diff --git a/packs/crossplane-2.1.0/README.md b/packs/crossplane-2.1.0/README.md
new file mode 100644
index 00000000..0c5d3648
--- /dev/null
+++ b/packs/crossplane-2.1.0/README.md
@@ -0,0 +1,37 @@
+# Crossplane
+
+Crossplane is an open source Kubernetes extension that transforms your Kubernetes cluster into a universal control plane.
+
+Crossplane lets you manage anything, anywhere, all through standard Kubernetes APIs. Crossplane can even let you order a pizza directly from Kubernetes. If it has an API, Crossplane can connect to it.
+
+With Crossplane, platform teams can create new abstractions and custom APIs with the full power of Kubernetes policies, namespaces, role based access controls and more. Crossplane brings all your non-Kubernetes resources under one roof.
+
+Custom APIs, created by platform teams, allow security and compliance enforcement across resources or clouds, without exposing any complexity to the developers. A single API call can create multiple resources, in multiple clouds and use Kubernetes as the control plane for everything.
+
+## Prerequisites
+
+Kubernetes >= 1.27.0
+
+## Usage
+
+Installing a provider creates new Kubernetes resources representing the Provider’s APIs. Installing a provider also creates a Provider pod that’s responsible for reconciling the Provider’s APIs into the Kubernetes cluster. Providers constantly watch the state of the desired managed resources and create any external resources that are missing.
+
+Install a Provider with a Crossplane Provider object setting the spec.package value to the location of the provider package. Additional providers can be found in the [Upboud Marketplace](https://marketplace.upbound.io/)
+
+*For Example*
+Install the [Palette Provider](https://marketplace.upbound.io/providers/crossplane-contrib/provider-palette/v0.19.2)
+
+```yaml
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+ name: provider-palette
+spec:
+ package: xpkg.upbound.io/crossplane-contrib/provider-palette:v0.23.5
+```
+
+## References
+
+Crossplane Provider Guide -
+Crossplane Concepts -
+Upbound Marketplace -
diff --git a/packs/crossplane-2.1.0/charts/crossplane-2.1.0.tgz b/packs/crossplane-2.1.0/charts/crossplane-2.1.0.tgz
new file mode 100644
index 00000000..976d7317
Binary files /dev/null and b/packs/crossplane-2.1.0/charts/crossplane-2.1.0.tgz differ
diff --git a/packs/crossplane-2.1.0/charts/crossplane/.helmignore b/packs/crossplane-2.1.0/charts/crossplane/.helmignore
new file mode 100644
index 00000000..f70b97c6
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Templates
+values.yaml.tmpl
+README.md.tmpl
diff --git a/packs/crossplane-2.1.0/charts/crossplane/Chart.yaml b/packs/crossplane-2.1.0/charts/crossplane/Chart.yaml
new file mode 100644
index 00000000..4fbd5c4b
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/Chart.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+appVersion: 2.1.0
+description: Crossplane is an open source Kubernetes add-on that enables platform
+ teams to assemble infrastructure from multiple vendors, and expose higher level
+ self-service APIs for application teams to consume.
+home: https://crossplane.io
+icon: https://docs.crossplane.io/android-chrome-192x192.png
+keywords:
+- cloud
+- infrastructure
+- services
+- application
+- database
+- cache
+- bucket
+- infra
+- app
+- ops
+- gcp
+- azure
+- aws
+- alibaba
+- cloudsql
+- rds
+- s3
+- azuredatabase
+- asparadb
+- gke
+- aks
+- eks
+maintainers:
+- email: crossplane-info@lists.cncf.io
+ name: Crossplane Maintainers
+name: crossplane
+version: 2.1.0
diff --git a/packs/crossplane-2.1.0/charts/crossplane/LICENSE b/packs/crossplane-2.1.0/charts/crossplane/LICENSE
new file mode 100644
index 00000000..ef10385c
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/LICENSE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "{}"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright 2016 The Crossplane Authors. All rights reserved.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/packs/crossplane-2.1.0/charts/crossplane/README.md b/packs/crossplane-2.1.0/charts/crossplane/README.md
new file mode 100644
index 00000000..985602a1
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/README.md
@@ -0,0 +1,183 @@
+
+Crossplane can be easily installed into any existing Kubernetes cluster using
+the regularly published Helm chart. The Helm chart contains all the custom
+resources and controllers needed to deploy and configure Crossplane.
+
+## Pre-requisites
+
+* [Kubernetes cluster], minimum version `v1.16.0+`
+* [Helm], minimum version `v3.0.0+`.
+
+## Installation
+
+Helm charts for Crossplane are currently published to the `stable` and `master`
+channels.
+
+### Stable
+
+The stable channel is the most recent release of Crossplane that is considered
+ready for the community.
+
+```console
+kubectl create namespace crossplane-system
+
+helm repo add crossplane-stable https://charts.crossplane.io/stable
+helm repo update
+
+helm install crossplane --namespace crossplane-system crossplane-stable/crossplane
+```
+
+### Master
+
+The `master` channel contains the latest commits, with all automated tests
+passing. `master` is subject to instability, incompatibility, and features may
+be added or removed without much prior notice. It is recommended to use one of
+the more stable channels, but if you want the absolute newest Crossplane
+installed, then you can use the `master` channel.
+
+To install the Helm chart from master, you will need to pass the specific
+version returned by the `search` command:
+
+```console
+kubectl create namespace crossplane-system
+helm repo add crossplane-master https://charts.crossplane.io/master/
+helm repo update
+helm search repo crossplane-master --devel
+
+helm install crossplane --namespace crossplane-system crossplane-master/crossplane --devel --version
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `crossplane` deployment:
+
+```console
+helm delete crossplane --namespace crossplane-system
+```
+
+That command removes all Kubernetes components associated with Crossplane,
+including all the custom resources and controllers.
+
+## Configuration
+
+The following tables lists the configurable parameters of the Crossplane chart
+and their default values.
+
+| Parameter | Description | Default |
+| --- | --- | --- |
+| `affinity` | Add `affinities` to the Crossplane pod deployment. | `{}` |
+| `args` | Add custom arguments to the Crossplane pod. | `[]` |
+| `configuration.packages` | A list of Configuration packages to install. | `[]` |
+| `customAnnotations` | Add custom `annotations` to the Crossplane pod deployment. | `{}` |
+| `customLabels` | Add custom `labels` to the Crossplane pod deployment. | `{}` |
+| `deploymentStrategy` | The deployment strategy for the Crossplane and RBAC Manager pods. | `"RollingUpdate"` |
+| `dnsPolicy` | Specify the `dnsPolicy` to be used by the Crossplane pod. | `""` |
+| `extraEnvVarsCrossplane` | Add custom environmental variables to the Crossplane pod deployment application container. Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. | `{}` |
+| `extraEnvVarsCrossplaneInit` | Add custom environmental variables to the Crossplane pod deployment init container. Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. | `{}` |
+| `extraEnvVarsRBACManager` | Add custom environmental variables to the RBAC Manager pod deployment. Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. | `{}` |
+| `extraObjects` | To add arbitrary Kubernetes Objects during a Helm Install | `[]` |
+| `extraVolumeMountsCrossplane` | Add custom `volumeMounts` to the Crossplane pod. | `{}` |
+| `extraVolumesCrossplane` | Add custom `volumes` to the Crossplane pod. | `{}` |
+| `function.packages` | A list of Function packages to install | `[]` |
+| `functionCache.medium` | Set to `Memory` to hold the function cache in a RAM backed file system. Useful for Crossplane development. | `""` |
+| `functionCache.pvc` | The name of a PersistentVolumeClaim to use as the function cache. Disables the default function cache `emptyDir` Volume. | `""` |
+| `functionCache.sizeLimit` | The size limit for the function cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory. | `"512Mi"` |
+| `hostNetwork` | Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`. | `false` |
+| `image.ignoreTag` | Do not use the {{ .image.tag }} value to compute the image uri. | `false` |
+| `image.pullPolicy` | The image pull policy used for Crossplane and RBAC Manager pods. | `"IfNotPresent"` |
+| `image.repository` | Repository for the Crossplane pod image. | `"xpkg.crossplane.io/crossplane/crossplane"` |
+| `image.tag` | The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`. | `""` |
+| `imagePullSecrets` | The imagePullSecret names to add to the Crossplane ServiceAccount. | `[]` |
+| `leaderElection` | Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod. | `true` |
+| `metrics.enabled` | Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods. | `false` |
+| `metrics.port` | The port the metrics server listens on. | `""` |
+| `nodeSelector` | Add `nodeSelectors` to the Crossplane pod deployment. | `{}` |
+| `packageCache.configMap` | The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume. | `""` |
+| `packageCache.medium` | Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development. | `""` |
+| `packageCache.pvc` | The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume. | `""` |
+| `packageCache.sizeLimit` | The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory. | `"20Mi"` |
+| `podSecurityContextCrossplane` | Add a custom `securityContext` to the Crossplane pod. | `{}` |
+| `podSecurityContextRBACManager` | Add a custom `securityContext` to the RBAC Manager pod. | `{}` |
+| `priorityClassName` | The PriorityClass name to apply to the Crossplane and RBAC Manager pods. | `""` |
+| `provider.defaultActivations` | Define entries for the default managed resource activation policy. If defined, a default MRAP will contain these activations. | `["*"]` |
+| `provider.packages` | A list of Provider packages to install. | `[]` |
+| `rbacManager.affinity` | Add `affinities` to the RBAC Manager pod deployment. | `{}` |
+| `rbacManager.args` | Add custom arguments to the RBAC Manager pod. | `[]` |
+| `rbacManager.deploy` | Deploy the RBAC Manager pod and its required roles. | `true` |
+| `rbacManager.leaderElection` | Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod. | `true` |
+| `rbacManager.nodeSelector` | Add `nodeSelectors` to the RBAC Manager pod deployment. | `{}` |
+| `rbacManager.replicas` | The number of RBAC Manager pod `replicas` to deploy. | `1` |
+| `rbacManager.revisionHistoryLimit` | The number of RBAC Manager ReplicaSets to retain. | `nil` |
+| `rbacManager.skipAggregatedClusterRoles` | Don't install aggregated Crossplane ClusterRoles. | `false` |
+| `rbacManager.tolerations` | Add `tolerations` to the RBAC Manager pod deployment. | `[]` |
+| `rbacManager.topologySpreadConstraints` | Add `topologySpreadConstraints` to the RBAC Manager pod deployment. | `[]` |
+| `readiness.port` | The port the readyz server listens on. | `""` |
+| `registryCaBundleConfig.key` | The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. | `""` |
+| `registryCaBundleConfig.name` | The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. | `""` |
+| `replicas` | The number of Crossplane pod `replicas` to deploy. | `1` |
+| `resourcesCrossplane.limits.cpu` | CPU resource limits for the Crossplane pod. | `"500m"` |
+| `resourcesCrossplane.limits.memory` | Memory resource limits for the Crossplane pod. | `"1024Mi"` |
+| `resourcesCrossplane.requests.cpu` | CPU resource requests for the Crossplane pod. | `"100m"` |
+| `resourcesCrossplane.requests.memory` | Memory resource requests for the Crossplane pod. | `"256Mi"` |
+| `resourcesRBACManager.limits.cpu` | CPU resource limits for the RBAC Manager pod. | `"100m"` |
+| `resourcesRBACManager.limits.memory` | Memory resource limits for the RBAC Manager pod. | `"512Mi"` |
+| `resourcesRBACManager.requests.cpu` | CPU resource requests for the RBAC Manager pod. | `"100m"` |
+| `resourcesRBACManager.requests.memory` | Memory resource requests for the RBAC Manager pod. | `"256Mi"` |
+| `revisionHistoryLimit` | The number of Crossplane ReplicaSets to retain. | `nil` |
+| `runtimeClassName` | The runtimeClassName name to apply to the Crossplane and RBAC Manager pods. | `""` |
+| `securityContextCrossplane.allowPrivilegeEscalation` | Enable `allowPrivilegeEscalation` for the Crossplane pod. | `false` |
+| `securityContextCrossplane.readOnlyRootFilesystem` | Set the Crossplane pod root file system as read-only. | `true` |
+| `securityContextCrossplane.runAsGroup` | The group ID used by the Crossplane pod. | `65532` |
+| `securityContextCrossplane.runAsUser` | The user ID used by the Crossplane pod. | `65532` |
+| `securityContextRBACManager.allowPrivilegeEscalation` | Enable `allowPrivilegeEscalation` for the RBAC Manager pod. | `false` |
+| `securityContextRBACManager.readOnlyRootFilesystem` | Set the RBAC Manager pod root file system as read-only. | `true` |
+| `securityContextRBACManager.runAsGroup` | The group ID used by the RBAC Manager pod. | `65532` |
+| `securityContextRBACManager.runAsUser` | The user ID used by the RBAC Manager pod. | `65532` |
+| `service.customAnnotations` | Configure annotations on the service object. Only enabled when webhooks.enabled = true | `{}` |
+| `serviceAccount.create` | Specifies whether Crossplane ServiceAccount should be created | `true` |
+| `serviceAccount.customAnnotations` | Add custom `annotations` to the Crossplane ServiceAccount. | `{}` |
+| `serviceAccount.name` | Provide the name of an already created Crossplane ServiceAccount. Required when `serviceAccount.create` is `false` | `""` |
+| `tolerations` | Add `tolerations` to the Crossplane pod deployment. | `[]` |
+| `topologySpreadConstraints` | Add `topologySpreadConstraints` to the Crossplane pod deployment. | `[]` |
+| `webhooks.enabled` | Enable webhooks for Crossplane and installed Provider packages. | `true` |
+| `webhooks.port` | The port the webhook server listens on. | `""` |
+
+### Command Line
+
+You can pass the settings with helm command line parameters. Specify each
+parameter using the `--set key=value[,key=value]` argument to `helm install`.
+For example, the following command will install Crossplane with an image pull
+policy of `IfNotPresent`.
+
+```console
+helm install --namespace crossplane-system crossplane-stable/crossplane --set image.pullPolicy=IfNotPresent
+```
+
+### Settings File
+
+Alternatively, a yaml file that specifies the values for the above parameters
+(`values.yaml`) can be provided while installing the chart.
+
+```console
+helm install crossplane --namespace crossplane-system crossplane-stable/crossplane -f values.yaml
+```
+
+Here are the sample settings to get you started.
+
+```yaml
+replicas: 1
+
+deploymentStrategy: RollingUpdate
+
+image:
+ repository: xpkg.crossplane.io/crossplane/crossplane
+ tag: alpha
+ pullPolicy: Always
+```
+
+
+
+[Kubernetes cluster]: https://kubernetes.io/docs/setup/
+[Minikube]: https://kubernetes.io/docs/tasks/tools/install-minikube/
+[Helm]: https://docs.helm.sh/using_helm/
+
diff --git a/packs/crossplane-2.1.0/charts/crossplane/README.md.gotmpl b/packs/crossplane-2.1.0/charts/crossplane/README.md.gotmpl
new file mode 100644
index 00000000..bc6f2b18
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/README.md.gotmpl
@@ -0,0 +1,112 @@
+
+Crossplane can be easily installed into any existing Kubernetes cluster using
+the regularly published Helm chart. The Helm chart contains all the custom
+resources and controllers needed to deploy and configure Crossplane.
+
+## Pre-requisites
+
+* [Kubernetes cluster], minimum version `v1.16.0+`
+* [Helm], minimum version `v3.0.0+`.
+
+## Installation
+
+Helm charts for Crossplane are currently published to the `stable` and `master`
+channels.
+
+### Stable
+
+The stable channel is the most recent release of Crossplane that is considered
+ready for the community.
+
+```console
+kubectl create namespace crossplane-system
+
+helm repo add crossplane-stable https://charts.crossplane.io/stable
+helm repo update
+
+helm install crossplane --namespace crossplane-system crossplane-stable/crossplane
+```
+
+### Master
+
+The `master` channel contains the latest commits, with all automated tests
+passing. `master` is subject to instability, incompatibility, and features may
+be added or removed without much prior notice. It is recommended to use one of
+the more stable channels, but if you want the absolute newest Crossplane
+installed, then you can use the `master` channel.
+
+To install the Helm chart from master, you will need to pass the specific
+version returned by the `search` command:
+
+```console
+kubectl create namespace crossplane-system
+helm repo add crossplane-master https://charts.crossplane.io/master/
+helm repo update
+helm search repo crossplane-master --devel
+
+helm install crossplane --namespace crossplane-system crossplane-master/crossplane --devel --version
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `crossplane` deployment:
+
+```console
+helm delete crossplane --namespace crossplane-system
+```
+
+That command removes all Kubernetes components associated with Crossplane,
+including all the custom resources and controllers.
+
+## Configuration
+
+The following tables lists the configurable parameters of the Crossplane chart
+and their default values.
+
+{{ template "chart.valuesTable" . }}
+
+### Command Line
+
+You can pass the settings with helm command line parameters. Specify each
+parameter using the `--set key=value[,key=value]` argument to `helm install`.
+For example, the following command will install Crossplane with an image pull
+policy of `IfNotPresent`.
+
+```console
+helm install --namespace crossplane-system crossplane-stable/crossplane --set image.pullPolicy=IfNotPresent
+```
+
+### Settings File
+
+Alternatively, a yaml file that specifies the values for the above parameters
+(`values.yaml`) can be provided while installing the chart.
+
+```console
+helm install crossplane --namespace crossplane-system crossplane-stable/crossplane -f values.yaml
+```
+
+Here are the sample settings to get you started.
+
+```yaml
+replicas: 1
+
+deploymentStrategy: RollingUpdate
+
+image:
+ repository: xpkg.crossplane.io/crossplane/crossplane
+ tag: alpha
+ pullPolicy: Always
+```
+
+
+
+[Kubernetes cluster]: https://kubernetes.io/docs/setup/
+[Minikube]: https://kubernetes.io/docs/tasks/tools/install-minikube/
+[Helm]: https://docs.helm.sh/using_helm/
+{{ define "chart.valuesTable" }}
+| Parameter | Description | Default |
+| --- | --- | --- |
+ {{- range .Values }}
+| `{{ .Key }}` | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} |
+ {{- end }}
+{{ end }}
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/NOTES.txt b/packs/crossplane-2.1.0/charts/crossplane/templates/NOTES.txt
new file mode 100644
index 00000000..f1c8a0c6
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/NOTES.txt
@@ -0,0 +1,8 @@
+Release: {{.Release.Name}}
+
+Chart Name: {{.Chart.Name}}
+Chart Description: {{.Chart.Description}}
+Chart Version: {{.Chart.Version}}
+Chart Application Version: {{.Chart.AppVersion}}
+
+Kube Version: {{.Capabilities.KubeVersion}}
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/_helpers.tpl b/packs/crossplane-2.1.0/charts/crossplane/templates/_helpers.tpl
new file mode 100644
index 00000000..ef1c0d4a
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/_helpers.tpl
@@ -0,0 +1,43 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "crossplane.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "crossplane.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Generate basic labels
+*/}}
+{{- define "crossplane.labels" }}
+helm.sh/chart: {{ include "crossplane.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: cloud-infrastructure-controller
+app.kubernetes.io/part-of: {{ template "crossplane.name" . }}
+app.kubernetes.io/name: {{ include "crossplane.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Define ExternalSecretStoreEnabled Feature Flag
+*/}}
+{{- define "crossplane.externalSecretStoresEnabled" -}}
+{{- if has "--enable-external-secret-stores" .Values.args -}}
+true
+{{- else -}}
+false
+{{- end -}}
+{{- end -}}
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/clusterrole.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/clusterrole.yaml
new file mode 100644
index 00000000..bc0b3285
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/clusterrole.yaml
@@ -0,0 +1,108 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+{{- if .Values.rbacManager.deploy }}
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rbac.crossplane.io/aggregate-to-crossplane: "true"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}:system:aggregate-to-crossplane
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+ crossplane.io/scope: "system"
+ rbac.crossplane.io/aggregate-to-crossplane: "true"
+{{- end }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ - customresourcedefinitions/status
+ verbs:
+ - "*"
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ - services
+ verbs:
+ - "*"
+- apiGroups:
+ - apiextensions.crossplane.io
+ - ops.crossplane.io
+ - pkg.crossplane.io
+ - protection.crossplane.io
+ resources:
+ - "*"
+ verbs:
+ - "*"
+- apiGroups:
+ - extensions
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - patch
+ - delete
+ - watch
+- apiGroups:
+ - ""
+ - coordination.k8s.io
+ resources:
+ - configmaps
+ - leases
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - patch
+ - watch
+ - delete
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - patch
+ - watch
+ - delete
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/clusterrolebinding.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/clusterrolebinding.yaml
new file mode 100644
index 00000000..9864fe58
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "crossplane.name" . }}
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "crossplane.name" . }}
+subjects:
+- kind: ServiceAccount
+ {{- if not .Values.serviceAccount.create }}
+ name: {{ .Values.serviceAccount.name }}
+ {{- else }}
+ name: {{ template "crossplane.name" . }}
+ {{- end }}
+ namespace: {{ .Release.Namespace }}
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/deployment.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/deployment.yaml
new file mode 100644
index 00000000..b527952b
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/deployment.yaml
@@ -0,0 +1,300 @@
+{{- $externalSecretStoresEnabled := include "crossplane.externalSecretStoresEnabled" . | eq "true" -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "crossplane.name" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "crossplane.name" . }}
+ release: {{ .Release.Name }}
+ {{- include "crossplane.labels" . | indent 4 }}
+ {{- with .Values.customAnnotations }}
+ annotations: {{ toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.replicas }}
+ selector:
+ matchLabels:
+ app: {{ template "crossplane.name" . }}
+ release: {{ .Release.Name }}
+ strategy:
+ type: {{ .Values.deploymentStrategy }}
+ {{- if .Values.revisionHistoryLimit }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ {{- end }}
+ template:
+ metadata:
+ {{- if or .Values.metrics.enabled .Values.customAnnotations }}
+ annotations:
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ prometheus.io/path: /metrics
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ app: {{ template "crossplane.name" . }}
+ release: {{ .Release.Name }}
+ {{- include "crossplane.labels" . | indent 8 }}
+ spec:
+ {{- with .Values.podSecurityContextCrossplane }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.runtimeClassName }}
+ runtimeClassName: {{ .Values.runtimeClassName | quote }}
+ {{- end }}
+ {{- if not .Values.serviceAccount.create }}
+ serviceAccountName: {{ .Values.serviceAccount.name }}
+ {{- else }}
+ serviceAccountName: {{ template "crossplane.name" . }}
+ {{- end }}
+ hostNetwork: {{ .Values.hostNetwork }}
+ initContainers:
+ - name: {{ .Chart.Name }}-init
+ {{- if .Values.image.ignoreTag }}
+ image: "{{ .Values.image.repository }}"
+ {{- else }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ args:
+ - core
+ - init
+ {{- range $arg := .Values.provider.packages }}
+ - --provider
+ - "{{ $arg }}"
+ {{- end }}
+ {{- range $arg := .Values.configuration.packages }}
+ - --configuration
+ - "{{ $arg }}"
+ {{- end }}
+ {{- range $arg := .Values.function.packages }}
+ - --function
+ - "{{ $arg }}"
+ {{- end }}
+ {{- range $arg := .Values.provider.defaultActivations }}
+ - --activation
+ - "{{ $arg }}"
+ {{- end }}
+ resources:
+ {{- toYaml .Values.resourcesCrossplane | nindent 12 }}
+ {{- with .Values.securityContextCrossplane }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ env:
+ - name: GOMAXPROCS
+ valueFrom:
+ resourceFieldRef:
+ containerName: {{ .Chart.Name }}-init
+ resource: limits.cpu
+ divisor: "1"
+ - name: GOMEMLIMIT
+ valueFrom:
+ resourceFieldRef:
+ containerName: {{ .Chart.Name }}-init
+ resource: limits.memory
+ divisor: "1"
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_SERVICE_ACCOUNT
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.serviceAccountName
+ {{- if .Values.webhooks.enabled }}
+ - name: "WEBHOOK_SERVICE_NAME"
+ value: {{ template "crossplane.name" . }}-webhooks
+ - name: "WEBHOOK_SERVICE_NAMESPACE"
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: "WEBHOOK_SERVICE_PORT"
+ value: "9443"
+ {{- else }}
+ - name: "ENABLE_WEBHOOKS"
+ value: "false"
+ {{- end }}
+ {{- if $externalSecretStoresEnabled }}
+ - name: "ESS_TLS_SERVER_SECRET_NAME"
+ value: ess-server-certs
+ {{- end }}
+ - name: "TLS_CA_SECRET_NAME"
+ value: crossplane-root-ca
+ - name: "TLS_SERVER_SECRET_NAME"
+ value: crossplane-tls-server
+ - name: "TLS_CLIENT_SECRET_NAME"
+ value: crossplane-tls-client
+ {{- range $key, $value := .Values.extraEnvVarsCrossplaneInit }}
+ - name: {{ $key | replace "." "_" }}
+ value: {{ $value | quote }}
+ {{- end}}
+ containers:
+ - name: {{ .Chart.Name }}
+ {{- if .Values.image.ignoreTag }}
+ image: "{{ .Values.image.repository }}"
+ {{- else }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
+ {{- end }}
+ args:
+ - core
+ - start
+ {{- range $arg := .Values.args }}
+ - {{ $arg }}
+ {{- end }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ resources:
+ {{- toYaml .Values.resourcesCrossplane | nindent 12 }}
+ startupProbe:
+ failureThreshold: 30
+ periodSeconds: 2
+ tcpSocket:
+ port: readyz
+ ports:
+ - name: readyz
+ containerPort: {{ .Values.readiness.port | default 8081 }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ containerPort: {{ .Values.metrics.port | default 8080 }}
+ {{- end }}
+ {{- if .Values.webhooks.enabled }}
+ - name: webhooks
+ containerPort: {{ .Values.webhooks.port | default 9443 }}
+ {{- end }}
+ {{- with .Values.securityContextCrossplane }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ env:
+ - name: GOMAXPROCS
+ valueFrom:
+ resourceFieldRef:
+ containerName: {{ .Chart.Name }}
+ resource: limits.cpu
+ divisor: "1"
+ - name: GOMEMLIMIT
+ valueFrom:
+ resourceFieldRef:
+ containerName: {{ .Chart.Name }}
+ resource: limits.memory
+ divisor: "1"
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_SERVICE_ACCOUNT
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.serviceAccountName
+ - name: LEADER_ELECTION
+ value: "{{ .Values.leaderElection }}"
+ {{- if .Values.registryCaBundleConfig.key }}
+ - name: CA_BUNDLE_PATH
+ value: "/certs/{{ .Values.registryCaBundleConfig.key }}"
+ {{- end}}
+ {{- if not .Values.webhooks.enabled }}
+ - name: "ENABLE_WEBHOOKS"
+ value: "false"
+ {{- end }}
+ {{- if and .Values.webhooks.enabled .Values.webhooks.port }}
+ - name: "WEBHOOK_PORT"
+ value: "{{ .Values.webhooks.port }}"
+ {{- end}}
+ {{- if and .Values.metrics.enabled .Values.metrics.port }}
+ - name: "METRICS_PORT"
+ value: "{{ .Values.metrics.port }}"
+ {{- end}}
+ {{- if .Values.readiness.port }}
+ - name: "HEALTH_PROBE_PORT"
+ value: "{{ .Values.readiness.port }}"
+ {{- end}}
+ - name: "TLS_SERVER_SECRET_NAME"
+ value: crossplane-tls-server
+ - name: "TLS_SERVER_CERTS_DIR"
+ value: /tls/server
+ - name: "TLS_CLIENT_SECRET_NAME"
+ value: crossplane-tls-client
+ - name: "TLS_CLIENT_CERTS_DIR"
+ value: /tls/client
+ {{- range $key, $value := .Values.extraEnvVarsCrossplane }}
+ - name: {{ $key | replace "." "_" }}
+ value: {{ $value | quote }}
+ {{- end}}
+ volumeMounts:
+ - mountPath: /cache/xpkg
+ name: package-cache
+ - mountPath: /cache/xfn
+ name: function-cache
+ {{- if .Values.registryCaBundleConfig.name }}
+ - mountPath: /certs
+ name: ca-certs
+ {{- end }}
+ {{- if .Values.extraVolumeMountsCrossplane }}
+ {{- toYaml .Values.extraVolumeMountsCrossplane | nindent 10 }}
+ {{- end }}
+ - mountPath: /tls/server
+ name: tls-server-certs
+ - mountPath: /tls/client
+ name: tls-client-certs
+ volumes:
+ - name: package-cache
+ {{- if .Values.packageCache.pvc }}
+ persistentVolumeClaim:
+ claimName: {{ .Values.packageCache.pvc }}
+ {{- else if .Values.packageCache.configMap }}
+ configMap:
+ name: {{ .Values.packageCache.configMap }}
+ {{- else }}
+ emptyDir:
+ medium: {{ .Values.packageCache.medium }}
+ sizeLimit: {{ .Values.packageCache.sizeLimit }}
+ {{- end }}
+ - name: function-cache
+ {{- if .Values.functionCache.pvc }}
+ persistentVolumeClaim:
+ claimName: {{ .Values.functionCache.pvc }}
+ {{- else }}
+ emptyDir:
+ medium: {{ .Values.functionCache.medium }}
+ sizeLimit: {{ .Values.functionCache.sizeLimit }}
+ {{- end }}
+ {{- if .Values.registryCaBundleConfig.name }}
+ - name: ca-certs
+ configMap:
+ name: {{ .Values.registryCaBundleConfig.name }}
+ items:
+ - key: {{ .Values.registryCaBundleConfig.key }}
+ path: {{ .Values.registryCaBundleConfig.key }}
+ {{- end }}
+ - name: tls-server-certs
+ secret:
+ secretName: crossplane-tls-server
+ - name: tls-client-certs
+ secret:
+ secretName: crossplane-tls-client
+ {{- if .Values.extraVolumesCrossplane }}
+ {{- toYaml .Values.extraVolumesCrossplane | nindent 6 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{ toYaml .Values.tolerations | nindent 6 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ {{- if .Values.topologySpreadConstraints }}
+ topologySpreadConstraints: {{ toYaml .Values.topologySpreadConstraints | nindent 8 }}
+ {{- end }}
+ {{- with .Values.dnsPolicy }}
+ dnsPolicy: {{ . }}
+ {{- end }}
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/extra-objects.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/extra-objects.yaml
new file mode 100644
index 00000000..a9bb3b6b
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/extra-objects.yaml
@@ -0,0 +1,4 @@
+{{ range .Values.extraObjects }}
+---
+{{ tpl (toYaml .) $ }}
+{{ end }}
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml
new file mode 100644
index 00000000..9a373fff
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.rbacManager.deploy }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}:allowed-provider-permissions
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true"
+{{- end}}
\ No newline at end of file
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-clusterrole.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-clusterrole.yaml
new file mode 100644
index 00000000..8943b5f5
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-clusterrole.yaml
@@ -0,0 +1,135 @@
+{{- if .Values.rbacManager.deploy }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}-rbac-manager
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - get
+ - list
+ - watch
+# The RBAC manager creates a series of RBAC roles for each namespace it sees.
+# These RBAC roles are controlled (in the owner reference sense) by the namespace.
+# The RBAC manager needs permission to set finalizers on Namespaces in order to
+# create resources that block their deletion when the
+# OwnerReferencesPermissionEnforcement admission controller is enabled.
+# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+- apiGroups:
+ - ""
+ resources:
+ - namespaces/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - apiextensions.crossplane.io
+ resources:
+ - compositeresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+# The RBAC manager creates a series of RBAC cluster roles for each XRD it sees.
+# These cluster roles are controlled (in the owner reference sense) by the XRD.
+# The RBAC manager needs permission to set finalizers on XRDs in order to
+# create resources that block their deletion when the
+# OwnerReferencesPermissionEnforcement admission controller is enabled.
+# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+- apiGroups:
+ - apiextensions.crossplane.io
+ resources:
+ - compositeresourcedefinitions/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - pkg.crossplane.io
+ resources:
+ - providerrevisions
+ verbs:
+ - get
+ - list
+ - watch
+# The RBAC manager creates a series of RBAC cluster roles for each ProviderRevision
+# it sees. These cluster roles are controlled (in the owner reference sense) by the
+# ProviderRevision. The RBAC manager needs permission to set finalizers on
+# ProviderRevisions in order to create resources that block their deletion when the
+# OwnerReferencesPermissionEnforcement admission controller is enabled.
+# See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+- apiGroups:
+ - pkg.crossplane.io
+ resources:
+ - providerrevisions/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterroles
+ - roles
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ # The RBAC manager may grant access it does not have.
+ - escalate
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterroles
+ verbs:
+ - bind
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterrolebindings
+ verbs:
+ - "*"
+- apiGroups:
+ - ""
+ - coordination.k8s.io
+ resources:
+ - configmaps
+ - leases
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - patch
+ - watch
+ - delete
+{{- end}}
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-clusterrolebinding.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-clusterrolebinding.yaml
new file mode 100644
index 00000000..56e0300b
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-clusterrolebinding.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.rbacManager.deploy }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "crossplane.name" . }}-rbac-manager
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "crossplane.name" . }}-rbac-manager
+subjects:
+- kind: ServiceAccount
+ name: rbac-manager
+ namespace: {{ .Release.Namespace }}
+{{- end}}
\ No newline at end of file
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-deployment.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-deployment.yaml
new file mode 100644
index 00000000..f2a85e53
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-deployment.yaml
@@ -0,0 +1,141 @@
+{{- if .Values.rbacManager.deploy }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "crossplane.name" . }}-rbac-manager
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "crossplane.name" . }}-rbac-manager
+ release: {{ .Release.Name }}
+ {{- include "crossplane.labels" . | indent 4 }}
+ {{- with .Values.customAnnotations }}
+ annotations: {{ toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.rbacManager.replicas }}
+ selector:
+ matchLabels:
+ app: {{ template "crossplane.name" . }}-rbac-manager
+ release: {{ .Release.Name }}
+ strategy:
+ type: {{ .Values.deploymentStrategy }}
+ {{- if .Values.rbacManager.revisionHistoryLimit }}
+ revisionHistoryLimit: {{ .Values.rbacManager.revisionHistoryLimit }}
+ {{- end }}
+ template:
+ metadata:
+ {{- if or .Values.metrics.enabled .Values.customAnnotations }}
+ annotations:
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ prometheus.io/path: /metrics
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ app: {{ template "crossplane.name" . }}-rbac-manager
+ release: {{ .Release.Name }}
+ {{- include "crossplane.labels" . | indent 8 }}
+ spec:
+ {{- with .Values.podSecurityContextRBACManager }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- end }}
+ serviceAccountName: rbac-manager
+ {{- if .Values.runtimeClassName }}
+ runtimeClassName: {{ .Values.runtimeClassName | quote }}
+ {{- end }}
+ initContainers:
+ - name: {{ .Chart.Name }}-init
+ {{- if .Values.image.ignoreTag }}
+ image: "{{ .Values.image.repository }}"
+ {{- else }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
+ {{- end }}
+ args:
+ - rbac
+ - init
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ resources:
+ {{- toYaml .Values.resourcesRBACManager | nindent 12 }}
+ {{- with .Values.securityContextRBACManager }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ env:
+ - name: GOMAXPROCS
+ valueFrom:
+ resourceFieldRef:
+ containerName: {{ .Chart.Name }}-init
+ resource: limits.cpu
+ divisor: "1"
+ - name: GOMEMLIMIT
+ valueFrom:
+ resourceFieldRef:
+ containerName: {{ .Chart.Name }}-init
+ resource: limits.memory
+ divisor: "1"
+ containers:
+ - name: {{ .Chart.Name }}
+ {{- if .Values.image.ignoreTag }}
+ image: "{{ .Values.image.repository }}"
+ {{- else }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
+ {{- end }}
+ args:
+ - rbac
+ - start
+ {{- range $arg := .Values.rbacManager.args }}
+ - {{ $arg }}
+ {{- end }}
+ - --provider-clusterrole={{ template "crossplane.name" . }}:allowed-provider-permissions
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ resources:
+ {{- toYaml .Values.resourcesRBACManager | nindent 12 }}
+ {{- if .Values.metrics.enabled }}
+ ports:
+ - name: metrics
+ containerPort: 8080
+ {{- end }}
+ {{- with .Values.securityContextRBACManager }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ env:
+ - name: GOMAXPROCS
+ valueFrom:
+ resourceFieldRef:
+ containerName: {{ .Chart.Name }}
+ resource: limits.cpu
+ divisor: "1"
+ - name: GOMEMLIMIT
+ valueFrom:
+ resourceFieldRef:
+ containerName: {{ .Chart.Name }}
+ resource: limits.memory
+ divisor: "1"
+ - name: LEADER_ELECTION
+ value: "{{ .Values.rbacManager.leaderElection }}"
+ {{- range $key, $value := .Values.extraEnvVarsRBACManager }}
+ - name: {{ $key | replace "." "_" }}
+ value: {{ $value | quote }}
+ {{- end}}
+ {{- if .Values.rbacManager.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.rbacManager.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.rbacManager.tolerations }}
+ tolerations: {{ toYaml .Values.rbacManager.tolerations | nindent 6 }}
+ {{- end }}
+ {{- if .Values.rbacManager.topologySpreadConstraints }}
+ topologySpreadConstraints: {{ toYaml .Values.rbacManager.topologySpreadConstraints | nindent 6 }}
+ {{- end }}
+ {{- if .Values.rbacManager.affinity }}
+ affinity: {{ toYaml .Values.rbacManager.affinity | nindent 8 }}
+ {{- end }}
+{{- end}}
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-managed-clusterroles.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-managed-clusterroles.yaml
new file mode 100644
index 00000000..14fb96f6
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-managed-clusterroles.yaml
@@ -0,0 +1,227 @@
+{{- if .Values.rbacManager.deploy }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "crossplane.name" . }}-admin
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "crossplane.name" . }}-admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+ kind: Group
+ name: {{ template "crossplane.name" . }}:masters
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}-admin
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rbac.crossplane.io/aggregate-to-admin: "true"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}-edit
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rbac.crossplane.io/aggregate-to-edit: "true"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}-view
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rbac.crossplane.io/aggregate-to-view: "true"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}-browse
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rbac.crossplane.io/aggregate-to-browse: "true"
+{{- if not .Values.rbacManager.skipAggregatedClusterRoles }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}:aggregate-to-admin
+ labels:
+ rbac.crossplane.io/aggregate-to-admin: "true"
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+rules:
+# Crossplane administrators have access to view events.
+- apiGroups: [""]
+ resources: [events]
+ verbs: [get, list, watch]
+# Crossplane administrators must create provider credential secrets, and may
+# need to read or otherwise interact with connection secrets. They may also need
+# to create or annotate namespaces.
+- apiGroups: [""]
+ resources: [secrets, namespaces]
+ verbs: ["*"]
+# Crossplane administrators have access to view the roles that they may be able
+# to grant to other subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+ resources: [clusterroles, roles]
+ verbs: [get, list, watch]
+# Crossplane administrators have access to grant the access they have to other
+# subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+ resources: [clusterrolebindings, rolebindings]
+ verbs: ["*"]
+# Crossplane administrators have full access to built in Crossplane types.
+- apiGroups:
+ - apiextensions.crossplane.io
+ resources: ["*"]
+ verbs: ["*"]
+- apiGroups:
+ - pkg.crossplane.io
+ resources: ["*"]
+ verbs: ["*"]
+- apiGroups:
+ - secrets.crossplane.io
+ resources: ["*"]
+ verbs: ["*"]
+# Crossplane administrators have access to view CRDs in order to debug XRDs.
+- apiGroups: [apiextensions.k8s.io]
+ resources: [customresourcedefinitions]
+ verbs: [get, list, watch]
+- apiGroups:
+ - protection.crossplane.io
+ resources: ["*"]
+ verbs: ["*"]
+- apiGroups:
+ - ops.crossplane.io
+ resources: ["*"]
+ verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}:aggregate-to-edit
+ labels:
+ rbac.crossplane.io/aggregate-to-edit: "true"
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+rules:
+# Crossplane editors have access to view events.
+- apiGroups: [""]
+ resources: [events]
+ verbs: [get, list, watch]
+# Crossplane editors must create provider credential secrets, and may need to
+# read or otherwise interact with connection secrets.
+- apiGroups: [""]
+ resources: [secrets]
+ verbs: ["*"]
+# Crossplane editors may see which namespaces exist, but not edit them.
+- apiGroups: [""]
+ resources: [namespaces]
+ verbs: [get, list, watch]
+# Crossplane editors have full access to built in Crossplane types.
+- apiGroups:
+ - apiextensions.crossplane.io
+ resources: ["*"]
+ verbs: ["*"]
+- apiGroups:
+ - pkg.crossplane.io
+ resources: ["*"]
+ verbs: ["*"]
+- apiGroups:
+ - secrets.crossplane.io
+ resources: ["*"]
+ verbs: ["*"]
+- apiGroups:
+ - protection.crossplane.io
+ resources: ["*"]
+ verbs: ["*"]
+- apiGroups:
+ - ops.crossplane.io
+ resources: ["*"]
+ verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}:aggregate-to-view
+ labels:
+ rbac.crossplane.io/aggregate-to-view: "true"
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+rules:
+# Crossplane viewers have access to view events.
+- apiGroups: [""]
+ resources: [events]
+ verbs: [get, list, watch]
+# Crossplane viewers may see which namespaces exist.
+- apiGroups: [""]
+ resources: [namespaces]
+ verbs: [get, list, watch]
+# Crossplane viewers have read-only access to built in Crossplane types.
+- apiGroups:
+ - apiextensions.crossplane.io
+ resources: ["*"]
+ verbs: [get, list, watch]
+- apiGroups:
+ - pkg.crossplane.io
+ resources: ["*"]
+ verbs: [get, list, watch]
+- apiGroups:
+ - secrets.crossplane.io
+ resources: ["*"]
+ verbs: [get, list, watch]
+- apiGroups:
+ - protection.crossplane.io
+ resources: ["*"]
+ verbs: [get, list, watch]
+- apiGroups:
+ - ops.crossplane.io
+ resources: ["*"]
+ verbs: [get, list, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "crossplane.name" . }}:aggregate-to-browse
+ labels:
+ rbac.crossplane.io/aggregate-to-browse: "true"
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+rules:
+# Crossplane browsers have access to view events.
+- apiGroups: [""]
+ resources: [events]
+ verbs: [get, list, watch]
+# Crossplane browsers have read-only access to compositions and XRDs. This
+# allows them to discover and select an appropriate composition when creating a
+# resource claim.
+- apiGroups:
+ - apiextensions.crossplane.io
+ resources: ["*"]
+ verbs: [get, list, watch]
+{{- end }}
+{{- end }}
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-serviceaccount.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-serviceaccount.yaml
new file mode 100644
index 00000000..fd1dcc97
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/rbac-manager-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.rbacManager.deploy }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: rbac-manager
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+{{- with .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range $index, $secret := . }}
+- name: {{ $secret }}
+{{- end }}
+{{- end }}
+{{- end}}
\ No newline at end of file
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/secret.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/secret.yaml
new file mode 100644
index 00000000..78d05eb7
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/secret.yaml
@@ -0,0 +1,43 @@
+{{- $externalSecretStoresEnabled := include "crossplane.externalSecretStoresEnabled" . | eq "true" -}}
+{{- if $externalSecretStoresEnabled }}
+---
+# The reason this is created empty and filled by the init container is we want
+# to manage the lifecycle of the secret via Helm. This way whenever Crossplane
+# is deleted, the secret is deleted as well.
+apiVersion: v1
+kind: Secret
+metadata:
+ name: ess-server-certs
+ namespace: {{ .Release.Namespace }}
+type: Opaque
+{{- end }}
+---
+# The reason this is created empty and filled by the init container is we want
+# to manage the lifecycle of the secret via Helm. This way whenever Crossplane
+# is deleted, the secret is deleted as well.
+apiVersion: v1
+kind: Secret
+metadata:
+ name: crossplane-root-ca
+ namespace: {{ .Release.Namespace }}
+type: Opaque
+---
+# The reason this is created empty and filled by the init container is we want
+# to manage the lifecycle of the secret via Helm. This way whenever Crossplane
+# is deleted, the secret is deleted as well.
+apiVersion: v1
+kind: Secret
+metadata:
+ name: crossplane-tls-server
+ namespace: {{ .Release.Namespace }}
+type: Opaque
+---
+# The reason this is created empty and filled by the init container is we want
+# to manage the lifecycle of the secret via Helm. This way whenever Crossplane
+# is deleted, the secret is deleted as well.
+apiVersion: v1
+kind: Secret
+metadata:
+ name: crossplane-tls-client
+ namespace: {{ .Release.Namespace }}
+type: Opaque
\ No newline at end of file
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/service.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/service.yaml
new file mode 100644
index 00000000..c807e7be
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/service.yaml
@@ -0,0 +1,25 @@
+{{- if .Values.webhooks.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "crossplane.name" . }}-webhooks
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "crossplane.name" . }}
+ release: {{ .Release.Name }}
+ {{- include "crossplane.labels" . | indent 4 }}
+ annotations:
+ {{- with .Values.service.customAnnotations }}
+ {{- range $key, $value := . }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+spec:
+ selector:
+ app: {{ template "crossplane.name" . }}
+ release: {{ .Release.Name }}
+ ports:
+ - protocol: TCP
+ port: 9443
+ targetPort: {{ .Values.webhooks.port | default 9443 }}
+{{- end }}
diff --git a/packs/crossplane-2.1.0/charts/crossplane/templates/serviceaccount.yaml b/packs/crossplane-2.1.0/charts/crossplane/templates/serviceaccount.yaml
new file mode 100644
index 00000000..e711adf8
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/templates/serviceaccount.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "crossplane.name" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "crossplane.name" . }}
+ {{- include "crossplane.labels" . | indent 4 }}
+ {{- with .Values.serviceAccount.customAnnotations }}
+ annotations: {{ toYaml . | nindent 4 }}
+ {{- end }}
+{{- with .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range $index, $secret := . }}
+- name: {{ $secret }}
+{{- end }}
+{{ end }}
+{{- end }}
\ No newline at end of file
diff --git a/packs/crossplane-2.1.0/charts/crossplane/values.yaml b/packs/crossplane-2.1.0/charts/crossplane/values.yaml
new file mode 100644
index 00000000..2f7afb91
--- /dev/null
+++ b/packs/crossplane-2.1.0/charts/crossplane/values.yaml
@@ -0,0 +1,215 @@
+# helm-docs renders these comments into markdown. Use markdown formatting where
+# appropiate.
+#
+# -- The number of Crossplane pod `replicas` to deploy.
+replicas: 1
+
+# -- The number of Crossplane ReplicaSets to retain.
+revisionHistoryLimit: null
+
+# -- The deployment strategy for the Crossplane and RBAC Manager pods.
+deploymentStrategy: RollingUpdate
+
+image:
+ # -- Repository for the Crossplane pod image.
+ repository: xpkg.crossplane.io/crossplane/crossplane
+ # -- The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`.
+ tag: ""
+ # -- The image pull policy used for Crossplane and RBAC Manager pods.
+ pullPolicy: IfNotPresent
+ # -- Do not use the {{ .image.tag }} value to compute the image uri.
+ ignoreTag: false
+
+# -- Add `nodeSelectors` to the Crossplane pod deployment.
+nodeSelector: {}
+# -- Add `tolerations` to the Crossplane pod deployment.
+tolerations: []
+# -- Add `affinities` to the Crossplane pod deployment.
+affinity: {}
+# -- Add `topologySpreadConstraints` to the Crossplane pod deployment.
+topologySpreadConstraints: []
+
+# -- Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`.
+hostNetwork: false
+
+# -- Specify the `dnsPolicy` to be used by the Crossplane pod.
+dnsPolicy: ""
+
+# -- Add custom `labels` to the Crossplane pod deployment.
+customLabels: {}
+
+# -- Add custom `annotations` to the Crossplane pod deployment.
+customAnnotations: {}
+
+serviceAccount:
+ # -- Specifies whether Crossplane ServiceAccount should be created
+ create: true
+ # -- Provide the name of an already created Crossplane ServiceAccount. Required when `serviceAccount.create` is `false`
+ name: ""
+ # -- Add custom `annotations` to the Crossplane ServiceAccount.
+ customAnnotations: {}
+
+# -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod.
+leaderElection: true
+# -- Add custom arguments to the Crossplane pod.
+args: []
+
+provider:
+ # -- A list of Provider packages to install.
+ packages: []
+ # -- Define entries for the default managed resource activation policy. If defined, a default MRAP will contain these activations.
+ defaultActivations: ["*"]
+
+configuration:
+ # -- A list of Configuration packages to install.
+ packages: []
+
+function:
+ # -- A list of Function packages to install
+ packages: []
+
+# -- The imagePullSecret names to add to the Crossplane ServiceAccount.
+imagePullSecrets: []
+
+registryCaBundleConfig:
+ # -- The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
+ name: ""
+ # -- The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
+ key: ""
+
+service:
+ # -- Configure annotations on the service object. Only enabled when webhooks.enabled = true
+ customAnnotations: {}
+
+webhooks:
+ # -- Enable webhooks for Crossplane and installed Provider packages.
+ enabled: true
+ # -- The port the webhook server listens on.
+ port: ""
+
+rbacManager:
+ # -- Deploy the RBAC Manager pod and its required roles.
+ deploy: true
+ # -- Don't install aggregated Crossplane ClusterRoles.
+ skipAggregatedClusterRoles: false
+ # -- The number of RBAC Manager pod `replicas` to deploy.
+ replicas: 1
+ # -- The number of RBAC Manager ReplicaSets to retain.
+ revisionHistoryLimit: null
+ # -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod.
+ leaderElection: true
+ # -- Add custom arguments to the RBAC Manager pod.
+ args: []
+ # -- Add `nodeSelectors` to the RBAC Manager pod deployment.
+ nodeSelector: {}
+ # -- Add `tolerations` to the RBAC Manager pod deployment.
+ tolerations: []
+ # -- Add `affinities` to the RBAC Manager pod deployment.
+ affinity: {}
+ # -- Add `topologySpreadConstraints` to the RBAC Manager pod deployment.
+ topologySpreadConstraints: []
+
+# -- The PriorityClass name to apply to the Crossplane and RBAC Manager pods.
+priorityClassName: ""
+
+# -- The runtimeClassName name to apply to the Crossplane and RBAC Manager pods.
+runtimeClassName: ""
+
+resourcesCrossplane:
+ limits:
+ # -- CPU resource limits for the Crossplane pod.
+ cpu: 500m
+ # -- Memory resource limits for the Crossplane pod.
+ memory: 1024Mi
+ requests:
+ # -- CPU resource requests for the Crossplane pod.
+ cpu: 100m
+ # -- Memory resource requests for the Crossplane pod.
+ memory: 256Mi
+
+securityContextCrossplane:
+ # -- The user ID used by the Crossplane pod.
+ runAsUser: 65532
+ # -- The group ID used by the Crossplane pod.
+ runAsGroup: 65532
+ # -- Enable `allowPrivilegeEscalation` for the Crossplane pod.
+ allowPrivilegeEscalation: false
+ # -- Set the Crossplane pod root file system as read-only.
+ readOnlyRootFilesystem: true
+
+packageCache:
+ # -- Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development.
+ medium: ""
+ # -- The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory.
+ sizeLimit: 20Mi
+ # -- The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume.
+ pvc: ""
+ # -- The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume.
+ configMap: ""
+
+functionCache:
+ # -- Set to `Memory` to hold the function cache in a RAM backed file system. Useful for Crossplane development.
+ medium: ""
+ # -- The size limit for the function cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory.
+ sizeLimit: 512Mi
+ # -- The name of a PersistentVolumeClaim to use as the function cache. Disables the default function cache `emptyDir` Volume.
+ pvc: ""
+
+resourcesRBACManager:
+ limits:
+ # -- CPU resource limits for the RBAC Manager pod.
+ cpu: 100m
+ # -- Memory resource limits for the RBAC Manager pod.
+ memory: 512Mi
+ requests:
+ # -- CPU resource requests for the RBAC Manager pod.
+ cpu: 100m
+ # -- Memory resource requests for the RBAC Manager pod.
+ memory: 256Mi
+
+securityContextRBACManager:
+ # -- The user ID used by the RBAC Manager pod.
+ runAsUser: 65532
+ # -- The group ID used by the RBAC Manager pod.
+ runAsGroup: 65532
+ # -- Enable `allowPrivilegeEscalation` for the RBAC Manager pod.
+ allowPrivilegeEscalation: false
+ # -- Set the RBAC Manager pod root file system as read-only.
+ readOnlyRootFilesystem: true
+
+metrics:
+ # -- Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods.
+ enabled: false
+ # -- The port the metrics server listens on.
+ port: ""
+
+readiness:
+ # -- The port the readyz server listens on.
+ port: ""
+
+# -- Add custom environmental variables to the Crossplane pod deployment init container.
+# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
+extraEnvVarsCrossplaneInit: {}
+
+# -- Add custom environmental variables to the Crossplane pod deployment application container.
+# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
+extraEnvVarsCrossplane: {}
+
+# -- Add custom environmental variables to the RBAC Manager pod deployment.
+# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
+extraEnvVarsRBACManager: {}
+
+# -- Add a custom `securityContext` to the Crossplane pod.
+podSecurityContextCrossplane: {}
+
+# -- Add a custom `securityContext` to the RBAC Manager pod.
+podSecurityContextRBACManager: {}
+
+# -- Add custom `volumes` to the Crossplane pod.
+extraVolumesCrossplane: {}
+
+# -- Add custom `volumeMounts` to the Crossplane pod.
+extraVolumeMountsCrossplane: {}
+
+# -- To add arbitrary Kubernetes Objects during a Helm Install
+extraObjects: []
diff --git a/packs/crossplane-2.1.0/logo.png b/packs/crossplane-2.1.0/logo.png
new file mode 100644
index 00000000..94280b87
Binary files /dev/null and b/packs/crossplane-2.1.0/logo.png differ
diff --git a/packs/crossplane-2.1.0/pack.json b/packs/crossplane-2.1.0/pack.json
new file mode 100644
index 00000000..3bff9b17
--- /dev/null
+++ b/packs/crossplane-2.1.0/pack.json
@@ -0,0 +1,38 @@
+{
+ "addonType": "system app",
+ "annotations": {
+ "source": "community",
+ "contributor" : "spectrocloud"
+ },
+ "cloudTypes": [
+ "all"
+ ],
+ "displayName": "Crossplane",
+ "charts": [
+ "charts/crossplane-2.1.0.tgz"
+ ],
+ "layer":"addon",
+ "name": "crossplane",
+ "version": "2.1.0",
+ "constraints": {
+ "dependencies": [
+ {
+ "packName": "kubernetes",
+ "layer": "k8s",
+ "minVersion": "1.27",
+ "maxVersion": "",
+ "type": "optional"
+ }
+ ],
+ "resources": [
+ {
+ "type": "cpu",
+ "minLimit": 100
+ },
+ {
+ "type": "memory",
+ "minLimit": 256
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/packs/crossplane-2.1.0/values.yaml b/packs/crossplane-2.1.0/values.yaml
new file mode 100644
index 00000000..43598f47
--- /dev/null
+++ b/packs/crossplane-2.1.0/values.yaml
@@ -0,0 +1,226 @@
+pack:
+ #The namespace (on the target cluster) to install this chart
+ #When not found, a new namespace will be created
+ namespace: "crossplane-system"
+ content:
+ images:
+ - image: xpkg.upbound.io/crossplane/crossplane:v2.1.0
+
+
+charts:
+ crossplane:
+ # helm-docs renders these comments into markdown. Use markdown formatting where
+ # appropiate.
+ #
+ # -- The number of Crossplane pod `replicas` to deploy.
+ replicas: 1
+
+ # -- The number of Crossplane ReplicaSets to retain.
+ revisionHistoryLimit: null
+
+ # -- The deployment strategy for the Crossplane and RBAC Manager pods.
+ deploymentStrategy: RollingUpdate
+
+ image:
+ # -- Repository for the Crossplane pod image.
+ repository: xpkg.crossplane.io/crossplane/crossplane
+ # -- The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`.
+ tag: ""
+ # -- The image pull policy used for Crossplane and RBAC Manager pods.
+ pullPolicy: IfNotPresent
+ # -- Do not use the {{ .image.tag }} value to compute the image uri.
+ ignoreTag: false
+
+ # -- Add `nodeSelectors` to the Crossplane pod deployment.
+ nodeSelector: {}
+ # -- Add `tolerations` to the Crossplane pod deployment.
+ tolerations: []
+ # -- Add `affinities` to the Crossplane pod deployment.
+ affinity: {}
+ # -- Add `topologySpreadConstraints` to the Crossplane pod deployment.
+ topologySpreadConstraints: []
+
+ # -- Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`.
+ hostNetwork: false
+
+ # -- Specify the `dnsPolicy` to be used by the Crossplane pod.
+ dnsPolicy: ""
+
+ # -- Add custom `labels` to the Crossplane pod deployment.
+ customLabels: {}
+
+ # -- Add custom `annotations` to the Crossplane pod deployment.
+ customAnnotations: {}
+
+ serviceAccount:
+ # -- Specifies whether Crossplane ServiceAccount should be created
+ create: true
+ # -- Provide the name of an already created Crossplane ServiceAccount. Required when `serviceAccount.create` is `false`
+ name: ""
+ # -- Add custom `annotations` to the Crossplane ServiceAccount.
+ customAnnotations: {}
+
+ # -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod.
+ leaderElection: true
+ # -- Add custom arguments to the Crossplane pod.
+ args: []
+
+ provider:
+ # -- A list of Provider packages to install.
+ packages: []
+ # -- Define entries for the default managed resource activation policy. If defined, a default MRAP will contain these activations.
+ defaultActivations: ["*"]
+
+ configuration:
+ # -- A list of Configuration packages to install.
+ packages: []
+
+ function:
+ # -- A list of Function packages to install
+ packages: []
+
+ # -- The imagePullSecret names to add to the Crossplane ServiceAccount.
+ imagePullSecrets: []
+
+ registryCaBundleConfig:
+ # -- The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
+ name: ""
+ # -- The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
+ key: ""
+
+ service:
+ # -- Configure annotations on the service object. Only enabled when webhooks.enabled = true
+ customAnnotations: {}
+
+ webhooks:
+ # -- Enable webhooks for Crossplane and installed Provider packages.
+ enabled: true
+ # -- The port the webhook server listens on.
+ port: ""
+
+ rbacManager:
+ # -- Deploy the RBAC Manager pod and its required roles.
+ deploy: true
+ # -- Don't install aggregated Crossplane ClusterRoles.
+ skipAggregatedClusterRoles: false
+ # -- The number of RBAC Manager pod `replicas` to deploy.
+ replicas: 1
+ # -- The number of RBAC Manager ReplicaSets to retain.
+ revisionHistoryLimit: null
+ # -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod.
+ leaderElection: true
+ # -- Add custom arguments to the RBAC Manager pod.
+ args: []
+ # -- Add `nodeSelectors` to the RBAC Manager pod deployment.
+ nodeSelector: {}
+ # -- Add `tolerations` to the RBAC Manager pod deployment.
+ tolerations: []
+ # -- Add `affinities` to the RBAC Manager pod deployment.
+ affinity: {}
+ # -- Add `topologySpreadConstraints` to the RBAC Manager pod deployment.
+ topologySpreadConstraints: []
+
+ # -- The PriorityClass name to apply to the Crossplane and RBAC Manager pods.
+ priorityClassName: ""
+
+ # -- The runtimeClassName name to apply to the Crossplane and RBAC Manager pods.
+ runtimeClassName: ""
+
+ resourcesCrossplane:
+ limits:
+ # -- CPU resource limits for the Crossplane pod.
+ cpu: 500m
+ # -- Memory resource limits for the Crossplane pod.
+ memory: 1024Mi
+ requests:
+ # -- CPU resource requests for the Crossplane pod.
+ cpu: 100m
+ # -- Memory resource requests for the Crossplane pod.
+ memory: 256Mi
+
+ securityContextCrossplane:
+ # -- The user ID used by the Crossplane pod.
+ runAsUser: 65532
+ # -- The group ID used by the Crossplane pod.
+ runAsGroup: 65532
+ # -- Enable `allowPrivilegeEscalation` for the Crossplane pod.
+ allowPrivilegeEscalation: false
+ # -- Set the Crossplane pod root file system as read-only.
+ readOnlyRootFilesystem: true
+
+ packageCache:
+ # -- Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development.
+ medium: ""
+ # -- The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory.
+ sizeLimit: 20Mi
+ # -- The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume.
+ pvc: ""
+ # -- The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume.
+ configMap: ""
+
+ functionCache:
+ # -- Set to `Memory` to hold the function cache in a RAM backed file system. Useful for Crossplane development.
+ medium: ""
+ # -- The size limit for the function cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory.
+ sizeLimit: 512Mi
+ # -- The name of a PersistentVolumeClaim to use as the function cache. Disables the default function cache `emptyDir` Volume.
+ pvc: ""
+
+ resourcesRBACManager:
+ limits:
+ # -- CPU resource limits for the RBAC Manager pod.
+ cpu: 100m
+ # -- Memory resource limits for the RBAC Manager pod.
+ memory: 512Mi
+ requests:
+ # -- CPU resource requests for the RBAC Manager pod.
+ cpu: 100m
+ # -- Memory resource requests for the RBAC Manager pod.
+ memory: 256Mi
+
+ securityContextRBACManager:
+ # -- The user ID used by the RBAC Manager pod.
+ runAsUser: 65532
+ # -- The group ID used by the RBAC Manager pod.
+ runAsGroup: 65532
+ # -- Enable `allowPrivilegeEscalation` for the RBAC Manager pod.
+ allowPrivilegeEscalation: false
+ # -- Set the RBAC Manager pod root file system as read-only.
+ readOnlyRootFilesystem: true
+
+ metrics:
+ # -- Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods.
+ enabled: false
+ # -- The port the metrics server listens on.
+ port: ""
+
+ readiness:
+ # -- The port the readyz server listens on.
+ port: ""
+
+ # -- Add custom environmental variables to the Crossplane pod deployment init container.
+ # Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
+ extraEnvVarsCrossplaneInit: {}
+
+ # -- Add custom environmental variables to the Crossplane pod deployment application container.
+ # Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
+ extraEnvVarsCrossplane: {}
+
+ # -- Add custom environmental variables to the RBAC Manager pod deployment.
+ # Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
+ extraEnvVarsRBACManager: {}
+
+ # -- Add a custom `securityContext` to the Crossplane pod.
+ podSecurityContextCrossplane: {}
+
+ # -- Add a custom `securityContext` to the RBAC Manager pod.
+ podSecurityContextRBACManager: {}
+
+ # -- Add custom `volumes` to the Crossplane pod.
+ extraVolumesCrossplane: {}
+
+ # -- Add custom `volumeMounts` to the Crossplane pod.
+ extraVolumeMountsCrossplane: {}
+
+ # -- To add arbitrary Kubernetes Objects during a Helm Install
+ extraObjects: []
diff --git a/packs/elastic-operator-3.1.0/README.md b/packs/elastic-operator-3.1.0/README.md
new file mode 100644
index 00000000..df41d6c2
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/README.md
@@ -0,0 +1,43 @@
+# Elastic Cloud on Kubernetes (ECK)
+
+Elastic Cloud on Kubernetes automates the deployment, provisioning, management, and orchestration of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes based on the operator pattern.
+
+Current features:
+
+* Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats deployments
+* TLS Certificates management
+* Safe Elasticsearch cluster configuration & topology changes
+* Persistent volumes usage
+* Custom node configuration and attributes
+* Secure settings keystore updates
+
+Supported versions:
+
+* Kubernetes 1.25-1.29
+* Elasticsearch, Kibana, APM Server: 6.8+, 7.1+, 8+, 9+
+* Enterprise Search: 7.7+, 8+, 9+
+* Beats: 7.0+, 8+, 9+
+* Elastic Agent: 7.10+ (standalone), 7.14+, 8+ (Fleet), 9+
+* Elastic Maps Server: 7.11+, 8+, 9+
+* Logstash 8.7+
+
+Check the [Quickstart](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html) to deploy your first cluster with ECK.
+
+For general questions, please see the Elastic [forums](https://discuss.elastic.co/c/eck).
+
+# ECK Operator Helm Chart
+
+A Helm chart to install the ECK Operator: the official Kubernetes operator from Elastic to orchestrate Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats on Kubernetes.
+
+For more information about the ECK Operator, see:
+- [Documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html)
+- [GitHub repo](https://github.com/elastic/cloud-on-k8s)
+
+
+## Requirements
+
+- Supported Kubernetes versions are listed in the documentation: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_supported_versions.html
+
+## Usage
+
+Refer to the documentation at https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html
\ No newline at end of file
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator-3.1.0.tgz b/packs/elastic-operator-3.1.0/charts/eck-operator-3.1.0.tgz
new file mode 100644
index 00000000..d9ba22e7
Binary files /dev/null and b/packs/elastic-operator-3.1.0/charts/eck-operator-3.1.0.tgz differ
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/.helmignore b/packs/elastic-operator-3.1.0/charts/eck-operator/.helmignore
new file mode 100644
index 00000000..f5e0fb21
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
\ No newline at end of file
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/Chart.lock b/packs/elastic-operator-3.1.0/charts/eck-operator/Chart.lock
new file mode 100644
index 00000000..3e9cb697
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: eck-operator-crds
+ repository: ""
+ version: 3.1.0
+digest: sha256:7b40c48f3d26ae73c9fdbe64ce317725163835daa4c9088c672cede8ce0533a7
+generated: "2025-07-29T10:07:16.105064916Z"
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/Chart.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/Chart.yaml
new file mode 100644
index 00000000..a684fd8e
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/Chart.yaml
@@ -0,0 +1,26 @@
+apiVersion: v2
+appVersion: 3.1.0
+dependencies:
+- condition: installCRDs
+ name: eck-operator-crds
+ repository: ""
+ version: 3.1.0
+description: Elastic Cloud on Kubernetes (ECK) operator
+home: https://github.com/elastic/cloud-on-k8s
+icon: https://helm.elastic.co/icons/eck.png
+keywords:
+- Logstash
+- Elasticsearch
+- Kibana
+- APM Server
+- Beats
+- Enterprise Search
+- Elastic Stack
+- Operator
+kubeVersion: '>=1.21.0-0'
+maintainers:
+- email: eck@elastic.co
+ name: Elastic
+name: eck-operator
+type: application
+version: 3.1.0
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/LICENSE b/packs/elastic-operator-3.1.0/charts/eck-operator/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/README.md b/packs/elastic-operator-3.1.0/charts/eck-operator/README.md
new file mode 100644
index 00000000..86452e3d
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/README.md
@@ -0,0 +1,20 @@
+# ECK Operator Helm Chart
+
+[](https://artifacthub.io/packages/helm/elastic/eck-operator)
+
+A Helm chart to install the ECK Operator: the official Kubernetes operator from Elastic to orchestrate Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats on Kubernetes.
+
+For more information about the ECK Operator, see:
+- [Documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html)
+- [GitHub repo](https://github.com/elastic/cloud-on-k8s)
+
+
+## Requirements
+
+- Supported Kubernetes versions are listed in the documentation: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_supported_versions.html
+- Helm >= 3.2.0
+
+
+## Usage
+
+Refer to the documentation at https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/.helmignore b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/Chart.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/Chart.yaml
new file mode 100644
index 00000000..22e2bae6
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v2
+appVersion: 3.1.0
+description: ECK operator Custom Resource Definitions
+home: https://github.com/elastic/cloud-on-k8s
+icon: https://helm.elastic.co/icons/eck.png
+keywords:
+- Logstash
+- Elasticsearch
+- Kibana
+- APM Server
+- Beats
+- Enterprise Search
+- Elastic Stack
+- Operator
+kubeVersion: '>=1.21.0-0'
+maintainers:
+- email: eck@elastic.co
+ name: Elastic
+name: eck-operator-crds
+type: application
+version: 3.1.0
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/README.md b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/README.md
new file mode 100644
index 00000000..698d6dd4
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/README.md
@@ -0,0 +1,16 @@
+# ECK Operator CRDs Helm Chart
+
+[](https://artifacthub.io/packages/helm/elastic/eck-operator-crds)
+
+A Helm chart to install the Kubernetes Custom Resource Definitions (CRD) required by the ECK Operator: the official Kubernetes operator from Elastic to orchestrate Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats on Kubernetes. This chart is usually automatically installed by the [ECK Operator Helm Chart](https://artifacthub.io/packages/helm/elastic/eck-operator) when installed using the default settings. Refer to the [installation documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html) for more information.
+
+
+## Requirements
+
+- Supported Kubernetes versions are listed in the documentation: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_supported_versions.html
+- Helm >= 3.2.0
+
+
+## Usage
+
+Refer to the documentation at https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/templates/NOTES.txt b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/templates/NOTES.txt
new file mode 100644
index 00000000..1478c82b
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/templates/NOTES.txt
@@ -0,0 +1 @@
+ECK Custom Resource Definitions installed.
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/templates/_helpers.tpl b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/templates/_helpers.tpl
new file mode 100644
index 00000000..548f1bc6
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "eck-operator-crds.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "eck-operator-crds.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "eck-operator-crds.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "eck-operator-crds.labels" -}}
+helm.sh/chart: {{ include "eck-operator-crds.chart" . }}
+{{ include "eck-operator-crds.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "eck-operator-crds.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "eck-operator-crds.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Determine effective Kubernetes version
+*/}}
+{{- define "eck-operator-crds.effectiveKubeVersion" -}}
+{{- if .Values.global.manifestGen -}}
+{{- semver .Values.global.kubeVersion -}}
+{{- else -}}
+{{- .Capabilities.KubeVersion.Version -}}
+{{- end -}}
+{{- end -}}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml
new file mode 100644
index 00000000..f394c613
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml
@@ -0,0 +1,10710 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.18.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: agents.agent.k8s.elastic.co
+spec:
+ group: agent.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Agent
+ listKind: AgentList
+ plural: agents
+ shortNames:
+ - agent
+ singular: agent
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: available
+ type: integer
+ - description: Expected nodes
+ jsonPath: .status.expectedNodes
+ name: expected
+ type: integer
+ - description: Agent version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Agent is the Schema for the Agents API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AgentSpec defines the desired state of the Agent
+ properties:
+ config:
+ description: Config holds the Agent configuration. At most one of
+ [`Config`, `ConfigRef`] can be specified.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Agent configuration.
+ Agent settings must be specified as yaml, under a single "agent.yml" entry. At most one of [`Config`, `ConfigRef`]
+ can be specified.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ daemonSet:
+ description: |-
+ DaemonSet specifies the Agent should be deployed as a DaemonSet, and allows providing its spec.
+ Cannot be used along with `deployment` or `statefulSet`.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have
+ when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ updateStrategy:
+ description: DaemonSetUpdateStrategy is a struct used to control
+ the update strategy for a DaemonSet.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if
+ type = "RollingUpdate".
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of nodes with an existing available DaemonSet pod that
+ can have an updated DaemonSet pod during during an update.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up to a minimum of 1.
+ Default value is 0.
+ Example: when this is set to 30%, at most 30% of the total number of nodes
+ that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+ can have their a new pod created before the old pod is marked as deleted.
+ The update starts by launching new pods on 30% of nodes. Once an updated
+ pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
+ on that node is marked deleted. If the old pod becomes unavailable for any
+ reason (Ready transitions to false, is evicted, or is drained) an updated
+ pod is immediatedly created on that node without considering surge limits.
+ Allowing surge implies the possibility that the resources consumed by the
+ daemonset on any given node can double if the readiness check fails, and
+ so resource intensive daemonsets should take into account that they may
+ cause evictions during disruption.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of DaemonSet pods that can be unavailable during the
+ update. Value can be an absolute number (ex: 5) or a percentage of total
+ number of DaemonSet pods at the start of the update (ex: 10%). Absolute
+ number is calculated from percentage by rounding up.
+ This cannot be 0 if MaxSurge is 0
+ Default value is 1.
+ Example: when this is set to 30%, at most 30% of the total number of nodes
+ that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+ can have their pods stopped for an update at any given time. The update
+ starts by stopping at most 30% of those DaemonSet pods and then brings
+ up new DaemonSet pods in their place. Once the new pods are available,
+ it then proceeds onto other DaemonSet pods, thus ensuring that at least
+ 70% of original number of DaemonSet pods are available at all times during
+ the update.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of daemon set update. Can be "RollingUpdate"
+ or "OnDelete". Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ deployment:
+ description: |-
+ Deployment specifies the Agent should be deployed as a Deployment, and allows providing its spec.
+ Cannot be used along with `daemonSet` or `statefulSet`.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have
+ when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ replicas:
+ format: int32
+ type: integer
+ strategy:
+ description: DeploymentStrategy describes how to replace existing
+ pods with new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if DeploymentStrategyType =
+ RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be scheduled above the desired number of
+ pods.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up.
+ Defaults to 25%.
+ Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
+ the rolling update starts, such that the total number of old and new pods do not exceed
+ 130% of desired pods. Once old pods have been killed,
+ new ReplicaSet can be scaled up further, ensuring that total number of pods running
+ at any time during the update is at most 130% of desired pods.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ Absolute number is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0.
+ Defaults to 25%.
+ Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
+ immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
+ can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
+ that the total number of pods available at all times during the update is at
+ least 70% of desired pods.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Can be "Recreate" or "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single ES cluster is currently supported.
+ items:
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ outputName:
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ fleetServerEnabled:
+ description: FleetServerEnabled determines whether this Agent will
+ launch Fleet Server. Don't set unless `mode` is set to `fleet`.
+ type: boolean
+ fleetServerRef:
+ description: |-
+ FleetServerRef is a reference to Fleet Server that this Agent should connect to to obtain it's configuration.
+ Don't set unless `mode` is set to `fleet`.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for the Agent
+ in Fleet mode with Fleet Server enabled.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Agent Docker image to deploy. Version has
+ to match the Agent in the image.
+ type: string
+ kibanaRef:
+ description: |-
+ KibanaRef is a reference to Kibana where Fleet should be set up and this Agent should be enrolled. Don't set
+ unless `mode` is set to `fleet`.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ mode:
+ description: |-
+ Mode specifies the runtime mode for the Agent. The configuration can be specified locally through
+ `config` or `configRef` (`standalone` mode), or come from Fleet during runtime (`fleet` mode). Starting with
+ version 8.13.0 Fleet-managed agents support advanced configuration via a local configuration file.
+ See https://www.elastic.co/docs/reference/fleet/advanced-kubernetes-managed-by-fleet
+ Defaults to `standalone` mode.
+ enum:
+ - standalone
+ - fleet
+ type: string
+ policyID:
+ description: |-
+ PolicyID determines into which Agent Policy this Agent will be enrolled.
+ This field will become mandatory in a future release, default policies are deprecated since 8.1.0.
+ type: string
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying DaemonSet or Deployment or StatefulSet.
+ format: int32
+ type: integer
+ secureSettings:
+ description: |-
+ SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Agent.
+ Secrets data can be then referenced in the Agent config using the Secret's keys or as specified in `Entries` field of
+ each SecureSetting.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to an Elasticsearch resource in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ statefulSet:
+ description: |-
+ StatefulSet specifies the Agent should be deployed as a StatefulSet, and allows providing its spec.
+ Cannot be used along with `daemonSet` or `deployment`.
+ properties:
+ podManagementPolicy:
+ default: Parallel
+ description: |-
+ PodManagementPolicy controls how pods are created during initial scale up,
+ when replacing pods on nodes, or when scaling down. The default policy is
+ `Parallel`, where pods are created in parallel to match the desired scale
+ without waiting, and on scale down will delete all pods at once.
+ The alternative policy is `OrderedReady`, the default for vanilla kubernetes
+ StatefulSets, where pods are created in increasing order in increasing order
+ (pod-0, then pod-1, etc.) and the controller will wait until each pod is ready before
+ continuing. When scaling down, the pods are removed in the opposite order.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have
+ when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ replicas:
+ format: int32
+ type: integer
+ serviceName:
+ type: string
+ volumeClaimTemplates:
+ description: |-
+ VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod.
+ Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate.
+ Items defined here take precedence over any default claims added by the operator with the same name.
+ items:
+ description: PersistentVolumeClaim is a user's request for and
+ claim to a persistent volume
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ spec defines the desired characteristics of a volume requested by a pod author.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to
+ the PersistentVolume backing this claim.
+ type: string
+ type: object
+ type: object
+ type: array
+ type: object
+ version:
+ description: Version of the Agent.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: AgentStatus defines the observed state of the Agent
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ elasticsearchAssociationsStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: |-
+ AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that
+ have a single Association of a given type (for ex. single ES reference), this map contains a single entry.
+ type: object
+ expectedNodes:
+ format: int32
+ type: integer
+ fleetServerAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ health:
+ type: string
+ kibanaAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the most recent generation observed for this Elastic Agent.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Elastic
+ Agent controller has not yet processed the changes contained in the Elastic Agent specification.
+ format: int64
+ type: integer
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.18.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: apmservers.apm.k8s.elastic.co
+spec:
+ group: apm.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: ApmServer
+ listKind: ApmServerList
+ plural: apmservers
+ shortNames:
+ - apm
+ singular: apmserver
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: APM version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: ApmServer represents an APM Server resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ApmServerSpec holds the specification of an APM Server.
+ properties:
+ config:
+ description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of APM Server instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the output Elasticsearch
+ cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for the APM Server
+ resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the APM Server Docker image to deploy.
+ type: string
+ kibanaRef:
+ description: |-
+ KibanaRef is a reference to a Kibana instance running in the same Kubernetes cluster.
+ It allows APM agent central configuration management in Kibana.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the APM Server
+ pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for APM Server.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of the APM Server.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: ApmServerStatus defines the observed state of ApmServer
+ properties:
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in
+ the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is
+ the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ elasticsearchAssociationStatus:
+ description: ElasticsearchAssociationStatus is the status of any auto-linking
+ to Elasticsearch clusters.
+ type: string
+ health:
+ description: Health of the deployment.
+ type: string
+ kibanaAssociationStatus:
+ description: KibanaAssociationStatus is the status of any auto-linking
+ to Kibana.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the status is based upon.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the APM Server
+ controller has not yet processed the changes contained in the APM Server specification.
+ format: int64
+ type: integer
+ secretTokenSecret:
+ description: SecretTokenSecretName is the name of the Secret that
+ contains the secret token
+ type: string
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ service:
+ description: ExternalService is the name of the service the agents
+ should connect to.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: APM version
+ jsonPath: .spec.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ApmServer represents an APM Server resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ApmServerSpec holds the specification of an APM Server.
+ properties:
+ config:
+ description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of APM Server instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the output Elasticsearch
+ cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for the APM Server
+ resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the APM Server Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the APM Server
+ pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for APM Server.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ version:
+ description: Version of the APM Server.
+ type: string
+ type: object
+ status:
+ description: ApmServerStatus defines the observed state of ApmServer
+ properties:
+ associationStatus:
+ description: Association is the status of any auto-linking to Elasticsearch
+ clusters.
+ type: string
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: ApmServerHealth expresses the status of the Apm Server
+ instances.
+ type: string
+ secretTokenSecret:
+ description: SecretTokenSecretName is the name of the Secret that
+ contains the secret token
+ type: string
+ service:
+ description: ExternalService is the name of the service the agents
+ should connect to.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: to not break compatibility when upgrading from previous versions
+ of the CRD
+ type: object
+ served: false
+ storage: false
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.18.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: beats.beat.k8s.elastic.co
+spec:
+ group: beat.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Beat
+ listKind: BeatList
+ plural: beats
+ shortNames:
+ - beat
+ singular: beat
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: available
+ type: integer
+ - description: Expected nodes
+ jsonPath: .status.expectedNodes
+ name: expected
+ type: integer
+ - description: Beat type
+ jsonPath: .spec.type
+ name: type
+ type: string
+ - description: Beat version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Beat is the Schema for the Beats API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BeatSpec defines the desired state of a Beat.
+ properties:
+ config:
+ description: Config holds the Beat configuration. At most one of [`Config`,
+ `ConfigRef`] can be specified.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Beat configuration.
+ Beat settings must be specified as yaml, under a single "beat.yml" entry. At most one of [`Config`, `ConfigRef`]
+ can be specified.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ daemonSet:
+ description: |-
+ DaemonSet specifies the Beat should be deployed as a DaemonSet, and allows providing its spec.
+ Cannot be used along with `deployment`. If both are absent a default for the Type is used.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have
+ when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ updateStrategy:
+ description: DaemonSetUpdateStrategy is a struct used to control
+ the update strategy for a DaemonSet.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if
+ type = "RollingUpdate".
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of nodes with an existing available DaemonSet pod that
+ can have an updated DaemonSet pod during during an update.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up to a minimum of 1.
+ Default value is 0.
+ Example: when this is set to 30%, at most 30% of the total number of nodes
+ that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+ can have their a new pod created before the old pod is marked as deleted.
+ The update starts by launching new pods on 30% of nodes. Once an updated
+ pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
+ on that node is marked deleted. If the old pod becomes unavailable for any
+ reason (Ready transitions to false, is evicted, or is drained) an updated
+ pod is immediatedly created on that node without considering surge limits.
+ Allowing surge implies the possibility that the resources consumed by the
+ daemonset on any given node can double if the readiness check fails, and
+ so resource intensive daemonsets should take into account that they may
+ cause evictions during disruption.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of DaemonSet pods that can be unavailable during the
+ update. Value can be an absolute number (ex: 5) or a percentage of total
+ number of DaemonSet pods at the start of the update (ex: 10%). Absolute
+ number is calculated from percentage by rounding up.
+ This cannot be 0 if MaxSurge is 0
+ Default value is 1.
+ Example: when this is set to 30%, at most 30% of the total number of nodes
+ that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+ can have their pods stopped for an update at any given time. The update
+ starts by stopping at most 30% of those DaemonSet pods and then brings
+ up new DaemonSet pods in their place. Once the new pods are available,
+ it then proceeds onto other DaemonSet pods, thus ensuring that at least
+ 70% of original number of DaemonSet pods are available at all times during
+ the update.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of daemon set update. Can be "RollingUpdate"
+ or "OnDelete". Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ deployment:
+ description: |-
+ Deployment specifies the Beat should be deployed as a Deployment, and allows providing its spec.
+ Cannot be used along with `daemonSet`. If both are absent a default for the Type is used.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have
+ when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ replicas:
+ format: int32
+ type: integer
+ strategy:
+ description: DeploymentStrategy describes how to replace existing
+ pods with new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if DeploymentStrategyType =
+ RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be scheduled above the desired number of
+ pods.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up.
+ Defaults to 25%.
+ Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
+ the rolling update starts, such that the total number of old and new pods do not exceed
+ 130% of desired pods. Once old pods have been killed,
+ new ReplicaSet can be scaled up further, ensuring that total number of pods running
+ at any time during the update is at most 130% of desired pods.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ Absolute number is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0.
+ Defaults to 25%.
+ Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
+ immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
+ can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
+ that the total number of pods available at all times during the update is at
+ least 70% of desired pods.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Can be "Recreate" or "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ image:
+ description: Image is the Beat Docker image to deploy. Version and
+ Type have to match the Beat in the image.
+ type: string
+ kibanaRef:
+ description: |-
+ KibanaRef is a reference to a Kibana instance running in the same Kubernetes cluster.
+ It allows automatic setup of dashboards and visualizations.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ monitoring:
+ description: |-
+ Monitoring enables you to collect and ship logs and metrics for this Beat.
+ Metricbeat and/or Filebeat sidecars are configured and send monitoring data to an
+ Elasticsearch monitoring cluster running in the same Kubernetes cluster.
+ properties:
+ logs:
+ description: Logs holds references to Elasticsearch clusters which
+ receive log data from an associated resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ metrics:
+ description: Metrics holds references to Elasticsearch clusters
+ which receive monitoring data from this resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying DaemonSet or Deployment.
+ format: int32
+ type: integer
+ secureSettings:
+ description: |-
+ SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Beat.
+ Secrets data can be then referenced in the Beat config using the Secret's keys or as specified in `Entries` field of
+ each SecureSetting.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to Elasticsearch resource in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ type:
+ description: |-
+ Type is the type of the Beat to deploy (filebeat, metricbeat, heartbeat, auditbeat, journalbeat, packetbeat, and so on).
+ Any string can be used, but well-known types will have the image field defaulted and have the appropriate
+ Elasticsearch roles created automatically. It also allows for dashboard setup when combined with a `KibanaRef`.
+ maxLength: 20
+ pattern: '[a-zA-Z0-9-]+'
+ type: string
+ version:
+ description: Version of the Beat.
+ type: string
+ required:
+ - type
+ - version
+ type: object
+ status:
+ description: BeatStatus defines the observed state of a Beat.
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ elasticsearchAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ expectedNodes:
+ format: int32
+ type: integer
+ health:
+ type: string
+ kibanaAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ monitoringAssociationStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: |-
+ AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that
+ have a single Association of a given type (for ex. single ES reference), this map contains a single entry.
+ type: object
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the status is based upon.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Beats
+ controller has not yet processed the changes contained in the Beats specification.
+ format: int64
+ type: integer
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.18.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: elasticmapsservers.maps.k8s.elastic.co
+spec:
+ group: maps.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: ElasticMapsServer
+ listKind: ElasticMapsServerList
+ plural: elasticmapsservers
+ shortNames:
+ - ems
+ singular: elasticmapsserver
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: ElasticMapsServer version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ElasticMapsServer represents an Elastic Map Server resource in
+ a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MapsSpec holds the specification of an Elastic Maps Server
+ instance.
+ properties:
+ config:
+ description: 'Config holds the ElasticMapsServer configuration. See:
+ https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Elastic Maps Server configuration.
+ Configuration settings are merged and have precedence over settings specified in `config`.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ description: Count of Elastic Maps Server instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Elastic Maps
+ Server.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Elastic Maps Server Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the Elastic Maps
+ Server pods
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Elastic Maps Server.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: MapsStatus defines the observed state of Elastic Maps Server
+ properties:
+ associationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in
+ the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is
+ the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ health:
+ description: Health of the deployment.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the most recent generation observed for this Elastic Maps Server.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Elastic
+ Maps controller has not yet processed the changes contained in the Elastic Maps specification.
+ format: int64
+ type: integer
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.18.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: elasticsearchautoscalers.autoscaling.k8s.elastic.co
+spec:
+ group: autoscaling.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: ElasticsearchAutoscaler
+ listKind: ElasticsearchAutoscalerList
+ plural: elasticsearchautoscalers
+ shortNames:
+ - esa
+ singular: elasticsearchautoscaler
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.elasticsearchRef.name
+ name: Target
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Active')].status
+ name: Active
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ name: Healthy
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Limited')].status
+ name: Limited
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ElasticsearchAutoscaler represents an ElasticsearchAutoscaler
+ resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ElasticsearchAutoscalerSpec holds the specification of an
+ Elasticsearch autoscaler resource.
+ properties:
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ that exists in the same namespace.
+ properties:
+ name:
+ description: Name is the name of the Elasticsearch resource to
+ scale automatically.
+ minLength: 1
+ type: string
+ type: object
+ policies:
+ items:
+ description: AutoscalingPolicySpec holds a named autoscaling policy
+ and the associated resources limits (cpu, memory, storage).
+ properties:
+ deciders:
+ additionalProperties:
+ additionalProperties:
+ type: string
+ description: |-
+ DeciderSettings allow the user to tweak autoscaling deciders.
+ The map data structure complies with the format expected by Elasticsearch.
+ type: object
+ description: Deciders allow the user to override default settings
+ for autoscaling deciders.
+ type: object
+ name:
+ description: Name identifies the autoscaling policy in the autoscaling
+ specification.
+ type: string
+ resources:
+ description: |-
+ AutoscalingResources model the limits, submitted by the user, for the supported resources in an autoscaling policy.
+ Only the node count range is mandatory. For other resources, a limit range is required only
+ if the Elasticsearch autoscaling capacity API returns a requirement for a given resource.
+ For example, the memory limit range is only required if the autoscaling API response contains a memory requirement.
+ If there is no limit range for a resource, and if that resource is not mandatory, then the resources in the NodeSets
+ managed by the autoscaling policy are left untouched.
+ properties:
+ cpu:
+ description: QuantityRange models a resource limit range
+ for resources which can be expressed with resource.Quantity.
+ properties:
+ max:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Max represents the upper limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ min:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Min represents the lower limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ requestsToLimitsRatio:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RequestsToLimitsRatio allows to customize
+ Kubernetes resource Limit based on the Request.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - max
+ - min
+ type: object
+ memory:
+ description: QuantityRange models a resource limit range
+ for resources which can be expressed with resource.Quantity.
+ properties:
+ max:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Max represents the upper limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ min:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Min represents the lower limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ requestsToLimitsRatio:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RequestsToLimitsRatio allows to customize
+ Kubernetes resource Limit based on the Request.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - max
+ - min
+ type: object
+ nodeCount:
+ description: NodeCountRange is used to model the minimum
+ and the maximum number of nodes over all the NodeSets
+ managed by the same autoscaling policy.
+ properties:
+ max:
+ description: Max represents the maximum number of nodes
+ in a tier.
+ format: int32
+ type: integer
+ min:
+ description: Min represents the minimum number of nodes
+ in a tier.
+ format: int32
+ type: integer
+ required:
+ - max
+ - min
+ type: object
+ storage:
+ description: QuantityRange models a resource limit range
+ for resources which can be expressed with resource.Quantity.
+ properties:
+ max:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Max represents the upper limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ min:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Min represents the lower limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ requestsToLimitsRatio:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RequestsToLimitsRatio allows to customize
+ Kubernetes resource Limit based on the Request.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - max
+ - min
+ type: object
+ required:
+ - nodeCount
+ type: object
+ roles:
+ description: An autoscaling policy must target a unique set
+ of roles.
+ items:
+ type: string
+ type: array
+ required:
+ - resources
+ type: object
+ type: array
+ pollingPeriod:
+ description: PollingPeriod is the period at which to synchronize with
+ the Elasticsearch autoscaling API.
+ type: string
+ required:
+ - elasticsearchRef
+ - policies
+ type: object
+ status:
+ properties:
+ conditions:
+ description: Conditions holds the current service state of the autoscaling
+ controller.
+ items:
+ description: |-
+ Condition represents Elasticsearch resource's condition.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ status:
+ type: string
+ type:
+ description: ConditionType defines the condition of an Elasticsearch
+ resource.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation by
+ the controller.
+ format: int64
+ type: integer
+ policies:
+ description: AutoscalingPolicyStatuses is used to expose state messages
+ to user or external system.
+ items:
+ properties:
+ lastModificationTime:
+ description: LastModificationTime is the last time the resources
+ have been updated, used by the cooldown algorithm.
+ format: date-time
+ type: string
+ name:
+ description: Name is the name of the autoscaling policy
+ type: string
+ nodeSets:
+ description: NodeSetNodeCount holds the number of nodes for
+ each nodeSet.
+ items:
+ description: NodeSetNodeCount models the number of nodes expected
+ in a given NodeSet.
+ properties:
+ name:
+ description: Name of the Nodeset.
+ type: string
+ nodeCount:
+ description: NodeCount is the number of nodes, as computed
+ by the autoscaler, expected in this NodeSet.
+ format: int32
+ type: integer
+ required:
+ - name
+ - nodeCount
+ type: object
+ type: array
+ resources:
+ description: |-
+ ResourcesSpecification holds the resource values common to all the nodeSets managed by a same autoscaling policy.
+ Only the resources managed by the autoscaling controller are saved in the Status.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: ResourceList is a set of (resource name, quantity)
+ pairs.
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: ResourceList is a set of (resource name, quantity)
+ pairs.
+ type: object
+ type: object
+ state:
+ description: PolicyStates may contain various messages regarding
+ the current state of this autoscaling policy.
+ items:
+ properties:
+ messages:
+ items:
+ type: string
+ type: array
+ type:
+ type: string
+ required:
+ - messages
+ - type
+ type: object
+ type: array
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.18.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: elasticsearches.elasticsearch.k8s.elastic.co
+spec:
+ group: elasticsearch.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Elasticsearch
+ listKind: ElasticsearchList
+ plural: elasticsearches
+ shortNames:
+ - es
+ singular: elasticsearch
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Elasticsearch version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .status.phase
+ name: phase
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Elasticsearch represents an Elasticsearch resource in a Kubernetes
+ cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ElasticsearchSpec holds the specification of an Elasticsearch
+ cluster.
+ properties:
+ auth:
+ description: Auth contains user authentication and authorization security
+ settings for Elasticsearch.
+ properties:
+ disableElasticUser:
+ description: DisableElasticUser disables the default elastic user
+ that is created by ECK.
+ type: boolean
+ fileRealm:
+ description: FileRealm to propagate to the Elasticsearch cluster.
+ items:
+ description: FileRealmSource references users to create in the
+ Elasticsearch cluster.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ type: array
+ roles:
+ description: Roles to propagate to the Elasticsearch cluster.
+ items:
+ description: RoleSource references roles to create in the Elasticsearch
+ cluster.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ type: array
+ type: object
+ http:
+ description: HTTP holds HTTP layer settings for Elasticsearch.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Elasticsearch Docker image to deploy.
+ type: string
+ monitoring:
+ description: |-
+ Monitoring enables you to collect and ship log and monitoring data of this Elasticsearch cluster.
+ See https://www.elastic.co/guide/en/elasticsearch/reference/current/monitor-elasticsearch-cluster.html.
+ Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different
+ Elasticsearch monitoring clusters running in the same Kubernetes cluster.
+ properties:
+ logs:
+ description: Logs holds references to Elasticsearch clusters which
+ receive log data from an associated resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ metrics:
+ description: Metrics holds references to Elasticsearch clusters
+ which receive monitoring data from this resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSets:
+ description: NodeSets allow specifying groups of Elasticsearch nodes
+ sharing the same configuration and Pod templates.
+ items:
+ description: NodeSet is the specification for a group of Elasticsearch
+ nodes sharing the same configuration and a Pod template.
+ properties:
+ config:
+ description: Config holds the Elasticsearch configuration.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: |-
+ Count of Elasticsearch nodes to deploy.
+ If the node set is managed by an autoscaling policy the initial value is automatically set by the autoscaling controller.
+ format: int32
+ type: integer
+ name:
+ description: Name of this set of nodes. Becomes a part of the
+ Elasticsearch node.name setting.
+ maxLength: 23
+ pattern: '[a-zA-Z0-9-]+'
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels,
+ annotations, affinity rules, resource requests, and so on)
+ for the Pods belonging to this NodeSet.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ volumeClaimTemplates:
+ description: |-
+ VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet.
+ Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate.
+ Items defined here take precedence over any default claims added by the operator with the same name.
+ items:
+ description: PersistentVolumeClaim is a user's request for
+ and claim to a persistent volume
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ spec defines the desired characteristics of a volume requested by a pod author.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to
+ the PersistentVolume backing this claim.
+ type: string
+ type: object
+ type: object
+ type: array
+ required:
+ - name
+ type: object
+ minItems: 1
+ type: array
+ podDisruptionBudget:
+ description: |-
+ PodDisruptionBudget provides access to the default Pod disruption budget for the Elasticsearch cluster.
+ The default budget doesn't allow any Pod to be removed in case the cluster is not green or if there is only one node of type `data` or `master`.
+ In all other cases the default PodDisruptionBudget sets `minUnavailable` equal to the total number of nodes minus 1.
+ To disable, set `PodDisruptionBudget` to the empty value (`{}` in YAML).
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the PDB.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the PDB.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ An eviction is allowed if at most "maxUnavailable" pods selected by
+ "selector" are unavailable after the eviction, i.e. even in absence of
+ the evicted pod. For example, one can prevent all voluntary evictions
+ by specifying 0. This is a mutually exclusive setting with "minAvailable".
+ x-kubernetes-int-or-string: true
+ minAvailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ An eviction is allowed if at least "minAvailable" pods selected by
+ "selector" will still be available after the eviction, i.e. even in the
+ absence of the evicted pod. So for example you can prevent all voluntary
+ evictions by specifying "100%".
+ x-kubernetes-int-or-string: true
+ selector:
+ description: |-
+ Label query over pods whose evictions are managed by the disruption
+ budget.
+ A null selector will match no pods, while an empty ({}) selector will select
+ all pods within the namespace.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyPodEvictionPolicy:
+ description: |-
+ UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods
+ should be considered for eviction. Current implementation considers healthy pods,
+ as pods that have status.conditions item with type="Ready",status="True".
+
+ Valid policies are IfHealthyBudget and AlwaysAllow.
+ If no policy is specified, the default behavior will be used,
+ which corresponds to the IfHealthyBudget policy.
+
+ IfHealthyBudget policy means that running pods (status.phase="Running"),
+ but not yet healthy can be evicted only if the guarded application is not
+ disrupted (status.currentHealthy is at least equal to status.desiredHealthy).
+ Healthy pods will be subject to the PDB for eviction.
+
+ AlwaysAllow policy means that all running pods (status.phase="Running"),
+ but not yet healthy are considered disrupted and can be evicted regardless
+ of whether the criteria in a PDB is met. This means perspective running
+ pods of a disrupted application might not get a chance to become healthy.
+ Healthy pods will be subject to the PDB for eviction.
+
+ Additional policies may be added in the future.
+ Clients making eviction decisions should disallow eviction of unhealthy pods
+ if they encounter an unrecognized policy in this field.
+ type: string
+ type: object
+ type: object
+ remoteClusterServer:
+ description: |-
+ RemoteClusterServer specifies if the remote cluster server should be enabled.
+ This must be enabled if this cluster is a remote cluster which is expected to be accessed using API key authentication.
+ properties:
+ enabled:
+ type: boolean
+ type: object
+ remoteClusters:
+ description: RemoteClusters enables you to establish uni-directional
+ connections to a remote Elasticsearch cluster.
+ items:
+ description: RemoteCluster declares a remote Elasticsearch cluster
+ connection.
+ properties:
+ apiKey:
+ description: 'APIKey can be used to enable remote cluster access
+ using Cross-Cluster API keys: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-cross-cluster-api-key.html'
+ properties:
+ access:
+ description: Access is the name of the API Key. It is automatically
+ generated if not set or empty.
+ properties:
+ replication:
+ properties:
+ names:
+ items:
+ type: string
+ type: array
+ required:
+ - names
+ type: object
+ search:
+ properties:
+ allow_restricted_indices:
+ type: boolean
+ field_security:
+ properties:
+ except:
+ items:
+ type: string
+ type: array
+ grant:
+ items:
+ type: string
+ type: array
+ required:
+ - except
+ - grant
+ type: object
+ names:
+ items:
+ type: string
+ type: array
+ query:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - names
+ type: object
+ type: object
+ required:
+ - access
+ type: object
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch
+ cluster running within the same k8s cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty,
+ defaults to the current namespace.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ name:
+ description: |-
+ Name is the name of the remote cluster as it is set in the Elasticsearch settings.
+ The name is expected to be unique for each remote clusters.
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying StatefulSets.
+ format: int32
+ type: integer
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for Elasticsearch.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ transport:
+ description: Transport holds transport layer settings for Elasticsearch.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS on the transport
+ layer.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the CA certificate
+ and private key for generating node certificates.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The CA certificate in PEM format.
+ - `ca.key`: The private key for the CA certificate in PEM format.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ certificateAuthorities:
+ description: |-
+ CertificateAuthorities is a reference to a config map that contains one or more x509 certificates for
+ trusted authorities in PEM format. The certificates need to be in a file called `ca.crt`.
+ properties:
+ configMapName:
+ type: string
+ type: object
+ otherNameSuffix:
+ description: |-
+ OtherNameSuffix when defined will be prefixed with the Pod name and used as the common name,
+ and the first DNSName, as well as an OtherName required by Elasticsearch in the Subject Alternative Name
+ extension of each Elasticsearch node's transport TLS certificate.
+ Example: if set to "node.cluster.local", the generated certificate will have its otherName set to ".node.cluster.local".
+ type: string
+ selfSignedCertificates:
+ description: SelfSignedCertificates allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that provisioning of the
+ self-signed certificates should be disabled.
+ type: boolean
+ type: object
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to
+ include in the generated node transport TLS certificates.
+ items:
+ description: SubjectAlternativeName represents a SAN entry
+ in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ updateStrategy:
+ description: UpdateStrategy specifies how updates to the cluster should
+ be performed.
+ properties:
+ changeBudget:
+ description: ChangeBudget defines the constraints to consider
+ when applying changes to the Elasticsearch cluster.
+ properties:
+ maxSurge:
+ description: |-
+ MaxSurge is the maximum number of new Pods that can be created exceeding the original number of Pods defined in
+ the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will
+ disable the restriction. Defaults to unbounded if not specified.
+ format: int32
+ type: integer
+ maxUnavailable:
+ description: |-
+ MaxUnavailable is the maximum number of Pods that can be unavailable (not ready) during the update due to
+ circumstances under the control of the operator. Setting a negative value will disable this restriction.
+ Defaults to 1 if not specified.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ version:
+ description: Version of Elasticsearch.
+ type: string
+ volumeClaimDeletePolicy:
+ description: |-
+ VolumeClaimDeletePolicy sets the policy for handling deletion of PersistentVolumeClaims for all NodeSets.
+ Possible values are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion. Defaults to DeleteOnScaledownAndClusterDeletion.
+ enum:
+ - DeleteOnScaledownOnly
+ - DeleteOnScaledownAndClusterDeletion
+ type: string
+ required:
+ - nodeSets
+ - version
+ type: object
+ status:
+ description: ElasticsearchStatus represents the observed state of Elasticsearch.
+ properties:
+ availableNodes:
+ description: AvailableNodes is the number of available instances.
+ format: int32
+ type: integer
+ conditions:
+ description: |-
+ Conditions holds the current service state of an Elasticsearch cluster.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ items:
+ description: |-
+ Condition represents Elasticsearch resource's condition.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ status:
+ type: string
+ type:
+ description: ConditionType defines the condition of an Elasticsearch
+ resource.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ health:
+ description: ElasticsearchHealth is the health of the cluster as returned
+ by the health API.
+ type: string
+ inProgressOperations:
+ description: |-
+ InProgressOperations represents changes being applied by the operator to the Elasticsearch cluster.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ downscale:
+ description: |-
+ DownscaleOperation provides details about in progress downscale operations.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastUpdatedTime:
+ format: date-time
+ type: string
+ nodes:
+ description: Nodes which are scheduled to be removed from
+ the cluster.
+ items:
+ description: |-
+ DownscaledNode provides an overview of in progress changes applied by the operator to remove Elasticsearch nodes from the cluster.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ explanation:
+ description: |-
+ Explanation provides details about an in progress node shutdown. It is only available for clusters managed with the
+ Elasticsearch shutdown API.
+ type: string
+ name:
+ description: Name of the Elasticsearch node that should
+ be removed.
+ type: string
+ shutdownStatus:
+ description: |-
+ Shutdown status as returned by the Elasticsearch shutdown API.
+ If the Elasticsearch shutdown API is not available, the shutdown status is then inferred from the remaining
+ shards on the nodes, as observed by the operator.
+ type: string
+ required:
+ - name
+ - shutdownStatus
+ type: object
+ type: array
+ stalled:
+ description: |-
+ Stalled represents a state where no progress can be made.
+ It is only available for clusters managed with the Elasticsearch shutdown API.
+ type: boolean
+ type: object
+ upgrade:
+ description: |-
+ UpgradeOperation provides an overview of the pending or in progress changes applied by the operator to update the Elasticsearch nodes in the cluster.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastUpdatedTime:
+ format: date-time
+ type: string
+ nodes:
+ description: Nodes that must be restarted for upgrade.
+ items:
+ description: |-
+ UpgradedNode provides details about the status of nodes which are expected to be updated.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ message:
+ description: Optional message to explain why a node
+ may not be immediately restarted for upgrade.
+ type: string
+ name:
+ description: Name of the Elasticsearch node that should
+ be upgraded.
+ type: string
+ predicate:
+ description: Predicate is the name of the predicate
+ currently preventing this node from being deleted
+ for an upgrade.
+ type: string
+ status:
+ description: |-
+ Status states if the node is either in the process of being deleted for an upgrade,
+ or blocked by a predicate or another condition stated in the message field.
+ type: string
+ required:
+ - name
+ - status
+ type: object
+ type: array
+ type: object
+ upscale:
+ description: |-
+ UpscaleOperation provides an overview of in progress changes applied by the operator to add Elasticsearch nodes to the cluster.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastUpdatedTime:
+ format: date-time
+ type: string
+ nodes:
+ description: Nodes expected to be added by the operator.
+ items:
+ properties:
+ message:
+ description: Optional message to explain why a node
+ may not be immediately added.
+ type: string
+ name:
+ description: Name of the Elasticsearch node that should
+ be added to the cluster.
+ type: string
+ status:
+ description: NewNodeStatus states if a new node is being
+ created, or if the upscale is delayed.
+ type: string
+ required:
+ - name
+ - status
+ type: object
+ type: array
+ type: object
+ required:
+ - downscale
+ - upgrade
+ - upscale
+ type: object
+ monitoringAssociationStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: |-
+ AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that
+ have a single Association of a given type (for ex. single ES reference), this map contains a single entry.
+ type: object
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the most recent generation observed for this Elasticsearch cluster.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Elasticsearch
+ controller has not yet processed the changes contained in the Elasticsearch specification.
+ format: int64
+ type: integer
+ phase:
+ description: ElasticsearchOrchestrationPhase is the phase Elasticsearch
+ is in from the controller point of view.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Elasticsearch version
+ jsonPath: .spec.version
+ name: version
+ type: string
+ - jsonPath: .status.phase
+ name: phase
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Elasticsearch represents an Elasticsearch resource in a Kubernetes
+ cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ElasticsearchSpec holds the specification of an Elasticsearch
+ cluster.
+ properties:
+ http:
+ description: HTTP holds HTTP layer settings for Elasticsearch.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Elasticsearch Docker image to deploy.
+ type: string
+ nodeSets:
+ description: NodeSets allow specifying groups of Elasticsearch nodes
+ sharing the same configuration and Pod templates.
+ items:
+ description: NodeSet is the specification for a group of Elasticsearch
+ nodes sharing the same configuration and a Pod template.
+ properties:
+ config:
+ description: Config holds the Elasticsearch configuration.
+ type: object
+ count:
+ description: Count of Elasticsearch nodes to deploy.
+ format: int32
+ minimum: 1
+ type: integer
+ name:
+ description: Name of this set of nodes. Becomes a part of the
+ Elasticsearch node.name setting.
+ maxLength: 23
+ pattern: '[a-zA-Z0-9-]+'
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels,
+ annotations, affinity rules, resource requests, and so on)
+ for the Pods belonging to this NodeSet.
+ type: object
+ volumeClaimTemplates:
+ description: |-
+ VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet.
+ Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate.
+ Items defined here take precedence over any default claims added by the operator with the same name.
+ items:
+ description: PersistentVolumeClaim is a user's request for
+ and claim to a persistent volume
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ spec defines the desired characteristics of a volume requested by a pod author.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to
+ the PersistentVolume backing this claim.
+ type: string
+ type: object
+ type: object
+ type: array
+ required:
+ - count
+ - name
+ type: object
+ minItems: 1
+ type: array
+ podDisruptionBudget:
+ description: |-
+ PodDisruptionBudget provides access to the default pod disruption budget for the Elasticsearch cluster.
+ The default budget selects all cluster pods and sets `maxUnavailable` to 1. To disable, set `PodDisruptionBudget`
+ to the empty value (`{}` in YAML).
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the PDB.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the PDB.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ An eviction is allowed if at most "maxUnavailable" pods selected by
+ "selector" are unavailable after the eviction, i.e. even in absence of
+ the evicted pod. For example, one can prevent all voluntary evictions
+ by specifying 0. This is a mutually exclusive setting with "minAvailable".
+ x-kubernetes-int-or-string: true
+ minAvailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ An eviction is allowed if at least "minAvailable" pods selected by
+ "selector" will still be available after the eviction, i.e. even in the
+ absence of the evicted pod. So for example you can prevent all voluntary
+ evictions by specifying "100%".
+ x-kubernetes-int-or-string: true
+ selector:
+ description: |-
+ Label query over pods whose evictions are managed by the disruption
+ budget.
+ A null selector selects no pods.
+ An empty selector ({}) also selects no pods, which differs from standard behavior of selecting all pods.
+ In policy/v1, an empty selector will select all pods in the namespace.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyPodEvictionPolicy:
+ description: |-
+ UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods
+ should be considered for eviction. Current implementation considers healthy pods,
+ as pods that have status.conditions item with type="Ready",status="True".
+
+ Valid policies are IfHealthyBudget and AlwaysAllow.
+ If no policy is specified, the default behavior will be used,
+ which corresponds to the IfHealthyBudget policy.
+
+ IfHealthyBudget policy means that running pods (status.phase="Running"),
+ but not yet healthy can be evicted only if the guarded application is not
+ disrupted (status.currentHealthy is at least equal to status.desiredHealthy).
+ Healthy pods will be subject to the PDB for eviction.
+
+ AlwaysAllow policy means that all running pods (status.phase="Running"),
+ but not yet healthy are considered disrupted and can be evicted regardless
+ of whether the criteria in a PDB is met. This means perspective running
+ pods of a disrupted application might not get a chance to become healthy.
+ Healthy pods will be subject to the PDB for eviction.
+
+ Additional policies may be added in the future.
+ Clients making eviction decisions should disallow eviction of unhealthy pods
+ if they encounter an unrecognized policy in this field.
+ type: string
+ type: object
+ type: object
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for Elasticsearch.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ updateStrategy:
+ description: UpdateStrategy specifies how updates to the cluster should
+ be performed.
+ properties:
+ changeBudget:
+ description: ChangeBudget defines the constraints to consider
+ when applying changes to the Elasticsearch cluster.
+ properties:
+ maxSurge:
+ description: |-
+ MaxSurge is the maximum number of new pods that can be created exceeding the original number of pods defined in
+ the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will
+ disable the restriction. Defaults to unbounded if not specified.
+ format: int32
+ type: integer
+ maxUnavailable:
+ description: |-
+ MaxUnavailable is the maximum number of pods that can be unavailable (not ready) during the update due to
+ circumstances under the control of the operator. Setting a negative value will disable this restriction.
+ Defaults to 1 if not specified.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ version:
+ description: Version of Elasticsearch.
+ type: string
+ required:
+ - nodeSets
+ type: object
+ status:
+ description: ElasticsearchStatus defines the observed state of Elasticsearch
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: ElasticsearchHealth is the health of the cluster as returned
+ by the health API.
+ type: string
+ phase:
+ description: ElasticsearchOrchestrationPhase is the phase Elasticsearch
+ is in from the controller point of view.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: to not break compatibility when upgrading from previous versions
+ of the CRD
+ type: object
+ served: false
+ storage: false
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.18.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: enterprisesearches.enterprisesearch.k8s.elastic.co
+spec:
+ group: enterprisesearch.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: EnterpriseSearch
+ listKind: EnterpriseSearchList
+ plural: enterprisesearches
+ shortNames:
+ - ent
+ singular: enterprisesearch
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Enterprise Search version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise
+ Search.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EnterpriseSearchSpec holds the specification of an Enterprise
+ Search resource.
+ properties:
+ config:
+ description: Config holds the Enterprise Search configuration.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Enterprise Search configuration.
+ Configuration settings are merged and have precedence over settings specified in `config`.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ description: Count of Enterprise Search instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the Elasticsearch
+ cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Enterprise
+ Search resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Enterprise Search Docker image to deploy.
+ type: string
+ podTemplate:
+ description: |-
+ PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on)
+ for the Enterprise Search pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Enterprise Search.
+ type: string
+ type: object
+ status:
+ description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch
+ properties:
+ associationStatus:
+ description: Association is the status of any auto-linking to Elasticsearch
+ clusters.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in
+ the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is
+ the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ health:
+ description: Health of the deployment.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the status is based upon.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Enterprise Search
+ controller has not yet processed the changes contained in the Enterprise Search specification.
+ format: int64
+ type: integer
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ service:
+ description: ExternalService is the name of the service associated
+ to the Enterprise Search Pods.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Enterprise Search version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise
+ Search.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EnterpriseSearchSpec holds the specification of an Enterprise
+ Search resource.
+ properties:
+ config:
+ description: Config holds the Enterprise Search configuration.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Enterprise Search configuration.
+ Configuration settings are merged and have precedence over settings specified in `config`.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ description: Count of Enterprise Search instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the Elasticsearch
+ cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Enterprise
+ Search resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Enterprise Search Docker image to deploy.
+ type: string
+ podTemplate:
+ description: |-
+ PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on)
+ for the Enterprise Search pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Enterprise Search.
+ type: string
+ type: object
+ status:
+ description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch
+ properties:
+ associationStatus:
+ description: Association is the status of any auto-linking to Elasticsearch
+ clusters.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in
+ the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is
+ the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ health:
+ description: Health of the deployment.
+ type: string
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ service:
+ description: ExternalService is the name of the service associated
+ to the Enterprise Search Pods.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.18.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: kibanas.kibana.k8s.elastic.co
+spec:
+ group: kibana.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Kibana
+ listKind: KibanaList
+ plural: kibanas
+ shortNames:
+ - kb
+ singular: kibana
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Kibana version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Kibana represents a Kibana resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KibanaSpec holds the specification of a Kibana instance.
+ properties:
+ config:
+ description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of Kibana instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ enterpriseSearchRef:
+ description: |-
+ EnterpriseSearchRef is a reference to an EnterpriseSearch running in the same Kubernetes cluster.
+ Kibana provides the default Enterprise Search UI starting version 7.14.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Kibana.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Kibana Docker image to deploy.
+ type: string
+ monitoring:
+ description: |-
+ Monitoring enables you to collect and ship log and monitoring data of this Kibana.
+ See https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html.
+ Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different
+ Elasticsearch monitoring clusters running in the same Kubernetes cluster.
+ properties:
+ logs:
+ description: Logs holds references to Elasticsearch clusters which
+ receive log data from an associated resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ metrics:
+ description: Metrics holds references to Elasticsearch clusters
+ which receive monitoring data from this resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the Kibana pods
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for Kibana.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Kibana.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: KibanaStatus defines the observed state of Kibana
+ properties:
+ associationStatus:
+ description: |-
+ AssociationStatus is the status of any auto-linking to Elasticsearch clusters.
+ This field is deprecated and will be removed in a future release. Use ElasticsearchAssociationStatus instead.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in
+ the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is
+ the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ elasticsearchAssociationStatus:
+ description: ElasticsearchAssociationStatus is the status of any auto-linking
+ to Elasticsearch clusters.
+ type: string
+ enterpriseSearchAssociationStatus:
+ description: EnterpriseSearchAssociationStatus is the status of any
+ auto-linking to Enterprise Search.
+ type: string
+ health:
+ description: Health of the deployment.
+ type: string
+ monitoringAssociationStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: MonitoringAssociationStatus is the status of any auto-linking
+ to monitoring Elasticsearch clusters.
+ type: object
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the most recent generation observed for this Kibana instance.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Kibana
+ controller has not yet processed the changes contained in the Kibana specification.
+ format: int64
+ type: integer
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Kibana version
+ jsonPath: .spec.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Kibana represents a Kibana resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KibanaSpec holds the specification of a Kibana instance.
+ properties:
+ config:
+ description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of Kibana instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Kibana.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Kibana Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the Kibana pods
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for Kibana.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ version:
+ description: Version of Kibana.
+ type: string
+ type: object
+ status:
+ description: KibanaStatus defines the observed state of Kibana
+ properties:
+ associationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: KibanaHealth expresses the status of the Kibana instances.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: to not break compatibility when upgrading from previous versions
+ of the CRD
+ type: object
+ served: false
+ storage: false
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.18.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: logstashes.logstash.k8s.elastic.co
+spec:
+ group: logstash.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Logstash
+ listKind: LogstashList
+ plural: logstashes
+ shortNames:
+ - ls
+ singular: logstash
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Health
+ jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: available
+ type: integer
+ - description: Expected nodes
+ jsonPath: .status.expectedNodes
+ name: expected
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ - description: Logstash version
+ jsonPath: .status.version
+ name: version
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Logstash is the Schema for the logstashes API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: LogstashSpec defines the desired state of Logstash
+ properties:
+ config:
+ description: Config holds the Logstash configuration. At most one
+ of [`Config`, `ConfigRef`] can be specified.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Logstash configuration.
+ Logstash settings must be specified as yaml, under a single "logstash.yml" entry. At most one of [`Config`, `ConfigRef`]
+ can be specified.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ format: int32
+ type: integer
+ elasticsearchRefs:
+ description: ElasticsearchRefs are references to Elasticsearch clusters
+ running in the same Kubernetes cluster.
+ items:
+ description: ElasticsearchCluster is a named reference to an Elasticsearch
+ cluster which can be used in a Logstash pipeline.
+ properties:
+ clusterName:
+ description: |-
+ ClusterName is an alias for the cluster to be used to refer to the Elasticsearch cluster in Logstash
+ configuration files, and will be used to identify "named clusters" in Logstash
+ minLength: 1
+ type: string
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ required:
+ - clusterName
+ type: object
+ type: array
+ image:
+ description: Image is the Logstash Docker image to deploy. Version
+ and Type have to match the Logstash in the image.
+ type: string
+ monitoring:
+ description: |-
+ Monitoring enables you to collect and ship log and monitoring data of this Logstash.
+ Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different
+ Elasticsearch monitoring clusters running in the same Kubernetes cluster.
+ properties:
+ logs:
+ description: Logs holds references to Elasticsearch clusters which
+ receive log data from an associated resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ metrics:
+ description: Metrics holds references to Elasticsearch clusters
+ which receive monitoring data from this resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator. The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ pipelines:
+ description: Pipelines holds the Logstash Pipelines. At most one of
+ [`Pipelines`, `PipelinesRef`] can be specified.
+ items:
+ type: object
+ type: array
+ x-kubernetes-preserve-unknown-fields: true
+ pipelinesRef:
+ description: |-
+ PipelinesRef contains a reference to an existing Kubernetes Secret holding the Logstash Pipelines.
+ Logstash pipelines must be specified as yaml, under a single "pipelines.yml" entry. At most one of [`Pipelines`, `PipelinesRef`]
+ can be specified.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ podTemplate:
+ description: PodTemplate provides customisation options for the Logstash
+ pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying StatefulSet.
+ format: int32
+ type: integer
+ secureSettings:
+ description: |-
+ SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Logstash.
+ Secrets data can be then referenced in the Logstash config using the Secret's keys or as specified in `Entries` field of
+ each SecureSetting.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to Elasticsearch resource in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ services:
+ description: |-
+ Services contains details of services that Logstash should expose - similar to the HTTP layer configuration for the
+ rest of the stack, but also applicable for more use cases than the metrics API, as logstash may need to
+ be opened up for other services: Beats, TCP, UDP, etc, inputs.
+ items:
+ properties:
+ name:
+ type: string
+ service:
+ description: Service defines the template for the associated
+ Kubernetes Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by
+ this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ type: array
+ updateStrategy:
+ description: UpdateStrategy is a StatefulSetUpdateStrategy. The default
+ type is "RollingUpdate".
+ properties:
+ rollingUpdate:
+ description: RollingUpdate is used to communicate parameters when
+ Type is RollingUpdateStatefulSetStrategyType.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ Absolute number is calculated from percentage by rounding up. This can not be 0.
+ Defaults to 1. This field is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to
+ Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it
+ will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ partition:
+ description: |-
+ Partition indicates the ordinal at which the StatefulSet should be partitioned
+ for updates. During a rolling update, all pods from ordinal Replicas-1 to
+ Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched.
+ This is helpful in being able to do a canary based deployment. The default value is 0.
+ format: int32
+ type: integer
+ type: object
+ type:
+ description: |-
+ Type indicates the type of the StatefulSetUpdateStrategy.
+ Default is RollingUpdate.
+ type: string
+ type: object
+ version:
+ description: Version of the Logstash.
+ type: string
+ volumeClaimTemplates:
+ description: |-
+ VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod.
+ Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate.
+ Items defined here take precedence over any default claims added by the operator with the same name.
+ items:
+ description: PersistentVolumeClaim is a user's request for and claim
+ to a persistent volume
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ spec defines the desired characteristics of a volume requested by a pod author.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the
+ PersistentVolume backing this claim.
+ type: string
+ type: object
+ status:
+ description: |-
+ status represents the current information/status of a persistent volume claim.
+ Read-only.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the actual access modes the volume backing the PVC has.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ allocatedResourceStatuses:
+ additionalProperties:
+ description: |-
+ When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource
+ that it does not recognizes, then it should ignore that update and let other controllers
+ handle it.
+ type: string
+ description: "allocatedResourceStatuses stores status of
+ resource being resized for the given PVC.\nKey names follow
+ standard Kubernetes label syntax. Valid values are either:\n\t*
+ Un-prefixed keys:\n\t\t- storage - the capacity of the
+ volume.\n\t* Custom resources must use implementation-defined
+ prefixed names such as \"example.com/my-custom-resource\"\nApart
+ from above values - keys that are unprefixed or have kubernetes.io
+ prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus
+ can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState
+ set when resize controller starts resizing the volume
+ in control-plane.\n\t- ControllerResizeFailed:\n\t\tState
+ set when resize has failed in resize controller with a
+ terminal error.\n\t- NodeResizePending:\n\t\tState set
+ when resize controller has finished resizing the volume
+ but further resizing of\n\t\tvolume is needed on the node.\n\t-
+ NodeResizeInProgress:\n\t\tState set when kubelet starts
+ resizing the volume.\n\t- NodeResizeFailed:\n\t\tState
+ set when resizing has failed in kubelet with a terminal
+ error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor
+ example: if expanding a PVC for more capacity - this field
+ can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage']
+ = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage']
+ = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage']
+ = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage']
+ = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage']
+ = \"NodeResizeFailed\"\nWhen this field is not set, it
+ means that no resize operation is in progress for the
+ given PVC.\n\nA controller that receives PVC update with
+ previously unknown resourceName or ClaimResourceStatus\nshould
+ ignore the update for the purpose it was designed. For
+ example - a controller that\nonly is responsible for resizing
+ capacity of the volume, should ignore PVC updates that
+ change other valid\nresources associated with PVC.\n\nThis
+ is an alpha field and requires enabling RecoverVolumeExpansionFailure
+ feature."
+ type: object
+ x-kubernetes-map-type: granular
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: "allocatedResources tracks the resources allocated
+ to a PVC including its capacity.\nKey names follow standard
+ Kubernetes label syntax. Valid values are either:\n\t*
+ Un-prefixed keys:\n\t\t- storage - the capacity of the
+ volume.\n\t* Custom resources must use implementation-defined
+ prefixed names such as \"example.com/my-custom-resource\"\nApart
+ from above values - keys that are unprefixed or have kubernetes.io
+ prefix are considered\nreserved and hence may not be used.\n\nCapacity
+ reported here may be larger than the actual capacity when
+ a volume expansion operation\nis requested.\nFor storage
+ quota, the larger value from allocatedResources and PVC.spec.resources
+ is used.\nIf allocatedResources is not set, PVC.spec.resources
+ alone is used for quota calculation.\nIf a volume expansion
+ capacity request is lowered, allocatedResources is only\nlowered
+ if there are no expansion operations in progress and if
+ the actual volume capacity\nis equal or lower than the
+ requested capacity.\n\nA controller that receives PVC
+ update with previously unknown resourceName\nshould ignore
+ the update for the purpose it was designed. For example
+ - a controller that\nonly is responsible for resizing
+ capacity of the volume, should ignore PVC updates that
+ change other valid\nresources associated with PVC.\n\nThis
+ is an alpha field and requires enabling RecoverVolumeExpansionFailure
+ feature."
+ type: object
+ capacity:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: capacity represents the actual resources of
+ the underlying volume.
+ type: object
+ conditions:
+ description: |-
+ conditions is the current Condition of persistent volume claim. If underlying persistent volume is being
+ resized then the Condition will be set to 'Resizing'.
+ items:
+ description: PersistentVolumeClaimCondition contains details
+ about state of pvc
+ properties:
+ lastProbeTime:
+ description: lastProbeTime is the time we probed the
+ condition.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime is the time the condition
+ transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message is the human-readable message
+ indicating details about last transition.
+ type: string
+ reason:
+ description: |-
+ reason is a unique, this should be a short, machine understandable string that gives the reason
+ for condition's last transition. If it reports "Resizing" that means the underlying
+ persistent volume is being resized.
+ type: string
+ status:
+ description: |-
+ Status is the status of the condition.
+ Can be True, False, Unknown.
+ More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required
+ type: string
+ type:
+ description: |-
+ Type is the type of the condition.
+ More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ currentVolumeAttributesClassName:
+ description: |-
+ currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.
+ When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
+ This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
+ type: string
+ modifyVolumeStatus:
+ description: |-
+ ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
+ When this is unset, there is no ModifyVolume operation being attempted.
+ This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
+ properties:
+ status:
+ description: "status is the status of the ControllerModifyVolume
+ operation. It can be in any of following states:\n
+ - Pending\n Pending indicates that the PersistentVolumeClaim
+ cannot be modified due to unmet requirements, such
+ as\n the specified VolumeAttributesClass not existing.\n
+ - InProgress\n InProgress indicates that the volume
+ is being modified.\n - Infeasible\n Infeasible indicates
+ that the request has been rejected as invalid by the
+ CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass
+ needs to be specified.\nNote: New statuses can be
+ added in the future. Consumers should check for unknown
+ statuses and fail appropriately."
+ type: string
+ targetVolumeAttributesClassName:
+ description: targetVolumeAttributesClassName is the
+ name of the VolumeAttributesClass the PVC currently
+ being reconciled
+ type: string
+ required:
+ - status
+ type: object
+ phase:
+ description: phase represents the current phase of PersistentVolumeClaim.
+ type: string
+ type: object
+ type: object
+ type: array
+ required:
+ - version
+ type: object
+ status:
+ description: LogstashStatus defines the observed state of Logstash
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ elasticsearchAssociationsStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: ElasticsearchAssociationStatus is the status of any auto-linking
+ to Elasticsearch clusters.
+ type: object
+ expectedNodes:
+ format: int32
+ type: integer
+ health:
+ type: string
+ monitoringAssociationStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: MonitoringAssociationStatus is the status of any auto-linking
+ to monitoring Elasticsearch clusters.
+ type: object
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the most recent generation observed for this Logstash instance.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Logstash
+ controller has not yet processed the changes contained in the Logstash specification.
+ format: int64
+ type: integer
+ selector:
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ required:
+ - selector
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.expectedNodes
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.18.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co
+spec:
+ group: stackconfigpolicy.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: StackConfigPolicy
+ listKind: StackConfigPolicyList
+ plural: stackconfigpolicies
+ shortNames:
+ - scp
+ singular: stackconfigpolicy
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Resources configured
+ jsonPath: .status.readyCount
+ name: Ready
+ type: string
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: StackConfigPolicy represents a StackConfigPolicy resource in
+ a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ elasticsearch:
+ properties:
+ clusterSettings:
+ description: ClusterSettings holds the Elasticsearch cluster settings
+ (/_cluster/settings)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ config:
+ description: Config holds the settings that go into elasticsearch.yml.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ indexLifecyclePolicies:
+ description: IndexLifecyclePolicies holds the Index Lifecycle
+ policies settings (/_ilm/policy)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ indexTemplates:
+ description: IndexTemplates holds the Index and Component Templates
+ settings
+ properties:
+ componentTemplates:
+ description: ComponentTemplates holds the Component Templates
+ settings (/_component_template)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ composableIndexTemplates:
+ description: ComposableIndexTemplates holds the Index Templates
+ settings (/_index_template)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ ingestPipelines:
+ description: IngestPipelines holds the Ingest Pipelines settings
+ (/_ingest/pipeline)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ secretMounts:
+ description: SecretMounts are additional Secrets that need to
+ be mounted into the Elasticsearch pods.
+ items:
+ description: SecretMount contains information about additional
+ secrets to be mounted to the elasticsearch pods
+ properties:
+ mountPath:
+ description: MountPath denotes the path to which the secret
+ should be mounted to inside the elasticsearch pod
+ type: string
+ secretName:
+ description: SecretName denotes the name of the secret that
+ needs to be mounted to the elasticsearch pod
+ type: string
+ type: object
+ type: array
+ x-kubernetes-preserve-unknown-fields: true
+ secureSettings:
+ description: SecureSettings are additional Secrets that contain
+ data to be configured to Elasticsearch's keystore.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ x-kubernetes-preserve-unknown-fields: true
+ securityRoleMappings:
+ description: SecurityRoleMappings holds the Role Mappings settings
+ (/_security/role_mapping)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ snapshotLifecyclePolicies:
+ description: SnapshotLifecyclePolicies holds the Snapshot Lifecycle
+ Policies settings (/_slm/policy)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ snapshotRepositories:
+ description: SnapshotRepositories holds the Snapshot Repositories
+ settings (/_snapshot)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ kibana:
+ properties:
+ config:
+ description: Config holds the settings that go into kibana.yml.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ secureSettings:
+ description: SecureSettings are additional Secrets that contain
+ data to be configured to Kibana's keystore.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ resourceSelector:
+ description: |-
+ A label selector is a label query over a set of resources. The result of matchLabels and
+ matchExpressions are ANDed. An empty label selector matches all objects. A null
+ label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ secureSettings:
+ description: 'Deprecated: SecureSettings only applies to Elasticsearch
+ and is deprecated. It must be set per application instead.'
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ type: object
+ status:
+ properties:
+ details:
+ additionalProperties:
+ additionalProperties:
+ description: ResourcePolicyStatus models the status of the policy
+ for one resource to be configured.
+ properties:
+ currentVersion:
+ description: |-
+ CurrentVersion denotes the current version of filesettings applied to the Elasticsearch cluster
+ This field does not apply to Kibana resources
+ format: int64
+ type: integer
+ error:
+ properties:
+ message:
+ type: string
+ version:
+ format: int64
+ type: integer
+ type: object
+ expectedVersion:
+ description: |-
+ ExpectedVersion denotes the expected version of filesettings that should be applied to the Elasticsearch cluster
+ This field does not apply to Kibana resources
+ format: int64
+ type: integer
+ phase:
+ type: string
+ type: object
+ type: object
+ description: Details holds the status details for each resource to
+ be configured.
+ type: object
+ errors:
+ description: Errors is the number of resources which have an incorrect
+ configuration
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration is the most recent generation observed
+ for this StackConfigPolicy.
+ format: int64
+ type: integer
+ phase:
+ description: Phase is the phase of the StackConfigPolicy.
+ type: string
+ ready:
+ description: Ready is the number of resources successfully configured.
+ type: integer
+ readyCount:
+ description: ReadyCount is a human representation of the number of
+ resources successfully configured.
+ type: string
+ resources:
+ description: Resources is the number of resources to be configured.
+ type: integer
+ resourcesStatuses:
+ additionalProperties:
+ description: ResourcePolicyStatus models the status of the policy
+ for one resource to be configured.
+ properties:
+ currentVersion:
+ description: |-
+ CurrentVersion denotes the current version of filesettings applied to the Elasticsearch cluster
+ This field does not apply to Kibana resources
+ format: int64
+ type: integer
+ error:
+ properties:
+ message:
+ type: string
+ version:
+ format: int64
+ type: integer
+ type: object
+ expectedVersion:
+ description: |-
+ ExpectedVersion denotes the expected version of filesettings that should be applied to the Elasticsearch cluster
+ This field does not apply to Kibana resources
+ format: int64
+ type: integer
+ phase:
+ type: string
+ type: object
+ description: |-
+ ResourcesStatuses holds the status for each resource to be configured.
+ Deprecated: Details is used to store the status of resources from ECK 2.11
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/values.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/values.yaml
new file mode 100644
index 00000000..f3fd8bd5
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/charts/eck-operator-crds/values.yaml
@@ -0,0 +1,7 @@
+# Globals meant for internal use only
+global:
+ # manifestGen specifies whether the chart is running under manifest generator.
+ # This is used for tasks specific to generating the all-in-one.yaml file.
+ manifestGen: false
+ # kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml.
+ kubeVersion: 1.21.0
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/profile-disable-automounting-api.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/profile-disable-automounting-api.yaml
new file mode 100644
index 00000000..50f97157
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/profile-disable-automounting-api.yaml
@@ -0,0 +1,29 @@
+automountServiceAccountToken: false
+
+serviceAccount:
+ automountServiceAccountToken: false
+
+volumeMounts:
+- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+ name: serviceaccount-token
+ readOnly: true
+
+volumes:
+- name: serviceaccount-token
+ projected:
+ defaultMode: 0444
+ sources:
+ - serviceAccountToken:
+ expirationSeconds: 3607
+ path: token
+ - configMap:
+ name: kube-root-ca.crt
+ items:
+ - key: ca.crt
+ path: ca.crt
+ - downwardAPI:
+ items:
+ - path: namespace
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/profile-global.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/profile-global.yaml
new file mode 100644
index 00000000..286f8c9e
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/profile-global.yaml
@@ -0,0 +1,6 @@
+managedNamespaces: []
+
+createClusterScopedResources: true
+
+webhook:
+ enabled: true
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/profile-istio.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/profile-istio.yaml
new file mode 100644
index 00000000..c968ba02
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/profile-istio.yaml
@@ -0,0 +1,11 @@
+managedNamespaces: []
+
+createClusterScopedResources: true
+
+webhook:
+ enabled: true
+
+podAnnotations:
+ sidecar.istio.io/inject: "true"
+ traffic.sidecar.istio.io/includeInboundPorts: "*"
+ traffic.sidecar.istio.io/excludeInboundPorts: "9443"
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/profile-restricted.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/profile-restricted.yaml
new file mode 100644
index 00000000..640d00f3
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/profile-restricted.yaml
@@ -0,0 +1,12 @@
+managedNamespaces: ["elastic-system"]
+
+createClusterScopedResources: false
+
+config:
+ # no RBAC access to cluster-wide storage classes, hence disable storage class validation
+ validateStorageClass: false
+
+installCRDs: false
+
+webhook:
+ enabled: false
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/profile-soft-multi-tenancy.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/profile-soft-multi-tenancy.yaml
new file mode 100644
index 00000000..8ac79514
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/profile-soft-multi-tenancy.yaml
@@ -0,0 +1,18 @@
+managedNamespaces: ["team-a", "team-b"]
+
+createClusterScopedResources: true
+
+refs:
+ enforceRBAC: true
+
+webhook:
+ enabled: true
+ namespaceSelector:
+ matchExpressions:
+ - key: "eck.k8s.elastic.co/tenant"
+ operator: In
+ values: ["team-a", "team-b"]
+
+
+softMultiTenancy:
+ enabled: true
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/NOTES.txt b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/NOTES.txt
new file mode 100644
index 00000000..e25ea9ea
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/NOTES.txt
@@ -0,0 +1,2 @@
+1. Inspect the operator logs by running the following command:
+ kubectl logs -n {{ .Release.Namespace }} sts/{{ .Release.Name }}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/_helpers.tpl b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/_helpers.tpl
new file mode 100644
index 00000000..dc2f7cb3
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/_helpers.tpl
@@ -0,0 +1,381 @@
+{{/*
+Expand the name of the chart.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "eck-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "eck-operator.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "eck-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "eck-operator.labels" -}}
+{{- include "eck-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+helm.sh/chart: {{ include "eck-operator.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "eck-operator.selectorLabels" -}}
+{{- if .Values.global.manifestGen -}}
+control-plane: elastic-operator
+{{- else -}}
+app.kubernetes.io/name: {{ include "eck-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "eck-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "eck-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine effective Kubernetes version
+*/}}
+{{- define "eck-operator.effectiveKubeVersion" -}}
+{{- if .Values.global.manifestGen -}}
+{{- semver .Values.global.kubeVersion -}}
+{{- else -}}
+{{- .Capabilities.KubeVersion.Version -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine the name for the webhook
+*/}}
+{{- define "eck-operator.webhookName" -}}
+{{- if .Values.global.manifestGen -}}
+elastic-webhook.k8s.elastic.co
+{{- else -}}
+{{- $name := include "eck-operator.name" . -}}
+{{ printf "%s.%s.k8s.elastic.co" $name .Release.Namespace }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine the name for the webhook secret
+*/}}
+{{- define "eck-operator.webhookSecretName" -}}
+{{- if .Values.global.manifestGen -}}
+elastic-webhook-server-cert
+{{- else if .Values.webhook.certsSecret -}}
+{{- .Values.webhook.certsSecret }}
+{{- else -}}
+{{- $name := include "eck-operator.name" . -}}
+{{ printf "%s-webhook-cert" $name | trunc 63 }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine the name for the webhook service
+*/}}
+{{- define "eck-operator.webhookServiceName" -}}
+{{- if .Values.global.manifestGen -}}
+elastic-webhook-server
+{{- else -}}
+{{- $name := include "eck-operator.name" . -}}
+{{ printf "%s-webhook" $name | trunc 63 }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine the metrics port
+*/}}
+{{- define "eck-operator.metrics.port" -}}
+{{- if .Values.config.metrics.port -}}
+{{- .Values.config.metrics.port -}}
+{{- else if .Values.config.metricsPort -}}
+{{- .Values.config.metricsPort -}}
+{{- else -}}
+0
+{{- end -}}
+{{- end -}}
+
+{{/*
+RBAC permissions
+NOTE - any changes made to RBAC permissions below require
+updating docs/operating-eck/eck-permissions.asciidoc file.
+*/}}
+{{- define "eck-operator.rbacRules" -}}
+- apiGroups:
+ - "authorization.k8s.io"
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ resourceNames:
+ - elastic-operator-leader
+ verbs:
+ - get
+ - watch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - endpoints
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - events
+ - persistentvolumeclaims
+ - secrets
+ - services
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - statefulsets
+ - daemonsets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - elasticsearch.k8s.elastic.co
+ resources:
+ - elasticsearches
+ - elasticsearches/status
+ - elasticsearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - autoscaling.k8s.elastic.co
+ resources:
+ - elasticsearchautoscalers
+ - elasticsearchautoscalers/status
+ - elasticsearchautoscalers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - kibana.k8s.elastic.co
+ resources:
+ - kibanas
+ - kibanas/status
+ - kibanas/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - apm.k8s.elastic.co
+ resources:
+ - apmservers
+ - apmservers/status
+ - apmservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - enterprisesearch.k8s.elastic.co
+ resources:
+ - enterprisesearches
+ - enterprisesearches/status
+ - enterprisesearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - beat.k8s.elastic.co
+ resources:
+ - beats
+ - beats/status
+ - beats/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - agent.k8s.elastic.co
+ resources:
+ - agents
+ - agents/status
+ - agents/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - maps.k8s.elastic.co
+ resources:
+ - elasticmapsservers
+ - elasticmapsservers/status
+ - elasticmapsservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - stackconfigpolicy.k8s.elastic.co
+ resources:
+ - stackconfigpolicies
+ - stackconfigpolicies/status
+ - stackconfigpolicies/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - logstash.k8s.elastic.co
+ resources:
+ - logstashes
+ - logstashes/status
+ - logstashes/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+{{- end -}}
+
+{{/*
+RBAC permissions on non-namespaced resources
+*/}}
+{{- define "eck-operator.clusterWideRbacRules" -}}
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+{{- end -}}
+
+{{/*
+RBAC permissions to read node labels
+*/}}
+{{- define "eck-operator.readNodeLabelsRbacRule" -}}
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+{{- end -}}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/cluster-roles.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/cluster-roles.yaml
new file mode 100644
index 00000000..dbd0fba3
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/cluster-roles.yaml
@@ -0,0 +1,121 @@
+{{- if and (not .Values.createClusterScopedResources) (.Values.config.metrics.secureMode.enabled) -}}
+{{ fail "createClusterScopedResources is required to set config.metrics.secureMode.enabled to true" }}
+{{- end }}
+{{- if .Values.createClusterScopedResources -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+rules:
+{{ template "eck-operator.rbacRules" . | toYaml | indent 2 }}
+{{ template "eck-operator.clusterWideRbacRules" . | toYaml | indent 2 }}
+{{ if .Values.config.exposedNodeLabels }}
+{{ template "eck-operator.readNodeLabelsRbacRule" . | toYaml | indent 2 }}
+{{ end -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: "{{ include "eck-operator.name" . }}-view"
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ {{- include "eck-operator.labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["elasticsearch.k8s.elastic.co"]
+ resources: ["elasticsearches"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["autoscaling.k8s.elastic.co"]
+ resources: ["elasticsearchautoscalers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["apm.k8s.elastic.co"]
+ resources: ["apmservers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["kibana.k8s.elastic.co"]
+ resources: ["kibanas"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["enterprisesearch.k8s.elastic.co"]
+ resources: ["enterprisesearches"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["beat.k8s.elastic.co"]
+ resources: ["beats"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["agent.k8s.elastic.co"]
+ resources: ["agents"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["maps.k8s.elastic.co"]
+ resources: ["elasticmapsservers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
+ resources: ["stackconfigpolicies"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["logstash.k8s.elastic.co"]
+ resources: ["logstashes"]
+ verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: "{{ include "eck-operator.name" . }}-edit"
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ {{- include "eck-operator.labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["elasticsearch.k8s.elastic.co"]
+ resources: ["elasticsearches"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["autoscaling.k8s.elastic.co"]
+ resources: ["elasticsearchautoscalers"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["apm.k8s.elastic.co"]
+ resources: ["apmservers"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["kibana.k8s.elastic.co"]
+ resources: ["kibanas"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["enterprisesearch.k8s.elastic.co"]
+ resources: ["enterprisesearches"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["beat.k8s.elastic.co"]
+ resources: ["beats"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["agent.k8s.elastic.co"]
+ resources: ["agents"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["maps.k8s.elastic.co"]
+ resources: ["elasticmapsservers"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
+ resources: ["stackconfigpolicies"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["logstash.k8s.elastic.co"]
+ resources: ["logstashes"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+{{- if .Values.config.metrics.secureMode.enabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+ name: "{{ include "eck-operator.fullname" . }}-metrics-auth-role"
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+{{- end }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/configmap.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/configmap.yaml
new file mode 100644
index 00000000..01708b52
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/configmap.yaml
@@ -0,0 +1,81 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+data:
+ eck.yaml: |-
+ {{- $metricsPort := int (include "eck-operator.metrics.port" .)}}
+ log-verbosity: {{ int .Values.config.logVerbosity }}
+ {{- if and .Values.config.metrics.secureMode.enabled (eq $metricsPort 0) }}
+ {{- fail "config.metrics.port must be greater than 0 when config.metrics.secureMode.enabled is true" }}
+ {{- end }}
+ metrics-port: {{ $metricsPort }}
+ metrics-secure: {{ .Values.config.metrics.secureMode.enabled }}
+ container-registry: {{ .Values.config.containerRegistry }}
+ {{- with .Values.config.containerSuffix }}
+ container-suffix: {{ . }}
+ {{- end }}
+ {{- with .Values.config.containerRepository }}
+ container-repository: {{ . }}
+ {{- end }}
+ max-concurrent-reconciles: {{ int .Values.config.maxConcurrentReconciles }}
+ {{- with .Values.config.passwordHashCacheSize }}
+ password-hash-cache-size: {{ int . }}
+ {{- end }}
+ ca-cert-validity: {{ .Values.config.caValidity }}
+ ca-cert-rotate-before: {{ .Values.config.caRotateBefore }}
+ {{- with .Values.config.caDir }}
+ ca-dir: {{ . }}
+ {{- end }}
+ cert-validity: {{ .Values.config.certificatesValidity }}
+ cert-rotate-before: {{ .Values.config.certificatesRotateBefore }}
+ disable-config-watch: {{ .Values.config.disableConfigWatch }}
+ {{- with .Values.config.exposedNodeLabels }}
+ exposed-node-labels: [{{ join "," . }}]
+ {{- end }}
+ {{- with .Values.config.ipFamily }}
+ ip-family: {{ . }}
+ {{- end }}
+ set-default-security-context: {{ .Values.config.setDefaultSecurityContext }}
+ kube-client-timeout: {{ .Values.config.kubeClientTimeout }}
+ {{- with .Values.config.kubeClientQPS }}
+ kube-client-qps: {{ int . }}
+ {{- end }}
+ elasticsearch-client-timeout: {{ .Values.config.elasticsearchClientTimeout }}
+ disable-telemetry: {{ .Values.telemetry.disabled }}
+ distribution-channel: {{ .Values.telemetry.distributionChannel }}
+ {{- with .Values.telemetry.interval }}
+ telemetry-interval: {{ . }}
+ {{- end }}
+ validate-storage-class: {{ .Values.config.validateStorageClass }}
+ {{- if .Values.tracing.enabled }}
+ enable-tracing: true
+ {{- end }}
+ {{- if .Values.refs.enforceRBAC }}
+ enforce-rbac-on-refs: true
+ {{- end }}
+ enable-webhook: {{ .Values.webhook.enabled }}
+ {{- if .Values.webhook.enabled }}
+ webhook-name: {{ include "eck-operator.webhookName" . }}
+ {{- if not .Values.webhook.manageCerts }}
+ manage-webhook-certs: false
+ webhook-cert-dir: {{ .Values.webhook.certsDir }}
+ {{- end }}
+ webhook-port: {{ .Values.webhook.port }}
+ {{- end }}
+ {{- with .Values.managedNamespaces }}
+ namespaces: [{{ join "," . }}]
+ {{- end }}
+ operator-namespace: {{ .Release.Namespace }}
+ enable-leader-election: {{ .Values.config.enableLeaderElection }}
+ elasticsearch-observation-interval: {{ .Values.config.elasticsearchObservationInterval }}
+ {{- if not .Values.config.containerSuffix }}
+ ubi-only: {{ .Values.config.ubiOnly }}
+ {{- end }}
+ {{- with .Values.webhook.certsSecret }}
+ webhook-secret: {{ . }}
+ {{- end }}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/managed-namespaces.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/managed-namespaces.yaml
new file mode 100644
index 00000000..91deaf21
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/managed-namespaces.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.softMultiTenancy.enabled -}}
+{{- range .Values.managedNamespaces }}
+{{- $namespace := . }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+{{- end -}}
+{{- end -}}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/managed-ns-network-policy.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/managed-ns-network-policy.yaml
new file mode 100644
index 00000000..23fc1e3a
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/managed-ns-network-policy.yaml
@@ -0,0 +1,228 @@
+{{- if .Values.softMultiTenancy.enabled -}}
+{{- $fullName := include "eck-operator.fullname" . -}}
+{{- $name := include "eck-operator.name" . -}}
+{{- range .Values.managedNamespaces -}}
+{{- $namespace := . }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: "{{ $name }}-elasticsearch"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ egress:
+ # Transport port
+ - ports:
+ - port: 9300
+ to:
+ # Elasticsearch within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+ ingress:
+ # HTTP Port
+ - ports:
+ - port: 9200
+ from:
+ # Operator
+ - namespaceSelector:
+ matchLabels:
+ name: "{{ $.Release.Namespace }}"
+ podSelector:
+ matchLabels:
+ {{- include "eck-operator.selectorLabels" $ | nindent 14 }}
+ # Within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ # Transport port
+ - ports:
+ - port: 9300
+ from:
+ # Within namespace (from other Elasticsearch nodes)
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: "{{ $name }}-kibana"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "kibana"
+ egress:
+ # Elasticsearch HTTP port
+ - ports:
+ - port: 9200
+ to:
+ # Elasticsearch within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+ ingress:
+ # HTTP Port
+ - ports:
+ - port: 5601
+ from:
+ # Within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: "{{ $name }}-apm-server"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "apm-server"
+ egress:
+ # Elasticsearch HTTP port
+ - ports:
+ - port: 9200
+ to:
+ # Elasticsearch within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ # Kibana HTTP port
+ - ports:
+ - port: 5601
+ to:
+ # Kibana within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "kibana"
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+ ingress:
+ # HTTP Port
+ - ports:
+ - port: 8200
+ from:
+ # Within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: "{{ $name }}-enterprise-search"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "enterprise-search"
+ egress:
+ # Elasticsearch HTTP port
+ - ports:
+ - port: 9200
+ to:
+ # Elasticsearch within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+ ingress:
+ # HTTP Port
+ - ports:
+ - port: 3002
+ from:
+ # Within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: "{{ $name }}-beats"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "beat"
+ egress:
+ # Elasticsearch HTTP port
+ - ports:
+ - port: 9200
+ to:
+ # Elasticsearch within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ # Kibana HTTP port
+ - ports:
+ - port: 5601
+ to:
+ # Kibana within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "kibana"
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+{{- end }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/metrics-service.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/metrics-service.yaml
new file mode 100644
index 00000000..53bdc02b
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/metrics-service.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.config.metrics.secureMode.enabled }}
+{{- $metricsPort := int (include "eck-operator.metrics.port" .)}}
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/name: {{ include "eck-operator.name" . }}-metrics-service
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+ helm.sh/chart: {{ include "eck-operator.chart" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ name: "{{ include "eck-operator.fullname" . }}-metrics"
+ namespace: {{ .Release.Namespace }}
+spec:
+ ports:
+ - name: https
+ port: {{ $metricsPort }}
+ protocol: TCP
+ targetPort: metrics
+ selector:
+ {{- include "eck-operator.selectorLabels" . | nindent 4 }}
+{{- end }}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/operator-namespace.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/operator-namespace.yaml
new file mode 100644
index 00000000..07123b70
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/operator-namespace.yaml
@@ -0,0 +1,9 @@
+{{- if (and .Values.global.manifestGen .Values.global.createOperatorNamespace) -}}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: {{ .Release.Namespace }}
+ labels:
+ name: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/operator-network-policy.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/operator-network-policy.yaml
new file mode 100644
index 00000000..ad74156d
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/operator-network-policy.yaml
@@ -0,0 +1,59 @@
+{{- if .Values.softMultiTenancy.enabled -}}
+{{- $kubeAPIServerIP := (required "kubeAPIServerIP is required" .Values.kubeAPIServerIP) -}}
+{{- $metricsPort := int (include "eck-operator.metrics.port" .)}}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ .Release.Namespace}}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "eck-operator.selectorLabels" . | nindent 6 }}
+ egress:
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+ # API server
+ - ports:
+ - port: 443
+ to:
+ - ipBlock:
+ cidr: "{{ $kubeAPIServerIP }}/32"
+ # Elasticsearch
+ - ports:
+ - port: 9200
+ to:
+ - namespaceSelector:
+ matchExpressions:
+ - key: "eck.k8s.elastic.co/tenant"
+ operator: In
+ values:
+ {{- range .Values.managedNamespaces }}
+ - {{ . }}
+ {{- end }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+{{- if or .Values.webhook.enabled (gt $metricsPort 0) }}
+ ingress:
+{{- if .Values.webhook.enabled }}
+ - ports:
+ - port: {{ .Values.webhook.port }}
+ from:
+ - ipBlock:
+ cidr: "{{ $kubeAPIServerIP }}/32"
+{{- end }}
+{{- if gt $metricsPort 0 }}
+ # Metrics
+ - ports:
+ - port: {{ $metricsPort }}
+ from: []
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/pdb.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/pdb.yaml
new file mode 100644
index 00000000..42b494a3
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/pdb.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.podDisruptionBudget.enabled }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+spec:
+ {{- with .Values.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ . }}
+ {{- end }}
+ {{- with .Values.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ . }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "eck-operator.selectorLabels" . | nindent 6 }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/podMonitor.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/podMonitor.yaml
new file mode 100644
index 00000000..8e073cd3
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/podMonitor.yaml
@@ -0,0 +1,42 @@
+{{- $metricsPort := int (include "eck-operator.metrics.port" .)}}
+{{- if and .Values.config.metrics.secureMode.enabled (eq $metricsPort 0) }}
+{{- fail "config.metrics.port must be greater than 0 when config.metrics.secureMode.enabled is true" }}
+{{- end }}
+{{- if and .Values.podMonitor.enabled (gt $metricsPort 0) }}
+{{- if and .Values.podMonitor.enabled .Values.config.metrics.secureMode.enabled }}
+{{- fail "podMonitor and config.metrics.secureMode are mutually exclusive" }}
+{{- end }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ ternary .Values.podMonitor.namespace .Release.Namespace (not (and (.Values.podMonitor) (empty .Values.podMonitor.namespace))) }}
+ labels: {{- include "eck-operator.labels" . | nindent 4 }}
+ {{- with .Values.podMonitor.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.podMonitor.annotations }}
+ annotations: {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- with .Values.podMonitor.podTargetLabels }}
+ podTargetLabels: {{- toYaml . | nindent 4 }}
+ {{- end }}
+ podMetricsEndpoints:
+ - port: metrics
+ path: /metrics
+ {{- with .Values.podMonitor.interval }}
+ interval: {{ . }}
+ {{- end }}
+ {{- with .Values.podMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ . }}
+ {{- end }}
+ {{- with .Values.podMonitor.podMetricsEndpointConfig }}
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ selector:
+ matchLabels: {{- include "eck-operator.selectorLabels" . | nindent 6 }}
+{{- end }}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/role-bindings.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/role-bindings.yaml
new file mode 100644
index 00000000..0db9f278
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/role-bindings.yaml
@@ -0,0 +1,98 @@
+{{- $operatorNSIsManaged := has .Release.Namespace .Values.managedNamespaces -}}
+{{- $fullName := include "eck-operator.fullname" . -}}
+{{- $svcAccount := include "eck-operator.serviceAccountName" . }}
+{{- $enableSecureMetrics := .Values.config.metrics.secureMode.enabled -}}
+
+{{- if not .Values.createClusterScopedResources }}
+{{- range .Values.managedNamespaces }}
+{{- $namespace := . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: "{{ $fullName }}"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+rules:
+{{ template "eck-operator.rbacRules" $ | toYaml | indent 2 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: "{{ $fullName }}"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: "{{ $fullName }}"
+subjects:
+- kind: ServiceAccount
+ name: {{ $svcAccount }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }} {{- /* end of range over managed namespaces */}}
+{{- /* If createClusterScopedResources is false and operator namespace is not in the managed namespaces list, create additional role binding */}}
+{{- if not $operatorNSIsManaged }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ $fullName }}
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+rules:
+{{ template "eck-operator.rbacRules" $ | toYaml | indent 2 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: "{{ $fullName }}"
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: "{{ $fullName }}"
+subjects:
+- kind: ServiceAccount
+ name: {{ $svcAccount }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }} {{- /* end of operator role binding if operator namespace is not managed */}}
+{{- else }} {{- /* we can create cluster-scoped resources so just create a cluster role binding */}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ $fullName }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ $fullName }}
+subjects:
+- kind: ServiceAccount
+ name: {{ $svcAccount }}
+ namespace: {{ $.Release.Namespace }}
+{{- if $enableSecureMetrics }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+ name: "{{ include "eck-operator.fullname" . }}-metrics-auth-rolebinding"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: "{{ include "eck-operator.fullname" . }}-metrics-auth-role"
+subjects:
+- kind: ServiceAccount
+ name: {{ $svcAccount }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/service-account.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/service-account.yaml
new file mode 100644
index 00000000..f91acdcc
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/service-account.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.serviceAccount.create }}
+---
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+metadata:
+ name: {{ include "eck-operator.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+{{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/service-monitor.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/service-monitor.yaml
new file mode 100644
index 00000000..0d4a3d9c
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/service-monitor.yaml
@@ -0,0 +1,34 @@
+{{- if and .Values.config.metrics.secureMode.enabled .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ ternary .Values.serviceMonitor.namespace .Release.Namespace (not (and (.Values.serviceMonitor) (empty .Values.serviceMonitor.namespace))) }}
+ labels: {{- include "eck-operator.labels" . | nindent 4 }}
+spec:
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ include "eck-operator.name" . }}-metrics-service
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ endpoints:
+ - port: https
+ path: /metrics
+ scheme: https
+ interval: 30s
+ tlsConfig:
+ {{- $insecureSkipVerify := (ternary .Values.config.metrics.secureMode.tls.insecureSkipVerify .Values.serviceMonitor.insecureSkipVerify (hasKey .Values.config.metrics.secureMode.tls "insecureSkipVerify")) }}
+ insecureSkipVerify: {{ $insecureSkipVerify }}
+ {{- if (not $insecureSkipVerify) }}
+ {{- $caMountDirectory := or (.Values.config.metrics.secureMode.tls.caMountDirectory) (.Values.serviceMonitor.caMountDirectory) -}}
+ {{- $leading_path := trimSuffix "/" $caMountDirectory }}
+ {{- $caSecret := or (.Values.config.metrics.secureMode.tls.caSecret) (.Values.serviceMonitor.caSecret) -}}
+ {{- with $caSecret }}
+ caFile: "{{ $leading_path }}/{{ . }}/ca.crt"
+ {{- end }}
+ serverName: "{{ include "eck-operator.fullname" . }}-metrics.{{ .Release.Namespace }}.svc"
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+{{- end }}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/statefulset.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/statefulset.yaml
new file mode 100644
index 00000000..c607d8a3
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/statefulset.yaml
@@ -0,0 +1,162 @@
+---
+{{- $metricsPort := int (include "eck-operator.metrics.port" .)}}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ {{- with .Values.statefulsetAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+ {{- with .Values.statefulsetLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "eck-operator.selectorLabels" . | nindent 6 }}
+ serviceName: {{ include "eck-operator.fullname" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ annotations:
+ # Rename the fields "error" to "error.message" and "source" to "event.source"
+ # This is to avoid a conflict with the ECS "error" and "source" documents.
+ "co.elastic.logs/raw": "[{\"type\":\"filestream\",\"enabled\":true,\"id\":\"eck-container-logs-${data.kubernetes.container.id}\",\"paths\":[\"/var/log/containers/*${data.kubernetes.container.id}.log\"],\"parsers\":[{\"container\":{}},{\"ndjson\":{\"keys_under_root\":true}}],\"prospector.scanner.symlinks\":true,\"processors\":[{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"error\",\"to\":\"_error\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_error\",\"to\":\"error.message\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"source\",\"to\":\"_source\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_source\",\"to\":\"event.source\"}]}}]}]"
+ "checksum/config": {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- with .Values.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "eck-operator.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ terminationGracePeriodSeconds: 10
+ serviceAccountName: {{ include "eck-operator.serviceAccountName" . }}
+ automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
+ {{- with .Values.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
+ {{- with .Values.podSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ containers:
+ - image: "{{ .Values.image.repository }}{{- if .Values.config.ubiOnly -}}-ubi{{- end -}}{{- if .Values.image.fips -}}-fips{{- end -}}:{{ default .Chart.AppVersion .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ name: manager
+ args:
+ - "manager"
+ - "--config=/conf/eck.yaml"
+ {{- with .Values.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ env:
+ - name: OPERATOR_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ {{- if .Values.webhook.enabled }}
+ - name: WEBHOOK_SECRET
+ value: {{ include "eck-operator.webhookSecretName" . }}
+ {{- end }}
+ {{- with .Values.env }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- if .Values.tracing.enabled -}}
+ {{- range $name, $value := .Values.tracing.config }}
+ - name: {{ $name }}
+ value: {{ $value }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.resources }}
+ resources:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.webhook.enabled (gt $metricsPort 0) }}
+ ports:
+ {{- if (gt $metricsPort 0) }}
+ - containerPort: {{ $metricsPort }}
+ name: metrics
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.webhook.enabled }}
+ - containerPort: {{ .Values.webhook.port }}
+ name: https-webhook
+ protocol: TCP
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: "/conf"
+ name: conf
+ readOnly: true
+ {{- if .Values.webhook.enabled }}
+ - mountPath: {{ .Values.webhook.certsDir }}
+ name: cert
+ readOnly: true
+ {{- end }}
+ {{- if .Values.config.metrics.secureMode.tls.certificateSecret }}
+ - mountPath: "/tmp/k8s-metrics-server/serving-certs"
+ name: tls-certificate
+ readOnly: true
+ {{- end }}
+ {{- with .Values.volumeMounts }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ volumes:
+ - name: conf
+ configMap:
+ name: {{ include "eck-operator.fullname" . }}
+ {{- if .Values.webhook.enabled }}
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: {{ include "eck-operator.webhookSecretName" . }}
+ {{- end }}
+ {{- if .Values.config.metrics.secureMode.tls.certificateSecret }}
+ - name: tls-certificate
+ secret:
+ defaultMode: 420
+ secretName: {{ .Values.config.metrics.secureMode.tls.certificateSecret }}
+ {{- end }}
+ {{- with .Values.volumes }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.hostNetwork }}
+ hostNetwork: true
+ {{- end }}
+ {{- if .Values.dnsPolicy }}
+ dnsPolicy: {{ .Values.dnsPolicy }}
+ {{- else if .Values.hostNetwork }}
+ dnsPolicy: ClusterFirstWithHostNet
+ {{- end }}
+ {{- with .Values.dnsConfig }}
+ dnsConfig:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/validate-chart.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/validate-chart.yaml
new file mode 100644
index 00000000..326b70bc
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/validate-chart.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.softMultiTenancy.enabled -}}
+ {{- if has .Release.Namespace .Values.managedNamespaces -}}
+ {{- fail "Operator namespace cannot be in managed namespaces when soft multi-tenancy is enabled" -}}
+ {{- end -}}
+
+ {{- if empty .Values.managedNamespaces -}}
+ {{- fail "Managed namespaces must be defined when soft multi-tenancy is enabled" -}}
+ {{- end -}}
+
+ {{- if empty .Values.kubeAPIServerIP -}}
+ {{- fail "Soft multi-tenancy requires kubeAPIServerIP to be defined" -}}
+ {{- end -}}
+{{- end -}}
+
+{{- if (not .Values.createClusterScopedResources) -}}
+ {{- if .Values.webhook.enabled -}}
+ {{- fail "Webhook cannot be enabled when cluster-scoped resource creation is disabled" -}}
+ {{- end -}}
+
+ {{- if .Values.config.validateStorageClass -}}
+ {{- fail "Storage class validation cannot be enabled when cluster-scoped resource creation is disabled" -}}
+ {{- end -}}
+{{- end -}}
+
+{{- if (not .Values.config.enableLeaderElection) -}}
+ {{- if gt (int .Values.replicaCount) 1 -}}
+ {{- fail "Leader election must be enabled with more than one replica" -}}
+ {{- end -}}
+{{- end -}}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/templates/webhook.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/webhook.yaml
new file mode 100644
index 00000000..8f41e7d0
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/templates/webhook.yaml
@@ -0,0 +1,473 @@
+{{- if .Values.webhook.enabled -}}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: {{ include "eck-operator.webhookName" . }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+{{- with .Values.webhook.certManagerCert }}
+ annotations:
+ cert-manager.io/inject-ca-from: "{{ $.Release.Namespace }}/{{ . }}"
+{{- end }}
+webhooks:
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-agent-k8s-elastic-co-v1alpha1-agent
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-agent-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - agent.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - agents
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-apm-k8s-elastic-co-v1-apmserver
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-apm-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - apm.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - apmservers
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-apm-k8s-elastic-co-v1beta1-apmserver
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-apm-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - apm.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - apmservers
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-beat-k8s-elastic-co-v1beta1-beat
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-beat-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - beat.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - beats
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-enterprisesearch-k8s-elastic-co-v1-enterprisesearch
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-ent-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - enterprisesearch.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - enterprisesearches
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-enterprisesearch-k8s-elastic-co-v1beta1-enterprisesearch
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-ent-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - enterprisesearch.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - enterprisesearches
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-elasticsearch-k8s-elastic-co-v1-elasticsearch
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-es-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - elasticsearch.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - elasticsearches
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-elasticsearch-k8s-elastic-co-v1beta1-elasticsearch
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-es-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - elasticsearch.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - elasticsearches
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-ems-k8s-elastic-co-v1alpha1-mapsservers
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-ems-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - maps.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - mapsservers
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-kibana-k8s-elastic-co-v1-kibana
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-kb-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - kibana.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kibanas
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-kibana-k8s-elastic-co-v1beta1-kibana
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-kb-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - kibana.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kibanas
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-autoscaling-k8s-elastic-co-v1alpha1-elasticsearchautoscaler
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-esa-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - autoscaling.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - elasticsearchautoscalers
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-scp-k8s-elastic-co-v1alpha1-stackconfigpolicies
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-scp-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - stackconfigpolicy.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - stackconfigpolicies
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-logstash-k8s-elastic-co-v1alpha1-logstash
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-logstash-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1,v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - logstash.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - logstashes
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+spec:
+ ports:
+ - name: https
+ port: 443
+ targetPort: {{ .Values.webhook.port }}
+ selector:
+ {{- include "eck-operator.selectorLabels" . | nindent 4 }}
+{{- if .Values.webhook.manageCerts }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "eck-operator.webhookSecretName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+{{- end }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.1.0/charts/eck-operator/values.yaml b/packs/elastic-operator-3.1.0/charts/eck-operator/values.yaml
new file mode 100644
index 00000000..431b8faa
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/charts/eck-operator/values.yaml
@@ -0,0 +1,372 @@
+# nameOverride is the short name for the deployment. Leave empty to let Helm generate a name using chart values.
+nameOverride: "elastic-operator"
+
+# fullnameOverride is the full name for the deployment. Leave empty to let Helm generate a name using chart values.
+fullnameOverride: "elastic-operator"
+
+# managedNamespaces is the set of namespaces that the operator manages. Leave empty to manage all namespaces.
+managedNamespaces: []
+
+# installCRDs determines whether Custom Resource Definitions (CRD) are installed by the chart.
+# Note that CRDs are global resources and require cluster admin privileges to install.
+# If you are sharing a cluster with other users who may want to install ECK on their own namespaces, setting this to true can have unintended consequences.
+# 1. Upgrades will overwrite the global CRDs and could disrupt the other users of ECK who may be running a different version.
+# 2. Uninstalling the chart will delete the CRDs and potentially cause Elastic resources deployed by other users to be removed as well.
+installCRDs: true
+
+# replicaCount is the number of operator pods to run.
+replicaCount: 1
+
+image:
+ # repository is the container image prefixed by the registry name.
+ repository: docker.elastic.co/eck/eck-operator
+ # pullPolicy is the container image pull policy.
+ pullPolicy: IfNotPresent
+ # tag is the container image tag. If not defined, defaults to chart appVersion.
+ tag: null
+ # fips specifies whether the operator will use a FIPS compliant container image for its own StatefulSet image.
+ # This setting does not apply to Elastic Stack applications images.
+ # Can be combined with config.ubiOnly.
+ fips: false
+
+# priorityClassName defines the PriorityClass to be used by the operator pods.
+priorityClassName: ""
+
+# imagePullSecrets defines the secrets to use when pulling the operator container image.
+imagePullSecrets: []
+
+# resources define the container resource limits for the operator.
+resources:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+
+# statefulsetAnnotations define the annotations that should be added to the operator StatefulSet.
+statefulsetAnnotations: {}
+
+# statefulsetLabels define additional labels that should be added to the operator StatefulSet.
+statefulsetLabels: {}
+
+# podAnnotations define the annotations that should be added to the operator pod.
+podAnnotations: {}
+
+## podLabels define additional labels that should be added to the operator pod.
+podLabels: {}
+
+# podSecurityContext defines the pod security context for the operator pod.
+podSecurityContext:
+ runAsNonRoot: true
+
+# securityContext defines the security context of the operator container.
+securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+
+# nodeSelector defines the node selector for the operator pod.
+nodeSelector: {}
+
+# tolerations defines the node tolerations for the operator pod.
+tolerations: []
+
+# affinity defines the node affinity rules for the operator pod.
+affinity: {}
+
+# podDisruptionBudget configures the minimum or the maxium available pods for voluntary disruptions,
+# set to either an integer (e.g. 1) or a percentage value (e.g. 25%).
+podDisruptionBudget:
+ enabled: false
+ minAvailable: 1
+ # maxUnavailable: 3
+
+# additional environment variables for the operator container.
+env: []
+
+# additional volume mounts for the operator container.
+volumeMounts: []
+
+# additional volumes to add to the operator pod.
+volumes: []
+
+# createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created.
+createClusterScopedResources: true
+
+# Automount API credentials for the Service Account into the pod.
+automountServiceAccountToken: true
+
+serviceAccount:
+ # create specifies whether a service account should be created for the operator.
+ create: true
+ # Specifies whether a service account should automount API credentials.
+ automountServiceAccountToken: true
+ # annotations to add to the service account
+ annotations: {}
+ # name of the service account to use. If not set and create is true, a name is generated using the fullname template.
+ name: ""
+
+tracing:
+ # enabled specifies whether APM tracing is enabled for the operator.
+ enabled: false
+ # config is a map of APM Server configuration variables that should be set in the environment.
+ config:
+ ELASTIC_APM_SERVER_URL: http://localhost:8200
+ ELASTIC_APM_SERVER_TIMEOUT: 30s
+
+refs:
+ # enforceRBAC specifies whether RBAC should be enforced for cross-namespace associations between resources.
+ enforceRBAC: false
+
+webhook:
+ # enabled determines whether the webhook is installed.
+ enabled: true
+ # caBundle is the PEM-encoded CA trust bundle for the webhook certificate. Only required if manageCerts is false and certManagerCert is null.
+ caBundle: Cg==
+ # certManagerCert is the name of the cert-manager certificate to use with the webhook.
+ certManagerCert: null
+ # certsDir is the directory to mount the certificates.
+ certsDir: "/tmp/k8s-webhook-server/serving-certs"
+ # failurePolicy of the webhook.
+ failurePolicy: Ignore
+ # manageCerts determines whether the operator manages the webhook certificates automatically.
+ manageCerts: true
+ # namespaceSelector corresponds to the namespaceSelector property of the webhook.
+ # Setting this restricts the webhook to act only on objects submitted to namespaces that match the selector.
+ namespaceSelector: {}
+ # objectSelector corresponds to the objectSelector property of the webhook.
+ # Setting this restricts the webhook to act only on objects that match the selector.
+ objectSelector: {}
+ # port is the port that the validating webhook binds to.
+ port: 9443
+ # secret specifies the Kubernetes secret to be mounted into the path designated by the certsDir value to be used for webhook certificates.
+ certsSecret: ""
+
+# hostNetwork allows a Pod to use the Node network namespace.
+# This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled.
+# If hostNetwork is enabled, dnsPolicy defaults to ClusterFirstWithHostNet unless explicitly set.
+# CAUTION: Proceed at your own risk. This setting has security concerns such as allowing malicious users to access workloads running on the host.
+hostNetwork: false
+
+# dnsPolicy defines the DNS policy for the operator pod.
+# Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy for more details.
+dnsPolicy: ""
+
+# dnsConfig defines the DNS configuration for the operator pod.
+# Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for more details.
+# dnsConfig:
+# nameservers:
+# - 169.254.20.10
+# searches:
+# - svc.cluster.local
+# options:
+# - name: ndots
+# value: "2"
+dnsConfig: {}
+
+softMultiTenancy:
+ # enabled determines whether the operator is installed with soft multi-tenancy extensions.
+ # This requires network policies to be enabled on the Kubernetes cluster.
+ enabled: false
+
+# kubeAPIServerIP is required when softMultiTenancy is enabled.
+kubeAPIServerIP: null
+
+telemetry:
+ # disabled determines whether the operator periodically updates ECK telemetry data for Kibana to consume.
+ disabled: false
+ # distributionChannel denotes which distribution channel was used to install the operator.
+ distributionChannel: "helm"
+
+# config values for the operator.
+config:
+ # logVerbosity defines the logging level. Valid values are as follows:
+ # -2: Errors only
+ # -1: Errors and warnings
+ # 0: Errors, warnings, and information
+ # number greater than 0: Errors, warnings, information, and debug details.
+ logVerbosity: "0"
+
+ # (Deprecated: use metrics.port: will be removed in v2.14.0) metricsPort defines the port to expose operator metrics. Set to 0 to disable metrics reporting.
+ metricsPort: 0
+
+ metrics:
+ # port defines the port to expose operator metrics. Set to 0 to disable metrics reporting.
+ port: "0"
+ # secureMode contains the options for enabling and configuring RBAC and TLS/HTTPs for the metrics endpoint.
+ secureMode:
+ # secureMode.enabled specifies whether to enable RBAC and TLS/HTTPs for the metrics endpoint.
+ # * This option makes most sense when using a ServiceMonitor to scrape the metrics and is therefore mutually exclusive with the podMonitor.enabled option.
+ # * This option also requires using cluster scoped resources (ClusterRole, ClusterRoleBinding) to
+ # grant access to the /metrics endpoint. (createClusterScopedResources: true is required)
+ #
+ enabled: false
+ tls:
+ # certificateSecret is the name of the tls secret containing the custom TLS certificate and key for the secure metrics endpoint.
+ #
+ # * This is an optional setting and is only required if you are using a custom TLS certificate. A self-signed certificate will be generated by default.
+ # * TLS secret key must be named tls.crt.
+ # * TLS key's secret key must be named tls.key.
+ # * It is assumed to be in the same namespace as the ServiceMonitor.
+ #
+ # example: kubectl create secret tls eck-metrics-tls-certificate -n elastic-system \
+ # --cert=/path/to/tls.crt --key=/path/to/tls.key
+ certificateSecret: ""
+
+ # containerRegistry to use for pulling Elasticsearch and other application container images.
+ containerRegistry: docker.elastic.co
+
+ # containerRepository to use for pulling Elasticsearch and other application container images.
+ # containerRepository: ""
+
+ # containerSuffix suffix to be appended to container images by default. Cannot be combined with -ubiOnly flag
+ # containerSuffix: ""
+
+ # maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller.
+ maxConcurrentReconciles: "3"
+
+ # caValidity defines the validity period of the CA certificates generated by the operator.
+ caValidity: 8760h
+
+ # caRotateBefore defines when to rotate a CA certificate that is due to expire.
+ caRotateBefore: 24h
+
+ # caDir defines the directory containing a CA certificate (tls.crt) and its associated private key (tls.key) to be used for all managed resources.
+ # Setting this makes caRotateBefore and caValidity values ineffective.
+ caDir: ""
+
+ # certificatesValidity defines the validity period of certificates generated by the operator.
+ certificatesValidity: 8760h
+
+ # certificatesRotateBefore defines when to rotate a certificate that is due to expire.
+ certificatesRotateBefore: 24h
+
+ # disableConfigWatch specifies whether the operator watches the configuration file for changes.
+ disableConfigWatch: false
+
+ # exposedNodeLabels is an array of regular expressions of node labels which are allowed to be copied as annotations on Elasticsearch Pods.
+ exposedNodeLabels: [ "topology.kubernetes.io/.*", "failure-domain.beta.kubernetes.io/.*" ]
+
+ # ipFamily specifies the IP family to use. Possible values: IPv4, IPv6 and "" (auto-detect)
+ ipFamily: ""
+
+ # setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator.
+ # *note* that the default option now is "auto-detect" to attempt to set this properly automatically when both running
+ # in an openshift cluster, and a standard kubernetes cluster. Valid values are as follows:
+ # "auto-detect" : auto detect
+ # "true" : set pod security context when creating resources.
+ # "false" : do not set pod security context when creating resources.
+ setDefaultSecurityContext: "auto-detect"
+
+ # kubeClientTimeout sets the request timeout for Kubernetes API calls made by the operator.
+ kubeClientTimeout: 60s
+
+ # elasticsearchClientTimeout sets the request timeout for Elasticsearch API calls made by the operator.
+ elasticsearchClientTimeout: 180s
+
+ # validateStorageClass specifies whether storage classes volume expansion support should be verified.
+ # Can be disabled if cluster-wide storage class RBAC access is not available.
+ validateStorageClass: true
+
+ # enableLeaderElection specifies whether leader election should be enabled
+ enableLeaderElection: true
+
+ # Interval between observations of Elasticsearch health, non-positive values disable asynchronous observation.
+ elasticsearchObservationInterval: 10s
+
+ # ubiOnly specifies whether the operator will use only UBI container images to deploy Elastic Stack applications as well as for its own StatefulSet image. UBI images are only available from 7.10.0 onward.
+ # Cannot be combined with the containerSuffix value.
+ ubiOnly: false
+
+# Prometheus PodMonitor configuration
+# Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor
+podMonitor:
+
+ # enabled determines whether a podMonitor should deployed to scrape the eck metrics.
+ # This requires the prometheus operator and the config.metrics.port not to be 0
+ enabled: false
+
+ # labels adds additional labels to the podMonitor
+ labels: {}
+
+ # annotations adds additional annotations to the podMonitor
+ annotations: {}
+
+ # namespace determines in which namespace the podMonitor will be deployed.
+ # If not set the podMonitor will be created in the namespace where the Helm release is installed into
+ # namespace: monitoring
+
+ # interval specifies the interval at which metrics should be scraped
+ interval: 5m
+
+ # scrapeTimeout specifies the timeout after which the scrape is ended
+ scrapeTimeout: 30s
+
+ # podTargetLabels transfers labels on the Kubernetes Pod onto the target.
+ podTargetLabels: []
+
+ # podMetricsEndpointConfig allows to add an extended configuration to the podMonitor
+ podMetricsEndpointConfig: {}
+ # honorTimestamps: true
+
+# Prometheus ServiceMonitor configuration
+# Only used when config.enableSecureMetrics is true
+# Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#servicemonitor
+serviceMonitor:
+ # This option requires the following settings within Prometheus to function:
+ # 1. RBAC settings for the Prometheus instance to access the metrics endpoint.
+ #
+ # - nonResourceURLs:
+ # - /metrics
+ # verbs:
+ # - get
+ #
+ # 2. If using the Prometheus Operator and your Prometheus instance is not in the same namespace as the operator you will need
+ # the Prometheus Operator configured with the following Helm values:
+ #
+ # prometheus:
+ # prometheusSpec:
+ # serviceMonitorNamespaceSelector: {}
+ # serviceMonitorSelectorNilUsesHelmValues: false
+ #
+ # allows to disable the serviceMonitor, enabled by default for backwards compatibility
+ enabled: true
+ # namespace determines in which namespace the serviceMonitor will be deployed.
+ # If not set the serviceMonitor will be created in the namespace where the Helm release is installed into
+ # namespace: monitoring
+ # caSecret is the name of the secret containing the custom CA certificate used to generate the custom TLS certificate for the secure metrics endpoint.
+ #
+ # * This *must* be the name of the secret containing the CA certificate used to sign the custom TLS certificate for the metrics endpoint.
+ # * This secret *must* be in the same namespace as the Prometheus instance that will scrape the metrics.
+ # * If using the Prometheus operator this secret must be within the `spec.secrets` field of the `Prometheus` custom resource such that it is mounted into the Prometheus pod at `caMountDirectory`, which defaults to /etc/prometheus/secrets/{secret-name}.
+ # * This is an optional setting and is only required if you are using a custom TLS certificate.
+ # * Key must be named ca.crt.
+ #
+ # example: kubectl create secret generic eck-metrics-tls-ca -n monitoring \
+ # --from-file=ca.crt=/path/to/ca.pem
+ caSecret: ""
+ # caMountDirectory is the directory at which the CA certificate is mounted within the Prometheus pod.
+ #
+ # * You should only need to adjust this if you are *not* using the Prometheus operator.
+ caMountDirectory: "/etc/prometheus/secrets/"
+ # insecureSkipVerify specifies whether to skip verification of the TLS certificate for the secure metrics endpoint.
+ #
+ # * If this setting is set to false, then the following settings are required:
+ # - certificateSecret
+ # - caSecret
+ insecureSkipVerify: true
+
+# Globals meant for internal use only
+global:
+ # manifestGen specifies whether the chart is running under manifest generator.
+ # This is used for tasks specific to generating the all-in-one.yaml file.
+ manifestGen: false
+ # createOperatorNamespace defines whether the operator namespace manifest should be generated when in manifestGen mode.
+ # Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests).
+ createOperatorNamespace: true
+ # kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml.
+ kubeVersion: 1.21.0
diff --git a/packs/elastic-operator-3.1.0/logo.png b/packs/elastic-operator-3.1.0/logo.png
new file mode 100644
index 00000000..fa70b78d
Binary files /dev/null and b/packs/elastic-operator-3.1.0/logo.png differ
diff --git a/packs/elastic-operator-3.1.0/pack.json b/packs/elastic-operator-3.1.0/pack.json
new file mode 100644
index 00000000..410cb755
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/pack.json
@@ -0,0 +1,39 @@
+{
+ "addonType": "logging",
+ "annotations": {
+ "commit_msg": "Elastic Cloud on Kubernetes (ECK) operator",
+ "source": "community",
+ "contributor" : "spectrocloud"
+ },
+ "charts": [
+ "charts/eck-operator-3.1.0.tgz"
+ ],
+ "cloudTypes": [
+ "all"
+ ],
+ "displayName": "ECK Operator",
+ "layer":"addon",
+ "name": "elastic-operator",
+ "version": "3.1.0",
+ "constraints": {
+ "dependencies": [
+ {
+ "packName": "kubernetes",
+ "layer": "k8s",
+ "minVersion": "1.27",
+ "maxVersion": "",
+ "type": "optional"
+ }
+ ],
+ "resources": [
+ {
+ "type": "cpu",
+ "minLimit": 100
+ },
+ {
+ "type": "memory",
+ "minLimit": 150
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/packs/elastic-operator-3.1.0/values.yaml b/packs/elastic-operator-3.1.0/values.yaml
new file mode 100644
index 00000000..c37ef0bd
--- /dev/null
+++ b/packs/elastic-operator-3.1.0/values.yaml
@@ -0,0 +1,389 @@
+# Default values for eck-elastic-operator
+# This is a YAML-formatted file
+pack:
+ content:
+ images:
+ - image: docker.elastic.co/eck/eck-operator:3.1.0
+
+ charts:
+ - repo: https://helm.elastic.co/
+ name: eck-operator
+ version: 3.1.0
+ #The namespace (on the target cluster) to install this chart
+ #When not found, a new namespace will be created
+ namespace: "elastic-operator"
+
+charts:
+ eck-operator:
+ # nameOverride is the short name for the deployment. Leave empty to let Helm generate a name using chart values.
+ nameOverride: "elastic-operator"
+
+ # fullnameOverride is the full name for the deployment. Leave empty to let Helm generate a name using chart values.
+ fullnameOverride: "elastic-operator"
+
+ # managedNamespaces is the set of namespaces that the operator manages. Leave empty to manage all namespaces.
+ managedNamespaces: []
+
+ # installCRDs determines whether Custom Resource Definitions (CRD) are installed by the chart.
+ # Note that CRDs are global resources and require cluster admin privileges to install.
+ # If you are sharing a cluster with other users who may want to install ECK on their own namespaces, setting this to true can have unintended consequences.
+ # 1. Upgrades will overwrite the global CRDs and could disrupt the other users of ECK who may be running a different version.
+ # 2. Uninstalling the chart will delete the CRDs and potentially cause Elastic resources deployed by other users to be removed as well.
+ installCRDs: true
+
+ # replicaCount is the number of operator pods to run.
+ replicaCount: 1
+
+ image:
+ # repository is the container image prefixed by the registry name.
+ repository: docker.elastic.co/eck/eck-operator
+ # pullPolicy is the container image pull policy.
+ pullPolicy: IfNotPresent
+ # tag is the container image tag. If not defined, defaults to chart appVersion.
+ tag: null
+ # fips specifies whether the operator will use a FIPS compliant container image for its own StatefulSet image.
+ # This setting does not apply to Elastic Stack applications images.
+ # Can be combined with config.ubiOnly.
+ fips: false
+
+ # priorityClassName defines the PriorityClass to be used by the operator pods.
+ priorityClassName: ""
+
+ # imagePullSecrets defines the secrets to use when pulling the operator container image.
+ imagePullSecrets: []
+
+ # resources define the container resource limits for the operator.
+ resources:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+
+ # statefulsetAnnotations define the annotations that should be added to the operator StatefulSet.
+ statefulsetAnnotations: {}
+
+ # statefulsetLabels define additional labels that should be added to the operator StatefulSet.
+ statefulsetLabels: {}
+
+ # podAnnotations define the annotations that should be added to the operator pod.
+ podAnnotations: {}
+
+ ## podLabels define additional labels that should be added to the operator pod.
+ podLabels: {}
+
+ # podSecurityContext defines the pod security context for the operator pod.
+ podSecurityContext:
+ runAsNonRoot: true
+
+ # securityContext defines the security context of the operator container.
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+
+ # nodeSelector defines the node selector for the operator pod.
+ nodeSelector: {}
+
+ # tolerations defines the node tolerations for the operator pod.
+ tolerations: []
+
+ # affinity defines the node affinity rules for the operator pod.
+ affinity: {}
+
+ # podDisruptionBudget configures the minimum or the maxium available pods for voluntary disruptions,
+ # set to either an integer (e.g. 1) or a percentage value (e.g. 25%).
+ podDisruptionBudget:
+ enabled: false
+ minAvailable: 1
+ # maxUnavailable: 3
+
+ # additional environment variables for the operator container.
+ env: []
+
+ # additional volume mounts for the operator container.
+ volumeMounts: []
+
+ # additional volumes to add to the operator pod.
+ volumes: []
+
+ # createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created.
+ createClusterScopedResources: true
+
+ # Automount API credentials for the Service Account into the pod.
+ automountServiceAccountToken: true
+
+ serviceAccount:
+ # create specifies whether a service account should be created for the operator.
+ create: true
+ # Specifies whether a service account should automount API credentials.
+ automountServiceAccountToken: true
+ # annotations to add to the service account
+ annotations: {}
+ # name of the service account to use. If not set and create is true, a name is generated using the fullname template.
+ name: ""
+
+ tracing:
+ # enabled specifies whether APM tracing is enabled for the operator.
+ enabled: false
+ # config is a map of APM Server configuration variables that should be set in the environment.
+ config:
+ ELASTIC_APM_SERVER_URL: http://localhost:8200
+ ELASTIC_APM_SERVER_TIMEOUT: 30s
+
+ refs:
+ # enforceRBAC specifies whether RBAC should be enforced for cross-namespace associations between resources.
+ enforceRBAC: false
+
+ webhook:
+ # enabled determines whether the webhook is installed.
+ enabled: true
+ # caBundle is the PEM-encoded CA trust bundle for the webhook certificate. Only required if manageCerts is false and certManagerCert is null.
+ caBundle: Cg==
+ # certManagerCert is the name of the cert-manager certificate to use with the webhook.
+ certManagerCert: null
+ # certsDir is the directory to mount the certificates.
+ certsDir: "/tmp/k8s-webhook-server/serving-certs"
+ # failurePolicy of the webhook.
+ failurePolicy: Ignore
+ # manageCerts determines whether the operator manages the webhook certificates automatically.
+ manageCerts: true
+ # namespaceSelector corresponds to the namespaceSelector property of the webhook.
+ # Setting this restricts the webhook to act only on objects submitted to namespaces that match the selector.
+ namespaceSelector: {}
+ # objectSelector corresponds to the objectSelector property of the webhook.
+ # Setting this restricts the webhook to act only on objects that match the selector.
+ objectSelector: {}
+ # port is the port that the validating webhook binds to.
+ port: 9443
+ # secret specifies the Kubernetes secret to be mounted into the path designated by the certsDir value to be used for webhook certificates.
+ certsSecret: ""
+
+ # hostNetwork allows a Pod to use the Node network namespace.
+ # This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled.
+ # If hostNetwork is enabled, dnsPolicy defaults to ClusterFirstWithHostNet unless explicitly set.
+ # CAUTION: Proceed at your own risk. This setting has security concerns such as allowing malicious users to access workloads running on the host.
+ hostNetwork: false
+
+ # dnsPolicy defines the DNS policy for the operator pod.
+ # Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy for more details.
+ dnsPolicy: ""
+
+ # dnsConfig defines the DNS configuration for the operator pod.
+ # Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for more details.
+ # dnsConfig:
+ # nameservers:
+ # - 169.254.20.10
+ # searches:
+ # - svc.cluster.local
+ # options:
+ # - name: ndots
+ # value: "2"
+ dnsConfig: {}
+
+ softMultiTenancy:
+ # enabled determines whether the operator is installed with soft multi-tenancy extensions.
+ # This requires network policies to be enabled on the Kubernetes cluster.
+ enabled: false
+
+ # kubeAPIServerIP is required when softMultiTenancy is enabled.
+ kubeAPIServerIP: null
+
+ telemetry:
+ # disabled determines whether the operator periodically updates ECK telemetry data for Kibana to consume.
+ disabled: false
+ # distributionChannel denotes which distribution channel was used to install the operator.
+ distributionChannel: "helm"
+
+ # config values for the operator.
+ config:
+ # logVerbosity defines the logging level. Valid values are as follows:
+ # -2: Errors only
+ # -1: Errors and warnings
+ # 0: Errors, warnings, and information
+ # number greater than 0: Errors, warnings, information, and debug details.
+ logVerbosity: "0"
+
+ # (Deprecated: use metrics.port: will be removed in v2.14.0) metricsPort defines the port to expose operator metrics. Set to 0 to disable metrics reporting.
+ metricsPort: 0
+
+ metrics:
+ # port defines the port to expose operator metrics. Set to 0 to disable metrics reporting.
+ port: "0"
+ # secureMode contains the options for enabling and configuring RBAC and TLS/HTTPs for the metrics endpoint.
+ secureMode:
+ # secureMode.enabled specifies whether to enable RBAC and TLS/HTTPs for the metrics endpoint.
+ # * This option makes most sense when using a ServiceMonitor to scrape the metrics and is therefore mutually exclusive with the podMonitor.enabled option.
+ # * This option also requires using cluster scoped resources (ClusterRole, ClusterRoleBinding) to
+ # grant access to the /metrics endpoint. (createClusterScopedResources: true is required)
+ #
+ enabled: false
+ tls:
+ # certificateSecret is the name of the tls secret containing the custom TLS certificate and key for the secure metrics endpoint.
+ #
+ # * This is an optional setting and is only required if you are using a custom TLS certificate. A self-signed certificate will be generated by default.
+ # * TLS secret key must be named tls.crt.
+ # * TLS key's secret key must be named tls.key.
+ # * It is assumed to be in the same namespace as the ServiceMonitor.
+ #
+ # example: kubectl create secret tls eck-metrics-tls-certificate -n elastic-system \
+ # --cert=/path/to/tls.crt --key=/path/to/tls.key
+ certificateSecret: ""
+
+ # containerRegistry to use for pulling Elasticsearch and other application container images.
+ containerRegistry: docker.elastic.co
+
+ # containerRepository to use for pulling Elasticsearch and other application container images.
+ # containerRepository: ""
+
+ # containerSuffix suffix to be appended to container images by default. Cannot be combined with -ubiOnly flag
+ # containerSuffix: ""
+
+ # maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller.
+ maxConcurrentReconciles: "3"
+
+ # caValidity defines the validity period of the CA certificates generated by the operator.
+ caValidity: 8760h
+
+ # caRotateBefore defines when to rotate a CA certificate that is due to expire.
+ caRotateBefore: 24h
+
+ # caDir defines the directory containing a CA certificate (tls.crt) and its associated private key (tls.key) to be used for all managed resources.
+ # Setting this makes caRotateBefore and caValidity values ineffective.
+ caDir: ""
+
+ # certificatesValidity defines the validity period of certificates generated by the operator.
+ certificatesValidity: 8760h
+
+ # certificatesRotateBefore defines when to rotate a certificate that is due to expire.
+ certificatesRotateBefore: 24h
+
+ # disableConfigWatch specifies whether the operator watches the configuration file for changes.
+ disableConfigWatch: false
+
+ # exposedNodeLabels is an array of regular expressions of node labels which are allowed to be copied as annotations on Elasticsearch Pods.
+ exposedNodeLabels: [ "topology.kubernetes.io/.*", "failure-domain.beta.kubernetes.io/.*" ]
+
+ # ipFamily specifies the IP family to use. Possible values: IPv4, IPv6 and "" (auto-detect)
+ ipFamily: ""
+
+ # setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator.
+ # *note* that the default option now is "auto-detect" to attempt to set this properly automatically when both running
+ # in an openshift cluster, and a standard kubernetes cluster. Valid values are as follows:
+ # "auto-detect" : auto detect
+ # "true" : set pod security context when creating resources.
+ # "false" : do not set pod security context when creating resources.
+ setDefaultSecurityContext: "auto-detect"
+
+ # kubeClientTimeout sets the request timeout for Kubernetes API calls made by the operator.
+ kubeClientTimeout: 60s
+
+ # elasticsearchClientTimeout sets the request timeout for Elasticsearch API calls made by the operator.
+ elasticsearchClientTimeout: 180s
+
+ # validateStorageClass specifies whether storage classes volume expansion support should be verified.
+ # Can be disabled if cluster-wide storage class RBAC access is not available.
+ validateStorageClass: true
+
+ # enableLeaderElection specifies whether leader election should be enabled
+ enableLeaderElection: true
+
+ # Interval between observations of Elasticsearch health, non-positive values disable asynchronous observation.
+ elasticsearchObservationInterval: 10s
+
+ # ubiOnly specifies whether the operator will use only UBI container images to deploy Elastic Stack applications as well as for its own StatefulSet image. UBI images are only available from 7.10.0 onward.
+ # Cannot be combined with the containerSuffix value.
+ ubiOnly: false
+
+ # Prometheus PodMonitor configuration
+ # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor
+ podMonitor:
+
+ # enabled determines whether a podMonitor should deployed to scrape the eck metrics.
+ # This requires the prometheus operator and the config.metrics.port not to be 0
+ enabled: false
+
+ # labels adds additional labels to the podMonitor
+ labels: {}
+
+ # annotations adds additional annotations to the podMonitor
+ annotations: {}
+
+ # namespace determines in which namespace the podMonitor will be deployed.
+ # If not set the podMonitor will be created in the namespace where the Helm release is installed into
+ # namespace: monitoring
+
+ # interval specifies the interval at which metrics should be scraped
+ interval: 5m
+
+ # scrapeTimeout specifies the timeout after which the scrape is ended
+ scrapeTimeout: 30s
+
+ # podTargetLabels transfers labels on the Kubernetes Pod onto the target.
+ podTargetLabels: []
+
+ # podMetricsEndpointConfig allows to add an extended configuration to the podMonitor
+ podMetricsEndpointConfig: {}
+ # honorTimestamps: true
+
+ # Prometheus ServiceMonitor configuration
+ # Only used when config.enableSecureMetrics is true
+ # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#servicemonitor
+ serviceMonitor:
+ # This option requires the following settings within Prometheus to function:
+ # 1. RBAC settings for the Prometheus instance to access the metrics endpoint.
+ #
+ # - nonResourceURLs:
+ # - /metrics
+ # verbs:
+ # - get
+ #
+ # 2. If using the Prometheus Operator and your Prometheus instance is not in the same namespace as the operator you will need
+ # the Prometheus Operator configured with the following Helm values:
+ #
+ # prometheus:
+ # prometheusSpec:
+ # serviceMonitorNamespaceSelector: {}
+ # serviceMonitorSelectorNilUsesHelmValues: false
+ #
+ # allows to disable the serviceMonitor, enabled by default for backwards compatibility
+ enabled: true
+ # namespace determines in which namespace the serviceMonitor will be deployed.
+ # If not set the serviceMonitor will be created in the namespace where the Helm release is installed into
+ # namespace: monitoring
+ # caSecret is the name of the secret containing the custom CA certificate used to generate the custom TLS certificate for the secure metrics endpoint.
+ #
+ # * This *must* be the name of the secret containing the CA certificate used to sign the custom TLS certificate for the metrics endpoint.
+ # * This secret *must* be in the same namespace as the Prometheus instance that will scrape the metrics.
+ # * If using the Prometheus operator this secret must be within the `spec.secrets` field of the `Prometheus` custom resource such that it is mounted into the Prometheus pod at `caMountDirectory`, which defaults to /etc/prometheus/secrets/{secret-name}.
+ # * This is an optional setting and is only required if you are using a custom TLS certificate.
+ # * Key must be named ca.crt.
+ #
+ # example: kubectl create secret generic eck-metrics-tls-ca -n monitoring \
+ # --from-file=ca.crt=/path/to/ca.pem
+ caSecret: ""
+ # caMountDirectory is the directory at which the CA certificate is mounted within the Prometheus pod.
+ #
+ # * You should only need to adjust this if you are *not* using the Prometheus operator.
+ caMountDirectory: "/etc/prometheus/secrets/"
+ # insecureSkipVerify specifies whether to skip verification of the TLS certificate for the secure metrics endpoint.
+ #
+ # * If this setting is set to false, then the following settings are required:
+ # - certificateSecret
+ # - caSecret
+ insecureSkipVerify: true
+
+ # Globals meant for internal use only
+ global:
+ # manifestGen specifies whether the chart is running under manifest generator.
+ # This is used for tasks specific to generating the all-in-one.yaml file.
+ manifestGen: false
+ # createOperatorNamespace defines whether the operator namespace manifest should be generated when in manifestGen mode.
+ # Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests).
+ createOperatorNamespace: true
+ # kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml.
+ kubeVersion: 1.21.0
diff --git a/packs/elastic-operator-3.2.0/README.md b/packs/elastic-operator-3.2.0/README.md
new file mode 100644
index 00000000..df41d6c2
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/README.md
@@ -0,0 +1,43 @@
+# Elastic Cloud on Kubernetes (ECK)
+
+Elastic Cloud on Kubernetes automates the deployment, provisioning, management, and orchestration of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes based on the operator pattern.
+
+Current features:
+
+* Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats deployments
+* TLS Certificates management
+* Safe Elasticsearch cluster configuration & topology changes
+* Persistent volumes usage
+* Custom node configuration and attributes
+* Secure settings keystore updates
+
+Supported versions:
+
+* Kubernetes 1.25-1.29
+* Elasticsearch, Kibana, APM Server: 6.8+, 7.1+, 8+, 9+
+* Enterprise Search: 7.7+, 8+, 9+
+* Beats: 7.0+, 8+, 9+
+* Elastic Agent: 7.10+ (standalone), 7.14+, 8+ (Fleet), 9+
+* Elastic Maps Server: 7.11+, 8+, 9+
+* Logstash 8.7+
+
+Check the [Quickstart](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html) to deploy your first cluster with ECK.
+
+For general questions, please see the Elastic [forums](https://discuss.elastic.co/c/eck).
+
+# ECK Operator Helm Chart
+
+A Helm chart to install the ECK Operator: the official Kubernetes operator from Elastic to orchestrate Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats on Kubernetes.
+
+For more information about the ECK Operator, see:
+- [Documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html)
+- [GitHub repo](https://github.com/elastic/cloud-on-k8s)
+
+
+## Requirements
+
+- Supported Kubernetes versions are listed in the documentation: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_supported_versions.html
+
+## Usage
+
+Refer to the documentation at https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html
\ No newline at end of file
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator-3.2.0.tgz b/packs/elastic-operator-3.2.0/charts/eck-operator-3.2.0.tgz
new file mode 100644
index 00000000..64ef4e19
Binary files /dev/null and b/packs/elastic-operator-3.2.0/charts/eck-operator-3.2.0.tgz differ
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/.helmignore b/packs/elastic-operator-3.2.0/charts/eck-operator/.helmignore
new file mode 100644
index 00000000..f5e0fb21
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
\ No newline at end of file
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/Chart.lock b/packs/elastic-operator-3.2.0/charts/eck-operator/Chart.lock
new file mode 100644
index 00000000..6ceb0ec7
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: eck-operator-crds
+ repository: ""
+ version: 3.2.0
+digest: sha256:29bf07f8c48d5775183fea3aadd1cd3611add8af3576dd0528d45375a8a6e7aa
+generated: "2025-10-30T08:49:46.07268429Z"
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/Chart.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/Chart.yaml
new file mode 100644
index 00000000..5120c591
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/Chart.yaml
@@ -0,0 +1,26 @@
+apiVersion: v2
+appVersion: 3.2.0
+dependencies:
+- condition: installCRDs
+ name: eck-operator-crds
+ repository: ""
+ version: 3.2.0
+description: Elastic Cloud on Kubernetes (ECK) operator
+home: https://github.com/elastic/cloud-on-k8s
+icon: https://helm.elastic.co/icons/eck.png
+keywords:
+- Logstash
+- Elasticsearch
+- Kibana
+- APM Server
+- Beats
+- Enterprise Search
+- Elastic Stack
+- Operator
+kubeVersion: '>=1.21.0-0'
+maintainers:
+- email: eck@elastic.co
+ name: Elastic
+name: eck-operator
+type: application
+version: 3.2.0
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/LICENSE b/packs/elastic-operator-3.2.0/charts/eck-operator/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/README.md b/packs/elastic-operator-3.2.0/charts/eck-operator/README.md
new file mode 100644
index 00000000..86452e3d
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/README.md
@@ -0,0 +1,20 @@
+# ECK Operator Helm Chart
+
+[](https://artifacthub.io/packages/helm/elastic/eck-operator)
+
+A Helm chart to install the ECK Operator: the official Kubernetes operator from Elastic to orchestrate Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats on Kubernetes.
+
+For more information about the ECK Operator, see:
+- [Documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html)
+- [GitHub repo](https://github.com/elastic/cloud-on-k8s)
+
+
+## Requirements
+
+- Supported Kubernetes versions are listed in the documentation: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_supported_versions.html
+- Helm >= 3.2.0
+
+
+## Usage
+
+Refer to the documentation at https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/.helmignore b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/Chart.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/Chart.yaml
new file mode 100644
index 00000000..26d3a26d
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v2
+appVersion: 3.2.0
+description: ECK operator Custom Resource Definitions
+home: https://github.com/elastic/cloud-on-k8s
+icon: https://helm.elastic.co/icons/eck.png
+keywords:
+- Logstash
+- Elasticsearch
+- Kibana
+- APM Server
+- Beats
+- Enterprise Search
+- Elastic Stack
+- Operator
+kubeVersion: '>=1.21.0-0'
+maintainers:
+- email: eck@elastic.co
+ name: Elastic
+name: eck-operator-crds
+type: application
+version: 3.2.0
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/README.md b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/README.md
new file mode 100644
index 00000000..698d6dd4
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/README.md
@@ -0,0 +1,16 @@
+# ECK Operator CRDs Helm Chart
+
+[](https://artifacthub.io/packages/helm/elastic/eck-operator-crds)
+
+A Helm chart to install the Kubernetes Custom Resource Definitions (CRD) required by the ECK Operator: the official Kubernetes operator from Elastic to orchestrate Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats on Kubernetes. This chart is usually automatically installed by the [ECK Operator Helm Chart](https://artifacthub.io/packages/helm/elastic/eck-operator) when installed using the default settings. Refer to the [installation documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html) for more information.
+
+
+## Requirements
+
+- Supported Kubernetes versions are listed in the documentation: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_supported_versions.html
+- Helm >= 3.2.0
+
+
+## Usage
+
+Refer to the documentation at https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/templates/NOTES.txt b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/templates/NOTES.txt
new file mode 100644
index 00000000..1478c82b
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/templates/NOTES.txt
@@ -0,0 +1 @@
+ECK Custom Resource Definitions installed.
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/templates/_helpers.tpl b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/templates/_helpers.tpl
new file mode 100644
index 00000000..548f1bc6
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "eck-operator-crds.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "eck-operator-crds.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "eck-operator-crds.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "eck-operator-crds.labels" -}}
+helm.sh/chart: {{ include "eck-operator-crds.chart" . }}
+{{ include "eck-operator-crds.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "eck-operator-crds.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "eck-operator-crds.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Determine effective Kubernetes version
+*/}}
+{{- define "eck-operator-crds.effectiveKubeVersion" -}}
+{{- if .Values.global.manifestGen -}}
+{{- semver .Values.global.kubeVersion -}}
+{{- else -}}
+{{- .Capabilities.KubeVersion.Version -}}
+{{- end -}}
+{{- end -}}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml
new file mode 100644
index 00000000..97707a8b
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml
@@ -0,0 +1,10730 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: agents.agent.k8s.elastic.co
+spec:
+ group: agent.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Agent
+ listKind: AgentList
+ plural: agents
+ shortNames:
+ - agent
+ singular: agent
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: available
+ type: integer
+ - description: Expected nodes
+ jsonPath: .status.expectedNodes
+ name: expected
+ type: integer
+ - description: Agent version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Agent is the Schema for the Agents API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AgentSpec defines the desired state of the Agent
+ properties:
+ config:
+ description: Config holds the Agent configuration. At most one of
+ [`Config`, `ConfigRef`] can be specified.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Agent configuration.
+ Agent settings must be specified as yaml, under a single "agent.yml" entry. At most one of [`Config`, `ConfigRef`]
+ can be specified.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ daemonSet:
+ description: |-
+ DaemonSet specifies the Agent should be deployed as a DaemonSet, and allows providing its spec.
+ Cannot be used along with `deployment` or `statefulSet`.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have
+ when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ updateStrategy:
+ description: DaemonSetUpdateStrategy is a struct used to control
+ the update strategy for a DaemonSet.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if
+ type = "RollingUpdate".
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of nodes with an existing available DaemonSet pod that
+ can have an updated DaemonSet pod during during an update.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up to a minimum of 1.
+ Default value is 0.
+ Example: when this is set to 30%, at most 30% of the total number of nodes
+ that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+ can have their a new pod created before the old pod is marked as deleted.
+ The update starts by launching new pods on 30% of nodes. Once an updated
+ pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
+ on that node is marked deleted. If the old pod becomes unavailable for any
+ reason (Ready transitions to false, is evicted, or is drained) an updated
+ pod is immediately created on that node without considering surge limits.
+ Allowing surge implies the possibility that the resources consumed by the
+ daemonset on any given node can double if the readiness check fails, and
+ so resource intensive daemonsets should take into account that they may
+ cause evictions during disruption.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of DaemonSet pods that can be unavailable during the
+ update. Value can be an absolute number (ex: 5) or a percentage of total
+ number of DaemonSet pods at the start of the update (ex: 10%). Absolute
+ number is calculated from percentage by rounding up.
+ This cannot be 0 if MaxSurge is 0
+ Default value is 1.
+ Example: when this is set to 30%, at most 30% of the total number of nodes
+ that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+ can have their pods stopped for an update at any given time. The update
+ starts by stopping at most 30% of those DaemonSet pods and then brings
+ up new DaemonSet pods in their place. Once the new pods are available,
+ it then proceeds onto other DaemonSet pods, thus ensuring that at least
+ 70% of original number of DaemonSet pods are available at all times during
+ the update.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of daemon set update. Can be "RollingUpdate"
+ or "OnDelete". Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ deployment:
+ description: |-
+ Deployment specifies the Agent should be deployed as a Deployment, and allows providing its spec.
+ Cannot be used along with `daemonSet` or `statefulSet`.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have
+ when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ replicas:
+ format: int32
+ type: integer
+ strategy:
+ description: DeploymentStrategy describes how to replace existing
+ pods with new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if DeploymentStrategyType =
+ RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be scheduled above the desired number of
+ pods.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up.
+ Defaults to 25%.
+ Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
+ the rolling update starts, such that the total number of old and new pods do not exceed
+ 130% of desired pods. Once old pods have been killed,
+ new ReplicaSet can be scaled up further, ensuring that total number of pods running
+ at any time during the update is at most 130% of desired pods.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ Absolute number is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0.
+ Defaults to 25%.
+ Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
+ immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
+ can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
+ that the total number of pods available at all times during the update is at
+ least 70% of desired pods.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Can be "Recreate" or "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single ES cluster is currently supported.
+ items:
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ outputName:
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ fleetServerEnabled:
+ description: FleetServerEnabled determines whether this Agent will
+ launch Fleet Server. Don't set unless `mode` is set to `fleet`.
+ type: boolean
+ fleetServerRef:
+ description: |-
+ FleetServerRef is a reference to Fleet Server that this Agent should connect to to obtain it's configuration.
+ Don't set unless `mode` is set to `fleet`.
+ References to Fleet servers running outside the Kubernetes cluster via the `secretName` attribute are not supported.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for the Agent
+ in Fleet mode with Fleet Server enabled.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Agent Docker image to deploy. Version has
+ to match the Agent in the image.
+ type: string
+ kibanaRef:
+ description: |-
+ KibanaRef is a reference to Kibana where Fleet should be set up and this Agent should be enrolled. Don't set
+ unless `mode` is set to `fleet`.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ mode:
+ description: |-
+ Mode specifies the runtime mode for the Agent. The configuration can be specified locally through
+ `config` or `configRef` (`standalone` mode), or come from Fleet during runtime (`fleet` mode). Starting with
+ version 8.13.0 Fleet-managed agents support advanced configuration via a local configuration file.
+ See https://www.elastic.co/docs/reference/fleet/advanced-kubernetes-managed-by-fleet
+ Defaults to `standalone` mode.
+ enum:
+ - standalone
+ - fleet
+ type: string
+ policyID:
+ description: |-
+ PolicyID determines into which Agent Policy this Agent will be enrolled.
+ This field will become mandatory in a future release, default policies are deprecated since 8.1.0.
+ type: string
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying DaemonSet or Deployment or StatefulSet.
+ format: int32
+ type: integer
+ secureSettings:
+ description: |-
+ SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Agent.
+ Secrets data can be then referenced in the Agent config using the Secret's keys or as specified in `Entries` field of
+ each SecureSetting.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to an Elasticsearch resource in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ statefulSet:
+ description: |-
+ StatefulSet specifies the Agent should be deployed as a StatefulSet, and allows providing its spec.
+ Cannot be used along with `daemonSet` or `deployment`.
+ properties:
+ podManagementPolicy:
+ default: Parallel
+ description: |-
+ PodManagementPolicy controls how pods are created during initial scale up,
+ when replacing pods on nodes, or when scaling down. The default policy is
+ `Parallel`, where pods are created in parallel to match the desired scale
+ without waiting, and on scale down will delete all pods at once.
+ The alternative policy is `OrderedReady`, the default for vanilla kubernetes
+ StatefulSets, where pods are created in increasing order in increasing order
+ (pod-0, then pod-1, etc.) and the controller will wait until each pod is ready before
+ continuing. When scaling down, the pods are removed in the opposite order.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have
+ when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ replicas:
+ format: int32
+ type: integer
+ serviceName:
+ type: string
+ volumeClaimTemplates:
+ description: |-
+ VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod.
+ Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate.
+ Items defined here take precedence over any default claims added by the operator with the same name.
+ items:
+ description: PersistentVolumeClaim is a user's request for and
+ claim to a persistent volume
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ spec defines the desired characteristics of a volume requested by a pod author.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string or nil value indicates that no
+ VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,
+ this field can be reset to its previous value (including nil) to cancel the modification.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to
+ the PersistentVolume backing this claim.
+ type: string
+ type: object
+ type: object
+ type: array
+ type: object
+ version:
+ description: Version of the Agent.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: AgentStatus defines the observed state of the Agent
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ elasticsearchAssociationsStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: |-
+ AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that
+ have a single Association of a given type (for ex. single ES reference), this map contains a single entry.
+ type: object
+ expectedNodes:
+ format: int32
+ type: integer
+ fleetServerAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ health:
+ type: string
+ kibanaAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the most recent generation observed for this Elastic Agent.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Elastic
+ Agent controller has not yet processed the changes contained in the Elastic Agent specification.
+ format: int64
+ type: integer
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: apmservers.apm.k8s.elastic.co
+spec:
+ group: apm.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: ApmServer
+ listKind: ApmServerList
+ plural: apmservers
+ shortNames:
+ - apm
+ singular: apmserver
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: APM version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: ApmServer represents an APM Server resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ApmServerSpec holds the specification of an APM Server.
+ properties:
+ config:
+ description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of APM Server instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the output Elasticsearch
+ cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for the APM Server
+ resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the APM Server Docker image to deploy.
+ type: string
+ kibanaRef:
+ description: |-
+ KibanaRef is a reference to a Kibana instance running in the same Kubernetes cluster.
+ It allows APM agent central configuration management in Kibana.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the APM Server
+ pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for APM Server.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of the APM Server.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: ApmServerStatus defines the observed state of ApmServer
+ properties:
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in
+ the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is
+ the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ elasticsearchAssociationStatus:
+ description: ElasticsearchAssociationStatus is the status of any auto-linking
+ to Elasticsearch clusters.
+ type: string
+ health:
+ description: Health of the deployment.
+ type: string
+ kibanaAssociationStatus:
+ description: KibanaAssociationStatus is the status of any auto-linking
+ to Kibana.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the status is based upon.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the APM Server
+ controller has not yet processed the changes contained in the APM Server specification.
+ format: int64
+ type: integer
+ secretTokenSecret:
+ description: SecretTokenSecretName is the name of the Secret that
+ contains the secret token
+ type: string
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ service:
+ description: ExternalService is the name of the service the agents
+ should connect to.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: APM version
+ jsonPath: .spec.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ApmServer represents an APM Server resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ApmServerSpec holds the specification of an APM Server.
+ properties:
+ config:
+ description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of APM Server instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the output Elasticsearch
+ cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for the APM Server
+ resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the APM Server Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the APM Server
+ pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for APM Server.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ version:
+ description: Version of the APM Server.
+ type: string
+ type: object
+ status:
+ description: ApmServerStatus defines the observed state of ApmServer
+ properties:
+ associationStatus:
+ description: Association is the status of any auto-linking to Elasticsearch
+ clusters.
+ type: string
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: ApmServerHealth expresses the status of the Apm Server
+ instances.
+ type: string
+ secretTokenSecret:
+ description: SecretTokenSecretName is the name of the Secret that
+ contains the secret token
+ type: string
+ service:
+ description: ExternalService is the name of the service the agents
+ should connect to.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: to not break compatibility when upgrading from previous versions
+ of the CRD
+ type: object
+ served: false
+ storage: false
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: beats.beat.k8s.elastic.co
+spec:
+ group: beat.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Beat
+ listKind: BeatList
+ plural: beats
+ shortNames:
+ - beat
+ singular: beat
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: available
+ type: integer
+ - description: Expected nodes
+ jsonPath: .status.expectedNodes
+ name: expected
+ type: integer
+ - description: Beat type
+ jsonPath: .spec.type
+ name: type
+ type: string
+ - description: Beat version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Beat is the Schema for the Beats API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BeatSpec defines the desired state of a Beat.
+ properties:
+ config:
+ description: Config holds the Beat configuration. At most one of [`Config`,
+ `ConfigRef`] can be specified.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Beat configuration.
+ Beat settings must be specified as yaml, under a single "beat.yml" entry. At most one of [`Config`, `ConfigRef`]
+ can be specified.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ daemonSet:
+ description: |-
+ DaemonSet specifies the Beat should be deployed as a DaemonSet, and allows providing its spec.
+ Cannot be used along with `deployment`. If both are absent a default for the Type is used.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have
+ when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ updateStrategy:
+ description: DaemonSetUpdateStrategy is a struct used to control
+ the update strategy for a DaemonSet.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if
+ type = "RollingUpdate".
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of nodes with an existing available DaemonSet pod that
+ can have an updated DaemonSet pod during during an update.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up to a minimum of 1.
+ Default value is 0.
+ Example: when this is set to 30%, at most 30% of the total number of nodes
+ that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+ can have their a new pod created before the old pod is marked as deleted.
+ The update starts by launching new pods on 30% of nodes. Once an updated
+ pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
+ on that node is marked deleted. If the old pod becomes unavailable for any
+ reason (Ready transitions to false, is evicted, or is drained) an updated
+ pod is immediately created on that node without considering surge limits.
+ Allowing surge implies the possibility that the resources consumed by the
+ daemonset on any given node can double if the readiness check fails, and
+ so resource intensive daemonsets should take into account that they may
+ cause evictions during disruption.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of DaemonSet pods that can be unavailable during the
+ update. Value can be an absolute number (ex: 5) or a percentage of total
+ number of DaemonSet pods at the start of the update (ex: 10%). Absolute
+ number is calculated from percentage by rounding up.
+ This cannot be 0 if MaxSurge is 0
+ Default value is 1.
+ Example: when this is set to 30%, at most 30% of the total number of nodes
+ that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+ can have their pods stopped for an update at any given time. The update
+ starts by stopping at most 30% of those DaemonSet pods and then brings
+ up new DaemonSet pods in their place. Once the new pods are available,
+ it then proceeds onto other DaemonSet pods, thus ensuring that at least
+ 70% of original number of DaemonSet pods are available at all times during
+ the update.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of daemon set update. Can be "RollingUpdate"
+ or "OnDelete". Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ deployment:
+ description: |-
+ Deployment specifies the Beat should be deployed as a Deployment, and allows providing its spec.
+ Cannot be used along with `daemonSet`. If both are absent a default for the Type is used.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have
+ when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ replicas:
+ format: int32
+ type: integer
+ strategy:
+ description: DeploymentStrategy describes how to replace existing
+ pods with new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if DeploymentStrategyType =
+ RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be scheduled above the desired number of
+ pods.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up.
+ Defaults to 25%.
+ Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
+ the rolling update starts, such that the total number of old and new pods do not exceed
+ 130% of desired pods. Once old pods have been killed,
+ new ReplicaSet can be scaled up further, ensuring that total number of pods running
+ at any time during the update is at most 130% of desired pods.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ Absolute number is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0.
+ Defaults to 25%.
+ Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
+ immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
+ can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
+ that the total number of pods available at all times during the update is at
+ least 70% of desired pods.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Can be "Recreate" or "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ image:
+ description: Image is the Beat Docker image to deploy. Version and
+ Type have to match the Beat in the image.
+ type: string
+ kibanaRef:
+ description: |-
+ KibanaRef is a reference to a Kibana instance running in the same Kubernetes cluster.
+ It allows automatic setup of dashboards and visualizations.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ monitoring:
+ description: |-
+ Monitoring enables you to collect and ship logs and metrics for this Beat.
+ Metricbeat and/or Filebeat sidecars are configured and send monitoring data to an
+ Elasticsearch monitoring cluster running in the same Kubernetes cluster.
+ properties:
+ logs:
+ description: Logs holds references to Elasticsearch clusters which
+ receive log data from an associated resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ metrics:
+ description: Metrics holds references to Elasticsearch clusters
+ which receive monitoring data from this resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying DaemonSet or Deployment.
+ format: int32
+ type: integer
+ secureSettings:
+ description: |-
+ SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Beat.
+ Secrets data can be then referenced in the Beat config using the Secret's keys or as specified in `Entries` field of
+ each SecureSetting.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to Elasticsearch resource in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ type:
+ description: |-
+ Type is the type of the Beat to deploy (filebeat, metricbeat, heartbeat, auditbeat, journalbeat, packetbeat, and so on).
+ Any string can be used, but well-known types will have the image field defaulted and have the appropriate
+ Elasticsearch roles created automatically. It also allows for dashboard setup when combined with a `KibanaRef`.
+ maxLength: 20
+ pattern: '[a-zA-Z0-9-]+'
+ type: string
+ version:
+ description: Version of the Beat.
+ type: string
+ required:
+ - type
+ - version
+ type: object
+ status:
+ description: BeatStatus defines the observed state of a Beat.
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ elasticsearchAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ expectedNodes:
+ format: int32
+ type: integer
+ health:
+ type: string
+ kibanaAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ monitoringAssociationStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: |-
+ AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that
+ have a single Association of a given type (for ex. single ES reference), this map contains a single entry.
+ type: object
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the status is based upon.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Beats
+ controller has not yet processed the changes contained in the Beats specification.
+ format: int64
+ type: integer
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: elasticmapsservers.maps.k8s.elastic.co
+spec:
+ group: maps.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: ElasticMapsServer
+ listKind: ElasticMapsServerList
+ plural: elasticmapsservers
+ shortNames:
+ - ems
+ singular: elasticmapsserver
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: ElasticMapsServer version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ElasticMapsServer represents an Elastic Map Server resource in
+ a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MapsSpec holds the specification of an Elastic Maps Server
+ instance.
+ properties:
+ config:
+ description: 'Config holds the ElasticMapsServer configuration. See:
+ https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Elastic Maps Server configuration.
+ Configuration settings are merged and have precedence over settings specified in `config`.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ description: Count of Elastic Maps Server instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Elastic Maps
+ Server.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Elastic Maps Server Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the Elastic Maps
+ Server pods
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Elastic Maps Server.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: MapsStatus defines the observed state of Elastic Maps Server
+ properties:
+ associationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in
+ the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is
+ the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ health:
+ description: Health of the deployment.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the most recent generation observed for this Elastic Maps Server.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Elastic
+ Maps controller has not yet processed the changes contained in the Elastic Maps specification.
+ format: int64
+ type: integer
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: elasticsearchautoscalers.autoscaling.k8s.elastic.co
+spec:
+ group: autoscaling.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: ElasticsearchAutoscaler
+ listKind: ElasticsearchAutoscalerList
+ plural: elasticsearchautoscalers
+ shortNames:
+ - esa
+ singular: elasticsearchautoscaler
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.elasticsearchRef.name
+ name: Target
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Active')].status
+ name: Active
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ name: Healthy
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Limited')].status
+ name: Limited
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ElasticsearchAutoscaler represents an ElasticsearchAutoscaler
+ resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ElasticsearchAutoscalerSpec holds the specification of an
+ Elasticsearch autoscaler resource.
+ properties:
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ that exists in the same namespace.
+ properties:
+ name:
+ description: Name is the name of the Elasticsearch resource to
+ scale automatically.
+ minLength: 1
+ type: string
+ type: object
+ policies:
+ items:
+ description: AutoscalingPolicySpec holds a named autoscaling policy
+ and the associated resources limits (cpu, memory, storage).
+ properties:
+ deciders:
+ additionalProperties:
+ additionalProperties:
+ type: string
+ description: |-
+ DeciderSettings allow the user to tweak autoscaling deciders.
+ The map data structure complies with the format expected by Elasticsearch.
+ type: object
+ description: Deciders allow the user to override default settings
+ for autoscaling deciders.
+ type: object
+ name:
+ description: Name identifies the autoscaling policy in the autoscaling
+ specification.
+ type: string
+ resources:
+ description: |-
+ AutoscalingResources model the limits, submitted by the user, for the supported resources in an autoscaling policy.
+ Only the node count range is mandatory. For other resources, a limit range is required only
+ if the Elasticsearch autoscaling capacity API returns a requirement for a given resource.
+ For example, the memory limit range is only required if the autoscaling API response contains a memory requirement.
+ If there is no limit range for a resource, and if that resource is not mandatory, then the resources in the NodeSets
+ managed by the autoscaling policy are left untouched.
+ properties:
+ cpu:
+ description: QuantityRange models a resource limit range
+ for resources which can be expressed with resource.Quantity.
+ properties:
+ max:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Max represents the upper limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ min:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Min represents the lower limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ requestsToLimitsRatio:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RequestsToLimitsRatio allows to customize
+ Kubernetes resource Limit based on the Request.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - max
+ - min
+ type: object
+ memory:
+ description: QuantityRange models a resource limit range
+ for resources which can be expressed with resource.Quantity.
+ properties:
+ max:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Max represents the upper limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ min:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Min represents the lower limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ requestsToLimitsRatio:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RequestsToLimitsRatio allows to customize
+ Kubernetes resource Limit based on the Request.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - max
+ - min
+ type: object
+ nodeCount:
+ description: NodeCountRange is used to model the minimum
+ and the maximum number of nodes over all the NodeSets
+ managed by the same autoscaling policy.
+ properties:
+ max:
+ description: Max represents the maximum number of nodes
+ in a tier.
+ format: int32
+ type: integer
+ min:
+ description: Min represents the minimum number of nodes
+ in a tier.
+ format: int32
+ type: integer
+ required:
+ - max
+ - min
+ type: object
+ storage:
+ description: QuantityRange models a resource limit range
+ for resources which can be expressed with resource.Quantity.
+ properties:
+ max:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Max represents the upper limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ min:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Min represents the lower limit for the
+ resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ requestsToLimitsRatio:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RequestsToLimitsRatio allows to customize
+ Kubernetes resource Limit based on the Request.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - max
+ - min
+ type: object
+ required:
+ - nodeCount
+ type: object
+ roles:
+ description: An autoscaling policy must target a unique set
+ of roles.
+ items:
+ type: string
+ type: array
+ required:
+ - resources
+ type: object
+ type: array
+ pollingPeriod:
+ description: PollingPeriod is the period at which to synchronize with
+ the Elasticsearch autoscaling API.
+ type: string
+ required:
+ - elasticsearchRef
+ - policies
+ type: object
+ status:
+ properties:
+ conditions:
+ description: Conditions holds the current service state of the autoscaling
+ controller.
+ items:
+ description: |-
+ Condition represents Elasticsearch resource's condition.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ status:
+ type: string
+ type:
+ description: ConditionType defines the condition of an Elasticsearch
+ resource.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation by
+ the controller.
+ format: int64
+ type: integer
+ policies:
+ description: AutoscalingPolicyStatuses is used to expose state messages
+ to user or external system.
+ items:
+ properties:
+ lastModificationTime:
+ description: LastModificationTime is the last time the resources
+ have been updated, used by the cooldown algorithm.
+ format: date-time
+ type: string
+ name:
+ description: Name is the name of the autoscaling policy
+ type: string
+ nodeSets:
+ description: NodeSetNodeCount holds the number of nodes for
+ each nodeSet.
+ items:
+ description: NodeSetNodeCount models the number of nodes expected
+ in a given NodeSet.
+ properties:
+ name:
+ description: Name of the Nodeset.
+ type: string
+ nodeCount:
+ description: NodeCount is the number of nodes, as computed
+ by the autoscaler, expected in this NodeSet.
+ format: int32
+ type: integer
+ required:
+ - name
+ - nodeCount
+ type: object
+ type: array
+ resources:
+ description: |-
+ ResourcesSpecification holds the resource values common to all the nodeSets managed by a same autoscaling policy.
+ Only the resources managed by the autoscaling controller are saved in the Status.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: ResourceList is a set of (resource name, quantity)
+ pairs.
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: ResourceList is a set of (resource name, quantity)
+ pairs.
+ type: object
+ type: object
+ state:
+ description: PolicyStates may contain various messages regarding
+ the current state of this autoscaling policy.
+ items:
+ properties:
+ messages:
+ items:
+ type: string
+ type: array
+ type:
+ type: string
+ required:
+ - messages
+ - type
+ type: object
+ type: array
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: elasticsearches.elasticsearch.k8s.elastic.co
+spec:
+ group: elasticsearch.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Elasticsearch
+ listKind: ElasticsearchList
+ plural: elasticsearches
+ shortNames:
+ - es
+ singular: elasticsearch
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Elasticsearch version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .status.phase
+ name: phase
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Elasticsearch represents an Elasticsearch resource in a Kubernetes
+ cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ElasticsearchSpec holds the specification of an Elasticsearch
+ cluster.
+ properties:
+ auth:
+ description: Auth contains user authentication and authorization security
+ settings for Elasticsearch.
+ properties:
+ disableElasticUser:
+ description: DisableElasticUser disables the default elastic user
+ that is created by ECK.
+ type: boolean
+ fileRealm:
+ description: FileRealm to propagate to the Elasticsearch cluster.
+ items:
+ description: FileRealmSource references users to create in the
+ Elasticsearch cluster.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ type: array
+ roles:
+ description: Roles to propagate to the Elasticsearch cluster.
+ items:
+ description: RoleSource references roles to create in the Elasticsearch
+ cluster.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ type: array
+ type: object
+ http:
+ description: HTTP holds HTTP layer settings for Elasticsearch.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Elasticsearch Docker image to deploy.
+ type: string
+ monitoring:
+ description: |-
+ Monitoring enables you to collect and ship log and monitoring data of this Elasticsearch cluster.
+ See https://www.elastic.co/guide/en/elasticsearch/reference/current/monitor-elasticsearch-cluster.html.
+ Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different
+ Elasticsearch monitoring clusters running in the same Kubernetes cluster.
+ properties:
+ logs:
+ description: Logs holds references to Elasticsearch clusters which
+ receive log data from an associated resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ metrics:
+ description: Metrics holds references to Elasticsearch clusters
+ which receive monitoring data from this resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSets:
+ description: NodeSets allow specifying groups of Elasticsearch nodes
+ sharing the same configuration and Pod templates.
+ items:
+ description: NodeSet is the specification for a group of Elasticsearch
+ nodes sharing the same configuration and a Pod template.
+ properties:
+ config:
+ description: Config holds the Elasticsearch configuration.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: |-
+ Count of Elasticsearch nodes to deploy.
+ If the node set is managed by an autoscaling policy the initial value is automatically set by the autoscaling controller.
+ format: int32
+ type: integer
+ name:
+ description: Name of this set of nodes. Becomes a part of the
+ Elasticsearch node.name setting.
+ maxLength: 23
+ pattern: '[a-zA-Z0-9-]+'
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels,
+ annotations, affinity rules, resource requests, and so on)
+ for the Pods belonging to this NodeSet.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ volumeClaimTemplates:
+ description: |-
+ VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet.
+ Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate.
+ Items defined here take precedence over any default claims added by the operator with the same name.
+ items:
+ description: PersistentVolumeClaim is a user's request for
+ and claim to a persistent volume
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ spec defines the desired characteristics of a volume requested by a pod author.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string or nil value indicates that no
+ VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,
+ this field can be reset to its previous value (including nil) to cancel the modification.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to
+ the PersistentVolume backing this claim.
+ type: string
+ type: object
+ type: object
+ type: array
+ required:
+ - name
+ type: object
+ minItems: 1
+ type: array
+ podDisruptionBudget:
+ description: |-
+ PodDisruptionBudget provides access to the default Pod disruption budget(s) for the Elasticsearch cluster.
+ The behavior depends on the license level.
+ With a Basic license or if podDisruptionBudget.spec is not empty:
+ The default budget doesn't allow any Pod to be removed in case the cluster is not green or if there is only one node of type `data` or `master`.
+ In all other cases the default podDisruptionBudget sets `minUnavailable` equal to the total number of nodes minus 1.
+ With an Enterprise license and if podDisruptionBudget.spec is empty:
+ The default budget is split into multiple budgets, each targeting a specific node role type allowing additional disruptions
+ for certain roles according to the health status of the cluster.
+ Example:
+ All data roles (excluding frozen): allows disruptions only when the cluster is green.
+ All other roles: allows disruptions only when the cluster is yellow or green.
+ To disable, set `podDisruptionBudget` to the empty value (`{}` in YAML).
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the PDB.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the PDB.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ An eviction is allowed if at most "maxUnavailable" pods selected by
+ "selector" are unavailable after the eviction, i.e. even in absence of
+ the evicted pod. For example, one can prevent all voluntary evictions
+ by specifying 0. This is a mutually exclusive setting with "minAvailable".
+ x-kubernetes-int-or-string: true
+ minAvailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ An eviction is allowed if at least "minAvailable" pods selected by
+ "selector" will still be available after the eviction, i.e. even in the
+ absence of the evicted pod. So for example you can prevent all voluntary
+ evictions by specifying "100%".
+ x-kubernetes-int-or-string: true
+ selector:
+ description: |-
+ Label query over pods whose evictions are managed by the disruption
+ budget.
+ A null selector will match no pods, while an empty ({}) selector will select
+ all pods within the namespace.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyPodEvictionPolicy:
+ description: |-
+ UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods
+ should be considered for eviction. Current implementation considers healthy pods,
+ as pods that have status.conditions item with type="Ready",status="True".
+
+ Valid policies are IfHealthyBudget and AlwaysAllow.
+ If no policy is specified, the default behavior will be used,
+ which corresponds to the IfHealthyBudget policy.
+
+ IfHealthyBudget policy means that running pods (status.phase="Running"),
+ but not yet healthy can be evicted only if the guarded application is not
+ disrupted (status.currentHealthy is at least equal to status.desiredHealthy).
+ Healthy pods will be subject to the PDB for eviction.
+
+ AlwaysAllow policy means that all running pods (status.phase="Running"),
+ but not yet healthy are considered disrupted and can be evicted regardless
+ of whether the criteria in a PDB is met. This means perspective running
+ pods of a disrupted application might not get a chance to become healthy.
+ Healthy pods will be subject to the PDB for eviction.
+
+ Additional policies may be added in the future.
+ Clients making eviction decisions should disallow eviction of unhealthy pods
+ if they encounter an unrecognized policy in this field.
+ type: string
+ type: object
+ type: object
+ remoteClusterServer:
+ description: |-
+ RemoteClusterServer specifies if the remote cluster server should be enabled.
+ This must be enabled if this cluster is a remote cluster which is expected to be accessed using API key authentication.
+ properties:
+ enabled:
+ type: boolean
+ type: object
+ remoteClusters:
+ description: RemoteClusters enables you to establish uni-directional
+ connections to a remote Elasticsearch cluster.
+ items:
+ description: RemoteCluster declares a remote Elasticsearch cluster
+ connection.
+ properties:
+ apiKey:
+ description: 'APIKey can be used to enable remote cluster access
+ using Cross-Cluster API keys: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-cross-cluster-api-key.html'
+ properties:
+ access:
+ description: Access is the name of the API Key. It is automatically
+ generated if not set or empty.
+ properties:
+ replication:
+ properties:
+ names:
+ items:
+ type: string
+ type: array
+ required:
+ - names
+ type: object
+ search:
+ properties:
+ allow_restricted_indices:
+ type: boolean
+ field_security:
+ properties:
+ except:
+ items:
+ type: string
+ type: array
+ grant:
+ items:
+ type: string
+ type: array
+ required:
+ - except
+ - grant
+ type: object
+ names:
+ items:
+ type: string
+ type: array
+ query:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - names
+ type: object
+ type: object
+ required:
+ - access
+ type: object
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch
+ cluster running within the same k8s cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty,
+ defaults to the current namespace.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ name:
+ description: |-
+ Name is the name of the remote cluster as it is set in the Elasticsearch settings.
+ The name is expected to be unique for each remote clusters.
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying StatefulSets.
+ format: int32
+ type: integer
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for Elasticsearch.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ transport:
+ description: Transport holds transport layer settings for Elasticsearch.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS on the transport
+ layer.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the CA certificate
+ and private key for generating node certificates.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The CA certificate in PEM format.
+ - `ca.key`: The private key for the CA certificate in PEM format.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ certificateAuthorities:
+ description: |-
+ CertificateAuthorities is a reference to a config map that contains one or more x509 certificates for
+ trusted authorities in PEM format. The certificates need to be in a file called `ca.crt`.
+ properties:
+ configMapName:
+ type: string
+ type: object
+ otherNameSuffix:
+ description: |-
+ OtherNameSuffix when defined will be prefixed with the Pod name and used as the common name,
+ and the first DNSName, as well as an OtherName required by Elasticsearch in the Subject Alternative Name
+ extension of each Elasticsearch node's transport TLS certificate.
+ Example: if set to "node.cluster.local", the generated certificate will have its otherName set to ".node.cluster.local".
+ type: string
+ selfSignedCertificates:
+ description: SelfSignedCertificates allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that provisioning of the
+ self-signed certificates should be disabled.
+ type: boolean
+ type: object
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to
+ include in the generated node transport TLS certificates.
+ items:
+ description: SubjectAlternativeName represents a SAN entry
+ in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ updateStrategy:
+ description: UpdateStrategy specifies how updates to the cluster should
+ be performed.
+ properties:
+ changeBudget:
+ description: ChangeBudget defines the constraints to consider
+ when applying changes to the Elasticsearch cluster.
+ properties:
+ maxSurge:
+ description: |-
+ MaxSurge is the maximum number of new Pods that can be created exceeding the original number of Pods defined in
+ the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will
+ disable the restriction. Defaults to unbounded if not specified.
+ format: int32
+ type: integer
+ maxUnavailable:
+ description: |-
+ MaxUnavailable is the maximum number of Pods that can be unavailable (not ready) during the update due to
+ circumstances under the control of the operator. Setting a negative value will disable this restriction.
+ Defaults to 1 if not specified.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ version:
+ description: Version of Elasticsearch.
+ type: string
+ volumeClaimDeletePolicy:
+ description: |-
+ VolumeClaimDeletePolicy sets the policy for handling deletion of PersistentVolumeClaims for all NodeSets.
+ Possible values are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion. Defaults to DeleteOnScaledownAndClusterDeletion.
+ enum:
+ - DeleteOnScaledownOnly
+ - DeleteOnScaledownAndClusterDeletion
+ type: string
+ required:
+ - nodeSets
+ - version
+ type: object
+ status:
+ description: ElasticsearchStatus represents the observed state of Elasticsearch.
+ properties:
+ availableNodes:
+ description: AvailableNodes is the number of available instances.
+ format: int32
+ type: integer
+ conditions:
+ description: |-
+ Conditions holds the current service state of an Elasticsearch cluster.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ items:
+ description: |-
+ Condition represents Elasticsearch resource's condition.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ status:
+ type: string
+ type:
+ description: ConditionType defines the condition of an Elasticsearch
+ resource.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ health:
+ description: ElasticsearchHealth is the health of the cluster as returned
+ by the health API.
+ type: string
+ inProgressOperations:
+ description: |-
+ InProgressOperations represents changes being applied by the operator to the Elasticsearch cluster.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ downscale:
+ description: |-
+ DownscaleOperation provides details about in progress downscale operations.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastUpdatedTime:
+ format: date-time
+ type: string
+ nodes:
+ description: Nodes which are scheduled to be removed from
+ the cluster.
+ items:
+ description: |-
+ DownscaledNode provides an overview of in progress changes applied by the operator to remove Elasticsearch nodes from the cluster.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ explanation:
+ description: |-
+ Explanation provides details about an in progress node shutdown. It is only available for clusters managed with the
+ Elasticsearch shutdown API.
+ type: string
+ name:
+ description: Name of the Elasticsearch node that should
+ be removed.
+ type: string
+ shutdownStatus:
+ description: |-
+ Shutdown status as returned by the Elasticsearch shutdown API.
+ If the Elasticsearch shutdown API is not available, the shutdown status is then inferred from the remaining
+ shards on the nodes, as observed by the operator.
+ type: string
+ required:
+ - name
+ - shutdownStatus
+ type: object
+ type: array
+ stalled:
+ description: |-
+ Stalled represents a state where no progress can be made.
+ It is only available for clusters managed with the Elasticsearch shutdown API.
+ type: boolean
+ type: object
+ upgrade:
+ description: |-
+ UpgradeOperation provides an overview of the pending or in progress changes applied by the operator to update the Elasticsearch nodes in the cluster.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastUpdatedTime:
+ format: date-time
+ type: string
+ nodes:
+ description: Nodes that must be restarted for upgrade.
+ items:
+ description: |-
+ UpgradedNode provides details about the status of nodes which are expected to be updated.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ message:
+ description: Optional message to explain why a node
+ may not be immediately restarted for upgrade.
+ type: string
+ name:
+ description: Name of the Elasticsearch node that should
+ be upgraded.
+ type: string
+ predicate:
+ description: Predicate is the name of the predicate
+ currently preventing this node from being deleted
+ for an upgrade.
+ type: string
+ status:
+ description: |-
+ Status states if the node is either in the process of being deleted for an upgrade,
+ or blocked by a predicate or another condition stated in the message field.
+ type: string
+ required:
+ - name
+ - status
+ type: object
+ type: array
+ type: object
+ upscale:
+ description: |-
+ UpscaleOperation provides an overview of in progress changes applied by the operator to add Elasticsearch nodes to the cluster.
+ **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastUpdatedTime:
+ format: date-time
+ type: string
+ nodes:
+ description: Nodes expected to be added by the operator.
+ items:
+ properties:
+ message:
+ description: Optional message to explain why a node
+ may not be immediately added.
+ type: string
+ name:
+ description: Name of the Elasticsearch node that should
+ be added to the cluster.
+ type: string
+ status:
+ description: NewNodeStatus states if a new node is being
+ created, or if the upscale is delayed.
+ type: string
+ required:
+ - name
+ - status
+ type: object
+ type: array
+ type: object
+ required:
+ - downscale
+ - upgrade
+ - upscale
+ type: object
+ monitoringAssociationStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: |-
+ AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that
+ have a single Association of a given type (for ex. single ES reference), this map contains a single entry.
+ type: object
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the most recent generation observed for this Elasticsearch cluster.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Elasticsearch
+ controller has not yet processed the changes contained in the Elasticsearch specification.
+ format: int64
+ type: integer
+ phase:
+ description: ElasticsearchOrchestrationPhase is the phase Elasticsearch
+ is in from the controller point of view.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Elasticsearch version
+ jsonPath: .spec.version
+ name: version
+ type: string
+ - jsonPath: .status.phase
+ name: phase
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Elasticsearch represents an Elasticsearch resource in a Kubernetes
+ cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ElasticsearchSpec holds the specification of an Elasticsearch
+ cluster.
+ properties:
+ http:
+ description: HTTP holds HTTP layer settings for Elasticsearch.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Elasticsearch Docker image to deploy.
+ type: string
+ nodeSets:
+ description: NodeSets allow specifying groups of Elasticsearch nodes
+ sharing the same configuration and Pod templates.
+ items:
+ description: NodeSet is the specification for a group of Elasticsearch
+ nodes sharing the same configuration and a Pod template.
+ properties:
+ config:
+ description: Config holds the Elasticsearch configuration.
+ type: object
+ count:
+ description: Count of Elasticsearch nodes to deploy.
+ format: int32
+ minimum: 1
+ type: integer
+ name:
+ description: Name of this set of nodes. Becomes a part of the
+ Elasticsearch node.name setting.
+ maxLength: 23
+ pattern: '[a-zA-Z0-9-]+'
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels,
+ annotations, affinity rules, resource requests, and so on)
+ for the Pods belonging to this NodeSet.
+ type: object
+ volumeClaimTemplates:
+ description: |-
+ VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet.
+ Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate.
+ Items defined here take precedence over any default claims added by the operator with the same name.
+ items:
+ description: PersistentVolumeClaim is a user's request for
+ and claim to a persistent volume
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ spec defines the desired characteristics of a volume requested by a pod author.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string or nil value indicates that no
+ VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,
+ this field can be reset to its previous value (including nil) to cancel the modification.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to
+ the PersistentVolume backing this claim.
+ type: string
+ type: object
+ type: object
+ type: array
+ required:
+ - count
+ - name
+ type: object
+ minItems: 1
+ type: array
+ podDisruptionBudget:
+ description: |-
+ PodDisruptionBudget provides access to the default pod disruption budget for the Elasticsearch cluster.
+ The default budget selects all cluster pods and sets `maxUnavailable` to 1. To disable, set `PodDisruptionBudget`
+ to the empty value (`{}` in YAML).
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the PDB.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the PDB.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ An eviction is allowed if at most "maxUnavailable" pods selected by
+ "selector" are unavailable after the eviction, i.e. even in absence of
+ the evicted pod. For example, one can prevent all voluntary evictions
+ by specifying 0. This is a mutually exclusive setting with "minAvailable".
+ x-kubernetes-int-or-string: true
+ minAvailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ An eviction is allowed if at least "minAvailable" pods selected by
+ "selector" will still be available after the eviction, i.e. even in the
+ absence of the evicted pod. So for example you can prevent all voluntary
+ evictions by specifying "100%".
+ x-kubernetes-int-or-string: true
+ selector:
+ description: |-
+ Label query over pods whose evictions are managed by the disruption
+ budget.
+ A null selector selects no pods.
+ An empty selector ({}) also selects no pods, which differs from standard behavior of selecting all pods.
+ In policy/v1, an empty selector will select all pods in the namespace.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyPodEvictionPolicy:
+ description: |-
+ UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods
+ should be considered for eviction. Current implementation considers healthy pods,
+ as pods that have status.conditions item with type="Ready",status="True".
+
+ Valid policies are IfHealthyBudget and AlwaysAllow.
+ If no policy is specified, the default behavior will be used,
+ which corresponds to the IfHealthyBudget policy.
+
+ IfHealthyBudget policy means that running pods (status.phase="Running"),
+ but not yet healthy can be evicted only if the guarded application is not
+ disrupted (status.currentHealthy is at least equal to status.desiredHealthy).
+ Healthy pods will be subject to the PDB for eviction.
+
+ AlwaysAllow policy means that all running pods (status.phase="Running"),
+ but not yet healthy are considered disrupted and can be evicted regardless
+ of whether the criteria in a PDB is met. This means perspective running
+ pods of a disrupted application might not get a chance to become healthy.
+ Healthy pods will be subject to the PDB for eviction.
+
+ Additional policies may be added in the future.
+ Clients making eviction decisions should disallow eviction of unhealthy pods
+ if they encounter an unrecognized policy in this field.
+ type: string
+ type: object
+ type: object
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for Elasticsearch.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ updateStrategy:
+ description: UpdateStrategy specifies how updates to the cluster should
+ be performed.
+ properties:
+ changeBudget:
+ description: ChangeBudget defines the constraints to consider
+ when applying changes to the Elasticsearch cluster.
+ properties:
+ maxSurge:
+ description: |-
+ MaxSurge is the maximum number of new pods that can be created exceeding the original number of pods defined in
+ the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will
+ disable the restriction. Defaults to unbounded if not specified.
+ format: int32
+ type: integer
+ maxUnavailable:
+ description: |-
+ MaxUnavailable is the maximum number of pods that can be unavailable (not ready) during the update due to
+ circumstances under the control of the operator. Setting a negative value will disable this restriction.
+ Defaults to 1 if not specified.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ version:
+ description: Version of Elasticsearch.
+ type: string
+ required:
+ - nodeSets
+ type: object
+ status:
+ description: ElasticsearchStatus defines the observed state of Elasticsearch
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: ElasticsearchHealth is the health of the cluster as returned
+ by the health API.
+ type: string
+ phase:
+ description: ElasticsearchOrchestrationPhase is the phase Elasticsearch
+ is in from the controller point of view.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: to not break compatibility when upgrading from previous versions
+ of the CRD
+ type: object
+ served: false
+ storage: false
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: enterprisesearches.enterprisesearch.k8s.elastic.co
+spec:
+ group: enterprisesearch.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: EnterpriseSearch
+ listKind: EnterpriseSearchList
+ plural: enterprisesearches
+ shortNames:
+ - ent
+ singular: enterprisesearch
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Enterprise Search version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise
+ Search.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EnterpriseSearchSpec holds the specification of an Enterprise
+ Search resource.
+ properties:
+ config:
+ description: Config holds the Enterprise Search configuration.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Enterprise Search configuration.
+ Configuration settings are merged and have precedence over settings specified in `config`.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ description: Count of Enterprise Search instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the Elasticsearch
+ cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Enterprise
+ Search resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Enterprise Search Docker image to deploy.
+ type: string
+ podTemplate:
+ description: |-
+ PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on)
+ for the Enterprise Search pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Enterprise Search.
+ type: string
+ type: object
+ status:
+ description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch
+ properties:
+ associationStatus:
+ description: Association is the status of any auto-linking to Elasticsearch
+ clusters.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in
+ the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is
+ the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ health:
+ description: Health of the deployment.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the status is based upon.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Enterprise Search
+ controller has not yet processed the changes contained in the Enterprise Search specification.
+ format: int64
+ type: integer
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ service:
+ description: ExternalService is the name of the service associated
+ to the Enterprise Search Pods.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Enterprise Search version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise
+ Search.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EnterpriseSearchSpec holds the specification of an Enterprise
+ Search resource.
+ properties:
+ config:
+ description: Config holds the Enterprise Search configuration.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Enterprise Search configuration.
+ Configuration settings are merged and have precedence over settings specified in `config`.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ description: Count of Enterprise Search instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the Elasticsearch
+ cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Enterprise
+ Search resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Enterprise Search Docker image to deploy.
+ type: string
+ podTemplate:
+ description: |-
+ PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on)
+ for the Enterprise Search pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Enterprise Search.
+ type: string
+ type: object
+ status:
+ description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch
+ properties:
+ associationStatus:
+ description: Association is the status of any auto-linking to Elasticsearch
+ clusters.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in
+ the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is
+ the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ health:
+ description: Health of the deployment.
+ type: string
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ service:
+ description: ExternalService is the name of the service associated
+ to the Enterprise Search Pods.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: kibanas.kibana.k8s.elastic.co
+spec:
+ group: kibana.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Kibana
+ listKind: KibanaList
+ plural: kibanas
+ shortNames:
+ - kb
+ singular: kibana
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Kibana version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Kibana represents a Kibana resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KibanaSpec holds the specification of a Kibana instance.
+ properties:
+ config:
+ description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of Kibana instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ enterpriseSearchRef:
+ description: |-
+ EnterpriseSearchRef is a reference to an EnterpriseSearch running in the same Kubernetes cluster.
+ Kibana provides the default Enterprise Search UI starting version 7.14.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Kibana.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Kibana Docker image to deploy.
+ type: string
+ monitoring:
+ description: |-
+ Monitoring enables you to collect and ship log and monitoring data of this Kibana.
+ See https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html.
+ Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different
+ Elasticsearch monitoring clusters running in the same Kubernetes cluster.
+ properties:
+ logs:
+ description: Logs holds references to Elasticsearch clusters which
+ receive log data from an associated resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ metrics:
+ description: Metrics holds references to Elasticsearch clusters
+ which receive monitoring data from this resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the Kibana pods
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for Kibana.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Kibana.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: KibanaStatus defines the observed state of Kibana
+ properties:
+ associationStatus:
+ description: |-
+ AssociationStatus is the status of any auto-linking to Elasticsearch clusters.
+ This field is deprecated and will be removed in a future release. Use ElasticsearchAssociationStatus instead.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in
+ the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is
+ the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ elasticsearchAssociationStatus:
+ description: ElasticsearchAssociationStatus is the status of any auto-linking
+ to Elasticsearch clusters.
+ type: string
+ enterpriseSearchAssociationStatus:
+ description: EnterpriseSearchAssociationStatus is the status of any
+ auto-linking to Enterprise Search.
+ type: string
+ health:
+ description: Health of the deployment.
+ type: string
+ monitoringAssociationStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: MonitoringAssociationStatus is the status of any auto-linking
+ to monitoring Elasticsearch clusters.
+ type: object
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the most recent generation observed for this Kibana instance.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Kibana
+ controller has not yet processed the changes contained in the Kibana specification.
+ format: int64
+ type: integer
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Kibana version
+ jsonPath: .spec.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Kibana represents a Kibana resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KibanaSpec holds the specification of a Kibana instance.
+ properties:
+ config:
+ description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of Kibana instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster
+ running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Kibana.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes
+ Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this
+ service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Kibana Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations,
+ affinity rules, resource requests, and so on) for the Kibana pods
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes
+ secrets containing sensitive configuration options for Kibana.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ version:
+ description: Version of Kibana.
+ type: string
+ type: object
+ status:
+ description: KibanaStatus defines the observed state of Kibana
+ properties:
+ associationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: KibanaHealth expresses the status of the Kibana instances.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: to not break compatibility when upgrading from previous versions
+ of the CRD
+ type: object
+ served: false
+ storage: false
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: logstashes.logstash.k8s.elastic.co
+spec:
+ group: logstash.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Logstash
+ listKind: LogstashList
+ plural: logstashes
+ shortNames:
+ - ls
+ singular: logstash
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Health
+ jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: available
+ type: integer
+ - description: Expected nodes
+ jsonPath: .status.expectedNodes
+ name: expected
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ - description: Logstash version
+ jsonPath: .status.version
+ name: version
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Logstash is the Schema for the logstashes API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: LogstashSpec defines the desired state of Logstash
+ properties:
+ config:
+ description: Config holds the Logstash configuration. At most one
+ of [`Config`, `ConfigRef`] can be specified.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: |-
+ ConfigRef contains a reference to an existing Kubernetes Secret holding the Logstash configuration.
+ Logstash settings must be specified as yaml, under a single "logstash.yml" entry. At most one of [`Config`, `ConfigRef`]
+ can be specified.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ format: int32
+ type: integer
+ elasticsearchRefs:
+ description: ElasticsearchRefs are references to Elasticsearch clusters
+ running in the same Kubernetes cluster.
+ items:
+ description: ElasticsearchCluster is a named reference to an Elasticsearch
+ cluster which can be used in a Logstash pipeline.
+ properties:
+ clusterName:
+ description: |-
+ ClusterName is an alias for the cluster to be used to refer to the Elasticsearch cluster in Logstash
+ configuration files, and will be used to identify "named clusters" in Logstash
+ minLength: 1
+ type: string
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults
+ to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ required:
+ - clusterName
+ type: object
+ type: array
+ image:
+ description: Image is the Logstash Docker image to deploy. Version
+ and Type have to match the Logstash in the image.
+ type: string
+ monitoring:
+ description: |-
+ Monitoring enables you to collect and ship log and monitoring data of this Logstash.
+ Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different
+ Elasticsearch monitoring clusters running in the same Kubernetes cluster.
+ properties:
+ logs:
+ description: Logs holds references to Elasticsearch clusters which
+ receive log data from an associated resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ metrics:
+ description: Metrics holds references to Elasticsearch clusters
+ which receive monitoring data from this resource.
+ properties:
+ elasticsearchRefs:
+ description: |-
+ ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster.
+ Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: |-
+ ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator
+ or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding
+ to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If
+ empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of an existing Kubernetes secret that contains connection information for associating an
+ Elastic resource not managed by the operator.
+ The referenced secret must contain the following:
+ - `url`: the URL to reach the Elastic resource
+ - `username`: the username of the user to be authenticated to the Elastic resource
+ - `password`: the password of the user to be authenticated to the Elastic resource
+ - `ca.crt`: the CA certificate in PEM format (optional)
+ - `api-key`: the key to authenticate against the Elastic resource instead of a username and password (supported only for `elasticsearchRefs` in AgentSpec and in BeatSpec)
+ This field cannot be used in combination with the other fields name, namespace or serviceName.
+ type: string
+ serviceName:
+ description: |-
+ ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced
+ object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of
+ the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ pipelines:
+ description: Pipelines holds the Logstash Pipelines. At most one of
+ [`Pipelines`, `PipelinesRef`] can be specified.
+ items:
+ type: object
+ type: array
+ x-kubernetes-preserve-unknown-fields: true
+ pipelinesRef:
+ description: |-
+ PipelinesRef contains a reference to an existing Kubernetes Secret holding the Logstash Pipelines.
+ Logstash pipelines must be specified as yaml, under a single "pipelines.yml" entry. At most one of [`Pipelines`, `PipelinesRef`]
+ can be specified.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ podTemplate:
+ description: PodTemplate provides customisation options for the Logstash
+ pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain
+ to allow rollback in the underlying StatefulSet.
+ format: int32
+ type: integer
+ secureSettings:
+ description: |-
+ SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Logstash.
+ Secrets data can be then referenced in the Logstash config using the Secret's keys or as specified in `Entries` field of
+ each SecureSetting.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is used to check access from the current resource to Elasticsearch resource in a different namespace.
+ Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ services:
+ description: |-
+ Services contains details of services that Logstash should expose - similar to the HTTP layer configuration for the
+ rest of the stack, but also applicable for more use cases than the metrics API, as logstash may need to
+ be opened up for other services: Beats, TCP, UDP, etc, inputs.
+ items:
+ properties:
+ name:
+ type: string
+ service:
+ description: Service defines the template for the associated
+ Kubernetes Service object.
+ properties:
+ metadata:
+ description: |-
+ ObjectMeta is the metadata of the service.
+ The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: |-
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically
+ allocated for services with type LoadBalancer. Default is "true". It
+ may be set to "false" if the cluster load-balancer does not rely on
+ NodePorts. If the caller requests specific NodePorts (by specifying a
+ value), those requests will be respected, regardless of this field.
+ This field may only be set for services with type LoadBalancer and will
+ be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: |-
+ clusterIP is the IP address of the service and is usually assigned
+ randomly. If an address is specified manually, is in-range (as per
+ system configuration), and is not in use, it will be allocated to the
+ service; otherwise creation of the service will fail. This field may not
+ be changed through updates unless the type field is also being changed
+ to ExternalName (which requires this field to be blank) or the type
+ field is being changed from ExternalName (in which case this field may
+ optionally be specified, as describe above). Valid values are "None",
+ empty string (""), or a valid IP address. Setting this to "None" makes a
+ "headless service" (no virtual IP), which is useful when direct endpoint
+ connections are preferred and proxying is not required. Only applies to
+ types ClusterIP, NodePort, and LoadBalancer. If this field is specified
+ when creating a Service of type ExternalName, creation will fail. This
+ field will be wiped when updating a Service to type ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ clusterIPs:
+ description: |-
+ ClusterIPs is a list of IP addresses assigned to this service, and are
+ usually assigned randomly. If an address is specified manually, is
+ in-range (as per system configuration), and is not in use, it will be
+ allocated to the service; otherwise creation of the service will fail.
+ This field may not be changed through updates unless the type field is
+ also being changed to ExternalName (which requires this field to be
+ empty) or the type field is being changed from ExternalName (in which
+ case this field may optionally be specified, as describe above). Valid
+ values are "None", empty string (""), or a valid IP address. Setting
+ this to "None" makes a "headless service" (no virtual IP), which is
+ useful when direct endpoint connections are preferred and proxying is
+ not required. Only applies to types ClusterIP, NodePort, and
+ LoadBalancer. If this field is specified when creating a Service of type
+ ExternalName, creation will fail. This field will be wiped when updating
+ a Service to type ExternalName. If this field is not specified, it will
+ be initialized from the clusterIP field. If this field is specified,
+ clients must ensure that clusterIPs[0] and clusterIP have the same
+ value.
+
+ This field may hold a maximum of two entries (dual-stack IPs, in either order).
+ These IPs must correspond to the values of the ipFamilies field. Both
+ clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: |-
+ externalIPs is a list of IP addresses for which nodes in the cluster
+ will also accept traffic for this service. These IPs are not managed by
+ Kubernetes. The user is responsible for ensuring that traffic arrives
+ at a node with this IP. A common example is external load-balancers
+ that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalName:
+ description: |-
+ externalName is the external reference that discovery mechanisms will
+ return as an alias for this service (e.g. a DNS CNAME record). No
+ proxying will be involved. Must be a lowercase RFC-1123 hostname
+ (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: |-
+ externalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: |-
+ healthCheckNodePort specifies the healthcheck nodePort for the service.
+ This only applies when type is set to LoadBalancer and
+ externalTrafficPolicy is set to Local. If a value is specified, is
+ in-range, and is not in use, it will be used. If not specified, a value
+ will be automatically allocated. External systems (e.g. load-balancers)
+ can use this port to determine if a given node holds endpoints for this
+ service or not. If this field is specified when creating a Service
+ which does not need it, creation will fail. This field will be wiped
+ when updating a Service to no longer need it (e.g. changing type).
+ This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: |-
+ InternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on the ClusterIP. If set to "Local", the proxy will assume that pods
+ only want to talk to endpoints of the service on the same node as the pod,
+ dropping the traffic if there are no local endpoints. The default value,
+ "Cluster", uses the standard behavior of routing to all endpoints evenly
+ (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: |-
+ IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
+ service. This field is usually assigned automatically based on cluster
+ configuration and the ipFamilyPolicy field. If this field is specified
+ manually, the requested family is available in the cluster,
+ and ipFamilyPolicy allows it, it will be used; otherwise creation of
+ the service will fail. This field is conditionally mutable: it allows
+ for adding or removing a secondary IP family, but it does not allow
+ changing the primary IP family of the Service. Valid values are "IPv4"
+ and "IPv6". This field only applies to Services of types ClusterIP,
+ NodePort, and LoadBalancer, and does apply to "headless" services.
+ This field will be wiped when updating a Service to type ExternalName.
+
+ This field may hold a maximum of two entries (dual-stack families, in
+ either order). These families must correspond to the values of the
+ clusterIPs field, if specified. Both clusterIPs and ipFamilies are
+ governed by the ipFamilyPolicy field.
+ items:
+ description: |-
+ IPFamily represents the IP Family (IPv4 or IPv6). This type is used
+ to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: |-
+ IPFamilyPolicy represents the dual-stack-ness requested or required by
+ this Service. If there is no value provided, then this field will be set
+ to SingleStack. Services can be "SingleStack" (a single IP family),
+ "PreferDualStack" (two IP families on dual-stack configured clusters or
+ a single IP family on single-stack clusters), or "RequireDualStack"
+ (two IP families on dual-stack configured clusters, otherwise fail). The
+ ipFamilies and clusterIPs fields depend on the value of this field. This
+ field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: |-
+ loadBalancerClass is the class of the load balancer implementation this Service belongs to.
+ If specified, the value of this field must be a label-style identifier, with an optional prefix,
+ e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
+ This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
+ balancer implementation is used, today this is typically done through the cloud provider integration,
+ but should apply for any default implementation. If set, it is assumed that a load balancer
+ implementation is watching for Services with a matching class. Any default load balancer
+ implementation (e.g. cloud providers) should ignore Services that set this field.
+ This field can only be set when creating or updating a Service to type 'LoadBalancer'.
+ Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ Deprecated: This field was under-specified and its meaning varies across implementations.
+ Using it is non-portable and it may not support dual-stack.
+ Users are encouraged to use implementation-specific annotations when available.
+ type: string
+ loadBalancerSourceRanges:
+ description: |-
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider
+ load-balancer will be restricted to the specified client IPs. This field will be ignored if the
+ cloud-provider does not support the feature."
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ports:
+ description: |-
+ The list of ports that are exposed by this service.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ items:
+ description: ServicePort contains information on service's
+ port.
+ properties:
+ appProtocol:
+ description: |-
+ The application protocol for this port.
+ This is used as a hint for implementations to offer richer behavior for protocols that they understand.
+ This field follows standard Kubernetes label syntax.
+ Valid values are either:
+
+ * Un-prefixed protocol names - reserved for IANA standard service names (as per
+ RFC-6335 and https://www.iana.org/assignments/service-names).
+
+ * Kubernetes-defined prefixed names:
+ * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
+ * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+ * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+ * Other protocols should use implementation-defined prefixed names such as
+ mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: |-
+ The name of this port within the service. This must be a DNS_LABEL.
+ All ports within a ServiceSpec must have unique names. When considering
+ the endpoints for a Service, this must match the 'name' field in the
+ EndpointPort.
+ Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by
+ this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: |-
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
+ Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: |-
+ publishNotReadyAddresses indicates that any agent which deals with endpoints for this
+ Service should disregard any indications of ready/not-ready.
+ The primary use case for setting this field is for a StatefulSet's Headless Service to
+ propagate SRV DNS records for its Pods for the purpose of peer discovery.
+ The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
+ Services interpret this to mean that all endpoints are considered "ready" even if the
+ Pods themselves are not. Agents which consume only Kubernetes generated endpoints
+ through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: |-
+ Route service traffic to pods with label keys and values matching this
+ selector. If empty or not present, the service is assumed to have an
+ external process managing its endpoints, which Kubernetes will not
+ modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
+ Ignored if type is ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: |-
+ Supports "ClientIP" and "None". Used to maintain session affinity.
+ Enable client IP based session affinity.
+ Must be ClientIP or None.
+ Defaults to None.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations
+ of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations
+ of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds specifies the seconds of ClientIP type session sticky time.
+ The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
+ Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ trafficDistribution:
+ description: |-
+ TrafficDistribution offers a way to express preferences for how traffic
+ is distributed to Service endpoints. Implementations can use this field
+ as a hint, but are not required to guarantee strict adherence. If the
+ field is not set, the implementation will apply its default routing
+ strategy. If set to "PreferClose", implementations should prioritize
+ endpoints that are in the same zone.
+ type: string
+ type:
+ description: |-
+ type determines how the Service is exposed. Defaults to ClusterIP. Valid
+ options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
+ "ClusterIP" allocates a cluster-internal IP address for load-balancing
+ to endpoints. Endpoints are determined by the selector or if that is not
+ specified, by manual construction of an Endpoints object or
+ EndpointSlice objects. If clusterIP is "None", no virtual IP is
+ allocated and the endpoints are published as a set of endpoints rather
+ than a virtual IP.
+ "NodePort" builds on ClusterIP and allocates a port on every node which
+ routes to the same endpoints as the clusterIP.
+ "LoadBalancer" builds on NodePort and creates an external load-balancer
+ (if supported in the current cloud) which routes to the same endpoints
+ as the clusterIP.
+ "ExternalName" aliases this service to the specified externalName.
+ Several other fields do not apply to ExternalName services.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: |-
+ Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS.
+ The referenced secret should contain the following:
+
+ - `ca.crt`: The certificate authority (optional).
+ - `tls.crt`: The certificate (or a chain).
+ - `tls.key`: The private key to the first certificate in the certificate chain.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the
+ self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning
+ of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs
+ to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN
+ entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ type: array
+ updateStrategy:
+ description: UpdateStrategy is a StatefulSetUpdateStrategy. The default
+ type is "RollingUpdate".
+ properties:
+ rollingUpdate:
+ description: RollingUpdate is used to communicate parameters when
+ Type is RollingUpdateStatefulSetStrategyType.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of pods that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+ Absolute number is calculated from percentage by rounding up. This can not be 0.
+ Defaults to 1. This field is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to
+ Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it
+ will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ partition:
+ description: |-
+ Partition indicates the ordinal at which the StatefulSet should be partitioned
+ for updates. During a rolling update, all pods from ordinal Replicas-1 to
+ Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched.
+ This is helpful in being able to do a canary based deployment. The default value is 0.
+ format: int32
+ type: integer
+ type: object
+ type:
+ description: |-
+ Type indicates the type of the StatefulSetUpdateStrategy.
+ Default is RollingUpdate.
+ type: string
+ type: object
+ version:
+ description: Version of the Logstash.
+ type: string
+ volumeClaimTemplates:
+ description: |-
+ VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod.
+ Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate.
+ Items defined here take precedence over any default claims added by the operator with the same name.
+ items:
+ description: PersistentVolumeClaim is a user's request for and claim
+ to a persistent volume
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ spec defines the desired characteristics of a volume requested by a pod author.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to consider
+ for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string or nil value indicates that no
+ VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,
+ this field can be reset to its previous value (including nil) to cancel the modification.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the
+ PersistentVolume backing this claim.
+ type: string
+ type: object
+ status:
+ description: |-
+ status represents the current information/status of a persistent volume claim.
+ Read-only.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the actual access modes the volume backing the PVC has.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ allocatedResourceStatuses:
+ additionalProperties:
+ description: |-
+ When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource
+ that it does not recognizes, then it should ignore that update and let other controllers
+ handle it.
+ type: string
+ description: "allocatedResourceStatuses stores status of
+ resource being resized for the given PVC.\nKey names follow
+ standard Kubernetes label syntax. Valid values are either:\n\t*
+ Un-prefixed keys:\n\t\t- storage - the capacity of the
+ volume.\n\t* Custom resources must use implementation-defined
+ prefixed names such as \"example.com/my-custom-resource\"\nApart
+ from above values - keys that are unprefixed or have kubernetes.io
+ prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus
+ can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState
+ set when resize controller starts resizing the volume
+ in control-plane.\n\t- ControllerResizeFailed:\n\t\tState
+ set when resize has failed in resize controller with a
+ terminal error.\n\t- NodeResizePending:\n\t\tState set
+ when resize controller has finished resizing the volume
+ but further resizing of\n\t\tvolume is needed on the node.\n\t-
+ NodeResizeInProgress:\n\t\tState set when kubelet starts
+ resizing the volume.\n\t- NodeResizeFailed:\n\t\tState
+ set when resizing has failed in kubelet with a terminal
+ error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor
+ example: if expanding a PVC for more capacity - this field
+ can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage']
+ = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage']
+ = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage']
+ = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage']
+ = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage']
+ = \"NodeResizeFailed\"\nWhen this field is not set, it
+ means that no resize operation is in progress for the
+ given PVC.\n\nA controller that receives PVC update with
+ previously unknown resourceName or ClaimResourceStatus\nshould
+ ignore the update for the purpose it was designed. For
+ example - a controller that\nonly is responsible for resizing
+ capacity of the volume, should ignore PVC updates that
+ change other valid\nresources associated with PVC.\n\nThis
+ is an alpha field and requires enabling RecoverVolumeExpansionFailure
+ feature."
+ type: object
+ x-kubernetes-map-type: granular
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: "allocatedResources tracks the resources allocated
+ to a PVC including its capacity.\nKey names follow standard
+ Kubernetes label syntax. Valid values are either:\n\t*
+ Un-prefixed keys:\n\t\t- storage - the capacity of the
+ volume.\n\t* Custom resources must use implementation-defined
+ prefixed names such as \"example.com/my-custom-resource\"\nApart
+ from above values - keys that are unprefixed or have kubernetes.io
+ prefix are considered\nreserved and hence may not be used.\n\nCapacity
+ reported here may be larger than the actual capacity when
+ a volume expansion operation\nis requested.\nFor storage
+ quota, the larger value from allocatedResources and PVC.spec.resources
+ is used.\nIf allocatedResources is not set, PVC.spec.resources
+ alone is used for quota calculation.\nIf a volume expansion
+ capacity request is lowered, allocatedResources is only\nlowered
+ if there are no expansion operations in progress and if
+ the actual volume capacity\nis equal or lower than the
+ requested capacity.\n\nA controller that receives PVC
+ update with previously unknown resourceName\nshould ignore
+ the update for the purpose it was designed. For example
+ - a controller that\nonly is responsible for resizing
+ capacity of the volume, should ignore PVC updates that
+ change other valid\nresources associated with PVC.\n\nThis
+ is an alpha field and requires enabling RecoverVolumeExpansionFailure
+ feature."
+ type: object
+ capacity:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: capacity represents the actual resources of
+ the underlying volume.
+ type: object
+ conditions:
+ description: |-
+ conditions is the current Condition of persistent volume claim. If underlying persistent volume is being
+ resized then the Condition will be set to 'Resizing'.
+ items:
+ description: PersistentVolumeClaimCondition contains details
+ about state of pvc
+ properties:
+ lastProbeTime:
+ description: lastProbeTime is the time we probed the
+ condition.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime is the time the condition
+ transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message is the human-readable message
+ indicating details about last transition.
+ type: string
+ reason:
+ description: |-
+ reason is a unique, this should be a short, machine understandable string that gives the reason
+ for condition's last transition. If it reports "Resizing" that means the underlying
+ persistent volume is being resized.
+ type: string
+ status:
+ description: |-
+ Status is the status of the condition.
+ Can be True, False, Unknown.
+ More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required
+ type: string
+ type:
+ description: |-
+ Type is the type of the condition.
+ More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ currentVolumeAttributesClassName:
+ description: |-
+ currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.
+ When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
+ type: string
+ modifyVolumeStatus:
+ description: |-
+ ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
+ When this is unset, there is no ModifyVolume operation being attempted.
+ properties:
+ status:
+ description: "status is the status of the ControllerModifyVolume
+ operation. It can be in any of following states:\n
+ - Pending\n Pending indicates that the PersistentVolumeClaim
+ cannot be modified due to unmet requirements, such
+ as\n the specified VolumeAttributesClass not existing.\n
+ - InProgress\n InProgress indicates that the volume
+ is being modified.\n - Infeasible\n Infeasible indicates
+ that the request has been rejected as invalid by the
+ CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass
+ needs to be specified.\nNote: New statuses can be
+ added in the future. Consumers should check for unknown
+ statuses and fail appropriately."
+ type: string
+ targetVolumeAttributesClassName:
+ description: targetVolumeAttributesClassName is the
+ name of the VolumeAttributesClass the PVC currently
+ being reconciled
+ type: string
+ required:
+ - status
+ type: object
+ phase:
+ description: phase represents the current phase of PersistentVolumeClaim.
+ type: string
+ type: object
+ type: object
+ type: array
+ required:
+ - version
+ type: object
+ status:
+ description: LogstashStatus defines the observed state of Logstash
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ elasticsearchAssociationsStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: ElasticsearchAssociationStatus is the status of any auto-linking
+ to Elasticsearch clusters.
+ type: object
+ expectedNodes:
+ format: int32
+ type: integer
+ health:
+ type: string
+ monitoringAssociationStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: MonitoringAssociationStatus is the status of any auto-linking
+ to monitoring Elasticsearch clusters.
+ type: object
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the most recent generation observed for this Logstash instance.
+ It corresponds to the metadata generation, which is updated on mutation by the API Server.
+ If the generation observed in status diverges from the generation in metadata, the Logstash
+ controller has not yet processed the changes contained in the Logstash specification.
+ format: int64
+ type: integer
+ selector:
+ type: string
+ version:
+ description: |-
+ Version of the stack resource currently running. During version upgrades, multiple versions may run
+ in parallel: this value specifies the lowest version currently running.
+ type: string
+ required:
+ - selector
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.expectedNodes
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.19.0
+ helm.sh/resource-policy: keep
+ labels:
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ app.kubernetes.io/name: '{{ include "eck-operator-crds.name" . }}'
+ app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
+ helm.sh/chart: '{{ include "eck-operator-crds.chart" . }}'
+ name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co
+spec:
+ group: stackconfigpolicy.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: StackConfigPolicy
+ listKind: StackConfigPolicyList
+ plural: stackconfigpolicies
+ shortNames:
+ - scp
+ singular: stackconfigpolicy
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Resources configured
+ jsonPath: .status.readyCount
+ name: Ready
+ type: string
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: StackConfigPolicy represents a StackConfigPolicy resource in
+ a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ elasticsearch:
+ properties:
+ clusterSettings:
+ description: ClusterSettings holds the Elasticsearch cluster settings
+ (/_cluster/settings)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ config:
+ description: Config holds the settings that go into elasticsearch.yml.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ indexLifecyclePolicies:
+ description: IndexLifecyclePolicies holds the Index Lifecycle
+ policies settings (/_ilm/policy)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ indexTemplates:
+ description: IndexTemplates holds the Index and Component Templates
+ settings
+ properties:
+ componentTemplates:
+ description: ComponentTemplates holds the Component Templates
+ settings (/_component_template)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ composableIndexTemplates:
+ description: ComposableIndexTemplates holds the Index Templates
+ settings (/_index_template)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ ingestPipelines:
+ description: IngestPipelines holds the Ingest Pipelines settings
+ (/_ingest/pipeline)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ secretMounts:
+ description: SecretMounts are additional Secrets that need to
+ be mounted into the Elasticsearch pods.
+ items:
+ description: SecretMount contains information about additional
+ secrets to be mounted to the elasticsearch pods
+ properties:
+ mountPath:
+ description: MountPath denotes the path to which the secret
+ should be mounted to inside the elasticsearch pod
+ type: string
+ secretName:
+ description: SecretName denotes the name of the secret that
+ needs to be mounted to the elasticsearch pod
+ type: string
+ type: object
+ type: array
+ x-kubernetes-preserve-unknown-fields: true
+ secureSettings:
+ description: SecureSettings are additional Secrets that contain
+ data to be configured to Elasticsearch's keystore.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ x-kubernetes-preserve-unknown-fields: true
+ securityRoleMappings:
+ description: SecurityRoleMappings holds the Role Mappings settings
+ (/_security/role_mapping)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ snapshotLifecyclePolicies:
+ description: SnapshotLifecyclePolicies holds the Snapshot Lifecycle
+ Policies settings (/_slm/policy)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ snapshotRepositories:
+ description: SnapshotRepositories holds the Snapshot Repositories
+ settings (/_snapshot)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ kibana:
+ properties:
+ config:
+ description: Config holds the settings that go into kibana.yml.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ secureSettings:
+ description: SecureSettings are additional Secrets that contain
+ data to be configured to Kibana's keystore.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ resourceSelector:
+ description: |-
+ A label selector is a label query over a set of resources. The result of matchLabels and
+ matchExpressions are ANDed. An empty label selector matches all objects. A null
+ label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ secureSettings:
+ description: 'Deprecated: SecureSettings only applies to Elasticsearch
+ and is deprecated. It must be set per application instead.'
+ items:
+ description: SecretSource defines a data source based on a Kubernetes
+ Secret.
+ properties:
+ entries:
+ description: |-
+ Entries define how to project each key-value pair in the secret to filesystem paths.
+ If not defined, all keys will be projected to similarly named paths in the filesystem.
+ If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret
+ object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: |-
+ Path is the relative file path to map the key to.
+ Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ type: object
+ status:
+ properties:
+ details:
+ additionalProperties:
+ additionalProperties:
+ description: ResourcePolicyStatus models the status of the policy
+ for one resource to be configured.
+ properties:
+ currentVersion:
+ description: |-
+ CurrentVersion denotes the current version of filesettings applied to the Elasticsearch cluster
+ This field does not apply to Kibana resources
+ format: int64
+ type: integer
+ error:
+ properties:
+ message:
+ type: string
+ version:
+ format: int64
+ type: integer
+ type: object
+ expectedVersion:
+ description: |-
+ ExpectedVersion denotes the expected version of filesettings that should be applied to the Elasticsearch cluster
+ This field does not apply to Kibana resources
+ format: int64
+ type: integer
+ phase:
+ type: string
+ type: object
+ type: object
+ description: Details holds the status details for each resource to
+ be configured.
+ type: object
+ errors:
+ description: Errors is the number of resources which have an incorrect
+ configuration
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration is the most recent generation observed
+ for this StackConfigPolicy.
+ format: int64
+ type: integer
+ phase:
+ description: Phase is the phase of the StackConfigPolicy.
+ type: string
+ ready:
+ description: Ready is the number of resources successfully configured.
+ type: integer
+ readyCount:
+ description: ReadyCount is a human representation of the number of
+ resources successfully configured.
+ type: string
+ resources:
+ description: Resources is the number of resources to be configured.
+ type: integer
+ resourcesStatuses:
+ additionalProperties:
+ description: ResourcePolicyStatus models the status of the policy
+ for one resource to be configured.
+ properties:
+ currentVersion:
+ description: |-
+ CurrentVersion denotes the current version of filesettings applied to the Elasticsearch cluster
+ This field does not apply to Kibana resources
+ format: int64
+ type: integer
+ error:
+ properties:
+ message:
+ type: string
+ version:
+ format: int64
+ type: integer
+ type: object
+ expectedVersion:
+ description: |-
+ ExpectedVersion denotes the expected version of filesettings that should be applied to the Elasticsearch cluster
+ This field does not apply to Kibana resources
+ format: int64
+ type: integer
+ phase:
+ type: string
+ type: object
+ description: |-
+ ResourcesStatuses holds the status for each resource to be configured.
+ Deprecated: Details is used to store the status of resources from ECK 2.11
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/values.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/values.yaml
new file mode 100644
index 00000000..f3fd8bd5
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/charts/eck-operator-crds/values.yaml
@@ -0,0 +1,7 @@
+# Globals meant for internal use only
+global:
+ # manifestGen specifies whether the chart is running under manifest generator.
+ # This is used for tasks specific to generating the all-in-one.yaml file.
+ manifestGen: false
+ # kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml.
+ kubeVersion: 1.21.0
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/profile-disable-automounting-api.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/profile-disable-automounting-api.yaml
new file mode 100644
index 00000000..50f97157
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/profile-disable-automounting-api.yaml
@@ -0,0 +1,29 @@
+automountServiceAccountToken: false
+
+serviceAccount:
+ automountServiceAccountToken: false
+
+volumeMounts:
+- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+ name: serviceaccount-token
+ readOnly: true
+
+volumes:
+- name: serviceaccount-token
+ projected:
+ defaultMode: 0444
+ sources:
+ - serviceAccountToken:
+ expirationSeconds: 3607
+ path: token
+ - configMap:
+ name: kube-root-ca.crt
+ items:
+ - key: ca.crt
+ path: ca.crt
+ - downwardAPI:
+ items:
+ - path: namespace
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/profile-global.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/profile-global.yaml
new file mode 100644
index 00000000..286f8c9e
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/profile-global.yaml
@@ -0,0 +1,6 @@
+managedNamespaces: []
+
+createClusterScopedResources: true
+
+webhook:
+ enabled: true
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/profile-istio.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/profile-istio.yaml
new file mode 100644
index 00000000..c968ba02
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/profile-istio.yaml
@@ -0,0 +1,11 @@
+managedNamespaces: []
+
+createClusterScopedResources: true
+
+webhook:
+ enabled: true
+
+podAnnotations:
+ sidecar.istio.io/inject: "true"
+ traffic.sidecar.istio.io/includeInboundPorts: "*"
+ traffic.sidecar.istio.io/excludeInboundPorts: "9443"
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/profile-restricted.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/profile-restricted.yaml
new file mode 100644
index 00000000..640d00f3
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/profile-restricted.yaml
@@ -0,0 +1,12 @@
+managedNamespaces: ["elastic-system"]
+
+createClusterScopedResources: false
+
+config:
+ # no RBAC access to cluster-wide storage classes, hence disable storage class validation
+ validateStorageClass: false
+
+installCRDs: false
+
+webhook:
+ enabled: false
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/profile-soft-multi-tenancy.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/profile-soft-multi-tenancy.yaml
new file mode 100644
index 00000000..8ac79514
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/profile-soft-multi-tenancy.yaml
@@ -0,0 +1,18 @@
+managedNamespaces: ["team-a", "team-b"]
+
+createClusterScopedResources: true
+
+refs:
+ enforceRBAC: true
+
+webhook:
+ enabled: true
+ namespaceSelector:
+ matchExpressions:
+ - key: "eck.k8s.elastic.co/tenant"
+ operator: In
+ values: ["team-a", "team-b"]
+
+
+softMultiTenancy:
+ enabled: true
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/NOTES.txt b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/NOTES.txt
new file mode 100644
index 00000000..e25ea9ea
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/NOTES.txt
@@ -0,0 +1,2 @@
+1. Inspect the operator logs by running the following command:
+ kubectl logs -n {{ .Release.Namespace }} sts/{{ .Release.Name }}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/_helpers.tpl b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/_helpers.tpl
new file mode 100644
index 00000000..ddfd8b75
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/_helpers.tpl
@@ -0,0 +1,383 @@
+{{/*
+Expand the name of the chart.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "eck-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "eck-operator.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "eck-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "eck-operator.labels" -}}
+{{- include "eck-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+helm.sh/chart: {{ include "eck-operator.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "eck-operator.selectorLabels" -}}
+{{- if .Values.global.manifestGen -}}
+control-plane: elastic-operator
+{{- else -}}
+app.kubernetes.io/name: {{ include "eck-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "eck-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "eck-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine effective Kubernetes version
+*/}}
+{{- define "eck-operator.effectiveKubeVersion" -}}
+{{- if .Values.global.manifestGen -}}
+{{- semver .Values.global.kubeVersion -}}
+{{- else -}}
+{{- .Capabilities.KubeVersion.Version -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine the name for the webhook
+*/}}
+{{- define "eck-operator.webhookName" -}}
+{{- if .Values.global.manifestGen -}}
+elastic-webhook.k8s.elastic.co
+{{- else -}}
+{{- $name := include "eck-operator.name" . -}}
+{{ printf "%s.%s.k8s.elastic.co" $name .Release.Namespace }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine the name for the webhook secret
+*/}}
+{{- define "eck-operator.webhookSecretName" -}}
+{{- if .Values.global.manifestGen -}}
+elastic-webhook-server-cert
+{{- else if .Values.webhook.certsSecret -}}
+{{- .Values.webhook.certsSecret }}
+{{- else -}}
+{{- $name := include "eck-operator.name" . -}}
+{{ printf "%s-webhook-cert" $name | trunc 63 }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine the name for the webhook service
+*/}}
+{{- define "eck-operator.webhookServiceName" -}}
+{{- if .Values.global.manifestGen -}}
+elastic-webhook-server
+{{- else -}}
+{{- $name := include "eck-operator.name" . -}}
+{{ printf "%s-webhook" $name | trunc 63 }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine the metrics port
+*/}}
+{{- define "eck-operator.metrics.port" -}}
+{{- if .Values.config.metrics.port -}}
+{{- .Values.config.metrics.port -}}
+{{- else if .Values.config.metricsPort -}}
+{{- .Values.config.metricsPort -}}
+{{- else -}}
+0
+{{- end -}}
+{{- end -}}
+
+
+
+{{/*
+RBAC permissions
+NOTE - any changes made to RBAC permissions below require
+updating docs/operating-eck/eck-permissions.asciidoc file.
+*/}}
+{{- define "eck-operator.rbacRules" -}}
+- apiGroups:
+ - "authorization.k8s.io"
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ resourceNames:
+ - elastic-operator-leader
+ verbs:
+ - get
+ - watch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - endpoints
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - events
+ - persistentvolumeclaims
+ - secrets
+ - services
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - statefulsets
+ - daemonsets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - elasticsearch.k8s.elastic.co
+ resources:
+ - elasticsearches
+ - elasticsearches/status
+ - elasticsearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - autoscaling.k8s.elastic.co
+ resources:
+ - elasticsearchautoscalers
+ - elasticsearchautoscalers/status
+ - elasticsearchautoscalers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - kibana.k8s.elastic.co
+ resources:
+ - kibanas
+ - kibanas/status
+ - kibanas/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - apm.k8s.elastic.co
+ resources:
+ - apmservers
+ - apmservers/status
+ - apmservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - enterprisesearch.k8s.elastic.co
+ resources:
+ - enterprisesearches
+ - enterprisesearches/status
+ - enterprisesearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - beat.k8s.elastic.co
+ resources:
+ - beats
+ - beats/status
+ - beats/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - agent.k8s.elastic.co
+ resources:
+ - agents
+ - agents/status
+ - agents/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - maps.k8s.elastic.co
+ resources:
+ - elasticmapsservers
+ - elasticmapsservers/status
+ - elasticmapsservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - stackconfigpolicy.k8s.elastic.co
+ resources:
+ - stackconfigpolicies
+ - stackconfigpolicies/status
+ - stackconfigpolicies/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - logstash.k8s.elastic.co
+ resources:
+ - logstashes
+ - logstashes/status
+ - logstashes/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+{{- end -}}
+
+{{/*
+RBAC permissions on non-namespaced resources
+*/}}
+{{- define "eck-operator.clusterWideRbacRules" -}}
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+{{- end -}}
+
+{{/*
+RBAC permissions to read node labels
+*/}}
+{{- define "eck-operator.readNodeLabelsRbacRule" -}}
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+{{- end -}}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/cluster-roles.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/cluster-roles.yaml
new file mode 100644
index 00000000..dbd0fba3
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/cluster-roles.yaml
@@ -0,0 +1,121 @@
+{{- if and (not .Values.createClusterScopedResources) (.Values.config.metrics.secureMode.enabled) -}}
+{{ fail "createClusterScopedResources is required to set config.metrics.secureMode.enabled to true" }}
+{{- end }}
+{{- if .Values.createClusterScopedResources -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+rules:
+{{ template "eck-operator.rbacRules" . | toYaml | indent 2 }}
+{{ template "eck-operator.clusterWideRbacRules" . | toYaml | indent 2 }}
+{{ if .Values.config.exposedNodeLabels }}
+{{ template "eck-operator.readNodeLabelsRbacRule" . | toYaml | indent 2 }}
+{{ end -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: "{{ include "eck-operator.name" . }}-view"
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ {{- include "eck-operator.labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["elasticsearch.k8s.elastic.co"]
+ resources: ["elasticsearches"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["autoscaling.k8s.elastic.co"]
+ resources: ["elasticsearchautoscalers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["apm.k8s.elastic.co"]
+ resources: ["apmservers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["kibana.k8s.elastic.co"]
+ resources: ["kibanas"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["enterprisesearch.k8s.elastic.co"]
+ resources: ["enterprisesearches"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["beat.k8s.elastic.co"]
+ resources: ["beats"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["agent.k8s.elastic.co"]
+ resources: ["agents"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["maps.k8s.elastic.co"]
+ resources: ["elasticmapsservers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
+ resources: ["stackconfigpolicies"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["logstash.k8s.elastic.co"]
+ resources: ["logstashes"]
+ verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: "{{ include "eck-operator.name" . }}-edit"
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ {{- include "eck-operator.labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["elasticsearch.k8s.elastic.co"]
+ resources: ["elasticsearches"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["autoscaling.k8s.elastic.co"]
+ resources: ["elasticsearchautoscalers"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["apm.k8s.elastic.co"]
+ resources: ["apmservers"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["kibana.k8s.elastic.co"]
+ resources: ["kibanas"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["enterprisesearch.k8s.elastic.co"]
+ resources: ["enterprisesearches"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["beat.k8s.elastic.co"]
+ resources: ["beats"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["agent.k8s.elastic.co"]
+ resources: ["agents"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["maps.k8s.elastic.co"]
+ resources: ["elasticmapsservers"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
+ resources: ["stackconfigpolicies"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["logstash.k8s.elastic.co"]
+ resources: ["logstashes"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+{{- if .Values.config.metrics.secureMode.enabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+ name: "{{ include "eck-operator.fullname" . }}-metrics-auth-role"
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+{{- end }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/configmap.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/configmap.yaml
new file mode 100644
index 00000000..7582f8e6
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/configmap.yaml
@@ -0,0 +1,88 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+data:
+ eck.yaml: |-
+ {{- $metricsPort := int (include "eck-operator.metrics.port" .)}}
+ log-verbosity: {{ int .Values.config.logVerbosity }}
+ {{- if and .Values.config.metrics.secureMode.enabled (eq $metricsPort 0) }}
+ {{- fail "config.metrics.port must be greater than 0 when config.metrics.secureMode.enabled is true" }}
+ {{- end }}
+ metrics-port: {{ $metricsPort }}
+ metrics-secure: {{ .Values.config.metrics.secureMode.enabled }}
+ container-registry: {{ .Values.config.containerRegistry }}
+ {{- with .Values.config.containerSuffix }}
+ container-suffix: {{ . }}
+ {{- end }}
+ {{- with .Values.config.containerRepository }}
+ container-repository: {{ . }}
+ {{- end }}
+ max-concurrent-reconciles: {{ int .Values.config.maxConcurrentReconciles }}
+ {{- with .Values.config.passwordHashCacheSize }}
+ password-hash-cache-size: {{ int . }}
+ {{- end }}
+ ca-cert-validity: {{ .Values.config.caValidity }}
+ ca-cert-rotate-before: {{ .Values.config.caRotateBefore }}
+ {{- with .Values.config.caDir }}
+ ca-dir: {{ . }}
+ {{- end }}
+ cert-validity: {{ .Values.config.certificatesValidity }}
+ cert-rotate-before: {{ .Values.config.certificatesRotateBefore }}
+ disable-config-watch: {{ .Values.config.disableConfigWatch }}
+ {{- with .Values.config.exposedNodeLabels }}
+ exposed-node-labels: [{{ join "," . }}]
+ {{- end }}
+ {{- with .Values.config.ipFamily }}
+ ip-family: {{ . }}
+ {{- end }}
+ set-default-security-context: {{ .Values.config.setDefaultSecurityContext }}
+ kube-client-timeout: {{ .Values.config.kubeClientTimeout }}
+ {{- with .Values.config.kubeClientQPS }}
+ kube-client-qps: {{ int . }}
+ {{- end }}
+ elasticsearch-client-timeout: {{ .Values.config.elasticsearchClientTimeout }}
+ disable-telemetry: {{ .Values.telemetry.disabled }}
+ distribution-channel: {{ .Values.telemetry.distributionChannel }}
+ {{- with .Values.telemetry.interval }}
+ telemetry-interval: {{ . }}
+ {{- end }}
+ validate-storage-class: {{ .Values.config.validateStorageClass }}
+ {{- if .Values.tracing.enabled }}
+ enable-tracing: true
+ {{- end }}
+ {{- if .Values.refs.enforceRBAC }}
+ enforce-rbac-on-refs: true
+ {{- end }}
+ enable-webhook: {{ .Values.webhook.enabled }}
+ {{- if .Values.webhook.enabled }}
+ webhook-name: {{ include "eck-operator.webhookName" . }}
+ {{- if not .Values.webhook.manageCerts }}
+ manage-webhook-certs: false
+ webhook-cert-dir: {{ .Values.webhook.certsDir }}
+ {{- end }}
+ webhook-port: {{ .Values.webhook.port }}
+ {{- end }}
+ {{- with .Values.managedNamespaces }}
+ namespaces: [{{ join "," . }}]
+ {{- end }}
+ operator-namespace: {{ .Release.Namespace }}
+ enable-leader-election: {{ .Values.config.enableLeaderElection }}
+ elasticsearch-observation-interval: {{ .Values.config.elasticsearchObservationInterval }}
+ {{- if not .Values.config.containerSuffix }}
+ ubi-only: {{ .Values.config.ubiOnly }}
+ {{- end }}
+ {{- with .Values.webhook.certsSecret }}
+ webhook-secret: {{ . }}
+ {{- end }}
+ {{- $passwordLength := int (dig "policies" "passwords" "length" 0 .Values.config) }}
+ {{- with $passwordLength }}
+ {{- if or (lt $passwordLength 6) (gt $passwordLength 72) }}
+ {{- fail "config.policies.passwords.length must be >= 6 and <= 72" }}
+ {{- end }}
+ password-length: {{ $passwordLength }}
+ {{- end }}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/managed-namespaces.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/managed-namespaces.yaml
new file mode 100644
index 00000000..91deaf21
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/managed-namespaces.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.softMultiTenancy.enabled -}}
+{{- range .Values.managedNamespaces }}
+{{- $namespace := . }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+{{- end -}}
+{{- end -}}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/managed-ns-network-policy.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/managed-ns-network-policy.yaml
new file mode 100644
index 00000000..23fc1e3a
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/managed-ns-network-policy.yaml
@@ -0,0 +1,228 @@
+{{- if .Values.softMultiTenancy.enabled -}}
+{{- $fullName := include "eck-operator.fullname" . -}}
+{{- $name := include "eck-operator.name" . -}}
+{{- range .Values.managedNamespaces -}}
+{{- $namespace := . }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: "{{ $name }}-elasticsearch"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ egress:
+ # Transport port
+ - ports:
+ - port: 9300
+ to:
+ # Elasticsearch within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+ ingress:
+ # HTTP Port
+ - ports:
+ - port: 9200
+ from:
+ # Operator
+ - namespaceSelector:
+ matchLabels:
+ name: "{{ $.Release.Namespace }}"
+ podSelector:
+ matchLabels:
+ {{- include "eck-operator.selectorLabels" $ | nindent 14 }}
+ # Within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ # Transport port
+ - ports:
+ - port: 9300
+ from:
+ # Within namespace (from other Elasticsearch nodes)
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: "{{ $name }}-kibana"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "kibana"
+ egress:
+ # Elasticsearch HTTP port
+ - ports:
+ - port: 9200
+ to:
+ # Elasticsearch within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+ ingress:
+ # HTTP Port
+ - ports:
+ - port: 5601
+ from:
+ # Within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: "{{ $name }}-apm-server"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "apm-server"
+ egress:
+ # Elasticsearch HTTP port
+ - ports:
+ - port: 9200
+ to:
+ # Elasticsearch within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ # Kibana HTTP port
+ - ports:
+ - port: 5601
+ to:
+ # Kibana within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "kibana"
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+ ingress:
+ # HTTP Port
+ - ports:
+ - port: 8200
+ from:
+ # Within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: "{{ $name }}-enterprise-search"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "enterprise-search"
+ egress:
+ # Elasticsearch HTTP port
+ - ports:
+ - port: 9200
+ to:
+ # Elasticsearch within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+ ingress:
+ # HTTP Port
+ - ports:
+ - port: 3002
+ from:
+ # Within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: "{{ $name }}-beats"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "beat"
+ egress:
+ # Elasticsearch HTTP port
+ - ports:
+ - port: 9200
+ to:
+ # Elasticsearch within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+ # Kibana HTTP port
+ - ports:
+ - port: 5601
+ to:
+ # Kibana within namespace
+ - namespaceSelector:
+ matchLabels:
+ eck.k8s.elastic.co/tenant: {{ $namespace }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "kibana"
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+{{- end }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/metrics-service.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/metrics-service.yaml
new file mode 100644
index 00000000..53bdc02b
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/metrics-service.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.config.metrics.secureMode.enabled }}
+{{- $metricsPort := int (include "eck-operator.metrics.port" .)}}
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/name: {{ include "eck-operator.name" . }}-metrics-service
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+ helm.sh/chart: {{ include "eck-operator.chart" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ name: "{{ include "eck-operator.fullname" . }}-metrics"
+ namespace: {{ .Release.Namespace }}
+spec:
+ ports:
+ - name: https
+ port: {{ $metricsPort }}
+ protocol: TCP
+ targetPort: metrics
+ selector:
+ {{- include "eck-operator.selectorLabels" . | nindent 4 }}
+{{- end }}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/operator-namespace.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/operator-namespace.yaml
new file mode 100644
index 00000000..07123b70
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/operator-namespace.yaml
@@ -0,0 +1,9 @@
+{{- if (and .Values.global.manifestGen .Values.global.createOperatorNamespace) -}}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: {{ .Release.Namespace }}
+ labels:
+ name: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/operator-network-policy.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/operator-network-policy.yaml
new file mode 100644
index 00000000..ad74156d
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/operator-network-policy.yaml
@@ -0,0 +1,59 @@
+{{- if .Values.softMultiTenancy.enabled -}}
+{{- $kubeAPIServerIP := (required "kubeAPIServerIP is required" .Values.kubeAPIServerIP) -}}
+{{- $metricsPort := int (include "eck-operator.metrics.port" .)}}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ .Release.Namespace}}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "eck-operator.selectorLabels" . | nindent 6 }}
+ egress:
+ # DNS
+ - ports:
+ - port: 53
+ protocol: UDP
+ to: []
+ # API server
+ - ports:
+ - port: 443
+ to:
+ - ipBlock:
+ cidr: "{{ $kubeAPIServerIP }}/32"
+ # Elasticsearch
+ - ports:
+ - port: 9200
+ to:
+ - namespaceSelector:
+ matchExpressions:
+ - key: "eck.k8s.elastic.co/tenant"
+ operator: In
+ values:
+ {{- range .Values.managedNamespaces }}
+ - {{ . }}
+ {{- end }}
+ podSelector:
+ matchLabels:
+ common.k8s.elastic.co/type: "elasticsearch"
+{{- if or .Values.webhook.enabled (gt $metricsPort 0) }}
+ ingress:
+{{- if .Values.webhook.enabled }}
+ - ports:
+ - port: {{ .Values.webhook.port }}
+ from:
+ - ipBlock:
+ cidr: "{{ $kubeAPIServerIP }}/32"
+{{- end }}
+{{- if gt $metricsPort 0 }}
+ # Metrics
+ - ports:
+ - port: {{ $metricsPort }}
+ from: []
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/pdb.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/pdb.yaml
new file mode 100644
index 00000000..42b494a3
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/pdb.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.podDisruptionBudget.enabled }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+spec:
+ {{- with .Values.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ . }}
+ {{- end }}
+ {{- with .Values.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ . }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "eck-operator.selectorLabels" . | nindent 6 }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/podMonitor.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/podMonitor.yaml
new file mode 100644
index 00000000..8e073cd3
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/podMonitor.yaml
@@ -0,0 +1,42 @@
+{{- $metricsPort := int (include "eck-operator.metrics.port" .)}}
+{{- if and .Values.config.metrics.secureMode.enabled (eq $metricsPort 0) }}
+{{- fail "config.metrics.port must be greater than 0 when config.metrics.secureMode.enabled is true" }}
+{{- end }}
+{{- if and .Values.podMonitor.enabled (gt $metricsPort 0) }}
+{{- if and .Values.podMonitor.enabled .Values.config.metrics.secureMode.enabled }}
+{{- fail "podMonitor and config.metrics.secureMode are mutually exclusive" }}
+{{- end }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ ternary .Values.podMonitor.namespace .Release.Namespace (not (and (.Values.podMonitor) (empty .Values.podMonitor.namespace))) }}
+ labels: {{- include "eck-operator.labels" . | nindent 4 }}
+ {{- with .Values.podMonitor.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.podMonitor.annotations }}
+ annotations: {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- with .Values.podMonitor.podTargetLabels }}
+ podTargetLabels: {{- toYaml . | nindent 4 }}
+ {{- end }}
+ podMetricsEndpoints:
+ - port: metrics
+ path: /metrics
+ {{- with .Values.podMonitor.interval }}
+ interval: {{ . }}
+ {{- end }}
+ {{- with .Values.podMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ . }}
+ {{- end }}
+ {{- with .Values.podMonitor.podMetricsEndpointConfig }}
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ selector:
+ matchLabels: {{- include "eck-operator.selectorLabels" . | nindent 6 }}
+{{- end }}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/role-bindings.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/role-bindings.yaml
new file mode 100644
index 00000000..0db9f278
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/role-bindings.yaml
@@ -0,0 +1,98 @@
+{{- $operatorNSIsManaged := has .Release.Namespace .Values.managedNamespaces -}}
+{{- $fullName := include "eck-operator.fullname" . -}}
+{{- $svcAccount := include "eck-operator.serviceAccountName" . }}
+{{- $enableSecureMetrics := .Values.config.metrics.secureMode.enabled -}}
+
+{{- if not .Values.createClusterScopedResources }}
+{{- range .Values.managedNamespaces }}
+{{- $namespace := . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: "{{ $fullName }}"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+rules:
+{{ template "eck-operator.rbacRules" $ | toYaml | indent 2 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: "{{ $fullName }}"
+ namespace: {{ $namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: "{{ $fullName }}"
+subjects:
+- kind: ServiceAccount
+ name: {{ $svcAccount }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }} {{- /* end of range over managed namespaces */}}
+{{- /* If createClusterScopedResources is false and operator namespace is not in the managed namespaces list, create additional role binding */}}
+{{- if not $operatorNSIsManaged }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ $fullName }}
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+rules:
+{{ template "eck-operator.rbacRules" $ | toYaml | indent 2 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: "{{ $fullName }}"
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: "{{ $fullName }}"
+subjects:
+- kind: ServiceAccount
+ name: {{ $svcAccount }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }} {{- /* end of operator role binding if operator namespace is not managed */}}
+{{- else }} {{- /* we can create cluster-scoped resources so just create a cluster role binding */}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ $fullName }}
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ $fullName }}
+subjects:
+- kind: ServiceAccount
+ name: {{ $svcAccount }}
+ namespace: {{ $.Release.Namespace }}
+{{- if $enableSecureMetrics }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ {{- include "eck-operator.labels" $ | nindent 4 }}
+ name: "{{ include "eck-operator.fullname" . }}-metrics-auth-rolebinding"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: "{{ include "eck-operator.fullname" . }}-metrics-auth-role"
+subjects:
+- kind: ServiceAccount
+ name: {{ $svcAccount }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/service-account.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/service-account.yaml
new file mode 100644
index 00000000..f91acdcc
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/service-account.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.serviceAccount.create }}
+---
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+metadata:
+ name: {{ include "eck-operator.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+{{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/service-monitor.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/service-monitor.yaml
new file mode 100644
index 00000000..0d4a3d9c
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/service-monitor.yaml
@@ -0,0 +1,34 @@
+{{- if and .Values.config.metrics.secureMode.enabled .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ ternary .Values.serviceMonitor.namespace .Release.Namespace (not (and (.Values.serviceMonitor) (empty .Values.serviceMonitor.namespace))) }}
+ labels: {{- include "eck-operator.labels" . | nindent 4 }}
+spec:
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ include "eck-operator.name" . }}-metrics-service
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ endpoints:
+ - port: https
+ path: /metrics
+ scheme: https
+ interval: 30s
+ tlsConfig:
+ {{- $insecureSkipVerify := (ternary .Values.config.metrics.secureMode.tls.insecureSkipVerify .Values.serviceMonitor.insecureSkipVerify (hasKey .Values.config.metrics.secureMode.tls "insecureSkipVerify")) }}
+ insecureSkipVerify: {{ $insecureSkipVerify }}
+ {{- if (not $insecureSkipVerify) }}
+ {{- $caMountDirectory := or (.Values.config.metrics.secureMode.tls.caMountDirectory) (.Values.serviceMonitor.caMountDirectory) -}}
+ {{- $leading_path := trimSuffix "/" $caMountDirectory }}
+ {{- $caSecret := or (.Values.config.metrics.secureMode.tls.caSecret) (.Values.serviceMonitor.caSecret) -}}
+ {{- with $caSecret }}
+ caFile: "{{ $leading_path }}/{{ . }}/ca.crt"
+ {{- end }}
+ serverName: "{{ include "eck-operator.fullname" . }}-metrics.{{ .Release.Namespace }}.svc"
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+{{- end }}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/statefulset.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/statefulset.yaml
new file mode 100644
index 00000000..c607d8a3
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/statefulset.yaml
@@ -0,0 +1,162 @@
+---
+{{- $metricsPort := int (include "eck-operator.metrics.port" .)}}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "eck-operator.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ {{- with .Values.statefulsetAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+ {{- with .Values.statefulsetLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "eck-operator.selectorLabels" . | nindent 6 }}
+ serviceName: {{ include "eck-operator.fullname" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ annotations:
+ # Rename the fields "error" to "error.message" and "source" to "event.source"
+ # This is to avoid a conflict with the ECS "error" and "source" documents.
+ "co.elastic.logs/raw": "[{\"type\":\"filestream\",\"enabled\":true,\"id\":\"eck-container-logs-${data.kubernetes.container.id}\",\"paths\":[\"/var/log/containers/*${data.kubernetes.container.id}.log\"],\"parsers\":[{\"container\":{}},{\"ndjson\":{\"keys_under_root\":true}}],\"prospector.scanner.symlinks\":true,\"processors\":[{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"error\",\"to\":\"_error\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_error\",\"to\":\"error.message\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"source\",\"to\":\"_source\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_source\",\"to\":\"event.source\"}]}}]}]"
+ "checksum/config": {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- with .Values.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "eck-operator.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ terminationGracePeriodSeconds: 10
+ serviceAccountName: {{ include "eck-operator.serviceAccountName" . }}
+ automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
+ {{- with .Values.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
+ {{- with .Values.podSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ containers:
+ - image: "{{ .Values.image.repository }}{{- if .Values.config.ubiOnly -}}-ubi{{- end -}}{{- if .Values.image.fips -}}-fips{{- end -}}:{{ default .Chart.AppVersion .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ name: manager
+ args:
+ - "manager"
+ - "--config=/conf/eck.yaml"
+ {{- with .Values.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ env:
+ - name: OPERATOR_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ {{- if .Values.webhook.enabled }}
+ - name: WEBHOOK_SECRET
+ value: {{ include "eck-operator.webhookSecretName" . }}
+ {{- end }}
+ {{- with .Values.env }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- if .Values.tracing.enabled -}}
+ {{- range $name, $value := .Values.tracing.config }}
+ - name: {{ $name }}
+ value: {{ $value }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.resources }}
+ resources:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.webhook.enabled (gt $metricsPort 0) }}
+ ports:
+ {{- if (gt $metricsPort 0) }}
+ - containerPort: {{ $metricsPort }}
+ name: metrics
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.webhook.enabled }}
+ - containerPort: {{ .Values.webhook.port }}
+ name: https-webhook
+ protocol: TCP
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: "/conf"
+ name: conf
+ readOnly: true
+ {{- if .Values.webhook.enabled }}
+ - mountPath: {{ .Values.webhook.certsDir }}
+ name: cert
+ readOnly: true
+ {{- end }}
+ {{- if .Values.config.metrics.secureMode.tls.certificateSecret }}
+ - mountPath: "/tmp/k8s-metrics-server/serving-certs"
+ name: tls-certificate
+ readOnly: true
+ {{- end }}
+ {{- with .Values.volumeMounts }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ volumes:
+ - name: conf
+ configMap:
+ name: {{ include "eck-operator.fullname" . }}
+ {{- if .Values.webhook.enabled }}
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: {{ include "eck-operator.webhookSecretName" . }}
+ {{- end }}
+ {{- if .Values.config.metrics.secureMode.tls.certificateSecret }}
+ - name: tls-certificate
+ secret:
+ defaultMode: 420
+ secretName: {{ .Values.config.metrics.secureMode.tls.certificateSecret }}
+ {{- end }}
+ {{- with .Values.volumes }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.hostNetwork }}
+ hostNetwork: true
+ {{- end }}
+ {{- if .Values.dnsPolicy }}
+ dnsPolicy: {{ .Values.dnsPolicy }}
+ {{- else if .Values.hostNetwork }}
+ dnsPolicy: ClusterFirstWithHostNet
+ {{- end }}
+ {{- with .Values.dnsConfig }}
+ dnsConfig:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/validate-chart.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/validate-chart.yaml
new file mode 100644
index 00000000..326b70bc
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/validate-chart.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.softMultiTenancy.enabled -}}
+ {{- if has .Release.Namespace .Values.managedNamespaces -}}
+ {{- fail "Operator namespace cannot be in managed namespaces when soft multi-tenancy is enabled" -}}
+ {{- end -}}
+
+ {{- if empty .Values.managedNamespaces -}}
+ {{- fail "Managed namespaces must be defined when soft multi-tenancy is enabled" -}}
+ {{- end -}}
+
+ {{- if empty .Values.kubeAPIServerIP -}}
+ {{- fail "Soft multi-tenancy requires kubeAPIServerIP to be defined" -}}
+ {{- end -}}
+{{- end -}}
+
+{{- if (not .Values.createClusterScopedResources) -}}
+ {{- if .Values.webhook.enabled -}}
+ {{- fail "Webhook cannot be enabled when cluster-scoped resource creation is disabled" -}}
+ {{- end -}}
+
+ {{- if .Values.config.validateStorageClass -}}
+ {{- fail "Storage class validation cannot be enabled when cluster-scoped resource creation is disabled" -}}
+ {{- end -}}
+{{- end -}}
+
+{{- if (not .Values.config.enableLeaderElection) -}}
+ {{- if gt (int .Values.replicaCount) 1 -}}
+ {{- fail "Leader election must be enabled with more than one replica" -}}
+ {{- end -}}
+{{- end -}}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/templates/webhook.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/webhook.yaml
new file mode 100644
index 00000000..e31df165
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/templates/webhook.yaml
@@ -0,0 +1,473 @@
+{{- if .Values.webhook.enabled -}}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: {{ include "eck-operator.webhookName" . }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+{{- with .Values.webhook.certManagerCert }}
+ annotations:
+ cert-manager.io/inject-ca-from: "{{ $.Release.Namespace }}/{{ . }}"
+{{- end }}
+webhooks:
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-agent-k8s-elastic-co-v1alpha1-agent
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-agent-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - agent.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - agents
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-apm-k8s-elastic-co-v1-apmserver
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-apm-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - apm.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - apmservers
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-apm-k8s-elastic-co-v1beta1-apmserver
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-apm-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - apm.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - apmservers
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-beat-k8s-elastic-co-v1beta1-beat
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-beat-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - beat.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - beats
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-enterprisesearch-k8s-elastic-co-v1-enterprisesearch
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-ent-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - enterprisesearch.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - enterprisesearches
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-enterprisesearch-k8s-elastic-co-v1beta1-enterprisesearch
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-ent-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - enterprisesearch.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - enterprisesearches
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-elasticsearch-k8s-elastic-co-v1-elasticsearch
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-es-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - elasticsearch.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - elasticsearches
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-elasticsearch-k8s-elastic-co-v1beta1-elasticsearch
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-es-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - elasticsearch.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - elasticsearches
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-ems-k8s-elastic-co-v1alpha1-mapsservers
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-ems-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - maps.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - mapsservers
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-kibana-k8s-elastic-co-v1-kibana
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-kb-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - kibana.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kibanas
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-kibana-k8s-elastic-co-v1beta1-kibana
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-kb-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - kibana.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kibanas
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-autoscaling-k8s-elastic-co-v1alpha1-elasticsearchautoscaler
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-esa-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - autoscaling.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - elasticsearchautoscalers
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-scp-k8s-elastic-co-v1alpha1-stackconfigpolicies
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-scp-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - stackconfigpolicy.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - stackconfigpolicies
+- clientConfig:
+ {{- if and (not .Values.webhook.manageCerts) (not .Values.webhook.certManagerCert) }}
+ caBundle: {{ .Values.webhook.caBundle }}
+ {{- end }}
+ service:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-logstash-k8s-elastic-co-v1alpha1-logstash
+ failurePolicy: {{ .Values.webhook.failurePolicy }}
+{{- with .Values.webhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with .Values.webhook.objectSelector }}
+ objectSelector:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+ name: elastic-logstash-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - logstash.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - logstashes
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "eck-operator.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+spec:
+ ports:
+ - name: https
+ port: 443
+ targetPort: {{ .Values.webhook.port }}
+ selector:
+ {{- include "eck-operator.selectorLabels" . | nindent 4 }}
+{{- if .Values.webhook.manageCerts }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "eck-operator.webhookSecretName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "eck-operator.labels" . | nindent 4 }}
+{{- end }}
+{{- end -}}
diff --git a/packs/elastic-operator-3.2.0/charts/eck-operator/values.yaml b/packs/elastic-operator-3.2.0/charts/eck-operator/values.yaml
new file mode 100644
index 00000000..adc48be3
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/charts/eck-operator/values.yaml
@@ -0,0 +1,377 @@
+# nameOverride is the short name for the deployment. Leave empty to let Helm generate a name using chart values.
+nameOverride: "elastic-operator"
+
+# fullnameOverride is the full name for the deployment. Leave empty to let Helm generate a name using chart values.
+fullnameOverride: "elastic-operator"
+
+# managedNamespaces is the set of namespaces that the operator manages. Leave empty to manage all namespaces.
+managedNamespaces: []
+
+# installCRDs determines whether Custom Resource Definitions (CRD) are installed by the chart.
+# Note that CRDs are global resources and require cluster admin privileges to install.
+# If you are sharing a cluster with other users who may want to install ECK on their own namespaces, setting this to true can have unintended consequences.
+# 1. Upgrades will overwrite the global CRDs and could disrupt the other users of ECK who may be running a different version.
+# 2. Uninstalling the chart will delete the CRDs and potentially cause Elastic resources deployed by other users to be removed as well.
+installCRDs: true
+
+# replicaCount is the number of operator pods to run.
+replicaCount: 1
+
+image:
+ # repository is the container image prefixed by the registry name.
+ repository: docker.elastic.co/eck/eck-operator
+ # pullPolicy is the container image pull policy.
+ pullPolicy: IfNotPresent
+ # tag is the container image tag. If not defined, defaults to chart appVersion.
+ tag: null
+ # fips specifies whether the operator will use a FIPS compliant container image for its own StatefulSet image.
+ # This setting does not apply to Elastic Stack applications images.
+ # Can be combined with config.ubiOnly.
+ fips: false
+
+# priorityClassName defines the PriorityClass to be used by the operator pods.
+priorityClassName: ""
+
+# imagePullSecrets defines the secrets to use when pulling the operator container image.
+imagePullSecrets: []
+
+# resources define the container resource limits for the operator.
+resources:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+
+# statefulsetAnnotations define the annotations that should be added to the operator StatefulSet.
+statefulsetAnnotations: {}
+
+# statefulsetLabels define additional labels that should be added to the operator StatefulSet.
+statefulsetLabels: {}
+
+# podAnnotations define the annotations that should be added to the operator pod.
+podAnnotations: {}
+
+## podLabels define additional labels that should be added to the operator pod.
+podLabels: {}
+
+# podSecurityContext defines the pod security context for the operator pod.
+podSecurityContext:
+ runAsNonRoot: true
+
+# securityContext defines the security context of the operator container.
+securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+
+# nodeSelector defines the node selector for the operator pod.
+nodeSelector: {}
+
+# tolerations defines the node tolerations for the operator pod.
+tolerations: []
+
+# affinity defines the node affinity rules for the operator pod.
+affinity: {}
+
+# podDisruptionBudget configures the minimum or the maxium available pods for voluntary disruptions,
+# set to either an integer (e.g. 1) or a percentage value (e.g. 25%).
+podDisruptionBudget:
+ enabled: false
+ minAvailable: 1
+ # maxUnavailable: 3
+
+# additional environment variables for the operator container.
+env: []
+
+# additional volume mounts for the operator container.
+volumeMounts: []
+
+# additional volumes to add to the operator pod.
+volumes: []
+
+# createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created.
+createClusterScopedResources: true
+
+# Automount API credentials for the Service Account into the pod.
+automountServiceAccountToken: true
+
+serviceAccount:
+ # create specifies whether a service account should be created for the operator.
+ create: true
+ # Specifies whether a service account should automount API credentials.
+ automountServiceAccountToken: true
+ # annotations to add to the service account
+ annotations: {}
+ # name of the service account to use. If not set and create is true, a name is generated using the fullname template.
+ name: ""
+
+tracing:
+ # enabled specifies whether APM tracing is enabled for the operator.
+ enabled: false
+ # config is a map of APM Server configuration variables that should be set in the environment.
+ config:
+ ELASTIC_APM_SERVER_URL: http://localhost:8200
+ ELASTIC_APM_SERVER_TIMEOUT: 30s
+
+refs:
+ # enforceRBAC specifies whether RBAC should be enforced for cross-namespace associations between resources.
+ enforceRBAC: false
+
+webhook:
+ # enabled determines whether the webhook is installed.
+ enabled: true
+ # caBundle is the PEM-encoded CA trust bundle for the webhook certificate. Only required if manageCerts is false and certManagerCert is null.
+ caBundle: Cg==
+ # certManagerCert is the name of the cert-manager certificate to use with the webhook.
+ certManagerCert: null
+ # certsDir is the directory to mount the certificates.
+ certsDir: "/tmp/k8s-webhook-server/serving-certs"
+ # failurePolicy of the webhook.
+ failurePolicy: Ignore
+ # manageCerts determines whether the operator manages the webhook certificates automatically.
+ manageCerts: true
+ # namespaceSelector corresponds to the namespaceSelector property of the webhook.
+ # Setting this restricts the webhook to act only on objects submitted to namespaces that match the selector.
+ namespaceSelector: {}
+ # objectSelector corresponds to the objectSelector property of the webhook.
+ # Setting this restricts the webhook to act only on objects that match the selector.
+ objectSelector: {}
+ # port is the port that the validating webhook binds to.
+ port: 9443
+ # secret specifies the Kubernetes secret to be mounted into the path designated by the certsDir value to be used for webhook certificates.
+ certsSecret: ""
+
+# hostNetwork allows a Pod to use the Node network namespace.
+# This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled.
+# If hostNetwork is enabled, dnsPolicy defaults to ClusterFirstWithHostNet unless explicitly set.
+# CAUTION: Proceed at your own risk. This setting has security concerns such as allowing malicious users to access workloads running on the host.
+hostNetwork: false
+
+# dnsPolicy defines the DNS policy for the operator pod.
+# Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy for more details.
+dnsPolicy: ""
+
+# dnsConfig defines the DNS configuration for the operator pod.
+# Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for more details.
+# dnsConfig:
+# nameservers:
+# - 169.254.20.10
+# searches:
+# - svc.cluster.local
+# options:
+# - name: ndots
+# value: "2"
+dnsConfig: {}
+
+softMultiTenancy:
+ # enabled determines whether the operator is installed with soft multi-tenancy extensions.
+ # This requires network policies to be enabled on the Kubernetes cluster.
+ enabled: false
+
+# kubeAPIServerIP is required when softMultiTenancy is enabled.
+kubeAPIServerIP: null
+
+telemetry:
+ # disabled determines whether the operator periodically updates ECK telemetry data for Kibana to consume.
+ disabled: false
+ # distributionChannel denotes which distribution channel was used to install the operator.
+ distributionChannel: "helm"
+
+# config values for the operator.
+config:
+ # logVerbosity defines the logging level. Valid values are as follows:
+ # -2: Errors only
+ # -1: Errors and warnings
+ # 0: Errors, warnings, and information
+ # number greater than 0: Errors, warnings, information, and debug details.
+ logVerbosity: "0"
+
+ # (Deprecated: use metrics.port: will be removed in v2.14.0) metricsPort defines the port to expose operator metrics. Set to 0 to disable metrics reporting.
+ metricsPort: 0
+
+ metrics:
+ # port defines the port to expose operator metrics. Set to 0 to disable metrics reporting.
+ port: "0"
+ # secureMode contains the options for enabling and configuring RBAC and TLS/HTTPs for the metrics endpoint.
+ secureMode:
+ # secureMode.enabled specifies whether to enable RBAC and TLS/HTTPs for the metrics endpoint.
+ # * This option makes most sense when using a ServiceMonitor to scrape the metrics and is therefore mutually exclusive with the podMonitor.enabled option.
+ # * This option also requires using cluster scoped resources (ClusterRole, ClusterRoleBinding) to
+ # grant access to the /metrics endpoint. (createClusterScopedResources: true is required)
+ #
+ enabled: false
+ tls:
+ # certificateSecret is the name of the tls secret containing the custom TLS certificate and key for the secure metrics endpoint.
+ #
+ # * This is an optional setting and is only required if you are using a custom TLS certificate. A self-signed certificate will be generated by default.
+ # * TLS secret key must be named tls.crt.
+ # * TLS key's secret key must be named tls.key.
+ # * It is assumed to be in the same namespace as the ServiceMonitor.
+ #
+ # example: kubectl create secret tls eck-metrics-tls-certificate -n elastic-system \
+ # --cert=/path/to/tls.crt --key=/path/to/tls.key
+ certificateSecret: ""
+
+ # containerRegistry to use for pulling Elasticsearch and other application container images.
+ containerRegistry: docker.elastic.co
+
+ # containerRepository to use for pulling Elasticsearch and other application container images.
+ # containerRepository: ""
+
+ # containerSuffix suffix to be appended to container images by default. Cannot be combined with -ubiOnly flag
+ # containerSuffix: ""
+
+ # maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller.
+ maxConcurrentReconciles: "3"
+
+ # caValidity defines the validity period of the CA certificates generated by the operator.
+ caValidity: 8760h
+
+ # caRotateBefore defines when to rotate a CA certificate that is due to expire.
+ caRotateBefore: 24h
+
+ # caDir defines the directory containing a CA certificate (tls.crt) and its associated private key (tls.key) to be used for all managed resources.
+ # Setting this makes caRotateBefore and caValidity values ineffective.
+ caDir: ""
+
+ # certificatesValidity defines the validity period of certificates generated by the operator.
+ certificatesValidity: 8760h
+
+ # certificatesRotateBefore defines when to rotate a certificate that is due to expire.
+ certificatesRotateBefore: 24h
+
+ # disableConfigWatch specifies whether the operator watches the configuration file for changes.
+ disableConfigWatch: false
+
+ # exposedNodeLabels is an array of regular expressions of node labels which are allowed to be copied as annotations on Elasticsearch Pods.
+ exposedNodeLabels:
+ ["topology.kubernetes.io/.*", "failure-domain.beta.kubernetes.io/.*"]
+
+ # ipFamily specifies the IP family to use. Possible values: IPv4, IPv6 and "" (auto-detect)
+ ipFamily: ""
+
+ # setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator.
+ # *note* that the default option now is "auto-detect" to attempt to set this properly automatically when both running
+ # in an openshift cluster, and a standard kubernetes cluster. Valid values are as follows:
+ # "auto-detect" : auto detect
+ # "true" : set pod security context when creating resources.
+ # "false" : do not set pod security context when creating resources.
+ setDefaultSecurityContext: "auto-detect"
+
+ # kubeClientTimeout sets the request timeout for Kubernetes API calls made by the operator.
+ kubeClientTimeout: 60s
+
+ # elasticsearchClientTimeout sets the request timeout for Elasticsearch API calls made by the operator.
+ elasticsearchClientTimeout: 180s
+
+ # policies contains policies for the operator, currently only password generation policies are supported.
+ policies: {}
+ # passwords:
+ # length: 24
+
+ # validateStorageClass specifies whether storage classes volume expansion support should be verified.
+ # Can be disabled if cluster-wide storage class RBAC access is not available.
+ validateStorageClass: true
+
+ # enableLeaderElection specifies whether leader election should be enabled
+ enableLeaderElection: true
+
+ # Interval between observations of Elasticsearch health, non-positive values disable asynchronous observation.
+ elasticsearchObservationInterval: 10s
+
+ # ubiOnly specifies whether the operator will use only UBI container images to deploy Elastic Stack applications as well as for its own StatefulSet image. UBI images are only available from 7.10.0 onward.
+ # Cannot be combined with the containerSuffix value.
+ ubiOnly: false
+
+# Prometheus PodMonitor configuration
+# Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor
+podMonitor:
+ # enabled determines whether a podMonitor should deployed to scrape the eck metrics.
+ # This requires the prometheus operator and the config.metrics.port not to be 0
+ enabled: false
+
+ # labels adds additional labels to the podMonitor
+ labels: {}
+
+ # annotations adds additional annotations to the podMonitor
+ annotations: {}
+
+ # namespace determines in which namespace the podMonitor will be deployed.
+ # If not set the podMonitor will be created in the namespace where the Helm release is installed into
+ # namespace: monitoring
+
+ # interval specifies the interval at which metrics should be scraped
+ interval: 5m
+
+ # scrapeTimeout specifies the timeout after which the scrape is ended
+ scrapeTimeout: 30s
+
+ # podTargetLabels transfers labels on the Kubernetes Pod onto the target.
+ podTargetLabels: []
+
+ # podMetricsEndpointConfig allows to add an extended configuration to the podMonitor
+ podMetricsEndpointConfig: {}
+ # honorTimestamps: true
+
+# Prometheus ServiceMonitor configuration
+# Only used when config.enableSecureMetrics is true
+# Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#servicemonitor
+serviceMonitor:
+ # This option requires the following settings within Prometheus to function:
+ # 1. RBAC settings for the Prometheus instance to access the metrics endpoint.
+ #
+ # - nonResourceURLs:
+ # - /metrics
+ # verbs:
+ # - get
+ #
+ # 2. If using the Prometheus Operator and your Prometheus instance is not in the same namespace as the operator you will need
+ # the Prometheus Operator configured with the following Helm values:
+ #
+ # prometheus:
+ # prometheusSpec:
+ # serviceMonitorNamespaceSelector: {}
+ # serviceMonitorSelectorNilUsesHelmValues: false
+ #
+ # allows to disable the serviceMonitor, enabled by default for backwards compatibility
+ enabled: true
+ # namespace determines in which namespace the serviceMonitor will be deployed.
+ # If not set the serviceMonitor will be created in the namespace where the Helm release is installed into
+ # namespace: monitoring
+ # caSecret is the name of the secret containing the custom CA certificate used to generate the custom TLS certificate for the secure metrics endpoint.
+ #
+ # * This *must* be the name of the secret containing the CA certificate used to sign the custom TLS certificate for the metrics endpoint.
+ # * This secret *must* be in the same namespace as the Prometheus instance that will scrape the metrics.
+ # * If using the Prometheus operator this secret must be within the `spec.secrets` field of the `Prometheus` custom resource such that it is mounted into the Prometheus pod at `caMountDirectory`, which defaults to /etc/prometheus/secrets/{secret-name}.
+ # * This is an optional setting and is only required if you are using a custom TLS certificate.
+ # * Key must be named ca.crt.
+ #
+ # example: kubectl create secret generic eck-metrics-tls-ca -n monitoring \
+ # --from-file=ca.crt=/path/to/ca.pem
+ caSecret: ""
+ # caMountDirectory is the directory at which the CA certificate is mounted within the Prometheus pod.
+ #
+ # * You should only need to adjust this if you are *not* using the Prometheus operator.
+ caMountDirectory: "/etc/prometheus/secrets/"
+ # insecureSkipVerify specifies whether to skip verification of the TLS certificate for the secure metrics endpoint.
+ #
+ # * If this setting is set to false, then the following settings are required:
+ # - certificateSecret
+ # - caSecret
+ insecureSkipVerify: true
+
+# Globals meant for internal use only
+global:
+ # manifestGen specifies whether the chart is running under manifest generator.
+ # This is used for tasks specific to generating the all-in-one.yaml file.
+ manifestGen: false
+ # createOperatorNamespace defines whether the operator namespace manifest should be generated when in manifestGen mode.
+ # Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests).
+ createOperatorNamespace: true
+ # kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml.
+ kubeVersion: 1.21.0
diff --git a/packs/elastic-operator-3.2.0/logo.png b/packs/elastic-operator-3.2.0/logo.png
new file mode 100644
index 00000000..fa70b78d
Binary files /dev/null and b/packs/elastic-operator-3.2.0/logo.png differ
diff --git a/packs/elastic-operator-3.2.0/pack.json b/packs/elastic-operator-3.2.0/pack.json
new file mode 100644
index 00000000..1f71c5e0
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/pack.json
@@ -0,0 +1,39 @@
+{
+ "addonType": "logging",
+ "annotations": {
+ "commit_msg": "Elastic Cloud on Kubernetes (ECK) operator",
+ "source": "community",
+ "contributor" : "spectrocloud"
+ },
+ "charts": [
+ "charts/eck-operator-3.2.0.tgz"
+ ],
+ "cloudTypes": [
+ "all"
+ ],
+ "displayName": "ECK Operator",
+ "layer":"addon",
+ "name": "elastic-operator",
+ "version": "3.2.0",
+ "constraints": {
+ "dependencies": [
+ {
+ "packName": "kubernetes",
+ "layer": "k8s",
+ "minVersion": "1.27",
+ "maxVersion": "",
+ "type": "optional"
+ }
+ ],
+ "resources": [
+ {
+ "type": "cpu",
+ "minLimit": 100
+ },
+ {
+ "type": "memory",
+ "minLimit": 150
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/packs/elastic-operator-3.2.0/values.yaml b/packs/elastic-operator-3.2.0/values.yaml
new file mode 100644
index 00000000..60157b76
--- /dev/null
+++ b/packs/elastic-operator-3.2.0/values.yaml
@@ -0,0 +1,395 @@
+# Default values for eck-elastic-operator
+# This is a YAML-formatted file
+pack:
+ content:
+ images:
+ - image: docker.elastic.co/eck/eck-operator:3.2.0
+
+ charts:
+ - repo: https://helm.elastic.co/
+ name: eck-operator
+ version: 3.2.0
+ #The namespace (on the target cluster) to install this chart
+ #When not found, a new namespace will be created
+ namespace: "elastic-operator"
+
+charts:
+ eck-operator:
+ # nameOverride is the short name for the deployment. Leave empty to let Helm generate a name using chart values.
+ nameOverride: "elastic-operator"
+
+ # fullnameOverride is the full name for the deployment. Leave empty to let Helm generate a name using chart values.
+ fullnameOverride: "elastic-operator"
+
+ # managedNamespaces is the set of namespaces that the operator manages. Leave empty to manage all namespaces.
+ managedNamespaces: []
+
+ # installCRDs determines whether Custom Resource Definitions (CRD) are installed by the chart.
+ # Note that CRDs are global resources and require cluster admin privileges to install.
+ # If you are sharing a cluster with other users who may want to install ECK on their own namespaces, setting this to true can have unintended consequences.
+ # 1. Upgrades will overwrite the global CRDs and could disrupt the other users of ECK who may be running a different version.
+ # 2. Uninstalling the chart will delete the CRDs and potentially cause Elastic resources deployed by other users to be removed as well.
+ installCRDs: true
+
+ # replicaCount is the number of operator pods to run.
+ replicaCount: 1
+
+ image:
+ # repository is the container image prefixed by the registry name.
+ repository: docker.elastic.co/eck/eck-operator
+ # pullPolicy is the container image pull policy.
+ pullPolicy: IfNotPresent
+ # tag is the container image tag. If not defined, defaults to chart appVersion.
+ tag: null
+ # fips specifies whether the operator will use a FIPS compliant container image for its own StatefulSet image.
+ # This setting does not apply to Elastic Stack applications images.
+ # Can be combined with config.ubiOnly.
+ fips: false
+
+ # priorityClassName defines the PriorityClass to be used by the operator pods.
+ priorityClassName: ""
+
+ # imagePullSecrets defines the secrets to use when pulling the operator container image.
+ imagePullSecrets: []
+
+ # resources define the container resource limits for the operator.
+ resources:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+
+ # statefulsetAnnotations define the annotations that should be added to the operator StatefulSet.
+ statefulsetAnnotations: {}
+
+ # statefulsetLabels define additional labels that should be added to the operator StatefulSet.
+ statefulsetLabels: {}
+
+ # podAnnotations define the annotations that should be added to the operator pod.
+ podAnnotations: {}
+
+ ## podLabels define additional labels that should be added to the operator pod.
+ podLabels: {}
+
+ # podSecurityContext defines the pod security context for the operator pod.
+ podSecurityContext:
+ runAsNonRoot: true
+
+ # securityContext defines the security context of the operator container.
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+
+ # nodeSelector defines the node selector for the operator pod.
+ nodeSelector: {}
+
+ # tolerations defines the node tolerations for the operator pod.
+ tolerations: []
+
+ # affinity defines the node affinity rules for the operator pod.
+ affinity: {}
+
+ # podDisruptionBudget configures the minimum or the maxium available pods for voluntary disruptions,
+ # set to either an integer (e.g. 1) or a percentage value (e.g. 25%).
+ podDisruptionBudget:
+ enabled: false
+ minAvailable: 1
+ # maxUnavailable: 3
+
+ # additional environment variables for the operator container.
+ env: []
+
+ # additional volume mounts for the operator container.
+ volumeMounts: []
+
+ # additional volumes to add to the operator pod.
+ volumes: []
+
+ # createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created.
+ createClusterScopedResources: true
+
+ # Automount API credentials for the Service Account into the pod.
+ automountServiceAccountToken: true
+
+ serviceAccount:
+ # create specifies whether a service account should be created for the operator.
+ create: true
+ # Specifies whether a service account should automount API credentials.
+ automountServiceAccountToken: true
+ # annotations to add to the service account
+ annotations: {}
+ # name of the service account to use. If not set and create is true, a name is generated using the fullname template.
+ name: ""
+
+ tracing:
+ # enabled specifies whether APM tracing is enabled for the operator.
+ enabled: false
+ # config is a map of APM Server configuration variables that should be set in the environment.
+ config:
+ ELASTIC_APM_SERVER_URL: http://localhost:8200
+ ELASTIC_APM_SERVER_TIMEOUT: 30s
+
+ refs:
+ # enforceRBAC specifies whether RBAC should be enforced for cross-namespace associations between resources.
+ enforceRBAC: false
+
+ webhook:
+ # enabled determines whether the webhook is installed.
+ enabled: true
+ # caBundle is the PEM-encoded CA trust bundle for the webhook certificate. Only required if manageCerts is false and certManagerCert is null.
+ caBundle: Cg==
+ # certManagerCert is the name of the cert-manager certificate to use with the webhook.
+ certManagerCert: null
+ # certsDir is the directory to mount the certificates.
+ certsDir: "/tmp/k8s-webhook-server/serving-certs"
+ # failurePolicy of the webhook.
+ failurePolicy: Ignore
+ # manageCerts determines whether the operator manages the webhook certificates automatically.
+ manageCerts: true
+ # namespaceSelector corresponds to the namespaceSelector property of the webhook.
+ # Setting this restricts the webhook to act only on objects submitted to namespaces that match the selector.
+ namespaceSelector: {}
+ # objectSelector corresponds to the objectSelector property of the webhook.
+ # Setting this restricts the webhook to act only on objects that match the selector.
+ objectSelector: {}
+ # port is the port that the validating webhook binds to.
+ port: 9443
+ # secret specifies the Kubernetes secret to be mounted into the path designated by the certsDir value to be used for webhook certificates.
+ certsSecret: ""
+
+ # hostNetwork allows a Pod to use the Node network namespace.
+ # This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled.
+ # If hostNetwork is enabled, dnsPolicy defaults to ClusterFirstWithHostNet unless explicitly set.
+ # CAUTION: Proceed at your own risk. This setting has security concerns such as allowing malicious users to access workloads running on the host.
+ hostNetwork: false
+
+ # dnsPolicy defines the DNS policy for the operator pod.
+ # Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy for more details.
+ dnsPolicy: ""
+
+ # dnsConfig defines the DNS configuration for the operator pod.
+ # Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for more details.
+ # dnsConfig:
+ # nameservers:
+ # - 169.254.20.10
+ # searches:
+ # - svc.cluster.local
+ # options:
+ # - name: ndots
+ # value: "2"
+ dnsConfig: {}
+
+ softMultiTenancy:
+ # enabled determines whether the operator is installed with soft multi-tenancy extensions.
+ # This requires network policies to be enabled on the Kubernetes cluster.
+ enabled: false
+
+ # kubeAPIServerIP is required when softMultiTenancy is enabled.
+ kubeAPIServerIP: null
+
+ telemetry:
+ # disabled determines whether the operator periodically updates ECK telemetry data for Kibana to consume.
+ disabled: false
+ # distributionChannel denotes which distribution channel was used to install the operator.
+ distributionChannel: "helm"
+
+ # config values for the operator.
+ config:
+ # logVerbosity defines the logging level. Valid values are as follows:
+ # -2: Errors only
+ # -1: Errors and warnings
+ # 0: Errors, warnings, and information
+ # number greater than 0: Errors, warnings, information, and debug details.
+ logVerbosity: "0"
+
+ # (Deprecated: use metrics.port: will be removed in v2.14.0) metricsPort defines the port to expose operator metrics. Set to 0 to disable metrics reporting.
+ metricsPort: 0
+
+ metrics:
+ # port defines the port to expose operator metrics. Set to 0 to disable metrics reporting.
+ port: "0"
+ # secureMode contains the options for enabling and configuring RBAC and TLS/HTTPs for the metrics endpoint.
+ secureMode:
+ # secureMode.enabled specifies whether to enable RBAC and TLS/HTTPs for the metrics endpoint.
+ # * This option makes most sense when using a ServiceMonitor to scrape the metrics and is therefore mutually exclusive with the podMonitor.enabled option.
+ # * This option also requires using cluster scoped resources (ClusterRole, ClusterRoleBinding) to
+ # grant access to the /metrics endpoint. (createClusterScopedResources: true is required)
+ #
+ enabled: false
+ tls:
+ # certificateSecret is the name of the tls secret containing the custom TLS certificate and key for the secure metrics endpoint.
+ #
+ # * This is an optional setting and is only required if you are using a custom TLS certificate. A self-signed certificate will be generated by default.
+ # * TLS secret key must be named tls.crt.
+ # * TLS key's secret key must be named tls.key.
+ # * It is assumed to be in the same namespace as the ServiceMonitor.
+ #
+ # example: kubectl create secret tls eck-metrics-tls-certificate -n elastic-system \
+ # --cert=/path/to/tls.crt --key=/path/to/tls.key
+ certificateSecret: ""
+
+ # containerRegistry to use for pulling Elasticsearch and other application container images.
+ containerRegistry: docker.elastic.co
+
+ # containerRepository to use for pulling Elasticsearch and other application container images.
+ # containerRepository: ""
+
+ # containerSuffix suffix to be appended to container images by default. Cannot be combined with -ubiOnly flag
+ # containerSuffix: ""
+
+ # maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller.
+ maxConcurrentReconciles: "3"
+
+ # caValidity defines the validity period of the CA certificates generated by the operator.
+ caValidity: 8760h
+
+ # caRotateBefore defines when to rotate a CA certificate that is due to expire.
+ caRotateBefore: 24h
+
+ # caDir defines the directory containing a CA certificate (tls.crt) and its associated private key (tls.key) to be used for all managed resources.
+ # Setting this makes caRotateBefore and caValidity values ineffective.
+ caDir: ""
+
+ # certificatesValidity defines the validity period of certificates generated by the operator.
+ certificatesValidity: 8760h
+
+ # certificatesRotateBefore defines when to rotate a certificate that is due to expire.
+ certificatesRotateBefore: 24h
+
+ # disableConfigWatch specifies whether the operator watches the configuration file for changes.
+ disableConfigWatch: false
+
+ # exposedNodeLabels is an array of regular expressions of node labels which are allowed to be copied as annotations on Elasticsearch Pods.
+ exposedNodeLabels:
+ ["topology.kubernetes.io/.*", "failure-domain.beta.kubernetes.io/.*"]
+
+ # ipFamily specifies the IP family to use. Possible values: IPv4, IPv6 and "" (auto-detect)
+ ipFamily: ""
+
+ # setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator.
+ # *note* that the default option now is "auto-detect" to attempt to set this properly automatically when both running
+ # in an openshift cluster, and a standard kubernetes cluster. Valid values are as follows:
+ # "auto-detect" : auto detect
+ # "true" : set pod security context when creating resources.
+ # "false" : do not set pod security context when creating resources.
+ setDefaultSecurityContext: "auto-detect"
+
+ # kubeClientTimeout sets the request timeout for Kubernetes API calls made by the operator.
+ kubeClientTimeout: 60s
+
+ # elasticsearchClientTimeout sets the request timeout for Elasticsearch API calls made by the operator.
+ elasticsearchClientTimeout: 180s
+
+ # policies contains policies for the operator, currently only password generation policies are supported.
+ policies: {}
+ # passwords:
+ # length: 24
+
+ # validateStorageClass specifies whether storage classes volume expansion support should be verified.
+ # Can be disabled if cluster-wide storage class RBAC access is not available.
+ validateStorageClass: true
+
+ # enableLeaderElection specifies whether leader election should be enabled
+ enableLeaderElection: true
+
+ # Interval between observations of Elasticsearch health, non-positive values disable asynchronous observation.
+ elasticsearchObservationInterval: 10s
+
+ # ubiOnly specifies whether the operator will use only UBI container images to deploy Elastic Stack applications as well as for its own StatefulSet image. UBI images are only available from 7.10.0 onward.
+ # Cannot be combined with the containerSuffix value.
+ ubiOnly: false
+
+ # Prometheus PodMonitor configuration
+ # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor
+ podMonitor:
+ # enabled determines whether a podMonitor should deployed to scrape the eck metrics.
+ # This requires the prometheus operator and the config.metrics.port not to be 0
+ enabled: false
+
+ # labels adds additional labels to the podMonitor
+ labels: {}
+
+ # annotations adds additional annotations to the podMonitor
+ annotations: {}
+
+ # namespace determines in which namespace the podMonitor will be deployed.
+ # If not set the podMonitor will be created in the namespace where the Helm release is installed into
+ # namespace: monitoring
+
+ # interval specifies the interval at which metrics should be scraped
+ interval: 5m
+
+ # scrapeTimeout specifies the timeout after which the scrape is ended
+ scrapeTimeout: 30s
+
+ # podTargetLabels transfers labels on the Kubernetes Pod onto the target.
+ podTargetLabels: []
+
+ # podMetricsEndpointConfig allows to add an extended configuration to the podMonitor
+ podMetricsEndpointConfig: {}
+ # honorTimestamps: true
+
+ # Prometheus ServiceMonitor configuration
+ # Only used when config.enableSecureMetrics is true
+ # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#servicemonitor
+ serviceMonitor:
+ # This option requires the following settings within Prometheus to function:
+ # 1. RBAC settings for the Prometheus instance to access the metrics endpoint.
+ #
+ # - nonResourceURLs:
+ # - /metrics
+ # verbs:
+ # - get
+ #
+ # 2. If using the Prometheus Operator and your Prometheus instance is not in the same namespace as the operator you will need
+ # the Prometheus Operator configured with the following Helm values:
+ #
+ # prometheus:
+ # prometheusSpec:
+ # serviceMonitorNamespaceSelector: {}
+ # serviceMonitorSelectorNilUsesHelmValues: false
+ #
+ # allows to disable the serviceMonitor, enabled by default for backwards compatibility
+ enabled: true
+ # namespace determines in which namespace the serviceMonitor will be deployed.
+ # If not set the serviceMonitor will be created in the namespace where the Helm release is installed into
+ # namespace: monitoring
+ # caSecret is the name of the secret containing the custom CA certificate used to generate the custom TLS certificate for the secure metrics endpoint.
+ #
+ # * This *must* be the name of the secret containing the CA certificate used to sign the custom TLS certificate for the metrics endpoint.
+ # * This secret *must* be in the same namespace as the Prometheus instance that will scrape the metrics.
+ # * If using the Prometheus operator this secret must be within the `spec.secrets` field of the `Prometheus` custom resource such that it is mounted into the Prometheus pod at `caMountDirectory`, which defaults to /etc/prometheus/secrets/{secret-name}.
+ # * This is an optional setting and is only required if you are using a custom TLS certificate.
+ # * Key must be named ca.crt.
+ #
+ # example: kubectl create secret generic eck-metrics-tls-ca -n monitoring \
+ # --from-file=ca.crt=/path/to/ca.pem
+ caSecret: ""
+ # caMountDirectory is the directory at which the CA certificate is mounted within the Prometheus pod.
+ #
+ # * You should only need to adjust this if you are *not* using the Prometheus operator.
+ caMountDirectory: "/etc/prometheus/secrets/"
+ # insecureSkipVerify specifies whether to skip verification of the TLS certificate for the secure metrics endpoint.
+ #
+ # * If this setting is set to false, then the following settings are required:
+ # - certificateSecret
+ # - caSecret
+ insecureSkipVerify: true
+
+ # Globals meant for internal use only
+ global:
+ # manifestGen specifies whether the chart is running under manifest generator.
+ # This is used for tasks specific to generating the all-in-one.yaml file.
+ manifestGen: false
+ # createOperatorNamespace defines whether the operator namespace manifest should be generated when in manifestGen mode.
+ # Usually we do want that to happen (e.g. all-in-one.yaml) but, sometimes we don't (e.g. E2E tests).
+ createOperatorNamespace: true
+ # kubeVersion is the effective Kubernetes version we target when generating the all-in-one.yaml.
+ kubeVersion: 1.21.0
+
diff --git a/packs/elastic-stack-0.16.0/README.md b/packs/elastic-stack-0.16.0/README.md
new file mode 100644
index 00000000..e14e757b
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/README.md
@@ -0,0 +1,63 @@
+# Elastic Cloud on Kubernetes (ECK)
+
+Elastic Cloud on Kubernetes automates the deployment, provisioning, management, and orchestration of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes based on the operator pattern.
+
+Current features:
+
+* Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats deployments
+* TLS Certificates management
+* Safe Elasticsearch cluster configuration & topology changes
+* Persistent volumes usage
+* Custom node configuration and attributes
+* Secure settings keystore updates
+
+Supported versions:
+
+* Kubernetes 1.25-1.29
+* Elasticsearch, Kibana, APM Server: 6.8+, 7.1+, 8+, 9+
+* Enterprise Search: 7.7+, 8+
+* Beats: 7.0+, 8+, 9+
+* Elastic Agent: 7.10+ (standalone), 7.14+, 8+ (Fleet), 9+
+* Elastic Maps Server: 7.11+, 8+
+* Logstash 8.7+, 9+
+
+Check the [Quickstart](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html) to deploy your first cluster with ECK.
+
+For general questions, please see the Elastic [forums](https://discuss.elastic.co/c/eck).
+
+# ECK-Stack
+
+ECK Stack is a Helm chart to assist in the deployment of Elastic Stack components, which are
+managed by the [ECK Operator](https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html)
+
+## Supported Elastic Stack Resources
+
+The following Elastic Stack resources are currently supported.
+
+- Elasticsearch
+- Kibana
+- Elastic Agent
+- Fleet Server
+- Beats
+- Logstash
+- APM Server
+
+Additional resources will be supported in future releases of this Helm Chart.
+
+## Prerequisites
+
+- Kubernetes 1.27+
+- Elastic ECK Operator
+
+## Configuration
+
+The following table lists the configurable parameters of the eck-stack chart and their default values.
+
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
+| `eck-elasticsearch.enabled` | If `true`, create an Elasticsearch resource (using the eck-elasticsearch Chart) | `true` |
+| `eck-kibana.enabled` | If `true`, create a Kibana resource (using the eck-kibana Chart) | `true` |
+| `eck-agent.enabled` | If `true`, create an Elastic Agent resource (using the eck-agent Chart) | `false` |
+| `eck-fleet-server.enabled` | If `true`, create a Fleet Server resource (using the eck-fleet-server Chart) | `false` |
+| `eck-logstash.enabled` | If `true`, create a Logstash resource (using the eck-logstash Chart) | `false` |
+| `eck-apm-server.enabled` | If `true`, create a standalone Elastic APM Server resource (using the eck-apm-server Chart) | `false` |
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack-0.16.0.tgz b/packs/elastic-stack-0.16.0/charts/eck-stack-0.16.0.tgz
new file mode 100644
index 00000000..d04fe9ed
Binary files /dev/null and b/packs/elastic-stack-0.16.0/charts/eck-stack-0.16.0.tgz differ
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/.helmignore b/packs/elastic-stack-0.16.0/charts/eck-stack/.helmignore
new file mode 100644
index 00000000..9e40bf01
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/.helmignore
@@ -0,0 +1,25 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
+charts/*/templates/tests
\ No newline at end of file
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/Chart.lock b/packs/elastic-stack-0.16.0/charts/eck-stack/Chart.lock
new file mode 100644
index 00000000..5a4e3fb6
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/Chart.lock
@@ -0,0 +1,27 @@
+dependencies:
+- name: eck-elasticsearch
+ repository: ""
+ version: 0.16.0
+- name: eck-kibana
+ repository: ""
+ version: 0.16.0
+- name: eck-agent
+ repository: ""
+ version: 0.16.0
+- name: eck-fleet-server
+ repository: ""
+ version: 0.16.0
+- name: eck-beats
+ repository: ""
+ version: 0.16.0
+- name: eck-logstash
+ repository: ""
+ version: 0.16.0
+- name: eck-apm-server
+ repository: ""
+ version: 0.16.0
+- name: eck-enterprise-search
+ repository: ""
+ version: 0.16.0
+digest: sha256:e6edc40e5df5c9df93965f52c5cce6ef9a2ae3a6d71750bc522632c7731c4957
+generated: "2025-07-29T14:57:40.491351384Z"
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/Chart.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/Chart.yaml
new file mode 100644
index 00000000..e3311be4
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/Chart.yaml
@@ -0,0 +1,39 @@
+apiVersion: v2
+dependencies:
+- condition: eck-elasticsearch.enabled
+ name: eck-elasticsearch
+ repository: ""
+ version: 0.16.0
+- condition: eck-kibana.enabled
+ name: eck-kibana
+ repository: ""
+ version: 0.16.0
+- condition: eck-agent.enabled
+ name: eck-agent
+ repository: ""
+ version: 0.16.0
+- condition: eck-fleet-server.enabled
+ name: eck-fleet-server
+ repository: ""
+ version: 0.16.0
+- condition: eck-beats.enabled
+ name: eck-beats
+ repository: ""
+ version: 0.16.0
+- condition: eck-logstash.enabled
+ name: eck-logstash
+ repository: ""
+ version: 0.16.0
+- condition: eck-apm-server.enabled
+ name: eck-apm-server
+ repository: ""
+ version: 0.16.0
+- condition: eck-enterprise-search.enabled
+ name: eck-enterprise-search
+ repository: ""
+ version: 0.16.0
+description: Elastic Stack managed by the ECK Operator
+kubeVersion: '>= 1.21.0-0'
+name: eck-stack
+type: application
+version: 0.16.0
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/README.md b/packs/elastic-stack-0.16.0/charts/eck-stack/README.md
new file mode 100644
index 00000000..f301bd12
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/README.md
@@ -0,0 +1,93 @@
+# ECK-Stack
+
+ECK Stack is a Helm chart to assist in the deployment of Elastic Stack components, which are
+managed by the [ECK Operator](https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html)
+
+## Supported Elastic Stack Resources
+
+The following Elastic Stack resources are currently supported.
+
+- Elasticsearch
+- Kibana
+- Elastic Agent
+- Fleet Server
+- Beats
+- Logstash
+- APM Server
+
+Additional resources will be supported in future releases of this Helm Chart.
+
+## Prerequisites
+
+- Kubernetes 1.21+
+- Elastic ECK Operator
+
+## Installing the Chart
+
+### Installing the ECK Operator
+
+Before using this chart, the Elastic ECK Operator is required to be installed within the Kubernetes cluster.
+Full installation instructions can be found within [our documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-installing-eck.html)
+
+To install the ECK Operator using Helm.
+
+```sh
+# Add the Elastic Helm Repository
+helm repo add elastic https://helm.elastic.co && helm repo update
+
+# Install the ECK Operator cluster-wide
+helm install elastic-operator elastic/eck-operator -n elastic-system --create-namespace
+```
+
+Additional ECK Operator Helm installation options can be found within [our documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html)
+
+### Installing the ECK Stack Chart
+
+The following will install the ECK-Stack chart using the default values, which will deploy an Elasticsearch [Quickstart Cluster](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-elasticsearch.html), and a Kibana [Quickstart Instance](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-kibana.html)
+
+```sh
+# Add the Elastic Helm Repository
+helm repo add elastic https://helm.elastic.co && helm repo update
+
+# Install the ECK-Stack helm chart
+# This will setup a 'quickstart' Elasticsearch and Kibana resource in the 'elastic-stack' namespace
+helm install my-release elastic/eck-stack -n elastic-stack --create-namespace
+```
+
+More information on the different ways to use the ECK Stack chart to deploy Elastic Stack resources
+can be found in [our documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html).
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment from the 'elastic-stack' namespace:
+
+```console
+helm delete my-release -n elastic-stack
+```
+
+The command removes all the Elastic Stack resources associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the eck-stack chart and their default values.
+
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
+| `eck-elasticsearch.enabled` | If `true`, create an Elasticsearch resource (using the eck-elasticsearch Chart) | `true` |
+| `eck-kibana.enabled` | If `true`, create a Kibana resource (using the eck-kibana Chart) | `true` |
+| `eck-agent.enabled` | If `true`, create an Elastic Agent resource (using the eck-agent Chart) | `false` |
+| `eck-fleet-server.enabled` | If `true`, create a Fleet Server resource (using the eck-fleet-server Chart) | `false` |
+| `eck-logstash.enabled` | If `true`, create a Logstash resource (using the eck-logstash Chart) | `false` |
+| `eck-apm-server.enabled` | If `true`, create a standalone Elastic APM Server resource (using the eck-apm-server Chart) | `false` |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+helm install my-release -f values.yaml .
+```
+
+## Contributing
+
+This chart is maintained at [github.com/elastic/cloud-on-k8s](https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-stack).
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/.helmignore b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/Chart.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/Chart.yaml
new file mode 100644
index 00000000..575bc991
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Elastic Agent managed by the ECK operator
+icon: https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt77c2da6e0198746e/620ac24e6662ca0a6f617114/icon-agent-32-color.svg
+kubeVersion: '>= 1.21.0-0'
+name: eck-agent
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/elastic-agent
+type: application
+version: 0.16.0
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/LICENSE b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/examples/fleet-agents.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/examples/fleet-agents.yaml
new file mode 100644
index 00000000..e6a38293
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/examples/fleet-agents.yaml
@@ -0,0 +1,24 @@
+# The following example should only be used in conjunction with the 'eck-fleet-server' Helm Chart,
+# and shows how the Agents can be deployed as a daemonset, and controlled by Fleet Server.
+#
+version: 9.1.0
+
+# This must match the name of an Agent policy.
+policyID: eck-agent
+# This must match the name of the fleet server installed from eck-fleet-server chart.
+fleetServerRef:
+ name: eck-fleet-server
+kibanaRef:
+ name: eck-kibana
+mode: fleet
+# elasticsearchRefs must be empty when fleet mode is enabled.
+elasticsearchRefs: []
+daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: elastic-agent
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ automountServiceAccountToken: true
+ securityContext:
+ runAsUser: 0
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/examples/system-integration.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/examples/system-integration.yaml
new file mode 100644
index 00000000..b88d59b0
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/examples/system-integration.yaml
@@ -0,0 +1,133 @@
+# The following example should only be used in Agent "standalone" mode,
+# and should not be used when Agent is used with Fleet Server.
+#
+version: 9.1.0
+elasticsearchRefs:
+- name: eck-elasticsearch
+daemonSet:
+ podTemplate:
+ spec:
+ containers:
+ - name: agent
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: agent-data
+ mountPath: /usr/share/elastic-agent/data/elastic-agent-08e204/run
+config:
+ id: 488e0b80-3634-11eb-8208-57893829af4e
+ revision: 2
+ agent:
+ monitoring:
+ enabled: true
+ use_output: default
+ logs: true
+ metrics: true
+ inputs:
+ - id: 4917ade0-3634-11eb-8208-57893829af4e
+ name: system-1
+ revision: 1
+ type: system/metrics
+ use_output: default
+ meta:
+ package:
+ name: system
+ version: 9.1.0
+ data_stream:
+ namespace: default
+ streams:
+ - id: system/metrics-system.cpu
+ data_stream:
+ dataset: system.cpu
+ type: metrics
+ metricsets:
+ - cpu
+ cpu.metrics:
+ - percentages
+ - normalized_percentages
+ period: 10s
+ - id: system/metrics-system.diskio
+ data_stream:
+ dataset: system.diskio
+ type: metrics
+ metricsets:
+ - diskio
+ diskio.include_devices: null
+ period: 10s
+ - id: system/metrics-system.filesystem
+ data_stream:
+ dataset: system.filesystem
+ type: metrics
+ metricsets:
+ - filesystem
+ period: 1m
+ processors:
+ - drop_event.when.regexp:
+ system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)
+ - id: system/metrics-system.fsstat
+ data_stream:
+ dataset: system.fsstat
+ type: metrics
+ metricsets:
+ - fsstat
+ period: 1m
+ processors:
+ - drop_event.when.regexp:
+ system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)
+ - id: system/metrics-system.load
+ data_stream:
+ dataset: system.load
+ type: metrics
+ metricsets:
+ - load
+ period: 10s
+ - id: system/metrics-system.memory
+ data_stream:
+ dataset: system.memory
+ type: metrics
+ metricsets:
+ - memory
+ period: 10s
+ - id: system/metrics-system.network
+ data_stream:
+ dataset: system.network
+ type: metrics
+ metricsets:
+ - network
+ period: 10s
+ network.interfaces: null
+ - id: system/metrics-system.process
+ data_stream:
+ dataset: system.process
+ type: metrics
+ metricsets:
+ - process
+ period: 10s
+ process.include_top_n.by_cpu: 5
+ process.include_top_n.by_memory: 5
+ process.cmdline.cache.enabled: true
+ process.cgroups.enabled: false
+ process.include_cpu_ticks: false
+ processes:
+ - .*
+ - id: system/metrics-system.process_summary
+ data_stream:
+ dataset: system.process_summary
+ type: metrics
+ metricsets:
+ - process_summary
+ period: 10s
+ - id: system/metrics-system.socket_summary
+ data_stream:
+ dataset: system.socket_summary
+ type: metrics
+ metricsets:
+ - socket_summary
+ period: 10s
+ - id: system/metrics-system.uptime
+ data_stream:
+ dataset: system.uptime
+ type: metrics
+ metricsets:
+ - uptime
+ period: 10s
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/NOTES.txt b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/NOTES.txt
new file mode 100644
index 00000000..cfd41883
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Elastic Agent status
+ $ kubectl get agent {{ include "elasticagent.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Elastic Agent pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l agent.k8s.elastic.co/name={{ include "elasticagent.fullname" . }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/_helpers.tpl b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/_helpers.tpl
new file mode 100644
index 00000000..748ca7dd
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "elasticagent.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "elasticagent.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "elasticagent.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "elasticagent.labels" -}}
+helm.sh/chart: {{ include "elasticagent.chart" . }}
+{{ include "elasticagent.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "elasticagent.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "elasticagent.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/cluster-role-binding.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/cluster-role-binding.yaml
new file mode 100644
index 00000000..762a59dc
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/cluster-role-binding.yaml
@@ -0,0 +1,33 @@
+{{- with .Values.clusterRoleBinding }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "elasticagent.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- with .subjects }}
+subjects:
+{{- range . }}
+ - kind: {{ .kind }}
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+{{- end }}
+{{- end }}
+roleRef:
+ kind: {{ .roleRef.kind }}
+ name: {{ .roleRef.name }}
+ apiGroup: {{ .roleRef.apiGroup }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/cluster-role.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/cluster-role.yaml
new file mode 100644
index 00000000..5d97ec7a
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/cluster-role.yaml
@@ -0,0 +1,22 @@
+{{- with .Values.clusterRole }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "elasticagent.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+rules: {{- toYaml .rules | nindent 2 }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/elastic-agent.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/elastic-agent.yaml
new file mode 100644
index 00000000..9017e5bb
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/elastic-agent.yaml
@@ -0,0 +1,89 @@
+---
+apiVersion: agent.k8s.elastic.co/v1alpha1
+kind: Agent
+metadata:
+ name: {{ include "elasticagent.fullname" . }}
+ labels:
+ {{- include "elasticagent.labels" $ | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "An Elastic Agent version is required" (or ((.Values.spec).version) (.Values.version)) }}
+ {{- $daemonSet := (or (hasKey (.Values.spec) "daemonSet") (hasKey .Values "daemonSet")) }}
+ {{- $deployment := (or (hasKey (.Values.spec) "deployment") (hasKey .Values "deployment")) }}
+ {{- $statefulSet := (or (hasKey (.Values.spec) "statefulSet") (hasKey .Values "statefulSet")) }}
+ {{- if and (not $daemonSet) (not $deployment) (not $statefulSet) }}
+ {{ fail "At least one of daemonSet, deployment or statefulSet is required" }}
+ {{- end }}
+ {{- if $daemonSet }}
+ {{- $ds := or ((.Values.spec).daemonSet) (.Values.daemonSet) }}
+ daemonSet:
+ {{- /* This is required to render the empty daemonset ( {} ) properly */}}
+ {{- $ds | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- if $deployment }}
+ {{- $deploy := or ((.Values.spec).deployment) (.Values.deployment) }}
+ deployment:
+ {{- /* This is required to render the empty deployment ( {} ) properly */}}
+ {{- $deploy | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- if $statefulSet }}
+ {{- $sts := or ((.Values.spec).statefulSet) (.Values.statefulSet) }}
+ statefulSet:
+ {{- /* This is required to render the empty statefulSet ( {} ) properly */}}
+ {{- $sts | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).image) (.Values.image) }}
+ image: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).elasticsearchRefs) (.Values.elasticsearchRefs) }}
+ elasticsearchRefs:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).kibanaRef) (.Values.kibanaRef) }}
+ kibanaRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).fleetServerRef) (.Values.fleetServerRef) }}
+ fleetServerRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- $config := or ((.Values.spec).config) (.Values.config) }}
+ {{- $configRef := or ((.Values.spec).configRef) (.Values.configRef) }}
+ {{- if and $config $configRef }}
+ {{ fail "Only one of config and configRef can be specified" }}
+ {{- end }}
+ {{- with $config }}
+ config:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with $configRef }}
+ configRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).mode) (.Values.mode) }}
+ mode: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).fleetServerEnabled) (.Values.fleetServerEnabled) }}
+ fleetServerEnabled: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).http) (.Values.http) }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).policyID) (.Values.policyID) }}
+ policyID: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).secureSettings) (.Values.secureSettings) }}
+ secureSettings:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).revisionHistoryLimit) (.Values.revisionHistoryLimit) }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with or (((.Values.spec).serviceAccount).name) ((.Values.serviceAccount).name) }}
+ serviceAccountName: {{ . }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/service-account.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/service-account.yaml
new file mode 100644
index 00000000..e8bdf0b5
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/templates/service-account.yaml
@@ -0,0 +1,22 @@
+{{- with .Values.serviceAccount }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+ labels:
+ {{- include "elasticagent.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/values.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/values.yaml
new file mode 100644
index 00000000..244aed9b
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-agent/values.yaml
@@ -0,0 +1,245 @@
+---
+# Default values for eck-agent.
+# This is a YAML-formatted file.
+
+# Overridable names of the Elastic Agent resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-agent'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Fleet Agent resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Elastic Agent.
+#
+version: 9.1.0
+
+# Labels that will be applied to Elastic Agent.
+#
+labels: {}
+
+# Annotations that will be applied to Elastic Agent.
+#
+annotations: {}
+
+# Elastic Agent image to deploy.
+#
+# image: docker.elastic.co/beats/elastic-agent:9.1.0
+
+# ** Deprecation Notice **
+# The previous versions of this Helm Chart simply used the `spec` field here
+# and allowed the user to specify any fields below `spec` that were templated directly
+# into the final Kibana manifest. This is no longer the preferred way to specify these
+# fields and each field that is supported underneath `spec` is now directly specified
+# in this values file. Currently both patterns are supported for backwards compatibility
+# but we plan to remove the `spec` field in the future.
+# spec: {}
+
+# Referenced resources are below and depending on the setup, at least one is required for a functional Agent.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-setting-referenced-resources
+#
+# Reference to ECK-managed Kibana instance.
+#
+# kibanaRef:
+# name: quickstart
+ # Optional namespace reference to Kibana instance.
+ # If not specified, then the namespace of the Agent instance
+ # will be assumed.
+ #
+ # namespace: default
+
+# Reference to ECK-managed Elasticsearch instance.
+#
+elasticsearchRefs:
+- name: eck-elasticsearch
+ # Optional namespace reference to Elasticsearch instance.
+ # If not specified, then the namespace of the Agent instance
+ # will be assumed.
+ #
+ # namespace: default
+
+# Reference to ECK-managed Fleet Server instance.
+#
+# fleetServerRef:
+# name: eck-fleet-server
+ # Optional namespace reference to Fleet Server instance.
+ # If not specified, then the namespace of the Agent instance
+ # will be assumed.
+ #
+ # namespace: default
+
+# The Elastic Agent configuration, the ECK equivalent to agent.yml
+# NOTE: The `config` and `configRef` fields are mutually exclusive. Only one of them should be defined at a time,
+# as using both may cause conflicts.
+#
+# Configuration of Agent, specifically used in Agent standalone mode.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-configuration.html
+#
+config: null
+
+# Reference a configuration in a Secret.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-configuration.html
+#
+# configRef:
+# secretName: ""
+
+# The mode of Agent to use. Only set to "fleet" when Fleet Server is enabled.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-fleet-mode-and-fleet-server
+#
+# mode: "fleet"
+
+# fleetServerEnabled determines whether the Agent will be run as the Fleet Server.
+#
+# NOTE: Both `mode: fleet` and `fleetServerEnabled: true` need to be set for Fleet Server to be enabled.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-fleet-mode-and-fleet-server
+#
+fleetServerEnabled: false
+
+# The HTTP layer configuration for the Fleet Server Service.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-customize-fleet-server-service
+#
+# http:
+
+# policyID determines into which Agent Policy this Agent will be enrolled.
+# policyID: eck-agent
+
+# DaemonSet, StatefulSet, or Deployment specification for Agent.
+# At least one is required of [daemonSet, deployment, statefulSet].
+# No default is currently set, refer to https://github.com/elastic/cloud-on-k8s/issues/7429.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-chose-the-deployment-model
+#
+# deployment:
+# podTemplate:
+# spec:
+# containers:
+# - name: agent
+# securityContext:
+# runAsUser: 0
+# daemonSet:
+# podTemplate:
+# spec:
+# containers:
+# - name: agent
+# securityContext:
+# runAsUser: 0
+# statefulSet:
+# podTemplate:
+# spec:
+# containers:
+# - name: agent
+# securityContext:
+# runAsUser: 0
+
+# SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for Elastic Agent.
+secureSettings: []
+# - secretName: my-secret-with-secure-settings
+
+# Number of revisions to retain to allow rollback in the underlying Deployment.
+# If not set Kubernetes sets this to 10 by default.
+#
+# revisionHistoryLimit: 2
+
+# ServiceAccount to be used by Elastic Agent. Some Elastic Agent features, such as the Kubernetes integration,
+# require that Agent Pods interact with Kubernetes APIs. This functionality requires specific permissions
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+serviceAccount:
+ name: elastic-agent
+ # { .Release.Namespace } is used here by default, but can be specified.
+ # namespace: optional-namespace
+
+# ClusterRoleBinding to be used by Elastic Agent. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+clusterRoleBinding:
+ name: elastic-agent
+ subjects:
+ - kind: ServiceAccount
+ name: elastic-agent
+ # { .Release.Namespace } is used here by default, but can be specified.
+ # namespace: default
+ roleRef:
+ kind: ClusterRole
+ name: elastic-agent
+ apiGroup: rbac.authorization.k8s.io
+
+# ClusterRole to be used by Elastic Agent. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+clusterRole:
+ name: elastic-agent
+ rules:
+ - apiGroups: [""]
+ resources:
+ - pods
+ - nodes
+ - namespaces
+ - events
+ - services
+ - configmaps
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups: ["coordination.k8s.io"]
+ resources:
+ - leases
+ verbs:
+ - get
+ - create
+ - update
+ - nonResourceURLs:
+ - "/metrics"
+ verbs:
+ - get
+ - apiGroups: ["extensions"]
+ resources:
+ - replicasets
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
+ - apiGroups:
+ - "apps"
+ resources:
+ - statefulsets
+ - deployments
+ - replicasets
+ - daemonsets
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
+ - apiGroups:
+ - ""
+ resources:
+ - nodes/stats
+ verbs:
+ - get
+ - nonResourceURLs:
+ - "/metrics"
+ verbs:
+ - get
+ - apiGroups:
+ - "batch"
+ resources:
+ - jobs
+ - cronjobs
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
+ - apiGroups:
+ - "storage.k8s.io"
+ resources:
+ - storageclasses
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/.helmignore b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/Chart.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/Chart.yaml
new file mode 100644
index 00000000..89294a37
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Elastic APM Server managed by the ECK operator
+icon: https://helm.elastic.co/icons/apm.png
+kubeVersion: '>= 1.21.0-0'
+name: eck-apm-server
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/apm-server
+type: application
+version: 0.16.0
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/LICENSE b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/examples/jaeger-with-http-configuration.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/examples/jaeger-with-http-configuration.yaml
new file mode 100644
index 00000000..ba9251e1
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/examples/jaeger-with-http-configuration.yaml
@@ -0,0 +1,29 @@
+---
+# Version of APM Server.
+#
+version: 9.1.0
+
+# Count of APM Server replicas to create.
+#
+count: 1
+
+config:
+ name: elastic-apm
+ apm-server.jaeger.grpc.enabled: true
+ apm-server.jaeger.grpc.host: "0.0.0.0:14250"
+
+# Reference to ECK-managed Elasticsearch resource.
+#
+elasticsearchRef:
+ name: eck-elasticsearch
+http:
+ service:
+ spec:
+ ports:
+ - name: http
+ port: 8200
+ targetPort: 8200
+ - name: grpc
+ port: 14250
+ targetPort: 14250
+
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/templates/NOTES.txt b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/templates/NOTES.txt
new file mode 100644
index 00000000..42ab52cb
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check APM Server status
+ $ kubectl get apmserver {{ include "apm-server.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check APM Server pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l apm.k8s.elastic.co/name={{ include "apm-server.fullname" . }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/templates/_helpers.tpl b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/templates/_helpers.tpl
new file mode 100644
index 00000000..d06ca3f4
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "apm-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "apm-server.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "apm-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "apm-server.labels" -}}
+helm.sh/chart: {{ include "apm-server.chart" . }}
+{{ include "apm-server.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "apm-server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "apm-server.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/templates/apmserver.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/templates/apmserver.yaml
new file mode 100644
index 00000000..f3dd5ba9
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/templates/apmserver.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: apm.k8s.elastic.co/v1
+kind: ApmServer
+metadata:
+ name: {{ include "apm-server.fullname" . }}
+ labels:
+ {{- include "apm-server.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "An APM Server version is required" .Values.version }}
+ count: {{ required "A pod count is required" .Values.count }}
+ {{- with .Values.image }}
+ image: {{ . }}
+ {{- end }}
+ {{- with .Values.serviceAccountName }}
+ serviceAccountName: {{ . }}
+ {{- end }}
+ {{- with .Values.revisionHistoryLimit }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+
+ {{- with .Values.config }}
+ config:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.http }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.elasticsearchRef }}
+ elasticsearchRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.kibanaRef }}
+ kibanaRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.podTemplate }}
+ podTemplate:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.secureSettings }}
+ secureSettings:
+ {{- toYaml . | nindent 2 }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/values.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/values.yaml
new file mode 100644
index 00000000..f9cca517
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-apm-server/values.yaml
@@ -0,0 +1,97 @@
+---
+# Default values for eck-apm-server.
+# This is a YAML-formatted file.
+
+# Overridable names of the APM Server resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-apm-server'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the APM Server resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of APM Server.
+#
+version: 9.1.0
+
+# APM Server Docker image to deploy
+#
+# image:
+
+# Used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace.
+# Can only be used if ECK is enforcing RBAC on references.
+#
+# serviceAccountName: ""
+
+# Labels that will be applied to APM Server.
+#
+labels: {}
+
+# Annotations that will be applied to APM Server.
+#
+annotations: {}
+
+# Count of APM Server replicas to create.
+#
+count: 1
+
+# The APM Server configuration, the ECK equivalent to apm-server.yml
+# ref: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html
+#
+config: {}
+
+# Settings to control how APM Server will be accessed.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-accessing-elastic-services.html
+#
+http: {}
+ # service:
+ # metadata:
+ # labels:
+ # my-custom: label
+ # spec:
+ # ports:
+ # - name: http
+ # port: 8200
+ # targetPort: 8200
+
+# Reference to ECK-managed Elasticsearch resource.
+#
+elasticsearchRef: {}
+ # name: eck-elasticsearch
+ # Optional namespace reference to Elasticsearch resource.
+ # If not specified, then the namespace of the APM Server resource
+ # will be assumed.
+ #
+ # namespace: default
+
+# Optional reference to ECK-managed Kibana resource which allows ECK to
+# automatically configure the Kibana endpoint as described in
+# https://www.elastic.co/guide/en/apm/server/current/setup-kibana-endpoint.html
+#
+# kibanaRef:
+# name: eck-kibana
+# # Optional namespace reference to Kibana resource.
+# # If not specified, then the namespace of the APM Server resource
+# # will be assumed.
+# #
+# # namespace: default
+
+# Set podTemplate to customize the pod used by APM Server
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-customize-pods.html
+#
+podTemplate: {}
+
+# Number of revisions to retain to allow rollback in the underlying Deployment.
+# If not set Kubernetes sets this to 10 by default.
+#
+# revisionHistoryLimit: 2
+
+# SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for APM Server.
+secureSettings: []
+# - secretName: my-secret-with-secure-settings
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/.helmignore b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/Chart.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/Chart.yaml
new file mode 100644
index 00000000..cc0ac4f1
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Elastic Beats managed by the ECK operator
+icon: https://helm.elastic.co/icons/beats.png
+kubeVersion: '>= 1.20.0-0'
+name: eck-beats
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/beats
+type: application
+version: 0.16.0
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/LICENSE b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/auditbeat_hosts.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/auditbeat_hosts.yaml
new file mode 100644
index 00000000..2f23fa8c
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/auditbeat_hosts.yaml
@@ -0,0 +1,110 @@
+name: auditbeat
+version: 9.1.0
+type: auditbeat
+elasticsearchRef:
+ name: eck-elasticsearch
+kibanaRef:
+ name: eck-kibana
+config:
+ auditbeat.modules:
+ - module: file_integrity
+ paths:
+ - /hostfs/bin
+ - /hostfs/usr/bin
+ - /hostfs/sbin
+ - /hostfs/usr/sbin
+ - /hostfs/etc
+ exclude_files:
+ - '(?i)\.sw[nop]$'
+ - '~$'
+ - '/\.git($|/)'
+ scan_at_start: true
+ scan_rate_per_sec: 50 MiB
+ max_file_size: 100 MiB
+ hash_types: [sha1]
+ recursive: true
+ - module: auditd
+ audit_rules: |
+ # Executions
+ -a always,exit -F arch=b64 -S execve,execveat -k exec
+
+ # Unauthorized access attempts (amd64 only)
+ -a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -k access
+ -a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access
+
+ processors:
+ - add_cloud_metadata: {}
+ - add_host_metadata: {}
+ - add_process_metadata:
+ match_pids: ['process.pid']
+daemonSet:
+ podTemplate:
+ spec:
+ hostPID: true # Required by auditd module
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true # Allows to provide richer host metadata
+ automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
+ securityContext:
+ runAsUser: 0
+ volumes:
+ - name: bin
+ hostPath:
+ path: /bin
+ - name: usrbin
+ hostPath:
+ path: /usr/bin
+ - name: sbin
+ hostPath:
+ path: /sbin
+ - name: usrsbin
+ hostPath:
+ path: /usr/sbin
+ - name: etc
+ hostPath:
+ path: /etc
+ - name: run-containerd
+ hostPath:
+ path: /run/containerd
+ type: DirectoryOrCreate
+ # Uncomment the below when running on GKE. See https://github.com/elastic/beats/issues/8523 for more context.
+ #- name: run
+ # hostPath:
+ # path: /run
+ #initContainers:
+ #- name: cos-init
+ # image: docker.elastic.co/beats/auditbeat:8.3.3
+ # volumeMounts:
+ # - name: run
+ # mountPath: /run
+ # command: ['sh', '-c', 'export SYSTEMD_IGNORE_CHROOT=1 && systemctl stop systemd-journald-audit.socket && systemctl mask systemd-journald-audit.socket && systemctl restart systemd-journald']
+ containers:
+ - name: auditbeat
+ securityContext:
+ capabilities:
+ add:
+ # Capabilities needed for auditd module
+ - 'AUDIT_READ'
+ - 'AUDIT_WRITE'
+ - 'AUDIT_CONTROL'
+ volumeMounts:
+ - name: bin
+ mountPath: /hostfs/bin
+ readOnly: true
+ - name: sbin
+ mountPath: /hostfs/sbin
+ readOnly: true
+ - name: usrbin
+ mountPath: /hostfs/usr/bin
+ readOnly: true
+ - name: usrsbin
+ mountPath: /hostfs/usr/sbin
+ readOnly: true
+ - name: etc
+ mountPath: /hostfs/etc
+ readOnly: true
+ # Directory with root filesystems of containers executed with containerd, this can be
+ # different with other runtimes. This volume is needed to monitor the file integrity
+ # of files in containers.
+ - name: run-containerd
+ mountPath: /run/containerd
+ readOnly: true
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/filebeat_no_autodiscover.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/filebeat_no_autodiscover.yaml
new file mode 100644
index 00000000..fc1b339b
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/filebeat_no_autodiscover.yaml
@@ -0,0 +1,52 @@
+name: filebeat
+version: 9.1.0
+type: filebeat
+elasticsearchRef:
+ name: eck-elasticsearch
+kibanaRef:
+ name: eck-kibana
+config:
+ filebeat.inputs:
+ - type: filestream
+ paths:
+ - /var/log/containers/*.log
+ parsers:
+ - container: ~
+ prospector:
+ scanner:
+ fingerprint.enabled: true
+ symlinks: true
+ file_identity.fingerprint: ~
+ processors:
+ - add_host_metadata: {}
+ - add_cloud_metadata: {}
+daemonSet:
+ podTemplate:
+ spec:
+ automountServiceAccountToken: true
+ terminationGracePeriodSeconds: 30
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true # Allows to provide richer host metadata
+ containers:
+ - name: filebeat
+ securityContext:
+ runAsUser: 0
+ # If using Red Hat OpenShift uncomment this:
+ #privileged: true
+ volumeMounts:
+ - name: varlogcontainers
+ mountPath: /var/log/containers
+ - name: varlogpods
+ mountPath: /var/log/pods
+ - name: varlibdockercontainers
+ mountPath: /var/lib/docker/containers
+ volumes:
+ - name: varlogcontainers
+ hostPath:
+ path: /var/log/containers
+ - name: varlogpods
+ hostPath:
+ path: /var/log/pods
+ - name: varlibdockercontainers
+ hostPath:
+ path: /var/lib/docker/containers
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/heartbeat_es_kb_health.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/heartbeat_es_kb_health.yaml
new file mode 100644
index 00000000..09753e98
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/heartbeat_es_kb_health.yaml
@@ -0,0 +1,23 @@
+name: heartbeat
+version: 9.1.0
+type: heartbeat
+elasticsearchRef:
+ name: eck-elasticsearch
+config:
+ heartbeat.monitors:
+ - type: tcp
+ schedule: '@every 5s'
+ # This should directly match the name of the Elasticsearch instance
+ # with "-es-http" appended to the name.
+ hosts: ["elasticsearch-es-http.default.svc:9200"]
+ - type: tcp
+ schedule: '@every 5s'
+ # This should directly match the names of the Kibana instance
+ # with "-kb-http" appended to the name.
+ hosts: ["eck-kibana-kb-http.default.svc:5601"]
+deployment:
+ replicas: 1
+ podTemplate:
+ spec:
+ securityContext:
+ runAsUser: 0
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/metricbeat_hosts.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/metricbeat_hosts.yaml
new file mode 100644
index 00000000..7b0f6897
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/metricbeat_hosts.yaml
@@ -0,0 +1,158 @@
+name: metricbeat
+type: metricbeat
+version: 9.1.0
+elasticsearchRef:
+ name: eck-elasticsearch
+kibanaRef:
+ name: eck-kibana
+config:
+ metricbeat:
+ autodiscover:
+ providers:
+ - hints:
+ default_config: {}
+ enabled: "true"
+ node: ${NODE_NAME}
+ type: kubernetes
+ modules:
+ - module: system
+ period: 10s
+ metricsets:
+ - cpu
+ - load
+ - memory
+ - network
+ - process
+ - process_summary
+ process:
+ include_top_n:
+ by_cpu: 5
+ by_memory: 5
+ processes:
+ - .*
+ - module: system
+ period: 1m
+ metricsets:
+ - filesystem
+ - fsstat
+ processors:
+ - drop_event:
+ when:
+ regexp:
+ system:
+ filesystem:
+ mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib)($|/)
+ - module: kubernetes
+ period: 10s
+ node: ${NODE_NAME}
+ hosts:
+ - https://${NODE_NAME}:10250
+ bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+ ssl:
+ verification_mode: none
+ metricsets:
+ - node
+ - system
+ - pod
+ - container
+ - volume
+ processors:
+ - add_cloud_metadata: {}
+ - add_host_metadata: {}
+daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: metricbeat
+ automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
+ containers:
+ - args:
+ - -e
+ - -c
+ - /etc/beat.yml
+ - --system.hostfs=/hostfs
+ name: metricbeat
+ volumeMounts:
+ - mountPath: /hostfs/sys/fs/cgroup
+ name: cgroup
+ - mountPath: /var/run/docker.sock
+ name: dockersock
+ - mountPath: /hostfs/proc
+ name: proc
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true # Allows to provide richer host metadata
+ securityContext:
+ runAsUser: 0
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - hostPath:
+ path: /sys/fs/cgroup
+ name: cgroup
+ - hostPath:
+ path: /var/run/docker.sock
+ name: dockersock
+ - hostPath:
+ path: /proc
+ name: proc
+
+clusterRole:
+ # permissions needed for metricbeat
+ # source: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-kubernetes.html
+ name: metricbeat
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ - namespaces
+ - events
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - "extensions"
+ resources:
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ - deployments
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - nodes/stats
+ verbs:
+ - get
+ - nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+
+serviceAccount:
+ name: metricbeat
+
+clusterRoleBinding:
+ name: metricbeat
+ subjects:
+ - kind: ServiceAccount
+ name: metricbeat
+ roleRef:
+ kind: ClusterRole
+ name: metricbeat
+ apiGroup: rbac.authorization.k8s.io
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/packetbeat_dns_http.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/packetbeat_dns_http.yaml
new file mode 100644
index 00000000..a1af23f9
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/examples/packetbeat_dns_http.yaml
@@ -0,0 +1,37 @@
+name: packetbeat
+type: packetbeat
+version: 9.1.0
+elasticsearchRef:
+ name: eck-elasticsearch
+kibanaRef:
+ name: eck-kibana
+config:
+ packetbeat.interfaces.device: any
+ packetbeat.protocols:
+ - type: dns
+ ports: [53]
+ include_authorities: true
+ include_additionals: true
+ - type: http
+ ports: [80, 8000, 8080, 9200]
+ packetbeat.flows:
+ timeout: 30s
+ period: 10s
+ processors:
+ - add_cloud_metadata: {}
+ - add_host_metadata: {}
+daemonSet:
+ podTemplate:
+ spec:
+ terminationGracePeriodSeconds: 30
+ hostNetwork: true
+ automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
+ dnsPolicy: ClusterFirstWithHostNet
+ containers:
+ - name: packetbeat
+ securityContext:
+ runAsUser: 0
+ capabilities:
+ add:
+ - NET_ADMIN
+ volumes: []
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/NOTES.txt b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/NOTES.txt
new file mode 100644
index 00000000..10d2dac5
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Beat status
+ $ kubectl get beat {{ include "beat.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Beat pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l beat.k8s.elastic.co/name={{ include "beat.fullname" . }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/_helpers.tpl b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/_helpers.tpl
new file mode 100644
index 00000000..5e20af14
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "beat.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "beat.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "beat.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "beat.labels" -}}
+helm.sh/chart: {{ include "beat.chart" . }}
+{{ include "beat.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "beat.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "beat.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/beats.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/beats.yaml
new file mode 100644
index 00000000..a70ac9a6
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/beats.yaml
@@ -0,0 +1,75 @@
+---
+apiVersion: beat.k8s.elastic.co/v1beta1
+kind: Beat
+metadata:
+ name: {{ include "beat.fullname" . }}
+ labels:
+ {{- include "beat.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "A Beat version is required" (or ((.Values.spec).version) (.Values.version)) }}
+ {{- $daemonSet := (or (hasKey (.Values.spec) "daemonSet") (hasKey .Values "daemonSet")) }}
+ {{- $deployment := (or (hasKey (.Values.spec) "deployment") (hasKey .Values "deployment")) }}
+ {{- if and (not $daemonSet) (not $deployment) }}
+ {{ fail "At least one of daemonSet or deployment is required for a functional Beat" }}
+ {{- end }}
+ {{- if not (or ((.Values.spec).type) (.Values.type)) }}{{ fail "A Beat type is required" }}{{- end }}
+ type: {{ or ((.Values.spec).type) (.Values.type) }}
+ {{- if $daemonSet }}
+ {{- $ds := or ((.Values.spec).daemonSet) (.Values.daemonSet) }}
+ daemonSet:
+ {{- /* This is required to render the empty daemonset ( {} ) properly */}}
+ {{- $ds | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- if $deployment }}
+ {{- $deploy := or ((.Values.spec).deployment) (.Values.deployment) }}
+ deployment:
+ {{- /* This is required to render the empty deployment ( {} ) properly */}}
+ {{- $deploy | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).image) (.Values.image) }}
+ image: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).elasticsearchRef) (.Values.elasticsearchRef) }}
+ elasticsearchRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).kibanaRef) (.Values.kibanaRef) }}
+ kibanaRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- $config := or ((.Values.spec).config) (.Values.config) }}
+ {{- $configRef := or ((.Values.spec).configRef) (.Values.configRef) }}
+ {{- if and $config $configRef }}
+ {{ fail "Only one of config and configRef can be specified" }}
+ {{- end }}
+ {{- with $config }}
+ config:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with $configRef }}
+ configRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).http) (.Values.http) }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).monitoring) (.Values.monitoring) }}
+ monitoring:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).secureSettings) (.Values.secureSettings) }}
+ secureSettings:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).revisionHistoryLimit) (.Values.revisionHistoryLimit) }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with or (((.Values.spec).serviceAccount).name) ((.Values.serviceAccount).name) }}
+ serviceAccountName: {{ . }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/cluster-role-binding.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/cluster-role-binding.yaml
new file mode 100644
index 00000000..d8fca15f
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/cluster-role-binding.yaml
@@ -0,0 +1,35 @@
+{{- with .Values.clusterRoleBinding }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "beat.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- with .subjects }}
+subjects:
+{{- range . }}
+ - kind: {{ .kind }}
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+{{- end }}
+{{- end }}
+{{- with .roleRef }}
+roleRef:
+ kind: {{ .kind }}
+ name: {{ .name }}
+ apiGroup: {{ .apiGroup }}
+{{- end }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/cluster-role.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/cluster-role.yaml
new file mode 100644
index 00000000..66406f63
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/cluster-role.yaml
@@ -0,0 +1,22 @@
+{{- with .Values.clusterRole }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "beat.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+rules: {{- toYaml .rules | nindent 2 }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/service-account.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/service-account.yaml
new file mode 100644
index 00000000..08f21f7e
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/templates/service-account.yaml
@@ -0,0 +1,23 @@
+
+{{- with .Values.serviceAccount }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+ labels:
+ {{- include "beat.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/values.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/values.yaml
new file mode 100644
index 00000000..49b055c6
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-beats/values.yaml
@@ -0,0 +1,169 @@
+---
+# Default values for eck-beats.
+# This is a YAML-formatted file.
+
+# Overridable names of the Beats resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-beats'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Beats resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Elastic Beats.
+#
+version: 9.1.0
+
+# Labels that will be applied to Elastic Beats.
+#
+labels: {}
+
+# Annotations that will be applied to Elastic Beats.
+#
+annotations: {}
+
+# ** Deprecation Notice **
+# The previous versions of this Helm Chart simply used the `spec` field here
+# and allowed the user to specify any fields below spec that were templated directly
+# into the final Beats manifest. This is no longer the preferred way to specify these
+# fields and each field that is supported underneath `spec` is now directly specified
+# in this values file. Currently both patterns are supported for backwards compatibility
+# but we plan to remove the `spec` field in the future.
+# spec: {}
+
+# Type of Elastic Beats. Standard types of Beat are [filebeat,metricbeat,heartbeat,auditbeat,packetbeat,journalbeat].
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat
+#
+# Note: This is required to be set, or the release install will fail.
+#
+type: ""
+
+# Beats image to deploy.
+#
+# image: docker.elastic.co/beats/metricbeat:9.1.0
+
+# Referenced resources are below and depending on the setup, at least elasticsearchRef is required for a functional Beat.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-connect-es
+#
+# Reference to ECK-managed Kibana instance.
+#
+# kibanaRef:
+# name: quickstart
+ # Optional namespace reference to Kibana instance.
+ # If not specified, then the namespace of the Beats instance
+ # will be assumed.
+ #
+ # namespace: default
+
+# Reference to ECK-managed Elasticsearch instance.
+# *Note* If Beat's output is intended to go to Elasticsearch and not something like Logstash,
+# this elasticsearchRef must be updated to the name of the Elasticsearch instance.
+#
+elasticsearchRef: {}
+ # name: elasticsearch
+ # Optional namespace reference to Elasticsearch instance.
+ # If not specified, then the namespace of the Beats instance
+ # will be assumed.
+ #
+ # namespace: default
+
+# Daemonset, or Deployment specification for the type of Beat specified.
+# At least one is required of [daemonSet, deployment].
+# No default is currently set, refer to https://github.com/elastic/cloud-on-k8s/issues/7429.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-chose-the-deployment-model
+#
+# deployment:
+# podTemplate:
+# spec:
+# securityContext:
+# runAsUser: 0
+# daemonSet:
+# podTemplate:
+# spec:
+# securityContext:
+# runAsUser: 0
+
+# Configuration of Beat, which is dependent on the `type` of Beat specified.
+# NOTE: The `config` and `configRef` fields are mutually exclusive. Only one of them should be defined at a time,
+# as using both may cause conflicts.
+#
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-custom-configuration
+#
+config: {}
+
+# Reference a configuration in a Secret.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-custom-configuration
+#
+# configRef:
+# secretName: ""
+
+# The HTTP layer configuration for the Beats Service.
+#
+# http:
+
+# Settings for configuring stack monitoring.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html
+#
+# monitoring: {}
+ # metrics:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+ # logs:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+
+# SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for Elastic Beats.
+secureSettings: []
+# - secretName: my-secret-with-secure-settings
+
+# Number of revisions to retain to allow rollback in the underlying Deployment.
+# If not set Kubernetes sets this to 10 by default.
+#
+# revisionHistoryLimit: 2
+
+# ServiceAccount to be used by Elastic Beats. Some Beats features (such as autodiscover or Kubernetes module metricsets)
+# require that Beat Pods interact with Kubernetes APIs. This functionality requires specific permissions
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats
+#
+serviceAccount: {}
+# name: elastic-beat-filebeat-quickstart
+# namespace: optional-namespace
+
+# ClusterRoleBinding to be used by Elastic Beats. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats
+#
+clusterRoleBinding: {}
+# name: elastic-beat-autodiscover-binding
+# subjects:
+# - kind: ServiceAccount
+# name: elastic-beat-filebeat-quickstart
+# namespace: default
+# roleRef:
+# kind: ClusterRole
+# name: elastic-beat-autodiscover
+# apiGroup: rbac.authorization.k8s.io
+
+# ClusterRole to be used by Elastic Beats. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats
+#
+clusterRole: {}
+# name: elastic-beat-autodiscover
+# rules:
+# - apiGroups: [""]
+# resources:
+# - events
+# - pods
+# - namespaces
+# - nodes
+# verbs:
+# - get
+# - watch
+# - list
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/.helmignore b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/Chart.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/Chart.yaml
new file mode 100644
index 00000000..594d487e
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Elasticsearch managed by the ECK operator
+icon: https://helm.elastic.co/icons/elasticsearch.png
+kubeVersion: '>= 1.21.0-0'
+name: eck-elasticsearch
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/elasticsearch/
+type: application
+version: 0.16.0
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/LICENSE b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/hot-warm-cold.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/hot-warm-cold.yaml
new file mode 100644
index 00000000..4eb99e60
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/hot-warm-cold.yaml
@@ -0,0 +1,198 @@
+---
+nodeSets:
+- name: masters
+ count: 1
+ config:
+ node.roles: ["master"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 8Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highio
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+- name: hot
+ count: 1
+ config:
+ node.roles: ["data_hot", "data_content", "ingest"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 16Gi
+ cpu: 4
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highio
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+- name: warm
+ count: 1
+ config:
+ node.roles: ["data_warm"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 16Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highstorage
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+- name: cold
+ count: 1
+ config:
+ node.roles: ["data_cold"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 8Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highstorage
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 20Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-aks.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-aks.yaml
new file mode 100644
index 00000000..0ca310c3
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-aks.yaml
@@ -0,0 +1,26 @@
+---
+# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in an AKS cluster.
+#
+ingress:
+ enabled: true
+ className: webapprouting.kubernetes.azure.com
+ annotations:
+ # This is required for AKS Loadbalancing to understand that it's communicating with
+ # an HTTPS backend.
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "elasticsearch.company.dev"
+ path: "/"
+nodeSets:
+- name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-alb.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-alb.yaml
new file mode 100644
index 00000000..d3cc4041
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-alb.yaml
@@ -0,0 +1,37 @@
+---
+# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in an EKS cluster
+# which provisions an application load balancer.
+#
+ingress:
+ enabled: true
+ className: alb
+ annotations:
+ alb.ingress.kubernetes.io/scheme: "internet-facing"
+ alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
+ alb.ingress.kubernetes.io/backend-protocol: "HTTPS"
+ alb.ingress.kubernetes.io/target-type: "ip"
+ # To use an ALB with ECK, you must provide a valid ACM certificate ARN or use certificate discovery.
+ # There are 2 options for EKS:
+ # 1. Create a valid ACM certificate, and uncomment the following annotation and update it to the correct ARN.
+ # 2. Create a valid ACM certificate and ensure that the hosts[0].host matches the certificate's Common Name (CN) and
+ # certificate discovery *should* find the certificate automatically and use it.
+ #
+ # ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/cert_discovery/
+ #
+ # alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:us-east-1:00000000000:certificate/b65be571-8220-4f2e-8cb1-94194535d877"
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "elasticsearch.company.dev"
+ path: "/"
+nodeSets:
+- name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-nlb.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-nlb.yaml
new file mode 100644
index 00000000..3809e871
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-nlb.yaml
@@ -0,0 +1,27 @@
+---
+# The following is an example of an Elasticsearch resource that is configured to deploy a
+# network load balancer (NLB) in an EKS cluster. To provision an NLB "ingress" for the
+# Elasticsearch cluster, you are required to set annotations on the service,
+# and not an Ingress resource.
+ingress:
+ enabled: false
+http:
+ service:
+ metadata:
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-type: external
+ service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
+ service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+ service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+ spec:
+ type: LoadBalancer
+nodeSets:
+- name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-gke.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-gke.yaml
new file mode 100644
index 00000000..3adbd29c
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-gke.yaml
@@ -0,0 +1,36 @@
+---
+# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in a GKE cluster.
+#
+ingress:
+ enabled: true
+ annotations:
+ my: annotation
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "elasticsearch.company.dev"
+ path: "/"
+http:
+ service:
+ metadata:
+ annotations:
+ # This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters.
+ cloud.google.com/neg: '{"ingress": true}'
+ # This is required to enable the GKE Ingress Controller to use HTTPS as the backend protocol.
+ cloud.google.com/app-protocols: '{"https":"HTTPS"}'
+nodeSets:
+- name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+ # Enable anonymous access to allow GCLB health probes to succeed
+ xpack.security.authc:
+ anonymous:
+ username: anon
+ roles: monitoring_user
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/NOTES.txt b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/NOTES.txt
new file mode 100644
index 00000000..f6ab0020
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Elasticsearch resource status
+ $ kubectl get es {{ include "elasticsearch.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Elasticsearch pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l elasticsearch.k8s.elastic.co/cluster-name={{ include "elasticsearch.fullname" . }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/_helpers.tpl b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/_helpers.tpl
new file mode 100644
index 00000000..8fbf57b3
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "elasticsearch.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "elasticsearch.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "elasticsearch.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "elasticsearch.labels" -}}
+helm.sh/chart: {{ include "elasticsearch.chart" . }}
+{{ include "elasticsearch.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "elasticsearch.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "elasticsearch.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/elasticsearch.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/elasticsearch.yaml
new file mode 100644
index 00000000..4a4d7465
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/elasticsearch.yaml
@@ -0,0 +1,78 @@
+---
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+ name: {{ include "elasticsearch.fullname" . }}
+ labels:
+ {{- include "elasticsearch.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- with .Values.auth }}
+ auth:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.updateStrategy }}
+ updateStrategy:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.secureSettings }}
+ secureSettings:
+ {{- toYaml . | nindent 2 }}
+ {{- end }}
+ {{- with .Values.transport }}
+ transport:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.http }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ version: {{ required "An Elasticsearch version is required" .Values.version }}
+ {{- with .Values.monitoring }}
+ monitoring:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.remoteClusters }}
+ remoteClusters:
+ {{- toYaml . | nindent 2 }}
+ {{- end }}
+ {{- with .Values.remoteClusterServer }}
+ remoteClusterServer:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.volumeClaimDeletePolicy }}
+ volumeClaimDeletePolicy:
+ {{- if and (not (eq . "DeleteOnScaledownOnly")) (not (eq . "DeleteOnScaledownAndClusterDeletion")) }}
+ {{ fail "volumeClaimDeletePolicy can only be one of 'DeleteOnScaledownOnly' or 'DeleteOnScaledownAndClusterDeletion'" }}
+ {{- end }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if eq (len .Values.nodeSets) 0 }}
+ {{ fail "At least one nodeSet is required" }}
+ {{- end }}
+ nodeSets:
+ {{ toYaml .Values.nodeSets | nindent 4 }}
+ {{- with .Values.image }}
+ image: {{ . }}
+ {{- end }}
+ {{- with .Values.podDisruptionBudget }}
+ {{- if .disabled }}
+ podDisruptionBudget: {}
+ {{- else }}
+ {{- with .spec }}
+ podDisruptionBudget:
+ spec:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.serviceAccountName }}
+ serviceAccountName: {{ . }}
+ {{- end }}
+ {{- with .Values.revisionHistoryLimit }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/ingress.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/ingress.yaml
new file mode 100644
index 00000000..99aa1813
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/templates/ingress.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.ingress.enabled -}}
+{{- $pathType := .Values.ingress.pathType | default "Prefix" -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ include "elasticsearch.fullname" . }}
+ labels:
+ {{- include "elasticsearch.labels" . | nindent 4 }}
+ {{- with .Values.ingress.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if .Values.ingress.annotations }}
+ annotations:
+ {{- with .Values.ingress.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ {{- if .Values.ingress.className }}
+ ingressClassName: {{ .Values.ingress.className | quote }}
+ {{- end }}
+ {{- if .Values.ingress.tls.enabled }}
+ tls:
+ - hosts:
+ {{- range .Values.ingress.hosts }}
+ - {{ .host | quote }}
+ {{- end }}
+ {{- if .Values.ingress.tls.secretName }}
+ secretName: {{ .Values.ingress.tls.secretName }}
+ {{- else }}
+ secretName: {{ include "elasticsearch.fullname" . }}-es-http-certs-internal
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ {{- $hostPath := .path | default "/" }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ - path: {{ $hostPath }}
+ pathType: {{ $pathType }}
+ backend:
+ service:
+ name: {{ include "elasticsearch.fullname" $ }}-es-http
+ port:
+ number: 9200
+ {{- end }}
+{{ end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/values.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/values.yaml
new file mode 100644
index 00000000..8d8e21c8
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-elasticsearch/values.yaml
@@ -0,0 +1,393 @@
+---
+# Default values for eck-elasticsearch.
+# This is a YAML-formatted file.
+
+# Overridable names of the Elasticsearch resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-elasticsearch'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Elasticsearch resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Elasticsearch.
+#
+version: 9.1.0
+
+# Elasticsearch Docker image to deploy
+#
+# image:
+
+# Labels that will be applied to Elasticsearch.
+#
+labels: {}
+
+# Annotations that will be applied to Elasticsearch.
+#
+annotations: {}
+
+# Settings for configuring Elasticsearch users and roles.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-users-and-roles.html
+#
+auth: {}
+
+# Settings for configuring stack monitoring.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html
+#
+monitoring: {}
+ # metrics:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+ # logs:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+
+# Control the Elasticsearch transport module used for internal communication between nodes.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-transport-settings.html
+#
+transport: {}
+ # service:
+ # metadata:
+ # labels:
+ # my-custom: label
+ # spec:
+ # type: LoadBalancer
+ # tls:
+ # subjectAltNames:
+ # - ip: 1.2.3.4
+ # - dns: hulk.example.com
+ # certificate:
+ # secretName: custom-ca
+
+# Settings to control how Elasticsearch will be accessed.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-accessing-elastic-services.html
+#
+http: {}
+ # service:
+ # metadata:
+ # labels:
+ # my-custom: label
+ # spec:
+ # type: LoadBalancer
+ # tls:
+ # selfSignedCertificate:
+ # # To fully disable TLS for the HTTP layer of Elasticsearch, simply
+ # # set the below field to 'true', removing all other fields.
+ # disabled: false
+ # subjectAltNames:
+ # - ip: 1.2.3.4
+ # - dns: hulk.example.com
+ # certificate:
+ # secretName: custom-ca
+
+# Control Elasticsearch Secure Settings.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-es-secure-settings.html#k8s-es-secure-settings
+#
+secureSettings: []
+ # - secretName: one-secure-settings-secret
+ # Projection of secret keys to specific paths
+ # - secretName: gcs-secure-settings
+ # entries:
+ # - key: gcs.client.default.credentials_file
+ # - key: gcs_client_1
+ # path: gcs.client.client_1.credentials_file
+ # - key: gcs_client_2
+ # path: gcs.client.client_2.credentials_file
+
+# Settings for limiting the number of simultaneous changes to an Elasticsearch resource.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-update-strategy.html
+#
+updateStrategy: {}
+ # changeBudget:
+ # maxSurge: 3
+ # maxUnavailable: 1
+
+# Controlling of connectivity between remote clusters within the same kubernetes cluster.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-remote-clusters.html
+#
+remoteClusters: {}
+ # - name: cluster-two
+ # elasticsearchRef:
+ # name: cluster-two
+ # namespace: ns-two
+
+# RemoteClusterServer specifies if the remote cluster server should be enabled.
+# This must be enabled if this cluster is a remote cluster which is expected to be accessed using API key authentication.
+#
+remoteClusterServer: {}
+# enabled: true
+
+# VolumeClaimDeletePolicy sets the policy for handling deletion of PersistentVolumeClaims for all NodeSets.
+# Possible values are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion.
+# By default, if not set or empty, the operator sets DeleteOnScaledownAndClusterDeletion.
+#
+volumeClaimDeletePolicy: ""
+
+# Settings to limit the disruption when pods need to be rescheduled for some reason such as upgrades or routine maintenance.
+# By default, if not set, the operator sets a budget that doesn't allow any pod to be removed in case the cluster is not green or if there is only one node of type `data` or `master`.
+# In all other cases the default PodDisruptionBudget sets `minUnavailable` equal to the total number of nodes minus 1.
+# To completely disable the pod disruption budget set `disabled` to true.
+#
+# podDisruptionBudget:
+# spec:
+# minAvailable: 2
+# selector:
+# matchLabels:
+# elasticsearch.k8s.elastic.co/cluster-name: quickstart
+# disabled: true
+
+# Used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace.
+# Can only be used if ECK is enforcing RBAC on references.
+#
+# serviceAccountName: ""
+
+# Number of revisions to retain to allow rollback in the underlying StatefulSets.
+# By default, if not set, Kubernetes sets 10.
+#
+# revisionHistoryLimit: 2
+
+# Node configuration settings.
+# The node roles which can be configured here are:
+# - "master"
+# - "data_hot"
+# - "data_cold"
+# - "data_frozen"
+# - "data_content"
+# - "ml"
+# - "ingest"
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-node-configuration.html
+#
+nodeSets:
+- name: default
+ count: 1
+ config:
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ # The following spec is exactly the Kubernetes Core V1 PodTemplateSpec. Any fields within the PodTemplateSpec
+ # are supported within the 'spec' field below. Please see below documentation for the exhaustive list of fields.
+ #
+ # https://v1-24.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#podtemplatespec-v1-core
+ #
+ # Only the commonly overridden/used fields will be noted below.
+ #
+ spec:
+
+ # If specified, the pod's scheduling constraints
+ # https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html
+ # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: topology.kubernetes.io/zone
+ # operator: In
+ # values:
+ # - antarctica-east1
+ # - antarctica-west1
+
+ # Containers array. Should only be used to customize the 'elasticsearch' container using the following fields.
+ containers:
+ - name: elasticsearch
+
+ # List of environment variables to set in the 'elasticsearch' container.
+ # https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/
+ # env:
+ # - name: "my-env-var"
+ # value: "my-value"
+
+ # Compute Resources required by this container.
+ resources:
+ # Requests describes the minimum amount of compute resources required. If Requests is omitted for a container,
+ # it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value.
+ #
+ # Defaults used by the ECK Operator, if not specified, are below
+ limits:
+ # cpu: 1
+ memory: 2Gi
+ requests:
+ # cpu: 1
+ memory: 2Gi
+
+ # Example increasing both the requests and limits values:
+ # limits:
+ # cpu: 4
+ # memory: 8Gi
+ # requests:
+ # cpu: 1
+ # memory: 8Gi
+
+ # SecurityContext defines the security options the container should be run with.
+ # If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ #
+ # These typically are set automatically by the ECK Operator, and should only be adjusted
+ # with the full knowledge of the effects of each field.
+ #
+ # securityContext:
+
+ # Whether this container has a read-only root filesystem. Default is false.
+ # readOnlyRootFilesystem: false
+
+ # The GID to run the entrypoint of the container process. Uses runtime default if unset.
+ # runAsGroup: 1000
+
+ # Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure
+ # that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed.
+ # runAsNonRoot: true
+
+ # The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified.
+ # runAsUser: 1000
+
+ # ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ # https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ # imagePullSecrets:
+ # - name: "image-pull-secret"
+
+ # List of initialization containers belonging to the pod.
+ #
+ # Common initContainers include setting sysctl, or in 7.x versions of Elasticsearch,
+ # installing Elasticsearch plugins.
+ #
+ # https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ # initContainers:
+ # - command:
+ # - sh
+ # - "-c"
+ # - sysctl -w vm.max_map_count=262144
+ # name: sysctl
+ # securityContext:
+ # privileged: true
+ # - command:
+ # - sh
+ # - "-c"
+ # - bin/elasticsearch-plugin remove --purge analysis-icu ; bin/elasticsearch-plugin install --batch analysis-icu
+ # name: install-plugins
+ # securityContext:
+ # privileged: true
+
+
+ # NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node.
+ # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ # https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html
+ # nodeSelector:
+ # diskType: ssd
+ # environment: production
+
+ # If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority.
+ # Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+ # https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
+ # priorityClassName: ""
+
+ # SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.
+ # See previously defined 'securityContext' within 'podTemplate' for all available fields.
+ # securityContext: {}
+
+ # ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ # serviceAccountName: ""
+
+ # Optional duration in seconds to wait for the Elasticsearch pod to terminate gracefully.
+ # terminationGracePeriodSeconds: 30s
+
+ # If specified, the pod's tolerations that will apply to all containers within the pod.
+ # https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+ # tolerations:
+ # - key: "node-role.kubernetes.io/elasticsearch"
+ # effect: "NoSchedule"
+ # operator: "Exists"
+
+ # TopologySpreadConstraints describes how a group of pods ought to spread across topology domains.
+ # Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
+ #
+ # These settings are generally applied within each `nodeSets[].podTemplate` field to apply to a specific Elasticsearch nodeset.
+ #
+ # https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html
+ # topologySpreadConstraints: {}
+
+ # List of volumes that can be mounted by containers belonging to the pod.
+ # https://kubernetes.io/docs/concepts/storage/volumes
+ # volumes: []
+
+# Settings for controlling Elasticsearch ingress. Enabling ingress will expose your Elasticsearch instance
+# to the public internet, and as such is disabled by default.
+#
+# Each Cloud Service Provider has different requirements for setting up Ingress. Some links to common documentation are:
+# - AWS: https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
+# - GCP: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
+# - Azure: https://learn.microsoft.com/en-us/azure/aks/app-routing
+# - Nginx: https://kubernetes.github.io/ingress-nginx/
+#
+ingress:
+ enabled: false
+
+ # Annotations that will be applied to the Ingress resource. Note that some ingress controllers are controlled via annotations.
+ #
+ # Nginx Annotations: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
+ #
+ # Common annotations:
+ # kubernetes.io/ingress.class: gce # Configures the Ingress resource to use the GCE ingress controller and create an external Application Load Balancer.
+ # kubernetes.io/ingress.class: gce-internal # Configures the Ingress resource to use the GCE ingress controller and create an internal Application Load Balancer.
+ # kubernetes.io/ingress.class: nginx # Configures the Ingress resource to use the NGINX ingress controller.
+ #
+ annotations: {}
+
+ # Labels that will be applied to the Ingress resource.
+ #
+ labels: {}
+
+ # Some ingress controllers require the use of a specific class name to route traffic to the correct controller, notably AKS and EKS, which
+ # replaces the use of the 'kubernetes.io/ingress.class' annotation.
+ #
+ # className: webapprouting.kubernetes.azure.com | alb
+
+ # Ingress paths are required to have a corresponding path type. Defaults to 'Prefix'.
+ #
+ # There are 3 supported path types:
+ # - ImplementationSpecific
+ # - Prefix
+ # - Exact
+ #
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types
+ #
+ pathType: Prefix
+
+ # Hosts are a list of hosts included in the Ingress definition, with a corresponding path at which the default Elasticsearch service
+ # will be exposed. Each host in the list should be a fully qualified DNS name that will resolve to the exposed Ingress object.
+ #
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#name-based-virtual-hosting
+ #
+ hosts:
+ - host: chart-example.local
+ path: /
+
+ # TLS defines whether TLS will be enabled on the Ingress resource.
+ #
+ # *NOTE* Many Cloud Service Providers handle TLS in a custom manner, and as such, it is recommended to consult their documentation.
+ # Notably GKE and Nginx Ingress Controllers seems to respect the Ingress TLS settings, AKS and EKS ignore it.
+ #
+ # - AKS: https://learn.microsoft.com/en-us/azure/aks/app-routing-dns-ssl
+ # - GKE: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#options_for_providing_ssl_certificates
+ # - EKS: https://aws.amazon.com/blogs/containers/serve-distinct-domains-with-tls-powered-by-acm-on-amazon-eks/
+ # - Nginx: https://kubernetes.github.io/ingress-nginx/user-guide/tls/
+ #
+ # Kubernetes ingress TLS documentation:
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+ #
+ tls:
+ enabled: false
+ # Optional Kubernetes secret name that contains a base64 encoded PEM certificate and private key that corresponds to the above 'hosts' definitions.
+ # If tls is enabled, but this field is not set, the self-signed certificate and key created by the ECK operator will be used.
+ # secretName: chart-example-tls
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/.helmignore b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/Chart.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/Chart.yaml
new file mode 100644
index 00000000..666c2703
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+description: Elastic Enterprise Search managed by the ECK operator
+icon: https://github.com/elastic/ent-search/blob/main/public/app-search-favicon-196x196.png
+kubeVersion: '>= 1.21.0-0'
+name: eck-enterprise-search
+sources:
+- https://github.com/elastic/cloud-on-k8s
+type: application
+version: 0.16.0
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/examples/with-custom-configuration.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/examples/with-custom-configuration.yaml
new file mode 100644
index 00000000..4216a112
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/examples/with-custom-configuration.yaml
@@ -0,0 +1,19 @@
+config:
+ # define the exposed URL at which users will reach Enterprise Search
+ ent_search.external_url: https://my-custom-domain:3002
+ # define the exposed URL at which users will reach Kibana
+ kibana.host: https://kibana.my-custom-domain:5601
+ # configure app search document size limit
+ app_search.engine.document_size.limit: 100kb
+
+http:
+ service:
+ metadata:
+ labels:
+ my-custom: label
+ tls:
+ certificate:
+ secretName: my-cert
+
+elasticsearchRef:
+ name: eck-elasticsearch
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/templates/_helpers.tpl b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/templates/_helpers.tpl
new file mode 100644
index 00000000..21025dc7
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "eck-enterprise-search.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "eck-enterprise-search.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "eck-enterprise-search.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "eck-enterprise-search.labels" -}}
+helm.sh/chart: {{ include "eck-enterprise-search.chart" . }}
+{{ include "eck-enterprise-search.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "eck-enterprise-search.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "eck-enterprise-search.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "eck-enterprise-search.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "eck-enterprise-search.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/templates/enterprisesearch.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/templates/enterprisesearch.yaml
new file mode 100644
index 00000000..af224e35
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/templates/enterprisesearch.yaml
@@ -0,0 +1,62 @@
+---
+apiVersion: enterprisesearch.k8s.elastic.co/v1
+kind: EnterpriseSearch
+metadata:
+ name: {{ include "eck-enterprise-search.fullname" . }}
+ labels:
+ {{- include "eck-enterprise-search.labels" . | nindent 4 }}
+ {{- with .Values.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "An Enterprise Search version is required" .Values.version }}
+ count: {{ required "A pod count is required" .Values.count }}
+
+ {{- /*
+ This is complicated, but seems required to catch both the situations where the key does not exist (commented out), and the key exists but is an empty map.
+ */ -}}
+ {{- if and (or (and (hasKey .Values "configRef") (eq 0 (len .Values.configRef))) (not (hasKey .Values "configRef"))) (or (and (hasKey .Values "elasticsearchRef") (eq 0 (len .Values.elasticsearchRef))) (not (hasKey .Values "elasticsearchRef"))) }}
+ {{ fail "At least one of configRef or elasticsearchRef is required" }}
+ {{- end }}
+
+ {{- with .Values.image }}
+ image: {{ . }}
+ {{- end }}
+
+ {{- with .Values.serviceAccountName }}
+ serviceAccountName: {{ . }}
+ {{- end }}
+
+ {{- with .Values.revisionHistoryLimit }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+
+ {{- with .Values.config }}
+ config:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.http }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.elasticsearchRef }}
+ elasticsearchRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.podTemplate }}
+ podTemplate:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.configRef }}
+ configRef:
+ {{- toYaml . | nindent 2 }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/values.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/values.yaml
new file mode 100644
index 00000000..04d95667
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-enterprise-search/values.yaml
@@ -0,0 +1,96 @@
+---
+# Default values for eck-enterprise-search.
+# This is a YAML-formatted file.
+
+# Overridable names of the Enterprise Search resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-enterprise-search'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Enterprise Search resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Enterprise Search.
+#
+version: 8.19.0
+
+# Enterprise Search Docker image to deploy
+#
+# image:
+
+# Used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace.
+# Can only be used if ECK is enforcing RBAC on references.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-restrict-cross-namespace-associations.html
+#
+# serviceAccountName: ""
+
+# Labels that will be applied to Enterprise Search.
+#
+labels: {}
+
+# Annotations that will be applied to Enterprise Search.
+#
+annotations: {}
+
+# Count of Enterprise Search replicas to create.
+#
+count: 1
+
+# The Enterprise Search configuration, the ECK equivalent to enterprise-search.yml
+# ref: https://www.elastic.co/guide/en/enterprise-search/current/configuration.html#configuration-configure
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-enterprise-search-configuration.html
+#
+# At a minimum, you must specify the external URL and Kibana host.
+#
+config: {}
+ # define the exposed URL at which users will reach Enterprise Search
+ # ent_search.external_url: https://my-custom-domain:3002
+ # define the exposed URL at which users will reach Kibana
+ # kibana.host: https://kibana.my-custom-domain:5601
+
+# Settings to control how Enterprise Search will be accessed.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-accessing-elastic-services.html
+#
+http: {}
+ # tls:
+ # certificate:
+ # secretName: my-cert
+ # service:
+ # metadata:
+ # labels:
+ # my-custom: label
+
+# Reference to ECK-managed Elasticsearch resource.
+#
+elasticsearchRef: {}
+ # name: eck-elasticsearch
+ # Optional namespace reference to Elasticsearch resource.
+ # If not specified, then the namespace of the Enterprise Search resource
+ # will be assumed.
+ #
+ # namespace: default
+
+# Set podTemplate to customize the pod used by Enterprise Search
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-customize-pods.html
+#
+podTemplate: {}
+
+# Number of revisions to retain to allow rollback in the underlying Deployment.
+# If not set Kubernetes sets this to 10 by default.
+#
+# revisionHistoryLimit: 2
+
+# If you would prefer your sensitive data to be stored in a Secret, you can specify the name of the Secret reference.
+# In addition, if you do not want to use the `elasticsearchRef` mechanism or if you want to connect to an Elasticsearch
+# cluster not managed by ECK, you can manually configure Enterprise Search to access any available Elasticsearch cluster:
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-enterprise-search-configuration.html#k8s-enterprise-search-secret-configuration
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-enterprise-search-configuration.html#k8s-enterprise-search-connect-non-eck-es
+#
+configRef: {}
+ # secretName: enterprise-search-config
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/.helmignore b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/Chart.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/Chart.yaml
new file mode 100644
index 00000000..a96711c8
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+description: Elastic Fleet Server as an Agent managed by the ECK operator
+kubeVersion: '>= 1.21.0-0'
+name: eck-fleet-server
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/elastic-agent
+- https://github.com/elastic/fleet-server
+- https://www.elastic.co/guide/en/fleet/current/fleet-overview.html
+type: application
+version: 0.16.0
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/LICENSE b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/examples/fleet-server.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/examples/fleet-server.yaml
new file mode 100644
index 00000000..8b8bbe17
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/examples/fleet-server.yaml
@@ -0,0 +1,17 @@
+version: 9.1.0
+deployment:
+ replicas: 1
+ podTemplate:
+ spec:
+ serviceAccountName: fleet-server
+ automountServiceAccountToken: true
+elasticsearchRefs:
+- name: eck-elasticsearch
+kibanaRef:
+ name: eck-kibana
+http:
+ service:
+ spec:
+ type: ClusterIP
+serviceAccount:
+ name: fleet-server
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/NOTES.txt b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/NOTES.txt
new file mode 100644
index 00000000..eb3c879d
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Fleet Server status
+ $ kubectl get agent {{ include "fleet-server.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Fleet Server pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l fleet-server.k8s.elastic.co/name={{ include "fleet-server.fullname" . }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/_helpers.tpl b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/_helpers.tpl
new file mode 100644
index 00000000..173f5089
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "fleet-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "fleet-server.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "fleet-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "fleet-server.labels" -}}
+helm.sh/chart: {{ include "fleet-server.chart" . }}
+{{ include "fleet-server.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "fleet-server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "fleet-server.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role-binding.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role-binding.yaml
new file mode 100644
index 00000000..e5fee457
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role-binding.yaml
@@ -0,0 +1,33 @@
+{{- with .Values.clusterRoleBinding }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "fleet-server.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- with .subjects }}
+subjects:
+{{- range . }}
+ - kind: {{ .kind }}
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+{{- end }}
+{{- end }}
+roleRef:
+ kind: {{ .roleRef.kind }}
+ name: {{ .roleRef.name }}
+ apiGroup: {{ .roleRef.apiGroup }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role.yaml
new file mode 100644
index 00000000..f067b628
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role.yaml
@@ -0,0 +1,22 @@
+{{- with .Values.clusterRole }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "fleet-server.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+rules: {{- toYaml .rules | nindent 2 }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/fleet-server.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/fleet-server.yaml
new file mode 100644
index 00000000..2eb3b0d3
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/fleet-server.yaml
@@ -0,0 +1,64 @@
+---
+apiVersion: agent.k8s.elastic.co/v1alpha1
+kind: Agent
+metadata:
+ name: {{ include "fleet-server.fullname" . }}
+ labels:
+ {{- include "fleet-server.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "A Fleet Server version is required" (or ((.Values.spec).version) (.Values.version)) }}
+ mode: fleet
+ fleetServerEnabled: true
+ {{- if (or (hasKey (.Values.spec) "mode") (hasKey .Values "mode")) }}
+ {{- fail "mode cannot be changed" }}
+ {{- end }}
+ {{- if (or (hasKey (.Values.spec) "fleetServerEnabled") (hasKey .Values "fleetServerEnabled"))}}
+ {{- fail "fleetServerEnabled cannot be changed" }}
+ {{- end }}
+
+ {{- $statefulSet := (or (hasKey (.Values.spec) "statefulSet") (hasKey .Values "statefulSet")) }}
+ {{- $deployment := (or (hasKey (.Values.spec) "deployment") (hasKey .Values "deployment")) }}
+ {{- if and (not $statefulSet) (not $deployment) }}
+ {{ fail "At least one of statefulSet or deployment is required" }}
+ {{- end }}
+ {{- if $statefulSet }}
+ {{- $ss := or ((.Values.spec).statefulSet) (.Values.statefulSet) }}
+ statefulSet:
+ {{- /* This is required to render the empty statefulSet ( {} ) properly */}}
+ {{- $ss | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- if $deployment }}
+ {{- $deploy := or ((.Values.spec).deployment) (.Values.deployment) }}
+ deployment:
+ {{- /* This is required to render the empty deployment ( {} ) properly */}}
+ {{- $deploy | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).image) (.Values.image) }}
+ image: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).elasticsearchRefs) (.Values.elasticsearchRefs) }}
+ elasticsearchRefs:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).kibanaRef) (.Values.kibanaRef) }}
+ kibanaRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).policyID) (.Values.policyID) }}
+ policyID: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).http) (.Values.http) }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).revisionHistoryLimit) (.Values.revisionHistoryLimit) }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with or (((.Values.spec).serviceAccount).name) ((.Values.serviceAccount).name) }}
+ serviceAccountName: {{ . }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/service-account.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/service-account.yaml
new file mode 100644
index 00000000..0f8901d9
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/templates/service-account.yaml
@@ -0,0 +1,22 @@
+{{- with .Values.serviceAccount }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+ labels:
+ {{- include "fleet-server.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/values.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/values.yaml
new file mode 100644
index 00000000..e0e14154
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-fleet-server/values.yaml
@@ -0,0 +1,157 @@
+---
+# Default values for eck-fleet-server.
+# This is a YAML-formatted file.
+
+# Overridable names of the Fleet Server resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-fleet-server'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Fleet Server resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Elastic Fleet Server.
+#
+version: 9.1.0
+
+# Labels that will be applied to Elastic Fleet Server.
+#
+labels: {}
+
+# Annotations that will be applied to Elastic Fleet Server.
+#
+annotations: {}
+
+# Elastic Fleet Server Agent image to deploy.
+#
+# image: docker.elastic.co/beats/elastic-agent:9.1.0
+
+# ** Deprecation Notice **
+# The previous versions of this Helm Chart simply used the `spec` field here
+# and allowed the user to specify any fields below `spec` that were templated directly
+# into the final Agent/Fleet Server manifest. This is no longer the preferred way to specify these
+# fields and each field that is supported underneath `spec` is now directly specified
+# in this values file. Currently both patterns are supported for backwards compatibility
+# but we plan to remove the `spec` field in the future.
+# spec: {}
+
+# Referenced resources are below and both elasticsearchRefs and kibanaRef are required for a functional Fleet Server.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-setting-referenced-resources
+#
+# Reference to ECK-managed Kibana instance.
+# This is required for Fleet Server.
+#
+# kibanaRef:
+# name: quickstart
+ # Optional namespace reference to Kibana instance.
+ # If not specified, then the namespace of the Fleet Server resource
+ # will be assumed.
+ #
+ # namespace: default
+
+# Reference to ECK-managed Elasticsearch instance.
+# This is required for Fleet Server.
+#
+elasticsearchRefs: []
+# - name: eck-elasticsearch
+ # Optional namespace reference to Elasticsearch instance.
+ # If not specified, then the namespace of the Fleet Server resource
+ # will be assumed.
+ #
+ # namespace: default
+
+# policyID determines into which Agent Policy this Fleet Server will be enrolled.
+policyID: eck-fleet-server
+
+# The HTTP layer configuration for the Fleet Server Service.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-customize-fleet-server-service
+#
+# http:
+
+# Deployment or StatefulSet specification for Fleet Server.
+# At least one is required of [deployment, statefulSet].
+# No default is currently set, refer to https://github.com/elastic/cloud-on-k8s/issues/7429.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-chose-the-deployment-model
+#
+# deployment:
+# replicas: 1
+# podTemplate:
+# spec:
+# serviceAccountName: fleet-server
+# automountServiceAccountToken: true
+#
+# statefulSet:
+# podTemplate:
+# spec:
+# serviceAccountName: fleet-server
+# automountServiceAccountToken: true
+
+# Number of revisions to retain to allow rollback in the underlying Deployment.
+# If not set Kubernetes sets this to 10 by default.
+#
+# revisionHistoryLimit: 2
+
+# ServiceAccount to be used by Elastic Fleet Server. Some Fleet Server features (such as autodiscover or Kubernetes module metricsets)
+# require that Fleet Server Pods interact with Kubernetes APIs. This functionality requires specific permissions
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+serviceAccount:
+ name: fleet-server
+ # namespace: optional-namespace
+
+# ClusterRoleBinding to be used by Elastic Fleet Server. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+clusterRoleBinding:
+ name: fleet-server
+ subjects:
+ - kind: ServiceAccount
+ name: fleet-server
+ # namespace: default
+ roleRef:
+ kind: ClusterRole
+ name: fleet-server
+ apiGroup: rbac.authorization.k8s.io
+
+# ClusterRole to be used by Elastic Fleet Server. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+clusterRole:
+ name: fleet-server
+ rules:
+ - apiGroups: [""]
+ resources:
+ - pods
+ - namespaces
+ - nodes
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups: ["apps"]
+ resources:
+ - replicasets
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups: ["batch"]
+ resources:
+ - jobs
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups: ["coordination.k8s.io"]
+ resources:
+ - leases
+ verbs:
+ - get
+ - create
+ - update
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/.helmignore b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/Chart.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/Chart.yaml
new file mode 100644
index 00000000..cbb3a72f
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Kibana managed by the ECK operator
+icon: https://helm.elastic.co/icons/kibana.png
+kubeVersion: '>= 1.21.0-0'
+name: eck-kibana
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/kibana
+type: application
+version: 0.16.0
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/LICENSE b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/http-configuration.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/http-configuration.yaml
new file mode 100644
index 00000000..7bb0001b
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/http-configuration.yaml
@@ -0,0 +1,36 @@
+---
+# Version of Kibana.
+#
+version: 9.1.0
+
+# Labels that will be applied to Kibana.
+#
+labels: {}
+ # key: value
+
+# Annotations that will be applied to Kibana.
+#
+annotations: {}
+ # key: value
+
+# Count of Kibana replicas to create.
+#
+count: 1
+
+# Reference to ECK-managed Elasticsearch resource, ideally from {{ "elasticsearch.fullname" }}
+#
+elasticsearchRef:
+ name: eck-elasticsearch
+ # namespace: default
+http:
+ service:
+ spec:
+ # Type of service to deploy for Kibana.
+ # This deploys a load balancer in a cloud service provider, where supported.
+ #
+ type: LoadBalancer
+ # tls:
+ # selfSignedCertificate:
+ # subjectAltNames:
+ # - ip: 1.2.3.4
+ # - dns: kibana.example.com
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-aks.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-aks.yaml
new file mode 100644
index 00000000..b7363dd0
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-aks.yaml
@@ -0,0 +1,28 @@
+# The following is an example of a Kibana resource that is configured to use an Ingress resource in an AKS cluster.
+#
+
+# Name of the Kibana instance.
+#
+fullnameOverride: kibana
+
+# Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+#
+elasticsearchRef:
+ name: elasticsearch
+config:
+ server:
+ publicBaseUrl: "https://kibana.company.dev"
+
+ingress:
+ enabled: true
+ className: webapprouting.kubernetes.azure.com
+ annotations:
+ # This is required for AKS Loadbalancing to understand that it's communicating with
+ # an HTTPS backend.
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "kibana.company.dev"
+ path: "/"
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-eks.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-eks.yaml
new file mode 100644
index 00000000..c5f2f43b
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-eks.yaml
@@ -0,0 +1,48 @@
+# The following is an example of a Kibana resource that is configured to use an Ingress resource in an EKS cluster.
+#
+
+# Name of the Kibana instance.
+#
+fullnameOverride: kibana
+
+# Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+#
+elasticsearchRef:
+ name: elasticsearch
+config:
+ server:
+ publicBaseUrl: "https://kibana.company.dev"
+
+ingress:
+ enabled: true
+ className: alb
+ annotations:
+ alb.ingress.kubernetes.io/scheme: "internet-facing"
+ alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
+ alb.ingress.kubernetes.io/backend-protocol: "HTTPS"
+ alb.ingress.kubernetes.io/target-type: "ip"
+ # To use an ALB with ECK, you must provide a valid ACM certificate ARN or use certificate discovery.
+ # There are 2 options for EKS:
+ # 1. Create a valid ACM certificate, and uncomment the following annotation and update it to the correct ARN.
+ # 2. Create a valid ACM certificate and ensure that the hosts[0].host matches the certificate's Common Name (CN) and
+ # certificate discovery *should* find the certificate automatically and use it.
+ #
+ # ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/cert_discovery/
+ #
+ # alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:us-east-1:00000000000:certificate/b65be571-8220-4f2e-8cb1-94194535d877"
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "kibana.company.dev"
+ path: "/"
+nodeSets:
+- name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-gke.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-gke.yaml
new file mode 100644
index 00000000..61427581
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-gke.yaml
@@ -0,0 +1,31 @@
+# The following is an example of a Kibana resource that is configured to use an Ingress resource in a GKE cluster.
+#
+
+# Name of the Kibana instance.
+#
+fullnameOverride: kibana
+
+# Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+#
+elasticsearchRef:
+ name: elasticsearch
+config:
+ server:
+ publicBaseUrl: "https://kibana.company.dev"
+http:
+ service:
+ metadata:
+ annotations:
+ # This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters.
+ cloud.google.com/neg: '{"ingress": true}'
+ # This is required to enable the GKE Ingress Controller to use HTTPS as the backend protocol.
+ cloud.google.com/app-protocols: '{"https":"HTTPS"}'
+
+ingress:
+ enabled: true
+ pathType: Prefix
+ hosts:
+ - host: "kibana.company.dev"
+ path: "/"
+ tls:
+ enabled: true
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/NOTES.txt b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/NOTES.txt
new file mode 100644
index 00000000..9652161c
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Kibana status
+ $ kubectl get kibana {{ include "kibana.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Kibana pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l kibana.k8s.elastic.co/name={{ include "kibana.fullname" . }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/_helpers.tpl b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/_helpers.tpl
new file mode 100644
index 00000000..eba5497d
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kibana.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kibana.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kibana.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kibana.labels" -}}
+helm.sh/chart: {{ include "kibana.chart" . }}
+{{ include "kibana.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kibana.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kibana.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/ingress.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/ingress.yaml
new file mode 100644
index 00000000..171463c0
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/ingress.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.ingress.enabled -}}
+{{- $pathType := .Values.ingress.pathType | default "Prefix" -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ include "kibana.fullname" . }}
+ labels:
+ {{- include "kibana.labels" . | nindent 4 }}
+ {{- with .Values.ingress.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if .Values.ingress.annotations }}
+ annotations:
+ {{- with .Values.ingress.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ {{- if .Values.ingress.className }}
+ ingressClassName: {{ .Values.ingress.className | quote }}
+ {{- end }}
+ {{- if .Values.ingress.tls.enabled }}
+ tls:
+ - hosts:
+ {{- range .Values.ingress.hosts }}
+ - {{ .host | quote }}
+ {{- end }}
+ {{- if .Values.ingress.tls.secretName }}
+ secretName: {{ .Values.ingress.tls.secretName }}
+ {{- else }}
+ secretName: {{ include "kibana.fullname" . }}-kb-http-certs-internal
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ {{- $hostPath := .path | default "/" }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ - path: {{ $hostPath }}
+ pathType: {{ $pathType }}
+ backend:
+ service:
+ name: {{ include "kibana.fullname" $ }}-kb-http
+ port:
+ number: 5601
+ {{- end }}
+{{ end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/kibana.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/kibana.yaml
new file mode 100644
index 00000000..2d07efaa
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/templates/kibana.yaml
@@ -0,0 +1,61 @@
+---
+apiVersion: kibana.k8s.elastic.co/v1
+kind: Kibana
+metadata:
+ name: {{ include "kibana.fullname" . }}
+ labels:
+ {{- include "kibana.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "A Kibana version is required" .Values.version }}
+ {{- /*
+ The following templates with 'or' are to allow both .spec.field and .field to be set for backwards
+ compatibility purposes. See https://github.com/elastic/cloud-on-k8s/pull/8192 for details.
+ */ -}}
+ {{- with or ((.Values.spec).image) (.Values.image) }}
+ image: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).count) (.Values.count) }}
+ count: {{ . }}
+ {{- end }}
+ {{- $esRef := or ((.Values.spec).elasticsearchRef) (.Values.elasticsearchRef) }}
+ {{- if not ($esRef).name }}
+ {{ fail "An elasticsearchRef is required" }}
+ {{- end }}
+ elasticsearchRef:
+ {{- toYaml $esRef | nindent 4 }}
+ {{- $entsearchRef := or ((.Values.spec).enterpriseSearchRef) (.Values.enterpriseSearchRef) }}
+ {{- if $entsearchRef }}
+ enterpriseSearchRef:
+ {{- toYaml $entsearchRef | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).config) (.Values.config) }}
+ config:
+ {{ toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).http) (.Values.http) }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).podTemplate) (.Values.podTemplate) }}
+ podTemplate:
+ {{ toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).revisionHistoryLimit) (.Values.revisionHistoryLimit) }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).secureSettings) (.Values.secureSettings) }}
+ secureSettings:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).serviceAccountName) (.Values.serviceAccountName) }}
+ serviceAccountName: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).monitoring) (.Values.monitoring) }}
+ monitoring:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/values.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/values.yaml
new file mode 100644
index 00000000..fe1c3f3f
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-kibana/values.yaml
@@ -0,0 +1,179 @@
+---
+# Default values for eck-kibana.
+# This is a YAML-formatted file.
+
+# Overridable names of the Kibana resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-kibana'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Kibana resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Kibana.
+#
+version: 9.1.0
+
+# Kibana Docker image to deploy
+#
+# image: docker.elastic.co/kibana/kibana:9.1.0
+
+# Labels that will be applied to Kibana.
+#
+labels: {}
+
+# Annotations that will be applied to Kibana.
+#
+annotations: {}
+
+# ** Deprecation Notice **
+# The previous versions of this Helm Chart simply used the `spec` field here
+# and allowed the user to specify any fields below spec that were templated directly
+# into the final Kibana manifest. This is no long the preferred way to specify these
+# fields and each field that is supported underneath `spec` is now directly specified
+# in this values file. Currently both patterns are supported for backwards compatibility
+# but we plan to remove the `spec` field in the future.
+# spec: {}
+
+# Count of Kibana replicas to create.
+#
+count: 1
+
+# Reference to ECK-managed Elasticsearch resource.
+#
+elasticsearchRef: {}
+ # name: eck-elasticsearch
+ # Optional namespace reference to Elasticsearch resource.
+ # If not specified, then the namespace of the Kibana resource
+ # will be assumed.
+ #
+ # namespace: default
+
+# Reference to an EnterpriseSearch running in the same Kubernetes cluster
+#
+# enterpriseSearchRef:
+
+# The Kibana configuration (kibana.yml)
+# ref: https://www.elastic.co/guide/en/kibana/current/settings.html
+#
+config: null
+
+# The HTTP layer configuration for Kibana.
+#
+# http:
+
+# PodTemplate provides customisation options (labels, annotations, affinity rules,
+# resource requests, and so on) for the Kibana pods
+#
+# podTemplate:
+
+# Number of revisions to retain to allow rollback in the underlying deployment.
+# By default, if not set, Kubernetes sets 10.
+#
+# revisionHistoryLimit: 2
+
+# Control Kibana Secure Settings.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-kibana-secure-settings.html
+#
+secureSettings: []
+
+# Used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+# Can only be used if ECK is enforcing RBAC on references.
+#
+# serviceAccountName: ""
+
+# Settings for configuring stack monitoring.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html
+#
+monitoring: {}
+ # metrics:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+ # logs:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+
+# Settings for controlling Kibana ingress. Enabling ingress will expose your Kibana instance
+# to the public internet, and as such is disabled by default.
+#
+# *NOTE* when configuring Kibana Ingress, ensure that `config.server.publicBaseUrl` setting for
+# Kibana is also set, as it is required when exposing Kibana behind a load balancer/ingress.
+# Also of note are `server.basePath`, and `server.rewriteBasePath` settings in the Kibana configuration.
+#
+# ref: https://www.elastic.co/guide/en/kibana/current/settings.html
+#
+# Each Cloud Service Provider has different requirements for setting up Ingress. Some links to common documentation are:
+# - AWS: https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
+# - GCP: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
+# - Azure: https://learn.microsoft.com/en-us/azure/aks/app-routing
+# - Nginx: https://kubernetes.github.io/ingress-nginx/
+#
+ingress:
+ enabled: false
+
+ # Annotations that will be applied to the Ingress resource. Note that some ingress controllers are controlled via annotations.
+ #
+ # Nginx Annotations: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
+ #
+ # Common annotations:
+ # kubernetes.io/ingress.class: gce # Configures the Ingress resource to use the GCE ingress controller and create an external Application Load Balancer.
+ # kubernetes.io/ingress.class: gce-internal # Configures the Ingress resource to use the GCE ingress controller and create an internal Application Load Balancer.
+ # kubernetes.io/ingress.class: nginx # Configures the Ingress resource to use the NGINX ingress controller.
+ #
+ annotations: {}
+
+ # Labels that will be applied to the Ingress resource.
+ #
+ labels: {}
+
+ # Some ingress controllers require the use of a specific class name to route traffic to the correct controller, notably AKS and EKS, which
+ # replaces the use of the 'kubernetes.io/ingress.class' annotation.
+ #
+ # className: webapprouting.kubernetes.azure.com | alb
+
+ # Ingress paths are required to have a corresponding path type. Defaults to 'Prefix'.
+ #
+ # There are 3 supported path types:
+ # - ImplementationSpecific
+ # - Prefix
+ # - Exact
+ #
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types
+ #
+ pathType: Prefix
+
+ # Hosts are a list of hosts included in the Ingress definition, with a corresponding path at which the Kibana service
+ # will be exposed. Each host in the list should be a fully qualified DNS name that will resolve to the exposed Ingress object.
+ #
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#name-based-virtual-hosting
+ #
+ hosts:
+ - host: chart-example.local
+ path: /
+
+ # TLS defines whether TLS will be enabled on the Ingress resource.
+ #
+ # *NOTE* Many Cloud Service Providers handle TLS in a custom manner, and as such, it is recommended to consult their documentation.
+ # Notably GKE and Nginx Ingress Controllers seems to respect the Ingress TLS settings, AKS and EKS ignore it.
+ #
+ # - AKS: https://learn.microsoft.com/en-us/azure/aks/app-routing-dns-ssl
+ # - GKE: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#options_for_providing_ssl_certificates
+ # - EKS: https://aws.amazon.com/blogs/containers/serve-distinct-domains-with-tls-powered-by-acm-on-amazon-eks/
+ # - Nginx: https://kubernetes.github.io/ingress-nginx/user-guide/tls/
+ #
+ # Kubernetes ingress TLS documentation:
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+ #
+ tls:
+ enabled: false
+ # Optional Kubernetes secret name that contains a base64 encoded PEM certificate and private key that corresponds to the above 'hosts' definitions.
+ # If tls is enabled, but this field is not set, the self-signed certificate and key created by the ECK operator will be used.
+ # secretName: chart-example-tls
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/.helmignore b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/Chart.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/Chart.yaml
new file mode 100644
index 00000000..4a6f75eb
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Logstash managed by the ECK operator
+icon: https://helm.elastic.co/icons/logstash.png
+kubeVersion: '>= 1.21.0-0'
+name: eck-logstash
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/logstash
+type: application
+version: 0.16.0
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/LICENSE b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/basic-eck.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/basic-eck.yaml
new file mode 100644
index 00000000..170b9a8c
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/basic-eck.yaml
@@ -0,0 +1,44 @@
+---
+# values corresponding to config/recipes/logstash/logstash-eck.yaml
+version: 9.1.0
+
+elasticsearchRefs:
+ - clusterName: eck
+ name: elasticsearch
+
+pipelines:
+ - pipeline.id: main
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+
+services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/es-role.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/es-role.yaml
new file mode 100644
index 00000000..f8ed1f86
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/es-role.yaml
@@ -0,0 +1,25 @@
+---
+# values corresponding to config/recipes/logstash/logstash-es-role.yaml
+version: 9.1.0
+
+elasticsearchRefs:
+ - clusterName: eck
+ name: elasticsearch
+
+pipelines:
+ - pipeline.id: main
+ config.string: |
+ input { exec { command => "uptime" interval => 10 } }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ ssl_enabled => true
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ index => "my-index"
+ data_stream => false
+ ilm_enabled => false
+ manage_template => false
+ }
+ }
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/monitored.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/monitored.yaml
new file mode 100644
index 00000000..2cc98e12
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/monitored.yaml
@@ -0,0 +1,49 @@
+---
+# values corresponding to config/recipes/logstash/logstash-monitored.yaml
+version: 9.1.0
+
+monitoring:
+ metrics:
+ elasticsearchRefs:
+ - name: elasticsearch-monitoring
+
+pipelines:
+ - pipeline.id: main
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+
+elasticsearchRefs:
+ - clusterName: eck
+ name: elasticsearch
+
+services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/multi.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/multi.yaml
new file mode 100644
index 00000000..7fe2a7bc
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/multi.yaml
@@ -0,0 +1,78 @@
+---
+# values corresponding to config/recipes/logstash/logstash-multi.yaml
+version: 9.1.0
+
+pipelines:
+ - pipeline.id: main
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ pipeline {
+ send_to => 'prod'
+ }
+ pipeline {
+ send_to => 'qa'
+ }
+ }
+ - pipeline.id: production
+ config.string: |
+ input {
+ pipeline {
+ address => 'prod'
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${PROD_ES_ES_HOSTS}" ]
+ user => "${PROD_ES_ES_USER}"
+ password => "${PROD_ES_ES_PASSWORD}"
+ ssl_certificate_authorities => "${PROD_ES_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+ - pipeline.id: qa
+ config.string: |
+ input {
+ pipeline {
+ address => 'qa'
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${QA_ES_ES_HOSTS}" ]
+ user => "${QA_ES_ES_USER}"
+ password => "${QA_ES_ES_PASSWORD}"
+ ssl_certificate_authorities => "${QA_ES_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+
+elasticsearchRefs:
+ - clusterName: prod-es
+ name: production
+ - clusterName: qa-es
+ name: qa
+ namespace: qa
+
+services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
+
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/volumes.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/volumes.yaml
new file mode 100644
index 00000000..83e3dece
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/examples/volumes.yaml
@@ -0,0 +1,107 @@
+---
+# values corresponding to config/recipes/logstash/logstash-volumes.yaml
+version: 9.1.0
+
+config:
+ log.level: info
+ queue.type: persisted
+ path.queue: /usr/share/logstash/pq
+
+podTemplate:
+ spec:
+ containers:
+ - name: logstash
+ volumeMounts:
+ - mountPath: /usr/share/logstash/pq
+ name: pq
+ readOnly: false
+ - mountPath: /usr/share/logstash/dlq
+ name: dlq
+ readOnly: false
+
+pipelines:
+ - pipeline.id: dlq_read
+ dead_letter_queue.enable: false
+ config.string: |
+ input {
+ dead_letter_queue {
+ path => "/usr/share/logstash/dlq"
+ commit_offsets => true
+ pipeline_id => "beats"
+ clean_consumed => true
+ }
+ }
+ filter {
+ mutate {
+ remove_field => "[geoip][location]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+ - pipeline.id: beats
+ dead_letter_queue.enable: true
+ path.dead_letter_queue: /usr/share/logstash/dlq
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+
+volumeClaimTemplates:
+ - metadata:
+ name: pq
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Gi
+ - metadata:
+ name: dlq
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 5Gi
+
+
+elasticsearchRefs:
+ - clusterName: eck
+ name: elasticsearch
+
+services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
+
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/templates/NOTES.txt b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/templates/NOTES.txt
new file mode 100644
index 00000000..c2f255af
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Logstash status
+ $ kubectl get logstash {{ include "logstash.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Logstash pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l logstash.k8s.elastic.co/name={{ include "logstash.fullname" . }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/templates/_helpers.tpl b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/templates/_helpers.tpl
new file mode 100644
index 00000000..7efd669f
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "logstash.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "logstash.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "logstash.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "logstash.labels" -}}
+helm.sh/chart: {{ include "logstash.chart" . }}
+{{ include "logstash.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "logstash.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "logstash.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/templates/logstash.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/templates/logstash.yaml
new file mode 100644
index 00000000..8ba52ef6
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/templates/logstash.yaml
@@ -0,0 +1,58 @@
+---
+apiVersion: logstash.k8s.elastic.co/v1alpha1
+kind: Logstash
+metadata:
+ name: {{ include "logstash.fullname" . }}
+ labels:
+ {{- include "logstash.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "A Logstash version is required" .Values.version }}
+ count: {{ required "A pod count is required" .Values.count }}
+ {{- with .Values.image }}
+ image: {{ . }}
+ {{- end }}
+ {{- with .Values.serviceAccountName }}
+ serviceAccountName: {{ . }}
+ {{- end }}
+ {{- with .Values.revisionHistoryLimit }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+
+ {{- if and .Values.config .Values.configRef }}
+ {{- fail "config and configRef are mutually exclusive!" }}
+ {{- end }}
+ {{- with .Values.config }}
+ config:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.configRef }}
+ configRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.podTemplate }}
+ podTemplate:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.monitoring }}
+ monitoring:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if and .Values.pipelines .Values.pipelinesRef }}
+ {{- fail "pipelines and pipelinesRef are mutually exclusive!" }}
+ {{- end }}
+ {{- with .Values.pipelinesRef }}
+ pipelinesRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if .Values.pipelines }}
+ pipelines: {{ toYaml .Values.pipelines | nindent 4 }}
+ {{- end }}
+ volumeClaimTemplates: {{ toYaml .Values.volumeClaimTemplates | nindent 4 }}
+ elasticsearchRefs: {{ toYaml .Values.elasticsearchRefs | nindent 4 }}
+ services: {{ toYaml .Values.services | nindent 4 }}
+ secureSettings: {{ toYaml .Values.secureSettings | nindent 4 }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/values.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/values.yaml
new file mode 100644
index 00000000..8be00932
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/charts/eck-logstash/values.yaml
@@ -0,0 +1,115 @@
+---
+# Default values for eck-logstash.
+# This is a YAML-formatted file.
+
+# Overridable names of the Logstash resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-logstash'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Logstash resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Logstash.
+#
+version: 9.1.0
+
+# Logstash Docker image to deploy
+#
+# image:
+
+# Used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace.
+# Can only be used if ECK is enforcing RBAC on references.
+#
+# serviceAccountName: ""
+
+# Labels that will be applied to Logstash.
+#
+labels: {}
+
+# Annotations that will be applied to Logstash.
+#
+annotations: {}
+
+# Number of revisions to retain to allow rollback in the underlying StatefulSets.
+# By default, if not set, Kubernetes sets 10.
+#
+# revisionHistoryLimit: 2
+
+# Controlling the number of pods.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-scaling-logstash.html
+#
+count: 1
+
+# The logstash configuration, the ECK equivalent to logstash.yml
+#
+# NOTE: The `config` and `configRef` fields are mutually exclusive. Only one of them should be defined at a time,
+# as using both may cause conflicts.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-logstash-configuring-logstash
+#
+config: {}
+
+# Reference a configuration in a Secret.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-logstash-configuring-logstash
+#
+# configRef:
+# secretName: ''
+
+# Set podTemplate to customize the pod used by Logstash
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-customize-pods.html
+#
+podTemplate: {}
+
+# Settings for configuring stack monitoring.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html
+#
+monitoring: {}
+ # metrics:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+ # logs:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+
+# The Logstash pipelines, the ECK equivalent to pipelines.yml
+#
+# NOTE: The `pipelines` and `pipelinesRef` fields are mutually exclusive. Only one of them should be defined at a time,
+# as using both may cause conflicts.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-logstash-pipelines
+#
+pipelines: []
+
+# Reference a pipelines configuration in a Secret.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-logstash-pipelines
+#
+# pipelinesRef:
+# secretName: ''
+
+# volumeClaimTemplates
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-volume-claim-settings
+#
+volumeClaimTemplates: []
+
+# ElasticsearchRefs are references to Elasticsearch clusters running in the same Kubernetes cluster.
+# Ensure that the 'clusterName' field matches what is referenced in the pipeline.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-logstash-pipelines-es
+#
+elasticsearchRefs: []
+# - namespace: ''
+# name: ''
+# clusterName: ''
+# serviceName: ''
+# secretName: ''
+
+services: []
+
+# SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Logstash
+secureSettings: []
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/agent/fleet-agents.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/agent/fleet-agents.yaml
new file mode 100644
index 00000000..4358b6f6
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/agent/fleet-agents.yaml
@@ -0,0 +1,122 @@
+---
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ # Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: elasticsearch
+
+ config:
+ # Note that these are specific to the namespace into which this example is installed, and are
+ # using `elastic-stack` as configured here and detailed in the README when installing:
+ #
+ # `helm install es-kb-quickstart elastic/eck-stack -n elastic-stack`
+ #
+ # If installed outside of the `elastic-stack` namespace, the following 2 lines need modification.
+ xpack.fleet.agents.elasticsearch.hosts: ["https://elasticsearch-es-http.elastic-stack.svc:9200"]
+ xpack.fleet.agents.fleet_server.hosts: ["https://fleet-server-agent-http.elastic-stack.svc:8220"]
+ xpack.fleet.packages:
+ - name: system
+ version: latest
+ - name: elastic_agent
+ version: latest
+ - name: fleet_server
+ version: latest
+ - name: kubernetes
+ version: latest
+ xpack.fleet.agentPolicies:
+ - name: Fleet Server on ECK policy
+ id: eck-fleet-server
+ namespace: default
+ is_managed: true
+ monitoring_enabled:
+ - logs
+ - metrics
+ package_policies:
+ - name: fleet_server-1
+ id: fleet_server-1
+ package:
+ name: fleet_server
+ - name: Elastic Agent on ECK policy
+ id: eck-agent
+ namespace: default
+ is_managed: true
+ monitoring_enabled:
+ - logs
+ - metrics
+ unenroll_timeout: 900
+ package_policies:
+ - package:
+ name: system
+ name: system-1
+ - package:
+ name: kubernetes
+ name: kubernetes-1
+
+eck-agent:
+ enabled: true
+
+ # Agent policy to be used.
+ policyID: eck-agent
+ # Reference to ECK-managed Kibana instance.
+ #
+ kibanaRef:
+ name: kibana
+ elasticsearchRefs: []
+ # Reference to ECK-managed Fleet instance.
+ #
+ fleetServerRef:
+ name: fleet-server
+
+ mode: fleet
+ daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: elastic-agent
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ automountServiceAccountToken: true
+ securityContext:
+ runAsUser: 0
+
+eck-fleet-server:
+ enabled: true
+
+ fullnameOverride: "fleet-server"
+
+ deployment:
+ replicas: 1
+ podTemplate:
+ spec:
+ serviceAccountName: fleet-server
+ automountServiceAccountToken: true
+
+ # Agent policy to be used.
+ policyID: eck-fleet-server
+ kibanaRef:
+ name: kibana
+ elasticsearchRefs:
+ - name: elasticsearch
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/apm-server/basic.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/apm-server/basic.yaml
new file mode 100644
index 00000000..227b5825
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/apm-server/basic.yaml
@@ -0,0 +1,52 @@
+---
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ spec:
+ config:
+ xpack.fleet.packages:
+ - name: apm
+ version: latest
+
+eck-apm-server:
+ enabled: true
+
+ # Count of APM Server replicas to create.
+ #
+ count: 1
+
+ # Reference to ECK-managed Elasticsearch resource.
+ #
+ elasticsearchRef:
+ name: elasticsearch
+ kibanaRef:
+ name: kibana
+ http:
+ service:
+ spec:
+ ports:
+ - name: http
+ port: 8200
+ targetPort: 8200
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/apm-server/jaeger-with-http-configuration.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/apm-server/jaeger-with-http-configuration.yaml
new file mode 100644
index 00000000..b694955f
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/apm-server/jaeger-with-http-configuration.yaml
@@ -0,0 +1,60 @@
+---
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ spec:
+ config:
+ xpack.fleet.packages:
+ - name: apm
+ version: latest
+
+eck-apm-server:
+ enabled: true
+
+ # Count of APM Server replicas to create.
+ #
+ count: 1
+
+ config:
+ name: elastic-apm
+ apm-server.jaeger.grpc.enabled: true
+ apm-server.jaeger.grpc.host: "0.0.0.0:14250"
+
+ # Reference to ECK-managed Elasticsearch resource.
+ #
+ elasticsearchRef:
+ name: elasticsearch
+ kibanaRef:
+ name: kibana
+ http:
+ service:
+ spec:
+ ports:
+ - name: http
+ port: 8200
+ targetPort: 8200
+ - name: grpc
+ port: 14250
+ targetPort: 14250
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/beats/metricbeat_hosts.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/beats/metricbeat_hosts.yaml
new file mode 100644
index 00000000..6ef637ea
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/beats/metricbeat_hosts.yaml
@@ -0,0 +1,217 @@
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch resource.
+ #
+ fullnameOverride: quickstart
+
+ # Version of Elasticsearch.
+ #
+ version: 9.1.0
+
+ nodeSets:
+ - name: default
+ count: 3
+ config:
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 100Gi
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana resource.
+ #
+ fullnameOverride: quickstart
+
+ # Version of Kibana.
+ #
+ version: 9.1.0
+
+ spec:
+ # Count of Kibana replicas to create.
+ #
+ count: 1
+
+ # Reference to ECK-managed Elasticsearch resource, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: quickstart
+
+eck-beats:
+ enabled: true
+ name: metricbeat
+ type: metricbeat
+ version: 9.1.0
+ elasticsearchRef:
+ name: quickstart
+ kibanaRef:
+ name: quickstart
+ config:
+ # Since filebeat is used in the default values, this needs to be removed with an empty list.
+ filebeat.inputs: []
+ metricbeat:
+ autodiscover:
+ providers:
+ - hints:
+ default_config: {}
+ enabled: "true"
+ node: ${NODE_NAME}
+ type: kubernetes
+ modules:
+ - module: system
+ period: 10s
+ metricsets:
+ - cpu
+ - load
+ - memory
+ - network
+ - process
+ - process_summary
+ process:
+ include_top_n:
+ by_cpu: 5
+ by_memory: 5
+ processes:
+ - .*
+ - module: system
+ period: 1m
+ metricsets:
+ - filesystem
+ - fsstat
+ processors:
+ - drop_event:
+ when:
+ regexp:
+ system:
+ filesystem:
+ mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib)($|/)
+ - module: kubernetes
+ period: 10s
+ node: ${NODE_NAME}
+ hosts:
+ - https://${NODE_NAME}:10250
+ bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+ ssl:
+ verification_mode: none
+ metricsets:
+ - node
+ - system
+ - pod
+ - container
+ - volume
+ processors:
+ - add_cloud_metadata: {}
+ - add_host_metadata: {}
+ daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: metricbeat
+ automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
+ containers:
+ - args:
+ - -e
+ - -c
+ - /etc/beat.yml
+ - --system.hostfs=/hostfs
+ name: metricbeat
+ volumeMounts:
+ - mountPath: /hostfs/sys/fs/cgroup
+ name: cgroup
+ - mountPath: /var/run/docker.sock
+ name: dockersock
+ - mountPath: /hostfs/proc
+ name: proc
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true # Allows to provide richer host metadata
+ securityContext:
+ runAsUser: 0
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - hostPath:
+ path: /sys/fs/cgroup
+ name: cgroup
+ - hostPath:
+ path: /var/run/docker.sock
+ name: dockersock
+ - hostPath:
+ path: /proc
+ name: proc
+
+ clusterRole:
+ # permissions needed for metricbeat
+ # source: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-kubernetes.html
+ name: metricbeat
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ - namespaces
+ - events
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - "extensions"
+ resources:
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ - deployments
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - nodes/stats
+ verbs:
+ - get
+ - nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+
+ serviceAccount:
+ name: metricbeat
+
+ clusterRoleBinding:
+ name: metricbeat
+ subjects:
+ - kind: ServiceAccount
+ name: metricbeat
+ roleRef:
+ kind: ClusterRole
+ name: metricbeat
+ apiGroup: rbac.authorization.k8s.io
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/custom-elasticsearch-kibana.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/custom-elasticsearch-kibana.yaml
new file mode 100644
index 00000000..74f625de
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/custom-elasticsearch-kibana.yaml
@@ -0,0 +1,78 @@
+---
+eck-elasticsearch:
+ # Name of the Elasticsearch resource.
+ #
+ fullnameOverride: quickstart
+
+ # Version of Elasticsearch.
+ #
+ version: 9.1.0
+
+ nodeSets:
+ - name: default
+ count: 1
+ config:
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 100Gi
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+
+eck-kibana:
+ # Name of the Kibana resource.
+ #
+ fullnameOverride: quickstart
+
+ # Version of Kibana.
+ #
+ version: 9.1.0
+
+ spec:
+ # Count of Kibana replicas to create.
+ #
+ count: 1
+
+ # Reference to ECK-managed Elasticsearch resource, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: quickstart
+ # namespace: default
+ http:
+ service:
+ spec:
+ # Type of service to deploy for Kibana.
+ # This deploys a load balancer in a cloud service provider, where supported.
+ #
+ type: LoadBalancer
+ # tls:
+ # selfSignedCertificate:
+ # subjectAltNames:
+ # - ip: 1.2.3.4
+ # - dns: kibana.example.com
+ podTemplate:
+ spec:
+ containers:
+ - name: kibana
+ env:
+ - name: NODE_OPTIONS
+ value: "--max-old-space-size=2048"
+ resources:
+ requests:
+ memory: 1Gi
+ cpu: 0.5
+ limits:
+ memory: 2.5Gi
+ cpu: 2
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/elasticsearch/hot-warm-cold.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/elasticsearch/hot-warm-cold.yaml
new file mode 100644
index 00000000..919cb4c7
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/elasticsearch/hot-warm-cold.yaml
@@ -0,0 +1,199 @@
+---
+eck-elasticsearch:
+ nodeSets:
+ - name: masters
+ count: 1
+ config:
+ node.roles: ["master"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 8Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highio
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+ - name: hot
+ count: 1
+ config:
+ node.roles: ["data_hot", "data_content", "ingest"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 16Gi
+ cpu: 4
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highio
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+ - name: warm
+ count: 1
+ config:
+ node.roles: ["data_warm"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 16Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highstorage
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+ - name: cold
+ count: 1
+ config:
+ node.roles: ["data_cold"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 8Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highstorage
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 20Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/elasticsearch/ingress/elasticsearch-ingress-gke.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/elasticsearch/ingress/elasticsearch-ingress-gke.yaml
new file mode 100644
index 00000000..0ca2e8a5
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/elasticsearch/ingress/elasticsearch-ingress-gke.yaml
@@ -0,0 +1,40 @@
+# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in a GKE cluster.
+# Additional examples of exposing Elasticsearch with Ingress resources can be found in the following location:
+# https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-stack/charts/eck-elasticsearch/examples/ingress
+#
+eck-elasticsearch:
+ enabled: true
+
+ ingress:
+ enabled: true
+ annotations:
+ my: annotation
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "elasticsearch.company.dev"
+ path: "/"
+ http:
+ service:
+ metadata:
+ annotations:
+ # This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters.
+ cloud.google.com/neg: '{"ingress": true}'
+ # This is required to enable the GKE Ingress Controller to use HTTPS as the backend protocol.
+ cloud.google.com/app-protocols: '{"https":"HTTPS"}'
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+ # Enable anonymous access to allow GCLB health probes to succeed
+ xpack.security.authc:
+ anonymous:
+ username: anon
+ roles: monitoring_user
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/enterprise-search/basic.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/enterprise-search/basic.yaml
new file mode 100644
index 00000000..aeb61b06
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/enterprise-search/basic.yaml
@@ -0,0 +1,42 @@
+---
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ elasticsearchRef:
+ name: elasticsearch
+
+ spec:
+ enterpriseSearchRef:
+ name: enterprise-search
+
+eck-enterprise-search:
+ enabled: true
+
+ # Name of the Enterprise Search instance.
+ #
+ fullnameOverride: enterprise-search
+
+ elasticsearchRef:
+ name: elasticsearch
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/enterprise-search/with-custom-configuration.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/enterprise-search/with-custom-configuration.yaml
new file mode 100644
index 00000000..a7c3ad49
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/enterprise-search/with-custom-configuration.yaml
@@ -0,0 +1,52 @@
+---
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ elasticsearchRef:
+ name: elasticsearch
+
+ spec:
+ enterpriseSearchRef:
+ name: enterprise-search
+
+eck-enterprise-search:
+ enabled: true
+
+ # Name of the Enterprise Search instance.
+ #
+ fullnameOverride: enterprise-search
+
+ config:
+ # configure app search document size limit
+ app_search.engine.document_size.limit: 100kb
+
+ http:
+ service:
+ metadata:
+ labels:
+ my-custom: label
+
+ elasticsearchRef:
+ name: elasticsearch
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/kibana/http-configuration.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/kibana/http-configuration.yaml
new file mode 100644
index 00000000..d8a4831d
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/kibana/http-configuration.yaml
@@ -0,0 +1,23 @@
+---
+eck-kibana:
+ # Count of Kibana replicas to create.
+ #
+ count: 1
+
+ # Reference to ECK-managed Elasticsearch resource, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: es-quickstart-eck-elasticsearch
+ # namespace: default
+ http:
+ service:
+ spec:
+ # Type of service to deploy for Kibana.
+ # This deploys a load balancer in a cloud service provider, where supported.
+ #
+ type: LoadBalancer
+ # tls:
+ # selfSignedCertificate:
+ # subjectAltNames:
+ # - ip: 1.2.3.4
+ # - dns: kibana.example.com
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/kibana/ingress/kibana-gke.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/kibana/ingress/kibana-gke.yaml
new file mode 100644
index 00000000..4aa1dc06
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/kibana/ingress/kibana-gke.yaml
@@ -0,0 +1,80 @@
+# The following is an example of a Kibana resource that is configured to use an Ingress resource in a GKE cluster.
+# Additional examples of exposing Kibana with Ingress resources can be found in the following location:
+# https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-stack/charts/eck-kibana/examples/ingress
+#
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ ingress:
+ enabled: true
+ annotations:
+ my: annotation
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "elasticsearch.company.dev"
+ path: "/"
+ tls:
+ enabled: true
+
+ http:
+ service:
+ metadata:
+ annotations:
+ # This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters.
+ cloud.google.com/neg: '{"ingress": true}'
+ cloud.google.com/app-protocols: '{"https":"HTTPS"}'
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+ # Enable anonymous access to allow GCLB health probes to succeed
+ xpack.security.authc:
+ anonymous:
+ username: anon
+ roles: monitoring_user
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ # Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: elasticsearch
+
+ config:
+ server:
+ publicBaseUrl: "https://kibana.company.dev"
+
+ http:
+ service:
+ metadata:
+ annotations:
+ # This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters.
+ cloud.google.com/neg: '{"ingress": true}'
+ cloud.google.com/app-protocols: '{"https":"HTTPS"}'
+
+ ingress:
+ enabled: true
+ pathType: Prefix
+ hosts:
+ - host: "kibana.company.dev"
+ path: "/"
+ tls:
+ enabled: true
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/examples/logstash/basic-eck.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/logstash/basic-eck.yaml
new file mode 100644
index 00000000..38255b0a
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/examples/logstash/basic-eck.yaml
@@ -0,0 +1,112 @@
+---
+eck-elasticsearch:
+ nodeSets:
+ - name: default
+ count: 3
+ config:
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ memory: 2Gi
+eck-kibana:
+ enabled: true
+ spec:
+ count: 1
+ elasticsearchRef:
+ name: elasticsearch
+eck-beats:
+ enabled: true
+ deployment:
+ podTemplate:
+ spec:
+ automountServiceAccountToken: true
+ initContainers:
+ - name: download-tutorial
+ image: curlimages/curl
+ command: ["/bin/sh"]
+ args: ["-c", "curl -L https://download.elastic.co/demos/logstash/gettingstarted/logstash-tutorial.log.gz | gunzip -c > /data/logstash-tutorial.log"]
+ volumeMounts:
+ - name: data
+ mountPath: /data
+ containers:
+ - name: filebeat
+ securityContext:
+ runAsUser: 1000
+ volumeMounts:
+ - name: data
+ mountPath: /data
+ - name: beat-data
+ mountPath: /usr/share/filebeat/data
+ volumes:
+ - name: data
+ emptydir: {}
+ - name: beat-data
+ emptydir: {}
+ type: filebeat
+ config:
+ filebeat.inputs:
+ - type: log
+ paths:
+ - /data/logstash-tutorial.log
+ processors:
+ - add_host_metadata: {}
+ - add_cloud_metadata: {}
+ output.logstash:
+ # This needs to be {{logstash-name}}-ls-beats:5044
+ hosts: ["logstash-ls-beats-ls-beats:5044"]
+eck-logstash:
+ enabled: true
+ # This is required to be able to set the logstash
+ # output of beats in a consistent manner.
+ fullnameOverride: "logstash-ls-beats"
+ elasticsearchRefs:
+ # This clusterName is required to match the environment variables
+ # used in the below config.string output section.
+ - clusterName: eck
+ name: elasticsearch
+ pipelines:
+ - pipeline.id: main
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+ services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/templates/NOTES.txt b/packs/elastic-stack-0.16.0/charts/eck-stack/templates/NOTES.txt
new file mode 100644
index 00000000..65cdae60
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/templates/NOTES.txt
@@ -0,0 +1,10 @@
+Elasticsearch ECK-Stack {{ .Chart.Version }} has been deployed successfully!
+
+To see status of all resources, run
+
+kubectl get elastic -n {{ .Release.Namespace }} -l "app.kubernetes.io/instance"={{ .Release.Name }}
+
+More information on the Elastic ECK Operator, and its Helm chart can be found
+within our documentation.
+
+https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/templates/_helpers.tpl b/packs/elastic-stack-0.16.0/charts/eck-stack/templates/_helpers.tpl
new file mode 100644
index 00000000..cef61bdb
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/templates/_helpers.tpl
@@ -0,0 +1,48 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "eck-stack.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "eck-stack.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "eck-stack.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "eck-stack.labels" -}}
+helm.sh/chart: {{ include "eck-stack.chart" . }}
+{{ include "eck-stack.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "eck-stack.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "eck-stack.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.16.0/charts/eck-stack/values.yaml b/packs/elastic-stack-0.16.0/charts/eck-stack/values.yaml
new file mode 100644
index 00000000..5d504211
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/charts/eck-stack/values.yaml
@@ -0,0 +1,50 @@
+---
+# Default values for eck-stack.
+# This is a YAML-formatted file.
+
+# If enabled, will use the eck-elasticsearch chart and deploy an Elasticsearch resource.
+#
+eck-elasticsearch:
+ enabled: true
+ # This is adjusting the full name of the elasticsearch resource so that both the eck-elasticsearch
+ # and the eck-kibana chart work together by default in the eck-stack chart.
+ fullnameOverride: elasticsearch
+
+# If enabled, will use the eck-kibana chart and deploy a Kibana resource.
+#
+eck-kibana:
+ enabled: true
+ # This is also adjusting the kibana reference to the elasticsearch resource named previously so that
+ # both the eck-elasticsearch and the eck-kibana chart work together by default in the eck-stack chart.
+ elasticsearchRef:
+ name: elasticsearch
+
+# If enabled, will use the eck-agent chart and deploy an Elastic Agent instance.
+#
+eck-agent:
+ enabled: false
+
+# If enabled, will use the eck-fleet-server chart and deploy a Fleet Server resource.
+#
+eck-fleet-server:
+ enabled: false
+
+# If enabled, will use the eck-beats chart and deploy a Beats resource.
+#
+eck-beats:
+ enabled: false
+
+# If enabled, will use the eck-logstash chart and deploy a Logstash resource.
+#
+eck-logstash:
+ enabled: false
+
+# If enabled, will use the eck-apm-server chart and deploy a standalone APM Server resource.
+#
+eck-apm-server:
+ enabled: false
+
+# If enabled, will use the eck-enterprise-search chart and deploy a Enterprise Search resource.
+#
+eck-enterprise-search:
+ enabled: false
diff --git a/packs/elastic-stack-0.16.0/logo.png b/packs/elastic-stack-0.16.0/logo.png
new file mode 100644
index 00000000..fa70b78d
Binary files /dev/null and b/packs/elastic-stack-0.16.0/logo.png differ
diff --git a/packs/elastic-stack-0.16.0/pack.json b/packs/elastic-stack-0.16.0/pack.json
new file mode 100644
index 00000000..707f9c50
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/pack.json
@@ -0,0 +1,36 @@
+{
+ "addonType": "logging",
+ "annotations": {
+ "commit_msg": "Elastic Cloud on Kubernetes (ECK) Stack",
+ "source": "community",
+ "contributor" : "spectrocloud"
+ },
+ "charts": [
+ "charts/eck-stack-0.16.0.tgz"
+ ],
+ "cloudTypes": [
+ "all"
+ ],
+ "displayName": "ECK Stack",
+ "layer":"addon",
+ "name": "elastic-stack",
+ "version": "0.16.0",
+ "constraints": {
+ "dependencies": [
+ {
+ "packName": "elastic-operator",
+ "minVersion": "3.1.0",
+ "maxVersion": "",
+ "layer": "addon",
+ "type": "required"
+ },
+ {
+ "packName": "kubernetes",
+ "layer": "k8s",
+ "minVersion": "1.27",
+ "maxVersion": "",
+ "type": "optional"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/packs/elastic-stack-0.16.0/presets.yaml b/packs/elastic-stack-0.16.0/presets.yaml
new file mode 100644
index 00000000..0c8956ea
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/presets.yaml
@@ -0,0 +1,260 @@
+presets:
+ - name: "Fleet agents"
+ displayName: "Fleet agents with Elasticsearch and Kibana"
+ group: "OOB Examples"
+ remove:
+ - "charts.elasticsearch"
+ - "charts.eck-kibana"
+ - "charts.eck-agent"
+ - "charts.eck-fleet-server"
+ add: |
+ charts:
+ eck-stack:
+ eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+ eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ spec:
+ # Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: elasticsearch
+
+ config:
+ # Note that these are specific to the namespace into which this example is installed, and are
+ # using `elastic-stack` as configured here and detailed in the README when installing:
+ #
+ # `helm install es-kb-quickstart elastic/eck-stack -n elastic-stack`
+ #
+ # If installed outside of the `elastic-stack` namespace, the following 2 lines need modification.
+ xpack.fleet.agents.elasticsearch.hosts: ["https://elasticsearch-es-http.elastic-stack.svc:9200"]
+ xpack.fleet.agents.fleet_server.hosts: ["https://fleet-server-agent-http.elastic-stack.svc:8220"]
+ xpack.fleet.packages:
+ - name: system
+ version: latest
+ - name: elastic_agent
+ version: latest
+ - name: fleet_server
+ version: latest
+ - name: kubernetes
+ version: latest
+ xpack.fleet.agentPolicies:
+ - name: Fleet Server on ECK policy
+ id: eck-fleet-server
+ namespace: default
+ monitoring_enabled:
+ - logs
+ - metrics
+ package_policies:
+ - name: fleet_server-1
+ id: fleet_server-1
+ package:
+ name: fleet_server
+ - name: Elastic Agent on ECK policy
+ id: eck-agent
+ namespace: default
+ monitoring_enabled:
+ - logs
+ - metrics
+ unenroll_timeout: 900
+ package_policies:
+ - package:
+ name: system
+ name: system-1
+ - package:
+ name: kubernetes
+ name: kubernetes-1
+
+ eck-agent:
+ enabled: true
+
+ spec:
+ # Agent policy to be used.
+ policyID: eck-agent
+ # Reference to ECK-managed Kibana instance.
+ #
+ kibanaRef:
+ name: kibana
+
+ elasticsearchRefs: []
+
+ # Reference to ECK-managed Fleet instance.
+ #
+ fleetServerRef:
+ name: fleet-server
+
+ mode: fleet
+
+ daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: elastic-agent
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ automountServiceAccountToken: true
+ securityContext:
+ runAsUser: 0
+
+ eck-fleet-server:
+ enabled: true
+
+ fullnameOverride: "fleet-server"
+
+ spec:
+ # Agent policy to be used.
+ policyID: eck-fleet-server
+ kibanaRef:
+ name: kibana
+ elasticsearchRefs:
+ - name: elasticsearch
+
+
+ - name: "Logstash"
+ displayName: "Logstash with Elasticsearch, Kibana and Beats"
+ group: "OOB Examples"
+ remove:
+ - "charts.elasticsearch"
+ - "charts.eck-kibana"
+ - "charts.eck-beats"
+ - "charts.eck-logstash"
+ add: |
+ charts:
+ eck-stack:
+ eck-elasticsearch:
+ nodeSets:
+ - name: default
+ count: 3
+ config:
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ memory: 2Gi
+ eck-kibana:
+ enabled: true
+ spec:
+ count: 1
+ elasticsearchRef:
+ name: elasticsearch
+
+ # AIRGAP DEPLOYMENTS PLEASE NOTE:
+ # This preset curls logstash data from an external location.
+ # If you want to use this in airgap you will have to move it to a local file server and replace the curl endpoint below
+ eck-beats:
+ enabled: true
+ spec:
+ type: filebeat
+ daemonSet: null
+ config:
+ filebeat.inputs:
+ - type: filestream
+ paths:
+ - /data/logstash-tutorial.log
+ processors:
+ - add_host_metadata: {}
+ - add_cloud_metadata: {}
+ output.logstash:
+ # This needs to be {{logstash-name}}-ls-beats:5044
+ hosts: ["logstash-ls-beats-ls-beats:5044"]
+ deployment:
+ podTemplate:
+ spec:
+ automountServiceAccountToken: true
+ initContainers:
+ - name: download-tutorial
+ image: curlimages/curl
+ command: ["/bin/sh"]
+ args: ["-c", "curl -L https://download.elastic.co/demos/logstash/gettingstarted/logstash-tutorial.log.gz | gunzip -c > /data/logstash-tutorial.log"]
+ volumeMounts:
+ - name: data
+ mountPath: /data
+ containers:
+ - name: filebeat
+ securityContext:
+ runAsUser: 1000
+ volumeMounts:
+ - name: data
+ mountPath: /data
+ - name: beat-data
+ mountPath: /usr/share/filebeat/data
+ volumes:
+ - name: data
+ emptydir: {}
+ - name: beat-data
+ emptydir: {}
+ eck-logstash:
+ enabled: true
+ # This is required to be able to set the logstash
+ # output of beats in a consistent manner.
+ fullnameOverride: "logstash-ls-beats"
+ elasticsearchRefs:
+ # This clusterName is required to match the environment variables
+ # used in the below config.string output section.
+ - clusterName: eck
+ name: elasticsearch
+ pipelines:
+ - pipeline.id: main
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+ services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
\ No newline at end of file
diff --git a/packs/elastic-stack-0.16.0/values.yaml b/packs/elastic-stack-0.16.0/values.yaml
new file mode 100644
index 00000000..e9f44a2d
--- /dev/null
+++ b/packs/elastic-stack-0.16.0/values.yaml
@@ -0,0 +1,71 @@
+# Default values for eck-elastic-operator
+# This is a YAML-formatted file
+pack:
+ content:
+ images:
+ - image: docker.elastic.co/kibana/kibana:9.1.0
+ - image: docker.elastic.co/elasticsearch/elasticsearch:9.1.0
+ - image: docker.elastic.co/logstash/logstash:9.1.0
+ - image: docker.elastic.co/beats/filebeat:9.1.0
+ - image: docker.io/curlimages/curl
+
+
+ charts:
+ - repo: https://helm.elastic.co/
+ name: eck-stack
+ version: 0.16.0
+ #The namespace (on the target cluster) to install this chart
+ #When not found, a new namespace will be created
+ namespace: "elastic-stack"
+
+charts:
+ eck-stack:
+ # Default values for eck-stack.
+ # This is a YAML-formatted file.
+
+ # If enabled, will use the eck-elasticsearch chart and deploy an Elasticsearch resource.
+ #
+ eck-elasticsearch:
+ enabled: true
+ # This is adjusting the full name of the elasticsearch resource so that both the eck-elasticsearch
+ # and the eck-kibana chart work together by default in the eck-stack chart.
+ fullnameOverride: elasticsearch
+
+ # If enabled, will use the eck-kibana chart and deploy a Kibana resource.
+ #
+ eck-kibana:
+ enabled: true
+ # This is also adjusting the kibana reference to the elasticsearch resource named previously so that
+ # both the eck-elasticsearch and the eck-kibana chart work together by default in the eck-stack chart.
+ elasticsearchRef:
+ name: elasticsearch
+
+ # If enabled, will use the eck-agent chart and deploy an Elastic Agent instance.
+ #
+ eck-agent:
+ enabled: false
+
+ # If enabled, will use the eck-fleet-server chart and deploy a Fleet Server resource.
+ #
+ eck-fleet-server:
+ enabled: false
+
+ # If enabled, will use the eck-beats chart and deploy a Beats resource.
+ #
+ eck-beats:
+ enabled: false
+
+ # If enabled, will use the eck-logstash chart and deploy a Logstash resource.
+ #
+ eck-logstash:
+ enabled: false
+
+ # If enabled, will use the eck-apm-server chart and deploy a standalone APM Server resource.
+ #
+ eck-apm-server:
+ enabled: false
+
+ # If enabled, will use the eck-enterprise-search chart and deploy a Enterprise Search resource.
+ #
+ eck-enterprise-search:
+ enabled: false
\ No newline at end of file
diff --git a/packs/elastic-stack-0.17.0/README.md b/packs/elastic-stack-0.17.0/README.md
new file mode 100644
index 00000000..e14e757b
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/README.md
@@ -0,0 +1,63 @@
+# Elastic Cloud on Kubernetes (ECK)
+
+Elastic Cloud on Kubernetes automates the deployment, provisioning, management, and orchestration of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes based on the operator pattern.
+
+Current features:
+
+* Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats deployments
+* TLS Certificates management
+* Safe Elasticsearch cluster configuration & topology changes
+* Persistent volumes usage
+* Custom node configuration and attributes
+* Secure settings keystore updates
+
+Supported versions:
+
+* Kubernetes 1.25-1.29
+* Elasticsearch, Kibana, APM Server: 6.8+, 7.1+, 8+, 9+
+* Enterprise Search: 7.7+, 8+
+* Beats: 7.0+, 8+, 9+
+* Elastic Agent: 7.10+ (standalone), 7.14+, 8+ (Fleet), 9+
+* Elastic Maps Server: 7.11+, 8+
+* Logstash 8.7+, 9+
+
+Check the [Quickstart](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html) to deploy your first cluster with ECK.
+
+For general questions, please see the Elastic [forums](https://discuss.elastic.co/c/eck).
+
+# ECK-Stack
+
+ECK Stack is a Helm chart to assist in the deployment of Elastic Stack components, which are
+managed by the [ECK Operator](https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html)
+
+## Supported Elastic Stack Resources
+
+The following Elastic Stack resources are currently supported.
+
+- Elasticsearch
+- Kibana
+- Elastic Agent
+- Fleet Server
+- Beats
+- Logstash
+- APM Server
+
+Additional resources will be supported in future releases of this Helm Chart.
+
+## Prerequisites
+
+- Kubernetes 1.27+
+- Elastic ECK Operator
+
+## Configuration
+
+The following table lists the configurable parameters of the eck-stack chart and their default values.
+
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
+| `eck-elasticsearch.enabled` | If `true`, create an Elasticsearch resource (using the eck-elasticsearch Chart) | `true` |
+| `eck-kibana.enabled` | If `true`, create a Kibana resource (using the eck-kibana Chart) | `true` |
+| `eck-agent.enabled` | If `true`, create an Elastic Agent resource (using the eck-agent Chart) | `false` |
+| `eck-fleet-server.enabled` | If `true`, create a Fleet Server resource (using the eck-fleet-server Chart) | `false` |
+| `eck-logstash.enabled` | If `true`, create a Logstash resource (using the eck-logstash Chart) | `false` |
+| `eck-apm-server.enabled` | If `true`, create a standalone Elastic APM Server resource (using the eck-apm-server Chart) | `false` |
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack-0.17.0.tgz b/packs/elastic-stack-0.17.0/charts/eck-stack-0.17.0.tgz
new file mode 100644
index 00000000..4c436ae0
Binary files /dev/null and b/packs/elastic-stack-0.17.0/charts/eck-stack-0.17.0.tgz differ
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/.helmignore b/packs/elastic-stack-0.17.0/charts/eck-stack/.helmignore
new file mode 100644
index 00000000..9e40bf01
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/.helmignore
@@ -0,0 +1,25 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
+charts/*/templates/tests
\ No newline at end of file
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/Chart.lock b/packs/elastic-stack-0.17.0/charts/eck-stack/Chart.lock
new file mode 100644
index 00000000..3d08499b
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/Chart.lock
@@ -0,0 +1,27 @@
+dependencies:
+- name: eck-elasticsearch
+ repository: ""
+ version: 0.17.0
+- name: eck-kibana
+ repository: ""
+ version: 0.17.0
+- name: eck-agent
+ repository: ""
+ version: 0.17.0
+- name: eck-fleet-server
+ repository: ""
+ version: 0.17.0
+- name: eck-beats
+ repository: ""
+ version: 0.17.0
+- name: eck-logstash
+ repository: ""
+ version: 0.17.0
+- name: eck-apm-server
+ repository: ""
+ version: 0.17.0
+- name: eck-enterprise-search
+ repository: ""
+ version: 0.17.0
+digest: sha256:6f4897978c04b920a6e9cfd47848e91ac44231f2ab1d12bd75532c08426ebcff
+generated: "2025-10-30T11:49:28.962352222Z"
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/Chart.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/Chart.yaml
new file mode 100644
index 00000000..d9b1336b
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/Chart.yaml
@@ -0,0 +1,39 @@
+apiVersion: v2
+dependencies:
+- condition: eck-elasticsearch.enabled
+ name: eck-elasticsearch
+ repository: ""
+ version: 0.17.0
+- condition: eck-kibana.enabled
+ name: eck-kibana
+ repository: ""
+ version: 0.17.0
+- condition: eck-agent.enabled
+ name: eck-agent
+ repository: ""
+ version: 0.17.0
+- condition: eck-fleet-server.enabled
+ name: eck-fleet-server
+ repository: ""
+ version: 0.17.0
+- condition: eck-beats.enabled
+ name: eck-beats
+ repository: ""
+ version: 0.17.0
+- condition: eck-logstash.enabled
+ name: eck-logstash
+ repository: ""
+ version: 0.17.0
+- condition: eck-apm-server.enabled
+ name: eck-apm-server
+ repository: ""
+ version: 0.17.0
+- condition: eck-enterprise-search.enabled
+ name: eck-enterprise-search
+ repository: ""
+ version: 0.17.0
+description: Elastic Stack managed by the ECK Operator
+kubeVersion: '>= 1.21.0-0'
+name: eck-stack
+type: application
+version: 0.17.0
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/README.md b/packs/elastic-stack-0.17.0/charts/eck-stack/README.md
new file mode 100644
index 00000000..f301bd12
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/README.md
@@ -0,0 +1,93 @@
+# ECK-Stack
+
+ECK Stack is a Helm chart to assist in the deployment of Elastic Stack components, which are
+managed by the [ECK Operator](https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html)
+
+## Supported Elastic Stack Resources
+
+The following Elastic Stack resources are currently supported.
+
+- Elasticsearch
+- Kibana
+- Elastic Agent
+- Fleet Server
+- Beats
+- Logstash
+- APM Server
+
+Additional resources will be supported in future releases of this Helm Chart.
+
+## Prerequisites
+
+- Kubernetes 1.21+
+- Elastic ECK Operator
+
+## Installing the Chart
+
+### Installing the ECK Operator
+
+Before using this chart, the Elastic ECK Operator is required to be installed within the Kubernetes cluster.
+Full installation instructions can be found within [our documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-installing-eck.html)
+
+To install the ECK Operator using Helm.
+
+```sh
+# Add the Elastic Helm Repository
+helm repo add elastic https://helm.elastic.co && helm repo update
+
+# Install the ECK Operator cluster-wide
+helm install elastic-operator elastic/eck-operator -n elastic-system --create-namespace
+```
+
+Additional ECK Operator Helm installation options can be found within [our documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html)
+
+### Installing the ECK Stack Chart
+
+The following will install the ECK-Stack chart using the default values, which will deploy an Elasticsearch [Quickstart Cluster](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-elasticsearch.html), and a Kibana [Quickstart Instance](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-kibana.html)
+
+```sh
+# Add the Elastic Helm Repository
+helm repo add elastic https://helm.elastic.co && helm repo update
+
+# Install the ECK-Stack helm chart
+# This will setup a 'quickstart' Elasticsearch and Kibana resource in the 'elastic-stack' namespace
+helm install my-release elastic/eck-stack -n elastic-stack --create-namespace
+```
+
+More information on the different ways to use the ECK Stack chart to deploy Elastic Stack resources
+can be found in [our documentation](https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html).
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment from the 'elastic-stack' namespace:
+
+```console
+helm delete my-release -n elastic-stack
+```
+
+The command removes all the Elastic Stack resources associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the eck-stack chart and their default values.
+
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
+| `eck-elasticsearch.enabled` | If `true`, create an Elasticsearch resource (using the eck-elasticsearch Chart) | `true` |
+| `eck-kibana.enabled` | If `true`, create a Kibana resource (using the eck-kibana Chart) | `true` |
+| `eck-agent.enabled` | If `true`, create an Elastic Agent resource (using the eck-agent Chart) | `false` |
+| `eck-fleet-server.enabled` | If `true`, create a Fleet Server resource (using the eck-fleet-server Chart) | `false` |
+| `eck-logstash.enabled` | If `true`, create a Logstash resource (using the eck-logstash Chart) | `false` |
+| `eck-apm-server.enabled` | If `true`, create a standalone Elastic APM Server resource (using the eck-apm-server Chart) | `false` |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+helm install my-release -f values.yaml .
+```
+
+## Contributing
+
+This chart is maintained at [github.com/elastic/cloud-on-k8s](https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-stack).
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/.helmignore b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/Chart.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/Chart.yaml
new file mode 100644
index 00000000..f399f1aa
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Elastic Agent managed by the ECK operator
+icon: https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt77c2da6e0198746e/620ac24e6662ca0a6f617114/icon-agent-32-color.svg
+kubeVersion: '>= 1.21.0-0'
+name: eck-agent
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/elastic-agent
+type: application
+version: 0.17.0
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/LICENSE b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/examples/fleet-agents.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/examples/fleet-agents.yaml
new file mode 100644
index 00000000..b5aebac5
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/examples/fleet-agents.yaml
@@ -0,0 +1,24 @@
+# The following example should only be used in conjunction with the 'eck-fleet-server' Helm Chart,
+# and shows how the Agents can be deployed as a daemonset, and controlled by Fleet Server.
+#
+version: 9.2.0
+
+# This must match the name of an Agent policy.
+policyID: eck-agent
+# This must match the name of the fleet server installed from eck-fleet-server chart.
+fleetServerRef:
+ name: eck-fleet-server
+kibanaRef:
+ name: eck-kibana
+mode: fleet
+# elasticsearchRefs must be empty when fleet mode is enabled.
+elasticsearchRefs: []
+daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: elastic-agent
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ automountServiceAccountToken: true
+ securityContext:
+ runAsUser: 0
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/examples/system-integration.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/examples/system-integration.yaml
new file mode 100644
index 00000000..010e47ca
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/examples/system-integration.yaml
@@ -0,0 +1,133 @@
+# The following example should only be used in Agent "standalone" mode,
+# and should not be used when Agent is used with Fleet Server.
+#
+version: 9.2.0
+elasticsearchRefs:
+- name: eck-elasticsearch
+daemonSet:
+ podTemplate:
+ spec:
+ containers:
+ - name: agent
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: agent-data
+ mountPath: /usr/share/elastic-agent/data/elastic-agent-08e204/run
+config:
+ id: 488e0b80-3634-11eb-8208-57893829af4e
+ revision: 2
+ agent:
+ monitoring:
+ enabled: true
+ use_output: default
+ logs: true
+ metrics: true
+ inputs:
+ - id: 4917ade0-3634-11eb-8208-57893829af4e
+ name: system-1
+ revision: 1
+ type: system/metrics
+ use_output: default
+ meta:
+ package:
+ name: system
+ version: 9.2.0
+ data_stream:
+ namespace: default
+ streams:
+ - id: system/metrics-system.cpu
+ data_stream:
+ dataset: system.cpu
+ type: metrics
+ metricsets:
+ - cpu
+ cpu.metrics:
+ - percentages
+ - normalized_percentages
+ period: 10s
+ - id: system/metrics-system.diskio
+ data_stream:
+ dataset: system.diskio
+ type: metrics
+ metricsets:
+ - diskio
+ diskio.include_devices: null
+ period: 10s
+ - id: system/metrics-system.filesystem
+ data_stream:
+ dataset: system.filesystem
+ type: metrics
+ metricsets:
+ - filesystem
+ period: 1m
+ processors:
+ - drop_event.when.regexp:
+ system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)
+ - id: system/metrics-system.fsstat
+ data_stream:
+ dataset: system.fsstat
+ type: metrics
+ metricsets:
+ - fsstat
+ period: 1m
+ processors:
+ - drop_event.when.regexp:
+ system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)
+ - id: system/metrics-system.load
+ data_stream:
+ dataset: system.load
+ type: metrics
+ metricsets:
+ - load
+ period: 10s
+ - id: system/metrics-system.memory
+ data_stream:
+ dataset: system.memory
+ type: metrics
+ metricsets:
+ - memory
+ period: 10s
+ - id: system/metrics-system.network
+ data_stream:
+ dataset: system.network
+ type: metrics
+ metricsets:
+ - network
+ period: 10s
+ network.interfaces: null
+ - id: system/metrics-system.process
+ data_stream:
+ dataset: system.process
+ type: metrics
+ metricsets:
+ - process
+ period: 10s
+ process.include_top_n.by_cpu: 5
+ process.include_top_n.by_memory: 5
+ process.cmdline.cache.enabled: true
+ process.cgroups.enabled: false
+ process.include_cpu_ticks: false
+ processes:
+ - .*
+ - id: system/metrics-system.process_summary
+ data_stream:
+ dataset: system.process_summary
+ type: metrics
+ metricsets:
+ - process_summary
+ period: 10s
+ - id: system/metrics-system.socket_summary
+ data_stream:
+ dataset: system.socket_summary
+ type: metrics
+ metricsets:
+ - socket_summary
+ period: 10s
+ - id: system/metrics-system.uptime
+ data_stream:
+ dataset: system.uptime
+ type: metrics
+ metricsets:
+ - uptime
+ period: 10s
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/NOTES.txt b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/NOTES.txt
new file mode 100644
index 00000000..cfd41883
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Elastic Agent status
+ $ kubectl get agent {{ include "elasticagent.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Elastic Agent pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l agent.k8s.elastic.co/name={{ include "elasticagent.fullname" . }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/_helpers.tpl b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/_helpers.tpl
new file mode 100644
index 00000000..748ca7dd
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "elasticagent.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "elasticagent.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "elasticagent.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "elasticagent.labels" -}}
+helm.sh/chart: {{ include "elasticagent.chart" . }}
+{{ include "elasticagent.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "elasticagent.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "elasticagent.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/cluster-role-binding.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/cluster-role-binding.yaml
new file mode 100644
index 00000000..762a59dc
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/cluster-role-binding.yaml
@@ -0,0 +1,33 @@
+{{- with .Values.clusterRoleBinding }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "elasticagent.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- with .subjects }}
+subjects:
+{{- range . }}
+ - kind: {{ .kind }}
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+{{- end }}
+{{- end }}
+roleRef:
+ kind: {{ .roleRef.kind }}
+ name: {{ .roleRef.name }}
+ apiGroup: {{ .roleRef.apiGroup }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/cluster-role.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/cluster-role.yaml
new file mode 100644
index 00000000..5d97ec7a
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/cluster-role.yaml
@@ -0,0 +1,22 @@
+{{- with .Values.clusterRole }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "elasticagent.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+rules: {{- toYaml .rules | nindent 2 }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/elastic-agent.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/elastic-agent.yaml
new file mode 100644
index 00000000..9017e5bb
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/elastic-agent.yaml
@@ -0,0 +1,89 @@
+---
+apiVersion: agent.k8s.elastic.co/v1alpha1
+kind: Agent
+metadata:
+ name: {{ include "elasticagent.fullname" . }}
+ labels:
+ {{- include "elasticagent.labels" $ | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "An Elastic Agent version is required" (or ((.Values.spec).version) (.Values.version)) }}
+ {{- $daemonSet := (or (hasKey (.Values.spec) "daemonSet") (hasKey .Values "daemonSet")) }}
+ {{- $deployment := (or (hasKey (.Values.spec) "deployment") (hasKey .Values "deployment")) }}
+ {{- $statefulSet := (or (hasKey (.Values.spec) "statefulSet") (hasKey .Values "statefulSet")) }}
+ {{- if and (not $daemonSet) (not $deployment) (not $statefulSet) }}
+ {{ fail "At least one of daemonSet, deployment or statefulSet is required" }}
+ {{- end }}
+ {{- if $daemonSet }}
+ {{- $ds := or ((.Values.spec).daemonSet) (.Values.daemonSet) }}
+ daemonSet:
+ {{- /* This is required to render the empty daemonset ( {} ) properly */}}
+ {{- $ds | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- if $deployment }}
+ {{- $deploy := or ((.Values.spec).deployment) (.Values.deployment) }}
+ deployment:
+ {{- /* This is required to render the empty deployment ( {} ) properly */}}
+ {{- $deploy | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- if $statefulSet }}
+ {{- $sts := or ((.Values.spec).statefulSet) (.Values.statefulSet) }}
+ statefulSet:
+ {{- /* This is required to render the empty statefulSet ( {} ) properly */}}
+ {{- $sts | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).image) (.Values.image) }}
+ image: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).elasticsearchRefs) (.Values.elasticsearchRefs) }}
+ elasticsearchRefs:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).kibanaRef) (.Values.kibanaRef) }}
+ kibanaRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).fleetServerRef) (.Values.fleetServerRef) }}
+ fleetServerRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- $config := or ((.Values.spec).config) (.Values.config) }}
+ {{- $configRef := or ((.Values.spec).configRef) (.Values.configRef) }}
+ {{- if and $config $configRef }}
+ {{ fail "Only one of config and configRef can be specified" }}
+ {{- end }}
+ {{- with $config }}
+ config:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with $configRef }}
+ configRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).mode) (.Values.mode) }}
+ mode: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).fleetServerEnabled) (.Values.fleetServerEnabled) }}
+ fleetServerEnabled: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).http) (.Values.http) }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).policyID) (.Values.policyID) }}
+ policyID: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).secureSettings) (.Values.secureSettings) }}
+ secureSettings:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).revisionHistoryLimit) (.Values.revisionHistoryLimit) }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with or (((.Values.spec).serviceAccount).name) ((.Values.serviceAccount).name) }}
+ serviceAccountName: {{ . }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/service-account.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/service-account.yaml
new file mode 100644
index 00000000..e8bdf0b5
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/templates/service-account.yaml
@@ -0,0 +1,22 @@
+{{- with .Values.serviceAccount }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+ labels:
+ {{- include "elasticagent.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/values.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/values.yaml
new file mode 100644
index 00000000..fa62f87c
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-agent/values.yaml
@@ -0,0 +1,257 @@
+---
+# Default values for eck-agent.
+# This is a YAML-formatted file.
+
+# Overridable names of the Elastic Agent resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-agent'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Fleet Agent resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Elastic Agent.
+#
+version: 9.2.0
+
+# Labels that will be applied to Elastic Agent.
+#
+labels: {}
+
+# Annotations that will be applied to Elastic Agent.
+#
+annotations: {}
+
+# Elastic Agent image to deploy.
+#
+# image: docker.elastic.co/beats/elastic-agent:9.2.0
+
+# ** Deprecation Notice **
+# The previous versions of this Helm Chart simply used the `spec` field here
+# and allowed the user to specify any fields below `spec` that were templated directly
+# into the final Kibana manifest. This is no longer the preferred way to specify these
+# fields and each field that is supported underneath `spec` is now directly specified
+# in this values file. Currently both patterns are supported for backwards compatibility
+# but we plan to remove the `spec` field in the future.
+# spec: {}
+
+# Referenced resources are below and depending on the setup, at least one is required for a functional Agent.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-setting-referenced-resources
+#
+# Reference to ECK-managed Kibana instance.
+#
+# kibanaRef:
+# name: quickstart
+ # Optional namespace reference to Kibana instance.
+ # If not specified, then the namespace of the Agent instance
+ # will be assumed.
+ #
+ # namespace: default
+
+# Reference to ECK-managed Elasticsearch instance.
+#
+elasticsearchRefs:
+- name: eck-elasticsearch
+ # Optional namespace reference to Elasticsearch instance.
+ # If not specified, then the namespace of the Agent instance
+ # will be assumed.
+ #
+ # namespace: default
+ #
+ # Optional secretName referencing an existing Kubernetes secret that contains connection information
+ # for associating an Agent instance to a remote Elasticsearch instance not managed by ECK.
+ # The referenced secret must contain the following:
+ # - `url`: the URL to reach the Elastic resource
+ # - `username`: the username of the user to be authenticated to the Elastic resource
+ # - `password`: the password of the user to be authenticated to the Elastic resource
+ # - `ca.crt`: the CA certificate in PEM format (optional)
+ # - `api-key`: the key to authenticate against the Elastic resource instead of a username and password
+ # This field cannot be used in combination with the other fields name, namespace or serviceName.
+ #
+ # secretName: my-remote-es-credentials
+
+# Reference to ECK-managed Fleet Server instance.
+#
+# fleetServerRef:
+# name: eck-fleet-server
+ # Optional namespace reference to Fleet Server instance.
+ # If not specified, then the namespace of the Agent instance
+ # will be assumed.
+ #
+ # namespace: default
+
+# The Elastic Agent configuration, the ECK equivalent to agent.yml
+# NOTE: The `config` and `configRef` fields are mutually exclusive. Only one of them should be defined at a time,
+# as using both may cause conflicts.
+#
+# Configuration of Agent, specifically used in Agent standalone mode.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-configuration.html
+#
+config: null
+
+# Reference a configuration in a Secret.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-configuration.html
+#
+# configRef:
+# secretName: ""
+
+# The mode of Agent to use. Only set to "fleet" when Fleet Server is enabled.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-fleet-mode-and-fleet-server
+#
+# mode: "fleet"
+
+# fleetServerEnabled determines whether the Agent will be run as the Fleet Server.
+#
+# NOTE: Both `mode: fleet` and `fleetServerEnabled: true` need to be set for Fleet Server to be enabled.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-fleet-mode-and-fleet-server
+#
+fleetServerEnabled: false
+
+# The HTTP layer configuration for the Fleet Server Service.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-customize-fleet-server-service
+#
+# http:
+
+# policyID determines into which Agent Policy this Agent will be enrolled.
+# policyID: eck-agent
+
+# DaemonSet, StatefulSet, or Deployment specification for Agent.
+# At least one is required of [daemonSet, deployment, statefulSet].
+# No default is currently set, refer to https://github.com/elastic/cloud-on-k8s/issues/7429.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-chose-the-deployment-model
+#
+# deployment:
+# podTemplate:
+# spec:
+# containers:
+# - name: agent
+# securityContext:
+# runAsUser: 0
+# daemonSet:
+# podTemplate:
+# spec:
+# containers:
+# - name: agent
+# securityContext:
+# runAsUser: 0
+# statefulSet:
+# podTemplate:
+# spec:
+# containers:
+# - name: agent
+# securityContext:
+# runAsUser: 0
+
+# SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for Elastic Agent.
+secureSettings: []
+# - secretName: my-secret-with-secure-settings
+
+# Number of revisions to retain to allow rollback in the underlying Deployment.
+# If not set Kubernetes sets this to 10 by default.
+#
+# revisionHistoryLimit: 2
+
+# ServiceAccount to be used by Elastic Agent. Some Elastic Agent features, such as the Kubernetes integration,
+# require that Agent Pods interact with Kubernetes APIs. This functionality requires specific permissions
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+serviceAccount:
+ name: elastic-agent
+ # { .Release.Namespace } is used here by default, but can be specified.
+ # namespace: optional-namespace
+
+# ClusterRoleBinding to be used by Elastic Agent. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+clusterRoleBinding:
+ name: elastic-agent
+ subjects:
+ - kind: ServiceAccount
+ name: elastic-agent
+ # { .Release.Namespace } is used here by default, but can be specified.
+ # namespace: default
+ roleRef:
+ kind: ClusterRole
+ name: elastic-agent
+ apiGroup: rbac.authorization.k8s.io
+
+# ClusterRole to be used by Elastic Agent. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+clusterRole:
+ name: elastic-agent
+ rules:
+ - apiGroups: [""]
+ resources:
+ - pods
+ - nodes
+ - namespaces
+ - events
+ - services
+ - configmaps
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups: ["coordination.k8s.io"]
+ resources:
+ - leases
+ verbs:
+ - get
+ - create
+ - update
+ - nonResourceURLs:
+ - "/metrics"
+ verbs:
+ - get
+ - apiGroups: ["extensions"]
+ resources:
+ - replicasets
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
+ - apiGroups:
+ - "apps"
+ resources:
+ - statefulsets
+ - deployments
+ - replicasets
+ - daemonsets
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
+ - apiGroups:
+ - ""
+ resources:
+ - nodes/stats
+ verbs:
+ - get
+ - nonResourceURLs:
+ - "/metrics"
+ verbs:
+ - get
+ - apiGroups:
+ - "batch"
+ resources:
+ - jobs
+ - cronjobs
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
+ - apiGroups:
+ - "storage.k8s.io"
+ resources:
+ - storageclasses
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/.helmignore b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/Chart.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/Chart.yaml
new file mode 100644
index 00000000..d3d457a1
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Elastic APM Server managed by the ECK operator
+icon: https://helm.elastic.co/icons/apm.png
+kubeVersion: '>= 1.21.0-0'
+name: eck-apm-server
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/apm-server
+type: application
+version: 0.17.0
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/LICENSE b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/examples/jaeger-with-http-configuration.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/examples/jaeger-with-http-configuration.yaml
new file mode 100644
index 00000000..133eb751
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/examples/jaeger-with-http-configuration.yaml
@@ -0,0 +1,29 @@
+---
+# Version of APM Server.
+#
+version: 9.2.0
+
+# Count of APM Server replicas to create.
+#
+count: 1
+
+config:
+ name: elastic-apm
+ apm-server.jaeger.grpc.enabled: true
+ apm-server.jaeger.grpc.host: "0.0.0.0:14250"
+
+# Reference to ECK-managed Elasticsearch resource.
