Difference between revisions of "Helm show values elastic/elasticsearch"
Jump to navigation
Jump to search
(Created page with "{{lc}} == See also == * {{Helm}} Category:Helm") |
|||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
+ | |||
+ | --- | ||
+ | clusterName: "elasticsearch" | ||
+ | nodeGroup: "master" | ||
+ | |||
+ | # The service that non master groups will try to connect to when joining the cluster | ||
+ | # This should be set to clusterName + "-" + nodeGroup for your master group | ||
+ | masterService: "" | ||
+ | |||
+ | # Elasticsearch roles that will be applied to this nodeGroup | ||
+ | # These will be set as environment variables. E.g. node.master=true | ||
+ | roles: | ||
+ | master: "true" | ||
+ | ingest: "true" | ||
+ | data: "true" | ||
+ | remote_cluster_client: "true" | ||
+ | ml: "true" | ||
+ | |||
+ | replicas: 3 | ||
+ | minimumMasterNodes: 2 | ||
+ | |||
+ | esMajorVersion: "" | ||
+ | |||
+ | clusterDeprecationIndexing: "false" | ||
+ | |||
+ | # Allows you to add any config files in /usr/share/elasticsearch/config/ | ||
+ | # such as elasticsearch.yml and log4j2.properties | ||
+ | esConfig: {} | ||
+ | # elasticsearch.yml: | | ||
+ | # key: | ||
+ | # nestedkey: value | ||
+ | # log4j2.properties: | | ||
+ | # key = value | ||
+ | |||
+ | esJvmOptions: {} | ||
+ | # processors.options: | | ||
+ | # -XX:ActiveProcessorCount=3 | ||
+ | |||
+ | # Extra environment variables to append to this nodeGroup | ||
+ | # This will be appended to the current 'env:' key. You can use any of the kubernetes env | ||
+ | # syntax here | ||
+ | extraEnvs: [] | ||
+ | # - name: MY_ENVIRONMENT_VAR | ||
+ | # value: the_value_goes_here | ||
+ | |||
+ | # Allows you to load environment variables from kubernetes secret or config map | ||
+ | envFrom: [] | ||
+ | # - secretRef: | ||
+ | # name: env-secret | ||
+ | # - configMapRef: | ||
+ | # name: config-map | ||
+ | |||
+ | # A list of secrets and their paths to mount inside the pod | ||
+ | # This is useful for mounting certificates for security and for mounting | ||
+ | # the X-Pack license | ||
+ | secretMounts: [] | ||
+ | # - name: elastic-certificates | ||
+ | # secretName: elastic-certificates | ||
+ | # path: /usr/share/elasticsearch/config/certs | ||
+ | # defaultMode: 0755 | ||
+ | |||
+ | hostAliases: [] | ||
+ | #- ip: "127.0.0.1" | ||
+ | # hostnames: | ||
+ | # - "foo.local" | ||
+ | # - "bar.local" | ||
+ | |||
+ | image: "docker.elastic.co/elasticsearch/elasticsearch" | ||
+ | imageTag: "7.17.3" | ||
+ | imagePullPolicy: "IfNotPresent" | ||
+ | |||
+ | podAnnotations: | ||
+ | {} | ||
+ | # iam.amazonaws.com/role: es-cluster | ||
+ | |||
+ | # additionals labels | ||
+ | labels: {} | ||
+ | |||
+ | esJavaOpts: "" # example: "-Xmx1g -Xms1g" | ||
+ | |||
+ | resources: | ||
+ | requests: | ||
+ | cpu: "1000m" | ||
+ | memory: "2Gi" | ||
+ | limits: | ||
+ | cpu: "1000m" | ||
+ | memory: "2Gi" | ||
+ | |||
+ | initResources: | ||
+ | {} | ||
+ | # limits: | ||
+ | # cpu: "25m" | ||
+ | # # memory: "128Mi" | ||
+ | # requests: | ||
+ | # cpu: "25m" | ||
+ | # memory: "128Mi" | ||
+ | |||
+ | networkHost: "0.0.0.0" | ||
+ | |||
+ | volumeClaimTemplate: | ||
+ | accessModes: ["ReadWriteOnce"] | ||
+ | resources: | ||
+ | requests: | ||
+ | storage: 30Gi | ||
+ | |||
+ | rbac: | ||
+ | create: false | ||
+ | serviceAccountAnnotations: {} | ||
+ | serviceAccountName: "" | ||
+ | automountToken: true | ||
+ | |||
+ | podSecurityPolicy: | ||
+ | create: false | ||
+ | name: "" | ||
+ | spec: | ||
+ | privileged: true | ||
+ | fsGroup: | ||
+ | rule: RunAsAny | ||
+ | runAsUser: | ||
+ | rule: RunAsAny | ||
+ | seLinux: | ||
+ | rule: RunAsAny | ||
+ | supplementalGroups: | ||
+ | rule: RunAsAny | ||
+ | volumes: | ||
+ | - secret | ||
+ | - configMap | ||
+ | - persistentVolumeClaim | ||
+ | - emptyDir | ||
+ | |||
+ | persistence: | ||
+ | enabled: true | ||
+ | labels: | ||
+ | # Add default labels for the volumeClaimTemplate of the StatefulSet | ||
+ | enabled: false | ||
+ | annotations: {} | ||
+ | |||
+ | extraVolumes: | ||
+ | [] | ||
+ | # - name: extras | ||
+ | # emptyDir: {} | ||
+ | |||
+ | extraVolumeMounts: | ||
+ | [] | ||
+ | # - name: extras | ||
+ | # mountPath: /usr/share/extras | ||
+ | # readOnly: true | ||
+ | |||
+ | extraContainers: | ||
+ | [] | ||
+ | # - name: do-something | ||
+ | # image: busybox | ||
+ | # command: ['do', 'something'] | ||
+ | |||
+ | extraInitContainers: | ||
+ | [] | ||
+ | # - name: do-something | ||
+ | # image: busybox | ||
+ | # command: ['do', 'something'] | ||
+ | |||
+ | # This is the PriorityClass settings as defined in | ||
+ | # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass | ||
+ | priorityClassName: "" | ||
+ | |||
+ | # By default this will make sure two pods don't end up on the same node | ||
+ | # Changing this to a region would allow you to spread pods across regions | ||
+ | antiAffinityTopologyKey: "kubernetes.io/hostname" | ||
+ | |||
+ | # Hard means that by default pods will only be scheduled if there are enough nodes for them | ||
+ | # and that they will never end up on the same node. Setting this to soft will do this "best effort" | ||
+ | antiAffinity: "hard" | ||
+ | |||
+ | # This is the node affinity settings as defined in | ||
+ | # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature | ||
+ | nodeAffinity: {} | ||
+ | |||
+ | # The default is to deploy all pods serially. By setting this to parallel all pods are started at | ||
+ | # the same time when bootstrapping the cluster | ||
+ | podManagementPolicy: "Parallel" | ||
+ | |||
+ | # The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when | ||
+ | # there are many services in the current namespace. | ||
+ | # If you experience slow pod startups you probably want to set this to `false`. | ||
+ | enableServiceLinks: true | ||
+ | |||
+ | protocol: http | ||
+ | httpPort: 9200 | ||
+ | transportPort: 9300 | ||
+ | |||
+ | service: | ||
+ | enabled: true | ||
+ | labels: {} | ||
+ | labelsHeadless: {} | ||
+ | type: ClusterIP | ||
+ | # Consider that all endpoints are considered "ready" even if the Pods themselves are not | ||
+ | # https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec | ||
+ | publishNotReadyAddresses: false | ||
+ | nodePort: "" | ||
+ | annotations: {} | ||
+ | httpPortName: http | ||
+ | transportPortName: transport | ||
+ | loadBalancerIP: "" | ||
+ | loadBalancerSourceRanges: [] | ||
+ | externalTrafficPolicy: "" | ||
+ | |||
+ | updateStrategy: RollingUpdate | ||
+ | |||
+ | # This is the max unavailable setting for the pod disruption budget | ||
+ | # The default value of 1 will make sure that kubernetes won't allow more than 1 | ||
+ | # of your pods to be unavailable during maintenance | ||
+ | maxUnavailable: 1 | ||
+ | |||
+ | podSecurityContext: | ||
+ | fsGroup: 1000 | ||
+ | runAsUser: 1000 | ||
+ | |||
+ | securityContext: | ||
+ | capabilities: | ||
+ | drop: | ||
+ | - ALL | ||
+ | # readOnlyRootFilesystem: true | ||
+ | runAsNonRoot: true | ||
+ | runAsUser: 1000 | ||
+ | |||
+ | # How long to wait for elasticsearch to stop gracefully | ||
+ | terminationGracePeriod: 120 | ||
+ | |||
+ | sysctlVmMaxMapCount: 262144 | ||
+ | |||
+ | readinessProbe: | ||
+ | failureThreshold: 3 | ||
+ | initialDelaySeconds: 10 | ||
+ | periodSeconds: 10 | ||
+ | successThreshold: 3 | ||
+ | timeoutSeconds: 5 | ||
+ | |||
+ | # https://www.elastic.co/guide/en/elasticsearch/reference/7.17/cluster-health.html#request-params wait_for_status | ||
+ | clusterHealthCheckParams: "wait_for_status=green&timeout=1s" | ||
+ | |||
+ | ## Use an alternate scheduler. | ||
+ | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | ||
+ | ## | ||
+ | schedulerName: "" | ||
+ | |||
+ | imagePullSecrets: [] | ||
+ | nodeSelector: {} | ||
+ | tolerations: [] | ||
+ | |||
+ | # Enabling this will publicly expose your Elasticsearch instance. | ||
+ | # Only enable this if you have security enabled on your cluster | ||
+ | ingress: | ||
+ | enabled: false | ||
+ | annotations: {} | ||
+ | # kubernetes.io/ingress.class: nginx | ||
+ | # kubernetes.io/tls-acme: "true" | ||
+ | className: "nginx" | ||
+ | pathtype: ImplementationSpecific | ||
+ | hosts: | ||
+ | - host: chart-example.local | ||
+ | paths: | ||
+ | - path: / | ||
+ | tls: [] | ||
+ | # - secretName: chart-example-tls | ||
+ | # hosts: | ||
+ | # - chart-example.local | ||
+ | |||
+ | nameOverride: "" | ||
+ | fullnameOverride: "" | ||
+ | healthNameOverride: "" | ||
+ | |||
+ | lifecycle: | ||
+ | {} | ||
+ | # preStop: | ||
+ | # exec: | ||
+ | # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] | ||
+ | # postStart: | ||
+ | # exec: | ||
+ | # command: | ||
+ | # - bash | ||
+ | # - -c | ||
+ | # - | | ||
+ | # #!/bin/bash | ||
+ | # # Add a template to adjust number of shards/replicas | ||
+ | # TEMPLATE_NAME=my_template | ||
+ | # INDEX_PATTERN="logstash-*" | ||
+ | # SHARD_COUNT=8 | ||
+ | # REPLICA_COUNT=1 | ||
+ | # ES_URL=http://localhost:9200 | ||
+ | # while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done | ||
+ | # curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}' | ||
+ | |||
+ | sysctlInitContainer: | ||
+ | enabled: true | ||
+ | |||
+ | keystore: [] | ||
+ | |||
+ | networkPolicy: | ||
+ | ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. | ||
+ | ## In order for a Pod to access Elasticsearch, it needs to have the following label: | ||
+ | ## {{ template "uname" . }}-client: "true" | ||
+ | ## Example for default configuration to access HTTP port: | ||
+ | ## elasticsearch-master-http-client: "true" | ||
+ | ## Example for default configuration to access transport port: | ||
+ | ## elasticsearch-master-transport-client: "true" | ||
+ | |||
+ | http: | ||
+ | enabled: false | ||
+ | ## if explicitNamespacesSelector is not set or set to {}, only client Pods being in the networkPolicy's namespace | ||
+ | ## and matching all criteria can reach the DB. | ||
+ | ## But sometimes, we want the Pods to be accessible to clients from other namespaces, in this case, we can use this | ||
+ | ## parameter to select these namespaces | ||
+ | ## | ||
+ | # explicitNamespacesSelector: | ||
+ | # # Accept from namespaces with all those different rules (only from whitelisted Pods) | ||
+ | # matchLabels: | ||
+ | # role: frontend | ||
+ | # matchExpressions: | ||
+ | # - {key: role, operator: In, values: [frontend]} | ||
+ | ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. | ||
+ | ## | ||
+ | # additionalRules: | ||
+ | # - podSelector: | ||
+ | # matchLabels: | ||
+ | # role: frontend | ||
+ | # - podSelector: | ||
+ | # matchExpressions: | ||
+ | # - key: role | ||
+ | # operator: In | ||
+ | # values: | ||
+ | # - frontend | ||
+ | |||
+ | transport: | ||
+ | ## Note that all Elasticsearch Pods can talk to themselves using transport port even if enabled. | ||
+ | enabled: false | ||
+ | # explicitNamespacesSelector: | ||
+ | # matchLabels: | ||
+ | # role: frontend | ||
+ | # matchExpressions: | ||
+ | # - {key: role, operator: In, values: [frontend]} | ||
+ | # additionalRules: | ||
+ | # - podSelector: | ||
+ | # matchLabels: | ||
+ | # role: frontend | ||
+ | # - podSelector: | ||
+ | # matchExpressions: | ||
+ | # - key: role | ||
+ | # operator: In | ||
+ | # values: | ||
+ | # - frontend | ||
+ | |||
+ | tests: | ||
+ | enabled: true | ||
+ | |||
+ | # Deprecated | ||
+ | # please use the above podSecurityContext.fsGroup instead | ||
+ | fsGroup: "" | ||
+ | |||
Revision as of 06:16, 2 November 2022
--- clusterName: "elasticsearch" nodeGroup: "master" # The service that non master groups will try to connect to when joining the cluster # This should be set to clusterName + "-" + nodeGroup for your master group masterService: "" # Elasticsearch roles that will be applied to this nodeGroup # These will be set as environment variables. E.g. node.master=true roles: master: "true" ingest: "true" data: "true" remote_cluster_client: "true" ml: "true" replicas: 3 minimumMasterNodes: 2 esMajorVersion: "" clusterDeprecationIndexing: "false" # Allows you to add any config files in /usr/share/elasticsearch/config/ # such as elasticsearch.yml and log4j2.properties esConfig: {} # elasticsearch.yml: | # key: # nestedkey: value # log4j2.properties: | # key = value esJvmOptions: {} # processors.options: | # -XX:ActiveProcessorCount=3 # Extra environment variables to append to this nodeGroup # This will be appended to the current 'env:' key. You can use any of the kubernetes env # syntax here extraEnvs: [] # - name: MY_ENVIRONMENT_VAR # value: the_value_goes_here # Allows you to load environment variables from kubernetes secret or config map envFrom: [] # - secretRef: # name: env-secret # - configMapRef: # name: config-map # A list of secrets and their paths to mount inside the pod # This is useful for mounting certificates for security and for mounting # the X-Pack license secretMounts: [] # - name: elastic-certificates # secretName: elastic-certificates # path: /usr/share/elasticsearch/config/certs # defaultMode: 0755 hostAliases: [] #- ip: "127.0.0.1" # hostnames: # - "foo.local" # - "bar.local" image: "docker.elastic.co/elasticsearch/elasticsearch" imageTag: "7.17.3" imagePullPolicy: "IfNotPresent" podAnnotations: {} # iam.amazonaws.com/role: es-cluster # additionals labels labels: {} esJavaOpts: "" # example: "-Xmx1g -Xms1g" resources: requests: cpu: "1000m" memory: "2Gi" limits: cpu: "1000m" memory: "2Gi" initResources: {} # limits: # cpu: "25m" # # memory: "128Mi" # requests: # cpu: "25m" # memory: "128Mi" networkHost: "0.0.0.0" volumeClaimTemplate: accessModes: ["ReadWriteOnce"] resources: requests: storage: 30Gi rbac: create: false serviceAccountAnnotations: {} serviceAccountName: "" automountToken: true podSecurityPolicy: create: false name: "" spec: privileged: true fsGroup: rule: RunAsAny runAsUser: rule: RunAsAny seLinux: rule: RunAsAny supplementalGroups: rule: RunAsAny volumes: - secret - configMap - persistentVolumeClaim - emptyDir persistence: enabled: true labels: # Add default labels for the volumeClaimTemplate of the StatefulSet enabled: false annotations: {} extraVolumes: [] # - name: extras # emptyDir: {} extraVolumeMounts: [] # - name: extras # mountPath: /usr/share/extras # readOnly: true extraContainers: [] # - name: do-something # image: busybox # command: ['do', 'something'] extraInitContainers: [] # - name: do-something # image: busybox # command: ['do', 'something'] # This is the PriorityClass settings as defined in # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" # By default this will make sure two pods don't end up on the same node # Changing this to a region would allow you to spread pods across regions antiAffinityTopologyKey: "kubernetes.io/hostname" # Hard means that by default pods will only be scheduled if there are enough nodes for them # and that they will never end up on the same node. Setting this to soft will do this "best effort" antiAffinity: "hard" # This is the node affinity settings as defined in # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature nodeAffinity: {} # The default is to deploy all pods serially. By setting this to parallel all pods are started at # the same time when bootstrapping the cluster podManagementPolicy: "Parallel" # The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when # there are many services in the current namespace. # If you experience slow pod startups you probably want to set this to `false`. enableServiceLinks: true protocol: http httpPort: 9200 transportPort: 9300 service: enabled: true labels: {} labelsHeadless: {} type: ClusterIP # Consider that all endpoints are considered "ready" even if the Pods themselves are not # https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec publishNotReadyAddresses: false nodePort: "" annotations: {} httpPortName: http transportPortName: transport loadBalancerIP: "" loadBalancerSourceRanges: [] externalTrafficPolicy: "" updateStrategy: RollingUpdate # This is the max unavailable setting for the pod disruption budget # The default value of 1 will make sure that kubernetes won't allow more than 1 # of your pods to be unavailable during maintenance maxUnavailable: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 securityContext: capabilities: drop: - ALL # readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 # How long to wait for elasticsearch to stop gracefully terminationGracePeriod: 120 sysctlVmMaxMapCount: 262144 readinessProbe: failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 3 timeoutSeconds: 5 # https://www.elastic.co/guide/en/elasticsearch/reference/7.17/cluster-health.html#request-params wait_for_status clusterHealthCheckParams: "wait_for_status=green&timeout=1s" ## Use an alternate scheduler. ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" imagePullSecrets: [] nodeSelector: {} tolerations: [] # Enabling this will publicly expose your Elasticsearch instance. # Only enable this if you have security enabled on your cluster ingress: enabled: false annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" className: "nginx" pathtype: ImplementationSpecific hosts: - host: chart-example.local paths: - path: / tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local nameOverride: "" fullnameOverride: "" healthNameOverride: "" lifecycle: {} # preStop: # exec: # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] # postStart: # exec: # command: # - bash # - -c # - | # #!/bin/bash # # Add a template to adjust number of shards/replicas # TEMPLATE_NAME=my_template # INDEX_PATTERN="logstash-*" # SHARD_COUNT=8 # REPLICA_COUNT=1 # ES_URL=http://localhost:9200 # while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done # curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}' sysctlInitContainer: enabled: true keystore: [] networkPolicy: ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. ## In order for a Pod to access Elasticsearch, it needs to have the following label: ## Template:Template "uname" .-client: "true" ## Example for default configuration to access HTTP port: ## elasticsearch-master-http-client: "true" ## Example for default configuration to access transport port: ## elasticsearch-master-transport-client: "true" http: enabled: false ## if explicitNamespacesSelector is not set or set to {}, only client Pods being in the networkPolicy's namespace ## and matching all criteria can reach the DB. ## But sometimes, we want the Pods to be accessible to clients from other namespaces, in this case, we can use this ## parameter to select these namespaces ## # explicitNamespacesSelector: # # Accept from namespaces with all those different rules (only from whitelisted Pods) # matchLabels: # role: frontend # matchExpressions: # - {key: role, operator: In, values: [frontend]} ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. ## # additionalRules: # - podSelector: # matchLabels: # role: frontend # - podSelector: # matchExpressions: # - key: role # operator: In # values: # - frontend transport: ## Note that all Elasticsearch Pods can talk to themselves using transport port even if enabled. enabled: false # explicitNamespacesSelector: # matchLabels: # role: frontend # matchExpressions: # - {key: role, operator: In, values: [frontend]} # additionalRules: # - podSelector: # matchLabels: # role: frontend # - podSelector: # matchExpressions: # - key: role # operator: In # values: # - frontend tests: enabled: true # Deprecated # please use the above podSecurityContext.fsGroup instead fsGroup: ""
See also
- Helm,
helm
[repo | template
|list
|install | unsintall
|create
|show | pull | push
|status | history | plugin
|search | upgrade | delete | lint | test | package | dependency | get | rollback | version | --help]
,helm@2
, Chart file structure, Helm Charts,values.yaml, chart.yaml
, Helm functions, Helm versions,helmfile
Deprecated:init
, variables, Mapkubeapis, .helmignore
Advertising: