diff --git a/.github/ct.yaml b/.github/ct.yaml index 2da3947..ccea394 100644 --- a/.github/ct.yaml +++ b/.github/ct.yaml @@ -8,3 +8,5 @@ upgrade: true validate-chart-schema: true validate-maintainers: false validate-yaml: true +chart-repos: +- opensearch=https://opensearch-project.github.io/helm-charts/ diff --git a/charts/opencti/README.md b/charts/opencti/README.md index d089b97..db6ab44 100644 --- a/charts/opencti/README.md +++ b/charts/opencti/README.md @@ -79,86 +79,94 @@ helm show values opencti/opencti | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | Affinity for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | -| autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | -| connectors | list | `[]` | Connectors
Ref: https://github.com/OpenCTI-Platform/connectors/tree/master | -| connectorsGlobalEnv | object | `{}` | Connector Global environment | -| elasticsearch | object | `{"clusterName":"elastic","coordinating":{"replicaCount":0},"data":{"persistence":{"enabled":false},"replicaCount":1},"enabled":true,"extraEnvVars":[{"name":"ES_JAVA_OPTS","value":"-Xms512M -Xmx512M"}],"ingest":{"enabled":false},"master":{"masterOnly":true,"persistence":{"enabled":false},"replicaCount":1},"sysctlImage":{"enabled":false}}` | ElasticSearch subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/elasticsearch/values.yaml | +| affinity | object | `{}` | Affinity for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | +| autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | +| connectors | list | `[]` | Connectors
Ref: https://github.com/OpenCTI-Platform/connectors/tree/master | +| connectorsGlobalEnv | object | `{}` | Connector Global environment | +| elasticsearch | object | `{"clusterName":"elastic","coordinating":{"replicaCount":0},"data":{"persistence":{"enabled":false},"replicaCount":1},"enabled":true,"extraEnvVars":[{"name":"ES_JAVA_OPTS","value":"-Xms512M -Xmx512M"}],"ingest":{"enabled":false},"master":{"masterOnly":true,"persistence":{"enabled":false},"replicaCount":1},"sysctlImage":{"enabled":false}}` | ElasticSearch subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/elasticsearch/values.yaml | | elasticsearch.enabled | bool | `true` | Enable or disable ElasticSearch subchart | -| env | object | `{"APP__ADMIN__EMAIL":"admin@opencti.io","APP__ADMIN__PASSWORD":"ChangeMe","APP__ADMIN__TOKEN":"ChangeMe","APP__BASE_PATH":"/","APP__GRAPHQL__PLAYGROUND__ENABLED":false,"APP__GRAPHQL__PLAYGROUND__FORCE_DISABLED_INTROSPECTION":false,"APP__HEALTH_ACCESS_KEY":"ChangeMe","APP__TELEMETRY__METRICS__ENABLED":true,"ELASTICSEARCH__URL":"http://release-name-elasticsearch:9200","MINIO__ENDPOINT":"release-name-minio:9000","RABBITMQ__HOSTNAME":"release-name-rabbitmq","RABBITMQ__PASSWORD":"ChangeMe","RABBITMQ__PORT":5672,"RABBITMQ__PORT_MANAGEMENT":15672,"RABBITMQ__USERNAME":"user","REDIS__HOSTNAME":"release-name-redis-master","REDIS__MODE":"single","REDIS__PORT":6379}` | Environment variables to configure application
Ref: https://docs.openbas.io/latest/deployment/configuration/#platform | -| envFromSecrets | object | `{}` | Secrets from variables | -| fullnameOverride | string | `""` | String to fully override opencti.fullname template | -| global | object | `{"imagePullSecrets":[],"imageRegistry":""}` | Global section contains configuration options that are applied to all services @default - See below | -| global.imagePullSecrets | list | `[]` | Specifies the secrets to use for pulling images from private registries Leave empty if no secrets are required E.g. imagePullSecrets: - name: myRegistryKeySecretName | -| global.imageRegistry | string | `""` | Specifies the registry to pull images from. Leave empty for the default registry | -| image | object | See below | Image registry configuration for the base service | -| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image | -| image.repository | string | `"opencti/platform"` | Repository of the image | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| imagePullSecrets | list | `[]` | Global Docker registry secret names as an array | -| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | -| livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure liveness checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | -| livenessProbeCustom | object | `{}` | Custom livenessProbe | -| minio | object | `{"auth":{"rootPassword":"ChangeMe","rootUser":"ChangeMe"},"enabled":true,"mode":"standalone","persistence":{"enabled":false}}` | MinIO subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml | +| env | object | `{"APP__ADMIN__EMAIL":"admin@opencti.io","APP__ADMIN__PASSWORD":"ChangeMe","APP__ADMIN__TOKEN":"ChangeMe","APP__BASE_PATH":"/","APP__GRAPHQL__PLAYGROUND__ENABLED":false,"APP__GRAPHQL__PLAYGROUND__FORCE_DISABLED_INTROSPECTION":false,"APP__HEALTH_ACCESS_KEY":"ChangeMe","APP__TELEMETRY__METRICS__ENABLED":true,"ELASTICSEARCH__URL":"http://release-name-elasticsearch:9200","MINIO__ENDPOINT":"release-name-minio:9000","RABBITMQ__HOSTNAME":"release-name-rabbitmq","RABBITMQ__PASSWORD":"ChangeMe","RABBITMQ__PORT":5672,"RABBITMQ__PORT_MANAGEMENT":15672,"RABBITMQ__USERNAME":"user","REDIS__HOSTNAME":"release-name-redis-master","REDIS__MODE":"single","REDIS__PORT":6379}` | Environment variables to configure application
Ref: https://docs.openbas.io/latest/deployment/configuration/#platform | +| envFromSecrets | object | `{}` | Secrets from variables | +| fullnameOverride | string | `""` | String to fully override opencti.fullname template | +| global | object | `{"imagePullSecrets":[],"imageRegistry":""}` | Global section contains configuration options that are applied to all services | +| global.imagePullSecrets | list | `[]` | Specifies the secrets to use for pulling images from private registries Leave empty if no secrets are required E.g. imagePullSecrets: - name: myRegistryKeySecretName | +| global.imageRegistry | string | `""` | Specifies the registry to pull images from. Leave empty for the default registry | +| image | object | `{"pullPolicy":"IfNotPresent","repository":"opencti/platform","tag":""}` | Image registry configuration for the base service | +| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image | +| image.repository | string | `"opencti/platform"` | Repository of the image | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | +| imagePullSecrets | list | `[]` | Global Docker registry secret names as an array | +| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | +| livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure liveness checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | +| livenessProbeCustom | object | `{}` | Custom livenessProbe | +| minio | object | `{"auth":{"rootPassword":"ChangeMe","rootUser":"ChangeMe"},"enabled":true,"mode":"standalone","persistence":{"enabled":false}}` | MinIO subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml | | minio.enabled | bool | `true` | Enable or disable MinIO subchart | -| nameOverride | string | `""` | String to partially override opencti.fullname template (will maintain the release name) | -| nodeSelector | object | `{}` | Node labels for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | -| opensearch | object | `{"enabled":false,"opensearchJavaOpts":"-Xmx512M -Xms512M","persistence":{"enabled":false},"singleNode":true}` | OpenSearch subchart deployment
Ref: https://github.com/opensearch-project/helm-charts/blob/opensearch-2.16.1/charts/opensearch/values.yaml | -| opensearch.enabled | bool | `false` | Enable or disable OpenSearch subchart | -| podAnnotations | object | `{}` | Configure annotations on Pods | -| podLabels | object | `{}` | Configure labels on Pods | -| podSecurityContext | object | `{}` | Defines privilege and access control settings for a Pod
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | -| rabbitmq | object | `{"auth":{"erlangCookie":"ChangeMe","password":"ChangeMe","username":"user"},"clustering":{"enabled":false},"enabled":true,"persistence":{"enabled":false},"replicaCount":1}` | RabbitMQ subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml | -| rabbitmq.enabled | bool | `true` | Enable or disable RabbitMQ subchart | -| readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Configure readinessProbe checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | -| readinessProbeCustom | object | `{}` | Custom readinessProbe | -| readyChecker | object | See below | Enable or disable ready-checker | -| readyChecker.enabled | bool | `true` | Enable or disable ready-checker | -| readyChecker.retries | int | `30` | Number of retries before giving up | -| readyChecker.services | list | `[{"name":"elasticsearch","port":9200},{"name":"minio","port":9000},{"name":"rabbitmq","port":5672},{"name":"redis-master","port":6379}]` | List services | -| readyChecker.timeout | int | `5` | Timeout for each check | -| redis | object | `{"architecture":"standalone","auth":{"enabled":false},"enabled":true,"master":{"count":1,"persistence":{"enabled":false}},"replica":{"persistence":{"enabled":false},"replicaCount":1}}` | Redis subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml | -| redis.enabled | bool | `true` | Enable or disable Redis subchart | -| replicaCount | int | `1` | Number of replicas for the service | -| resources | object | `{}` | The resources limits and requested
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | -| secrets | object | `{}` | Secrets values to create credentials and reference by envFromSecrets Generate Secret with following name: `-credentials` | -| securityContext | object | `{}` | Defines privilege and access control settings for a Container
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | -| service | object | `{"port":80,"targetPort":4000,"type":"ClusterIP"}` | Kubernetes service to expose Pod
Ref: https://kubernetes.io/docs/concepts/services-networking/service/ | -| service.port | int | `80` | Kubernetes Service port | -| service.targetPort | int | `4000` | Pod expose port | -| service.type | string | `"ClusterIP"` | Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP | -| serviceAccount | object | `{"annotations":{},"automountServiceAccountToken":false,"create":true,"name":""}` | Enable creation of ServiceAccount @default - See below | +| nameOverride | string | `""` | String to partially override opencti.fullname template (will maintain the release name) | +| networkPolicy | object | `{"egress":[],"enabled":false,"ingress":[],"policyTypes":[]}` | NetworkPolicy configuration
Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | +| networkPolicy.enabled | bool | `false` | Enable or disable NetworkPolicy | +| networkPolicy.policyTypes | list | `[]` | Policy types | +| nodeSelector | object | `{}` | Node labels for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | +| opensearch | object | `{"enabled":false,"opensearchJavaOpts":"-Xmx512M -Xms512M","persistence":{"enabled":false},"singleNode":true}` | OpenSearch subchart deployment
