# nameOverride is the short name for the deployment. Leave empty to let Helm generate a name using chart values. nameOverride: "elastic-operator" # fullnameOverride is the full name for the deployment. Leave empty to let Helm generate a name using chart values. fullnameOverride: "elastic-operator" # managedNamespaces is the set of namespaces that the operator manages. Leave empty to manage all namespaces. managedNamespaces: [] # installCRDs determines whether Custom Resource Definitions (CRD) are installed by the chart. # Note that CRDs are global resources and require cluster admin privileges to install. # If you are sharing a cluster with other users who may want to install ECK on their own namespaces, setting this to true can have unintended consequences. # 1. Upgrades will overwrite the global CRDs and could disrupt the other users of ECK who may be running a different version. # 2. Uninstalling the chart will delete the CRDs and potentially cause Elastic resources deployed by other users to be removed as well. installCRDs: true # replicaCount is the number of operator pods to run. replicaCount: 1 image: # repository is the container image prefixed by the registry name. repository: docker.elastic.co/eck/eck-operator # pullPolicy is the container image pull policy. pullPolicy: IfNotPresent # tag is the container image tag. If not defined, defaults to chart appVersion. tag: null # imagePullSecrets defines the secrets to use when pulling the operator container image. imagePullSecrets: [] # resources define the container resource limits for the operator. resources: limits: cpu: 1 memory: 512Mi requests: cpu: 100m memory: 150Mi # podAnnotations define the annotations that should be added to the operator pod. podAnnotations: {} # podSecurityContext defines the pod security context for the operator pod. podSecurityContext: runAsNonRoot: true # securityContext defines the security context of the operator container. securityContext: {} # nodeSelector defines the node selector for the operator pod. nodeSelector: {} # tolerations defines the node tolerations for the operator pod. tolerations: [] # affinity defines the node affinity rules for the operator pod. affinity: {} # additional environment variables for the operator container. env: [] # additional volume mounts for the operator container. volumeMounts: [] # additional volumes to add to the operator pod. volumes: [] # createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created. createClusterScopedResources: true serviceAccount: # create specifies whether a service account should be created for the operator. create: true # annotations to add to the service account annotations: {} # name of the service account to use. If not set and create is true, a name is generated using the fullname template. name: "" tracing: # enabled specifies whether APM tracing is enabled for the operator. enabled: false # config is a map of APM Server configuration variables that should be set in the environment. config: ELASTIC_APM_SERVER_URL: http://localhost:8200 ELASTIC_APM_SERVER_TIMEOUT: 30s refs: # enforceRBAC specifies whether RBAC should be enforced for cross-namespace associations between resources. enforceRBAC: false webhook: # enabled determines whether the webhook is installed. enabled: true # caBundle is the PEM-encoded CA trust bundle for the webhook certificate. Only required if manageCerts is false and certManagerCert is null. caBundle: Cg== # certManagerCert is the name of the cert-manager certificate to use with the webhook. certManagerCert: null # certsDir is the directory to mount the certificates. certsDir: "/tmp/k8s-webhook-server/serving-certs" # failurePolicy of the webhook. failurePolicy: Ignore # manageCerts determines whether the operator manages the webhook certificates automatically. manageCerts: true # namespaceSelector corresponds to the namespaceSelector property of the webhook. # Setting this restricts the webhook to act only on objects submitted to namespaces that match the selector. namespaceSelector: {} # objectSelector corresponds to the objectSelector property of the webhook. # Setting this restricts the webhook to act only on objects that match the selector. objectSelector: {} softMultiTenancy: # enabled determines whether the operator is installed with soft multi-tenancy extensions. # This requires network policies to be enabled on the Kubernetes cluster. enabled: false # kubeAPIServerIP is required when softMultiTenancy is enabled. kubeAPIServerIP: null telemetry: # disabled determines whether the operator periodically updates ECK telemetry data for Kibana to consume. disabled: false # distibutionChannel denotes which distribution channel was used to install the operator. distributionChannel: "helm" # config values for the operator. config: # logVerbosity defines the logging level. Valid values are as follows: # -2: Errors only # -1: Errors and warnings # 0: Errors, warnings, and information # number greater than 0: Errors, warnings, information, and debug details. logVerbosity: "0" # metricsPort defines the port to expose operator metrics. Set to 0 to disable metrics reporting. metricsPort: "0" # containerRegistry to use for pulling Elasticsearch and other application container images. containerRegistry: docker.elastic.co # maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller. maxConcurrentReconciles: "3" # caValidity defines the validity period of the CA certificates generated by the operator. caValidity: 8760h # caRotateBefore defines when to rotate a CA certificate that is due to expire. caRotateBefore: 24h # certificatesValidity defines the validity period of certificates generated by the operator. certificatesValidity: 8760h # certificatesRotateBefore defines when to rotate a certificate that is due to expire. certificatesRotateBefore: 24h # setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator. setDefaultSecurityContext: true # kubeClientTimeout sets the request timeout for Kubernetes API calls made by the operator. kubeClientTimeout: 60s # elasticsearchClientTimeout sets the request timeout for Elasticsearch API calls made by the operator. elasticsearchClientTimeout: 180s # validateStorageClass specifies whether storage classes volume expansion support should be verified. # Can be disabled if cluster-wide storage class RBAC access is not available. validateStorageClass: true # Internal use only internal: # manifestGen specifies whether the chart is running under manifest generator. # This is used for tasks specific to generating the all-in-one.yaml file. manifestGen: false # createOperatorNamespace defines whether the operator namespace manifest should be generated when in manifestGen mode. # Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests). createOperatorNamespace: true # kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml. kubeVersion: 1.12.0