logstash
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
15
## @param global.imageRegistry Global Docker image registry
16
## @param global.imagePullSecrets Global Docker registry secret names as an array
17
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
18
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
19
##
20
global:
21
imageRegistry: ""
22
## E.g.
23
## imagePullSecrets:
24
## - myRegistryKeySecretName
25
##
26
imagePullSecrets: []
27
defaultStorageClass: ""
28
storageClass: ""
29
## Security parameters
30
##
31
security:
32
## @param global.security.allowInsecureImages Allows skipping image verification
33
allowInsecureImages: false
34
## Compatibility adaptations for Kubernetes platforms
35
##
36
compatibility:
37
## Compatibility adaptations for Openshift
38
##
39
openshift:
40
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
41
##
42
adaptSecurityContext: auto
43
org: ""
44
## @section Common parameters
45
46
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
47
##
48
kubeVersion: ""
49
## @param nameOverride String to partially override logstash.fullname template (will maintain the release name)
50
##
51
nameOverride: ""
52
## @param fullnameOverride String to fully override logstash.fullname template
53
##
54
fullnameOverride: ""
55
## @param clusterDomain Default Kubernetes cluster domain
56
##
57
clusterDomain: cluster.local
58
## @param commonAnnotations Annotations to add to all deployed objects
59
##
60
commonAnnotations: {}
61
## @param commonLabels Labels to add to all deployed objects
62
##
63
commonLabels: {}
64
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template).
65
##
66
extraDeploy: []
67
## Enable diagnostic mode in the deployment
68
##
69
diagnosticMode:
70
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
71
##
72
enabled: false
73
## @param diagnosticMode.command Command to override all containers in the deployment
74
##
75
command:
76
- sleep
77
## @param diagnosticMode.args Args to override all containers in the deployment
78
##
79
args:
80
- infinity
81
## @section Logstash parameters
82
83
## Iamguarded Logstash image
84
## ref: https://hub.docker.com/r/iamguarded/logstash/tags/
85
## @param image.registry [default: REGISTRY_NAME] Logstash image registry
86
## @param image.repository [default: REPOSITORY_NAME/logstash] Logstash image repository
87
## @skip image.tag Logstash image tag (immutable tags are recommended)
88
## @param image.digest Logstash image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
89
## @param image.pullPolicy Logstash image pull policy
90
## @param image.pullSecrets Specify docker-registry secret names as an array
91
## @param image.debug Specify if debug logs should be enabled
92
##
93
image:
94
registry: cgr.dev
95
repository: chainguard-private/logstash-iamguarded
96
tag: 9.3.1
97
digest: ""
98
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
99
##
100
pullPolicy: IfNotPresent
101
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
102
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
103
## Example:
104
## pullSecrets:
105
## - myRegistryKeySecretName
106
##
107
pullSecrets: []
108
## Set to true if you would like to see extra information on logs
109
##
110
debug: false
111
## @param automountServiceAccountToken Mount Service Account token in pod
112
##
113
automountServiceAccountToken: false
114
## @param hostAliases Add deployment host aliases
115
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
116
##
117
hostAliases: []
118
## @param configFileName Logstash configuration file name. It must match the name of the configuration file mounted as a configmap.
119
##
120
configFileName: logstash.conf
121
## @param enableMonitoringAPI Whether to enable the Logstash Monitoring API or not Kubernetes cluster domain
122
##
123
enableMonitoringAPI: true
124
## @param monitoringAPIPort Logstash Monitoring API Port
125
##
126
monitoringAPIPort: 9600
127
## @param extraEnvVars Array containing extra env vars to configure Logstash
128
## For example:
129
## extraEnvVars:
130
## - name: ELASTICSEARCH_HOST
131
## value: "x.y.z"
132
##
133
extraEnvVars: []
134
## @param extraEnvVarsSecret To add secrets to environment
135
##
136
extraEnvVarsSecret: ""
137
## @param extraEnvVarsCM To add configmaps to environment
138
##
139
extraEnvVarsCM: ""
140
## @param input [string] Input Plugins configuration
141
## ref: https://www.elastic.co/guide/en/logstash/current/input-plugins.html
142
##
143
input: |-
144
# udp {
145
# port => 1514
146
# type => syslog
147
# }
148
# tcp {
149
# port => 1514
150
# type => syslog
151
# }
152
http { port => 8080 }
153
## @param extraInput [string] Extra Input Plugins configuration
154
## ref: https://www.elastic.co/guide/en/logstash/current/input-plugins.html
155
##
156
extraInput: ""
157
## @param filter Filter Plugins configuration
158
## ref: https://www.elastic.co/guide/en/logstash/current/filter-plugins.html
159
## e.g:
160
## filter: |-
161
## grok {
162
## match => { "message" => "%{COMBINEDAPACHELOG}" }
163
## }
164
## date {
165
## match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
166
## }
167
##
168
filter: ""
169
## @param output [string] Output Plugins configuration
170
## ref: https://www.elastic.co/guide/en/logstash/current/output-plugins.html
171
##
172
output: |-
173
# elasticsearch {
174
# hosts => ["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"]
175
# manage_template => false
176
# index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
177
# }
178
# gelf {
179
# host => "${GRAYLOG_HOST}"
180
# port => ${GRAYLOG_PORT}
181
# }
182
stdout {}
183
## @param existingConfiguration Name of existing ConfigMap object with the Logstash configuration (`input`, `filter`, and `output` will be ignored).
184
##
185
existingConfiguration: ""
186
## @param extraConfigurationFiles Extra configuration files to be added to the configuration ConfigMap and mounted at /iamguarded/logstash/config. Rendered as a template.
187
## NOTE: Mounting logstash.yml may cause other settings to be ignored
188
## E.g.:
189
## extraConfigurationFiles:
190
## logstash.yml: |
191
## path.data: {{ .Values.persistence.mountPath }}
192
## api.http.host: 0.0.0.0
193
## api.http.port: {{ .Values.monitoringAPIPort | quote }}
194
##
195
extraConfigurationFiles: {}
196
## @param enableMultiplePipelines Allows user to use multiple pipelines
197
## ref: https://www.elastic.co/guide/en/logstash/master/multiple-pipelines.html
198
##
199
enableMultiplePipelines: false
200
## @param extraVolumes Array to add extra volumes (evaluated as a template)
201
## extraVolumes:
202
## - name: myvolume
203
## configMap:
204
## name: myconfigmap
205
##
206
extraVolumes: []
207
## @param extraVolumeMounts Array to add extra mounts (normally used with extraVolumes, evaluated as a template)
208
## extraVolumeMounts:
209
## - mountPath: /opt/iamguarded/desired-path
210
## name: myvolume
211
## readOnly: true
212
##
213
extraVolumeMounts: []
214
## ServiceAccount for Logstash
215
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
216
##
217
serviceAccount:
218
## @param serviceAccount.create Enable creation of ServiceAccount for Logstash pods
219
##
220
create: true
221
## @param serviceAccount.name The name of the service account to use. If not set and `create` is `true`, a name is generated
222
## If not set and create is true, a name is generated using the logstash.serviceAccountName template
223
##
224
name: ""
225
## @param serviceAccount.automountServiceAccountToken Allows automount of ServiceAccountToken on the serviceAccount created
226
## Can be set to false if pods using this serviceAccount do not need to use K8s API
227
##
228
automountServiceAccountToken: false
229
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
230
##
231
annotations: {}
232
## @param containerPorts [array] Array containing the ports to open in the Logstash container (evaluated as a template)
233
##
234
containerPorts:
235
- name: http
236
containerPort: 8080
237
protocol: TCP
238
## - name: syslog-udp
239
## containerPort: 1514
240
## protocol: UDP
241
## - name: syslog-tcp
242
## containerPort: 1514
243
## protocol: TCP
244
##
245
## @param extraContainerPorts [array] Array containing extra ports to open in the Logstash container (evaluated as a template)
246
##
247
extraContainerPorts: []
248
## - name: syslog-udp
249
## containerPort: 1514
250
## protocol: UDP
251
## - name: syslog-tcp
252
## containerPort: 1514
253
## protocol: TCP
254
##
255
## @param initContainers Add additional init containers to the Logstash pod(s)
256
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
257
## e.g:
258
## initContainers:
259
## - name: your-image-name
260
## image: your-image
261
## imagePullPolicy: Always
262
## command: ['sh', '-c', 'echo "hello world"']
263
##
264
initContainers: []
265
## @param sidecars Add additional sidecar containers to the Logstash pod(s)
266
## e.g:
267
## sidecars:
268
## - name: your-image-name
269
## image: your-image
270
## imagePullPolicy: Always
271
## ports:
272
## - name: portname
273
## containerPort: 1234
274
##
275
sidecars: []
276
## @param replicaCount Number of Logstash replicas to deploy
277
##
278
replicaCount: 1
279
## @param updateStrategy.type Update strategy type (`RollingUpdate`, or `OnDelete`)
280
## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets
281
##
282
updateStrategy:
283
type: RollingUpdate
284
## @param podManagementPolicy Pod management policy
285
## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
286
##
287
podManagementPolicy: OrderedReady
288
## @param podAnnotations Pod annotations
289
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
290
##
291
podAnnotations: {}
292
## @param podLabels Extra labels for Logstash pods
293
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
294
##
295
podLabels: {}
296
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
297
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
298
##
299
podAffinityPreset: ""
300
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
301
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
302
##
303
podAntiAffinityPreset: soft
304
## Node affinity preset
305
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
306
##
307
nodeAffinityPreset:
308
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
309
##
310
type: ""
311
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
312
## E.g.
313
## key: "kubernetes.io/e2e-az-name"
314
##
315
key: ""
316
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
317
## E.g.
318
## values:
319
## - e2e-az1
320
## - e2e-az2
321
##
322
values: []
323
## @param affinity Affinity for pod assignment
324
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
325
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
326
##
327
affinity: {}
328
## @param nodeSelector Node labels for pod assignment
329
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
330
##
331
nodeSelector: {}
332
## @param tolerations Tolerations for pod assignment
333
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
334
##
335
tolerations: []
336
## @param priorityClassName Pod priority
337
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
338
##
339
priorityClassName: ""
340
## @param schedulerName Name of the k8s scheduler (other than default)
341
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
342
##
343
schedulerName: ""
344
## @param terminationGracePeriodSeconds In seconds, time the given to the Logstash pod needs to terminate gracefully
345
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
346
##
347
terminationGracePeriodSeconds: ""
348
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
349
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
350
## The value is evaluated as a template
351
##
352
topologySpreadConstraints: []
353
## K8s Security Context for Logstash pods
354
## Configure Pods Security Context
355
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
356
## @param podSecurityContext.enabled Enabled Logstash pods' Security Context
357
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
358
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
359
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
360
## @param podSecurityContext.fsGroup Set Logstash pod's Security Context fsGroup
361
##
362
podSecurityContext:
363
enabled: true
364
fsGroupChangePolicy: Always
365
sysctls: []
366
supplementalGroups: []
367
fsGroup: 1001
368
## Configure Container Security Context
369
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
370
## @param containerSecurityContext.enabled Enabled containers' Security Context
371
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
372
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
373
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
374
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
375
## @param containerSecurityContext.privileged Set container's Security Context privileged
376
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
377
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
378
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
379
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
380
##
381
containerSecurityContext:
382
enabled: true
383
seLinuxOptions: {}
384
runAsUser: 1001
385
runAsGroup: 1001
386
runAsNonRoot: true
387
privileged: false
388
readOnlyRootFilesystem: true
389
allowPrivilegeEscalation: false
390
capabilities:
391
drop: ["ALL"]
392
seccompProfile:
393
type: "RuntimeDefault"
394
## @param command Override default container command (useful when using custom images)
395
##
396
command: []
397
## @param args Override default container args (useful when using custom images)
398
##
399
args: []
400
## @param lifecycleHooks for the Logstash container(s) to automate configuration before or after startup
401
##
402
lifecycleHooks: {}
403
## Logstash containers' resource requests and limits
404
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
405
## We usually recommend not to specify default resources and to leave this as a conscious
406
## choice for the user. This also increases chances charts run on environments with little
407
## resources, such as Minikube. If you do want to specify resources, uncomment the following
408
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
409
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
410
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
411
##
412
resourcesPreset: "small"
413
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
414
## Example:
415
## resources:
416
## requests:
417
## cpu: 2
418
## memory: 512Mi
419
## limits:
420
## cpu: 3
421
## memory: 1024Mi
422
##
423
resources: {}
424
## Configure extra options for Logstash containers' liveness, readiness and startup probes
425
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
426
## @param startupProbe.enabled Enable startupProbe
427
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
428
## @param startupProbe.periodSeconds Period seconds for startupProbe
429
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
430
## @param startupProbe.failureThreshold Failure threshold for startupProbe
431
## @param startupProbe.successThreshold Success threshold for startupProbe
432
##
433
startupProbe:
434
enabled: false
435
initialDelaySeconds: 60
436
periodSeconds: 10
437
timeoutSeconds: 5
438
successThreshold: 1
439
failureThreshold: 6
440
## @param livenessProbe.enabled Enable livenessProbe
441
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
442
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
443
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
444
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
445
## @param livenessProbe.successThreshold Success threshold for livenessProbe
446
##
447
livenessProbe:
448
enabled: true
449
initialDelaySeconds: 60
450
periodSeconds: 10
451
timeoutSeconds: 5
452
successThreshold: 1
453
failureThreshold: 6
454
## @param readinessProbe.enabled Enable readinessProbe
455
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
456
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
457
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
458
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
459
## @param readinessProbe.successThreshold Success threshold for readinessProbe
460
##
461
readinessProbe:
462
enabled: true
463
initialDelaySeconds: 60
464
periodSeconds: 10
465
timeoutSeconds: 5
466
successThreshold: 1
467
failureThreshold: 6
468
## @param customStartupProbe Custom startup probe for the Web component
469
##
470
customStartupProbe: {}
471
## @param customLivenessProbe Custom liveness probe for the Web component
472
##
473
customLivenessProbe: {}
474
## @param customReadinessProbe Custom readiness probe for the Web component
475
##
476
customReadinessProbe: {}
477
## Service parameters
478
##
479
service:
480
## @param service.type Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`)
481
##
482
type: ClusterIP
483
## @param service.ports [array] Logstash service ports (evaluated as a template)
484
##
485
ports:
486
- name: http
487
port: 8080
488
targetPort: http
489
protocol: TCP
490
## - name: syslog-udp
491
## port: 1514
492
## targetPort: syslog-udp
493
## protocol: UDP
494
## - name: syslog-tcp
495
## port: 1514
496
## targetPort: syslog-tcp
497
## protocol: TCP
498
##
499
## @param service.extraPorts [array] Extra Logstash service ports (evaluated as a template)
500
##
501
extraPorts: []
502
## - name: syslog-udp
503
## port: 1514
504
## targetPort: syslog-udp
505
## protocol: UDP
506
## - name: syslog-tcp
507
## port: 1514
508
## targetPort: syslog-tcp
509
## protocol: TCP
510
##
511
## @param service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer`
512
##
513
loadBalancerIP: ""
514
## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
515
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
516
## e.g:
517
## loadBalancerSourceRanges:
518
## - 10.10.10.0/24
519
##
520
loadBalancerSourceRanges: []
521
## @param service.externalTrafficPolicy External traffic policy, configure to Local to preserve client source IP when using an external loadBalancer
522
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
523
##
524
externalTrafficPolicy: ""
525
## @param service.clusterIP Static clusterIP or None for headless services
526
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
527
## e.g:
528
## clusterIP: None
529
##
530
clusterIP: ""
531
## @param service.annotations Annotations for Logstash service
532
##
533
annotations: {}
534
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
535
## If "ClientIP", consecutive client requests will be directed to the same Pod
536
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
537
##
538
sessionAffinity: None
539
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
540
## sessionAffinityConfig:
541
## clientIP:
542
## timeoutSeconds: 300
543
##
544
sessionAffinityConfig: {}
545
## Headless service properties
546
##
547
headless:
