values.yaml

{{- if .Values.logging.enabled }}
{{- include "values-secret" (dict "root" $ "package" .Values.logging "name" "ek" "defaults" (include "bigbang.defaults.logging" .)) }}
{{- end }}

{{- define "bigbang.defaults.logging" -}}
# hostname is deprecated and replaced with domain. But if hostname exists then use it.
{{- $domainName := default .Values.domain .Values.hostname }}
hostname: {{ $domainName }}
domain: {{ $domainName }}

openshift: {{ .Values.openshift }}

imagePullPolicy: {{ .Values.imagePullPolicy }}

istio:
  enabled: {{ .Values.istio.enabled }}
  kibana:
    gateways:
    - istio-system/{{ default "public" .Values.logging.ingress.gateway }}

networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
  ingressLabels:
    {{- $gateway := default "public" .Values.logging.ingress.gateway }}
    {{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
    {{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}

{{- if and .Values.addons.mattermost.elasticsearch.enabled .Values.addons.mattermost.enabled }}
mattermost:
  enabled: true
{{- end }}

{{- with .Values.logging.sso }}
{{- if .enabled }}
sso:
  enabled: {{ .enabled }}
  client_id: {{ .client_id | quote }}
  client_secret: {{ .client_secret | default "no-secret" }}
  oidc:
    {{- if $.Values.logging.sso.oidc }}
    host: {{ .oidc.host | default $.Values.sso.oidc.host | quote }}
    realm: {{ .oidc.realm | default $.Values.sso.oidc.realm | quote }}
    {{- else }}
    host: {{ $.Values.sso.oidc.host | quote }}
    realm: {{ $.Values.sso.oidc.realm | quote }}
    {{- end }}
  {{- /* Optional fields should be nil checked */ -}}
  {{- list "issuer" .issuer | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "auth_url" .auth_url | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "token_url" .token_url | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "userinfo_url" .userinfo_url | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "jwkset_url" .jwkset_url | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "claims_principal" .claims_principal | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "claims_principal_pattern" .claims_principal_pattern | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "requested_scopes" .requested_scopes | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "signature_algorithm" .signature_algorithm | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "endsession_url" .endsession_url | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "claims_group" .claims_group | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "claims_mail" .claims_mail | include "bigbang.addValueIfSet" | indent 2 }}
  {{- list "cert_authorities" .cert_authorities | include "bigbang.addValueIfSet" | indent 2 }}
{{- end }}
{{- end }}

kibana:
  imagePullSecrets:
    - name: private-registry
{{- if .Values.istio.enabled }}
  podAnnotations:
    {{ include "istioAnnotation" . }}
{{- end }}

elasticsearch:
  imagePullSecrets:
    - name: private-registry
  master:
    initContainers:
      - name: elastic-internal-init-filesystem
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      - name: elastic-internal-suspend
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      {{- if .Values.logging.sso.enabled }}
      - name: elastic-internal-init-keystore
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      {{- end }}
    {{- if .Values.istio.enabled }}
    podAnnotations:
      {{ include "istioAnnotation" . }}
    {{- end }}
  data:
    initContainers:
      - name: elastic-internal-init-filesystem
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      - name: elastic-internal-suspend
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      {{- if .Values.logging.sso.enabled }}
      - name: elastic-internal-init-keystore
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      {{- end }}
    {{- if .Values.istio.enabled }}
    podAnnotations:
      {{ include "istioAnnotation" . }}
    {{- end }}
  ingest:
    initContainers:
      - name: elastic-internal-init-filesystem
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      - name: elastic-internal-suspend
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      {{- if .Values.logging.sso.enabled }}
      - name: elastic-internal-init-keystore
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      {{- end }}
    {{- if .Values.istio.enabled }}
    podAnnotations:
      {{ include "istioAnnotation" . }}
    {{- end }}
  ml:
    initContainers:
      - name: elastic-internal-init-filesystem
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      - name: elastic-internal-suspend
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      {{- if .Values.logging.sso.enabled }}
      - name: elastic-internal-init-keystore
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      {{- end }}
    {{- if .Values.istio.enabled }}
    podAnnotations:
      {{ include "istioAnnotation" . }}
    {{- end }}
  coord:
    initContainers:
      - name: elastic-internal-init-filesystem
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      - name: elastic-internal-suspend
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      {{- if .Values.logging.sso.enabled }}
      - name: elastic-internal-init-keystore
        securityContext:
          privileged: false
          capabilities:
            drop:
              - ALL
      {{- end }}
    {{- if .Values.istio.enabled }}
    podAnnotations:
      {{ include "istioAnnotation" . }}
    {{- end }}
{{- end -}}