Skip to content

DoD-Platform-One/elasticsearch-kibana

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

733 Commits

chart

chart

 
 

docs

docs

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

CODEOWNERS

CODEOWNERS

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

elasticsearch-kibana_sbom.json

elasticsearch-kibana_sbom.json

 
 

oscal-component.yaml

oscal-component.yaml

 
 

renovate.json

renovate.json

 
 

Repository files navigation

elasticsearch-kibana

Version: 1.15.0-bb.0 AppVersion: 8.13.4

Configurable Deployment of Elasticsearch and Kibana Custom Resources Wrapped Inside a Helm Chart.

Learn More

Pre-Requisites

  • Kubernetes Cluster deployed
  • Kubernetes config installed in ~/.kube/config
  • Helm installed

Install Helm

https://helm.sh/docs/intro/install/

Deployment

  • Clone down the repository
  • cd into directory
helm install elasticsearch-kibana chart/

Values

Key Type Default Description
domain string "bigbang.dev" Domain used for BigBang created exposed services.
autoRollingUpgrade.enabled bool false Enable BigBang specific autoRollingUpgrade support
imagePullPolicy string "IfNotPresent" Pull Policy for all non-init containers in this package.
fluentbit object {"enabled":false} Toggle for networkpolicies to allow fluentbit ingress
kibana.version string "8.13.4" Kibana version
kibana.image.repository string "registry1.dso.mil/ironbank/elastic/kibana/kibana" Kibana image repository
kibana.image.tag string "8.13.4" Kibana image tag
kibana.host string "" Kibana Ingress Host Value. Only required if not using Istio for ingress.
kibana.count int 3 Number of Kibana replicas
kibana.serviceAccountName string "logging-kibana" Name for serviceAccount to use, will be autocreated.
kibana.updateStrategy object {"rollingUpdate":{"maxUnavailable":1},"type":"rollingUpdate"} Kibana updateStrategy
kibana.securityContext object {"fsGroup":1000,"runAsGroup":1000,"runAsUser":1000} Set securityContext for Kibana pods
kibana.containersecurityContext.capabilities.drop[0] string "ALL"
kibana.imagePullSecrets list [] Kibana imagePullSecrets
kibana.resources object {"limits":{"cpu":1,"memory":"2Gi"},"requests":{"cpu":1,"memory":"2Gi"}} Kibana resources
kibana.volumes list [] Kibana volumes
kibana.volumeMounts list [] Kibana volumeMounts
kibana.podAnnotations object {} Kibana podAnnotations
kibana.affinity object {} Kibana affinity
kibana.tolerations list [] Kibana tolerations
kibana.nodeSelector object {} Kibana nodeSelector
kibana.lifecycle object {} Kibana lifecycle
kibana.agents object {} Kibana Elastic Agent / Fleet Server configuration https://www.elastic.co/guide/en/cloud-on-k8s/2.7/k8s-elastic-agent-fleet-quickstart.html
elasticsearch.version string "8.13.4" Elasticsearch version
elasticsearch.image.repository string "registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch" Elasticsearch image repository
elasticsearch.image.tag string "8.13.4" Elasticsearch image tag
elasticsearch.imagePullSecrets list [] Elasticsearch imagePullSecrets
elasticsearch.serviceAccountName string "logging-elasticsearch" Name for serviceAccount to use, will be autocreated.
elasticsearch.master.initContainers list [] Add init containers to master pods
elasticsearch.master.securityContext object {"fsGroup":1000,"runAsGroup":1000,"runAsUser":1000} Set securityContext for elasticsearch master node sets
elasticsearch.master.containersecurityContext.capabilities.drop[0] string "ALL"
elasticsearch.master.updateStrategy object {"rollingUpdate":{"maxUnavailable":1},"type":"rollingUpdate"} Elasticsearch master updateStrategy
elasticsearch.master.volumes list [] Elasticsearch master volumes
elasticsearch.master.volumeMounts list [] Elasticsearch master volumeMounts
elasticsearch.master.podAnnotations object {} Elasticsearch master podAnnotations
elasticsearch.master.affinity object {} Elasticsearch master affinity
elasticsearch.master.tolerations list [] Elasticsearch master tolerations
elasticsearch.master.nodeSelector object {} Elasticsearch master nodeSelector
elasticsearch.master.lifecycle object {} Elasticsearch master lifecycle
elasticsearch.master.count int 3 Elasticsearch master pod count
elasticsearch.master.persistence.storageClassName string "" Elasticsearch master persistence storageClassName
elasticsearch.master.persistence.size string "5Gi" Elasticsearch master persistence size
elasticsearch.master.resources object {"limits":{"cpu":1,"memory":"4Gi"},"requests":{"cpu":1,"memory":"4Gi"}} Elasticsearch master pod resources
elasticsearch.master.heap.min string "2g" Elasticsearch master Java heap Xms setting
elasticsearch.master.heap.max string "2g" Elasticsearch master Java heap Xmx setting
elasticsearch.data.initContainers list [] Add init containers to data pods
elasticsearch.data.securityContext object {"fsGroup":1000,"runAsGroup":1000,"runAsUser":1000} Set securityContext for elasticsearch data node sets
elasticsearch.data.containersecurityContext.capabilities.drop[0] string "ALL"
elasticsearch.data.volumes list [] Elasticsearch data volumes
elasticsearch.data.volumeMounts list [] Elasticsearch data volumeMounts
elasticsearch.data.podAnnotations object {} Elasticsearch data podAnnotations
elasticsearch.data.affinity object {} Elasticsearch data affinity
elasticsearch.data.tolerations list [] Elasticsearch data tolerations
elasticsearch.data.nodeSelector object {} Elasticsearch data nodeSelector
elasticsearch.data.lifecycle object {} Elasticsearch data lifecycle
elasticsearch.data.count int 4 Elasticsearch data pod count
elasticsearch.data.persistence.storageClassName string "" Elasticsearch data persistence storageClassName
elasticsearch.data.persistence.size string "100Gi" Elasticsearch data persistence size
elasticsearch.data.resources object {"limits":{"cpu":1,"memory":"4Gi"},"requests":{"cpu":1,"memory":"4Gi"}} Elasticsearch data pod resources
elasticsearch.data.heap.min string "2g" Elasticsearch data Java heap Xms setting
elasticsearch.data.heap.max string "2g" Elasticsearch data Java heap Xmx setting
elasticsearch.ingest.enabled bool false Enable ingest specific Elasticsearch pods
elasticsearch.ingest.initContainers list [] initContainers
elasticsearch.ingest.securityContext object {"fsGroup":1000,"runAsGroup":1000,"runAsUser":1000} Set securityContext for elasticsearch ingest node sets
elasticsearch.ingest.containersecurityContext.capabilities.drop[0] string "ALL"
elasticsearch.ingest.volumes list [] volumes
elasticsearch.ingest.volumeMounts list [] volumeMounts
elasticsearch.ingest.podAnnotations object {} podAnnotations
elasticsearch.ingest.affinity object {} affinity
elasticsearch.ingest.tolerations list [] tolerations
elasticsearch.ingest.nodeSelector object {} nodeSelector
elasticsearch.ingest.lifecycle object {} lifecycle
elasticsearch.ingest.count int 1 count
elasticsearch.ingest.persistence.storageClassName string "" storageClassName
elasticsearch.ingest.persistence.size string "100Gi" size
elasticsearch.ingest.resources object {"limits":{"cpu":1,"memory":"4Gi"},"requests":{"cpu":1,"memory":"4Gi"}} Elasticsearch ingest pod resources
elasticsearch.ingest.heap.min string "2g" Xms
elasticsearch.ingest.heap.max string "2g" Xmx
elasticsearch.ml.enabled bool false Enable Machine Learning specific Elasticsearch pods
elasticsearch.ml.initContainers list [] initContainers
elasticsearch.ml.securityContext object {"fsGroup":1000,"runAsGroup":1000,"runAsUser":1000} Set securityContext for elasticsearch ml node sets
elasticsearch.ml.containersecurityContext.capabilities.drop[0] string "ALL"
elasticsearch.ml.updateStrategy object {"rollingUpdate":{"maxUnavailable":1},"type":"rollingUpdate"} Elasticsearch ml updateStrategy
elasticsearch.ml.volumes list [] volumes
elasticsearch.ml.volumeMounts list [] volumeMounts
elasticsearch.ml.podAnnotations object {} podAnnotations
elasticsearch.ml.affinity object {} affinity
elasticsearch.ml.tolerations list [] tolerations
elasticsearch.ml.nodeSelector object {} nodeSelector
elasticsearch.ml.lifecycle object {} lifecycle
elasticsearch.ml.count int 1 count
elasticsearch.ml.persistence.storageClassName string "" storageClassName
elasticsearch.ml.persistence.size string "100Gi" size
elasticsearch.ml.resources object {"limits":{"cpu":1,"memory":"4Gi"},"requests":{"cpu":1,"memory":"4Gi"}} Elasticsearch ml pod resources
elasticsearch.ml.heap.min string "2g" Xms
elasticsearch.ml.heap.max string "2g" Xmx
elasticsearch.coord.enabled bool false Enable coordinating specific Elasticsearch pods
elasticsearch.coord.initContainers list [] initContainers
elasticsearch.coord.securityContext object {"fsGroup":1000,"runAsGroup":1000,"runAsUser":1000} Set securityContext for elasticsearch coordinating node sets
elasticsearch.coord.containersecurityContext.capabilities.drop[0] string "ALL"
elasticsearch.coord.updateStrategy object {"rollingUpdate":{"maxUnavailable":1},"type":"rollingUpdate"} Elasticsearch coord updateStrategy
elasticsearch.coord.volumes list [] volumes
elasticsearch.coord.volumeMounts list [] volumeMounts
elasticsearch.coord.podAnnotations object {} podAnnotations
elasticsearch.coord.affinity object {} affinity
elasticsearch.coord.tolerations list [] tolerations
elasticsearch.coord.nodeSelector object {} nodeSelector
elasticsearch.coord.lifecycle object {} lifecycle
elasticsearch.coord.count int 1 count
elasticsearch.coord.persistence.storageClassName string "" storageClassName
elasticsearch.coord.persistence.size string "100Gi" size
elasticsearch.coord.resources object {"limits":{"cpu":1,"memory":"4Gi"},"requests":{"cpu":1,"memory":"4Gi"}} Elasticsearch coord pod resources
elasticsearch.coord.heap.min string "2g" Xms
elasticsearch.coord.heap.max string "2g" Xmx
istio.enabled bool false Toggle istio interaction.
istio.hardened.enabled bool false
istio.hardened.customAuthorizationPolicies list []
istio.hardened.outboundTrafficPolicyMode string "REGISTRY_ONLY"
istio.hardened.customServiceEntries list []
istio.hardened.prometheus.enabled bool true
istio.hardened.prometheus.namespaces[0] string "monitoring"
istio.hardened.prometheus.principals[0] string "cluster.local/ns/monitoring/sa/monitoring-grafana"
istio.hardened.prometheus.principals[1] string "cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"
istio.hardened.prometheus.principals[2] string "cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"
istio.hardened.prometheus.principals[3] string "cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"
istio.hardened.prometheus.principals[4] string "cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"
istio.hardened.prometheus.principals[5] string "cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"
istio.hardened.fluentbit.enabled bool true
istio.hardened.fluentbit.namespaces[0] string "fluentbit"
istio.hardened.fluentbit.principals[0] string "cluster.local/ns/fluentbit/sa/fluentbit-fluent-bit"
istio.hardened.elasticOperator.enabled bool true
istio.hardened.elasticOperator.namespaces[0] string "eck-operator"
istio.hardened.elasticOperator.principals[0] string "cluster.local/ns/eck-operator/sa/elastic-operator"
istio.hardened.mattermost.enabled bool true
istio.hardened.mattermost.namespaces[0] string "mattermost"
istio.hardened.mattermost.principals[0] string "cluster.local/ns/mattermost/sa/mattermost"
istio.hardened.jaeger.enabled bool true
istio.hardened.jaeger.namespaces[0] string "jaeger"
istio.hardened.jaeger.principals[0] string "cluster.local/ns/jaeger/sa/default"
istio.hardened.jaeger.principals[1] string "cluster.local/ns/jaeger/sa/jaeger"
istio.hardened.jaeger.principals[2] string "cluster.local/ns/jaeger/sa/jaeger-instance"
istio.hardened.elasticsearch.enabled bool true
istio.hardened.elasticsearch.namespaces[0] string "logging"
istio.hardened.elasticsearch.principals[0] string "cluster.local/ns/logging/sa/logging-elasticsearch"
istio.mtls object {"mode":"STRICT"} Default EK peer authentication
istio.mtls.mode string "STRICT" STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
istio.elasticsearch.enabled bool false Toggle virtualService creation
istio.elasticsearch.annotations object {} Annotations for controls the gateway used/attached to the virtualService
istio.elasticsearch.labels object {} Labels for virtualService
istio.elasticsearch.gateways list ["istio-system/main"] Gateway(s) to apply virtualService routes to.
istio.elasticsearch.hosts list ["elasticsearch.{{ .Values.domain }}"] hosts for the virtualService
istio.kibana.enabled bool true Toggle virtualService creation
istio.kibana.annotations object {} Annotations for controls the gateway used/attached to the virtualService
istio.kibana.labels object {} Labels for virtualService
istio.kibana.gateways list ["istio-system/main"] Gateway(s) to apply virtualService routes to.
istio.kibana.hosts list ["kibana.{{ .Values.domain }}"] hosts for the virtualService
sso.enabled bool false Toggle SSO with Keycloak
sso.redirect_url string "" redirect_url defaults to .Values.istio.kibana.hosts[0] if not set.
sso.client_id string "platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kibana" client_id
sso.client_secret string "" OIDC client secret, can be empty for public client.
sso.oidc.host string "login.dso.mil" host
sso.oidc.realm string "baby-yoda" realm
sso.issuer string "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}" issuer
sso.auth_url string "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth" auth_url
sso.token_url string "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token" token_url
sso.userinfo_url string "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/userinfo" userinfo_url
sso.jwkset_url string "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/certs" jwks_url
sso.claims_principal string "preferred_username" claims_principal
sso.requested_scopes list ["openid"] requested_scopes
sso.signature_algorithm string "RS256" signature_algorithm
sso.endsession_url string "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout" endsession_url
sso.claims_group string "groups" claims_group
sso.claims_mail string "email" claims_mail
sso.claims_principal_pattern string "" claims_principal_pattern
sso.cert_authorities list [] cert_authorities
kibanaBasicAuth.enabled bool true Toggle this to turn off Kibana's built in auth and only allow SSO. Role mappings for SSO groups must be set up and SSO enabled before doing this.
networkPolicies.enabled bool false Toggle BigBang NetworkPolicy templates
networkPolicies.ingressLabels object {"app":"istio-ingressgateway","istio":"ingressgateway"} Istio Ingressgateway labels. passed down to NetworkPolicy to whitelist external access to app
networkPolicies.controlPlaneCidr string "0.0.0.0/0" See kubectl cluster-info and then resolve to IP
networkPolicies.additionalPolicies list []
upgradeJob.image.repository string "registry1.dso.mil/ironbank/big-bang/base" image repository for upgradeJob
upgradeJob.image.tag string "2.1.0" image tag for upgradeJob
monitoring.enabled bool false Toggle BigBang monitoring integration, controls serviceMonitor template
metrics.enabled bool false Toggle Prometheus ElasticSearch Exporter Installation
metrics.image object {"pullSecret":"private-registry"} Exporter imagePullSecrets
metrics.podSecurityContext object {"runAsGroup":1000} Pod securityContext
metrics.securityContext object {"runAsGroup":1000,"runAsUser":1000} Container securityContext
metrics.imagePullSecrets list []
metrics.serviceMonitor.scheme string ""
metrics.serviceMonitor.tlsConfig object {}
metrics.env object {"ES_USERNAME":"elastic"} Environment Variable Passthrough to set Auth for Exporter
metrics.extraEnvSecrets object {"ES_PASSWORD":{"key":"elastic","secret":"logging-ek-es-elastic-user"}} Environment Variable Secret Mount to set Auth for Exporter Replace with empty braces if you would like to use a an API_KEY
openshift bool false Openshift Container Platform Feature Toggle
mattermost.enabled bool false Mattermost integration toggle, controls mTLS exception and networkPolicies
bbtests.enabled bool false Big Bang CI/Dev toggle for helm tests
bbtests.cypress.artifacts bool true Toggle creation of cypress artifacts
bbtests.cypress.envs object {"cypress_expect_logs":"false","cypress_kibana_url":"https://logging-ek-kb-http:5601"} ENVs added to cypress test pods
bbtests.cypress.secretEnvs list [{"name":"cypress_elastic_password","valueFrom":{"secretKeyRef":{"key":"elastic","name":"logging-ek-es-elastic-user"}}}] ENVs added to cypress test pods from existing secrets
bbtests.scripts.image string "registry1.dso.mil/ironbank/stedolan/jq:1.7" image to use for script based tests
bbtests.scripts.envs object {"desired_version":"{{ .Values.elasticsearch.version }}","elasticsearch_host":"https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc.cluster.local:9200"} ENVs added to script test pods
bbtests.scripts.secretEnvs list [{"name":"ELASTIC_PASSWORD","valueFrom":{"secretKeyRef":{"key":"elastic","name":"logging-ek-es-elastic-user"}}}] ENVs added to script test pods from existing secrets

Contributing

Please see the contributing guide if you are interested in contributing.

About

Deployment of Elasticsearch and Kibana.

repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 23

+ 9 contributors

Languages