178 lines
7.2 KiB
YAML
178 lines
7.2 KiB
YAML
# nameOverride is the short name for the deployment. Leave empty to let Helm generate a name using chart values.
|
|
nameOverride: "elastic-operator"
|
|
|
|
# fullnameOverride is the full name for the deployment. Leave empty to let Helm generate a name using chart values.
|
|
fullnameOverride: "elastic-operator"
|
|
|
|
# managedNamespaces is the set of namespaces that the operator manages. Leave empty to manage all namespaces.
|
|
managedNamespaces: []
|
|
|
|
# installCRDs determines whether Custom Resource Definitions (CRD) are installed by the chart.
|
|
# Note that CRDs are global resources and require cluster admin privileges to install.
|
|
# If you are sharing a cluster with other users who may want to install ECK on their own namespaces, setting this to true can have unintended consequences.
|
|
# 1. Upgrades will overwrite the global CRDs and could disrupt the other users of ECK who may be running a different version.
|
|
# 2. Uninstalling the chart will delete the CRDs and potentially cause Elastic resources deployed by other users to be removed as well.
|
|
installCRDs: true
|
|
|
|
# replicaCount is the number of operator pods to run.
|
|
replicaCount: 1
|
|
|
|
image:
|
|
# repository is the container image prefixed by the registry name.
|
|
repository: docker.elastic.co/eck/eck-operator
|
|
# pullPolicy is the container image pull policy.
|
|
pullPolicy: IfNotPresent
|
|
# tag is the container image tag. If not defined, defaults to chart appVersion.
|
|
tag: null
|
|
|
|
# imagePullSecrets defines the secrets to use when pulling the operator container image.
|
|
imagePullSecrets: []
|
|
|
|
# resources define the container resource limits for the operator.
|
|
resources:
|
|
limits:
|
|
cpu: 1
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 150Mi
|
|
|
|
# podAnnotations define the annotations that should be added to the operator pod.
|
|
podAnnotations: {}
|
|
|
|
# podSecurityContext defines the pod security context for the operator pod.
|
|
podSecurityContext:
|
|
runAsNonRoot: true
|
|
|
|
# securityContext defines the security context of the operator container.
|
|
securityContext: {}
|
|
|
|
# nodeSelector defines the node selector for the operator pod.
|
|
nodeSelector: {}
|
|
|
|
# tolerations defines the node tolerations for the operator pod.
|
|
tolerations: []
|
|
|
|
# affinity defines the node affinity rules for the operator pod.
|
|
affinity: {}
|
|
|
|
# additional environment variables for the operator container.
|
|
env: []
|
|
|
|
# additional volume mounts for the operator container.
|
|
volumeMounts: []
|
|
|
|
# additional volumes to add to the operator pod.
|
|
volumes: []
|
|
|
|
# createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created.
|
|
createClusterScopedResources: true
|
|
|
|
serviceAccount:
|
|
# create specifies whether a service account should be created for the operator.
|
|
create: true
|
|
# annotations to add to the service account
|
|
annotations: {}
|
|
# name of the service account to use. If not set and create is true, a name is generated using the fullname template.
|
|
name: ""
|
|
|
|
tracing:
|
|
# enabled specifies whether APM tracing is enabled for the operator.
|
|
enabled: false
|
|
# config is a map of APM Server configuration variables that should be set in the environment.
|
|
config:
|
|
ELASTIC_APM_SERVER_URL: http://localhost:8200
|
|
ELASTIC_APM_SERVER_TIMEOUT: 30s
|
|
|
|
refs:
|
|
# enforceRBAC specifies whether RBAC should be enforced for cross-namespace associations between resources.
|
|
enforceRBAC: false
|
|
|
|
webhook:
|
|
# enabled determines whether the webhook is installed.
|
|
enabled: true
|
|
# caBundle is the PEM-encoded CA trust bundle for the webhook certificate. Only required if manageCerts is false and certManagerCert is null.
|
|
caBundle: Cg==
|
|
# certManagerCert is the name of the cert-manager certificate to use with the webhook.
|
|
certManagerCert: null
|
|
# certsDir is the directory to mount the certificates.
|
|
certsDir: "/tmp/k8s-webhook-server/serving-certs"
|
|
# failurePolicy of the webhook.
|
|
failurePolicy: Ignore
|
|
# manageCerts determines whether the operator manages the webhook certificates automatically.
|
|
manageCerts: true
|
|
# namespaceSelector corresponds to the namespaceSelector property of the webhook.
|
|
# Setting this restricts the webhook to act only on objects submitted to namespaces that match the selector.
|
|
namespaceSelector: {}
|
|
# objectSelector corresponds to the objectSelector property of the webhook.
|
|
# Setting this restricts the webhook to act only on objects that match the selector.
|
|
objectSelector: {}
|
|
|
|
softMultiTenancy:
|
|
# enabled determines whether the operator is installed with soft multi-tenancy extensions.
|
|
# This requires network policies to be enabled on the Kubernetes cluster.
|
|
enabled: false
|
|
|
|
# kubeAPIServerIP is required when softMultiTenancy is enabled.
|
|
kubeAPIServerIP: null
|
|
|
|
telemetry:
|
|
# disabled determines whether the operator periodically updates ECK telemetry data for Kibana to consume.
|
|
disabled: false
|
|
# distibutionChannel denotes which distribution channel was used to install the operator.
|
|
distributionChannel: "helm"
|
|
|
|
# config values for the operator.
|
|
config:
|
|
# logVerbosity defines the logging level. Valid values are as follows:
|
|
# -2: Errors only
|
|
# -1: Errors and warnings
|
|
# 0: Errors, warnings, and information
|
|
# number greater than 0: Errors, warnings, information, and debug details.
|
|
logVerbosity: "0"
|
|
|
|
# metricsPort defines the port to expose operator metrics. Set to 0 to disable metrics reporting.
|
|
metricsPort: "0"
|
|
|
|
# containerRegistry to use for pulling Elasticsearch and other application container images.
|
|
containerRegistry: docker.elastic.co
|
|
|
|
# maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller.
|
|
maxConcurrentReconciles: "3"
|
|
|
|
# caValidity defines the validity period of the CA certificates generated by the operator.
|
|
caValidity: 8760h
|
|
|
|
# caRotateBefore defines when to rotate a CA certificate that is due to expire.
|
|
caRotateBefore: 24h
|
|
|
|
# certificatesValidity defines the validity period of certificates generated by the operator.
|
|
certificatesValidity: 8760h
|
|
|
|
# certificatesRotateBefore defines when to rotate a certificate that is due to expire.
|
|
certificatesRotateBefore: 24h
|
|
|
|
# setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator.
|
|
setDefaultSecurityContext: true
|
|
|
|
# kubeClientTimeout sets the request timeout for Kubernetes API calls made by the operator.
|
|
kubeClientTimeout: 60s
|
|
|
|
# elasticsearchClientTimeout sets the request timeout for Elasticsearch API calls made by the operator.
|
|
elasticsearchClientTimeout: 180s
|
|
|
|
# validateStorageClass specifies whether storage classes volume expansion support should be verified.
|
|
# Can be disabled if cluster-wide storage class RBAC access is not available.
|
|
validateStorageClass: true
|
|
|
|
# Internal use only
|
|
internal:
|
|
# manifestGen specifies whether the chart is running under manifest generator.
|
|
# This is used for tasks specific to generating the all-in-one.yaml file.
|
|
manifestGen: false
|
|
# createOperatorNamespace defines whether the operator namespace manifest should be generated when in manifestGen mode.
|
|
# Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests).
|
|
createOperatorNamespace: true
|
|
# kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml.
|
|
kubeVersion: 1.12.0
|