-
Notifications
You must be signed in to change notification settings - Fork 798
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Helm chart reference #3573
Comments
related to #2422 |
@ialejandro Thanks for your contribution :) OpenCTI officially uses ElasticSearch, not OpenSearch. Although both might work well with OpenCTI, I think it would be better to use Elastic as a dependency, or to provide the choice between the two and mention it. Documentation on how to use the chart will be great too. IIUC values need to be provided - the default values are not sufficient to blindly deploy OpenCTI using this chart. Would you be willing to contribute to such changes & to documentation on docs.opencti.io ( PRs can be provided to https://github.com/OpenCTI-Platform/docs ) ? What are the intended uses of role/rolebinding ? |
@sbocahu hi! sorry about #2422, i didnt find it. If I had known I would write there. Yes, I agree. Currently, we have OpenCTI running over OpenSearch 2.12.X. I didn't use Elasticsearch because of licensing issues (https://www.elastic.co/blog/licensing-change). Also, they have changed the Elasticsearch chart is deprecated (https://github.com/elastic/helm-charts) and they use an operator (https://github.com/elastic/cloud-on-k8s). BTW, we can consider the Bitnami option as I did Minio and RabbitMQ dependencies. I have to add more documentation on how to work with the Helm chart and, that with the defaults values, start the service properly. I'll work in this point. Yes, I would like to be able to help the project by contributing to the documentation without any problem. About the roles, I am doing some tests to see the stability of the OpenCTI service or I will need to create a cronjob to restart some connector every X time. Surely if it is stable, I will remove them manifests from the repository. I have opened the ticket just to get your opinion and see if there is a possibility to help you to develop an updated, scalable and clean Helm chart. |
Hi, Cool chart - it helped a lot for a deployment on k8s. As you stated, there are some default values missing and for the completeness, I will add them here. env:
APP__BASE_URL: "https://opencti.app"
ELASTICSEARCH__URL: "http://opensearch-cluster-master:9200"
MINIO__ENDPOINT: "opencti-minio"
RABBITMQ__HOSTNAME: "opencti-rabbitmq"
RABBITMQ__USERNAME: "user"
REDIS__HOSTNAME: "opencti-redis-master"
envFromSecrets:
MINIO__ACCESS_KEY:
name: opencti-minio
key: root-user
MINIO__SECRET_KEY:
name: opencti-minio
key: root-password
RABBITMQ__PASSWORD:
name: opencti-rabbitmq
key: rabbitmq-password
REDIS__PASSWORD:
name: opencti-redis
key: redis-password
APP__ADMIN__PASSWORD:
name: opencti
key: admin-password
APP__ADMIN__TOKEN:
name: opencti
key: admin-token
APP__ADMIN__TOKEN:
name: opencti
key: admin-token
worker:
env:
WORKER_LOG_LEVEL: INFO
envFromSecrets:
OPENCTI_TOKEN:
name: opencti
key: admin-token
opensearch:
enabled: true
singleNode: true
extraEnvs:
- name: "node.store.allow_mmap"
value: "false"
config:
opensearch.yml: |
cluster.name: opensearch-cluster
network.host: 0.0.0.0
discovery:
type: "single-node"
plugins:
security:
disabled: true
minio:
enabled: true
rabbitmq:
enabled: true
redis:
enabled: true
with this, you get a running opencti with this chart. If the project would upstream this, it would make alot deployments easier. |
@bpereto thanks a lot. I'll add Elasticsearch option and document all options. I need some time to complete it and pass linters (https://github.com/devops-ia/helm-charts/actions?page=4&query=opencti), but I'll write here with new news. |
@sbocahu I updated and pass (finally!!) the properly environment and configs with subcharts. Here is https://github.com/devops-ia/helm-charts/tree/main/charts/opencti and some docs: What do you think about it? It as a good idea creating a new repository in your organization to push changes? I open to change that you want. @bpereto maybe insterest you too! |
Use case
Update Helm chart reference on docs or create repo on OpenCTI-Platform org.
Current Workaround
N/A
Proposed Solution
I develop a new chart with best practices of Helm: https://github.com/devops-ia/helm-charts/tree/main/charts/opencti
Additional Information
You can use or fork it if you want. I recommend create a repo on OpenCTI-Platform org. Is very simple update the chart and maintain it.
If the feature request is approved, would you be willing to submit a PR?
Yes
The text was updated successfully, but these errors were encountered: