Difference between revisions of "Helm show values elastic/elasticsearch"

From wikieduonline
Jump to navigation Jump to search
(Created page with "{{lc}} == See also == * {{Helm}} Category:Helm")
 
Line 1: Line 1:
 
{{lc}}
 
{{lc}}
 +
 +
---
 +
clusterName: "elasticsearch"
 +
nodeGroup: "master"
 +
 +
# The service that non master groups will try to connect to when joining the cluster
 +
# This should be set to clusterName + "-" + nodeGroup for your master group
 +
masterService: ""
 +
 +
# Elasticsearch roles that will be applied to this nodeGroup
 +
# These will be set as environment variables. E.g. node.master=true
 +
roles:
 +
  master: "true"
 +
  ingest: "true"
 +
  data: "true"
 +
  remote_cluster_client: "true"
 +
  ml: "true"
 +
 +
replicas: 3
 +
minimumMasterNodes: 2
 +
 +
esMajorVersion: ""
 +
 +
clusterDeprecationIndexing: "false"
 +
 +
# Allows you to add any config files in /usr/share/elasticsearch/config/
 +
# such as elasticsearch.yml and log4j2.properties
 +
esConfig: {}
 +
#  elasticsearch.yml: |
 +
#    key:
 +
#      nestedkey: value
 +
#  log4j2.properties: |
 +
#    key = value
 +
 +
esJvmOptions: {}
 +
#  processors.options: |
 +
#    -XX:ActiveProcessorCount=3
 +
 +
# Extra environment variables to append to this nodeGroup
 +
# This will be appended to the current 'env:' key. You can use any of the kubernetes env
 +
# syntax here
 +
extraEnvs: []
 +
#  - name: MY_ENVIRONMENT_VAR
 +
#    value: the_value_goes_here
 +
 +
# Allows you to load environment variables from kubernetes secret or config map
 +
envFrom: []
 +
# - secretRef:
 +
#    name: env-secret
 +
# - configMapRef:
 +
#    name: config-map
 +
 +
# A list of secrets and their paths to mount inside the pod
 +
# This is useful for mounting certificates for security and for mounting
 +
# the X-Pack license
 +
secretMounts: []
 +
#  - name: elastic-certificates
 +
#    secretName: elastic-certificates
 +
#    path: /usr/share/elasticsearch/config/certs
 +
#    defaultMode: 0755
 +
 +
hostAliases: []
 +
#- ip: "127.0.0.1"
 +
#  hostnames:
 +
#  - "foo.local"
 +
#  - "bar.local"
 +
 +
image: "docker.elastic.co/elasticsearch/elasticsearch"
 +
imageTag: "7.17.3"
 +
imagePullPolicy: "IfNotPresent"
 +
 +
podAnnotations:
 +
  {}
 +
  # iam.amazonaws.com/role: es-cluster
 +
 +
# additionals labels
 +
labels: {}
 +
 +
esJavaOpts: "" # example: "-Xmx1g -Xms1g"
 +
 +
resources:
 +
  requests:
 +
    cpu: "1000m"
 +
    memory: "2Gi"
 +
  limits:
 +
    cpu: "1000m"
 +
    memory: "2Gi"
 +
 +
initResources:
 +
  {}
 +
  # limits:
 +
  #  cpu: "25m"
 +
  #  # memory: "128Mi"
 +
  # requests:
 +
  #  cpu: "25m"
 +
  #  memory: "128Mi"
 +
 +
networkHost: "0.0.0.0"
 +
 +
volumeClaimTemplate:
 +
  accessModes: ["ReadWriteOnce"]
 +
  resources:
 +
    requests:
 +
      storage: 30Gi
 +
 +
rbac:
 +
  create: false
 +
  serviceAccountAnnotations: {}
 +
  serviceAccountName: ""
 +
  automountToken: true
 +
 +
podSecurityPolicy:
 +
  create: false
 +
  name: ""
 +
  spec:
 +
    privileged: true
 +
    fsGroup:
 +
      rule: RunAsAny
 +
    runAsUser:
 +
      rule: RunAsAny
 +
    seLinux:
 +
      rule: RunAsAny
 +
    supplementalGroups:
 +
      rule: RunAsAny
 +
    volumes:
 +
      - secret
 +
      - configMap
 +
      - persistentVolumeClaim
 +
      - emptyDir
 +
 +
persistence:
 +
  enabled: true
 +
  labels:
 +
    # Add default labels for the volumeClaimTemplate of the StatefulSet
 +
    enabled: false
 +
  annotations: {}
 +
 +
extraVolumes:
 +
  []
 +
  # - name: extras
 +
  #  emptyDir: {}
 +
 +
extraVolumeMounts:
 +
  []
 +
  # - name: extras
 +
  #  mountPath: /usr/share/extras
 +
  #  readOnly: true
 +
 +
extraContainers:
 +
  []
 +
  # - name: do-something
 +
  #  image: busybox
 +
  #  command: ['do', 'something']
 +
 +
extraInitContainers:
 +
  []
 +
  # - name: do-something
 +
  #  image: busybox
 +
  #  command: ['do', 'something']
 +
 +
# This is the PriorityClass settings as defined in
 +
# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
 +
priorityClassName: ""
 +
 +
# By default this will make sure two pods don't end up on the same node
 +
# Changing this to a region would allow you to spread pods across regions
 +
antiAffinityTopologyKey: "kubernetes.io/hostname"
 +
 +
# Hard means that by default pods will only be scheduled if there are enough nodes for them
 +
# and that they will never end up on the same node. Setting this to soft will do this "best effort"
 +
antiAffinity: "hard"
 +
 +
# This is the node affinity settings as defined in
 +
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
 +
nodeAffinity: {}
 +
 +
# The default is to deploy all pods serially. By setting this to parallel all pods are started at
 +
# the same time when bootstrapping the cluster
 +
podManagementPolicy: "Parallel"
 +
 +
# The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when
 +
# there are many services in the current namespace.
 +
# If you experience slow pod startups you probably want to set this to `false`.
 +
enableServiceLinks: true
 +
 +
protocol: http
 +
httpPort: 9200
 +
transportPort: 9300
 +
 +
service:
 +
  enabled: true
 +
  labels: {}
 +
  labelsHeadless: {}
 +
  type: ClusterIP
 +
  # Consider that all endpoints are considered "ready" even if the Pods themselves are not
 +
  # https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec
 +
  publishNotReadyAddresses: false
 +
  nodePort: ""
 +
  annotations: {}
 +
  httpPortName: http
 +
  transportPortName: transport
 +
  loadBalancerIP: ""
 +
  loadBalancerSourceRanges: []
 +
  externalTrafficPolicy: ""
 +
 +
updateStrategy: RollingUpdate
 +
 +
# This is the max unavailable setting for the pod disruption budget
 +
# The default value of 1 will make sure that kubernetes won't allow more than 1
 +
# of your pods to be unavailable during maintenance
 +
maxUnavailable: 1
 +
 +
podSecurityContext:
 +
  fsGroup: 1000
 +
  runAsUser: 1000
 +
 +
securityContext:
 +
  capabilities:
 +
    drop:
 +
      - ALL
 +
  # readOnlyRootFilesystem: true
 +
  runAsNonRoot: true
 +
  runAsUser: 1000
 +
 +
# How long to wait for elasticsearch to stop gracefully
 +
terminationGracePeriod: 120
 +
 +
sysctlVmMaxMapCount: 262144
 +
 +
readinessProbe:
 +
  failureThreshold: 3
 +
  initialDelaySeconds: 10
 +
  periodSeconds: 10
 +
  successThreshold: 3
 +
  timeoutSeconds: 5
 +
 +
# https://www.elastic.co/guide/en/elasticsearch/reference/7.17/cluster-health.html#request-params wait_for_status
 +
clusterHealthCheckParams: "wait_for_status=green&timeout=1s"
 +
 +
## Use an alternate scheduler.
 +
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
 +
##
 +
schedulerName: ""
 +
 +
imagePullSecrets: []
 +
nodeSelector: {}
 +
tolerations: []
 +
 +
# Enabling this will publicly expose your Elasticsearch instance.
 +
# Only enable this if you have security enabled on your cluster
 +
ingress:
 +
  enabled: false
 +
  annotations: {}
 +
  # kubernetes.io/ingress.class: nginx
 +
  # kubernetes.io/tls-acme: "true"
 +
  className: "nginx"
 +
  pathtype: ImplementationSpecific
 +
  hosts:
 +
    - host: chart-example.local
 +
      paths:
 +
        - path: /
 +
  tls: []
 +
  #  - secretName: chart-example-tls
 +
  #    hosts:
 +
  #      - chart-example.local
 +
 +
nameOverride: ""
 +
fullnameOverride: ""
 +
healthNameOverride: ""
 +
 +
lifecycle:
 +
  {}
 +
  # preStop:
 +
  #  exec:
 +
  #    command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
 +
  # postStart:
 +
  #  exec:
 +
  #    command:
 +
  #      - bash
 +
  #      - -c
 +
  #      - |
 +
  #        #!/bin/bash
 +
  #        # Add a template to adjust number of shards/replicas
 +
  #        TEMPLATE_NAME=my_template
 +
  #        INDEX_PATTERN="logstash-*"
 +
  #        SHARD_COUNT=8
 +
  #        REPLICA_COUNT=1
 +
  #        ES_URL=http://localhost:9200
 +
  #        while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done
 +
  #        curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}'
 +
 +
sysctlInitContainer:
 +
  enabled: true
 +
 +
keystore: []
 +
 +
networkPolicy:
 +
  ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
 +
  ## In order for a Pod to access Elasticsearch, it needs to have the following label:
 +
  ## {{ template "uname" . }}-client: "true"
 +
  ## Example for default configuration to access HTTP port:
 +
  ## elasticsearch-master-http-client: "true"
 +
  ## Example for default configuration to access transport port:
 +
  ## elasticsearch-master-transport-client: "true"
 +
 +
  http:
 +
    enabled: false
 +
    ## if explicitNamespacesSelector is not set or set to {}, only client Pods being in the networkPolicy's namespace
 +
    ## and matching all criteria can reach the DB.
 +
    ## But sometimes, we want the Pods to be accessible to clients from other namespaces, in this case, we can use this
 +
    ## parameter to select these namespaces
 +
    ##
 +
    # explicitNamespacesSelector:
 +
    #  # Accept from namespaces with all those different rules (only from whitelisted Pods)
 +
    #  matchLabels:
 +
    #    role: frontend
 +
    #  matchExpressions:
 +
    #    - {key: role, operator: In, values: [frontend]}
 +
    ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed.
 +
    ##
 +
    # additionalRules:
 +
    #  - podSelector:
 +
    #      matchLabels:
 +
    #        role: frontend
 +
    #  - podSelector:
 +
    #      matchExpressions:
 +
    #        - key: role
 +
    #          operator: In
 +
    #          values:
 +
    #            - frontend
 +
 +
  transport:
 +
    ## Note that all Elasticsearch Pods can talk to themselves using transport port even if enabled.
 +
    enabled: false
 +
    # explicitNamespacesSelector:
 +
    #  matchLabels:
 +
    #    role: frontend
 +
    #  matchExpressions:
 +
    #    - {key: role, operator: In, values: [frontend]}
 +
    # additionalRules:
 +
    #  - podSelector:
 +
    #      matchLabels:
 +
    #        role: frontend
 +
    #  - podSelector:
 +
    #      matchExpressions:
 +
    #        - key: role
 +
    #          operator: In
 +
    #          values:
 +
    #            - frontend
 +
 +
tests:
 +
  enabled: true
 +
 +
# Deprecated
 +
# please use the above podSecurityContext.fsGroup instead
 +
fsGroup: ""
 +
  
  

Revision as of 06:16, 2 November 2022

---
clusterName: "elasticsearch"
nodeGroup: "master"

# The service that non master groups will try to connect to when joining the cluster
# This should be set to clusterName + "-" + nodeGroup for your master group
masterService: ""

# Elasticsearch roles that will be applied to this nodeGroup
# These will be set as environment variables. E.g. node.master=true
roles:
  master: "true"
  ingest: "true"
  data: "true"
  remote_cluster_client: "true"
  ml: "true"

replicas: 3
minimumMasterNodes: 2

esMajorVersion: ""

clusterDeprecationIndexing: "false"

# Allows you to add any config files in /usr/share/elasticsearch/config/
# such as elasticsearch.yml and log4j2.properties
esConfig: {}
#  elasticsearch.yml: |
#    key:
#      nestedkey: value
#  log4j2.properties: |
#    key = value

esJvmOptions: {}
#  processors.options: |
#    -XX:ActiveProcessorCount=3

# Extra environment variables to append to this nodeGroup
# This will be appended to the current 'env:' key. You can use any of the kubernetes env
# syntax here
extraEnvs: []
#  - name: MY_ENVIRONMENT_VAR
#    value: the_value_goes_here

# Allows you to load environment variables from kubernetes secret or config map
envFrom: []
# - secretRef:
#     name: env-secret
# - configMapRef:
#     name: config-map

# A list of secrets and their paths to mount inside the pod
# This is useful for mounting certificates for security and for mounting
# the X-Pack license
secretMounts: []
#  - name: elastic-certificates
#    secretName: elastic-certificates
#    path: /usr/share/elasticsearch/config/certs
#    defaultMode: 0755

hostAliases: []
#- ip: "127.0.0.1"
#  hostnames:
#  - "foo.local"
#  - "bar.local"

image: "docker.elastic.co/elasticsearch/elasticsearch"
imageTag: "7.17.3"
imagePullPolicy: "IfNotPresent"

podAnnotations:
  {}
  # iam.amazonaws.com/role: es-cluster

# additionals labels
labels: {}

esJavaOpts: "" # example: "-Xmx1g -Xms1g"

resources:
  requests:
    cpu: "1000m"
    memory: "2Gi"
  limits:
    cpu: "1000m"
    memory: "2Gi"

initResources:
  {}
  # limits:
  #   cpu: "25m"
  #   # memory: "128Mi"
  # requests:
  #   cpu: "25m"
  #   memory: "128Mi"

networkHost: "0.0.0.0"

volumeClaimTemplate:
  accessModes: ["ReadWriteOnce"]
  resources:
    requests:
      storage: 30Gi

rbac:
  create: false
  serviceAccountAnnotations: {}
  serviceAccountName: ""
  automountToken: true

podSecurityPolicy:
  create: false
  name: ""
  spec:
    privileged: true
    fsGroup:
      rule: RunAsAny
    runAsUser:
      rule: RunAsAny
    seLinux:
      rule: RunAsAny
    supplementalGroups:
      rule: RunAsAny
    volumes:
      - secret
      - configMap
      - persistentVolumeClaim
      - emptyDir

persistence:
  enabled: true
  labels:
    # Add default labels for the volumeClaimTemplate of the StatefulSet
    enabled: false
  annotations: {}

extraVolumes:
  []
  # - name: extras
  #   emptyDir: {}

extraVolumeMounts:
  []
  # - name: extras
  #   mountPath: /usr/share/extras
  #   readOnly: true

extraContainers:
  []
  # - name: do-something
  #   image: busybox
  #   command: ['do', 'something']

extraInitContainers:
  []
  # - name: do-something
  #   image: busybox
  #   command: ['do', 'something']

# This is the PriorityClass settings as defined in
# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: ""

# By default this will make sure two pods don't end up on the same node
# Changing this to a region would allow you to spread pods across regions
antiAffinityTopologyKey: "kubernetes.io/hostname"

# Hard means that by default pods will only be scheduled if there are enough nodes for them
# and that they will never end up on the same node. Setting this to soft will do this "best effort"
antiAffinity: "hard"

# This is the node affinity settings as defined in
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
nodeAffinity: {}

# The default is to deploy all pods serially. By setting this to parallel all pods are started at
# the same time when bootstrapping the cluster
podManagementPolicy: "Parallel"

# The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when
# there are many services in the current namespace.
# If you experience slow pod startups you probably want to set this to `false`.
enableServiceLinks: true

protocol: http
httpPort: 9200
transportPort: 9300

service:
  enabled: true
  labels: {}
  labelsHeadless: {}
  type: ClusterIP
  # Consider that all endpoints are considered "ready" even if the Pods themselves are not
  # https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec
  publishNotReadyAddresses: false
  nodePort: ""
  annotations: {}
  httpPortName: http
  transportPortName: transport
  loadBalancerIP: ""
  loadBalancerSourceRanges: []
  externalTrafficPolicy: ""

updateStrategy: RollingUpdate

# This is the max unavailable setting for the pod disruption budget
# The default value of 1 will make sure that kubernetes won't allow more than 1
# of your pods to be unavailable during maintenance
maxUnavailable: 1

podSecurityContext:
  fsGroup: 1000
  runAsUser: 1000

securityContext:
  capabilities:
    drop:
      - ALL
  # readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000

# How long to wait for elasticsearch to stop gracefully
terminationGracePeriod: 120

sysctlVmMaxMapCount: 262144

readinessProbe:
  failureThreshold: 3
  initialDelaySeconds: 10
  periodSeconds: 10
  successThreshold: 3
  timeoutSeconds: 5

# https://www.elastic.co/guide/en/elasticsearch/reference/7.17/cluster-health.html#request-params wait_for_status
clusterHealthCheckParams: "wait_for_status=green&timeout=1s"

## Use an alternate scheduler.
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""

imagePullSecrets: []
nodeSelector: {}
tolerations: []

# Enabling this will publicly expose your Elasticsearch instance.
# Only enable this if you have security enabled on your cluster
ingress:
  enabled: false
  annotations: {}
  # kubernetes.io/ingress.class: nginx
  # kubernetes.io/tls-acme: "true"
  className: "nginx"
  pathtype: ImplementationSpecific
  hosts:
    - host: chart-example.local
      paths:
        - path: /
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

nameOverride: ""
fullnameOverride: ""
healthNameOverride: ""

lifecycle:
  {}
  # preStop:
  #   exec:
  #     command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
  # postStart:
  #   exec:
  #     command:
  #       - bash
  #       - -c
  #       - |
  #         #!/bin/bash
  #         # Add a template to adjust number of shards/replicas
  #         TEMPLATE_NAME=my_template
  #         INDEX_PATTERN="logstash-*"
  #         SHARD_COUNT=8
  #         REPLICA_COUNT=1
  #         ES_URL=http://localhost:9200
  #         while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done
  #         curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}'

sysctlInitContainer:
  enabled: true

keystore: []

networkPolicy:
  ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
  ## In order for a Pod to access Elasticsearch, it needs to have the following label:
  ## Template:Template "uname" .-client: "true"
  ## Example for default configuration to access HTTP port:
  ## elasticsearch-master-http-client: "true"
  ## Example for default configuration to access transport port:
  ## elasticsearch-master-transport-client: "true"

  http:
    enabled: false
    ## if explicitNamespacesSelector is not set or set to {}, only client Pods being in the networkPolicy's namespace
    ## and matching all criteria can reach the DB.
    ## But sometimes, we want the Pods to be accessible to clients from other namespaces, in this case, we can use this
    ## parameter to select these namespaces
    ##
    # explicitNamespacesSelector:
    #   # Accept from namespaces with all those different rules (only from whitelisted Pods)
    #   matchLabels:
    #     role: frontend
    #   matchExpressions:
    #     - {key: role, operator: In, values: [frontend]}
    ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed.
    ##
    # additionalRules:
    #   - podSelector:
    #       matchLabels:
    #         role: frontend
    #   - podSelector:
    #       matchExpressions:
    #         - key: role
    #           operator: In
    #           values:
    #             - frontend

  transport:
    ## Note that all Elasticsearch Pods can talk to themselves using transport port even if enabled.
    enabled: false
    # explicitNamespacesSelector:
    #   matchLabels:
    #     role: frontend
    #   matchExpressions:
    #     - {key: role, operator: In, values: [frontend]}
    # additionalRules:
    #   - podSelector:
    #       matchLabels:
    #         role: frontend
    #   - podSelector:
    #       matchExpressions:
    #         - key: role
    #           operator: In
    #           values:
    #             - frontend

tests:
  enabled: true

# Deprecated
# please use the above podSecurityContext.fsGroup instead
fsGroup: ""


See also

Advertising: