First commit

elastic-values.yml

@@ -0,0 +1,65 @@
+# Elasticsearch - single node with TLS on HTTP
+clusterName: "gravitee-es"
+nodeGroup: "master"
+
+replicas: 1
+minimumMasterNodes: 1
+
+# Mount the cert-manager-issued cert
+secretMounts:
+  - name: elasticsearch-tls
+    secretName: elasticsearch-tls
+    path: /usr/share/elasticsearch/config/tls
+    defaultMode: "0755"
+
+esConfig:
+  elasticsearch.yml: |
+    cluster.name: gravitee-es
+    network.host: 0.0.0.0
+    xpack.security.enabled: true
+    xpack.security.http.ssl.enabled: true
+    xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/tls/tls.crt
+    xpack.security.http.ssl.key: /usr/share/elasticsearch/config/tls/tls.key
+    xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/tls/ca.crt
+    xpack.security.transport.ssl.enabled: true
+    xpack.security.transport.ssl.verification_mode: certificate
+    xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/tls/tls.crt
+    xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/tls/tls.key
+    xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/tls/ca.crt
+
+# Tell the chart that HTTPS is in use for readiness probes
+protocol: https
+# Disable cert verification on probes (self-signed)
+readinessProbe:
+  exec:
+    command:
+      - bash
+      - -c
+      - |
+        curl -k -s --fail -u "elastic:${ELASTIC_PASSWORD}" https://127.0.0.1:9200/_cluster/health?local=true
+
+esJavaOpts: "-Xms512m -Xmx512m"
+
+resources:
+  requests:
+    cpu: 200m
+    memory: 1Gi
+  limits:
+    cpu: 1000m
+    memory: 2Gi
+
+volumeClaimTemplate:
+  accessModes: ["ReadWriteOnce"]
+  storageClassName: local-path
+  resources:
+    requests:
+      storage: 10Gi
+
+createCert: false
+
+sysctlInitContainer:
+  enabled: false
+
+service:
+  type: ClusterIP
+