## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "" ## @section Common parameters ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) ## kubeVersion: "" ## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) ## nameOverride: "" ## @param fullnameOverride String to fully override common.names.fullname template with a string ## fullnameOverride: "" ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] ## @section Kibana parameters ## Bitnami Kibana image version ## ref: https://hub.docker.com/r/bitnami/kibana/tags/ ## @param image.registry Kibana image registry ## @param image.repository Kibana image repository ## @param image.tag Kibana image tag (immutable tags are recommended) ## @param image.pullPolicy Kibana image pull policy ## @param image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: bitnami/kibana tag: 7.16.2-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param replicaCount Number of replicas of the Kibana Pod ## replicaCount: 1 ## @param updateStrategy.type Set up update strategy for Kibana installation. ## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods are destroyed first. ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## Example: ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: RollingUpdate ## @param schedulerName Alternative scheduler ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param plugins Array containing the Kibana plugins to be installed in deployment ## eg: ## plugins: ## - https://github.com/fbaligand/kibana-enhanced-table/releases/download/v1.5.0/enhanced-table-1.5.0_7.3.2.zip ## plugins: [] ## Saved objects to import (NDJSON format) ## savedObjects: ## @param savedObjects.urls Array containing links to NDJSON files to be imported during Kibana initialization ## e.g: ## urls: ## - www.example.com/dashboard.ndjson ## urls: [] ## @param savedObjects.configmap Configmap containing NDJSON files to be imported during Kibana initialization (evaluated as a template) ## configmap: "" ## @param extraConfiguration Extra settings to be added to the default kibana.yml configmap that the chart creates (unless replaced using `configurationCM`). Evaluated as a template ## extraConfiguration: {} ## @param configurationCM ConfigMap containing a kibana.yml file that will replace the default one specified in configuration.yaml ## configurationCM: "" ## @param extraEnvVars Array containing extra env vars to configure Kibana ## For example: ## extraEnvVars: ## - name: KIBANA_ELASTICSEARCH_URL ## value: test ## extraEnvVars: [] ## @param extraEnvVarsCM ConfigMap containing extra env vars to configure Kibana ## extraEnvVarsCM: "" ## @param extraEnvVarsSecret Secret containing extra env vars to configure Kibana (in case of sensitive data) ## extraEnvVarsSecret: "" ## @param extraVolumes Array to add extra volumes. Requires setting `extraVolumeMounts` ## extraVolumes: [] ## @param extraVolumeMounts Array to add extra mounts. Normally used with `extraVolumes` ## extraVolumeMounts: [] ## Init containers parameters: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## volumePermissions: ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) ## enabled: false ## @param volumePermissions.image.registry Init container volume-permissions image registry ## @param volumePermissions.image.repository Init container volume-permissions image name ## @param volumePermissions.image.tag Init container volume-permissions image tag ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets ## image: registry: docker.io repository: bitnami/bitnami-shell tag: 10-debian-10-r284 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param volumePermissions.resources Volume Permissions resources ## resources: ## requests: ## memory: 128Mi ## cpu: 100m resources: {} ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: ## @param persistence.enabled Enable persistence ## enabled: true ## @param persistence.storageClass Kibana data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "" ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` ## existingClaim: "" ## @param persistence.accessMode Access mode to the PV ## accessMode: ReadWriteOnce ## @param persistence.size Size for the PV ## size: 10Gi ## Configure extra options for liveness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## @param livenessProbe.enabled Enable/disable the Liveness probe ## @param livenessProbe.initialDelaySeconds Delay before liveness probe is initiated ## @param livenessProbe.periodSeconds How often to perform the probe ## @param livenessProbe.timeoutSeconds When the probe times out ## @param livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. ## @param livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. ## livenessProbe: enabled: true initialDelaySeconds: 120 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Configure extra options for readiness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## @param readinessProbe.enabled Enable/disable the Readiness probe ## @param readinessProbe.initialDelaySeconds Delay before readiness probe is initiated ## @param readinessProbe.periodSeconds How often to perform the probe ## @param readinessProbe.timeoutSeconds When the probe times out ## @param readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. ## @param readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. ## readinessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param forceInitScripts Force execution of init scripts ## forceInitScripts: false ## @param initScriptsCM Configmap with init scripts to execute ## initScriptsCM: "" ## @param initScriptsSecret Secret with init scripts to execute (for sensitive data) ## initScriptsSecret: "" ## Service configuration ## service: ## @param service.port Kubernetes Service port ## port: 5601 ## @param service.type Kubernetes Service type ## type: ClusterIP ## @param service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePort: "" ## @param service.externalTrafficPolicy Enable client source IP preservation ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Cluster ## @param service.annotations Annotations for Kibana service (evaluated as a template) ## This can be used to set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## annotations: {} ## @param service.labels Extra labels for Kibana service ## labels: {} ## @param service.loadBalancerIP loadBalancerIP if Kibana service type is `LoadBalancer` ## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer ## loadBalancerIP: "" ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) ## extraPorts: [] ## Configure the ingress resource that allows you to access the ## Kibana installation. Set up the URL ## ref: https://kubernetes.io/docs/user-guide/ingress/ ## ingress: ## @param ingress.enabled Enable ingress controller resource ## enabled: false ## DEPRECATED: Use ingress.annotations instead of ingress.certManager ## certManager: false ## ## @param ingress.pathType Ingress Path type ## pathType: ImplementationSpecific ## @param ingress.apiVersion Override API Version (automatically detected if not set) ## apiVersion: "" ## @param ingress.hostname Default host for the ingress resource. If specified as "*" no host rule is configured ## hostname: kibana.local ## @param ingress.path The Path to Kibana. You may need to set this to '/*' in order to use this with ALB ingress controllers. ## path: / ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it ## tls: false ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: kibana.local ## path: / ## extraHosts: [] ## @param ingress.extraPaths Additional arbitrary path/backend objects ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. ## extraPaths: ## - path: /* ## backend: ## serviceName: ssl-redirect ## servicePort: use-annotation ## extraPaths: [] ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - kibana.local ## secretName: kibana.local-tls ## extraTls: [] ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: kibana.local-tls ## key: ## certificate: ## secrets: [] ## @param serviceAccount.create Enable creation of ServiceAccount for Kibana ## @param serviceAccount.name Name of serviceAccount ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount serviceAccount: create: true name: "" annotations: {} ## @param containerPort Port to expose at container level ## containerPort: 5601 ## @param securityContext.enabled Enable securityContext on for Kibana deployment ## @param securityContext.fsGroup Group to configure permissions for volumes ## @param securityContext.runAsUser User for the security context ## @param securityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## securityContext: enabled: true runAsUser: 1001 fsGroup: 1001 runAsNonRoot: true ## Kibana resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param resources.limits The resources limits for the container ## @param resources.requests The requested resources for the container ## resources: ## Example: ## limits: ## cpu: 100m ## memory: 256Mi limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 256Mi requests: {} ## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## Allowed values: soft, hard ## nodeAffinityPreset: ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param nodeSelector Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param tolerations Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param podAnnotations Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param podLabels Extra labels to add to Pod ## podLabels: {} ## @param sidecars Attach additional containers to the pod ## e.g. ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param initContainers Add additional init containers to the pod ## e.g. ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param configuration [object] Kibana configuration ## configuration: server: basePath: "" rewriteBasePath: false ## Prometheus metrics (requires the kibana-prometheus-exporter plugin) ## metrics: ## @param metrics.enabled Start a side-car prometheus exporter ## enabled: false service: ## @param metrics.service.annotations [object] Prometheus annotations for the Kibana service ## annotations: prometheus.io/scrape: "true" prometheus.io/port: "80" prometheus.io/path: "_prometheus/metrics" ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) ## enabled: false ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running ## namespace: "" ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## interval: 10s ## interval: "" ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## scrapeTimeout: 10s ## scrapeTimeout: "" ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration ## e.g: ## selector: ## prometheus: my-prometheus ## # selector: # prometheus: my-prometheus selector: {} ## @section Kibana server TLS configuration ## tls: ## @param tls.enabled Enable SSL/TLS encryption for Kibana server (HTTPS) ## enabled: false ## @param tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates. ## autoGenerated: false ## @param tls.existingSecret Name of the existing secret containing Kibana server certificates ## existingSecret: "" ## @param tls.usePemCerts Use this variable if your secrets contain PEM certificates instead of PKCS12 ## Note: Ignored when using autoGenerated certs. ## usePemCerts: false ## @param tls.keyPassword Password to access the PEM key when it is password-protected. ## keyPassword: "" ## @param tls.keystorePassword Password to access the PKCS12 keystore when it is password-protected. ## keystorePassword: "" ## @param tls.passwordsSecret Name of a existing secret containing the Keystore or PEM key password ## passwordsSecret: "" ## @section Elasticsearch parameters ## elasticsearch: ## @param elasticsearch.hosts List of elasticsearch hosts to connect to. ## e.g: ## hosts: ## - elasticsearch-1 ## - elasticsearch-2 ## hosts: [] ## @param elasticsearch.port Elasticsearch port ## port: "" security: auth: ## @param elasticsearch.security.auth.enabled Set to 'true' if Elasticsearch has authentication enabled ## enabled: false ## @param elasticsearch.security.auth.kibanaUsername Kibana server user to authenticate with Elasticsearch ## kibanaUsername: "elastic" ## @param elasticsearch.security.auth.kibanaPassword Kibana server password to authenticate with Elasticsearch ## kibanaPassword: "" ## @param elasticsearch.security.auth.existingSecret Name of the existing secret containing the Password for the Kibana user ## existingSecret: "" tls: ## @param elasticsearch.security.tls.enabled Set to 'true' if Elasticsearch API uses TLS/SSL (HTTPS) ## enabled: false ## @param elasticsearch.security.tls.verificationMode Verification mode for SSL communications. ## Supported values: full, certificate, none. ## Ref: https://www.elastic.co/guide/en/kibana/7.x/settings.html#elasticsearch-ssl-verificationmode verificationMode: "full" ## @param elasticsearch.security.tls.existingSecret Name of the existing secret containing Elasticsearch Truststore or CA certificate. Required unless verificationMode=none ## existingSecret: "" ## @param elasticsearch.security.tls.usePemCerts Set to 'true' to use PEM certificates instead of PKCS12. ## usePemCerts: false ## @param elasticsearch.security.tls.truststorePassword Password to access the PKCS12 trustore in case it is password-protected. ## truststorePassword: "" ## @param elasticsearch.security.tls.passwordsSecret Name of a existing secret containing the Truststore password ## passwordsSecret: ""