This site uses cookies. Visit our cookies policy page or click the link in any footer for more information and to change your preferences.

Accept all cookies Accept only essential cookies

Code development platform for open source projects from the European Union institutions :large_blue_circle: EU Login authentication by SMS has been phased out. To see alternatives please check here

Skip to content
Snippets Groups Projects
Select Git revision
  • 4207353e65196ca96757de85c56e96b85703ae57
  • main default protected
  • feature/healthcheck-ab
  • feature/minimal_stack
  • develop protected
  • feature/alerts
  • feature/healtchecks-dashboard
  • feature/pdf-generation
  • feature/heartbeats-AB
  • feature/remove-unused-fields
  • v0.1.18
  • v0.1.17
  • v0.1.16
  • v0.1.15
  • v0.1.14
  • v0.1.13
  • v0.1.12
  • v0.1.11
  • v0.1.10
  • v0.1.9
  • v0.1.8
  • v0.1.7
  • v0.1.6
  • v0.1.5
  • v0.1.4
  • v0.1.3
  • v0.1.2
  • v0.1.0
28 results

elasticsearch.yaml

    • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    elasticsearch.yaml 6.99 KiB 
    apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: {{ .Release.Name }}-elasticsearch
spec:
  version: {{ .Values.elasticVersion }}
  image: {{ .Values.elasticsearch.image }}:{{ default .Values.elasticVersion  .Values.elasticsearch.imageTag }}
  auth:
    roles:
    - secretName: logstash-writer-role-secret
    - secretName: user-monitoring-role-secret
    fileRealm:
    - secretName: logstash-writer-secret
    - secretName: user-monitoring-secret
  nodeSets:
  {{- range .Values.elasticsearch.nodeSets }}
  - name: {{ .name }}
    count: {{ .count}}
    config: 
      xpack.security.authc.token.enabled: true
      http.cors.enabled : true
      http.cors.allow-origin : "*"
      http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
      http.cors.allow-headers: "kbn-version, Origin, X-Requested-With, Content-Type, Accept, Engaged-Auth-Token"
      xpack.security.enabled: true
      xpack.security.http.ssl.enabled: true
      xpack.security.http.ssl.key: /usr/share/elasticsearch/config/certs/tls.key
      xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/certs/tls.crt
      xpack.security.http.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/certs/ca.crt" ]
      xpack.monitoring.collection.enabled: true
    volumeClaimTemplates:
      - metadata:
          name: elasticsearch-data 
        spec:
          accessModes:
          - ReadWriteOnce
          resources:
            requests:
              storage: {{ .diskSpace }}
          storageClassName: {{ .storageClassName }}
    podTemplate:
      metadata:
        labels:
          stack-namespace: {{$.Release.Namespace}} 
      spec:
        initContainers:
        - name: sysctl
          imagePullPolicy: Always
          command: ["/bin/bash", "-c"]
          args:
            - |
              sysctl -w vm.max_map_count=2628576 &&
              sysctl -w net.ipv4.tcp_retries2=5 &&
              sysctl -w vm.swappiness=1 
          securityContext:
            runAsUser: 0
            runAsGroup: 0
            runAsNonRoot: false
            privileged: true
        containers:
        - name: elasticsearch
          volumeMounts:
          - name: certs
            mountPath: /usr/share/elasticsearch/config/certs
          imagePullPolicy: Always
          securityContext:
            #runAsUser: 0
            #runAsGroup: 0
            runAsNonRoot: true
          {{- with .resources }}

    For further information about the platform and support, please see https://code.europa.eu/info/about