# Elasticsearch - single node with TLS on HTTP
clusterName: "gravitee-es"
nodeGroup: "master"

replicas: 1
minimumMasterNodes: 1

# Mount the cert-manager-issued cert
secretMounts:
  - name: elasticsearch-tls
    secretName: elasticsearch-tls
    path: /usr/share/elasticsearch/config/tls
    defaultMode: "0755"

esConfig:
  elasticsearch.yml: |
    cluster.name: gravitee-es
    network.host: 0.0.0.0
    xpack.security.enabled: true
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/tls/tls.crt
    xpack.security.http.ssl.key: /usr/share/elasticsearch/config/tls/tls.key
    xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/tls/ca.crt
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/tls/tls.crt
    xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/tls/tls.key
    xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/tls/ca.crt

# Tell the chart that HTTPS is in use for readiness probes
protocol: https
# Disable cert verification on probes (self-signed)
readinessProbe:
  exec:
    command:
      - bash
      - -c
      - |
        curl -k -s --fail -u "elastic:${ELASTIC_PASSWORD}" https://127.0.0.1:9200/_cluster/health?local=true

esJavaOpts: "-Xms512m -Xmx512m"

resources:
  requests:
    cpu: 200m
    memory: 1Gi
  limits:
    cpu: 1000m
    memory: 2Gi

volumeClaimTemplate:
  accessModes: ["ReadWriteOnce"]
  storageClassName: local-path
  resources:
    requests:
      storage: 10Gi

createCert: false

sysctlInitContainer:
  enabled: false

service:
  type: ClusterIP