Ref: https://github.com/opensearch-project/helm-charts/blob/opensearch-2.16.1/charts/opensearch/values.yaml | +| opensearch.enabled | bool | `false` | Enable or disable OpenSearch subchart | +| podAnnotations | object | `{}` | Configure annotations on Pods | +| podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1,"minAvailable":null}` | Pod Disruption Budget
Ref: https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/ | +| podLabels | object | `{}` | Configure labels on Pods | +| podSecurityContext | object | `{}` | Defines privilege and access control settings for a Pod
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | +| rabbitmq | object | `{"auth":{"erlangCookie":"ChangeMe","password":"ChangeMe","username":"user"},"clustering":{"enabled":false},"enabled":true,"persistence":{"enabled":false},"replicaCount":1}` | RabbitMQ subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml | +| rabbitmq.enabled | bool | `true` | Enable or disable RabbitMQ subchart | +| readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Configure readinessProbe checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | +| readinessProbeCustom | object | `{}` | Custom readinessProbe | +| readyChecker | object | `{"enabled":true,"retries":30,"services":[{"name":"elasticsearch","port":9200},{"name":"minio","port":9000},{"name":"rabbitmq","port":5672},{"name":"redis-master","port":6379}],"timeout":5}` | Enable or disable ready-checker | +| readyChecker.enabled | bool | `true` | Enable or disable ready-checker | +| readyChecker.retries | int | `30` | Number of retries before giving up | +| readyChecker.services | list | `[{"name":"elasticsearch","port":9200},{"name":"minio","port":9000},{"name":"rabbitmq","port":5672},{"name":"redis-master","port":6379}]` | List services | +| readyChecker.timeout | int | `5` | Timeout for each check | +| redis | object | `{"architecture":"standalone","auth":{"enabled":false},"enabled":true,"master":{"count":1,"persistence":{"enabled":false}},"replica":{"persistence":{"enabled":false},"replicaCount":1}}` | Redis subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml | +| redis.enabled | bool | `true` | Enable or disable Redis subchart | +| replicaCount | int | `1` | Number of replicas for the service | +| resources | object | `{}` | The resources limits and requested
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | +| secrets | object | `{}` | Secrets values to create credentials and reference by envFromSecrets Generate Secret with following name: `-credentials` | +| securityContext | object | `{}` | Defines privilege and access control settings for a Container
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | +| service | object | `{"port":80,"targetPort":4000,"type":"ClusterIP"}` | Kubernetes service to expose Pod
Ref: https://kubernetes.io/docs/concepts/services-networking/service/ | +| service.port | int | `80` | Kubernetes Service port | +| service.targetPort | int | `4000` | Pod expose port | +| service.type | string | `"ClusterIP"` | Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP | +| serviceAccount | object | `{"annotations":{},"automountServiceAccountToken":false,"create":true,"name":""}` | Enable creation of ServiceAccount | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.automountServiceAccountToken | bool | `false` | Specifies if you don't want the kubelet to automatically mount a ServiceAccount's API credentials | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| serviceMonitor | object | `{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"}` | Enable ServiceMonitor to get metrics
Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor | +| serviceMonitor | object | `{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"}` | Enable ServiceMonitor to get metrics
Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor | | serviceMonitor.enabled | bool | `false` | Enable or disable | -| startupProbe | object | `{"enabled":true,"failureThreshold":30,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure startupProbe checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | -| startupProbeCustom | object | `{}` | Custom startupProbe | -| testConnection | bool | `false` | Enable or disable test connection | -| tolerations | list | `[]` | Tolerations for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | -| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition | -| volumes | list | `[]` | Additional volumes on the output Deployment definition | -| worker | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80},"enabled":true,"env":{"WORKER_LOG_LEVEL":"info","WORKER_TELEMETRY_ENABLED":true},"envFromSecrets":{},"image":{"pullPolicy":"IfNotPresent","repository":"opencti/worker","tag":""},"nodeSelector":{},"readyChecker":{"enabled":true,"retries":30,"timeout":5},"replicaCount":1,"resources":{},"serviceMonitor":{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"},"tolerations":[],"volumeMounts":[],"volumes":[]}` | OpenCTI worker deployment configuration
Ref: https://docs.opencti.io/latest/deployment/overview/#workers | -| worker.affinity | object | `{}` | Affinity for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | -| worker.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | -| worker.enabled | bool | `true` | Enable or disable worker | -| worker.env | object | `{"WORKER_LOG_LEVEL":"info","WORKER_TELEMETRY_ENABLED":true}` | Environment variables to configure application
Ref: https://docs.opencti.io/latest/deployment/configuration/#platform | -| worker.envFromSecrets | object | `{}` | Secrets from variables | -| worker.image | object | See below | Image registry configuration for the base service | -| worker.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image | -| worker.image.repository | string | `"opencti/worker"` | Repository of the image | -| worker.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| worker.nodeSelector | object | `{}` | Node labels for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | -| worker.readyChecker | object | See below | Enable or disable ready-checker waiting server is ready | -| worker.readyChecker.enabled | bool | `true` | Enable or disable ready-checker | -| worker.readyChecker.retries | int | `30` | Number of retries before giving up | -| worker.readyChecker.timeout | int | `5` | Timeout for each check | -| worker.replicaCount | int | `1` | Number of replicas for the service | -| worker.resources | object | `{}` | The resources limits and requested
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | -| worker.serviceMonitor | object | `{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"}` | Enable ServiceMonitor to get metrics
Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor | +| startupProbe | object | `{"enabled":true,"failureThreshold":30,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure startupProbe checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | +| startupProbeCustom | object | `{}` | Custom startupProbe | +| testConnection | bool | `false` | Enable or disable test connection | +| tolerations | list | `[]` | Tolerations for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | +| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition | +| volumes | list | `[]` | Additional volumes on the output Deployment definition | +| worker | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80},"enabled":true,"env":{"WORKER_LOG_LEVEL":"info","WORKER_TELEMETRY_ENABLED":true},"envFromSecrets":{},"image":{"pullPolicy":"IfNotPresent","repository":"opencti/worker","tag":""},"networkPolicy":{"egress":[],"enabled":false,"ingress":[],"policyTypes":[]},"nodeSelector":{},"podDisruptionBudget":{"enabled":false,"maxUnavailable":1,"minAvailable":null},"readyChecker":{"enabled":true,"retries":30,"timeout":5},"replicaCount":1,"resources":{},"serviceMonitor":{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"},"tolerations":[],"volumeMounts":[],"volumes":[]}` | OpenCTI worker deployment configuration
Ref: https://docs.opencti.io/latest/deployment/overview/#workers | +| worker.affinity | object | `{}` | Affinity for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | +| worker.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | +| worker.enabled | bool | `true` | Enable or disable worker | +| worker.env | object | `{"WORKER_LOG_LEVEL":"info","WORKER_TELEMETRY_ENABLED":true}` | Environment variables to configure application
Ref: https://docs.opencti.io/latest/deployment/configuration/#platform | +| worker.envFromSecrets | object | `{}` | Secrets from variables | +| worker.image | object | `{"pullPolicy":"IfNotPresent","repository":"opencti/worker","tag":""}` | Image registry configuration for the base service | +| worker.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image | +| worker.image.repository | string | `"opencti/worker"` | Repository of the image | +| worker.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | +| worker.networkPolicy | object | `{"egress":[],"enabled":false,"ingress":[],"policyTypes":[]}` | NetworkPolicy configuration
Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | +| worker.networkPolicy.enabled | bool | `false` | Enable or disable NetworkPolicy | +| worker.networkPolicy.policyTypes | list | `[]` | Policy types | +| worker.nodeSelector | object | `{}` | Node labels for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | +| worker.podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1,"minAvailable":null}` | Pod Disruption Budget
Ref: https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/ | +| worker.readyChecker | object | `{"enabled":true,"retries":30,"timeout":5}` | Enable or disable ready-checker waiting server is ready | +| worker.readyChecker.enabled | bool | `true` | Enable or disable ready-checker | +| worker.readyChecker.retries | int | `30` | Number of retries before giving up | +| worker.readyChecker.timeout | int | `5` | Timeout for each check | +| worker.replicaCount | int | `1` | Number of replicas for the service | +| worker.resources | object | `{}` | The resources limits and requested
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | +| worker.serviceMonitor | object | `{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"}` | Enable ServiceMonitor to get metrics
Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor | | worker.serviceMonitor.enabled | bool | `false` | Enable or disable | -| worker.tolerations | list | `[]` | Tolerations for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | -| worker.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition | -| worker.volumes | list | `[]` | Additional volumes on the output Deployment definition | +| worker.tolerations | list | `[]` | Tolerations for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | +| worker.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition | +| worker.volumes | list | `[]` | Additional volumes on the output Deployment definition | diff --git a/charts/opencti/ci/ci-common-values.yaml b/charts/opencti/ci/ci-common-values.yaml index 913416e..7054028 100644 --- a/charts/opencti/ci/ci-common-values.yaml +++ b/charts/opencti/ci/ci-common-values.yaml @@ -65,8 +65,11 @@ connectors: name: opencti-ci-credentials key: APP__ADMIN__TOKEN -serviceMonitor: - enabled: false +networkPolicy: + enabled: true + +podDisruptionBudget: + enabled: true autoscaling: enabled: true @@ -74,6 +77,12 @@ autoscaling: worker: enabled: true + podDisruptionBudget: + enabled: true + + networkPolicy: + enabled: true + autoscaling: enabled: true diff --git a/charts/opencti/templates/server/hpa.yaml b/charts/opencti/templates/server/hpa.yaml index 29ec890..7dc0774 100644 --- a/charts/opencti/templates/server/hpa.yaml +++ b/charts/opencti/templates/server/hpa.yaml @@ -4,6 +4,7 @@ kind: HorizontalPodAutoscaler metadata: name: {{ include "opencti.fullname" . }}-server labels: + opencti.component: server {{- include "opencti.labels" . | nindent 4 }} spec: scaleTargetRef: diff --git a/charts/opencti/templates/server/ingress.yaml b/charts/opencti/templates/server/ingress.yaml index d0a960d..df2c4c1 100644 --- a/charts/opencti/templates/server/ingress.yaml +++ b/charts/opencti/templates/server/ingress.yaml @@ -17,6 +17,7 @@ kind: Ingress metadata: name: {{ $fullName }} labels: + opencti.component: server {{- include "opencti.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: diff --git a/charts/opencti/templates/server/networkpolicy.yaml b/charts/opencti/templates/server/networkpolicy.yaml new file mode 100644 index 0000000..1ae049d --- /dev/null +++ b/charts/opencti/templates/server/networkpolicy.yaml @@ -0,0 +1,46 @@ +{{- if .Values.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "opencti.fullname" . }}-server + labels: + opencti.component: server + {{- include "opencti.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + opencti.component: server + {{- include "opencti.selectorLabels" . | nindent 6 }} + + {{- if .Values.networkPolicy.policyTypes }} + {{- with .Values.networkPolicy.policyTypes }} + policyTypes: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + policyTypes: + - Ingress + - Egress + {{- end }} + + {{- if .Values.networkPolicy.ingress }} + {{- with .Values.networkPolicy.ingress }} + ingress: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + ingress: + - {} + {{- end }} + + {{- if .Values.networkPolicy.egress }} + {{- with .Values.networkPolicy.egress }} + egress: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + egress: + - {} + {{- end }} + +{{- end }} diff --git a/charts/opencti/templates/server/poddisruptionbudget.yaml b/charts/opencti/templates/server/poddisruptionbudget.yaml new file mode 100644 index 0000000..2f54dac --- /dev/null +++ b/charts/opencti/templates/server/poddisruptionbudget.yaml @@ -0,0 +1,20 @@ +{{- if .Values.podDisruptionBudget.enabled -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "opencti.fullname" . }}-server + labels: + opencti.component: server + {{- include "opencti.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + opencti.component: server + {{- include "opencti.selectorLabels" . | nindent 6 }} + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} +{{- end -}} diff --git a/charts/opencti/templates/server/secret.yaml b/charts/opencti/templates/server/secret.yaml index 1618974..41e55ee 100644 --- a/charts/opencti/templates/server/secret.yaml +++ b/charts/opencti/templates/server/secret.yaml @@ -5,6 +5,7 @@ type: Opaque metadata: name: {{ include "opencti.fullname" . }}-credentials labels: + opencti.component: server {{- include "opencti.labels" . | nindent 4 }} annotations: helm.sh/hook: "pre-install,pre-upgrade" diff --git a/charts/opencti/templates/server/serviceaccount.yaml b/charts/opencti/templates/server/serviceaccount.yaml index 1b76a09..199a35e 100644 --- a/charts/opencti/templates/server/serviceaccount.yaml +++ b/charts/opencti/templates/server/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount metadata: name: {{ include "opencti.serviceAccountName" . }} labels: + opencti.component: server {{- include "opencti.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: diff --git a/charts/opencti/templates/server/servicemonitor.yaml b/charts/opencti/templates/server/servicemonitor.yaml index c2e2a31..eea61a7 100644 --- a/charts/opencti/templates/server/servicemonitor.yaml +++ b/charts/opencti/templates/server/servicemonitor.yaml @@ -4,10 +4,12 @@ kind: ServiceMonitor metadata: name: {{ include "opencti.fullname" . }}-server labels: + opencti.component: server {{- include "opencti.labels" . | nindent 4 }} spec: selector: matchLabels: + opencti.component: server {{- include "opencti.selectorLabels" . | nindent 8 }} endpoints: - port: metrics diff --git a/charts/opencti/templates/worker/hpa.yaml b/charts/opencti/templates/worker/hpa.yaml index 1c90754..b004a18 100644 --- a/charts/opencti/templates/worker/hpa.yaml +++ b/charts/opencti/templates/worker/hpa.yaml @@ -4,6 +4,7 @@ kind: HorizontalPodAutoscaler metadata: name: {{ include "opencti.fullname" . }}-worker labels: + opencti.component: worker {{- include "opencti.labels" . | nindent 4 }} spec: scaleTargetRef: diff --git a/charts/opencti/templates/worker/networkpolicy.yaml b/charts/opencti/templates/worker/networkpolicy.yaml new file mode 100644 index 0000000..be5e128 --- /dev/null +++ b/charts/opencti/templates/worker/networkpolicy.yaml @@ -0,0 +1,46 @@ +{{- if .Values.worker.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "opencti.fullname" . }}-worker + labels: + opencti.component: worker + {{- include "opencti.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + opencti.component: worker + {{- include "opencti.selectorLabels" . | nindent 6 }} + + {{- if .Values.worker.networkPolicy.policyTypes }} + {{- with .Values.worker.networkPolicy.policyTypes }} + policyTypes: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + policyTypes: + - Ingress + - Egress + {{- end }} + + {{- if .Values.worker.networkPolicy.ingress }} + {{- with .Values.worker.networkPolicy.ingress }} + ingress: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + ingress: + - {} + {{- end }} + + {{- if .Values.worker.networkPolicy.egress }} + {{- with .Values.worker.networkPolicy.egress }} + egress: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + egress: + - {} + {{- end }} + +{{- end }} diff --git a/charts/opencti/templates/worker/poddisruptionbudget.yaml b/charts/opencti/templates/worker/poddisruptionbudget.yaml new file mode 100644 index 0000000..e887e3e --- /dev/null +++ b/charts/opencti/templates/worker/poddisruptionbudget.yaml @@ -0,0 +1,20 @@ +{{- if .Values.worker.podDisruptionBudget.enabled -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "opencti.fullname" . }}-worker + labels: + opencti.component: worker + {{- include "opencti.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + opencti.component: worker + {{- include "opencti.selectorLabels" . | nindent 6 }} + {{- if .Values.worker.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.worker.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.worker.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.worker.podDisruptionBudget.maxUnavailable }} + {{- end }} +{{- end -}} diff --git a/charts/opencti/templates/worker/servicemonitor.yaml b/charts/opencti/templates/worker/servicemonitor.yaml index 3c3d4e1..55ffd2c 100644 --- a/charts/opencti/templates/worker/servicemonitor.yaml +++ b/charts/opencti/templates/worker/servicemonitor.yaml @@ -4,10 +4,12 @@ kind: ServiceMonitor metadata: name: {{ include "opencti.fullname" . }}-worker labels: + opencti.component: worker {{- include "opencti.labels" . | nindent 4 }} spec: selector: matchLabels: + opencti.component: worker {{- include "opencti.selectorLabels" . | nindent 8 }} endpoints: - port: metrics diff --git a/charts/opencti/values.yaml b/charts/opencti/values.yaml index 0f4aa63..a192683 100644 --- a/charts/opencti/values.yaml +++ b/charts/opencti/values.yaml @@ -1,51 +1,36 @@ # -- Global section contains configuration options that are applied to all services -# @default - See below -# global: # -- Specifies the registry to pull images from. Leave empty for the default registry - # imageRegistry: "" # -- Specifies the secrets to use for pulling images from private registries # Leave empty if no secrets are required # E.g. # imagePullSecrets: # - name: myRegistryKeySecretName - # imagePullSecrets: [] # -- Number of replicas for the service -# replicaCount: 1 # -- Image registry configuration for the base service -# @default -- See below -# image: # -- Repository of the image - # repository: opencti/platform # -- Pull policy for the image - # pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion - # tag: "" # -- String to partially override opencti.fullname template (will maintain the release name) -# nameOverride: "" # -- String to fully override opencti.fullname template -# fullnameOverride: "" # -- Global Docker registry secret names as an array -# imagePullSecrets: [] # -- Enable creation of ServiceAccount -# @default - See below -# serviceAccount: # -- Specifies whether a service account should be created create: true @@ -59,12 +44,10 @@ serviceAccount: automountServiceAccountToken: false # -- Enable or disable test connection -# testConnection: false # -- Environment variables to configure application #
Ref: https://docs.openbas.io/latest/deployment/configuration/#platform -# env: # APP OPENCTI APP__ADMIN__EMAIL: admin@opencti.io @@ -92,7 +75,6 @@ env: APP__HEALTH_ACCESS_KEY: ChangeMe # -- Secrets from variables -# envFromSecrets: {} # MY_VARIABLE: # name: -credentials @@ -100,34 +82,59 @@ envFromSecrets: {} # -- Secrets values to create credentials and reference by envFromSecrets # Generate Secret with following name: `-credentials` -# secrets: {} # -- Kubernetes service to expose Pod #
Ref: https://kubernetes.io/docs/concepts/services-networking/service/ -# service: # -- Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP - # type: ClusterIP # -- Kubernetes Service port - # port: 80 # -- NodePort port (only when type is NodePort) # nodePort: 32000 # -- Pod expose port - # targetPort: 4000 # -- Pod extra ports - # # extraPorts: # - name: metrics # port: 9080 # targetPort: 9080 +# -- NetworkPolicy configuration +#
Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +networkPolicy: + # -- Enable or disable NetworkPolicy + enabled: false + # -- Policy types + policyTypes: [] + # - Ingress + # - Egress + ingress: [] + # - from: + # - ipBlock: + # cidr: 172.17.0.0/16 + # except: + # - 172.17.1.0/24 + # - namespaceSelector: + # matchLabels: + # project: myproject + # - podSelector: + # matchLabels: + # role: frontend + # ports: + # - protocol: TCP + # port: 6379 + egress: [] + # - to: + # - ipBlock: + # cidr: 10.0.0.0/24 + # ports: + # - protocol: TCP + # port: 5978 + # -- Enable ServiceMonitor to get metrics #
Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor -# serviceMonitor: # -- Enable or disable enabled: false @@ -138,7 +145,6 @@ serviceMonitor: # -- Configure liveness checker #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes -# livenessProbe: enabled: true failureThreshold: 3 @@ -148,7 +154,6 @@ livenessProbe: timeoutSeconds: 5 # -- Custom livenessProbe -# livenessProbeCustom: {} # httpGet: # path: /dashboard @@ -161,7 +166,6 @@ livenessProbeCustom: {} # -- Configure readinessProbe checker #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes -# readinessProbe: enabled: true failureThreshold: 3 @@ -171,7 +175,6 @@ readinessProbe: timeoutSeconds: 1 # -- Custom readinessProbe -# readinessProbeCustom: {} # httpGet: # path: /dashboard @@ -184,7 +187,6 @@ readinessProbeCustom: {} # -- Configure startupProbe checker #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes -# startupProbe: enabled: true failureThreshold: 30 @@ -194,7 +196,6 @@ startupProbe: timeoutSeconds: 5 # -- Custom startupProbe -# startupProbeCustom: {} # httpGet: # path: /dashboard @@ -206,20 +207,15 @@ startupProbeCustom: {} # timeoutSeconds: 5 # -- Enable or disable ready-checker -# @default -- See below # readyChecker: # -- Enable or disable ready-checker - # enabled: true # -- Number of retries before giving up - # retries: 30 # -- Timeout for each check - # timeout: 5 # -- List services - # services: - name: elasticsearch port: 9200 @@ -231,24 +227,21 @@ readyChecker: port: 6379 # -- Configure annotations on Pods -# podAnnotations: {} # -- Configure labels on Pods -# podLabels: {} # -- Defines privilege and access control settings for a Pod #
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/ #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -# + podSecurityContext: {} # fsGroup: 2000 # -- Defines privilege and access control settings for a Container #
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/ #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -# securityContext: {} # capabilities: # drop: @@ -259,7 +252,6 @@ securityContext: {} # -- Ingress configuration to expose app #
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -# ingress: enabled: false className: "" @@ -278,7 +270,6 @@ ingress: # -- The resources limits and requested #
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -# resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -291,9 +282,15 @@ resources: {} # cpu: 1 # memory: 256Mi +# -- Pod Disruption Budget +#
Ref: https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/ +podDisruptionBudget: + enabled: false + maxUnavailable: 1 + minAvailable: + # -- Autoscaling with CPU or memory utilization percentage #
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ -# autoscaling: enabled: false minReplicas: 1 @@ -302,7 +299,6 @@ autoscaling: # targetMemoryUtilizationPercentage: 80 # -- Additional volumes on the output Deployment definition -# volumes: [] # - name: foo # secret: @@ -310,7 +306,6 @@ volumes: [] # optional: false # -- Additional volumeMounts on the output Deployment definition -# volumeMounts: [] # - name: foo # mountPath: "/etc/foo" @@ -318,27 +313,22 @@ volumeMounts: [] # -- Node labels for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector -# nodeSelector: {} # -- Tolerations for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ -# tolerations: [] # -- Affinity for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity -# affinity: {} # -- Connector Global environment -# connectorsGlobalEnv: {} # MY_VARIABLE: my_value # -- Connectors #
Ref: https://github.com/OpenCTI-Platform/connectors/tree/master -# connectors: [] # - name: connector-name # enabled: true @@ -394,62 +384,78 @@ connectors: [] # -- OpenCTI worker deployment configuration #
Ref: https://docs.opencti.io/latest/deployment/overview/#workers -# worker: # -- Enable or disable worker - # enabled: true # -- Number of replicas for the service - # replicaCount: 1 # -- Enable or disable ready-checker waiting server is ready - # @default -- See below - # readyChecker: # -- Enable or disable ready-checker - # enabled: true # -- Number of retries before giving up - # retries: 30 # -- Timeout for each check - # timeout: 5 # -- Image registry configuration for the base service - # @default -- See below - # image: # -- Repository of the image - # repository: opencti/worker # -- Pull policy for the image - # pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion - # tag: "" # -- Environment variables to configure application #
Ref: https://docs.opencti.io/latest/deployment/configuration/#platform - # env: WORKER_LOG_LEVEL: info # METRICS WORKER_TELEMETRY_ENABLED: true # -- Secrets from variables - # envFromSecrets: {} # MY_VARIABLE: # name: -credentials # key: secret_key + # -- NetworkPolicy configuration + #
Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + networkPolicy: + # -- Enable or disable NetworkPolicy + enabled: false + # -- Policy types + policyTypes: [] + # - Ingress + # - Egress + ingress: [] + # - from: + # - ipBlock: + # cidr: 172.17.0.0/16 + # except: + # - 172.17.1.0/24 + # - namespaceSelector: + # matchLabels: + # project: myproject + # - podSelector: + # matchLabels: + # role: frontend + # ports: + # - protocol: TCP + # port: 6379 + egress: [] + # - to: + # - ipBlock: + # cidr: 10.0.0.0/24 + # ports: + # - protocol: TCP + # port: 5978 + # -- Enable ServiceMonitor to get metrics #
Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor - # serviceMonitor: # -- Enable or disable enabled: false @@ -460,7 +466,6 @@ worker: # -- The resources limits and requested #
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - # resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -473,9 +478,15 @@ worker: # cpu: "100m" # memory: 56Mi + # -- Pod Disruption Budget + #
Ref: https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/ + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + minAvailable: + # -- Autoscaling with CPU or memory utilization percentage #
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ - # autoscaling: enabled: false minReplicas: 1 @@ -484,7 +495,6 @@ worker: # targetMemoryUtilizationPercentage: 80 # -- Additional volumes on the output Deployment definition - # volumes: [] # - name: foo # secret: @@ -492,7 +502,6 @@ worker: # optional: false # -- Additional volumeMounts on the output Deployment definition - # volumeMounts: [] # - name: foo # mountPath: "/etc/foo" @@ -500,69 +509,55 @@ worker: # -- Node labels for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector - # nodeSelector: {} # -- Tolerations for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ - # tolerations: [] # -- Affinity for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity - # affinity: {} # -- OpenSearch subchart deployment #
Ref: https://github.com/opensearch-project/helm-charts/blob/opensearch-2.16.1/charts/opensearch/values.yaml -# opensearch: # -- Enable or disable OpenSearch subchart - # enabled: false # OpenSearch Java options - # opensearchJavaOpts: "-Xmx512M -Xms512M" # If discovery.type in the opensearch configuration is set to "single-node", # this should be set to "true" # If "true", replicas will be forced to 1 - # singleNode: true # Enable persistence using Persistent Volume Claims #
Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - # persistence: enabled: false # -- ElasticSearch subchart deployment #
Ref: https://github.com/bitnami/charts/blob/main/bitnami/elasticsearch/values.yaml -# elasticsearch: # -- Enable or disable ElasticSearch subchart enabled: true # Kernel settings modifier image - # sysctlImage: # Enable kernel settings modifier image - # enabled: false # Elasticsearch cluster name - # clusterName: elastic # Extra variables - # extraEnvVars: - name: ES_JAVA_OPTS value: "-Xms512M -Xmx512M" # Master-eligible nodes parameters - # master: # Deploy the Elasticsearch master-eligible nodes as master-only nodes. Recommended for high-demand deployments. masterOnly: true @@ -570,152 +565,115 @@ elasticsearch: replicaCount: 1 # Enable persistence using Persistent Volume Claims #
Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - # persistence: # Enable persistence using a `PersistentVolumeClaim` - # enabled: false # Data-only nodes parameters - # + data: # Number of data-only replicas to deploy - # replicaCount: 1 # Enable persistence using Persistent Volume Claims #
Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - # persistence: # Enable persistence using a `PersistentVolumeClaim` - # enabled: false # Ingest-only nodes parameters - # ingest: # Enable ingest nodes - # enabled: false # Coordinating-only nodes parameters - # coordinating: # Number of coordinating-only replicas to deploy - # replicaCount: 0 # -- MinIO subchart deployment #
Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml -# minio: # -- Enable or disable MinIO subchart enabled: true # mode Minio server mode (`standalone` or `distributed`) #
Ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide - # mode: standalone + # Minio authentication parameters - # auth: # Minio root username - # rootUser: ChangeMe # Password for Minio root user - # rootPassword: ChangeMe # Enable persistence using Persistent Volume Claims #
Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - # persistence: # Enable MinIO data persistence using PVC. If false, use emptyDir - # enabled: false # -- RabbitMQ subchart deployment #
Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml -# rabbitmq: # -- Enable or disable RabbitMQ subchart - # enabled: true # Number of RabbitMQ replicas to deploy - # replicaCount: 1 # Clustering settings - # clustering: # Enable RabbitMQ clustering - # enabled: false # RabbitMQ Authentication parameters - # auth: # RabbitMQ application username #
Ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables - # username: user # RabbitMQ application password #
Ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables - # password: ChangeMe erlangCookie: ChangeMe # Persistence parameters - # persistence: # Enable RabbitMQ data persistence using PVC - # enabled: false # -- Redis subchart deployment #
Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml -# + redis: # -- Enable or disable Redis subchart - # enabled: true # Redis architecture. Allowed values: `standalone` or `replication` - # architecture: standalone # Redis Authentication parameters #
Ref: https://github.com/bitnami/containers/tree/main/bitnami/redis#setting-the-server-password-on-first-run - # auth: # Enable password authentication - # enabled: false # Redis master configuration parameters - # master: # Number of Redis master instances to deploy (experimental, requires additional configuration) - # count: 1 # Persistence parameters #
Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - # persistence: # Enable persistence on Redis master nodes using Persistent Volume Claims - # enabled: false # Redis replicas configuration parameters - # replica: # Number of Redis replicas to deploy - # replicaCount: 1 # Persistence parameters #
Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - # persistence: # Enable persistence on Redis master nodes using Persistent Volume Claims - # enabled: false