summaryrefslogtreecommitdiffstats
path: root/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
blob: 9e04d5ae015195329536a07ddcea2878c1e62da7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
---
# Copyright © 2020  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Name of the Elasticsearch cluster.
# A node can only join a cluster when it shares its cluster.name with all the other nodes in the cluster.
# The default name is elasticsearch, but you should change it to an appropriate name which describes the
# purpose of the cluster.
#
## Default Elasticsearch configuration from elasticsearch-docker.
## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
#

cluster.name: "clamp-dashboard"
node.name: "cldash-es-node1"
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
# non-loopback address.
network.host: 0.0.0.0
#
# Set a custom port for HTTP: If required, default is 9200-9300
#
#http.port: $http.port
#
# For more information, consult the network module documentation.
# ----------------------------------- Paths ------------------------------------
#
# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
# In production, we should not keep this default to "/elasticsearch/data", as on upgrading Elasticsearch, directory structure
# may change & can deal to data loss.
path.data: /usr/share/elasticsearch/data
#
# Elasticsearch's log files location. In production, we should not keep this default to "/elasticsearch/logs",
# as on upgrading Elasticsearch, directory structure may change.
path.logs: /usr/share/elasticsearch/logs
#
# ----------------------------------- Memory -----------------------------------
#
# It is vitally important to the health of your node that none of the JVM is ever swapped out to disk.
# Lock the memory on startup.
#
bootstrap.memory_lock: false
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started
# To form a cluster with nodes on other servers, you have to provide a seed list of other nodes in the cluster
# that are likely to be live and contactable.
# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
# to connect to other nodes running on the same server.
# # minimum_master_nodes need to be explicitly set when bound on a public IP
# # set to 1 to allow single node clusters
# # Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
discovery.seed_hosts: []
# # Breaking change in 7.0
# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
cluster.initial_master_nodes:
    - cldash-es-node1
#    - docker-test-node-1
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
# Set a custom port for HTTP: If required, default is 9200-9300
# This is used for REST APIs
http.port: {{.Values.service.externalPort}}
# Port to bind for communication between nodes. Accepts a single value or a range.
# If a range is specified, the node will bind to the first available port in the range.
# Defaults to 9300-9400.
# More info:
transport.tcp.port: {{.Values.service.externalPort2}}

######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
{{- if .Values.global.aafEnabled }}
opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
{{- else }}
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
{{- end }}
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}

opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
  - CN=kirk,OU=client,O=client,L=test, C=de

opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
######## End OpenDistro for Elasticsearch Security Demo Configuration ########