elasticsearch
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
15
## @param global.imageRegistry Global Docker image registry
16
## @param global.imagePullSecrets Global Docker registry secret names as an array
17
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
18
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
19
## @param global.elasticsearch.service.name Elasticsearch service name to be referenced by the Kibana subchart (ignored if kibanaEnabled=false or global.elasticsearch.service.fullname is set)
20
## @param global.elasticsearch.service.fullname Full Elasticsearch service name to be referenced by the Kibana subchart (ignored if kibanaEnabled=false)
21
## @param global.elasticsearch.service.ports.restAPI Elasticsearch service restAPI port to be used in the Kibana subchart (ignored if kibanaEnabled=false)
22
## @param global.kibanaEnabled Whether or not to enable Kibana
23
##
24
global:
25
imageRegistry: ""
26
## E.g.
27
## imagePullSecrets:
28
## - myRegistryKeySecretName
29
##
30
imagePullSecrets: []
31
defaultStorageClass: ""
32
storageClass: ""
33
## Security parameters
34
##
35
security:
36
## @param global.security.allowInsecureImages Allows skipping image verification
37
allowInsecureImages: false
38
elasticsearch:
39
service:
40
name: elasticsearch
41
fullname: ""
42
ports:
43
restAPI: 9200
44
kibanaEnabled: false
45
## Compatibility adaptations for Kubernetes platforms
46
##
47
compatibility:
48
## Compatibility adaptations for Openshift
49
##
50
openshift:
51
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
52
##
53
adaptSecurityContext: auto
54
org: ""
55
## @section Common parameters
56
57
## @param kubeVersion Override Kubernetes version
58
##
59
kubeVersion: ""
60
## @param nameOverride String to partially override common.names.fullname
61
##
62
nameOverride: ""
63
## @param fullnameOverride String to fully override common.names.fullname
64
##
65
fullnameOverride: ""
66
## @param commonLabels Labels to add to all deployed objects
67
##
68
commonLabels: {}
69
## @param commonAnnotations Annotations to add to all deployed objects
70
##
71
commonAnnotations: {}
72
## @param clusterDomain Kubernetes cluster domain name
73
##
74
clusterDomain: cluster.local
75
## @param extraDeploy Array of extra objects to deploy with the release
76
##
77
extraDeploy: []
78
## @param namespaceOverride String to fully override common.names.namespace
79
##
80
namespaceOverride: ""
81
## @param usePasswordFiles Mount credentials as files instead of using environment variables
82
##
83
usePasswordFiles: true
84
## Enable diagnostic mode in the deployment
85
##
86
diagnosticMode:
87
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
88
##
89
enabled: false
90
## @param diagnosticMode.command Command to override all containers in the deployment
91
##
92
command:
93
- sleep
94
## @param diagnosticMode.args Args to override all containers in the deployment
95
##
96
args:
97
- infinity
98
## @section Elasticsearch cluster Parameters
99
100
## @param clusterName Elasticsearch cluster name
101
##
102
clusterName: elastic
103
## @param containerPorts.restAPI Elasticsearch REST API port
104
## @param containerPorts.transport Elasticsearch Transport port
105
##
106
containerPorts:
107
restAPI: 9200
108
transport: 9300
109
## @param plugins Comma, semi-colon or space separated list of plugins to install at initialization
110
##
111
plugins: ""
112
## @param snapshotRepoPath File System snapshot repository path
113
##
114
snapshotRepoPath: ""
115
## @param config Override elasticsearch configuration
116
##
117
config: {}
118
## @param extraConfig Append extra configuration to the elasticsearch node configuration
119
## Use this instead of `config` to add more configuration
120
## See below example:
121
## extraConfig:
122
## node:
123
## store:
124
## allow_mmap: false
125
## ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html
126
##
127
extraConfig: {}
128
## @param extraHosts A list of external hosts which are part of this cluster
129
## Example Use Case: When you have a cluster with nodes spaned acorss multiple K8s or namespaces
130
## extraHosts:
131
## - datacenter2-elasticsearch-master-hl.namespace2.svc
132
## - datacenter2-elasticsearch-data-hl.namespace2.svc
133
extraHosts: []
134
## @param extraVolumes A list of volumes to be added to the pod
135
## Example Use Case: mount ssl certificates when elasticsearch has tls enabled
136
## extraVolumes:
137
## - name: es-certs
138
## secret:
139
## defaultMode: 420
140
## secretName: es-certs
141
extraVolumes: []
142
## @param extraVolumeMounts A list of volume mounts to be added to the pod
143
## extraVolumeMounts:
144
## - name: es-certs
145
## mountPath: /certs
146
## readOnly: true
147
extraVolumeMounts: []
148
## @param initScripts Dictionary of init scripts. Evaluated as a template.
149
## Specify dictionary of scripts to be run at first boot
150
## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
151
## For example:
152
## initScripts:
153
## my_init_script.sh: |
154
## #!/bin/sh
155
## echo "Do something."
156
##
157
initScripts: {}
158
## @param initScriptsCM ConfigMap with the init scripts. Evaluated as a template.
159
## Note: This will override initScripts
160
##
161
initScriptsCM: ""
162
## @param initScriptsSecret Secret containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time that contain sensitive data. Evaluated as a template.
163
##
164
initScriptsSecret: ""
165
## @param extraEnvVars Array containing extra env vars to be added to all pods (evaluated as a template)
166
## For example:
167
## extraEnvVars:
168
## - name: MY_ENV_VAR
169
## value: env_var_value
170
##
171
extraEnvVars: []
172
## @param extraEnvVarsCM ConfigMap containing extra env vars to be added to all pods (evaluated as a template)
173
##
174
extraEnvVarsCM: ""
175
## @param extraEnvVarsSecret Secret containing extra env vars to be added to all pods (evaluated as a template)
176
##
177
extraEnvVarsSecret: ""
178
## @param sidecars Add additional sidecar containers to the all elasticsearch node pod(s)
179
## e.g:
180
## sidecars:
181
## - name: your-image-name
182
## image: your-image
183
## imagePullPolicy: Always
184
## ports:
185
## - name: portname
186
## containerPort: 1234
187
##
188
sidecars: []
189
## @param initContainers Add additional init containers to the all elasticsearch node pod(s)
190
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
191
## e.g:
192
## initContainers:
193
## - name: your-image-name
194
## image: your-image
195
## imagePullPolicy: Always
196
## command: ['sh', '-c', 'echo "hello world"']
197
##
198
initContainers: []
199
## @param enableDefaultInitContainers enables (or disables if false) the default init containers (sysctl, volume permissions, copy plugins etc...)
200
##
201
enableDefaultInitContainers: true
202
## @param useIstioLabels Use this variable to add Istio labels to all pods
203
##
204
useIstioLabels: true
205
## Iamguarded Elasticsearch image
206
## @param image.registry [default: REGISTRY_NAME] Elasticsearch image registry
207
## @param image.repository [default: REPOSITORY_NAME/elasticsearch] Elasticsearch image repository
208
## @skip image.tag Elasticsearch image tag (immutable tags are recommended)
209
## @param image.digest Elasticsearch image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
210
## @param image.pullPolicy Elasticsearch image pull policy
211
## @param image.pullSecrets Elasticsearch image pull secrets
212
## @param image.debug Enable Elasticsearch image debug mode
213
##
214
image:
215
registry: cgr.dev
216
repository: chainguard-private/elasticsearch-iamguarded
217
tag: 9.3.1
218
digest: ""
219
## Specify a imagePullPolicy
220
## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
221
##
222
pullPolicy: IfNotPresent
223
## Optionally specify an array of imagePullSecrets.
224
## Secrets must be manually created in the namespace.
225
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
226
## e.g:
227
## pullSecrets:
228
## - myRegistryKeySecretName
229
##
230
pullSecrets: []
231
## Enable debug mode
232
##
233
debug: false
234
## X-Pack security parameters
235
## Note: TLS configuration is required in order to configure password authentication
236
##
237
security:
238
## @param security.enabled Enable X-Pack Security settings
239
##
240
enabled: false
241
## @param security.elasticPassword Password for 'elastic' user
242
##
243
elasticPassword: ""
244
## @param security.existingSecret Name of the existing secret containing the Elasticsearch password (expected key: `elasticsearch-password`)
245
##
246
existingSecret: ""
247
## FIPS mode
248
## @param security.fipsMode Configure elasticsearch with FIPS 140 compliant mode
249
## Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/fips-140-compliance.html
250
##
251
fipsMode: false
252
## TLS configuration
253
##
254
tls:
255
## @param security.tls.restEncryption Enable SSL/TLS encryption for Elasticsearch REST API.
256
##
257
restEncryption: true
258
## @param security.tls.autoGenerated Create self-signed TLS certificates.
259
## NOTE: If autoGenerated certs are enabled and a new node type is enabled using helm upgrade, make sure you remove previously existing Elasticsearch TLS secrets.
260
## Otherwise, the new node certs won't match the existing certs.
261
##
262
autoGenerated: false
263
## @param security.tls.verificationMode Verification mode for SSL communications.
264
## Supported values: full, certificate, none.
265
## Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html
266
##
267
verificationMode: "full"
268
## @param security.tls.master.existingSecret Existing secret containing the certificates for the master nodes
269
## @param security.tls.data.existingSecret Existing secret containing the certificates for the data nodes
270
## @param security.tls.ingest.existingSecret Existing secret containing the certificates for the ingest nodes
271
## @param security.tls.coordinating.existingSecret Existing secret containing the certificates for the coordinating nodes
272
##
273
master:
274
existingSecret: ""
275
data:
276
existingSecret: ""
277
ingest:
278
existingSecret: ""
279
coordinating:
280
existingSecret: ""
281
## @param security.tls.keystoreFilename Name of the keystore file
282
##
283
keystoreFilename: elasticsearch.keystore.jks
284
## @param security.tls.truststoreFilename Name of the truststore
285
##
286
truststoreFilename: elasticsearch.truststore.jks
287
## @param security.tls.usePemCerts Use this variable if your secrets contain PEM certificates instead of JKS/PKCS12
288
## Ignored when using autoGenerated certs.
289
##
290
usePemCerts: false
291
## @param security.tls.passwordsSecret Existing secret containing the Keystore and Truststore passwords, or key password if PEM certs are used
292
##
293
passwordsSecret: ""
294
## @param security.tls.keystorePassword Password to access the JKS/PKCS12 keystore or PEM key when they are password-protected.
