-
Notifications
You must be signed in to change notification settings - Fork 65
/
values.yaml
466 lines (402 loc) · 14.1 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
# Default values for Graylog.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
rbac:
# Specifies whether RBAC resources should be created
##
create: true
resources:
- pods
- secrets
serviceAccount:
# Specifies whether a ServiceAccount should be created
##
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
##
name:
## Service Account annotations
##
annotations: {}
tags:
# If true, this chart will install Elasticsearch from requirement dependencies
install-elasticsearch: true
# If true, this chart will install MongoDB replicaset from requirement dependencies
install-mongodb: true
## Enable only if your current release was migrated from helm2 (using 2to3 plugin).
##
## Because Kubernetes considers some StatefulSets fields/labels immutable,
## this flag preserves the values rendered by helm2. This allows helm3
## to upgrade the current release without a complete purge/reinstall.
##
## Further details: https://github.com/helm/charts/issues/20306
##
# helm2Compatibility: true
## Specify image pull secrets used in the deployment
imagePullSecrets: []
## imagePullSecrets:
## - name: some-registry
## - name: another-registry
graylog:
## Graylog image version
## Ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
## Important note: Official Graylog Docker image may replace the existing Docker image tags and cause some corrupt when starting the pod.
## Make sure you strict with the `x` version of Graylog where `x` is ${version}-${x}
##
image:
repository: "graylog/graylog:4.0.6-1"
pullPolicy: "IfNotPresent"
## Number of Graylog instance
##
replicas: 1
## Additional environment variables to be added to Graylog pods
##
env: {}
## Additional environment variables in raw yaml format
## - name: POD_IP
## valueFrom:
## fieldRef:
## fieldPath: status.podIP
## - name: SERVICE_8000_NAME
## value: servicename
envRaw: {}
## Run as privileged container
##
privileged: false
## Pod affinity
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node tolerations for node-exporter scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node labels for node-exporter pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to Graylog pods
##
podAnnotations: {}
persistence:
## If true, Graylog will create/use a Persistent Volume Claim
## If false, use emptyDir
##
enabled: true
## Graylog data Persistent Volume access modes
## Must match those of existing PV or dynamic provisioner
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
accessMode: ReadWriteOnce
## Graylog data Persistent Volume size
##
size: "20Gi"
## Graylog data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "ssd"
## Additional plugins you need to install on Graylog.
##
plugins: []
# - name: graylog-plugin-slack-notification-4.0.1.jar
# url: https://github.com/KongZ/graylog-plugin-slack-notification/releases/download/v4.0.1/graylog-plugin-slack-notification-4.0.1.jar
# - name: graylog-plugin-function-check-diff-1.0.1.jar
# url: https://github.com/KongZ/graylog-plugin-function-check-diff/releases/download/v1.0.1/graylog-plugin-function-check-diff-1.0.1.jar
# - name: graylog-plugin-google-cloud-pubsub-1.0.4.jar
# url: https://github.com/KongZ/graylog-plugin-google-cloud-pubsub/releases/download/v1.0.4/graylog-plugin-google-cloud-pubsub-1.0.4.jar
# - name: graylog-plugin-auth-sso-3.3.0.jar
# url: https://github.com/Graylog2/graylog-plugin-auth-sso/releases/download/3.3.0/graylog-plugin-auth-sso-3.3.0.jar
## Sidecar containers
##
sidecarContainers: []
## Additional init containers
##
extraInitContainers: []
## Additional volume mounts
##
extraVolumeMounts: []
## Additional volumes
##
extraVolumes: []
## A service for Graylog web interface
##
service:
type: ClusterIP
port: 9000
## Add additional ports for the service/statefulset to expose
##
ports: []
headless:
## Add suffix to headless service name
##
suffix: ""
master:
## Enable Graylog master service
##
enabled: true
## Graylog master service Ingress annotations
##
annotations: {}
## Graylog master service port.
##
port: 9000
## Additional input ports for receiving logs from servers
## Note: Name must be in IANA_SVC_NAME (at most 15 characters, matching regex [a-z0-9]([a-z0-9-]*[a-z0-9])* and it must contains at least one letter [a-z], hyphens cannot be adjacent to other hyphens)
## Note: Array must be sorted by port order
##
input: {}
# tcp:
# service:
# name: your-tcp-service-name
# type: LoadBalancer
# loadBalancerIP:
# ports:
# - name: gelf
# port: 12222
# udp:
# service:
# name: your-udp-service-name
# type: ClusterIP
# ports:
# - name: syslog
# port: 12222
tls:
## If true, Graylog server will run with TLS enabled
##
enabled: false
## TLS certificate key file
##
keyFile: /etc/graylog/server/server.key
## TLS certificate file
##
certFile: /etc/graylog/server/server.cert
## External URL to access Graylog at
##
externalUri: ""
## External URL is https ?
externalUriTLS: false
ingress:
## If true, Graylog server Ingress will be created
##
enabled: false
## Graylog server Ingress annotations
##
annotations: {}
## Graylog server Ingress labels
labels: {}
# labels:
# traffic-type: public
## Graylog server Ingress hostnames with optional path
## Must be provided if Ingress is enabled
## Note: Graylog does not support two URL. You can specify only single URL
##
hosts: []
# - graylog.yourdomain.com
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
extraPaths: []
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
## Graylog server Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls: []
# - secretName: graylog-server-tls
# hosts:
# - graylog.yourdomain.com
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
limits:
cpu: "1"
requests:
cpu: "500m"
memory: "1024Mi"
## Set Graylog Java heapsize. If this value empty, chart will allocate heapsize using `-XX:+UseCGroupMemoryLimitForHeap`
## ref: https://blogs.oracle.com/java-platform-group/java-se-support-for-docker-cpu-and-memory-limits
##
# heapSize: "1024g"
## RollingUpdate update strategy
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy: RollingUpdate
## Graylog server pod termination grace period
##
terminationGracePeriodSeconds: 120
metrics:
## If true, prometheus annotations will be attached
##
enabled: false
geoip:
## If true, Maxmind GeoLite2 will be installed to ${GRAYLOG_HOME}/geoip location
##
enabled: false
## If true, mmdbUri points to the URI where to find the DB
# https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/
mmdbUri: ""
## Graylog root user name
##
rootUsername: "admin"
## Graylog root password
## Defaults to a random 16-character alphanumeric string if not set
##
# rootPassword: ""
## Graylog root email
##
rootEmail: ""
## Graylog root timezone
##
rootTimezone: "UTC"
## Grayog existing root secret
##
existingRootSecret: ""
elasticsearch:
## Major version of the Elasticsearch version used.
## It is required by Graylog 4. See https://docs.graylog.org/en/4.0/pages/configuration/elasticsearch.html#available-elasticsearch-configuration-tunables
version: "6"
## List of Elasticsearch hosts Graylog should connect to.
## Need to be specified as a comma-separated list of valid URIs for the http ports of your elasticsearch nodes.
## If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that
## requires authentication.
##
# hosts: http://elasticsearch-client.graylog.svc.cluster.local:9200
hosts: ""
# Allow elasticsearch hosts to be fetched from a k8s secret
# {{ graylog.fullname }}-es will be used as uriSecretName if left empty
uriSecretName: ""
uriSecretKey: ""
uriSSL: false
mongodb:
## MongoDB connection string
## See https://docs.mongodb.com/manual/reference/connection-string/ for details
# uri: mongodb://user:pass@host1:27017,host2:27017,host3:27017/graylog?replicaSet=rs01
uri: ""
# Allow mongodb uri to be fetched from a k8s secret
# {{ graylog.fullname }}-headless will be used as uriSecretName if left empty
uriSecretName: ""
uriSecretKey: ""
## Increase this value according to the maximum connections your MongoDB server can handle from a single client
## if you encounter MongoDB connection problems.
##
maxConnections: 1000
transportEmail:
## If true, enable Email transport.
## See http://docs.graylog.org/en/3.0/pages/configuration/server.conf.html#email for detail
##
enabled: false
hostname: ""
port: 2587
useAuth: true
useTls: true
useSsl: false
authUsername: ""
authPassword: ""
subjectPrefix: "[graylog]"
fromEmail: ""
## Additional graylog config which is defined on `graylog.conf`.
## You can find a complete list of graylog config from http://docs.graylog.org/en/3.0/pages/configuration/server.conf.html
## Graylog config is written in Java properites format. Make sure you write it correctly.
##
# config: |
# elasticsearch_connect_timeout = 10s
# elasticsearch_socket_timeout = 60s
# elasticsearch_idle_timeout = -1s
journal:
## Sometime Graylog journal continually grow up or corrupt and cause Graylog unable to start.
## You need to clean up all journal files in order to run the Graylog.
## Change `graylog.journal.deleteBeforeStart` to `true` to delete all journal files before start
## Note: All uncommitted logs will be permanently DELETED when this value is true
##
deleteBeforeStart: false
## Maximum size of the graylog journal.
##
maxSize: 5gb
init:
## Init Container image
##
image:
repository: "alpine"
pullPolicy: "IfNotPresent"
## Set kubectl location to download and use on init-container. If the value is not set, the https://storage.googleapis.com/kubernetes-release/ will be used.
##
kubectlLocation: ""
## Set kubectl command version to download from https://storage.googleapis.com/kubernetes-release/. If the value is not set, default value is .Capabilities.KubeVersion.Version
##
# kubectlVersion: "v1.20"
# Additional environment variables to be added to Graylog initContainer
env: {}
# Configure resource requests and limits for the Graylog StatefulSet initContainer
resources: {}
## Additional server files will be deployed to /etc/graylog/server
## For example, you can put server certificates or authorized clients certificates here
##
serverFiles: {}
# server.key: |
# server.cert: |
## Configure whether Graylog pods should log in JSON (one event per line)
logInJson: false
## Specify a Bash script to run as Kubernetes Job (running on Alpine with curl and bash packages already installed).
## Useful for calling the API to pre-configure some aspect of Graylog, as in the example.
##
provisioner:
enabled: false
annotations: {}
useGraylogServiceAccount: false
# script: |
# json='{
# "username_header": "X-Auth-Request-User",
# "fullname_header": "X-Auth-Request-User",
# "email_header": "X-Auth-Request-Email",
# "default_group": "Admin",
# "auto_create_user": true,
# "require_trusted_proxies": true,
# "trusted_proxies": "0.0.0.0/0",
# "default_email_domain": "mydomain.com",
# "sync_roles": false,
# "roles_header": "Roles"
# }'
# curl -v -u "admin:$GRAYLOG_PASSWORD_SECRET" -X PUT --header 'Content-Type: application/json' --header 'X-Requested-By: localhost' --data-binary "${json}" http://graylog-master:9000/api/plugins/org.graylog.plugins.auth.sso/config
secret:
## Secret annotations
##
annotations: {}
options:
## Using search result highlighting will result in slightly higher resource consumption of searches.
allowHighlighting: false
## Do you want to allow searches with leading wildcards?
## This can be extremely resource hungry and should only be enabled with care.
allowLeadingWildcardSearches: false
## Specify Elasticsearch version from requirement dependencies. Ignore this seection if you install Elasticsearch manually.
## Note: Graylog 2.4 requires Elasticsearch version <= 5.6
elasticsearch:
image:
repository: "docker.elastic.co/elasticsearch/elasticsearch-oss"
tag: "6.8.13"
client:
replicas: 1
master:
replicas: 1
data:
replicas: 1
cluster:
env:
MINIMUM_MASTER_NODES: 1
xpackEnable: false
mongodb:
architecture: "replicaset"
useStatefulSet: true
replicaCount: 1
auth:
enabled: false