1601
lifecycleHooks: {}
1602
## @param coordinating.extraEnvVars Array with extra environment variables to add to coordinating-only nodes
1603
## e.g:
1604
## extraEnvVars:
1605
## - name: FOO
1606
## value: "bar"
1607
##
1608
extraEnvVars: []
1609
## @param coordinating.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for coordinating-only nodes
1610
##
1611
extraEnvVarsCM: ""
1612
## @param coordinating.extraEnvVarsSecret Name of existing Secret containing extra env vars for coordinating-only nodes
1613
##
1614
extraEnvVarsSecret: ""
1615
## @param coordinating.extraVolumes Optionally specify extra list of additional volumes for the coordinating-only pod(s)
1616
##
1617
extraVolumes: []
1618
## @param coordinating.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the coordinating-only container(s)
1619
##
1620
extraVolumeMounts: []
1621
## @param coordinating.sidecars Add additional sidecar containers to the coordinating-only pod(s)
1622
## e.g:
1623
## sidecars:
1624
## - name: your-image-name
1625
## image: your-image
1626
## imagePullPolicy: Always
1627
## ports:
1628
## - name: portname
1629
## containerPort: 1234
1630
##
1631
sidecars: []
1632
## @param coordinating.initContainers Add additional init containers to the coordinating-only pod(s)
1633
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1634
## e.g:
1635
## initContainers:
1636
## - name: your-image-name
1637
## image: your-image
1638
## imagePullPolicy: Always
1639
## command: ['sh', '-c', 'echo "hello world"']
1640
##
1641
initContainers: []
1642
## Pods Service Account
1643
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1644
## @param coordinating.serviceAccount.create Specifies whether a ServiceAccount should be created
1645
## @param coordinating.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
1646
## @param coordinating.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
1647
## @param coordinating.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
1648
##
1649
serviceAccount:
1650
create: true
1651
name: ""
1652
automountServiceAccountToken: false
1653
annotations: {}
1654
## Enable HorizontalPodAutoscaler for Elasticsearch coordinating pods
1655
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
1656
## @param coordinating.autoscaling.enabled Whether enable horizontal pod autoscale
1657
## @param coordinating.autoscaling.minReplicas Configure a minimum amount of pods
1658
## @param coordinating.autoscaling.maxReplicas Configure a maximum amount of pods
1659
## @param coordinating.autoscaling.targetCPU Define the CPU target to trigger the scaling actions (utilization percentage)
1660
## @param coordinating.autoscaling.targetMemory Define the memory target to trigger the scaling actions (utilization percentage)
1661
##
1662
autoscaling:
1663
enabled: false
1664
minReplicas: 3
1665
maxReplicas: 11
1666
targetCPU: ""
1667
targetMemory: ""
1668
## @section Ingest-only nodes parameters
1669
ingest:
1670
## @param ingest.enabled Enable ingest nodes
1671
##
1672
enabled: true
1673
## @param ingest.replicaCount Number of ingest-only replicas to deploy
1674
##
1675
replicaCount: 2
1676
## @param ingest.extraRoles Append extra roles to the node role
1677
##
1678
extraRoles: []
1679
## Pod Disruption Budget configuration
1680
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1681
## @param ingest.pdb.create Enable/disable a Pod Disruption Budget creation
1682
## @param ingest.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
1683
## @param ingest.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
1684
##
1685
pdb:
1686
create: true
1687
minAvailable: ""
1688
maxUnavailable: ""
1689
## @param ingest.nameOverride String to partially override elasticsearch.ingest.fullname
1690
##
1691
nameOverride: ""
1692
## @param ingest.fullnameOverride String to fully override elasticsearch.ingest.fullname
1693
##
1694
fullnameOverride: ""
1695
## @param ingest.servicenameOverride String to fully override ingest.master.servicename
1696
##
1697
servicenameOverride: ""
1698
## @param ingest.annotations [object] Annotations for the ingest statefulset
1699
##
1700
annotations: {}
1701
## @param ingest.containerPorts.restAPI Elasticsearch REST API port
1702
## @param ingest.containerPorts.transport Elasticsearch Transport port
1703
##
1704
containerPorts:
1705
restAPI: 9200
1706
transport: 9300
1707
## @param ingest.updateStrategy.type Ingest-only nodes statefulset stategy type
1708
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1709
##
1710
updateStrategy:
1711
type: RollingUpdate
1712
## Elasticsearch resource requests and limits
1713
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1714
## @param ingest.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ingest.resources is set (ingest.resources is recommended for production).
1715
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
1716
##
1717
resourcesPreset: "small"
1718
## @param ingest.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1719
## Example:
1720
## resources:
1721
## requests:
1722
## cpu: 2
1723
## memory: 512Mi
1724
## limits:
1725
## cpu: 3
1726
## memory: 1024Mi
1727
##
1728
resources: {}
1729
## @param ingest.heapSize Elasticsearch ingest-only node heap size.
1730
## Note: The recommended heapSize is half of the container's memory.
1731
## If omitted, it will be automatically set.
1732
## Example:
1733
## heapSize: 128m
1734
##
1735
heapSize: 128m
1736
## Configure Pods Security Context
1737
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1738
## @param ingest.podSecurityContext.enabled Enabled ingest-only pods' Security Context
1739
## @param ingest.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1740
## @param ingest.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1741
## @param ingest.podSecurityContext.supplementalGroups Set filesystem extra groups
1742
## @param ingest.podSecurityContext.fsGroup Set ingest-only pod's Security Context fsGroup
1743
##
1744
podSecurityContext:
1745
enabled: true
1746
fsGroupChangePolicy: Always
1747
sysctls: []
1748
supplementalGroups: []
1749
fsGroup: 1001
1750
## Configure Container Security Context
1751
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1752
## @param ingest.containerSecurityContext.enabled Elasticseacrh ingest container securityContext
1753
## @param ingest.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1754
## @param ingest.containerSecurityContext.runAsUser User ID for the Elasticseacrh ingest container
1755
## @param ingest.containerSecurityContext.runAsGroup Group ID for the Elasticseacrh ingest container
1756
## @param ingest.containerSecurityContext.runAsNonRoot Set Elasticsearch ingest container's Security Context runAsNonRoot
1757
## @param ingest.containerSecurityContext.privileged Set Elasticsearch ingest container's Security Context privileged
1758
## @param ingest.containerSecurityContext.allowPrivilegeEscalation Set Elasticsearch ingest container's Security Context allowPrivilegeEscalation
1759
## @param ingest.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1760
## @param ingest.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1761
## @param ingest.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1762
##
1763
containerSecurityContext:
1764
enabled: true
1765
seLinuxOptions: {}
1766
runAsUser: 1001
1767
runAsGroup: 1001
1768
runAsNonRoot: true
1769
privileged: false
1770
allowPrivilegeEscalation: false
1771
readOnlyRootFilesystem: true
1772
capabilities:
1773
drop: ["ALL"]
1774
seccompProfile:
1775
type: "RuntimeDefault"
1776
## Network Policies
1777
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1778
##
1779
networkPolicy:
1780
## @param ingest.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1781
##
1782
enabled: true
1783
## @param ingest.networkPolicy.allowExternal Don't require server label for connections
1784
## The Policy model to apply. When set to false, only pods with the correct
1785
## server label will have network access to the ports server is listening
1786
## on. When true, server will accept connections from any source
1787
## (with the correct destination port).
1788
##
1789
allowExternal: true
1790
## @param ingest.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1791
##
1792
allowExternalEgress: true
1793
## @param ingest.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1794
## e.g:
1795
## extraIngress:
1796
## - ports:
1797
## - port: 1234
1798
## from:
1799
## - podSelector:
1800
## - matchLabels:
1801
## - role: frontend
1802
## - podSelector:
1803
## - matchExpressions:
1804
## - key: role
1805
## operator: In
1806
## values:
1807
## - frontend
1808
extraIngress: []
1809
## @param ingest.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1810
## e.g:
1811
## extraEgress:
1812
## - ports:
1813
## - port: 1234
1814
## to:
1815
## - podSelector:
1816
## - matchLabels:
1817
## - role: frontend
1818
## - podSelector:
1819
## - matchExpressions:
1820
## - key: role
1821
## operator: In
1822
## values:
1823
## - frontend
1824
##
1825
extraEgress: []
1826
## @param ingest.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1827
## @param ingest.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1828
##
1829
ingressNSMatchLabels: {}
1830
ingressNSPodMatchLabels: {}
1831
## @param ingest.automountServiceAccountToken Mount Service Account token in pod
1832
##
1833
automountServiceAccountToken: false
1834
## @param ingest.hostAliases ingest-only pods host aliases
1835
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1836
##
1837
hostAliases: []
1838
## @param ingest.podLabels Extra labels for ingest-only pods
1839
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1840
##
1841
podLabels: {}
1842
## @param ingest.podAnnotations Annotations for ingest-only pods
1843
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1844
##
1845
podAnnotations: {}
1846
## @param ingest.shareProcessNamespace Share a single process namespace between all of the containers in pod
1847
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
1848
##
1849
shareProcessNamespace: false
1850
## @param ingest.podAffinityPreset Pod affinity preset. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard`
1851
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1852
##
1853
podAffinityPreset: ""
1854
## @param ingest.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard`
1855
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1856
##
1857
podAntiAffinityPreset: ""
1858
## Node ingest.affinity preset
1859
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1860
##
1861
nodeAffinityPreset:
1862
## @param ingest.nodeAffinityPreset.type Node affinity preset type. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard`
1863
##
1864
type: ""
1865
## @param ingest.nodeAffinityPreset.key Node label key to match. Ignored if `ingest.affinity` is set
1866
##
1867
key: ""
1868
## @param ingest.nodeAffinityPreset.values Node label values to match. Ignored if `ingest.affinity` is set
1869
## E.g.
1870
## values:
1871
## - e2e-az1
1872
## - e2e-az2
1873
##
1874
values: []
1875
## @param ingest.affinity Affinity for ingest-only pods assignment
1876
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1877
## NOTE: `ingest.podAffinityPreset`, `ingest.podAntiAffinityPreset`, and `ingest.nodeAffinityPreset` will be ignored when it's set
1878
##
1879
affinity: {}
1880
## @param ingest.nodeSelector Node labels for ingest-only pods assignment
1881
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1882
##
1883
nodeSelector: {}
1884
## @param ingest.tolerations Tolerations for ingest-only pods assignment
1885
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1886
##
1887
tolerations: []
1888
## @param ingest.priorityClassName ingest-only pods' priorityClassName
1889
##
1890
priorityClassName: ""
1891
## @param ingest.schedulerName Name of the k8s scheduler (other than default) for ingest-only pods
1892
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1893
##
1894
schedulerName: ""
1895
## @param ingest.terminationGracePeriodSeconds In seconds, time the given to the Elasticsearch ingest pod needs to terminate gracefully
1896
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
1897
##
1898
terminationGracePeriodSeconds: ""
1899
## @param ingest.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
1900
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1901
##
1902
topologySpreadConstraints: []
1903
## @param ingest.podManagementPolicy podManagementPolicy to manage scaling operation of Elasticsearch ingest pods
1904
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1905
##
1906
podManagementPolicy: "Parallel"
1907
## Configure extra options for Elasticsearch ingest-only containers' liveness, readiness and startup probes
1908
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1909
## @param ingest.startupProbe.enabled Enable/disable the startup probe (ingest-only nodes pod)
1910
## @param ingest.startupProbe.initialDelaySeconds Delay before startup probe is initiated (ingest-only nodes pod)
1911
## @param ingest.startupProbe.periodSeconds How often to perform the probe (ingest-only nodes pod)
1912
## @param ingest.startupProbe.timeoutSeconds When the probe times out (ingest-only nodes pod)
1913
## @param ingest.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod)
1914
## @param ingest.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1915
##
1916
startupProbe:
1917
enabled: false
1918
initialDelaySeconds: 90
1919
periodSeconds: 10
1920
timeoutSeconds: 5
1921
successThreshold: 1
1922
failureThreshold: 5
1923
## @param ingest.livenessProbe.enabled Enable/disable the liveness probe (ingest-only nodes pod)
1924
## @param ingest.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated (ingest-only nodes pod)
1925
## @param ingest.livenessProbe.periodSeconds How often to perform the probe (ingest-only nodes pod)
1926
## @param ingest.livenessProbe.timeoutSeconds When the probe times out (ingest-only nodes pod)
1927
## @param ingest.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod)
1928
## @param ingest.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1929
##
1930
livenessProbe:
1931
enabled: true
1932
initialDelaySeconds: 180
1933
periodSeconds: 10
1934
timeoutSeconds: 5
1935
successThreshold: 1
1936
failureThreshold: 5
1937
## @param ingest.readinessProbe.enabled Enable/disable the readiness probe (ingest-only nodes pod)
1938
## @param ingest.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated (ingest-only nodes pod)
1939
## @param ingest.readinessProbe.periodSeconds How often to perform the probe (ingest-only nodes pod)
1940
## @param ingest.readinessProbe.timeoutSeconds When the probe times out (ingest-only nodes pod)
1941
## @param ingest.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod)
1942
## @param ingest.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1943
##
1944
readinessProbe:
1945
enabled: true
1946
initialDelaySeconds: 90
1947
periodSeconds: 10
1948
timeoutSeconds: 5
1949
successThreshold: 1
1950
failureThreshold: 5
1951
## @param ingest.customStartupProbe Override default startup probe
1952
##
1953
customStartupProbe: {}
1954
## @param ingest.customLivenessProbe Override default liveness probe
1955
##
1956
customLivenessProbe: {}
1957
## @param ingest.customReadinessProbe Override default readiness probe
1958
##
1959
customReadinessProbe: {}
1960
## @param ingest.command Override default container command (useful when using custom images)
1961
##
1962
command: []
1963
## @param ingest.args Override default container args (useful when using custom images)
1964
##
1965
args: []
1966
## @param ingest.lifecycleHooks for the ingest-only container(s) to automate configuration before or after startup
1967
##
1968
lifecycleHooks: {}
1969
## @param ingest.extraEnvVars Array with extra environment variables to add to ingest-only nodes
1970
## e.g:
1971
## extraEnvVars:
1972
## - name: FOO
1973
## value: "bar"
1974
##
1975
extraEnvVars: []
1976
## @param ingest.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for ingest-only nodes
1977
##
1978
extraEnvVarsCM: ""
1979
## @param ingest.extraEnvVarsSecret Name of existing Secret containing extra env vars for ingest-only nodes
1980
##
1981
extraEnvVarsSecret: ""
1982
## @param ingest.extraVolumes Optionally specify extra list of additional volumes for the ingest-only pod(s)
1983
##
1984
extraVolumes: []
1985
## @param ingest.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the ingest-only container(s)
1986
##
1987
extraVolumeMounts: []
1988
## @param ingest.sidecars Add additional sidecar containers to the ingest-only pod(s)
1989
## e.g:
1990
## sidecars:
1991
## - name: your-image-name
1992
## image: your-image
1993
## imagePullPolicy: Always
1994
## ports:
1995
## - name: portname
1996
## containerPort: 1234
1997
##
1998
sidecars: []
1999
## @param ingest.initContainers Add additional init containers to the ingest-only pod(s)
2000
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
2001
## e.g:
2002
## initContainers:
2003
## - name: your-image-name
2004
## image: your-image
2005
## imagePullPolicy: Always
2006
## command: ['sh', '-c', 'echo "hello world"']
2007
##
2008
initContainers: []
2009
## Pods Service Account
2010
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2011
## @param ingest.serviceAccount.create Specifies whether a ServiceAccount should be created
2012
## @param ingest.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
2013
## @param ingest.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
2014
## @param ingest.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
2015
##
2016
serviceAccount:
2017
create: true
2018
name: ""
2019
automountServiceAccountToken: false
2020
annotations: {}
2021
## Enable HorizontalPodAutoscaler for Elasticsearch ingest-only pods
2022
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
2023
## @param ingest.autoscaling.enabled Whether enable horizontal pod autoscale
2024
## @param ingest.autoscaling.minReplicas Configure a minimum amount of pods
2025
## @param ingest.autoscaling.maxReplicas Configure a maximum amount of pods
2026
## @param ingest.autoscaling.targetCPU Define the CPU target to trigger the scaling actions (utilization percentage)
2027
## @param ingest.autoscaling.targetMemory Define the memory target to trigger the scaling actions (utilization percentage)
2028
##
2029
autoscaling:
2030
enabled: false
2031
minReplicas: 3
2032
maxReplicas: 11
2033
targetCPU: ""
2034
targetMemory: ""
2035
## Elasticsearch Ingest-only Service
2036
## Recommended for heavy ingestion, improves performance by sending ingest traffic directly into the ingest nodes.
2037
## NOTE: Ingest nodes will only accept index requests with an associated pipeline, any other request won't be rerouted.
2038
##
2039
service:
2040
## @param ingest.service.enabled Enable Ingest-only service
2041
##
2042
enabled: false
2043
## @param ingest.service.type Elasticsearch ingest-only service type
2044
##
2045
type: ClusterIP
2046
## @param ingest.service.ports.restAPI Elasticsearch service REST API port
2047
## @param ingest.service.ports.transport Elasticsearch service transport port
2048
##
2049
ports:
2050
restAPI: 9200
2051
transport: 9300
2052
## Node ports to expose
2053
## @param ingest.service.nodePorts.restAPI Node port for REST API
2054
## @param ingest.service.nodePorts.transport Node port for REST API
2055
## NOTE: choose port between <30000-32767>
2056
##
2057
nodePorts:
2058
restAPI: ""
2059
transport: ""
2060
## @param ingest.service.clusterIP Elasticsearch ingest-only service Cluster IP
2061
## e.g.:
2062
## clusterIP: None
2063
##
2064
clusterIP: ""
2065
## @param ingest.service.loadBalancerIP Elasticsearch ingest-only service Load Balancer IP
2066
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2067
##
2068
loadBalancerIP: ""
2069
## @param ingest.service.loadBalancerSourceRanges Elasticsearch ingest-only service Load Balancer sources
2070
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2071
## e.g:
2072
## loadBalancerSourceRanges:
2073
## - 10.10.10.0/24
2074
##
2075
loadBalancerSourceRanges: []
2076
## @param ingest.service.externalTrafficPolicy Elasticsearch ingest-only service external traffic policy
2077
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2078
##
2079
externalTrafficPolicy: Cluster
2080
## @param ingest.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
2081
##
2082
extraPorts: []
2083
## @param ingest.service.annotations Additional custom annotations for Elasticsearch ingest-only service
2084
##
2085
annotations: {}
2086
## @param ingest.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
2087
## If "ClientIP", consecutive client requests will be directed to the same Pod
2088
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
2089
##
2090
sessionAffinity: None
2091
## @param ingest.service.sessionAffinityConfig Additional settings for the sessionAffinity
2092
## sessionAffinityConfig:
2093
## clientIP:
2094
## timeoutSeconds: 300
2095
##
2096
sessionAffinityConfig: {}
2097
## Elasticsearch Ingest-only ingress parameters
2098
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
2099
##
2100
ingress:
2101
## @param ingest.ingress.enabled Enable ingress record generation for Elasticsearch
2102
##
2103
enabled: false
2104
## @param ingest.ingress.pathType Ingress path type
2105
##
2106
pathType: ImplementationSpecific
2107
## @param ingest.ingress.apiVersion Force Ingress API version (automatically detected if not set)
2108
##
2109
apiVersion: ""
2110
## @param ingest.ingress.hostname Default host for the ingress record
2111
##
2112
hostname: elasticsearch-ingest.local
2113
## @param ingest.ingress.path Default path for the ingress record
2114
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
2115
##
2116
path: /
2117
## @param ingest.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
2118
## Use this parameter to set the required annotations for cert-manager, see
2119
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
2120
## e.g:
2121
## annotations:
2122
## kubernetes.io/ingress.class: nginx
2123
## cert-manager.io/cluster-issuer: cluster-issuer-name
2124
##
2125
annotations: {}
2126
## @param ingest.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
2127
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
2128
## You can:
2129
## - Use the `ingress.secrets` parameter to create this TLS secret
2130
## - Rely on cert-manager to create it by setting the corresponding annotations
2131
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
2132
##
2133
tls: false
2134
## @param ingest.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
2135
##
2136
selfSigned: false
2137
## @param ingest.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
2138
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
2139
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
2140
##
2141
ingressClassName: ""
2142
## @param ingest.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
2143
## e.g:
2144
## extraHosts:
2145
## - name: elasticsearch.local
2146
## path: /
2147
##
2148
extraHosts: []
2149
## @param ingest.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
2150
## e.g:
2151
## extraPaths:
2152
## - path: /*
2153
## backend:
2154
## serviceName: ssl-redirect
2155
## servicePort: use-annotation
2156
##
2157
extraPaths: []
2158
## @param ingest.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
2159
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
2160
## e.g:
2161
## extraTls:
2162
## - hosts:
2163
## - elasticsearch.local
2164
## secretName: elasticsearch.local-tls
2165
##
2166
extraTls: []
2167
## @param ingest.ingress.secrets Custom TLS certificates as secrets
2168
## NOTE: 'key' and 'certificate' are expected in PEM format
2169
## NOTE: 'name' should line up with a 'secretName' set further up
2170
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
2171
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
2172
## It is also possible to create and manage the certificates outside of this helm chart
2173
## Please see README.md for more information
2174
## e.g:
2175
## secrets:
2176
## - name: elasticsearch.local-tls
2177
## key: |-
2178
## -----BEGIN RSA PRIVATE KEY-----
2179
## ...
2180
## -----END RSA PRIVATE KEY-----
2181
## certificate: |-
2182
## -----BEGIN CERTIFICATE-----
2183
## ...
2184
## -----END CERTIFICATE-----
2185
##
2186
secrets: []
2187
## @param ingest.ingress.extraRules Additional rules to be covered with this ingress record
2188
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
2189
## e.g:
2190
## extraRules:
2191
## - host: example.local
2192
## http:
2193
## path: /
2194
## backend:
2195
## service:
2196
## name: example-svc
2197
## port:
2198
## name: http
2199
##
2200
extraRules: []
2201
## @section Metrics parameters
2202
2203
## Elasticsearch Prometheus exporter configuration
2204
## ref: https://hub.docker.com/r/iamguarded/elasticsearch-exporter/tags/
2205
##
2206
metrics:
2207
## @param metrics.enabled Enable prometheus exporter
2208
##
2209
enabled: false
2210
## @param metrics.nameOverride Metrics pod name
2211
##
2212
nameOverride: ""
2213
## @param metrics.fullnameOverride String to fully override common.names.fullname
2214
##
2215
fullnameOverride: ""
2216
## @param metrics.image.registry [default: REGISTRY_NAME] Metrics exporter image registry
2217
## @param metrics.image.repository [default: REPOSITORY_NAME/elasticsearch-exporter] Metrics exporter image repository
2218
## @skip metrics.image.tag Metrics exporter image tag
2219
## @param metrics.image.digest Metrics exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2220
## @param metrics.image.pullPolicy Metrics exporter image pull policy
2221
## @param metrics.image.pullSecrets Metrics exporter image pull secrets
2222
##
2223
image:
2224
registry: cgr.dev
2225
repository: chainguard-private/prometheus-elasticsearch-exporter-iamguarded
2226
tag: 1.10.0
2227
digest: ""
2228
pullPolicy: IfNotPresent
2229
## Optionally specify an array of imagePullSecrets.
2230
## Secrets must be manually created in the namespace.
2231
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2232
## e.g:
2233
## pullSecrets:
2234
## - myRegistryKeySecretName
2235
##
2236
pullSecrets: []
2237
## @param metrics.annotations [object] Annotations for metrics
2238
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2239
##
2240
annotations:
2241
helm.sh/hook: "post-install,post-upgrade"
2242
helm.sh/hook-weight: "5"
2243
## @param metrics.extraArgs Extra arguments to add to the default exporter command
2244
## ref: https://github.com/justwatchcom/elasticsearch_exporter
2245
## e.g
2246
## extraArgs:
2247
## - --es.snapshots
2248
## - --es.indices
2249
##
2250
extraArgs: []
2251
## @param metrics.automountServiceAccountToken Mount Service Account token in pod
2252
##
2253
automountServiceAccountToken: false
2254
## @param metrics.hostAliases Add deployment host aliases
2255
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
2256
##
2257
hostAliases: []
2258
## @param metrics.schedulerName Name of the k8s scheduler (other than default)
2259
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
2260
##
2261
schedulerName: ""
2262
## @param metrics.priorityClassName Elasticsearch metrics exporter pods' priorityClassName
2263
##
2264
priorityClassName: ""
2265
## Elasticsearch Prometheus exporter container ports
2266
## @param metrics.containerPorts.http Metrics HTTP port
2267
##
2268
containerPorts:
2269
http: 9114
2270
## Network Policies
2271
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
2272
##
2273
networkPolicy:
2274
## @param metrics.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
2275
##
2276
enabled: true
2277
## @param metrics.networkPolicy.allowExternal Don't require server label for connections
2278
## The Policy model to apply. When set to false, only pods with the correct
2279
## server label will have network access to the ports server is listening
2280
## on. When true, server will accept connections from any source
2281
## (with the correct destination port).
2282
##
2283
allowExternal: true
2284
## @param metrics.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
2285
##
2286
allowExternalEgress: true
2287
## @param metrics.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2288
## e.g:
2289
## extraIngress:
2290
## - ports:
2291
## - port: 1234
2292
## from:
2293
## - podSelector:
2294
## - matchLabels:
2295
## - role: frontend
2296
## - podSelector:
2297
## - matchExpressions:
2298
## - key: role
2299
## operator: In
2300
## values:
2301
## - frontend
2302
extraIngress: []
2303
## @param metrics.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
2304
## e.g:
2305
## extraEgress:
2306
## - ports:
2307
## - port: 1234
2308
## to:
2309
## - podSelector:
2310
## - matchLabels:
2311
## - role: frontend
2312
## - podSelector:
2313
## - matchExpressions:
2314
## - key: role
2315
## operator: In
2316
## values:
2317
## - frontend
2318
##
2319
extraEgress: []
2320
## @param metrics.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
2321
## @param metrics.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
2322
##
2323
ingressNSMatchLabels: {}
2324
ingressNSPodMatchLabels: {}
2325
## Elasticsearch Prometheus exporter service type
2326
##
2327
service:
2328
## @param metrics.service.type Metrics exporter endpoint service type
2329
##
2330
type: ClusterIP
2331
## @param metrics.service.port Metrics exporter endpoint service port
2332
##
2333
port: 9114
2334
## @param metrics.service.annotations [object] Provide any additional annotations which may be required.
2335
## This can be used to set the LoadBalancer service type to internal only.
2336
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
2337
##
2338
annotations:
2339
prometheus.io/scrape: "true"
2340
prometheus.io/port: "9114"
2341
## @param metrics.podAffinityPreset Metrics Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2342
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2343
##
2344
podAffinityPreset: ""
2345
## @param metrics.podAntiAffinityPreset Metrics Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2346
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2347
##
2348
podAntiAffinityPreset: ""
2349
## Node affinity preset
2350
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
2351
## @param metrics.nodeAffinityPreset.type Metrics Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2352
## @param metrics.nodeAffinityPreset.key Metrics Node label key to match Ignored if `affinity` is set.
2353
## @param metrics.nodeAffinityPreset.values Metrics Node label values to match. Ignored if `affinity` is set.
2354
##
2355
nodeAffinityPreset:
2356
type: ""
2357
## E.g.
2358
## key: "kubernetes.io/e2e-az-name"
2359
##
2360
key: ""
2361
## E.g.
2362
## values:
2363
## - e2e-az1
2364
## - e2e-az2
2365
##
2366
values: []
2367
## @param metrics.affinity Metrics Affinity for pod assignment
2368
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
2369
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
2370
##
2371
affinity: {}
2372
## @param metrics.nodeSelector Metrics Node labels for pod assignment
2373
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2374
##
2375
nodeSelector: {}
2376
## @param metrics.tolerations Metrics Tolerations for pod assignment
2377
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
2378
##
2379
tolerations: []
2380
## @param metrics.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
2381
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
2382
##
2383
topologySpreadConstraints: []
2384
## Elasticsearch Prometheus exporter resource requests and limits
2385
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2386
## We usually recommend not to specify default resources and to leave this as a conscious
2387
## choice for the user. This also increases chances charts run on environments with little
2388
## resources, such as Minikube. If you do want to specify resources, uncomment the following
2389
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
2390
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
2391
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
2392
##
2393
resourcesPreset: "nano"
2394
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2395
## Example:
2396
## resources:
2397
## requests:
2398
## cpu: 2
2399
## memory: 512Mi
2400
## limits:
2401
## cpu: 3
2402
## memory: 1024Mi
2403
##
2404
resources: {}
2405
## Elasticsearch metrics container's liveness probe
2406
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
2407
## @param metrics.livenessProbe.enabled Enable/disable the liveness probe (metrics pod)
2408
## @param metrics.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated (metrics pod)
2409
## @param metrics.livenessProbe.periodSeconds How often to perform the probe (metrics pod)
2410
## @param metrics.livenessProbe.timeoutSeconds When the probe times out (metrics pod)
2411
## @param metrics.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
2412
## @param metrics.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod)
2413
##
2414
livenessProbe:
2415
enabled: true
2416
initialDelaySeconds: 60
2417
periodSeconds: 10
2418
timeoutSeconds: 5
2419
successThreshold: 1
2420
failureThreshold: 5
2421
## Elasticsearch metrics container's readiness probe
2422
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
2423
## @param metrics.readinessProbe.enabled Enable/disable the readiness probe (metrics pod)
2424
## @param metrics.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated (metrics pod)
2425
## @param metrics.readinessProbe.periodSeconds How often to perform the probe (metrics pod)
2426
## @param metrics.readinessProbe.timeoutSeconds When the probe times out (metrics pod)
2427
## @param metrics.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
2428
## @param metrics.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod)
2429
##
2430
readinessProbe:
2431
enabled: true
2432
initialDelaySeconds: 5
2433
periodSeconds: 10
2434
timeoutSeconds: 1
2435
successThreshold: 1
2436
failureThreshold: 5
2437
## Elasticsearch metrics container's startup probe
2438
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
2439
## @param metrics.startupProbe.enabled Enable/disable the startup probe (metrics pod)
2440
## @param metrics.startupProbe.initialDelaySeconds Delay before startup probe is initiated (metrics pod)
2441
## @param metrics.startupProbe.periodSeconds How often to perform the probe (metrics pod)
2442
## @param metrics.startupProbe.timeoutSeconds When the probe times out (metrics pod)
2443
## @param metrics.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
2444
## @param metrics.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod)
2445
##
2446
startupProbe:
2447
enabled: false
2448
initialDelaySeconds: 5
2449
periodSeconds: 10
2450
timeoutSeconds: 1
2451
successThreshold: 1
2452
failureThreshold: 5
2453
## @param metrics.customStartupProbe Custom liveness probe for the Web component
2454
##
2455
customStartupProbe: {}
2456
## @param metrics.customLivenessProbe Custom liveness probe for the Web component
2457
##
2458
customLivenessProbe: {}
2459
## @param metrics.customReadinessProbe Custom readiness probe for the Web component
2460
##
2461
customReadinessProbe: {}
2462
## @param metrics.podAnnotations [object] Metrics exporter pod Annotation and Labels
2463
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2464
##
2465
podAnnotations:
2466
prometheus.io/scrape: "true"
2467
prometheus.io/port: "9114"
2468
## @param metrics.podLabels Extra labels to add to Pod
2469
##
2470
podLabels: {}
2471
## Configure Pods Security Context
2472
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2473
## @param metrics.podSecurityContext.enabled Enabled Elasticsearch metrics exporter pods' Security Context
2474
## @param metrics.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
2475
## @param metrics.podSecurityContext.sysctls Set kernel settings using the sysctl interface
2476
## @param metrics.podSecurityContext.supplementalGroups Set filesystem extra groups
2477
## @param metrics.podSecurityContext.fsGroup Set Elasticsearch metrics exporter pod's Security Context fsGroup
2478
##
2479
podSecurityContext:
2480
enabled: true
2481
fsGroupChangePolicy: Always
2482
sysctls: []
2483
supplementalGroups: []
2484
fsGroup: 1001
2485
## Configure Container Security Context
2486
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2487
## @param metrics.containerSecurityContext.enabled Elasticseacrh exporter container securityContext
2488
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2489
## @param metrics.containerSecurityContext.runAsUser User ID for the Elasticseacrh exporter container
2490
## @param metrics.containerSecurityContext.runAsGroup Group ID for the Elasticseacrh exporter container
2491
## @param metrics.containerSecurityContext.runAsNonRoot Set Elasticsearch exporter container's Security Context runAsNonRoot
2492
## @param metrics.containerSecurityContext.privileged Set Elasticsearch exporter container's Security Context privileged
2493
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Elasticsearch exporter container's Security Context allowPrivilegeEscalation
2494
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
2495
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
2496
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
2497
##
2498
containerSecurityContext:
2499
enabled: true
2500
seLinuxOptions: {}
2501
runAsUser: 1001
2502
runAsGroup: 1001
2503
runAsNonRoot: true
2504
privileged: false
2505
allowPrivilegeEscalation: false
2506
readOnlyRootFilesystem: true
2507
capabilities:
2508
drop: ["ALL"]
2509
seccompProfile:
2510
type: "RuntimeDefault"
2511
## @param metrics.command Override default container command (useful when using custom images)
2512
##
2513
command: []
2514
## @param metrics.args Override default container args (useful when using custom images)
2515
##
2516
args: []
2517
## @param metrics.extraEnvVars Array with extra environment variables to add to Elasticsearch metrics exporter nodes
2518
## e.g:
2519
## extraEnvVars:
2520
## - name: FOO
2521
## value: "bar"
2522
##
2523
extraEnvVars: []
2524
## @param metrics.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Elasticsearch metrics exporter nodes
2525
##
2526
extraEnvVarsCM: ""
2527
## @param metrics.extraEnvVarsSecret Name of existing Secret containing extra env vars for Elasticsearch metrics exporter nodes
2528
##
2529
extraEnvVarsSecret: ""
2530
## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Elasticsearch metrics exporter pod(s)
2531
##
2532
extraVolumes: []
2533
## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Elasticsearch metrics exporter container(s)
2534
##
2535
extraVolumeMounts: []
2536
## @param metrics.sidecars Add additional sidecar containers to the Elasticsearch metrics exporter pod(s)
2537
## e.g:
2538
## sidecars:
2539
## - name: your-image-name
2540
## image: your-image
2541
## imagePullPolicy: Always
2542
## ports:
2543
## - name: portname
2544
## containerPort: 1234
2545
##
2546
sidecars: []
2547
## @param metrics.initContainers Add additional init containers to the Elasticsearch metrics exporter pod(s)
2548
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
2549
## e.g:
2550
## initContainers:
2551
## - name: your-image-name
2552
## image: your-image
2553
## imagePullPolicy: Always
2554
## command: ['sh', '-c', 'echo "hello world"']
2555
##
2556
initContainers: []
2557
## Pods Service Account
2558
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2559
## @param metrics.serviceAccount.create Specifies whether a ServiceAccount should be created
2560
## @param metrics.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
2561
## @param metrics.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
2562
## @param metrics.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
2563
##
2564
serviceAccount:
2565
create: true
2566
name: ""
2567
automountServiceAccountToken: false
2568
annotations: {}
2569
## Prometheus Operator ServiceMonitor configuration
2570
##
2571
serviceMonitor:
2572
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
2573
##
2574
enabled: false
2575
## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in
2576
## e.g:
2577
## namespace: monitoring
2578
##
2579
namespace: ""
2580
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
2581
##
2582
jobLabel: ""
2583
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
2584
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2585
##
2586
interval: ""
2587
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
2588
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2589
##
2590
scrapeTimeout: ""
2591
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
2592
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
2593
##
2594
relabelings: []
2595
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
2596
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
2597
##
2598
metricRelabelings: []
2599
## @param metrics.serviceMonitor.selector ServiceMonitor selector labels
2600
## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration
2601
##
2602
## selector:
2603
## prometheus: my-prometheus
2604
##
2605
selector: {}
2606
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
2607
##
2608
labels: {}
2609
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
2610
##
2611
honorLabels: false
2612
## Prometheus Operator PrometheusRule configuration
2613
##
2614
prometheusRule:
2615
## @param metrics.prometheusRule.enabled Creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`)
2616
##
2617
enabled: false
2618
## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace)
2619
##
2620
namespace: ""
2621
## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus
2622
##
2623
additionalLabels: {}
2624
## @param metrics.prometheusRule.rules Prometheus Rule definitions
2625
# - alert: es cluster error
2626
# annotations:
2627
# summary: "es cluster error"
2628
# description: "es cluster error, cluster state {{`{{`}} $labels.color {{`}}`}}"
2629
# expr: elasticsearch_cluster_health_status{color="red"} ==1 or elasticsearch_cluster_health_status{color="yellow"} ==1
2630
# for: 1m
2631
# labels:
2632
# severity: critical
2633
# group: PaaS
2634
##
2635
rules: []
2636
## @section Init Container Parameters
2637
2638
## 'volumePermissions' init container parameters
2639
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
2640
## based on the *podSecurityContext/*containerSecurityContext parameters
2641
##
2642
volumePermissions:
2643
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
2644
##
2645
enabled: false
2646
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
2647
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name
2648
## @skip volumePermissions.image.tag Init container volume-permissions image tag
2649
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2650
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
2651
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
2652
##
2653
image:
2654
registry: cgr.dev
2655
repository: chainguard-private/os-shell-iamguarded
2656
tag: 1.0.0
2657
digest: ""
2658
pullPolicy: IfNotPresent
2659
## Optionally specify an array of imagePullSecrets.
2660
## Secrets must be manually created in the namespace.
2661
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2662
## e.g:
2663
## pullSecrets:
2664
## - myRegistryKeySecretName
2665
##
2666
pullSecrets: []
2667
## Init container' resource requests and limits
2668
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2669
## We usually recommend not to specify default resources and to leave this as a conscious
2670
## choice for the user. This also increases chances charts run on environments with little
2671
## resources, such as Minikube. If you do want to specify resources, uncomment the following
2672
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
2673
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
2674
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
2675
##
2676
resourcesPreset: "nano"
2677
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2678
## Example:
2679
## resources:
2680
## requests:
2681
## cpu: 2
2682
## memory: 512Mi
2683
## limits:
2684
## cpu: 3
2685
## memory: 1024Mi
2686
##
2687
resources: {}
2688
## Kernel settings modifier image
2689
##
2690
sysctlImage:
2691
## @param sysctlImage.enabled Enable kernel settings modifier image
2692
##
2693
enabled: true
2694
## @param sysctlImage.registry [default: REGISTRY_NAME] Kernel settings modifier image registry
2695
## @param sysctlImage.repository [default: REPOSITORY_NAME/os-shell] Kernel settings modifier image repository
2696
## @skip sysctlImage.tag Kernel settings modifier image tag
2697
## @param sysctlImage.digest Kernel settings modifier image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2698
## @param sysctlImage.pullPolicy Kernel settings modifier image pull policy
2699
## @param sysctlImage.pullSecrets Kernel settings modifier image pull secrets
2700
##
2701
registry: cgr.dev
2702
repository: chainguard-private/os-shell-iamguarded
2703
tag: 1.0.0
2704
digest: ""
2705
## Specify a imagePullPolicy
2706
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
2707
##
2708
pullPolicy: IfNotPresent
2709
## Optionally specify an array of imagePullSecrets.
2710
## Secrets must be manually created in the namespace.
2711
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2712
## e.g:
2713
## pullSecrets:
2714
## - myRegistryKeySecretName
2715
##
2716
pullSecrets: []
2717
## Init container' resource requests and limits
2718
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2719
## We usually recommend not to specify default resources and to leave this as a conscious
2720
## choice for the user. This also increases chances charts run on environments with little
2721
## resources, such as Minikube. If you do want to specify resources, uncomment the following
2722
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
2723
## @param sysctlImage.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctlImage.resources is set (sysctlImage.resources is recommended for production).
2724
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
2725
##
2726
resourcesPreset: "nano"
2727
## @param sysctlImage.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2728
## Example:
2729
## resources:
2730
## requests:
2731
## cpu: 2
2732
## memory: 512Mi
2733
## limits:
2734
## cpu: 3
2735
## memory: 1024Mi
2736
##
2737
resources: {}
2738
## @section Kibana Parameters
2739
2740
## Bundled Kibana parameters
2741
## @param kibana.elasticsearch.hosts [array] Array containing hostnames for the ES instances. Used to generate the URL
2742
## @param kibana.elasticsearch.port Port to connect Kibana and ES instance. Used to generate the URL
2743
##
2744
kibana:
2745
elasticsearch:
2746
hosts:
2747
- '{{ include "elasticsearch.service.name" . }}'
2748
port: '{{ include "elasticsearch.service.ports.restAPI" . }}'
2749
image:
2750
registry: cgr.dev
2751
repository: chainguard-private/kibana-iamguarded
2752
tag: 9.3.1
2753
digest: ""
2754
volumePermissions:
2755
image:
2756
registry: cgr.dev
2757
repository: chainguard-private/os-shell-iamguarded
2758
tag: 1.0.0
2759
digest: ""
2760