-
Notifications
You must be signed in to change notification settings - Fork 2.3k
/
Copy pathelasticsearch.yml.j2
80 lines (67 loc) · 2.07 KB
/
elasticsearch.yml.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
cluster:
name: ${CLUSTER_NAME}
script:
inline: on
indexed: on
index:
number_of_shards: 1
number_of_replicas: 0
auto_expand_replicas: 0-2
unassigned.node_left.delayed_timeout: 2m
translog:
flush_threshold_size: 256mb
flush_threshold_period: 5m
node:
master: true
data: true
network:
host: 0.0.0.0
cloud:
kubernetes:
service: ${SERVICE_DNS}
namespace: ${NAMESPACE}
discovery:
type: kubernetes
zen.ping.multicast.enabled: false
gateway:
expected_master_nodes: ${NODE_QUORUM}
recover_after_nodes: ${RECOVER_AFTER_NODES}
expected_nodes: ${RECOVER_EXPECTED_NODES}
recover_after_time: ${RECOVER_AFTER_TIME}
io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"]
openshift.config:
use_common_data_model: true
project_index_prefix: "project"
time_field_name: "@timestamp"
openshift.searchguard:
keystore.path: /etc/elasticsearch/secret/admin.jks
truststore.path: /etc/elasticsearch/secret/searchguard.truststore
openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default ('false')}}
path:
data: /elasticsearch/persistent/${CLUSTER_NAME}/data
logs: /elasticsearch/${CLUSTER_NAME}/logs
work: /elasticsearch/${CLUSTER_NAME}/work
scripts: /elasticsearch/${CLUSTER_NAME}/scripts
searchguard:
authcz.admin_dn:
- CN=system.admin,OU=OpenShift,O=Logging
config_index_name: ".searchguard.${HOSTNAME}"
ssl:
transport:
enabled: true
enforce_hostname_verification: false
keystore_type: JKS
keystore_filepath: /etc/elasticsearch/secret/searchguard.key
keystore_password: kspass
truststore_type: JKS
truststore_filepath: /etc/elasticsearch/secret/searchguard.truststore
truststore_password: tspass
http:
enabled: true
keystore_type: JKS
keystore_filepath: /etc/elasticsearch/secret/key
keystore_password: kspass
clientauth_mode: OPTIONAL
truststore_type: JKS
truststore_filepath: /etc/elasticsearch/secret/truststore
truststore_password: tspass