2021-05-13 22:11:13 +00:00
# nameOverride is the short name for the deployment. Leave empty to let Helm generate a name using chart values.
nameOverride : "elastic-operator"
# fullnameOverride is the full name for the deployment. Leave empty to let Helm generate a name using chart values.
fullnameOverride : "elastic-operator"
# managedNamespaces is the set of namespaces that the operator manages. Leave empty to manage all namespaces.
managedNamespaces : [ ]
# installCRDs determines whether Custom Resource Definitions (CRD) are installed by the chart.
# Note that CRDs are global resources and require cluster admin privileges to install.
# If you are sharing a cluster with other users who may want to install ECK on their own namespaces, setting this to true can have unintended consequences.
# 1. Upgrades will overwrite the global CRDs and could disrupt the other users of ECK who may be running a different version.
# 2. Uninstalling the chart will delete the CRDs and potentially cause Elastic resources deployed by other users to be removed as well.
installCRDs : true
# replicaCount is the number of operator pods to run.
replicaCount : 1
image :
# repository is the container image prefixed by the registry name.
repository : docker.elastic.co/eck/eck-operator
# pullPolicy is the container image pull policy.
pullPolicy : IfNotPresent
# tag is the container image tag. If not defined, defaults to chart appVersion.
tag : null
# imagePullSecrets defines the secrets to use when pulling the operator container image.
imagePullSecrets : [ ]
# resources define the container resource limits for the operator.
resources :
limits :
cpu : 1
2022-04-29 18:22:20 +00:00
memory : 1Gi
2021-05-13 22:11:13 +00:00
requests :
cpu : 100m
memory : 150Mi
# podAnnotations define the annotations that should be added to the operator pod.
podAnnotations : {}
2021-06-30 10:32:37 +00:00
## podLabels define additional labels that should be added to the operator pod.
podLabels : {}
2021-05-13 22:11:13 +00:00
# podSecurityContext defines the pod security context for the operator pod.
podSecurityContext :
runAsNonRoot : true
# securityContext defines the security context of the operator container.
securityContext : {}
# nodeSelector defines the node selector for the operator pod.
nodeSelector : {}
# tolerations defines the node tolerations for the operator pod.
tolerations : [ ]
# affinity defines the node affinity rules for the operator pod.
affinity : {}
# additional environment variables for the operator container.
env : [ ]
# additional volume mounts for the operator container.
volumeMounts : [ ]
# additional volumes to add to the operator pod.
volumes : [ ]
# createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created.
createClusterScopedResources : true
serviceAccount :
# create specifies whether a service account should be created for the operator.
create : true
# annotations to add to the service account
annotations : {}
# name of the service account to use. If not set and create is true, a name is generated using the fullname template.
name : ""
tracing :
# enabled specifies whether APM tracing is enabled for the operator.
enabled : false
# config is a map of APM Server configuration variables that should be set in the environment.
config :
ELASTIC_APM_SERVER_URL : http://localhost:8200
ELASTIC_APM_SERVER_TIMEOUT : 30s
refs :
# enforceRBAC specifies whether RBAC should be enforced for cross-namespace associations between resources.
enforceRBAC : false
webhook :
# enabled determines whether the webhook is installed.
enabled : true
# caBundle is the PEM-encoded CA trust bundle for the webhook certificate. Only required if manageCerts is false and certManagerCert is null.
caBundle : Cg==
# certManagerCert is the name of the cert-manager certificate to use with the webhook.
certManagerCert : null
# certsDir is the directory to mount the certificates.
certsDir : "/tmp/k8s-webhook-server/serving-certs"
# failurePolicy of the webhook.
failurePolicy : Ignore
# manageCerts determines whether the operator manages the webhook certificates automatically.
manageCerts : true
# namespaceSelector corresponds to the namespaceSelector property of the webhook.
# Setting this restricts the webhook to act only on objects submitted to namespaces that match the selector.
namespaceSelector : {}
# objectSelector corresponds to the objectSelector property of the webhook.
# Setting this restricts the webhook to act only on objects that match the selector.
objectSelector : {}
softMultiTenancy :
# enabled determines whether the operator is installed with soft multi-tenancy extensions.
# This requires network policies to be enabled on the Kubernetes cluster.
enabled : false
# kubeAPIServerIP is required when softMultiTenancy is enabled.
kubeAPIServerIP : null
telemetry :
# disabled determines whether the operator periodically updates ECK telemetry data for Kibana to consume.
disabled : false
2022-04-29 18:22:20 +00:00
# distributionChannel denotes which distribution channel was used to install the operator.
2021-05-13 22:11:13 +00:00
distributionChannel : "helm"
# config values for the operator.
config :
# logVerbosity defines the logging level. Valid values are as follows:
# -2: Errors only
# -1: Errors and warnings
# 0: Errors, warnings, and information
# number greater than 0: Errors, warnings, information, and debug details.
logVerbosity : "0"
# metricsPort defines the port to expose operator metrics. Set to 0 to disable metrics reporting.
metricsPort : "0"
# containerRegistry to use for pulling Elasticsearch and other application container images.
containerRegistry : docker.elastic.co
# maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller.
maxConcurrentReconciles : "3"
# caValidity defines the validity period of the CA certificates generated by the operator.
caValidity : 8760h
# caRotateBefore defines when to rotate a CA certificate that is due to expire.
caRotateBefore : 24h
# certificatesValidity defines the validity period of certificates generated by the operator.
certificatesValidity : 8760h
# certificatesRotateBefore defines when to rotate a certificate that is due to expire.
certificatesRotateBefore : 24h
2022-04-29 18:22:20 +00:00
# exposedNodeLabels is an array of regular expressions of node labels which are allowed to be copied as annotations on Elasticsearch Pods.
exposedNodeLabels : [ "topology.kubernetes.io/.*" , "failure-domain.beta.kubernetes.io/.*" ]
2021-05-13 22:11:13 +00:00
# setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator.
2022-04-29 18:22:20 +00:00
# *note* that the default option now is "auto-detect" to attempt to set this properly automatically when both running
# in an openshift cluster, and a standard kubernetes cluster. Valid values are as follows:
# "auto-detect" : auto detect
# "true" : set pod security context when creating resources.
# "false" : do not set pod security context when creating resources.
setDefaultSecurityContext : "auto-detect"
2021-05-13 22:11:13 +00:00
# kubeClientTimeout sets the request timeout for Kubernetes API calls made by the operator.
kubeClientTimeout : 60s
# elasticsearchClientTimeout sets the request timeout for Elasticsearch API calls made by the operator.
elasticsearchClientTimeout : 180s
# validateStorageClass specifies whether storage classes volume expansion support should be verified.
# Can be disabled if cluster-wide storage class RBAC access is not available.
validateStorageClass : true
2021-06-30 10:32:37 +00:00
# Prometheus PodMonitor configuration
# Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor
podMonitor :
# enabled determines whether a podMonitor should deployed to scrape the eck metrics.
# This requires the prometheus operator and the config.metricsPort not to be 0
enabled : false
# labels adds additional labels to the podMonitor
labels : {}
# annotations adds additional annotations to the podMonitor
annotations : {}
# namespace determines in which namespace the podMonitor will be deployed.
2022-04-29 18:22:20 +00:00
# If not set the podMonitor will be created in the namespace where the Helm release is installed into
2021-06-30 10:32:37 +00:00
# namespace: monitoring
# interval specifies the interval at which metrics should be scraped
interval : 5m
# scrapeTimeout specifies the timeout after which the scrape is ended
scrapeTimeout : 30s
# podTargetLabels transfers labels on the Kubernetes Pod onto the target.
podTargetLabels : [ ]
# podMetricsEndpointConfig allows to add an extended configuration to the podMonitor
podMetricsEndpointConfig : {}
# honorTimestamps: true
2022-04-29 18:22:20 +00:00
# Globals meant for internal use only
global :
2021-05-13 22:11:13 +00:00
# manifestGen specifies whether the chart is running under manifest generator.
# This is used for tasks specific to generating the all-in-one.yaml file.
manifestGen : false
# createOperatorNamespace defines whether the operator namespace manifest should be generated when in manifestGen mode.
# Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests).
createOperatorNamespace : true
# kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml.
2022-04-29 18:22:20 +00:00
kubeVersion : 1.16 .0