548
## @param service.headless.annotations Annotations for the headless service.
549
##
550
annotations: {}
551
## Network Policy configuration
552
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
553
##
554
networkPolicy:
555
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
556
##
557
enabled: true
558
## @param networkPolicy.allowExternal The Policy model to apply
559
## When set to false, only pods with the correct client label will have network access to the ports Logstash is
560
## listening on. When true, Logstash will accept connections from any source (with the correct destination port).
561
##
562
allowExternal: true
563
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
564
##
565
allowExternalEgress: true
566
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
567
## e.g:
568
## extraIngress:
569
## - ports:
570
## - port: 1234
571
## from:
572
## - podSelector:
573
## - matchLabels:
574
## - role: frontend
575
## - podSelector:
576
## - matchExpressions:
577
## - key: role
578
## operator: In
579
## values:
580
## - frontend
581
##
582
extraIngress: []
583
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
584
## e.g:
585
## extraEgress:
586
## - ports:
587
## - port: 1234
588
## to:
589
## - podSelector:
590
## - matchLabels:
591
## - role: frontend
592
## - podSelector:
593
## - matchExpressions:
594
## - key: role
595
## operator: In
596
## values:
597
## - frontend
598
##
599
extraEgress: []
600
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
601
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
602
##
603
ingressNSMatchLabels: {}
604
ingressNSPodMatchLabels: {}
605
## Persistence parameters
606
##
607
persistence:
608
## @param persistence.enabled Enable Logstash data persistence using PVC
609
##
610
enabled: false
611
## @param persistence.existingClaim A manually managed Persistent Volume and Claim
612
## If defined, PVC must be created manually before volume will be bound
613
## The value is evaluated as a template
614
##
615
existingClaim: ""
616
## @param persistence.storageClass PVC Storage Class for Logstash data volume
617
## If defined, storageClassName: <storageClass>
618
## If set to "-", storageClassName: "", which disables dynamic provisioning
619
## If undefined (the default) or set to null, no storageClassName spec is
620
## set, choosing the default provisioner.
621
##
622
storageClass: ""
623
## @param persistence.accessModes PVC Access Mode for Logstash data volume
624
##
625
accessModes:
626
- ReadWriteOnce
627
## @param persistence.size PVC Storage Request for Logstash data volume
628
##
629
size: 2Gi
630
## @param persistence.annotations Annotations for the PVC
631
##
632
annotations: {}
633
## @param persistence.mountPath Mount path of the Logstash data volume
634
##
635
mountPath: /iamguarded/logstash/data
636
## @param persistence.selector Selector to match an existing Persistent Volume for Logstash data PVC
637
## If set, the PVC can't have a PV dynamically provisioned for it
638
## E.g.
639
## selector:
640
## matchLabels:
641
## app: my-app
642
##
643
selector: {}
644
## Init Container parameters
645
## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component
646
## values from the securityContext section of the component
647
##
648
volumePermissions:
649
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`
650
##
651
enabled: false
652
## The security context for the volumePermissions init container
653
## @param volumePermissions.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
654
## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions init container
655
##
656
securityContext:
657
seLinuxOptions: {}
658
runAsUser: 0
659
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
660
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
661
## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
662
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
663
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
664
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
665
##
666
image:
667
registry: cgr.dev
668
repository: chainguard-private/os-shell-iamguarded
669
tag: 1.0.0
670
digest: ""
671
## Specify a imagePullPolicy
672
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
673
##
674
pullPolicy: IfNotPresent
675
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
676
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
677
## Example:
678
## pullSecrets:
679
## - myRegistryKeySecretName
680
##
681
pullSecrets: []
682
## Init Container resource requests and limits
683
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
684
## We usually recommend not to specify default resources and to leave this as a conscious
685
## choice for the user. This also increases chances charts run on environments with little
686
## resources, such as Minikube. If you do want to specify resources, uncomment the following
687
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
688
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
689
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
690
##
691
resourcesPreset: "nano"
692
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
693
## Example:
694
## resources:
695
## requests:
696
## cpu: 2
697
## memory: 512Mi
698
## limits:
699
## cpu: 3
700
## memory: 1024Mi
701
##
702
resources: {}
703
## Configure the ingress resource that allows you to access the
704
## Logstash installation. Set up the URL
705
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
706
##
707
ingress:
708
## @param ingress.enabled Enable ingress controller resource
709
##
710
enabled: false
711
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
712
##
713
selfSigned: false
714
## @param ingress.pathType Ingress Path type
715
##
716
pathType: ImplementationSpecific
717
## @param ingress.apiVersion Override API Version (automatically detected if not set)
718
##
719
apiVersion: ""
720
## @param ingress.hostname Default host for the ingress resource
721
##
722
hostname: logstash.local
723
## @param ingress.path The Path to Logstash. You may need to set this to '/*' in order to use this with ALB ingress controllers.
724
##
725
path: /
726
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
727
## For a full list of possible ingress annotations, please see
728
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
729
## Use this parameter to set the required annotations for cert-manager, see
730
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
731
##
732
## e.g:
733
## annotations:
734
## kubernetes.io/ingress.class: nginx
735
## cert-manager.io/cluster-issuer: cluster-issuer-name
736
##
737
annotations: {}
738
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
739
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
740
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
741
##
742
tls: false
743
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
744
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
745
## extraHosts:
746
## - name: logstash.local
747
## path: /
748
##
749
extraHosts: []
750
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
751
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
752
## extraPaths:
753
## - path: /*
754
## backend:
755
## serviceName: ssl-redirect
756
## servicePort: use-annotation
757
##
758
extraPaths: []
759
## @param ingress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template
760
## Useful when looking for additional customization, such as using different backend
761
##
762
extraRules: []
763
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
764
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
765
## extraTls:
766
## - hosts:
767
## - logstash.local
768
## secretName: logstash.local-tls
769
##
770
extraTls: []
771
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
772
## key and certificate should start with -----BEGIN CERTIFICATE----- or
773
## -----BEGIN RSA PRIVATE KEY-----
774
##
775
## name should line up with a tlsSecret set further up
776
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
777
##
778
## It is also possible to create and manage the certificates outside of this helm chart
779
## Please see README.md for more information
780
##
781
## secrets:
782
## - name: logstash.local-tls
783
## key:
784
## certificate:
785
##
786
secrets: []
787
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
788
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
789
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
790
##
791
ingressClassName: ""
792
## Pod disruption budget configuration
793
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
794
## @param pdb.create If true, create a pod disruption budget for pods.
795
## @param pdb.minAvailable Minimum number / percentage of pods that should remain scheduled
796
## @param pdb.maxUnavailable Maximum number / percentage of pods that may be made unavailable
797
##
798
pdb:
799
create: true
800
minAvailable: ""
801
maxUnavailable: ""
802