-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
108 lines (105 loc) · 4.99 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
---
global:
imageCredentials:
registry: "YOUR_DOCKER_REGISTRY"
username: "YOUR_DOCKER_REGISTRY_USERNAME"
password: "YOUR_DOCKER_REGISTRY_PASSWORD"
srs:
# always set srs.srsStorage.provisionInternalESCluster=false when srs.enabled=false
enabled: true
deploymentName: "YOUR_SRS_DEPLOYMENT_NAME"
# specify unique name for the deployment based on org app and/or srs applicable environment name. eg: acme-demo-dev-srs
# srs-service configuration
srsRuntime:
# Number of pods to provision
replicaCount: 2
# docker image of the srs-service, platform-services/search-n-reporting-service:dockerTag
srsImage: "YOUR_SRS_IMAGE:TAG"
env:
# AuthEnabled may be set to true when there is an authentication mechanism in place between SRS and Pega Infinity.
AuthEnabled: false
# Set the value for parameter 'PublicKeyURL' when AuthEnabled is true.
PublicKeyURL: ""
# This section specifies the elasticsearch cluster configuration.
srsStorage:
# Setting srsStorage.provisionInternalESCluster to true will provision an internal elasticsearch cluster using the configuration
# specified in the `elasticsearch` section
provisionInternalESCluster: true
# To use your own Elasticsearch cluster, set srsStorage.provisionInternalESCluster to false and then
# set the external Elasticsearch cluster URL and port details below when using an externally managed elasticsearch
# Ensure that the specified endpoint is accessible from the kubernetes cluster pods.
# The elasticsearch connection supports two authentication methods: basic authentication or AWS IAM role-based authentication.
# domain: managed-elasticsearch.acme.io
# port: 443
# protocol: https
# To configure basic authentication to your externally-managed Elasticsearch cluster, uncomment and add the
# parameter details: srs.srsStorage.basicAuthentication.username and srs.srsStorage.basicAuthentication.password
# basicAuthentication:
# username: "BASIC_AUTH_USERNAME"
# password: "BASIC_AUTH_PASSWORD"
# To configure AWS IAM role-based authentication to your externally-managed Elasticsearch cluster, uncomment
# and add the parameter details: srs.srsStorage.awsIAM and its associated region, srs.srsStorage.awsIAM.region
# awsIAM:
# region: "AWS_ELASTICSEARCH_REGION"
# To configure either authentication method, when the elasticsearch domain requires an open internet connection, uncomment to set this parameter to "true".
# requireInternetAccess: true
# This section specifies the configuration for deploying an internal elasticsearch cluster for use with SRS.
# The configuration for rest of the values defined under 'elasticsearch' are to define the elasticsearch cluster
# based on helm charts defined at https://github.com/elastic/helm-charts/tree/master/elasticsearch and may be modified
# as per runtime and storage requirements.
elasticsearch:
imageTag: 7.10.2
# Permit co-located instances for solitary minikube virtual machines.
antiAffinity: "soft"
# Shrink default JVM heap.
esJavaOpts: "-Xmx1024m -Xms1024m"
# Allocate smaller chunks of memory per pod.
protocol: http
# This section specifies the elasticsearch cluster configuration for authentication and TLS.
esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
# Use this section to include additional, supported environmental variables for Elasticsearch basic authentication.
# The parameter values can be read from a specified secrets file.
extraEnvs:
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: srs-elastic-credentials
key: password
- name: ELASTIC_USERNAME
valueFrom:
secretKeyRef:
name: srs-elastic-credentials
key: username
resources:
requests:
cpu: "1000m"
memory: "2Gi"
limits:
cpu: "2000m"
memory: "3Gi"
volumeClaimTemplate:
accessModes: ["ReadWriteOnce"]
resources:
requests:
# configure volume size of the elasticsearch nodes based on search data storage requirements. The default storage size from elasticsearch is 30Gi.
storage: 30Gi
# elasticsearch.secretMounts will help reading certificates from elastic-certificates secret.
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates
path: /usr/share/elasticsearch/config/certs
# For Openshift deployments, you must enable the following custom values. For details
# refer to https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/openshift.
# securityContext:
# runAsUser: null
# podSecurityContext:
# fsGroup: null
# runAsUser: null
# sysctlInitContainer:
# enabled: false