295
## Ignored if security.tls.passwordsSecret is provided.
296
##
297
keystorePassword: ""
298
## @param security.tls.truststorePassword Password to access the JKS/PKCS12 truststore when they are password-protected.
299
## Ignored if security.tls.passwordsSecret is provided.
300
##
301
truststorePassword: ""
302
## @param security.tls.keyPassword Password to access the PEM key when they are password-protected.
303
## Ignored if security.tls.passwordsSecret is provided.
304
##
305
keyPassword: ""
306
## @param security.tls.secretKeystoreKey Name of the secret key containing the Keystore password
307
##
308
secretKeystoreKey: ""
309
## @param security.tls.secretTruststoreKey Name of the secret key containing the Truststore password
310
##
311
secretTruststoreKey: ""
312
## @param security.tls.secretKey Name of the secret key containing the PEM key password
313
##
314
secretKey: ""
315
## @section Traffic Exposure Parameters
316
##
317
318
## Elasticsearch service parameters
319
##
320
service:
321
## @param service.type Elasticsearch service type
322
##
323
type: ClusterIP
324
## @param service.ports.restAPI Elasticsearch service REST API port
325
## @param service.ports.transport Elasticsearch service transport port
326
##
327
ports:
328
restAPI: 9200
329
transport: 9300
330
## Node ports to expose
331
## @param service.nodePorts.restAPI Node port for REST API
332
## @param service.nodePorts.transport Node port for REST API
333
## NOTE: choose port between <30000-32767>
334
##
335
nodePorts:
336
restAPI: ""
337
transport: ""
338
## @param service.clusterIP Elasticsearch service Cluster IP
339
## e.g.:
340
## clusterIP: None
341
##
342
clusterIP: ""
343
## @param service.loadBalancerIP Elasticsearch service Load Balancer IP
344
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
345
##
346
loadBalancerIP: ""
347
## @param service.loadBalancerSourceRanges Elasticsearch service Load Balancer sources
348
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
349
## e.g:
350
## loadBalancerSourceRanges:
351
## - 10.10.10.0/24
352
##
353
loadBalancerSourceRanges: []
354
## @param service.externalTrafficPolicy Elasticsearch service external traffic policy
355
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
356
##
357
externalTrafficPolicy: Cluster
358
## @param service.annotations Additional custom annotations for Elasticsearch service
359
##
360
annotations: {}
361
## @param service.extraPorts Extra ports to expose in Elasticsearch service (normally used with the `sidecars` value)
362
##
363
extraPorts: []
364
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
365
## If "ClientIP", consecutive client requests will be directed to the same Pod
366
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
367
##
368
sessionAffinity: None
369
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
370
## sessionAffinityConfig:
371
## clientIP:
372
## timeoutSeconds: 300
373
##
374
sessionAffinityConfig: {}
375
## Elasticsearch ingress parameters
376
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
377
##
378
ingress:
379
## @param ingress.enabled Enable ingress record generation for Elasticsearch
380
##
381
enabled: false
382
## @param ingress.pathType Ingress path type
383
##
384
pathType: ImplementationSpecific
385
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
386
##
387
apiVersion: ""
388
## @param ingress.hostname Default host for the ingress record
389
##
390
hostname: elasticsearch.local
391
## @param ingress.path Default path for the ingress record
392
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
393
##
394
path: /
395
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
396
## Use this parameter to set the required annotations for cert-manager, see
397
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
398
## e.g:
399
## annotations:
400
## kubernetes.io/ingress.class: nginx
401
## cert-manager.io/cluster-issuer: cluster-issuer-name
402
##
403
annotations: {}
404
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
405
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
406
## You can:
407
## - Use the `ingress.secrets` parameter to create this TLS secret
408
## - Rely on cert-manager to create it by setting the corresponding annotations
409
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
410
##
411
tls: false
412
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
413
##
414
selfSigned: false
415
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
416
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
417
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
418
##
419
ingressClassName: ""
420
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
421
## e.g:
422
## extraHosts:
423
## - name: elasticsearch.local
424
## path: /
425
##
426
extraHosts: []
427
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
428
## e.g:
429
## extraPaths:
430
## - path: /*
431
## backend:
432
## serviceName: ssl-redirect
433
## servicePort: use-annotation
434
##
435
extraPaths: []
436
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
437
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
438
## e.g:
439
## extraTls:
440
## - hosts:
441
## - elasticsearch.local
442
## secretName: elasticsearch.local-tls
443
##
444
extraTls: []
445
## @param ingress.secrets Custom TLS certificates as secrets
446
## NOTE: 'key' and 'certificate' are expected in PEM format
447
## NOTE: 'name' should line up with a 'secretName' set further up
448
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
449
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
450
## It is also possible to create and manage the certificates outside of this helm chart
451
## Please see README.md for more information
452
## e.g:
453
## secrets:
454
## - name: elasticsearch.local-tls
455
## key: |-
456
## -----BEGIN RSA PRIVATE KEY-----
457
## ...
458
## -----END RSA PRIVATE KEY-----
459
## certificate: |-
460
## -----BEGIN CERTIFICATE-----
461
## ...
462
## -----END CERTIFICATE-----
463
##
464
secrets: []
465
## @param ingress.extraRules Additional rules to be covered with this ingress record
466
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
467
## e.g:
468
## extraRules:
469
## - host: example.local
470
## http:
471
## path: /
472
## backend:
473
## service:
474
## name: example-svc
475
## port:
476
## name: http
477
##
478
extraRules: []
479
## @section Master-elegible nodes parameters
480
master:
481
## @param master.masterOnly Deploy the Elasticsearch master-elegible nodes as master-only nodes. Recommended for high-demand deployments.
482
## If you are
483
masterOnly: true
484
## @param master.replicaCount Number of master-elegible replicas to deploy
485
##
486
replicaCount: 2
487
## @param master.extraRoles Append extra roles to the node role
488
##
489
extraRoles: []
490
## Pod Disruption Budget configuration
491
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
492
## @param master.pdb.create Enable/disable a Pod Disruption Budget creation
493
## @param master.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
494
## @param master.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
495
##
496
pdb:
497
create: true
498
minAvailable: ""
499
maxUnavailable: ""
500
## @param master.nameOverride String to partially override elasticsearch.master.fullname
501
##
502
nameOverride: ""
503
## @param master.fullnameOverride String to fully override elasticsearch.master.fullname
504
##
505
fullnameOverride: ""
506
## @param master.servicenameOverride String to fully override elasticsearch.master.servicename
507
##
508
servicenameOverride: ""
509
## @param master.annotations [object] Annotations for the master statefulset
510
##
511
annotations: {}
512
## @param master.updateStrategy.type Master-elegible nodes statefulset stategy type
513
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
514
##
515
updateStrategy:
516
type: RollingUpdate
517
## Elasticsearch resource requests and limits
518
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
519
## We usually recommend not to specify default resources and to leave this as a conscious
520
## choice for the user. This also increases chances charts run on environments with little
521
## resources, such as Minikube. If you do want to specify resources, uncomment the following
522
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
523
## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
524
##
525
resourcesPreset: "small"
526
## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
527
## Example:
528
## resources:
529
## requests:
530
## cpu: 2
531
## memory: 512Mi
532
## limits:
533
## cpu: 3
534
## memory: 1024Mi
535
##
536
resources: {}
537
## @param master.heapSize Elasticsearch master-eligible node heap size.
538
## Note: The recommended heapSize is half of the container's memory.
539
## If omitted, it will be automatically set.
540
## Example:
541
## heapSize: 128m
542
##
543
heapSize: 128m
544
## Configure Pods Security Context
545
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
546
## @param master.podSecurityContext.enabled Enabled master-elegible pods' Security Context
547
## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
548
## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface
549
## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups
550
## @param master.podSecurityContext.fsGroup Set master-elegible pod's Security Context fsGroup
551
##
552
podSecurityContext:
553
enabled: true
554
fsGroupChangePolicy: Always
555
sysctls: []
556
supplementalGroups: []
557
fsGroup: 1001
558
## Configure Container Security Context
559
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
560
## @param master.containerSecurityContext.enabled Elasticseacrh master-eligible container securityContext
561
## @param master.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
562
## @param master.containerSecurityContext.runAsUser User ID for the Elasticseacrh master-eligible container
563
## @param master.containerSecurityContext.runAsGroup Group ID for the Elasticseacrh master-eligible container
564
## @param master.containerSecurityContext.runAsNonRoot Set Elasticsearch master-eligible container's Security Context runAsNonRoot
565
## @param master.containerSecurityContext.privileged Set Elasticsearch master-eligible container's Security Context privileged
566
## @param master.containerSecurityContext.allowPrivilegeEscalation Set Elasticsearch master-eligible container's Security Context allowPrivilegeEscalation
567
## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
568
## @param master.containerSecurityContext.capabilities.drop List of capabilities to be dropped
569
## @param master.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
570
##
571
containerSecurityContext:
572
enabled: true
573
seLinuxOptions: {}
574
runAsUser: 1001
575
runAsGroup: 1001
576
runAsNonRoot: true
577
privileged: false
578
allowPrivilegeEscalation: false
579
readOnlyRootFilesystem: true
580
capabilities:
581
drop: ["ALL"]
582
seccompProfile:
583
type: "RuntimeDefault"
584
## Network Policies
585
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
586
##
587
networkPolicy:
588
## @param master.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
589
##
590
enabled: true
591
## @param master.networkPolicy.allowExternal Don't require server label for connections
592
## The Policy model to apply. When set to false, only pods with the correct
593
## server label will have network access to the ports server is listening
594
## on. When true, server will accept connections from any source
595
## (with the correct destination port).
596
##
597
allowExternal: true
598
## @param master.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
599
##
600
allowExternalEgress: true
601
## @param master.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
602
## e.g:
603
## extraIngress:
604
## - ports:
605
## - port: 1234
606
## from:
607
## - podSelector:
608
## - matchLabels:
609
## - role: frontend
610
## - podSelector:
611
## - matchExpressions:
612
## - key: role
613
## operator: In
614
## values:
615
## - frontend
616
extraIngress: []
617
## @param master.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
618
## e.g:
619
## extraEgress:
620
## - ports:
621
## - port: 1234
622
## to:
623
## - podSelector:
624
## - matchLabels:
625
## - role: frontend
626
## - podSelector:
627
## - matchExpressions:
628
## - key: role
629
## operator: In
630
## values:
631
## - frontend
632
##
633
extraEgress: []
634
## @param master.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
635
## @param master.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
636
##
637
ingressNSMatchLabels: {}
638
ingressNSPodMatchLabels: {}
639
## @param master.automountServiceAccountToken Mount Service Account token in pod
640
##
641
automountServiceAccountToken: false
642
## @param master.hostAliases master-elegible pods host aliases
643
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
644
##
645
hostAliases: []
646
## @param master.podLabels Extra labels for master-elegible pods
647
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
648
##
649
podLabels: {}
650
## @param master.podAnnotations Annotations for master-elegible pods
651
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
652
##
653
podAnnotations: {}
654
## @param master.shareProcessNamespace Share a single process namespace between all of the containers in pod
655
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
656
##
657
shareProcessNamespace: false
658
## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
659
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
660
##
661
podAffinityPreset: ""
662
## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
663
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
664
##
665
podAntiAffinityPreset: ""
666
## Node master.affinity preset
667
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
668
##
669
nodeAffinityPreset:
670
## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
671
##
672
type: ""
673
## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set
674
##
675
key: ""
676
## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set
677
## E.g.
678
## values:
679
## - e2e-az1
680
## - e2e-az2
681
##
682
values: []
683
## @param master.affinity Affinity for master-elegible pods assignment
684
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
685
## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set
686
##
687
affinity: {}
688
## @param master.nodeSelector Node labels for master-elegible pods assignment
689
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
690
##
691
nodeSelector: {}
692
## @param master.tolerations Tolerations for master-elegible pods assignment
693
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
694
##
695
tolerations: []
696
## @param master.priorityClassName master-elegible pods' priorityClassName
697
##
698
priorityClassName: ""
699
## @param master.schedulerName Name of the k8s scheduler (other than default) for master-elegible pods
700
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
701
##
702
schedulerName: ""
703
## @param master.terminationGracePeriodSeconds In seconds, time the given to the Elasticsearch Master pod needs to terminate gracefully
704
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
705
##
706
terminationGracePeriodSeconds: ""
707
## @param master.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
708
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
709
##
710
topologySpreadConstraints: []
711
## @param master.podManagementPolicy podManagementPolicy to manage scaling operation of Elasticsearch master pods
712
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
713
##
714
podManagementPolicy: "Parallel"
715
## Configure extra options for Elasticsearch master-elegible containers' liveness, readiness and startup probes
716
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
717
## @param master.startupProbe.enabled Enable/disable the startup probe (master nodes pod)
718
## @param master.startupProbe.initialDelaySeconds Delay before startup probe is initiated (master nodes pod)
719
## @param master.startupProbe.periodSeconds How often to perform the probe (master nodes pod)
720
## @param master.startupProbe.timeoutSeconds When the probe times out (master nodes pod)
721
## @param master.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (master nodes pod)
722
## @param master.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
723
##
724
startupProbe:
725
enabled: false
726
initialDelaySeconds: 90
727
periodSeconds: 10
728
timeoutSeconds: 5
729
successThreshold: 1
730
failureThreshold: 5
731
## @param master.livenessProbe.enabled Enable/disable the liveness probe (master-eligible nodes pod)
732
## @param master.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated (master-eligible nodes pod)
733
## @param master.livenessProbe.periodSeconds How often to perform the probe (master-eligible nodes pod)
734
## @param master.livenessProbe.timeoutSeconds When the probe times out (master-eligible nodes pod)
735
## @param master.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (master-eligible nodes pod)
736
## @param master.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
737
##
738
livenessProbe:
739
enabled: true
740
initialDelaySeconds: 180
741
periodSeconds: 10
742
timeoutSeconds: 5
743
successThreshold: 1
744
failureThreshold: 5
745
## @param master.readinessProbe.enabled Enable/disable the readiness probe (master-eligible nodes pod)
746
## @param master.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated (master-eligible nodes pod)
747
## @param master.readinessProbe.periodSeconds How often to perform the probe (master-eligible nodes pod)
748
## @param master.readinessProbe.timeoutSeconds When the probe times out (master-eligible nodes pod)
749
## @param master.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (master-eligible nodes pod)
750
## @param master.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
751
##
752
readinessProbe:
753
enabled: true
754
initialDelaySeconds: 90
755
periodSeconds: 10
756
timeoutSeconds: 5
757
successThreshold: 1
758
failureThreshold: 5
759
## @param master.customStartupProbe Override default startup probe
760
##
761
customStartupProbe: {}
762
## @param master.customLivenessProbe Override default liveness probe
763
##
764
customLivenessProbe: {}
765
## @param master.customReadinessProbe Override default readiness probe
766
##
767
customReadinessProbe: {}
768
## @param master.command Override default container command (useful when using custom images)
769
##
770
command: []
771
## @param master.args Override default container args (useful when using custom images)
772
##
773
args: []
774
## @param master.lifecycleHooks for the master-elegible container(s) to automate configuration before or after startup
775
##
776
lifecycleHooks: {}
777
## @param master.extraEnvVars Array with extra environment variables to add to master-elegible nodes
778
## e.g:
779
## extraEnvVars:
780
## - name: FOO
781
## value: "bar"
782
##
783
extraEnvVars: []
784
## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for master-elegible nodes
785
##
786
extraEnvVarsCM: ""
787
## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for master-elegible nodes
788
##
789
extraEnvVarsSecret: ""
790
## @param master.extraVolumes Optionally specify extra list of additional volumes for the master-elegible pod(s)
791
##
792
extraVolumes: []
793
## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the master-elegible container(s)
794
##
795
extraVolumeMounts: []
796
## @param master.sidecars Add additional sidecar containers to the master-elegible pod(s)
797
## e.g:
798
## sidecars:
799
## - name: your-image-name
800
## image: your-image
801
## imagePullPolicy: Always
802
## ports:
803
## - name: portname
804
## containerPort: 1234
805
##
806
sidecars: []
807
## @param master.initContainers Add additional init containers to the master-elegible pod(s)
808
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
809
## e.g:
810
## initContainers:
811
## - name: your-image-name
812
## image: your-image
813
## imagePullPolicy: Always
814
## command: ['sh', '-c', 'echo "hello world"']
815
##
816
initContainers: []
817
## Enable persistence using Persistent Volume Claims
818
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
819
##
820
persistence:
821
## @param master.persistence.enabled Enable persistence using a `PersistentVolumeClaim`
822
##
823
enabled: true
824
## @param master.persistence.storageClass Persistent Volume Storage Class
825
## If defined, storageClassName: <storageClass>
826
## If set to "-", storageClassName: "", which disables dynamic provisioning
827
## If undefined (the default) or set to null, no storageClassName spec is
828
## set, choosing the default provisioner. (gp2 on AWS, standard on
829
## GKE, AWS & OpenStack)
830
##
831
storageClass: ""
832
## @param master.persistence.existingClaim Existing Persistent Volume Claim
833
## then accept the value as an existing Persistent Volume Claim to which
834
## the container should be bound
835
##
836
existingClaim: ""
837
## @param master.persistence.existingVolume Existing Persistent Volume for use as volume match label selector to the `volumeClaimTemplate`. Ignored when `master.persistence.selector` is set.
838
##
839
existingVolume: ""
840
## @param master.persistence.selector Configure custom selector for existing Persistent Volume. Overwrites `master.persistence.existingVolume`
841
## selector:
842
## matchLabels:
843
## volume:
844
##
845
selector: {}
846
## @param master.persistence.annotations Persistent Volume Claim annotations
847
##
848
annotations: {}
849
## @param master.persistence.accessModes Persistent Volume Access Modes
850
##
851
accessModes:
852
- ReadWriteOnce
853
## @param master.persistence.size Persistent Volume Size
854
##
855
size: 8Gi
856
## Master Persistent Volume Claim Retention Policy
857
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
858
##
859
persistentVolumeClaimRetentionPolicy:
860
## @param master.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Master StatefulSet
861
##
862
enabled: false
863
## @param master.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
864
##
865
whenScaled: Retain
866
## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
867
##
868
whenDeleted: Retain
869
## Pods Service Account
870
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
871
## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created
872
## @param master.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
873
## @param master.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
874
## @param master.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
875
##
876
serviceAccount:
877
create: true
878
name: ""
879
automountServiceAccountToken: false
880
annotations: {}
881
## Enable HorizontalPodAutoscaler for Elasticsearch Master pods
882
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
883
## @param master.autoscaling.enabled Whether enable horizontal pod autoscale
884
## @param master.autoscaling.minReplicas Configure a minimum amount of pods
885
## @param master.autoscaling.maxReplicas Configure a maximum amount of pods
886
## @param master.autoscaling.targetCPU Define the CPU target to trigger the scaling actions (utilization percentage)
887
## @param master.autoscaling.targetMemory Define the memory target to trigger the scaling actions (utilization percentage)
888
##
889
autoscaling:
890
enabled: false
891
minReplicas: 3
892
maxReplicas: 11
893
targetCPU: ""
894
targetMemory: ""
895
## @section Data-only nodes parameters
896
data:
897
## @param data.replicaCount Number of data-only replicas to deploy
898
##
899
replicaCount: 2
900
## @param data.extraRoles Append extra roles to the node role
901
##
902
extraRoles: []
903
## Pod Disruption Budget configuration
904
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
905
## @param data.pdb.create Enable/disable a Pod Disruption Budget creation
906
## @param data.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
907
## @param data.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
908
##
909
pdb:
910
create: true
911
minAvailable: ""
912
maxUnavailable: ""
913
## @param data.nameOverride String to partially override elasticsearch.data.fullname
914
##
915
nameOverride: ""
916
## @param data.fullnameOverride String to fully override elasticsearch.data.fullname
917
##
918
fullnameOverride: ""
919
## @param data.servicenameOverride String to fully override elasticsearch.data.servicename
920
##
921
servicenameOverride: ""
922
## @param data.annotations [object] Annotations for the data statefulset
923
##
924
annotations: {}
925
## @param data.updateStrategy.type Data-only nodes statefulset stategy type
926
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
927
##
928
updateStrategy:
929
type: RollingUpdate
930
## Elasticsearch resource requests and limits
931
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
932
## @param data.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if data.resources is set (data.resources is recommended for production).
933
##
934
resourcesPreset: "medium"
935
## @param data.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
936
## Example:
937
## resources:
938
## requests:
939
## cpu: 2
940
## memory: 512Mi
941
## limits:
942
## cpu: 3
943
## memory: 1024Mi
944
##
945
resources: {}
946
## @param data.heapSize Elasticsearch data node heap size.
947
## Note: The recommended heapSize is half of the container's memory.
948
## If omitted, it will be automatically set.
949
## Example:
950
## heapSize: 128m
951
##
952
heapSize: 1024m
953
## Configure Pods Security Context
954
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
955
## @param data.podSecurityContext.enabled Enabled data pods' Security Context
956
## @param data.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
957
## @param data.podSecurityContext.sysctls Set kernel settings using the sysctl interface
958
## @param data.podSecurityContext.supplementalGroups Set filesystem extra groups
959
## @param data.podSecurityContext.fsGroup Set data pod's Security Context fsGroup
960
##
961
podSecurityContext:
962
enabled: true
963
fsGroupChangePolicy: Always
964
sysctls: []
965
supplementalGroups: []
966
fsGroup: 1001
967
## Configure Container Security Context
968
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
969
## @param data.containerSecurityContext.enabled Elasticseacrh data container securityContext
970
## @param data.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
971
## @param data.containerSecurityContext.runAsUser User ID for the Elasticseacrh data container
972
## @param data.containerSecurityContext.runAsGroup Group ID for the Elasticseacrh data container
973
## @param data.containerSecurityContext.runAsNonRoot Set Elasticsearch data container's Security Context runAsNonRoot
974
## @param data.containerSecurityContext.privileged Set Elasticsearch data container's Security Context privileged
975
## @param data.containerSecurityContext.allowPrivilegeEscalation Set Elasticsearch data container's Security Context allowPrivilegeEscalation
976
## @param data.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
977
## @param data.containerSecurityContext.capabilities.drop List of capabilities to be dropped
978
## @param data.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
979
##
980
containerSecurityContext:
981
enabled: true
982
seLinuxOptions: {}
983
runAsUser: 1001
984
runAsGroup: 1001
985
runAsNonRoot: true
986
privileged: false
987
allowPrivilegeEscalation: false
988
readOnlyRootFilesystem: true
989
capabilities:
990
drop: ["ALL"]
991
seccompProfile:
992
type: "RuntimeDefault"
993
## Network Policies
994
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
995
##
996
networkPolicy:
997
## @param data.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
998
##
999
enabled: true
1000
## @param data.networkPolicy.allowExternal Don't require server label for connections
1001
## The Policy model to apply. When set to false, only pods with the correct
1002
## server label will have network access to the ports server is listening
1003
## on. When true, server will accept connections from any source
1004
## (with the correct destination port).
1005
##
1006
allowExternal: true
1007
## @param data.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1008
##
1009
allowExternalEgress: true
1010
## @param data.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1011
## e.g:
1012
## extraIngress:
1013
## - ports:
1014
## - port: 1234
1015
## from:
1016
## - podSelector:
1017
## - matchLabels:
1018
## - role: frontend
1019
## - podSelector:
1020
## - matchExpressions:
1021
## - key: role
1022
## operator: In
1023
## values:
1024
## - frontend
1025
extraIngress: []
1026
## @param data.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1027
## e.g:
1028
## extraEgress:
1029
## - ports:
1030
## - port: 1234
1031
## to:
1032
## - podSelector:
1033
## - matchLabels:
1034
## - role: frontend
1035
## - podSelector:
1036
## - matchExpressions:
1037
## - key: role
1038
## operator: In
1039
## values:
1040
## - frontend
1041
##
1042
extraEgress: []
1043
## @param data.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1044
## @param data.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1045
##
1046
ingressNSMatchLabels: {}
1047
ingressNSPodMatchLabels: {}
1048
## @param data.automountServiceAccountToken Mount Service Account token in pod
1049
##
1050
automountServiceAccountToken: false
1051
## @param data.hostAliases data pods host aliases
1052
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1053
##
1054
hostAliases: []
1055
## @param data.podLabels Extra labels for data pods
1056
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1057
##
1058
podLabels: {}
1059
## @param data.podAnnotations Annotations for data pods
1060
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1061
##
1062
podAnnotations: {}
1063
## @param data.shareProcessNamespace Share a single process namespace between all of the containers in pod
1064
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
1065
##
1066
shareProcessNamespace: false
1067
## @param data.podAffinityPreset Pod affinity preset. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard`
1068
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1069
##
1070
podAffinityPreset: ""
1071
## @param data.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard`
1072
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1073
##
1074
podAntiAffinityPreset: ""
1075
## Node data.affinity preset
1076
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1077
##
1078
nodeAffinityPreset:
1079
## @param data.nodeAffinityPreset.type Node affinity preset type. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard`
1080
##
1081
type: ""
1082
## @param data.nodeAffinityPreset.key Node label key to match. Ignored if `data.affinity` is set
1083
##
1084
key: ""
1085
## @param data.nodeAffinityPreset.values Node label values to match. Ignored if `data.affinity` is set
1086
## E.g.
1087
## values:
1088
## - e2e-az1
1089
## - e2e-az2
1090
##
1091
values: []
1092
## @param data.affinity Affinity for data pods assignment
1093
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1094
## NOTE: `data.podAffinityPreset`, `data.podAntiAffinityPreset`, and `data.nodeAffinityPreset` will be ignored when it's set
1095
##
1096
affinity: {}
1097
## @param data.nodeSelector Node labels for data pods assignment
1098
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1099
##
1100
nodeSelector: {}
1101
## @param data.tolerations Tolerations for data pods assignment
1102
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1103
##
1104
tolerations: []
1105
## @param data.priorityClassName data pods' priorityClassName
1106
##
1107
priorityClassName: ""
1108
## @param data.schedulerName Name of the k8s scheduler (other than default) for data pods
1109
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1110
##
1111
schedulerName: ""
1112
## @param data.terminationGracePeriodSeconds In seconds, time the given to the Elasticsearch data pod needs to terminate gracefully
1113
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
1114
##
1115
terminationGracePeriodSeconds: ""
1116
## @param data.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
1117
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1118
##
1119
topologySpreadConstraints: []
1120
## @param data.podManagementPolicy podManagementPolicy to manage scaling operation of Elasticsearch data pods
1121
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1122
##
1123
podManagementPolicy: "Parallel"
1124
## Configure extra options for Elasticsearch data containers' liveness, readiness and startup probes
1125
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1126
## @param data.startupProbe.enabled Enable/disable the startup probe (data nodes pod)
1127
## @param data.startupProbe.initialDelaySeconds Delay before startup probe is initiated (data nodes pod)
1128
## @param data.startupProbe.periodSeconds How often to perform the probe (data nodes pod)
1129
## @param data.startupProbe.timeoutSeconds When the probe times out (data nodes pod)
1130
## @param data.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod)
1131
## @param data.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1132
##
1133
startupProbe:
1134
enabled: false
1135
initialDelaySeconds: 90
1136
periodSeconds: 10
1137
timeoutSeconds: 5
1138
successThreshold: 1
1139
failureThreshold: 5
1140
## @param data.livenessProbe.enabled Enable/disable the liveness probe (data nodes pod)
1141
## @param data.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated (data nodes pod)
1142
## @param data.livenessProbe.periodSeconds How often to perform the probe (data nodes pod)
1143
## @param data.livenessProbe.timeoutSeconds When the probe times out (data nodes pod)
1144
## @param data.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod)
1145
## @param data.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1146
##
1147
livenessProbe:
1148
enabled: true
1149
initialDelaySeconds: 180
1150
periodSeconds: 10
1151
timeoutSeconds: 5
1152
successThreshold: 1
1153
failureThreshold: 5
1154
## @param data.readinessProbe.enabled Enable/disable the readiness probe (data nodes pod)
1155
## @param data.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated (data nodes pod)
1156
## @param data.readinessProbe.periodSeconds How often to perform the probe (data nodes pod)
1157
## @param data.readinessProbe.timeoutSeconds When the probe times out (data nodes pod)
1158
## @param data.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod)
1159
## @param data.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1160
##
1161
readinessProbe:
1162
enabled: true
1163
initialDelaySeconds: 90
1164
periodSeconds: 10
1165
timeoutSeconds: 5
1166
successThreshold: 1
1167
failureThreshold: 5
1168
## @param data.customStartupProbe Override default startup probe
1169
##
1170
customStartupProbe: {}
1171
## @param data.customLivenessProbe Override default liveness probe
1172
##
1173
customLivenessProbe: {}
1174
## @param data.customReadinessProbe Override default readiness probe
1175
##
1176
customReadinessProbe: {}
1177
## @param data.command Override default container command (useful when using custom images)
1178
##
1179
command: []
1180
## @param data.args Override default container args (useful when using custom images)
1181
##
1182
args: []
1183
## @param data.lifecycleHooks for the data container(s) to automate configuration before or after startup
1184
##
1185
lifecycleHooks: {}
1186
## @param data.extraEnvVars Array with extra environment variables to add to data nodes
1187
## e.g:
1188
## extraEnvVars:
1189
## - name: FOO
1190
## value: "bar"
1191
##
1192
extraEnvVars: []
1193
## @param data.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for data nodes
1194
##
1195
extraEnvVarsCM: ""
1196
## @param data.extraEnvVarsSecret Name of existing Secret containing extra env vars for data nodes
1197
##
1198
extraEnvVarsSecret: ""
1199
## @param data.extraVolumes Optionally specify extra list of additional volumes for the data pod(s)
1200
##
1201
extraVolumes: []
1202
## @param data.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the data container(s)
1203
##
1204
extraVolumeMounts: []
1205
## @param data.sidecars Add additional sidecar containers to the data pod(s)
1206
## e.g:
1207
## sidecars:
1208
## - name: your-image-name
1209
## image: your-image
1210
## imagePullPolicy: Always
1211
## ports:
1212
## - name: portname
1213
## containerPort: 1234
1214
##
1215
sidecars: []
1216
## @param data.initContainers Add additional init containers to the data pod(s)
1217
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1218
## e.g:
1219
## initContainers:
1220
## - name: your-image-name
1221
## image: your-image
1222
## imagePullPolicy: Always
1223
## command: ['sh', '-c', 'echo "hello world"']
1224
##
1225
initContainers: []
1226
## Enable persistence using Persistent Volume Claims
1227
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
1228
##
1229
persistence:
1230
## @param data.persistence.enabled Enable persistence using a `PersistentVolumeClaim`
1231
##
1232
enabled: true
1233
## @param data.persistence.storageClass Persistent Volume Storage Class
1234
## If defined, storageClassName: <storageClass>
1235
## If set to "-", storageClassName: "", which disables dynamic provisioning
1236
## If undefined (the default) or set to null, no storageClassName spec is
1237
## set, choosing the default provisioner. (gp2 on AWS, standard on
1238
## GKE, AWS & OpenStack)
1239
##
1240
storageClass: ""
1241
## @param data.persistence.existingClaim Existing Persistent Volume Claim
1242
## then accept the value as an existing Persistent Volume Claim to which
1243
## the container should be bound
1244
##
1245
existingClaim: ""
1246
## @param data.persistence.existingVolume Existing Persistent Volume for use as volume match label selector to the `volumeClaimTemplate`. Ignored when `data.persistence.selector` is set.
1247
##
1248
existingVolume: ""
1249
## @param data.persistence.selector Configure custom selector for existing Persistent Volume. Overwrites `data.persistence.existingVolume`
1250
## selector:
1251
## matchLabels:
1252
## volume:
1253
##
1254
selector: {}
1255
## @param data.persistence.annotations Persistent Volume Claim annotations
1256
##
1257
annotations: {}
1258
## @param data.persistence.accessModes Persistent Volume Access Modes
1259
##
1260
accessModes:
1261
- ReadWriteOnce
1262
## @param data.persistence.size Persistent Volume Size
1263
##
1264
size: 8Gi
1265
## Data Persistent Volume Claim Retention Policy
1266
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1267
##
1268
persistentVolumeClaimRetentionPolicy:
1269
## @param data.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Data StatefulSet
1270
##
1271
enabled: false
1272
## @param data.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1273
##
1274
whenScaled: Retain
1275
## @param data.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1276
##
1277
whenDeleted: Retain
1278
## Pods Service Account
1279
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1280
## @param data.serviceAccount.create Specifies whether a ServiceAccount should be created
1281
## @param data.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
1282
## @param data.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
1283
## @param data.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
1284
##
1285
serviceAccount:
1286
create: true
1287
name: ""
1288
automountServiceAccountToken: false
1289
annotations: {}
1290
## Enable HorizontalPodAutoscaler for Elasticsearch data pods
1291
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
1292
## @param data.autoscaling.enabled Whether enable horizontal pod autoscale
1293
## @param data.autoscaling.minReplicas Configure a minimum amount of pods
1294
## @param data.autoscaling.maxReplicas Configure a maximum amount of pods
1295
## @param data.autoscaling.targetCPU Define the CPU target to trigger the scaling actions (utilization percentage)
1296
## @param data.autoscaling.targetMemory Define the memory target to trigger the scaling actions (utilization percentage)
1297
##
1298
autoscaling:
1299
enabled: false
1300
minReplicas: 3
1301
maxReplicas: 11
1302
targetCPU: ""
1303
targetMemory: ""
1304
## @section Coordinating-only nodes parameters
1305
coordinating:
1306
## @param coordinating.replicaCount Number of coordinating-only replicas to deploy
1307
##
1308
replicaCount: 2
1309
## @param coordinating.extraRoles Append extra roles to the node role
1310
## NOTE: In Elasticsearch, all nodes act as coordinators, coordinating-only nodes do not have any other role by default.
1311
##
1312
extraRoles: []
1313
## Pod Disruption Budget configuration
1314
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1315
## @param coordinating.pdb.create Enable/disable a Pod Disruption Budget creation
1316
## @param coordinating.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
1317
## @param coordinating.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
1318
##
1319
pdb:
1320
create: true
1321
minAvailable: ""
1322
maxUnavailable: ""
1323
## @param coordinating.nameOverride String to partially override elasticsearch.coordinating.fullname
1324
##
1325
nameOverride: ""
1326
## @param coordinating.fullnameOverride String to fully override elasticsearch.coordinating.fullname
1327
##
1328
fullnameOverride: ""
1329
## @param coordinating.servicenameOverride String to fully override elasticsearch.coordinating.servicename
1330
##
1331
servicenameOverride: ""
1332
## @param coordinating.annotations [object] Annotations for the coordinating-only statefulset
1333
##
1334
annotations: {}
1335
## @param coordinating.updateStrategy.type Coordinating-only nodes statefulset stategy type
1336
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1337
##
1338
updateStrategy:
1339
type: RollingUpdate
1340
## Elasticsearch resource requests and limits
1341
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1342
## @param coordinating.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if coordinating.resources is set (coordinating.resources is recommended for production).
1343
##
1344
resourcesPreset: "small"
1345
## @param coordinating.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1346
## Example:
1347
## resources:
1348
## requests:
1349
## cpu: 2
1350
## memory: 512Mi
1351
## limits:
1352
## cpu: 3
1353
## memory: 1024Mi
1354
##
1355
resources: {}
1356
## @param coordinating.heapSize Elasticsearch coordinating node heap size.
1357
## Note: The recommended heapSize is half of the container's memory.
1358
## If omitted, it will be automatically set.
1359
## Example:
1360
## heapSize: 128m
1361
##
1362
heapSize: 128m
1363
## Configure Pods Security Context
1364
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1365
## @param coordinating.podSecurityContext.enabled Enabled coordinating-only pods' Security Context
1366
## @param coordinating.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1367
## @param coordinating.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1368
## @param coordinating.podSecurityContext.supplementalGroups Set filesystem extra groups
1369
## @param coordinating.podSecurityContext.fsGroup Set coordinating-only pod's Security Context fsGroup
1370
##
1371
podSecurityContext:
1372
enabled: true
1373
fsGroupChangePolicy: Always
1374
sysctls: []
1375
supplementalGroups: []
1376
fsGroup: 1001
1377
## Configure Container Security Context
1378
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1379
## @param coordinating.containerSecurityContext.enabled Elasticseacrh coordinating container securityContext
1380
## @param coordinating.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1381
## @param coordinating.containerSecurityContext.runAsUser User ID for the Elasticseacrh coordinating container
1382
## @param coordinating.containerSecurityContext.runAsGroup Group ID for the Elasticseacrh coordinating container
1383
## @param coordinating.containerSecurityContext.runAsNonRoot Set Elasticsearch coordinating container's Security Context runAsNonRoot
1384
## @param coordinating.containerSecurityContext.privileged Set Elasticsearch coordinating container's Security Context privileged
1385
## @param coordinating.containerSecurityContext.allowPrivilegeEscalation Set Elasticsearch coordinating container's Security Context allowPrivilegeEscalation
1386
## @param coordinating.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1387
## @param coordinating.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1388
## @param coordinating.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1389
##
1390
containerSecurityContext:
1391
enabled: true
1392
seLinuxOptions: {}
1393
runAsUser: 1001
1394
runAsGroup: 1001
1395
runAsNonRoot: true
1396
privileged: false
1397
allowPrivilegeEscalation: false
1398
readOnlyRootFilesystem: true
1399
capabilities:
1400
drop: ["ALL"]
1401
seccompProfile:
1402
type: "RuntimeDefault"
1403
## Network Policies
1404
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1405
##
1406
networkPolicy:
1407
## @param coordinating.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1408
##
1409
enabled: true
1410
## @param coordinating.networkPolicy.allowExternal Don't require server label for connections
1411
## The Policy model to apply. When set to false, only pods with the correct
1412
## server label will have network access to the ports server is listening
1413
## on. When true, server will accept connections from any source
1414
## (with the correct destination port).
1415
##
1416
allowExternal: true
1417
## @param coordinating.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1418
##
1419
allowExternalEgress: true
1420
## @param coordinating.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1421
## e.g:
1422
## extraIngress:
1423
## - ports:
1424
## - port: 1234
1425
## from:
1426
## - podSelector:
1427
## - matchLabels:
1428
## - role: frontend
1429
## - podSelector:
1430
## - matchExpressions:
1431
## - key: role
1432
## operator: In
1433
## values:
1434
## - frontend
1435
extraIngress: []
1436
## @param coordinating.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1437
## e.g:
1438
## extraEgress:
1439
## - ports:
1440
## - port: 1234
1441
## to:
1442
## - podSelector:
1443
## - matchLabels:
1444
## - role: frontend
1445
## - podSelector:
1446
## - matchExpressions:
1447
## - key: role
1448
## operator: In
1449
## values:
1450
## - frontend
1451
##
1452
extraEgress: []
1453
## @param coordinating.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1454
## @param coordinating.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1455
##
1456
ingressNSMatchLabels: {}
1457
ingressNSPodMatchLabels: {}
1458
## @param coordinating.automountServiceAccountToken Mount Service Account token in pod
1459
##
1460
automountServiceAccountToken: false
1461
## @param coordinating.hostAliases coordinating-only pods host aliases
1462
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1463
##
1464
hostAliases: []
1465
## @param coordinating.podLabels Extra labels for coordinating-only pods
1466
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1467
##
1468
podLabels: {}
1469
## @param coordinating.podAnnotations Annotations for coordinating-only pods
1470
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1471
##
1472
podAnnotations: {}
1473
## @param coordinating.shareProcessNamespace Share a single process namespace between all of the containers in pod
1474
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
1475
##
1476
shareProcessNamespace: false
1477
## @param coordinating.podAffinityPreset Pod affinity preset. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard`
1478
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1479
##
1480
podAffinityPreset: ""
1481
## @param coordinating.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard`
1482
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1483
##
1484
podAntiAffinityPreset: ""
1485
## Node coordinating.affinity preset
1486
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1487
##
1488
nodeAffinityPreset:
1489
## @param coordinating.nodeAffinityPreset.type Node affinity preset type. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard`
1490
##
1491
type: ""
1492
## @param coordinating.nodeAffinityPreset.key Node label key to match. Ignored if `coordinating.affinity` is set
1493
##
1494
key: ""
1495
## @param coordinating.nodeAffinityPreset.values Node label values to match. Ignored if `coordinating.affinity` is set
1496
## E.g.
1497
## values:
1498
## - e2e-az1
1499
## - e2e-az2
1500
##
1501
values: []
1502
## @param coordinating.affinity Affinity for coordinating-only pods assignment
1503
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1504
## NOTE: `coordinating.podAffinityPreset`, `coordinating.podAntiAffinityPreset`, and `coordinating.nodeAffinityPreset` will be ignored when it's set
1505
##
1506
affinity: {}
1507
## @param coordinating.nodeSelector Node labels for coordinating-only pods assignment
1508
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1509
##
1510
nodeSelector: {}
1511
## @param coordinating.tolerations Tolerations for coordinating-only pods assignment
1512
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1513
##
1514
tolerations: []
1515
## @param coordinating.priorityClassName coordinating-only pods' priorityClassName
1516
##
1517
priorityClassName: ""
1518
## @param coordinating.schedulerName Name of the k8s scheduler (other than default) for coordinating-only pods
1519
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1520
##
1521
schedulerName: ""
1522
## @param coordinating.terminationGracePeriodSeconds In seconds, time the given to the Elasticsearch coordinating pod needs to terminate gracefully
1523
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
1524
##
1525
terminationGracePeriodSeconds: ""
1526
## @param coordinating.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
1527
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1528
##
1529
topologySpreadConstraints: []
1530
## @param coordinating.podManagementPolicy podManagementPolicy to manage scaling operation of Elasticsearch coordinating pods
1531
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1532
##
1533
podManagementPolicy: "Parallel"
1534
## Configure extra options for Elasticsearch coordinating-only containers' liveness, readiness and startup probes
1535
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1536
## @param coordinating.startupProbe.enabled Enable/disable the startup probe (coordinating-only nodes pod)
1537
## @param coordinating.startupProbe.initialDelaySeconds Delay before startup probe is initiated (coordinating-only nodes pod)
1538
## @param coordinating.startupProbe.periodSeconds How often to perform the probe (coordinating-only nodes pod)
1539
## @param coordinating.startupProbe.timeoutSeconds When the probe times out (coordinating-only nodes pod)
1540
## @param coordinating.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod)
1541
## @param coordinating.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1542
##
1543
startupProbe:
1544
enabled: false
1545
initialDelaySeconds: 90
1546
periodSeconds: 10
1547
timeoutSeconds: 5
1548
successThreshold: 1
1549
failureThreshold: 5
1550
## @param coordinating.livenessProbe.enabled Enable/disable the liveness probe (coordinating-only nodes pod)
1551
## @param coordinating.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated (coordinating-only nodes pod)
1552
## @param coordinating.livenessProbe.periodSeconds How often to perform the probe (coordinating-only nodes pod)
1553
## @param coordinating.livenessProbe.timeoutSeconds When the probe times out (coordinating-only nodes pod)
1554
## @param coordinating.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod)
1555
## @param coordinating.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1556
##
1557
livenessProbe:
1558
enabled: true
1559
initialDelaySeconds: 180
1560
periodSeconds: 10
1561
timeoutSeconds: 5
1562
successThreshold: 1
1563
failureThreshold: 5
1564
## @param coordinating.readinessProbe.enabled Enable/disable the readiness probe (coordinating-only nodes pod)
1565
## @param coordinating.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated (coordinating-only nodes pod)
1566
## @param coordinating.readinessProbe.periodSeconds How often to perform the probe (coordinating-only nodes pod)
1567
## @param coordinating.readinessProbe.timeoutSeconds When the probe times out (coordinating-only nodes pod)
1568
## @param coordinating.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod)
1569
## @param coordinating.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1570
##
1571
readinessProbe:
1572
enabled: true
1573
initialDelaySeconds: 90
1574
periodSeconds: 10
1575
timeoutSeconds: 5
1576
successThreshold: 1
1577
failureThreshold: 5
1578
## @param coordinating.customStartupProbe Override default startup probe
1579
##
1580
customStartupProbe: {}
1581
## @param coordinating.customLivenessProbe Override default liveness probe
1582
##
1583
customLivenessProbe: {}
1584
## @param coordinating.customReadinessProbe Override default readiness probe
1585
##
1586
customReadinessProbe: {}
1587
## @param coordinating.command Override default container command (useful when using custom images)
1588
##
1589
command: []
1590
## @param coordinating.args Override default container args (useful when using custom images)
1591
##
1592
args: []
1593
## @param coordinating.lifecycleHooks for the coordinating-only container(s) to automate configuration before or after startup
1594
##
1595
lifecycleHooks: {}
1596
## @param coordinating.extraEnvVars Array with extra environment variables to add to coordinating-only nodes
1597
## e.g:
1598
## extraEnvVars:
1599
## - name: FOO
1600
## value: "bar"
1601
##
1602
extraEnvVars: []
1603
## @param coordinating.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for coordinating-only nodes
1604
##
1605
extraEnvVarsCM: ""
1606
## @param coordinating.extraEnvVarsSecret Name of existing Secret containing extra env vars for coordinating-only nodes
1607
##
1608
extraEnvVarsSecret: ""
1609
## @param coordinating.extraVolumes Optionally specify extra list of additional volumes for the coordinating-only pod(s)
1610
##
1611
extraVolumes: []
1612
## @param coordinating.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the coordinating-only container(s)
1613
##
1614
extraVolumeMounts: []
1615
## @param coordinating.sidecars Add additional sidecar containers to the coordinating-only pod(s)
1616
## e.g:
1617
## sidecars:
1618
## - name: your-image-name
1619
## image: your-image
1620
## imagePullPolicy: Always
1621
## ports:
1622
## - name: portname
1623
## containerPort: 1234
1624
##
1625
sidecars: []
1626
## @param coordinating.initContainers Add additional init containers to the coordinating-only pod(s)
1627
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1628
## e.g:
1629
## initContainers:
1630
## - name: your-image-name
1631
## image: your-image
1632
## imagePullPolicy: Always
1633
## command: ['sh', '-c', 'echo "hello world"']
1634
##
1635
initContainers: []
1636
## Pods Service Account
1637
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1638
## @param coordinating.serviceAccount.create Specifies whether a ServiceAccount should be created
1639
## @param coordinating.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
1640
## @param coordinating.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
1641
## @param coordinating.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
1642
##
1643
serviceAccount:
1644
create: true
1645
name: ""
1646
automountServiceAccountToken: false
1647
annotations: {}
1648
## Enable HorizontalPodAutoscaler for Elasticsearch coordinating pods
1649
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
1650
## @param coordinating.autoscaling.enabled Whether enable horizontal pod autoscale
1651
## @param coordinating.autoscaling.minReplicas Configure a minimum amount of pods
1652
## @param coordinating.autoscaling.maxReplicas Configure a maximum amount of pods
1653
## @param coordinating.autoscaling.targetCPU Define the CPU target to trigger the scaling actions (utilization percentage)
1654
## @param coordinating.autoscaling.targetMemory Define the memory target to trigger the scaling actions (utilization percentage)
1655
##
1656
autoscaling:
1657
enabled: false
1658
minReplicas: 3
1659
maxReplicas: 11
1660
targetCPU: ""
1661
targetMemory: ""
1662
## @section Ingest-only nodes parameters
1663
ingest:
1664
## @param ingest.enabled Enable ingest nodes
1665
##
1666
enabled: true
1667
## @param ingest.replicaCount Number of ingest-only replicas to deploy
1668
##
1669
replicaCount: 2
1670
## @param ingest.extraRoles Append extra roles to the node role
1671
##
1672
extraRoles: []
1673
## Pod Disruption Budget configuration
1674
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1675
## @param ingest.pdb.create Enable/disable a Pod Disruption Budget creation
1676
## @param ingest.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
1677
## @param ingest.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
1678
##
1679
pdb:
1680
create: true
1681
minAvailable: ""
1682
maxUnavailable: ""
1683
## @param ingest.nameOverride String to partially override elasticsearch.ingest.fullname
1684
##
1685
nameOverride: ""
1686
## @param ingest.fullnameOverride String to fully override elasticsearch.ingest.fullname
1687
##
1688
fullnameOverride: ""
1689
## @param ingest.servicenameOverride String to fully override ingest.master.servicename
1690
##
1691
servicenameOverride: ""
1692
## @param ingest.annotations [object] Annotations for the ingest statefulset
1693
##
1694
annotations: {}
1695
## @param ingest.containerPorts.restAPI Elasticsearch REST API port
1696
## @param ingest.containerPorts.transport Elasticsearch Transport port
1697
##
1698
containerPorts:
1699
restAPI: 9200
1700
transport: 9300
1701
## @param ingest.updateStrategy.type Ingest-only nodes statefulset stategy type
1702
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1703
##
1704
updateStrategy:
1705
type: RollingUpdate
1706
## Elasticsearch resource requests and limits
1707
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1708
## @param ingest.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ingest.resources is set (ingest.resources is recommended for production).
1709
##
1710
resourcesPreset: "small"
1711
## @param ingest.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1712
## Example:
1713
## resources:
1714
## requests:
1715
## cpu: 2
1716
## memory: 512Mi
1717
## limits:
1718
## cpu: 3
1719
## memory: 1024Mi
1720
##
1721
resources: {}
1722
## @param ingest.heapSize Elasticsearch ingest-only node heap size.
1723
## Note: The recommended heapSize is half of the container's memory.
1724
## If omitted, it will be automatically set.
1725
## Example:
1726
## heapSize: 128m
1727
##
1728
heapSize: 128m
1729
## Configure Pods Security Context
1730
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1731
## @param ingest.podSecurityContext.enabled Enabled ingest-only pods' Security Context
1732
## @param ingest.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1733
## @param ingest.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1734
## @param ingest.podSecurityContext.supplementalGroups Set filesystem extra groups
1735
## @param ingest.podSecurityContext.fsGroup Set ingest-only pod's Security Context fsGroup
1736
##
1737
podSecurityContext:
1738
enabled: true
1739
fsGroupChangePolicy: Always
1740
sysctls: []
1741
supplementalGroups: []
1742
fsGroup: 1001
1743
## Configure Container Security Context
1744
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1745
## @param ingest.containerSecurityContext.enabled Elasticseacrh ingest container securityContext
1746
## @param ingest.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1747
## @param ingest.containerSecurityContext.runAsUser User ID for the Elasticseacrh ingest container
1748
## @param ingest.containerSecurityContext.runAsGroup Group ID for the Elasticseacrh ingest container
1749
## @param ingest.containerSecurityContext.runAsNonRoot Set Elasticsearch ingest container's Security Context runAsNonRoot
1750
## @param ingest.containerSecurityContext.privileged Set Elasticsearch ingest container's Security Context privileged
1751
## @param ingest.containerSecurityContext.allowPrivilegeEscalation Set Elasticsearch ingest container's Security Context allowPrivilegeEscalation
1752
## @param ingest.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1753
## @param ingest.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1754
## @param ingest.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1755
##
1756
containerSecurityContext:
1757
enabled: true
1758
seLinuxOptions: {}
1759
runAsUser: 1001
1760
runAsGroup: 1001
1761
runAsNonRoot: true
1762
privileged: false
1763
allowPrivilegeEscalation: false
1764
readOnlyRootFilesystem: true
1765
capabilities:
1766
drop: ["ALL"]
1767
seccompProfile:
1768
type: "RuntimeDefault"
1769
## Network Policies
1770
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1771
##
1772
networkPolicy:
1773
## @param ingest.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1774
##
1775
enabled: true
1776
## @param ingest.networkPolicy.allowExternal Don't require server label for connections
1777
## The Policy model to apply. When set to false, only pods with the correct
1778
## server label will have network access to the ports server is listening
1779
## on. When true, server will accept connections from any source
1780
## (with the correct destination port).
1781
##
1782
allowExternal: true
1783
## @param ingest.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1784
##
1785
allowExternalEgress: true
1786
## @param ingest.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1787
## e.g:
1788
## extraIngress:
1789
## - ports:
1790
## - port: 1234
1791
## from:
1792
## - podSelector:
1793
## - matchLabels:
1794
## - role: frontend
1795
## - podSelector:
1796
## - matchExpressions:
1797
## - key: role
1798
## operator: In
1799
## values:
1800
## - frontend
1801
extraIngress: []
1802
## @param ingest.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1803
## e.g:
1804
## extraEgress:
1805
## - ports:
1806
## - port: 1234
1807
## to:
1808
## - podSelector:
1809
## - matchLabels:
1810
## - role: frontend
1811
## - podSelector:
1812
## - matchExpressions:
1813
## - key: role
1814
## operator: In
1815
## values:
1816
## - frontend
1817
##
1818
extraEgress: []
1819
## @param ingest.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1820
## @param ingest.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1821
##
1822
ingressNSMatchLabels: {}
1823
ingressNSPodMatchLabels: {}
1824
## @param ingest.automountServiceAccountToken Mount Service Account token in pod
1825
##
1826
automountServiceAccountToken: false
1827
## @param ingest.hostAliases ingest-only pods host aliases
1828
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1829
##
1830
hostAliases: []
1831
## @param ingest.podLabels Extra labels for ingest-only pods
1832
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1833
##
1834
podLabels: {}
1835
## @param ingest.podAnnotations Annotations for ingest-only pods
1836
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1837
##
1838
podAnnotations: {}
1839
## @param ingest.shareProcessNamespace Share a single process namespace between all of the containers in pod
1840
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
1841
##
1842
shareProcessNamespace: false
1843
## @param ingest.podAffinityPreset Pod affinity preset. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard`
1844
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1845
##
1846
podAffinityPreset: ""
1847
## @param ingest.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard`
1848
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1849
##
1850
podAntiAffinityPreset: ""
1851
## Node ingest.affinity preset
1852
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1853
##
1854
nodeAffinityPreset:
1855
## @param ingest.nodeAffinityPreset.type Node affinity preset type. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard`
1856
##
1857
type: ""
1858
## @param ingest.nodeAffinityPreset.key Node label key to match. Ignored if `ingest.affinity` is set
1859
##
1860
key: ""
1861
## @param ingest.nodeAffinityPreset.values Node label values to match. Ignored if `ingest.affinity` is set
1862
## E.g.
1863
## values:
1864
## - e2e-az1
1865
## - e2e-az2
1866
##
1867
values: []
1868
## @param ingest.affinity Affinity for ingest-only pods assignment
1869
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1870
## NOTE: `ingest.podAffinityPreset`, `ingest.podAntiAffinityPreset`, and `ingest.nodeAffinityPreset` will be ignored when it's set
1871
##
1872
affinity: {}
1873
## @param ingest.nodeSelector Node labels for ingest-only pods assignment
1874
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1875
##
1876
nodeSelector: {}
1877
## @param ingest.tolerations Tolerations for ingest-only pods assignment
1878
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1879
##
1880
tolerations: []
1881
## @param ingest.priorityClassName ingest-only pods' priorityClassName
1882
##
1883
priorityClassName: ""
1884
## @param ingest.schedulerName Name of the k8s scheduler (other than default) for ingest-only pods
1885
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1886
##
1887
schedulerName: ""
1888
## @param ingest.terminationGracePeriodSeconds In seconds, time the given to the Elasticsearch ingest pod needs to terminate gracefully
1889
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
1890
##
1891
terminationGracePeriodSeconds: ""
1892
## @param ingest.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
1893
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1894
##
1895
topologySpreadConstraints: []
1896
## @param ingest.podManagementPolicy podManagementPolicy to manage scaling operation of Elasticsearch ingest pods
1897
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1898
##
1899
podManagementPolicy: "Parallel"
1900
## Configure extra options for Elasticsearch ingest-only containers' liveness, readiness and startup probes
1901
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1902
## @param ingest.startupProbe.enabled Enable/disable the startup probe (ingest-only nodes pod)
1903
## @param ingest.startupProbe.initialDelaySeconds Delay before startup probe is initiated (ingest-only nodes pod)
1904
## @param ingest.startupProbe.periodSeconds How often to perform the probe (ingest-only nodes pod)
1905
## @param ingest.startupProbe.timeoutSeconds When the probe times out (ingest-only nodes pod)
1906
## @param ingest.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod)
1907
## @param ingest.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1908
##
1909
startupProbe:
1910
enabled: false
1911
initialDelaySeconds: 90
1912
periodSeconds: 10
1913
timeoutSeconds: 5
1914
successThreshold: 1
1915
failureThreshold: 5
1916
## @param ingest.livenessProbe.enabled Enable/disable the liveness probe (ingest-only nodes pod)
1917
## @param ingest.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated (ingest-only nodes pod)
1918
## @param ingest.livenessProbe.periodSeconds How often to perform the probe (ingest-only nodes pod)
1919
## @param ingest.livenessProbe.timeoutSeconds When the probe times out (ingest-only nodes pod)
1920
## @param ingest.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod)
1921
## @param ingest.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1922
##
1923
livenessProbe:
1924
enabled: true
1925
initialDelaySeconds: 180
1926
periodSeconds: 10
1927
timeoutSeconds: 5
1928
successThreshold: 1
1929
failureThreshold: 5
1930
## @param ingest.readinessProbe.enabled Enable/disable the readiness probe (ingest-only nodes pod)
1931
## @param ingest.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated (ingest-only nodes pod)
1932
## @param ingest.readinessProbe.periodSeconds How often to perform the probe (ingest-only nodes pod)
1933
## @param ingest.readinessProbe.timeoutSeconds When the probe times out (ingest-only nodes pod)
1934
## @param ingest.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod)
1935
## @param ingest.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
1936
##
1937
readinessProbe:
1938
enabled: true
1939
initialDelaySeconds: 90
1940
periodSeconds: 10
1941
timeoutSeconds: 5
1942
successThreshold: 1
1943
failureThreshold: 5
1944
## @param ingest.customStartupProbe Override default startup probe
1945
##
1946
customStartupProbe: {}
1947
## @param ingest.customLivenessProbe Override default liveness probe
1948
##
1949
customLivenessProbe: {}
1950
## @param ingest.customReadinessProbe Override default readiness probe
1951
##
1952
customReadinessProbe: {}
1953
## @param ingest.command Override default container command (useful when using custom images)
1954
##
1955
command: []
1956
## @param ingest.args Override default container args (useful when using custom images)
1957
##
1958
args: []
1959
## @param ingest.lifecycleHooks for the ingest-only container(s) to automate configuration before or after startup
1960
##
1961
lifecycleHooks: {}
1962
## @param ingest.extraEnvVars Array with extra environment variables to add to ingest-only nodes
1963
## e.g:
1964
## extraEnvVars:
1965
## - name: FOO
1966
## value: "bar"
1967
##
1968
extraEnvVars: []
1969
## @param ingest.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for ingest-only nodes
1970
##
1971
extraEnvVarsCM: ""
1972
## @param ingest.extraEnvVarsSecret Name of existing Secret containing extra env vars for ingest-only nodes
1973
##
1974
extraEnvVarsSecret: ""
1975
## @param ingest.extraVolumes Optionally specify extra list of additional volumes for the ingest-only pod(s)
1976
##
1977
extraVolumes: []
1978
## @param ingest.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the ingest-only container(s)
1979
##
1980
extraVolumeMounts: []
1981
## @param ingest.sidecars Add additional sidecar containers to the ingest-only pod(s)
1982
## e.g:
1983
## sidecars:
1984
## - name: your-image-name
1985
## image: your-image
1986
## imagePullPolicy: Always
1987
## ports:
1988
## - name: portname
1989
## containerPort: 1234
1990
##
1991
sidecars: []
1992
## @param ingest.initContainers Add additional init containers to the ingest-only pod(s)
1993
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1994
## e.g:
1995
## initContainers:
1996
## - name: your-image-name
1997
## image: your-image
1998
## imagePullPolicy: Always
1999
## command: ['sh', '-c', 'echo "hello world"']
2000
##
2001
initContainers: []
2002
## Pods Service Account
2003
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2004
## @param ingest.serviceAccount.create Specifies whether a ServiceAccount should be created
2005
## @param ingest.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
2006
## @param ingest.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
2007
## @param ingest.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
2008
##
2009
serviceAccount:
2010
create: true
2011
name: ""
2012
automountServiceAccountToken: false
2013
annotations: {}
2014
## Enable HorizontalPodAutoscaler for Elasticsearch ingest-only pods
2015
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
2016
## @param ingest.autoscaling.enabled Whether enable horizontal pod autoscale
2017
## @param ingest.autoscaling.minReplicas Configure a minimum amount of pods
2018
## @param ingest.autoscaling.maxReplicas Configure a maximum amount of pods
2019
## @param ingest.autoscaling.targetCPU Define the CPU target to trigger the scaling actions (utilization percentage)
2020
## @param ingest.autoscaling.targetMemory Define the memory target to trigger the scaling actions (utilization percentage)
2021
##
2022
autoscaling:
2023
enabled: false
2024
minReplicas: 3
2025
maxReplicas: 11
2026
targetCPU: ""
2027
targetMemory: ""
2028
## Elasticsearch Ingest-only Service
2029
## Recommended for heavy ingestion, improves performance by sending ingest traffic directly into the ingest nodes.
2030
## NOTE: Ingest nodes will only accept index requests with an associated pipeline, any other request won't be rerouted.
2031
##
2032
service:
2033
## @param ingest.service.enabled Enable Ingest-only service
2034
##
2035
enabled: false
2036
## @param ingest.service.type Elasticsearch ingest-only service type
2037
##
2038
type: ClusterIP
2039
## @param ingest.service.ports.restAPI Elasticsearch service REST API port
2040
## @param ingest.service.ports.transport Elasticsearch service transport port
2041
##
2042
ports:
2043
restAPI: 9200
2044
transport: 9300
2045
## Node ports to expose
2046
## @param ingest.service.nodePorts.restAPI Node port for REST API
2047
## @param ingest.service.nodePorts.transport Node port for REST API
2048
## NOTE: choose port between <30000-32767>
2049
##
2050
nodePorts:
2051
restAPI: ""
2052
transport: ""
2053
## @param ingest.service.clusterIP Elasticsearch ingest-only service Cluster IP
2054
## e.g.:
2055
## clusterIP: None
2056
##
2057
clusterIP: ""
2058
## @param ingest.service.loadBalancerIP Elasticsearch ingest-only service Load Balancer IP
2059
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2060
##
2061
loadBalancerIP: ""
2062
## @param ingest.service.loadBalancerSourceRanges Elasticsearch ingest-only service Load Balancer sources
2063
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2064
## e.g:
2065
## loadBalancerSourceRanges:
2066
## - 10.10.10.0/24
2067
##
2068
loadBalancerSourceRanges: []
2069
## @param ingest.service.externalTrafficPolicy Elasticsearch ingest-only service external traffic policy
2070
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2071
##
2072
externalTrafficPolicy: Cluster
2073
## @param ingest.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
2074
##
2075
extraPorts: []
2076
## @param ingest.service.annotations Additional custom annotations for Elasticsearch ingest-only service
2077
##
2078
annotations: {}
2079
## @param ingest.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
2080
## If "ClientIP", consecutive client requests will be directed to the same Pod
2081
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
2082
##
2083
sessionAffinity: None
2084
## @param ingest.service.sessionAffinityConfig Additional settings for the sessionAffinity
2085
## sessionAffinityConfig:
2086
## clientIP:
2087
## timeoutSeconds: 300
2088
##
2089
sessionAffinityConfig: {}
2090
## Elasticsearch Ingest-only ingress parameters
2091
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
2092
##
2093
ingress:
2094
## @param ingest.ingress.enabled Enable ingress record generation for Elasticsearch
2095
##
2096
enabled: false
2097
## @param ingest.ingress.pathType Ingress path type
2098
##
2099
pathType: ImplementationSpecific
2100
## @param ingest.ingress.apiVersion Force Ingress API version (automatically detected if not set)
2101
##
2102
apiVersion: ""
2103
## @param ingest.ingress.hostname Default host for the ingress record
2104
##
2105
hostname: elasticsearch-ingest.local
2106
## @param ingest.ingress.path Default path for the ingress record
2107
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
2108
##
2109
path: /
2110
## @param ingest.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
2111
## Use this parameter to set the required annotations for cert-manager, see
2112
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
2113
## e.g:
2114
## annotations:
2115
## kubernetes.io/ingress.class: nginx
2116
## cert-manager.io/cluster-issuer: cluster-issuer-name
2117
##
2118
annotations: {}
2119
## @param ingest.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
2120
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
2121
## You can:
2122
## - Use the `ingress.secrets` parameter to create this TLS secret
2123
## - Rely on cert-manager to create it by setting the corresponding annotations
2124
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
2125
##
2126
tls: false
2127
## @param ingest.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
2128
##
2129
selfSigned: false
2130
## @param ingest.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
2131
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
2132
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
2133
##
2134
ingressClassName: ""
2135
## @param ingest.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
2136
## e.g:
2137
## extraHosts:
2138
## - name: elasticsearch.local
2139
## path: /
2140
##
2141
extraHosts: []
2142
## @param ingest.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
2143
## e.g:
2144
## extraPaths:
2145
## - path: /*
2146
## backend:
2147
## serviceName: ssl-redirect
2148
## servicePort: use-annotation
2149
##
2150
extraPaths: []
2151
## @param ingest.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
2152
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
2153
## e.g:
2154
## extraTls:
2155
## - hosts:
2156
## - elasticsearch.local
2157
## secretName: elasticsearch.local-tls
2158
##
2159
extraTls: []
2160
## @param ingest.ingress.secrets Custom TLS certificates as secrets
2161
## NOTE: 'key' and 'certificate' are expected in PEM format
2162
## NOTE: 'name' should line up with a 'secretName' set further up
2163
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
2164
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
2165
## It is also possible to create and manage the certificates outside of this helm chart
2166
## Please see README.md for more information
2167
## e.g:
2168
## secrets:
2169
## - name: elasticsearch.local-tls
2170
## key: |-
2171
## -----BEGIN RSA PRIVATE KEY-----
2172
## ...
2173
## -----END RSA PRIVATE KEY-----
2174
## certificate: |-
2175
## -----BEGIN CERTIFICATE-----
2176
## ...
2177
## -----END CERTIFICATE-----
2178
##
2179
secrets: []
2180
## @param ingest.ingress.extraRules Additional rules to be covered with this ingress record
2181
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
2182
## e.g:
2183
## extraRules:
2184
## - host: example.local
2185
## http:
2186
## path: /
2187
## backend:
2188
## service:
2189
## name: example-svc
2190
## port:
2191
## name: http
2192
##
2193
extraRules: []
2194
## @section Metrics parameters
2195
2196
## Elasticsearch Prometheus exporter configuration
2197
##
2198
metrics:
2199
## @param metrics.enabled Enable prometheus exporter
2200
##
2201
enabled: false
2202
## @param metrics.nameOverride Metrics pod name
2203
##
2204
nameOverride: ""
2205
## @param metrics.fullnameOverride String to fully override common.names.fullname
2206
##
2207
fullnameOverride: ""
2208
## @param metrics.image.registry [default: REGISTRY_NAME] Metrics exporter image registry
2209
## @param metrics.image.repository [default: REPOSITORY_NAME/elasticsearch-exporter] Metrics exporter image repository
2210
## @skip metrics.image.tag Metrics exporter image tag
2211
## @param metrics.image.digest Metrics exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2212
## @param metrics.image.pullPolicy Metrics exporter image pull policy
2213
## @param metrics.image.pullSecrets Metrics exporter image pull secrets
2214
##
2215
image:
2216
registry: cgr.dev
2217
repository: chainguard-private/prometheus-elasticsearch-exporter-iamguarded
2218
tag: 1.10.0
2219
digest: ""
2220
pullPolicy: IfNotPresent
2221
## Optionally specify an array of imagePullSecrets.
2222
## Secrets must be manually created in the namespace.
2223
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2224
## e.g:
2225
## pullSecrets:
2226
## - myRegistryKeySecretName
2227
##
2228
pullSecrets: []
2229
## @param metrics.annotations [object] Annotations for metrics
2230
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2231
##
2232
annotations:
2233
helm.sh/hook: "post-install,post-upgrade"
2234
helm.sh/hook-weight: "5"
2235
## @param metrics.extraArgs Extra arguments to add to the default exporter command
2236
## ref: https://github.com/justwatchcom/elasticsearch_exporter
2237
## e.g
2238
## extraArgs:
2239
## - --es.snapshots
2240
## - --es.indices
2241
##
2242
extraArgs: []
2243
## @param metrics.automountServiceAccountToken Mount Service Account token in pod
2244
##
2245
automountServiceAccountToken: false
2246
## @param metrics.hostAliases Add deployment host aliases
2247
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
2248
##
2249
hostAliases: []
2250
## @param metrics.schedulerName Name of the k8s scheduler (other than default)
2251
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
2252
##
2253
schedulerName: ""
2254
## @param metrics.priorityClassName Elasticsearch metrics exporter pods' priorityClassName
2255
##
2256
priorityClassName: ""
2257
## Elasticsearch Prometheus exporter container ports
2258
## @param metrics.containerPorts.http Metrics HTTP port
2259
##
2260
containerPorts:
2261
http: 9114
2262
## Network Policies
2263
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
2264
##
2265
networkPolicy:
2266
## @param metrics.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
2267
##
2268
enabled: true
2269
## @param metrics.networkPolicy.allowExternal Don't require server label for connections
2270
## The Policy model to apply. When set to false, only pods with the correct
2271
## server label will have network access to the ports server is listening
2272
## on. When true, server will accept connections from any source
2273
## (with the correct destination port).
2274
##
2275
allowExternal: true
2276
## @param metrics.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
2277
##
2278
allowExternalEgress: true
2279
## @param metrics.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2280
## e.g:
2281
## extraIngress:
2282
## - ports:
2283
## - port: 1234
2284
## from:
2285
## - podSelector:
2286
## - matchLabels:
2287
## - role: frontend
2288
## - podSelector:
2289
## - matchExpressions:
2290
## - key: role
2291
## operator: In
2292
## values:
2293
## - frontend
2294
extraIngress: []
2295
## @param metrics.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
2296
## e.g:
2297
## extraEgress:
2298
## - ports:
2299
## - port: 1234
2300
## to:
2301
## - podSelector:
2302
## - matchLabels:
2303
## - role: frontend
2304
## - podSelector:
2305
## - matchExpressions:
2306
## - key: role
2307
## operator: In
2308
## values:
2309
## - frontend
2310
##
2311
extraEgress: []
2312
## @param metrics.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
2313
## @param metrics.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
2314
##
2315
ingressNSMatchLabels: {}
2316
ingressNSPodMatchLabels: {}
2317
## Elasticsearch Prometheus exporter service type
2318
##
2319
service:
2320
## @param metrics.service.type Metrics exporter endpoint service type
2321
##
2322
type: ClusterIP
2323
## @param metrics.service.port Metrics exporter endpoint service port
2324
##
2325
port: 9114
2326
## @param metrics.service.annotations [object] Provide any additional annotations which may be required.
2327
## This can be used to set the LoadBalancer service type to internal only.
2328
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
2329
##
2330
annotations:
2331
prometheus.io/scrape: "true"
2332
prometheus.io/port: "9114"
2333
## @param metrics.podAffinityPreset Metrics Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2334
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2335
##
2336
podAffinityPreset: ""
2337
## @param metrics.podAntiAffinityPreset Metrics Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2338
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2339
##
2340
podAntiAffinityPreset: ""
2341
## Node affinity preset
2342
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
2343
## @param metrics.nodeAffinityPreset.type Metrics Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2344
## @param metrics.nodeAffinityPreset.key Metrics Node label key to match Ignored if `affinity` is set.
2345
## @param metrics.nodeAffinityPreset.values Metrics Node label values to match. Ignored if `affinity` is set.
2346
##
2347
nodeAffinityPreset:
2348
type: ""
2349
## E.g.
2350
## key: "kubernetes.io/e2e-az-name"
2351
##
2352
key: ""
2353
## E.g.
2354
## values:
2355
## - e2e-az1
2356
## - e2e-az2
2357
##
2358
values: []
2359
## @param metrics.affinity Metrics Affinity for pod assignment
2360
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
2361
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
2362
##
2363
affinity: {}
2364
## @param metrics.nodeSelector Metrics Node labels for pod assignment
2365
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2366
##
2367
nodeSelector: {}
2368
## @param metrics.tolerations Metrics Tolerations for pod assignment
2369
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
2370
##
2371
tolerations: []
2372
## @param metrics.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
2373
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
2374
##
2375
topologySpreadConstraints: []
2376
## Elasticsearch Prometheus exporter resource requests and limits
2377
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2378
## We usually recommend not to specify default resources and to leave this as a conscious
2379
## choice for the user. This also increases chances charts run on environments with little
2380
## resources, such as Minikube. If you do want to specify resources, uncomment the following
2381
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
2382
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
2383
##
2384
resourcesPreset: "nano"
2385
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2386
## Example:
2387
## resources:
2388
## requests:
2389
## cpu: 2
2390
## memory: 512Mi
2391
## limits:
2392
## cpu: 3
2393
## memory: 1024Mi
2394
##
2395
resources: {}
2396
## Elasticsearch metrics container's liveness probe
2397
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
2398
## @param metrics.livenessProbe.enabled Enable/disable the liveness probe (metrics pod)
2399
## @param metrics.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated (metrics pod)
2400
## @param metrics.livenessProbe.periodSeconds How often to perform the probe (metrics pod)
2401
## @param metrics.livenessProbe.timeoutSeconds When the probe times out (metrics pod)
2402
## @param metrics.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
2403
## @param metrics.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod)
2404
##
2405
livenessProbe:
2406
enabled: true
2407
initialDelaySeconds: 60
2408
periodSeconds: 10
2409
timeoutSeconds: 5
2410
successThreshold: 1
2411
failureThreshold: 5
2412
## Elasticsearch metrics container's readiness probe
2413
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
2414
## @param metrics.readinessProbe.enabled Enable/disable the readiness probe (metrics pod)
2415
## @param metrics.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated (metrics pod)
2416
## @param metrics.readinessProbe.periodSeconds How often to perform the probe (metrics pod)
2417
## @param metrics.readinessProbe.timeoutSeconds When the probe times out (metrics pod)
2418
## @param metrics.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
2419
## @param metrics.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod)
2420
##
2421
readinessProbe:
2422
enabled: true
2423
initialDelaySeconds: 5
2424
periodSeconds: 10
2425
timeoutSeconds: 1
2426
successThreshold: 1
2427
failureThreshold: 5
2428
## Elasticsearch metrics container's startup probe
2429
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
2430
## @param metrics.startupProbe.enabled Enable/disable the startup probe (metrics pod)
2431
## @param metrics.startupProbe.initialDelaySeconds Delay before startup probe is initiated (metrics pod)
2432
## @param metrics.startupProbe.periodSeconds How often to perform the probe (metrics pod)
2433
## @param metrics.startupProbe.timeoutSeconds When the probe times out (metrics pod)
2434
## @param metrics.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded
2435
## @param metrics.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod)
2436
##
2437
startupProbe:
2438
enabled: false
2439
initialDelaySeconds: 5
2440
periodSeconds: 10
2441
timeoutSeconds: 1
2442
successThreshold: 1
2443
failureThreshold: 5
2444
## @param metrics.customStartupProbe Custom liveness probe for the Web component
2445
##
2446
customStartupProbe: {}
2447
## @param metrics.customLivenessProbe Custom liveness probe for the Web component
2448
##
2449
customLivenessProbe: {}
2450
## @param metrics.customReadinessProbe Custom readiness probe for the Web component
2451
##
2452
customReadinessProbe: {}
2453
## @param metrics.podAnnotations [object] Metrics exporter pod Annotation and Labels
2454
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2455
##
2456
podAnnotations:
2457
prometheus.io/scrape: "true"
2458
prometheus.io/port: "9114"
2459
## @param metrics.podLabels Extra labels to add to Pod
2460
##
2461
podLabels: {}
2462
## Configure Pods Security Context
2463
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2464
## @param metrics.podSecurityContext.enabled Enabled Elasticsearch metrics exporter pods' Security Context
2465
## @param metrics.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
2466
## @param metrics.podSecurityContext.sysctls Set kernel settings using the sysctl interface
2467
## @param metrics.podSecurityContext.supplementalGroups Set filesystem extra groups
2468
## @param metrics.podSecurityContext.fsGroup Set Elasticsearch metrics exporter pod's Security Context fsGroup
2469
##
2470
podSecurityContext:
2471
enabled: true
2472
fsGroupChangePolicy: Always
2473
sysctls: []
2474
supplementalGroups: []
2475
fsGroup: 1001
2476
## Configure Container Security Context
2477
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2478
## @param metrics.containerSecurityContext.enabled Elasticseacrh exporter container securityContext
2479
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2480
## @param metrics.containerSecurityContext.runAsUser User ID for the Elasticseacrh exporter container
2481
## @param metrics.containerSecurityContext.runAsGroup Group ID for the Elasticseacrh exporter container
2482
## @param metrics.containerSecurityContext.runAsNonRoot Set Elasticsearch exporter container's Security Context runAsNonRoot
2483
## @param metrics.containerSecurityContext.privileged Set Elasticsearch exporter container's Security Context privileged
2484
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Elasticsearch exporter container's Security Context allowPrivilegeEscalation
2485
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
2486
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
2487
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
2488
##
2489
containerSecurityContext:
2490
enabled: true
2491
seLinuxOptions: {}
2492
runAsUser: 1001
2493
runAsGroup: 1001
2494
runAsNonRoot: true
2495
privileged: false
2496
allowPrivilegeEscalation: false
2497
readOnlyRootFilesystem: true
2498
capabilities:
2499
drop: ["ALL"]
2500
seccompProfile:
2501
type: "RuntimeDefault"
2502
## @param metrics.command Override default container command (useful when using custom images)
2503
##
2504
command: []
2505
## @param metrics.args Override default container args (useful when using custom images)
2506
##
2507
args: []
2508
## @param metrics.extraEnvVars Array with extra environment variables to add to Elasticsearch metrics exporter nodes
2509
## e.g:
2510
## extraEnvVars:
2511
## - name: FOO
2512
## value: "bar"
2513
##
2514
extraEnvVars: []
2515
## @param metrics.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Elasticsearch metrics exporter nodes
2516
##
2517
extraEnvVarsCM: ""
2518
## @param metrics.extraEnvVarsSecret Name of existing Secret containing extra env vars for Elasticsearch metrics exporter nodes
2519
##
2520
extraEnvVarsSecret: ""
2521
## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Elasticsearch metrics exporter pod(s)
2522
##
2523
extraVolumes: []
2524
## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Elasticsearch metrics exporter container(s)
2525
##
2526
extraVolumeMounts: []
2527
## @param metrics.sidecars Add additional sidecar containers to the Elasticsearch metrics exporter pod(s)
2528
## e.g:
2529
## sidecars:
2530
## - name: your-image-name
2531
## image: your-image
2532
## imagePullPolicy: Always
2533
## ports:
2534
## - name: portname
2535
## containerPort: 1234
2536
##
2537
sidecars: []
2538
## @param metrics.initContainers Add additional init containers to the Elasticsearch metrics exporter pod(s)
2539
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
2540
## e.g:
2541
## initContainers:
2542
## - name: your-image-name
2543
## image: your-image
2544
## imagePullPolicy: Always
2545
## command: ['sh', '-c', 'echo "hello world"']
2546
##
2547
initContainers: []
2548
## Pods Service Account
2549
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2550
## @param metrics.serviceAccount.create Specifies whether a ServiceAccount should be created
2551
## @param metrics.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
2552
## @param metrics.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
2553
## @param metrics.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
2554
##
2555
serviceAccount:
2556
create: true
2557
name: ""
2558
automountServiceAccountToken: false
2559
annotations: {}
2560
## Prometheus Operator ServiceMonitor configuration
2561
##
2562
serviceMonitor:
2563
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
2564
##
2565
enabled: false
2566
## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in
2567
## e.g:
2568
## namespace: monitoring
2569
##
2570
namespace: ""
2571
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
2572
##
2573
jobLabel: ""
2574
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
2575
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2576
##
2577
interval: ""
2578
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
2579
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2580
##
2581
scrapeTimeout: ""
2582
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
2583
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
2584
##
2585
relabelings: []
2586
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
2587
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
2588
##
2589
metricRelabelings: []
2590
## @param metrics.serviceMonitor.selector ServiceMonitor selector labels
2591
##
2592
## selector:
2593
## prometheus: my-prometheus
2594
##
2595
selector: {}
2596
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
2597
##
2598
labels: {}
2599
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
2600
##
2601
honorLabels: false
2602
## Prometheus Operator PrometheusRule configuration
2603
##
2604
prometheusRule:
2605
## @param metrics.prometheusRule.enabled Creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`)
2606
##
2607
enabled: false
2608
## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace)
2609
##
2610
namespace: ""
2611
## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus
2612
##
2613
additionalLabels: {}
2614
## @param metrics.prometheusRule.rules Prometheus Rule definitions
2615
# - alert: es cluster error
2616
# annotations:
2617
# summary: "es cluster error"
2618
# description: "es cluster error, cluster state {{`{{`}} $labels.color {{`}}`}}"
2619
# expr: elasticsearch_cluster_health_status{color="red"} ==1 or elasticsearch_cluster_health_status{color="yellow"} ==1
2620
# for: 1m
2621
# labels:
2622
# severity: critical
2623
# group: PaaS
2624
##
2625
rules: []
2626
## @section Init Container Parameters
2627
2628
## 'volumePermissions' init container parameters
2629
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
2630
## based on the *podSecurityContext/*containerSecurityContext parameters
2631
##
2632
volumePermissions:
2633
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
2634
##
2635
enabled: false
2636
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
2637
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name
2638
## @skip volumePermissions.image.tag Init container volume-permissions image tag
2639
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2640
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
2641
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
2642
##
2643
image:
2644
registry: cgr.dev
2645
repository: chainguard-private/os-shell-iamguarded
2646
tag: 1.0.0
2647
digest: ""
2648
pullPolicy: IfNotPresent
2649
## Optionally specify an array of imagePullSecrets.
2650
## Secrets must be manually created in the namespace.
2651
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2652
## e.g:
2653
## pullSecrets:
2654
## - myRegistryKeySecretName
2655
##
2656
pullSecrets: []
2657
## Init container' resource requests and limits
2658
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2659
## We usually recommend not to specify default resources and to leave this as a conscious
2660
## choice for the user. This also increases chances charts run on environments with little
2661
## resources, such as Minikube. If you do want to specify resources, uncomment the following
2662
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
2663
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
2664
##
2665
resourcesPreset: "nano"
2666
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2667
## Example:
2668
## resources:
2669
## requests:
2670
## cpu: 2
2671
## memory: 512Mi
2672
## limits:
2673
## cpu: 3
2674
## memory: 1024Mi
2675
##
2676
resources: {}
2677
## Kernel settings modifier image
2678
##
2679
sysctlImage:
2680
## @param sysctlImage.enabled Enable kernel settings modifier image
2681
##
2682
enabled: true
2683
## @param sysctlImage.registry [default: REGISTRY_NAME] Kernel settings modifier image registry
2684
## @param sysctlImage.repository [default: REPOSITORY_NAME/os-shell] Kernel settings modifier image repository
2685
## @skip sysctlImage.tag Kernel settings modifier image tag
2686
## @param sysctlImage.digest Kernel settings modifier image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2687
## @param sysctlImage.pullPolicy Kernel settings modifier image pull policy
2688
## @param sysctlImage.pullSecrets Kernel settings modifier image pull secrets
2689
##
2690
registry: cgr.dev
2691
repository: chainguard-private/os-shell-iamguarded
2692
tag: 1.0.0
2693
digest: ""
2694
## Specify a imagePullPolicy
2695
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
2696
##
2697
pullPolicy: IfNotPresent
2698
## Optionally specify an array of imagePullSecrets.
2699
## Secrets must be manually created in the namespace.
2700
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2701
## e.g:
2702
## pullSecrets:
2703
## - myRegistryKeySecretName
2704
##
2705
pullSecrets: []
2706
## Init container' resource requests and limits
2707
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2708
## We usually recommend not to specify default resources and to leave this as a conscious
2709
## choice for the user. This also increases chances charts run on environments with little
2710
## resources, such as Minikube. If you do want to specify resources, uncomment the following
2711
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
2712
## @param sysctlImage.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctlImage.resources is set (sysctlImage.resources is recommended for production).
2713
##
2714
resourcesPreset: "nano"
2715
## @param sysctlImage.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2716
## Example:
2717
## resources:
2718
## requests:
2719
## cpu: 2
2720
## memory: 512Mi
2721
## limits:
2722
## cpu: 3
2723
## memory: 1024Mi
2724
##
2725
resources: {}
2726
## @section Kibana Parameters
2727
2728
## Bundled Kibana parameters
2729
## @param kibana.elasticsearch.hosts [array] Array containing hostnames for the ES instances. Used to generate the URL
2730
## @param kibana.elasticsearch.port Port to connect Kibana and ES instance. Used to generate the URL
2731
##
2732
kibana:
2733
elasticsearch:
2734
hosts:
2735
- '{{ include "elasticsearch.service.name" . }}'
2736
port: '{{ include "elasticsearch.service.ports.restAPI" . }}'
2737
image:
2738
registry: cgr.dev
2739
repository: chainguard-private/kibana-iamguarded
2740
tag: 9.3.1
2741
digest: ""
2742
volumePermissions:
2743
image:
2744
registry: cgr.dev
2745
repository: chainguard-private/os-shell-iamguarded
2746
tag: 1.0.0
2747
digest: ""
2748
The trusted source for open source
Talk to an expertCustomers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.