+#
+elasticsearchRef:
+ name: eck-elasticsearch
+http:
+ service:
+ spec:
+ ports:
+ - name: http
+ port: 8200
+ targetPort: 8200
+ - name: grpc
+ port: 14250
+ targetPort: 14250
+
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/templates/NOTES.txt b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/templates/NOTES.txt
new file mode 100644
index 00000000..42ab52cb
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check APM Server status
+ $ kubectl get apmserver {{ include "apm-server.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check APM Server pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l apm.k8s.elastic.co/name={{ include "apm-server.fullname" . }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/templates/_helpers.tpl b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/templates/_helpers.tpl
new file mode 100644
index 00000000..d06ca3f4
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "apm-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "apm-server.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "apm-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "apm-server.labels" -}}
+helm.sh/chart: {{ include "apm-server.chart" . }}
+{{ include "apm-server.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "apm-server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "apm-server.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/templates/apmserver.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/templates/apmserver.yaml
new file mode 100644
index 00000000..f3dd5ba9
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/templates/apmserver.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: apm.k8s.elastic.co/v1
+kind: ApmServer
+metadata:
+ name: {{ include "apm-server.fullname" . }}
+ labels:
+ {{- include "apm-server.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "An APM Server version is required" .Values.version }}
+ count: {{ required "A pod count is required" .Values.count }}
+ {{- with .Values.image }}
+ image: {{ . }}
+ {{- end }}
+ {{- with .Values.serviceAccountName }}
+ serviceAccountName: {{ . }}
+ {{- end }}
+ {{- with .Values.revisionHistoryLimit }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+
+ {{- with .Values.config }}
+ config:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.http }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.elasticsearchRef }}
+ elasticsearchRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.kibanaRef }}
+ kibanaRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.podTemplate }}
+ podTemplate:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.secureSettings }}
+ secureSettings:
+ {{- toYaml . | nindent 2 }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/values.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/values.yaml
new file mode 100644
index 00000000..0c4c9708
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-apm-server/values.yaml
@@ -0,0 +1,108 @@
+---
+# Default values for eck-apm-server.
+# This is a YAML-formatted file.
+
+# Overridable names of the APM Server resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-apm-server'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the APM Server resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of APM Server.
+#
+version: 9.2.0
+
+# APM Server Docker image to deploy
+#
+# image:
+
+# Used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace.
+# Can only be used if ECK is enforcing RBAC on references.
+#
+# serviceAccountName: ""
+
+# Labels that will be applied to APM Server.
+#
+labels: {}
+
+# Annotations that will be applied to APM Server.
+#
+annotations: {}
+
+# Count of APM Server replicas to create.
+#
+count: 1
+
+# The APM Server configuration, the ECK equivalent to apm-server.yml
+# ref: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html
+#
+config: {}
+
+# Settings to control how APM Server will be accessed.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-accessing-elastic-services.html
+#
+http: {}
+ # service:
+ # metadata:
+ # labels:
+ # my-custom: label
+ # spec:
+ # ports:
+ # - name: http
+ # port: 8200
+ # targetPort: 8200
+
+# Reference to ECK-managed Elasticsearch resource.
+#
+elasticsearchRef: {}
+ # name: eck-elasticsearch
+ # Optional namespace reference to Elasticsearch resource.
+ # If not specified, then the namespace of the APM Server resource
+ # will be assumed.
+ #
+ # namespace: default
+ #
+ # Optional secretName referencing an existing Kubernetes secret that contains connection information
+ # for associating an APM Server instance to a remote Elasticsearch instance not managed by ECK.
+ # The referenced secret must contain the following:
+ # - `url`: the URL to reach the Elastic resource
+ # - `username`: the username of the user to be authenticated to the Elastic resource
+ # - `password`: the password of the user to be authenticated to the Elastic resource
+ # - `ca.crt`: the CA certificate in PEM format (optional)
+ # This field cannot be used in combination with the other fields name, namespace or serviceName.
+ #
+ # secretName: my-remote-es-credentials
+
+# Optional reference to ECK-managed Kibana resource which allows ECK to
+# automatically configure the Kibana endpoint as described in
+# https://www.elastic.co/guide/en/apm/server/current/setup-kibana-endpoint.html
+#
+# kibanaRef:
+# name: eck-kibana
+# # Optional namespace reference to Kibana resource.
+# # If not specified, then the namespace of the APM Server resource
+# # will be assumed.
+# #
+# # namespace: default
+
+# Set podTemplate to customize the pod used by APM Server
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-customize-pods.html
+#
+podTemplate: {}
+
+# Number of revisions to retain to allow rollback in the underlying Deployment.
+# If not set Kubernetes sets this to 10 by default.
+#
+# revisionHistoryLimit: 2
+
+# SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for APM Server.
+secureSettings: []
+# - secretName: my-secret-with-secure-settings
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/.helmignore b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/Chart.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/Chart.yaml
new file mode 100644
index 00000000..7a23d60d
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Elastic Beats managed by the ECK operator
+icon: https://helm.elastic.co/icons/beats.png
+kubeVersion: '>= 1.20.0-0'
+name: eck-beats
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/beats
+type: application
+version: 0.17.0
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/LICENSE b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/auditbeat_hosts.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/auditbeat_hosts.yaml
new file mode 100644
index 00000000..806669ac
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/auditbeat_hosts.yaml
@@ -0,0 +1,110 @@
+name: auditbeat
+version: 9.2.0
+type: auditbeat
+elasticsearchRef:
+ name: eck-elasticsearch
+kibanaRef:
+ name: eck-kibana
+config:
+ auditbeat.modules:
+ - module: file_integrity
+ paths:
+ - /hostfs/bin
+ - /hostfs/usr/bin
+ - /hostfs/sbin
+ - /hostfs/usr/sbin
+ - /hostfs/etc
+ exclude_files:
+ - '(?i)\.sw[nop]$'
+ - '~$'
+ - '/\.git($|/)'
+ scan_at_start: true
+ scan_rate_per_sec: 50 MiB
+ max_file_size: 100 MiB
+ hash_types: [sha1]
+ recursive: true
+ - module: auditd
+ audit_rules: |
+ # Executions
+ -a always,exit -F arch=b64 -S execve,execveat -k exec
+
+ # Unauthorized access attempts (amd64 only)
+ -a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -k access
+ -a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access
+
+ processors:
+ - add_cloud_metadata: {}
+ - add_host_metadata: {}
+ - add_process_metadata:
+ match_pids: ['process.pid']
+daemonSet:
+ podTemplate:
+ spec:
+ hostPID: true # Required by auditd module
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true # Allows to provide richer host metadata
+ automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
+ securityContext:
+ runAsUser: 0
+ volumes:
+ - name: bin
+ hostPath:
+ path: /bin
+ - name: usrbin
+ hostPath:
+ path: /usr/bin
+ - name: sbin
+ hostPath:
+ path: /sbin
+ - name: usrsbin
+ hostPath:
+ path: /usr/sbin
+ - name: etc
+ hostPath:
+ path: /etc
+ - name: run-containerd
+ hostPath:
+ path: /run/containerd
+ type: DirectoryOrCreate
+ # Uncomment the below when running on GKE. See https://github.com/elastic/beats/issues/8523 for more context.
+ #- name: run
+ # hostPath:
+ # path: /run
+ #initContainers:
+ #- name: cos-init
+ # image: docker.elastic.co/beats/auditbeat:8.3.3
+ # volumeMounts:
+ # - name: run
+ # mountPath: /run
+ # command: ['sh', '-c', 'export SYSTEMD_IGNORE_CHROOT=1 && systemctl stop systemd-journald-audit.socket && systemctl mask systemd-journald-audit.socket && systemctl restart systemd-journald']
+ containers:
+ - name: auditbeat
+ securityContext:
+ capabilities:
+ add:
+ # Capabilities needed for auditd module
+ - 'AUDIT_READ'
+ - 'AUDIT_WRITE'
+ - 'AUDIT_CONTROL'
+ volumeMounts:
+ - name: bin
+ mountPath: /hostfs/bin
+ readOnly: true
+ - name: sbin
+ mountPath: /hostfs/sbin
+ readOnly: true
+ - name: usrbin
+ mountPath: /hostfs/usr/bin
+ readOnly: true
+ - name: usrsbin
+ mountPath: /hostfs/usr/sbin
+ readOnly: true
+ - name: etc
+ mountPath: /hostfs/etc
+ readOnly: true
+ # Directory with root filesystems of containers executed with containerd, this can be
+ # different with other runtimes. This volume is needed to monitor the file integrity
+ # of files in containers.
+ - name: run-containerd
+ mountPath: /run/containerd
+ readOnly: true
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/filebeat_no_autodiscover.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/filebeat_no_autodiscover.yaml
new file mode 100644
index 00000000..6229fc5a
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/filebeat_no_autodiscover.yaml
@@ -0,0 +1,52 @@
+name: filebeat
+version: 9.2.0
+type: filebeat
+elasticsearchRef:
+ name: eck-elasticsearch
+kibanaRef:
+ name: eck-kibana
+config:
+ filebeat.inputs:
+ - type: filestream
+ paths:
+ - /var/log/containers/*.log
+ parsers:
+ - container: ~
+ prospector:
+ scanner:
+ fingerprint.enabled: true
+ symlinks: true
+ file_identity.fingerprint: ~
+ processors:
+ - add_host_metadata: {}
+ - add_cloud_metadata: {}
+daemonSet:
+ podTemplate:
+ spec:
+ automountServiceAccountToken: true
+ terminationGracePeriodSeconds: 30
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true # Allows to provide richer host metadata
+ containers:
+ - name: filebeat
+ securityContext:
+ runAsUser: 0
+ # If using Red Hat OpenShift uncomment this:
+ #privileged: true
+ volumeMounts:
+ - name: varlogcontainers
+ mountPath: /var/log/containers
+ - name: varlogpods
+ mountPath: /var/log/pods
+ - name: varlibdockercontainers
+ mountPath: /var/lib/docker/containers
+ volumes:
+ - name: varlogcontainers
+ hostPath:
+ path: /var/log/containers
+ - name: varlogpods
+ hostPath:
+ path: /var/log/pods
+ - name: varlibdockercontainers
+ hostPath:
+ path: /var/lib/docker/containers
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/heartbeat_es_kb_health.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/heartbeat_es_kb_health.yaml
new file mode 100644
index 00000000..4bb85504
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/heartbeat_es_kb_health.yaml
@@ -0,0 +1,23 @@
+name: heartbeat
+version: 9.2.0
+type: heartbeat
+elasticsearchRef:
+ name: eck-elasticsearch
+config:
+ heartbeat.monitors:
+ - type: tcp
+ schedule: '@every 5s'
+ # This should directly match the name of the Elasticsearch instance
+ # with "-es-http" appended to the name.
+ hosts: ["elasticsearch-es-http.default.svc:9200"]
+ - type: tcp
+ schedule: '@every 5s'
+ # This should directly match the names of the Kibana instance
+ # with "-kb-http" appended to the name.
+ hosts: ["eck-kibana-kb-http.default.svc:5601"]
+deployment:
+ replicas: 1
+ podTemplate:
+ spec:
+ securityContext:
+ runAsUser: 0
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/metricbeat_hosts.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/metricbeat_hosts.yaml
new file mode 100644
index 00000000..0ba57ec6
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/metricbeat_hosts.yaml
@@ -0,0 +1,158 @@
+name: metricbeat
+type: metricbeat
+version: 9.2.0
+elasticsearchRef:
+ name: eck-elasticsearch
+kibanaRef:
+ name: eck-kibana
+config:
+ metricbeat:
+ autodiscover:
+ providers:
+ - hints:
+ default_config: {}
+ enabled: "true"
+ node: ${NODE_NAME}
+ type: kubernetes
+ modules:
+ - module: system
+ period: 10s
+ metricsets:
+ - cpu
+ - load
+ - memory
+ - network
+ - process
+ - process_summary
+ process:
+ include_top_n:
+ by_cpu: 5
+ by_memory: 5
+ processes:
+ - .*
+ - module: system
+ period: 1m
+ metricsets:
+ - filesystem
+ - fsstat
+ processors:
+ - drop_event:
+ when:
+ regexp:
+ system:
+ filesystem:
+ mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib)($|/)
+ - module: kubernetes
+ period: 10s
+ node: ${NODE_NAME}
+ hosts:
+ - https://${NODE_NAME}:10250
+ bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+ ssl:
+ verification_mode: none
+ metricsets:
+ - node
+ - system
+ - pod
+ - container
+ - volume
+ processors:
+ - add_cloud_metadata: {}
+ - add_host_metadata: {}
+daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: metricbeat
+ automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
+ containers:
+ - args:
+ - -e
+ - -c
+ - /etc/beat.yml
+ - --system.hostfs=/hostfs
+ name: metricbeat
+ volumeMounts:
+ - mountPath: /hostfs/sys/fs/cgroup
+ name: cgroup
+ - mountPath: /var/run/docker.sock
+ name: dockersock
+ - mountPath: /hostfs/proc
+ name: proc
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true # Allows to provide richer host metadata
+ securityContext:
+ runAsUser: 0
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - hostPath:
+ path: /sys/fs/cgroup
+ name: cgroup
+ - hostPath:
+ path: /var/run/docker.sock
+ name: dockersock
+ - hostPath:
+ path: /proc
+ name: proc
+
+clusterRole:
+ # permissions needed for metricbeat
+ # source: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-kubernetes.html
+ name: metricbeat
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ - namespaces
+ - events
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - "extensions"
+ resources:
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ - deployments
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - nodes/stats
+ verbs:
+ - get
+ - nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+
+serviceAccount:
+ name: metricbeat
+
+clusterRoleBinding:
+ name: metricbeat
+ subjects:
+ - kind: ServiceAccount
+ name: metricbeat
+ roleRef:
+ kind: ClusterRole
+ name: metricbeat
+ apiGroup: rbac.authorization.k8s.io
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/packetbeat_dns_http.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/packetbeat_dns_http.yaml
new file mode 100644
index 00000000..cae3e07f
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/examples/packetbeat_dns_http.yaml
@@ -0,0 +1,37 @@
+name: packetbeat
+type: packetbeat
+version: 9.2.0
+elasticsearchRef:
+ name: eck-elasticsearch
+kibanaRef:
+ name: eck-kibana
+config:
+ packetbeat.interfaces.device: any
+ packetbeat.protocols:
+ - type: dns
+ ports: [53]
+ include_authorities: true
+ include_additionals: true
+ - type: http
+ ports: [80, 8000, 8080, 9200]
+ packetbeat.flows:
+ timeout: 30s
+ period: 10s
+ processors:
+ - add_cloud_metadata: {}
+ - add_host_metadata: {}
+daemonSet:
+ podTemplate:
+ spec:
+ terminationGracePeriodSeconds: 30
+ hostNetwork: true
+ automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
+ dnsPolicy: ClusterFirstWithHostNet
+ containers:
+ - name: packetbeat
+ securityContext:
+ runAsUser: 0
+ capabilities:
+ add:
+ - NET_ADMIN
+ volumes: []
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/NOTES.txt b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/NOTES.txt
new file mode 100644
index 00000000..10d2dac5
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Beat status
+ $ kubectl get beat {{ include "beat.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Beat pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l beat.k8s.elastic.co/name={{ include "beat.fullname" . }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/_helpers.tpl b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/_helpers.tpl
new file mode 100644
index 00000000..5e20af14
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "beat.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "beat.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "beat.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "beat.labels" -}}
+helm.sh/chart: {{ include "beat.chart" . }}
+{{ include "beat.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "beat.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "beat.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/beats.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/beats.yaml
new file mode 100644
index 00000000..a70ac9a6
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/beats.yaml
@@ -0,0 +1,75 @@
+---
+apiVersion: beat.k8s.elastic.co/v1beta1
+kind: Beat
+metadata:
+ name: {{ include "beat.fullname" . }}
+ labels:
+ {{- include "beat.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "A Beat version is required" (or ((.Values.spec).version) (.Values.version)) }}
+ {{- $daemonSet := (or (hasKey (.Values.spec) "daemonSet") (hasKey .Values "daemonSet")) }}
+ {{- $deployment := (or (hasKey (.Values.spec) "deployment") (hasKey .Values "deployment")) }}
+ {{- if and (not $daemonSet) (not $deployment) }}
+ {{ fail "At least one of daemonSet or deployment is required for a functional Beat" }}
+ {{- end }}
+ {{- if not (or ((.Values.spec).type) (.Values.type)) }}{{ fail "A Beat type is required" }}{{- end }}
+ type: {{ or ((.Values.spec).type) (.Values.type) }}
+ {{- if $daemonSet }}
+ {{- $ds := or ((.Values.spec).daemonSet) (.Values.daemonSet) }}
+ daemonSet:
+ {{- /* This is required to render the empty daemonset ( {} ) properly */}}
+ {{- $ds | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- if $deployment }}
+ {{- $deploy := or ((.Values.spec).deployment) (.Values.deployment) }}
+ deployment:
+ {{- /* This is required to render the empty deployment ( {} ) properly */}}
+ {{- $deploy | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).image) (.Values.image) }}
+ image: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).elasticsearchRef) (.Values.elasticsearchRef) }}
+ elasticsearchRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).kibanaRef) (.Values.kibanaRef) }}
+ kibanaRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- $config := or ((.Values.spec).config) (.Values.config) }}
+ {{- $configRef := or ((.Values.spec).configRef) (.Values.configRef) }}
+ {{- if and $config $configRef }}
+ {{ fail "Only one of config and configRef can be specified" }}
+ {{- end }}
+ {{- with $config }}
+ config:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with $configRef }}
+ configRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).http) (.Values.http) }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).monitoring) (.Values.monitoring) }}
+ monitoring:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).secureSettings) (.Values.secureSettings) }}
+ secureSettings:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).revisionHistoryLimit) (.Values.revisionHistoryLimit) }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with or (((.Values.spec).serviceAccount).name) ((.Values.serviceAccount).name) }}
+ serviceAccountName: {{ . }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/cluster-role-binding.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/cluster-role-binding.yaml
new file mode 100644
index 00000000..d8fca15f
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/cluster-role-binding.yaml
@@ -0,0 +1,35 @@
+{{- with .Values.clusterRoleBinding }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "beat.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- with .subjects }}
+subjects:
+{{- range . }}
+ - kind: {{ .kind }}
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+{{- end }}
+{{- end }}
+{{- with .roleRef }}
+roleRef:
+ kind: {{ .kind }}
+ name: {{ .name }}
+ apiGroup: {{ .apiGroup }}
+{{- end }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/cluster-role.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/cluster-role.yaml
new file mode 100644
index 00000000..66406f63
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/cluster-role.yaml
@@ -0,0 +1,22 @@
+{{- with .Values.clusterRole }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "beat.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+rules: {{- toYaml .rules | nindent 2 }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/service-account.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/service-account.yaml
new file mode 100644
index 00000000..08f21f7e
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/templates/service-account.yaml
@@ -0,0 +1,23 @@
+
+{{- with .Values.serviceAccount }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+ labels:
+ {{- include "beat.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/values.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/values.yaml
new file mode 100644
index 00000000..c54abe3b
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-beats/values.yaml
@@ -0,0 +1,181 @@
+---
+# Default values for eck-beats.
+# This is a YAML-formatted file.
+
+# Overridable names of the Beats resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-beats'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Beats resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Elastic Beats.
+#
+version: 9.2.0
+
+# Labels that will be applied to Elastic Beats.
+#
+labels: {}
+
+# Annotations that will be applied to Elastic Beats.
+#
+annotations: {}
+
+# ** Deprecation Notice **
+# The previous versions of this Helm Chart simply used the `spec` field here
+# and allowed the user to specify any fields below spec that were templated directly
+# into the final Beats manifest. This is no longer the preferred way to specify these
+# fields and each field that is supported underneath `spec` is now directly specified
+# in this values file. Currently both patterns are supported for backwards compatibility
+# but we plan to remove the `spec` field in the future.
+# spec: {}
+
+# Type of Elastic Beats. Standard types of Beat are [filebeat,metricbeat,heartbeat,auditbeat,packetbeat,journalbeat].
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-deploy-elastic-beat
+#
+# Note: This is required to be set, or the release install will fail.
+#
+type: ""
+
+# Beats image to deploy.
+#
+# image: docker.elastic.co/beats/metricbeat:9.2.0
+
+# Referenced resources are below and depending on the setup, at least elasticsearchRef is required for a functional Beat.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-connect-es
+#
+# Reference to ECK-managed Kibana instance.
+#
+# kibanaRef:
+# name: quickstart
+ # Optional namespace reference to Kibana instance.
+ # If not specified, then the namespace of the Beats instance
+ # will be assumed.
+ #
+ # namespace: default
+
+# Reference to ECK-managed Elasticsearch instance.
+# *Note* If Beat's output is intended to go to Elasticsearch and not something like Logstash,
+# this elasticsearchRef must be updated to the name of the Elasticsearch instance.
+#
+elasticsearchRef: {}
+ # name: elasticsearch
+ # Optional namespace reference to Elasticsearch instance.
+ # If not specified, then the namespace of the Beats instance
+ # will be assumed.
+ #
+ # namespace: default
+ #
+ # Optional secretName referencing an existing Kubernetes secret that contains connection information
+ # for associating a Beat instance to a remote Elasticsearch instance not managed by ECK.
+ # The referenced secret must contain the following:
+ # - `url`: the URL to reach the Elastic resource
+ # - `username`: the username of the user to be authenticated to the Elastic resource
+ # - `password`: the password of the user to be authenticated to the Elastic resource
+ # - `ca.crt`: the CA certificate in PEM format (optional)
+ # - `api-key`: the key to authenticate against the Elastic resource instead of a username and password
+ # This field cannot be used in combination with the other fields name, namespace or serviceName.
+ #
+ # secretName: my-remote-es-credentials
+
+# Daemonset, or Deployment specification for the type of Beat specified.
+# At least one is required of [daemonSet, deployment].
+# No default is currently set, refer to https://github.com/elastic/cloud-on-k8s/issues/7429.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-chose-the-deployment-model
+#
+# deployment:
+# podTemplate:
+# spec:
+# securityContext:
+# runAsUser: 0
+# daemonSet:
+# podTemplate:
+# spec:
+# securityContext:
+# runAsUser: 0
+
+# Configuration of Beat, which is dependent on the `type` of Beat specified.
+# NOTE: The `config` and `configRef` fields are mutually exclusive. Only one of them should be defined at a time,
+# as using both may cause conflicts.
+#
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-custom-configuration
+#
+config: {}
+
+# Reference a configuration in a Secret.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-custom-configuration
+#
+# configRef:
+# secretName: ""
+
+# The HTTP layer configuration for the Beats Service.
+#
+# http:
+
+# Settings for configuring stack monitoring.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html
+#
+# monitoring: {}
+ # metrics:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+ # logs:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+
+# SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for Elastic Beats.
+secureSettings: []
+# - secretName: my-secret-with-secure-settings
+
+# Number of revisions to retain to allow rollback in the underlying Deployment.
+# If not set Kubernetes sets this to 10 by default.
+#
+# revisionHistoryLimit: 2
+
+# ServiceAccount to be used by Elastic Beats. Some Beats features (such as autodiscover or Kubernetes module metricsets)
+# require that Beat Pods interact with Kubernetes APIs. This functionality requires specific permissions
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats
+#
+serviceAccount: {}
+# name: elastic-beat-filebeat-quickstart
+# namespace: optional-namespace
+
+# ClusterRoleBinding to be used by Elastic Beats. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats
+#
+clusterRoleBinding: {}
+# name: elastic-beat-autodiscover-binding
+# subjects:
+# - kind: ServiceAccount
+# name: elastic-beat-filebeat-quickstart
+# namespace: default
+# roleRef:
+# kind: ClusterRole
+# name: elastic-beat-autodiscover
+# apiGroup: rbac.authorization.k8s.io
+
+# ClusterRole to be used by Elastic Beats. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-beat-configuration.html#k8s-beat-role-based-access-control-for-beats
+#
+clusterRole: {}
+# name: elastic-beat-autodiscover
+# rules:
+# - apiGroups: [""]
+# resources:
+# - events
+# - pods
+# - namespaces
+# - nodes
+# verbs:
+# - get
+# - watch
+# - list
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/.helmignore b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/Chart.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/Chart.yaml
new file mode 100644
index 00000000..c99bff0c
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Elasticsearch managed by the ECK operator
+icon: https://helm.elastic.co/icons/elasticsearch.png
+kubeVersion: '>= 1.21.0-0'
+name: eck-elasticsearch
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/elasticsearch/
+type: application
+version: 0.17.0
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/LICENSE b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/hot-warm-cold.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/hot-warm-cold.yaml
new file mode 100644
index 00000000..4eb99e60
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/hot-warm-cold.yaml
@@ -0,0 +1,198 @@
+---
+nodeSets:
+- name: masters
+ count: 1
+ config:
+ node.roles: ["master"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 8Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highio
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+- name: hot
+ count: 1
+ config:
+ node.roles: ["data_hot", "data_content", "ingest"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 16Gi
+ cpu: 4
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highio
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+- name: warm
+ count: 1
+ config:
+ node.roles: ["data_warm"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 16Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highstorage
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+- name: cold
+ count: 1
+ config:
+ node.roles: ["data_cold"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 8Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highstorage
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 20Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-aks.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-aks.yaml
new file mode 100644
index 00000000..0ca310c3
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-aks.yaml
@@ -0,0 +1,26 @@
+---
+# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in an AKS cluster.
+#
+ingress:
+ enabled: true
+ className: webapprouting.kubernetes.azure.com
+ annotations:
+ # This is required for AKS Loadbalancing to understand that it's communicating with
+ # an HTTPS backend.
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "elasticsearch.company.dev"
+ path: "/"
+nodeSets:
+- name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-alb.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-alb.yaml
new file mode 100644
index 00000000..d3cc4041
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-alb.yaml
@@ -0,0 +1,37 @@
+---
+# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in an EKS cluster
+# which provisions an application load balancer.
+#
+ingress:
+ enabled: true
+ className: alb
+ annotations:
+ alb.ingress.kubernetes.io/scheme: "internet-facing"
+ alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
+ alb.ingress.kubernetes.io/backend-protocol: "HTTPS"
+ alb.ingress.kubernetes.io/target-type: "ip"
+ # To use an ALB with ECK, you must provide a valid ACM certificate ARN or use certificate discovery.
+ # There are 2 options for EKS:
+ # 1. Create a valid ACM certificate, and uncomment the following annotation and update it to the correct ARN.
+ # 2. Create a valid ACM certificate and ensure that the hosts[0].host matches the certificate's Common Name (CN) and
+ # certificate discovery *should* find the certificate automatically and use it.
+ #
+ # ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/cert_discovery/
+ #
+ # alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:us-east-1:00000000000:certificate/b65be571-8220-4f2e-8cb1-94194535d877"
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "elasticsearch.company.dev"
+ path: "/"
+nodeSets:
+- name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-nlb.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-nlb.yaml
new file mode 100644
index 00000000..3809e871
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-nlb.yaml
@@ -0,0 +1,27 @@
+---
+# The following is an example of an Elasticsearch resource that is configured to deploy a
+# network load balancer (NLB) in an EKS cluster. To provision an NLB "ingress" for the
+# Elasticsearch cluster, you are required to set annotations on the service,
+# and not an Ingress resource.
+ingress:
+ enabled: false
+http:
+ service:
+ metadata:
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-type: external
+ service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
+ service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+ service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+ spec:
+ type: LoadBalancer
+nodeSets:
+- name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-gke.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-gke.yaml
new file mode 100644
index 00000000..3adbd29c
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-gke.yaml
@@ -0,0 +1,36 @@
+---
+# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in a GKE cluster.
+#
+ingress:
+ enabled: true
+ annotations:
+ my: annotation
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "elasticsearch.company.dev"
+ path: "/"
+http:
+ service:
+ metadata:
+ annotations:
+ # This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters.
+ cloud.google.com/neg: '{"ingress": true}'
+ # This is required to enable the GKE Ingress Controller to use HTTPS as the backend protocol.
+ cloud.google.com/app-protocols: '{"https":"HTTPS"}'
+nodeSets:
+- name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+ # Enable anonymous access to allow GCLB health probes to succeed
+ xpack.security.authc:
+ anonymous:
+ username: anon
+ roles: monitoring_user
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/NOTES.txt b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/NOTES.txt
new file mode 100644
index 00000000..f6ab0020
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Elasticsearch resource status
+ $ kubectl get es {{ include "elasticsearch.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Elasticsearch pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l elasticsearch.k8s.elastic.co/cluster-name={{ include "elasticsearch.fullname" . }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/_helpers.tpl b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/_helpers.tpl
new file mode 100644
index 00000000..8fbf57b3
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "elasticsearch.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "elasticsearch.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "elasticsearch.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "elasticsearch.labels" -}}
+helm.sh/chart: {{ include "elasticsearch.chart" . }}
+{{ include "elasticsearch.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "elasticsearch.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "elasticsearch.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/elasticsearch.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/elasticsearch.yaml
new file mode 100644
index 00000000..4a4d7465
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/elasticsearch.yaml
@@ -0,0 +1,78 @@
+---
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+ name: {{ include "elasticsearch.fullname" . }}
+ labels:
+ {{- include "elasticsearch.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- with .Values.auth }}
+ auth:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.updateStrategy }}
+ updateStrategy:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.secureSettings }}
+ secureSettings:
+ {{- toYaml . | nindent 2 }}
+ {{- end }}
+ {{- with .Values.transport }}
+ transport:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.http }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ version: {{ required "An Elasticsearch version is required" .Values.version }}
+ {{- with .Values.monitoring }}
+ monitoring:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.remoteClusters }}
+ remoteClusters:
+ {{- toYaml . | nindent 2 }}
+ {{- end }}
+ {{- with .Values.remoteClusterServer }}
+ remoteClusterServer:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.volumeClaimDeletePolicy }}
+ volumeClaimDeletePolicy:
+ {{- if and (not (eq . "DeleteOnScaledownOnly")) (not (eq . "DeleteOnScaledownAndClusterDeletion")) }}
+ {{ fail "volumeClaimDeletePolicy can only be one of 'DeleteOnScaledownOnly' or 'DeleteOnScaledownAndClusterDeletion'" }}
+ {{- end }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if eq (len .Values.nodeSets) 0 }}
+ {{ fail "At least one nodeSet is required" }}
+ {{- end }}
+ nodeSets:
+ {{ toYaml .Values.nodeSets | nindent 4 }}
+ {{- with .Values.image }}
+ image: {{ . }}
+ {{- end }}
+ {{- with .Values.podDisruptionBudget }}
+ {{- if .disabled }}
+ podDisruptionBudget: {}
+ {{- else }}
+ {{- with .spec }}
+ podDisruptionBudget:
+ spec:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.serviceAccountName }}
+ serviceAccountName: {{ . }}
+ {{- end }}
+ {{- with .Values.revisionHistoryLimit }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/ingress.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/ingress.yaml
new file mode 100644
index 00000000..99aa1813
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/templates/ingress.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.ingress.enabled -}}
+{{- $pathType := .Values.ingress.pathType | default "Prefix" -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ include "elasticsearch.fullname" . }}
+ labels:
+ {{- include "elasticsearch.labels" . | nindent 4 }}
+ {{- with .Values.ingress.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if .Values.ingress.annotations }}
+ annotations:
+ {{- with .Values.ingress.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ {{- if .Values.ingress.className }}
+ ingressClassName: {{ .Values.ingress.className | quote }}
+ {{- end }}
+ {{- if .Values.ingress.tls.enabled }}
+ tls:
+ - hosts:
+ {{- range .Values.ingress.hosts }}
+ - {{ .host | quote }}
+ {{- end }}
+ {{- if .Values.ingress.tls.secretName }}
+ secretName: {{ .Values.ingress.tls.secretName }}
+ {{- else }}
+ secretName: {{ include "elasticsearch.fullname" . }}-es-http-certs-internal
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ {{- $hostPath := .path | default "/" }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ - path: {{ $hostPath }}
+ pathType: {{ $pathType }}
+ backend:
+ service:
+ name: {{ include "elasticsearch.fullname" $ }}-es-http
+ port:
+ number: 9200
+ {{- end }}
+{{ end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/values.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/values.yaml
new file mode 100644
index 00000000..3a3850fe
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-elasticsearch/values.yaml
@@ -0,0 +1,393 @@
+---
+# Default values for eck-elasticsearch.
+# This is a YAML-formatted file.
+
+# Overridable names of the Elasticsearch resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-elasticsearch'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Elasticsearch resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Elasticsearch.
+#
+version: 9.2.0
+
+# Elasticsearch Docker image to deploy
+#
+# image:
+
+# Labels that will be applied to Elasticsearch.
+#
+labels: {}
+
+# Annotations that will be applied to Elasticsearch.
+#
+annotations: {}
+
+# Settings for configuring Elasticsearch users and roles.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-users-and-roles.html
+#
+auth: {}
+
+# Settings for configuring stack monitoring.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html
+#
+monitoring: {}
+ # metrics:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+ # logs:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+
+# Control the Elasticsearch transport module used for internal communication between nodes.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-transport-settings.html
+#
+transport: {}
+ # service:
+ # metadata:
+ # labels:
+ # my-custom: label
+ # spec:
+ # type: LoadBalancer
+ # tls:
+ # subjectAltNames:
+ # - ip: 1.2.3.4
+ # - dns: hulk.example.com
+ # certificate:
+ # secretName: custom-ca
+
+# Settings to control how Elasticsearch will be accessed.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-accessing-elastic-services.html
+#
+http: {}
+ # service:
+ # metadata:
+ # labels:
+ # my-custom: label
+ # spec:
+ # type: LoadBalancer
+ # tls:
+ # selfSignedCertificate:
+ # # To fully disable TLS for the HTTP layer of Elasticsearch, simply
+ # # set the below field to 'true', removing all other fields.
+ # disabled: false
+ # subjectAltNames:
+ # - ip: 1.2.3.4
+ # - dns: hulk.example.com
+ # certificate:
+ # secretName: custom-ca
+
+# Control Elasticsearch Secure Settings.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-es-secure-settings.html#k8s-es-secure-settings
+#
+secureSettings: []
+ # - secretName: one-secure-settings-secret
+ # Projection of secret keys to specific paths
+ # - secretName: gcs-secure-settings
+ # entries:
+ # - key: gcs.client.default.credentials_file
+ # - key: gcs_client_1
+ # path: gcs.client.client_1.credentials_file
+ # - key: gcs_client_2
+ # path: gcs.client.client_2.credentials_file
+
+# Settings for limiting the number of simultaneous changes to an Elasticsearch resource.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-update-strategy.html
+#
+updateStrategy: {}
+ # changeBudget:
+ # maxSurge: 3
+ # maxUnavailable: 1
+
+# Controlling of connectivity between remote clusters within the same kubernetes cluster.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-remote-clusters.html
+#
+remoteClusters: {}
+ # - name: cluster-two
+ # elasticsearchRef:
+ # name: cluster-two
+ # namespace: ns-two
+
+# RemoteClusterServer specifies if the remote cluster server should be enabled.
+# This must be enabled if this cluster is a remote cluster which is expected to be accessed using API key authentication.
+#
+remoteClusterServer: {}
+# enabled: true
+
+# VolumeClaimDeletePolicy sets the policy for handling deletion of PersistentVolumeClaims for all NodeSets.
+# Possible values are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion.
+# By default, if not set or empty, the operator sets DeleteOnScaledownAndClusterDeletion.
+#
+volumeClaimDeletePolicy: ""
+
+# Settings to limit the disruption when pods need to be rescheduled for some reason such as upgrades or routine maintenance.
+# By default, if not set, the operator sets a budget that doesn't allow any pod to be removed in case the cluster is not green or if there is only one node of type `data` or `master`.
+# In all other cases the default PodDisruptionBudget sets `minUnavailable` equal to the total number of nodes minus 1.
+# To completely disable the pod disruption budget set `disabled` to true.
+#
+# podDisruptionBudget:
+# spec:
+# minAvailable: 2
+# selector:
+# matchLabels:
+# elasticsearch.k8s.elastic.co/cluster-name: quickstart
+# disabled: true
+
+# Used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace.
+# Can only be used if ECK is enforcing RBAC on references.
+#
+# serviceAccountName: ""
+
+# Number of revisions to retain to allow rollback in the underlying StatefulSets.
+# By default, if not set, Kubernetes sets 10.
+#
+# revisionHistoryLimit: 2
+
+# Node configuration settings.
+# The node roles which can be configured here are:
+# - "master"
+# - "data_hot"
+# - "data_cold"
+# - "data_frozen"
+# - "data_content"
+# - "ml"
+# - "ingest"
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-node-configuration.html
+#
+nodeSets:
+- name: default
+ count: 1
+ config:
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ # The following spec is exactly the Kubernetes Core V1 PodTemplateSpec. Any fields within the PodTemplateSpec
+ # are supported within the 'spec' field below. Please see below documentation for the exhaustive list of fields.
+ #
+ # https://v1-24.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#podtemplatespec-v1-core
+ #
+ # Only the commonly overridden/used fields will be noted below.
+ #
+ spec:
+
+ # If specified, the pod's scheduling constraints
+ # https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html
+ # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: topology.kubernetes.io/zone
+ # operator: In
+ # values:
+ # - antarctica-east1
+ # - antarctica-west1
+
+ # Containers array. Should only be used to customize the 'elasticsearch' container using the following fields.
+ containers:
+ - name: elasticsearch
+
+ # List of environment variables to set in the 'elasticsearch' container.
+ # https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/
+ # env:
+ # - name: "my-env-var"
+ # value: "my-value"
+
+ # Compute Resources required by this container.
+ resources:
+ # Requests describes the minimum amount of compute resources required. If Requests is omitted for a container,
+ # it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value.
+ #
+ # Defaults used by the ECK Operator, if not specified, are below
+ limits:
+ # cpu: 1
+ memory: 2Gi
+ requests:
+ # cpu: 1
+ memory: 2Gi
+
+ # Example increasing both the requests and limits values:
+ # limits:
+ # cpu: 4
+ # memory: 8Gi
+ # requests:
+ # cpu: 1
+ # memory: 8Gi
+
+ # SecurityContext defines the security options the container should be run with.
+ # If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ #
+ # These typically are set automatically by the ECK Operator, and should only be adjusted
+ # with the full knowledge of the effects of each field.
+ #
+ # securityContext:
+
+ # Whether this container has a read-only root filesystem. Default is false.
+ # readOnlyRootFilesystem: false
+
+ # The GID to run the entrypoint of the container process. Uses runtime default if unset.
+ # runAsGroup: 1000
+
+ # Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure
+ # that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed.
+ # runAsNonRoot: true
+
+ # The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified.
+ # runAsUser: 1000
+
+ # ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ # https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ # imagePullSecrets:
+ # - name: "image-pull-secret"
+
+ # List of initialization containers belonging to the pod.
+ #
+ # Common initContainers include setting sysctl, or in 7.x versions of Elasticsearch,
+ # installing Elasticsearch plugins.
+ #
+ # https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ # initContainers:
+ # - command:
+ # - sh
+ # - "-c"
+ # - sysctl -w vm.max_map_count=262144
+ # name: sysctl
+ # securityContext:
+ # privileged: true
+ # - command:
+ # - sh
+ # - "-c"
+ # - bin/elasticsearch-plugin remove --purge analysis-icu ; bin/elasticsearch-plugin install --batch analysis-icu
+ # name: install-plugins
+ # securityContext:
+ # privileged: true
+
+
+ # NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node.
+ # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ # https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html
+ # nodeSelector:
+ # diskType: ssd
+ # environment: production
+
+ # If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority.
+ # Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+ # https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
+ # priorityClassName: ""
+
+ # SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.
+ # See previously defined 'securityContext' within 'podTemplate' for all available fields.
+ # securityContext: {}
+
+ # ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ # serviceAccountName: ""
+
+ # Optional duration in seconds to wait for the Elasticsearch pod to terminate gracefully.
+ # terminationGracePeriodSeconds: 30s
+
+ # If specified, the pod's tolerations that will apply to all containers within the pod.
+ # https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+ # tolerations:
+ # - key: "node-role.kubernetes.io/elasticsearch"
+ # effect: "NoSchedule"
+ # operator: "Exists"
+
+ # TopologySpreadConstraints describes how a group of pods ought to spread across topology domains.
+ # Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
+ #
+ # These settings are generally applied within each `nodeSets[].podTemplate` field to apply to a specific Elasticsearch nodeset.
+ #
+ # https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html
+ # topologySpreadConstraints: {}
+
+ # List of volumes that can be mounted by containers belonging to the pod.
+ # https://kubernetes.io/docs/concepts/storage/volumes
+ # volumes: []
+
+# Settings for controlling Elasticsearch ingress. Enabling ingress will expose your Elasticsearch instance
+# to the public internet, and as such is disabled by default.
+#
+# Each Cloud Service Provider has different requirements for setting up Ingress. Some links to common documentation are:
+# - AWS: https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
+# - GCP: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
+# - Azure: https://learn.microsoft.com/en-us/azure/aks/app-routing
+# - Nginx: https://kubernetes.github.io/ingress-nginx/
+#
+ingress:
+ enabled: false
+
+ # Annotations that will be applied to the Ingress resource. Note that some ingress controllers are controlled via annotations.
+ #
+ # Nginx Annotations: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
+ #
+ # Common annotations:
+ # kubernetes.io/ingress.class: gce # Configures the Ingress resource to use the GCE ingress controller and create an external Application Load Balancer.
+ # kubernetes.io/ingress.class: gce-internal # Configures the Ingress resource to use the GCE ingress controller and create an internal Application Load Balancer.
+ # kubernetes.io/ingress.class: nginx # Configures the Ingress resource to use the NGINX ingress controller.
+ #
+ annotations: {}
+
+ # Labels that will be applied to the Ingress resource.
+ #
+ labels: {}
+
+ # Some ingress controllers require the use of a specific class name to route traffic to the correct controller, notably AKS and EKS, which
+ # replaces the use of the 'kubernetes.io/ingress.class' annotation.
+ #
+ # className: webapprouting.kubernetes.azure.com | alb
+
+ # Ingress paths are required to have a corresponding path type. Defaults to 'Prefix'.
+ #
+ # There are 3 supported path types:
+ # - ImplementationSpecific
+ # - Prefix
+ # - Exact
+ #
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types
+ #
+ pathType: Prefix
+
+ # Hosts are a list of hosts included in the Ingress definition, with a corresponding path at which the default Elasticsearch service
+ # will be exposed. Each host in the list should be a fully qualified DNS name that will resolve to the exposed Ingress object.
+ #
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#name-based-virtual-hosting
+ #
+ hosts:
+ - host: chart-example.local
+ path: /
+
+ # TLS defines whether TLS will be enabled on the Ingress resource.
+ #
+ # *NOTE* Many Cloud Service Providers handle TLS in a custom manner, and as such, it is recommended to consult their documentation.
+ # Notably GKE and Nginx Ingress Controllers seems to respect the Ingress TLS settings, AKS and EKS ignore it.
+ #
+ # - AKS: https://learn.microsoft.com/en-us/azure/aks/app-routing-dns-ssl
+ # - GKE: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#options_for_providing_ssl_certificates
+ # - EKS: https://aws.amazon.com/blogs/containers/serve-distinct-domains-with-tls-powered-by-acm-on-amazon-eks/
+ # - Nginx: https://kubernetes.github.io/ingress-nginx/user-guide/tls/
+ #
+ # Kubernetes ingress TLS documentation:
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+ #
+ tls:
+ enabled: false
+ # Optional Kubernetes secret name that contains a base64 encoded PEM certificate and private key that corresponds to the above 'hosts' definitions.
+ # If tls is enabled, but this field is not set, the self-signed certificate and key created by the ECK operator will be used.
+ # secretName: chart-example-tls
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/.helmignore b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/Chart.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/Chart.yaml
new file mode 100644
index 00000000..51b8f297
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+description: Elastic Enterprise Search managed by the ECK operator
+icon: https://github.com/elastic/ent-search/blob/main/public/app-search-favicon-196x196.png
+kubeVersion: '>= 1.21.0-0'
+name: eck-enterprise-search
+sources:
+- https://github.com/elastic/cloud-on-k8s
+type: application
+version: 0.17.0
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/examples/with-custom-configuration.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/examples/with-custom-configuration.yaml
new file mode 100644
index 00000000..4216a112
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/examples/with-custom-configuration.yaml
@@ -0,0 +1,19 @@
+config:
+ # define the exposed URL at which users will reach Enterprise Search
+ ent_search.external_url: https://my-custom-domain:3002
+ # define the exposed URL at which users will reach Kibana
+ kibana.host: https://kibana.my-custom-domain:5601
+ # configure app search document size limit
+ app_search.engine.document_size.limit: 100kb
+
+http:
+ service:
+ metadata:
+ labels:
+ my-custom: label
+ tls:
+ certificate:
+ secretName: my-cert
+
+elasticsearchRef:
+ name: eck-elasticsearch
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/templates/_helpers.tpl b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/templates/_helpers.tpl
new file mode 100644
index 00000000..21025dc7
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "eck-enterprise-search.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "eck-enterprise-search.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "eck-enterprise-search.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "eck-enterprise-search.labels" -}}
+helm.sh/chart: {{ include "eck-enterprise-search.chart" . }}
+{{ include "eck-enterprise-search.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "eck-enterprise-search.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "eck-enterprise-search.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "eck-enterprise-search.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "eck-enterprise-search.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/templates/enterprisesearch.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/templates/enterprisesearch.yaml
new file mode 100644
index 00000000..af224e35
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/templates/enterprisesearch.yaml
@@ -0,0 +1,62 @@
+---
+apiVersion: enterprisesearch.k8s.elastic.co/v1
+kind: EnterpriseSearch
+metadata:
+ name: {{ include "eck-enterprise-search.fullname" . }}
+ labels:
+ {{- include "eck-enterprise-search.labels" . | nindent 4 }}
+ {{- with .Values.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "An Enterprise Search version is required" .Values.version }}
+ count: {{ required "A pod count is required" .Values.count }}
+
+ {{- /*
+ This is complicated, but seems required to catch both the situations where the key does not exist (commented out), and the key exists but is an empty map.
+ */ -}}
+ {{- if and (or (and (hasKey .Values "configRef") (eq 0 (len .Values.configRef))) (not (hasKey .Values "configRef"))) (or (and (hasKey .Values "elasticsearchRef") (eq 0 (len .Values.elasticsearchRef))) (not (hasKey .Values "elasticsearchRef"))) }}
+ {{ fail "At least one of configRef or elasticsearchRef is required" }}
+ {{- end }}
+
+ {{- with .Values.image }}
+ image: {{ . }}
+ {{- end }}
+
+ {{- with .Values.serviceAccountName }}
+ serviceAccountName: {{ . }}
+ {{- end }}
+
+ {{- with .Values.revisionHistoryLimit }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+
+ {{- with .Values.config }}
+ config:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.http }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.elasticsearchRef }}
+ elasticsearchRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.podTemplate }}
+ podTemplate:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+
+ {{- with .Values.configRef }}
+ configRef:
+ {{- toYaml . | nindent 2 }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/values.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/values.yaml
new file mode 100644
index 00000000..24162c68
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-enterprise-search/values.yaml
@@ -0,0 +1,108 @@
+---
+# Default values for eck-enterprise-search.
+# This is a YAML-formatted file.
+
+# Overridable names of the Enterprise Search resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-enterprise-search'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Enterprise Search resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Enterprise Search.
+#
+# 8.19 should be the last minor version in the 8 line.
+version: 8.19.0
+
+# Enterprise Search Docker image to deploy
+#
+# image:
+
+# Used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace.
+# Can only be used if ECK is enforcing RBAC on references.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-restrict-cross-namespace-associations.html
+#
+# serviceAccountName: ""
+
+# Labels that will be applied to Enterprise Search.
+#
+labels: {}
+
+# Annotations that will be applied to Enterprise Search.
+#
+annotations: {}
+
+# Count of Enterprise Search replicas to create.
+#
+count: 1
+
+# The Enterprise Search configuration, the ECK equivalent to enterprise-search.yml
+# ref: https://www.elastic.co/guide/en/enterprise-search/current/configuration.html#configuration-configure
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-enterprise-search-configuration.html
+#
+# At a minimum, you must specify the external URL and Kibana host.
+#
+config: {}
+ # define the exposed URL at which users will reach Enterprise Search
+ # ent_search.external_url: https://my-custom-domain:3002
+ # define the exposed URL at which users will reach Kibana
+ # kibana.host: https://kibana.my-custom-domain:5601
+
+# Settings to control how Enterprise Search will be accessed.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-accessing-elastic-services.html
+#
+http: {}
+ # tls:
+ # certificate:
+ # secretName: my-cert
+ # service:
+ # metadata:
+ # labels:
+ # my-custom: label
+
+# Reference to ECK-managed Elasticsearch resource.
+#
+elasticsearchRef: {}
+ # name: eck-elasticsearch
+ # Optional namespace reference to Elasticsearch resource.
+ # If not specified, then the namespace of the Enterprise Search resource
+ # will be assumed.
+ #
+ # namespace: default
+ #
+ # Optional secretName referencing an existing Kubernetes secret that contains connection information
+ # for associating an Enterprise Search instance to a remote Elasticsearch instance not managed by ECK.
+ # The referenced secret must contain the following:
+ # - `url`: the URL to reach the Elastic resource
+ # - `username`: the username of the user to be authenticated to the Elastic resource
+ # - `password`: the password of the user to be authenticated to the Elastic resource
+ # - `ca.crt`: the CA certificate in PEM format (optional)
+ # This field cannot be used in combination with the other fields name, namespace or serviceName.
+ #
+ # secretName: my-remote-es-credentials
+
+# Set podTemplate to customize the pod used by Enterprise Search
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-customize-pods.html
+#
+podTemplate: {}
+
+# Number of revisions to retain to allow rollback in the underlying Deployment.
+# If not set Kubernetes sets this to 10 by default.
+#
+# revisionHistoryLimit: 2
+
+# If you would prefer your sensitive data to be stored in a Secret, you can specify the name of the Secret reference.
+# In addition, if you do not want to use the `elasticsearchRef` mechanism or if you want to connect to an Elasticsearch
+# cluster not managed by ECK, you can manually configure Enterprise Search to access any available Elasticsearch cluster:
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-enterprise-search-configuration.html#k8s-enterprise-search-secret-configuration
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-enterprise-search-configuration.html#k8s-enterprise-search-connect-non-eck-es
+#
+configRef: {}
+ # secretName: enterprise-search-config
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/.helmignore b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/Chart.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/Chart.yaml
new file mode 100644
index 00000000..47c2e1cf
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+description: Elastic Fleet Server as an Agent managed by the ECK operator
+kubeVersion: '>= 1.21.0-0'
+name: eck-fleet-server
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/elastic-agent
+- https://github.com/elastic/fleet-server
+- https://www.elastic.co/guide/en/fleet/current/fleet-overview.html
+type: application
+version: 0.17.0
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/LICENSE b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/examples/fleet-server.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/examples/fleet-server.yaml
new file mode 100644
index 00000000..6fd36206
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/examples/fleet-server.yaml
@@ -0,0 +1,17 @@
+version: 9.2.0
+deployment:
+ replicas: 1
+ podTemplate:
+ spec:
+ serviceAccountName: fleet-server
+ automountServiceAccountToken: true
+elasticsearchRefs:
+- name: eck-elasticsearch
+kibanaRef:
+ name: eck-kibana
+http:
+ service:
+ spec:
+ type: ClusterIP
+serviceAccount:
+ name: fleet-server
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/NOTES.txt b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/NOTES.txt
new file mode 100644
index 00000000..eb3c879d
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Fleet Server status
+ $ kubectl get agent {{ include "fleet-server.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Fleet Server pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l fleet-server.k8s.elastic.co/name={{ include "fleet-server.fullname" . }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/_helpers.tpl b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/_helpers.tpl
new file mode 100644
index 00000000..173f5089
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "fleet-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "fleet-server.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "fleet-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "fleet-server.labels" -}}
+helm.sh/chart: {{ include "fleet-server.chart" . }}
+{{ include "fleet-server.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "fleet-server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "fleet-server.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role-binding.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role-binding.yaml
new file mode 100644
index 00000000..e5fee457
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role-binding.yaml
@@ -0,0 +1,33 @@
+{{- with .Values.clusterRoleBinding }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "fleet-server.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- with .subjects }}
+subjects:
+{{- range . }}
+ - kind: {{ .kind }}
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+{{- end }}
+{{- end }}
+roleRef:
+ kind: {{ .roleRef.kind }}
+ name: {{ .roleRef.name }}
+ apiGroup: {{ .roleRef.apiGroup }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role.yaml
new file mode 100644
index 00000000..f067b628
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/cluster-role.yaml
@@ -0,0 +1,22 @@
+{{- with .Values.clusterRole }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .name }}
+ labels:
+ {{- include "fleet-server.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+rules: {{- toYaml .rules | nindent 2 }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/fleet-server.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/fleet-server.yaml
new file mode 100644
index 00000000..2eb3b0d3
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/fleet-server.yaml
@@ -0,0 +1,64 @@
+---
+apiVersion: agent.k8s.elastic.co/v1alpha1
+kind: Agent
+metadata:
+ name: {{ include "fleet-server.fullname" . }}
+ labels:
+ {{- include "fleet-server.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "A Fleet Server version is required" (or ((.Values.spec).version) (.Values.version)) }}
+ mode: fleet
+ fleetServerEnabled: true
+ {{- if (or (hasKey (.Values.spec) "mode") (hasKey .Values "mode")) }}
+ {{- fail "mode cannot be changed" }}
+ {{- end }}
+ {{- if (or (hasKey (.Values.spec) "fleetServerEnabled") (hasKey .Values "fleetServerEnabled"))}}
+ {{- fail "fleetServerEnabled cannot be changed" }}
+ {{- end }}
+
+ {{- $statefulSet := (or (hasKey (.Values.spec) "statefulSet") (hasKey .Values "statefulSet")) }}
+ {{- $deployment := (or (hasKey (.Values.spec) "deployment") (hasKey .Values "deployment")) }}
+ {{- if and (not $statefulSet) (not $deployment) }}
+ {{ fail "At least one of statefulSet or deployment is required" }}
+ {{- end }}
+ {{- if $statefulSet }}
+ {{- $ss := or ((.Values.spec).statefulSet) (.Values.statefulSet) }}
+ statefulSet:
+ {{- /* This is required to render the empty statefulSet ( {} ) properly */}}
+ {{- $ss | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- if $deployment }}
+ {{- $deploy := or ((.Values.spec).deployment) (.Values.deployment) }}
+ deployment:
+ {{- /* This is required to render the empty deployment ( {} ) properly */}}
+ {{- $deploy | default dict | toYaml | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).image) (.Values.image) }}
+ image: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).elasticsearchRefs) (.Values.elasticsearchRefs) }}
+ elasticsearchRefs:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).kibanaRef) (.Values.kibanaRef) }}
+ kibanaRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).policyID) (.Values.policyID) }}
+ policyID: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).http) (.Values.http) }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).revisionHistoryLimit) (.Values.revisionHistoryLimit) }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with or (((.Values.spec).serviceAccount).name) ((.Values.serviceAccount).name) }}
+ serviceAccountName: {{ . }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/service-account.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/service-account.yaml
new file mode 100644
index 00000000..0f8901d9
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/templates/service-account.yaml
@@ -0,0 +1,22 @@
+{{- with .Values.serviceAccount }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .name }}
+ namespace: {{ .namespace | default $.Release.Namespace | quote }}
+ labels:
+ {{- include "fleet-server.labels" $ | nindent 4 }}
+ {{- with .labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or $.Values.annotations .annotations }}
+ annotations:
+ {{- with $.Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/values.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/values.yaml
new file mode 100644
index 00000000..a5c3484c
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-fleet-server/values.yaml
@@ -0,0 +1,169 @@
+---
+# Default values for eck-fleet-server.
+# This is a YAML-formatted file.
+
+# Overridable names of the Fleet Server resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-fleet-server'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Fleet Server resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Elastic Fleet Server.
+#
+version: 9.2.0
+
+# Labels that will be applied to Elastic Fleet Server.
+#
+labels: {}
+
+# Annotations that will be applied to Elastic Fleet Server.
+#
+annotations: {}
+
+# Elastic Fleet Server Agent image to deploy.
+#
+# image: docker.elastic.co/beats/elastic-agent:9.2.0
+
+# ** Deprecation Notice **
+# The previous versions of this Helm Chart simply used the `spec` field here
+# and allowed the user to specify any fields below `spec` that were templated directly
+# into the final Agent/Fleet Server manifest. This is no longer the preferred way to specify these
+# fields and each field that is supported underneath `spec` is now directly specified
+# in this values file. Currently both patterns are supported for backwards compatibility
+# but we plan to remove the `spec` field in the future.
+# spec: {}
+
+# Referenced resources are below and both elasticsearchRefs and kibanaRef are required for a functional Fleet Server.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-setting-referenced-resources
+#
+# Reference to ECK-managed Kibana instance.
+# This is required for Fleet Server.
+#
+# kibanaRef:
+# name: quickstart
+ # Optional namespace reference to Kibana instance.
+ # If not specified, then the namespace of the Fleet Server resource
+ # will be assumed.
+ #
+ # namespace: default
+
+# Reference to ECK-managed Elasticsearch instance.
+# This is required for Fleet Server.
+#
+elasticsearchRefs: []
+# - name: eck-elasticsearch
+ # Optional namespace reference to Elasticsearch instance.
+ # If not specified, then the namespace of the Fleet Server resource
+ # will be assumed.
+ #
+ # namespace: default
+ #
+ # Optional secretName referencing an existing Kubernetes secret that contains connection information
+ # for associating a Fleet Server instance to a remote Elasticsearch instance not managed by ECK.
+ # The referenced secret must contain the following:
+ # - `url`: the URL to reach the Elastic resource
+ # - `username`: the username of the user to be authenticated to the Elastic resource
+ # - `password`: the password of the user to be authenticated to the Elastic resource
+ # - `ca.crt`: the CA certificate in PEM format (optional)
+ # - `api-key`: the key to authenticate against the Elastic resource instead of a username and password
+ # This field cannot be used in combination with the other fields name, namespace or serviceName.
+ #
+ # secretName: my-remote-es-credentials
+
+# policyID determines into which Agent Policy this Fleet Server will be enrolled.
+policyID: eck-fleet-server
+
+# The HTTP layer configuration for the Fleet Server Service.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-customize-fleet-server-service
+#
+# http:
+
+# Deployment or StatefulSet specification for Fleet Server.
+# At least one is required of [deployment, statefulSet].
+# No default is currently set, refer to https://github.com/elastic/cloud-on-k8s/issues/7429.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-chose-the-deployment-model
+#
+# deployment:
+# replicas: 1
+# podTemplate:
+# spec:
+# serviceAccountName: fleet-server
+# automountServiceAccountToken: true
+#
+# statefulSet:
+# podTemplate:
+# spec:
+# serviceAccountName: fleet-server
+# automountServiceAccountToken: true
+
+# Number of revisions to retain to allow rollback in the underlying Deployment.
+# If not set Kubernetes sets this to 10 by default.
+#
+# revisionHistoryLimit: 2
+
+# ServiceAccount to be used by Elastic Fleet Server. Some Fleet Server features (such as autodiscover or Kubernetes module metricsets)
+# require that Fleet Server Pods interact with Kubernetes APIs. This functionality requires specific permissions
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+serviceAccount:
+ name: fleet-server
+ # namespace: optional-namespace
+
+# ClusterRoleBinding to be used by Elastic Fleet Server. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+clusterRoleBinding:
+ name: fleet-server
+ subjects:
+ - kind: ServiceAccount
+ name: fleet-server
+ # namespace: default
+ roleRef:
+ kind: ClusterRole
+ name: fleet-server
+ apiGroup: rbac.authorization.k8s.io
+
+# ClusterRole to be used by Elastic Fleet Server. Similar to ServiceAccount, this is required in some scenarios.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration.html#k8s-elastic-agent-fleet-configuration-role-based-access-control
+#
+clusterRole:
+ name: fleet-server
+ rules:
+ - apiGroups: [""]
+ resources:
+ - pods
+ - namespaces
+ - nodes
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups: ["apps"]
+ resources:
+ - replicasets
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups: ["batch"]
+ resources:
+ - jobs
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups: ["coordination.k8s.io"]
+ resources:
+ - leases
+ verbs:
+ - get
+ - create
+ - update
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/.helmignore b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/Chart.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/Chart.yaml
new file mode 100644
index 00000000..a49729cf
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Kibana managed by the ECK operator
+icon: https://helm.elastic.co/icons/kibana.png
+kubeVersion: '>= 1.21.0-0'
+name: eck-kibana
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/kibana
+type: application
+version: 0.17.0
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/LICENSE b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/http-configuration.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/http-configuration.yaml
new file mode 100644
index 00000000..d71207e8
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/http-configuration.yaml
@@ -0,0 +1,36 @@
+---
+# Version of Kibana.
+#
+version: 9.2.0
+
+# Labels that will be applied to Kibana.
+#
+labels: {}
+ # key: value
+
+# Annotations that will be applied to Kibana.
+#
+annotations: {}
+ # key: value
+
+# Count of Kibana replicas to create.
+#
+count: 1
+
+# Reference to ECK-managed Elasticsearch resource, ideally from {{ "elasticsearch.fullname" }}
+#
+elasticsearchRef:
+ name: eck-elasticsearch
+ # namespace: default
+http:
+ service:
+ spec:
+ # Type of service to deploy for Kibana.
+ # This deploys a load balancer in a cloud service provider, where supported.
+ #
+ type: LoadBalancer
+ # tls:
+ # selfSignedCertificate:
+ # subjectAltNames:
+ # - ip: 1.2.3.4
+ # - dns: kibana.example.com
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-aks.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-aks.yaml
new file mode 100644
index 00000000..b7363dd0
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-aks.yaml
@@ -0,0 +1,28 @@
+# The following is an example of a Kibana resource that is configured to use an Ingress resource in an AKS cluster.
+#
+
+# Name of the Kibana instance.
+#
+fullnameOverride: kibana
+
+# Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+#
+elasticsearchRef:
+ name: elasticsearch
+config:
+ server:
+ publicBaseUrl: "https://kibana.company.dev"
+
+ingress:
+ enabled: true
+ className: webapprouting.kubernetes.azure.com
+ annotations:
+ # This is required for AKS Loadbalancing to understand that it's communicating with
+ # an HTTPS backend.
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "kibana.company.dev"
+ path: "/"
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-eks.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-eks.yaml
new file mode 100644
index 00000000..c5f2f43b
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-eks.yaml
@@ -0,0 +1,48 @@
+# The following is an example of a Kibana resource that is configured to use an Ingress resource in an EKS cluster.
+#
+
+# Name of the Kibana instance.
+#
+fullnameOverride: kibana
+
+# Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+#
+elasticsearchRef:
+ name: elasticsearch
+config:
+ server:
+ publicBaseUrl: "https://kibana.company.dev"
+
+ingress:
+ enabled: true
+ className: alb
+ annotations:
+ alb.ingress.kubernetes.io/scheme: "internet-facing"
+ alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
+ alb.ingress.kubernetes.io/backend-protocol: "HTTPS"
+ alb.ingress.kubernetes.io/target-type: "ip"
+ # To use an ALB with ECK, you must provide a valid ACM certificate ARN or use certificate discovery.
+ # There are 2 options for EKS:
+ # 1. Create a valid ACM certificate, and uncomment the following annotation and update it to the correct ARN.
+ # 2. Create a valid ACM certificate and ensure that the hosts[0].host matches the certificate's Common Name (CN) and
+ # certificate discovery *should* find the certificate automatically and use it.
+ #
+ # ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/cert_discovery/
+ #
+ # alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:us-east-1:00000000000:certificate/b65be571-8220-4f2e-8cb1-94194535d877"
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "kibana.company.dev"
+ path: "/"
+nodeSets:
+- name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-gke.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-gke.yaml
new file mode 100644
index 00000000..61427581
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/examples/ingress/kibana-gke.yaml
@@ -0,0 +1,31 @@
+# The following is an example of a Kibana resource that is configured to use an Ingress resource in a GKE cluster.
+#
+
+# Name of the Kibana instance.
+#
+fullnameOverride: kibana
+
+# Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+#
+elasticsearchRef:
+ name: elasticsearch
+config:
+ server:
+ publicBaseUrl: "https://kibana.company.dev"
+http:
+ service:
+ metadata:
+ annotations:
+ # This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters.
+ cloud.google.com/neg: '{"ingress": true}'
+ # This is required to enable the GKE Ingress Controller to use HTTPS as the backend protocol.
+ cloud.google.com/app-protocols: '{"https":"HTTPS"}'
+
+ingress:
+ enabled: true
+ pathType: Prefix
+ hosts:
+ - host: "kibana.company.dev"
+ path: "/"
+ tls:
+ enabled: true
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/NOTES.txt b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/NOTES.txt
new file mode 100644
index 00000000..9652161c
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Kibana status
+ $ kubectl get kibana {{ include "kibana.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Kibana pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l kibana.k8s.elastic.co/name={{ include "kibana.fullname" . }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/_helpers.tpl b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/_helpers.tpl
new file mode 100644
index 00000000..eba5497d
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kibana.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kibana.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kibana.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kibana.labels" -}}
+helm.sh/chart: {{ include "kibana.chart" . }}
+{{ include "kibana.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kibana.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kibana.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/ingress.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/ingress.yaml
new file mode 100644
index 00000000..171463c0
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/ingress.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.ingress.enabled -}}
+{{- $pathType := .Values.ingress.pathType | default "Prefix" -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ include "kibana.fullname" . }}
+ labels:
+ {{- include "kibana.labels" . | nindent 4 }}
+ {{- with .Values.ingress.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if .Values.ingress.annotations }}
+ annotations:
+ {{- with .Values.ingress.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ {{- if .Values.ingress.className }}
+ ingressClassName: {{ .Values.ingress.className | quote }}
+ {{- end }}
+ {{- if .Values.ingress.tls.enabled }}
+ tls:
+ - hosts:
+ {{- range .Values.ingress.hosts }}
+ - {{ .host | quote }}
+ {{- end }}
+ {{- if .Values.ingress.tls.secretName }}
+ secretName: {{ .Values.ingress.tls.secretName }}
+ {{- else }}
+ secretName: {{ include "kibana.fullname" . }}-kb-http-certs-internal
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ {{- $hostPath := .path | default "/" }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ - path: {{ $hostPath }}
+ pathType: {{ $pathType }}
+ backend:
+ service:
+ name: {{ include "kibana.fullname" $ }}-kb-http
+ port:
+ number: 5601
+ {{- end }}
+{{ end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/kibana.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/kibana.yaml
new file mode 100644
index 00000000..0d925001
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/templates/kibana.yaml
@@ -0,0 +1,61 @@
+---
+apiVersion: kibana.k8s.elastic.co/v1
+kind: Kibana
+metadata:
+ name: {{ include "kibana.fullname" . }}
+ labels:
+ {{- include "kibana.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "A Kibana version is required" .Values.version }}
+ {{- /*
+ The following templates with 'or' are to allow both .spec.field and .field to be set for backwards
+ compatibility purposes. See https://github.com/elastic/cloud-on-k8s/pull/8192 for details.
+ */ -}}
+ {{- with or ((.Values.spec).image) (.Values.image) }}
+ image: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).count) (.Values.count) }}
+ count: {{ . }}
+ {{- end }}
+ {{- $esRef := or ((.Values.spec).elasticsearchRef) (.Values.elasticsearchRef) }}
+{{- if not (or ($esRef).name ($esRef).secretName) }}
+ {{ fail "An elasticsearchRef name or secretName is required" }}
+ {{- end }}
+ elasticsearchRef:
+ {{- toYaml $esRef | nindent 4 }}
+ {{- $entsearchRef := or ((.Values.spec).enterpriseSearchRef) (.Values.enterpriseSearchRef) }}
+ {{- if $entsearchRef }}
+ enterpriseSearchRef:
+ {{- toYaml $entsearchRef | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).config) (.Values.config) }}
+ config:
+ {{ toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).http) (.Values.http) }}
+ http:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).podTemplate) (.Values.podTemplate) }}
+ podTemplate:
+ {{ toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).revisionHistoryLimit) (.Values.revisionHistoryLimit) }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).secureSettings) (.Values.secureSettings) }}
+ secureSettings:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with or ((.Values.spec).serviceAccountName) (.Values.serviceAccountName) }}
+ serviceAccountName: {{ . }}
+ {{- end }}
+ {{- with or ((.Values.spec).monitoring) (.Values.monitoring) }}
+ monitoring:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/values.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/values.yaml
new file mode 100644
index 00000000..932b2a4a
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-kibana/values.yaml
@@ -0,0 +1,190 @@
+---
+# Default values for eck-kibana.
+# This is a YAML-formatted file.
+
+# Overridable names of the Kibana resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-kibana'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Kibana resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Kibana.
+#
+version: 9.2.0
+
+# Kibana Docker image to deploy
+#
+# image: docker.elastic.co/kibana/kibana:9.2.0
+
+# Labels that will be applied to Kibana.
+#
+labels: {}
+
+# Annotations that will be applied to Kibana.
+#
+annotations: {}
+
+# ** Deprecation Notice **
+# The previous versions of this Helm Chart simply used the `spec` field here
+# and allowed the user to specify any fields below spec that were templated directly
+# into the final Kibana manifest. This is no long the preferred way to specify these
+# fields and each field that is supported underneath `spec` is now directly specified
+# in this values file. Currently both patterns are supported for backwards compatibility
+# but we plan to remove the `spec` field in the future.
+# spec: {}
+
+# Count of Kibana replicas to create.
+#
+count: 1
+
+# Reference to ECK-managed Elasticsearch resource.
+#
+elasticsearchRef: {}
+ # name: eck-elasticsearch
+ # Optional namespace reference to Elasticsearch resource.
+ # If not specified, then the namespace of the Kibana resource
+ # will be assumed.
+ #
+ # namespace: default
+ #
+ # Optional secretName referencing an existing Kubernetes secret that contains connection information
+ # for associating a Kibana instance to a remote Elasticsearch instance not managed by ECK.
+ # The referenced secret must contain the following:
+ # - `url`: the URL to reach the Elastic resource
+ # - `username`: the username of the user to be authenticated to the Elastic resource
+ # - `password`: the password of the user to be authenticated to the Elastic resource
+ # - `ca.crt`: the CA certificate in PEM format (optional)
+ # This field cannot be used in combination with the other fields name, namespace or serviceName.
+ #
+ # secretName: my-remote-es-credentials
+
+# Reference to an EnterpriseSearch running in the same Kubernetes cluster
+#
+# enterpriseSearchRef:
+
+# The Kibana configuration (kibana.yml)
+# ref: https://www.elastic.co/guide/en/kibana/current/settings.html
+#
+config: null
+
+# The HTTP layer configuration for Kibana.
+#
+# http:
+
+# PodTemplate provides customisation options (labels, annotations, affinity rules,
+# resource requests, and so on) for the Kibana pods
+#
+# podTemplate:
+
+# Number of revisions to retain to allow rollback in the underlying deployment.
+# By default, if not set, Kubernetes sets 10.
+#
+# revisionHistoryLimit: 2
+
+# Control Kibana Secure Settings.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-kibana-secure-settings.html
+#
+secureSettings: []
+
+# Used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace.
+# Can only be used if ECK is enforcing RBAC on references.
+#
+# serviceAccountName: ""
+
+# Settings for configuring stack monitoring.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html
+#
+monitoring: {}
+ # metrics:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+ # logs:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+
+# Settings for controlling Kibana ingress. Enabling ingress will expose your Kibana instance
+# to the public internet, and as such is disabled by default.
+#
+# *NOTE* when configuring Kibana Ingress, ensure that `config.server.publicBaseUrl` setting for
+# Kibana is also set, as it is required when exposing Kibana behind a load balancer/ingress.
+# Also of note are `server.basePath`, and `server.rewriteBasePath` settings in the Kibana configuration.
+#
+# ref: https://www.elastic.co/guide/en/kibana/current/settings.html
+#
+# Each Cloud Service Provider has different requirements for setting up Ingress. Some links to common documentation are:
+# - AWS: https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
+# - GCP: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
+# - Azure: https://learn.microsoft.com/en-us/azure/aks/app-routing
+# - Nginx: https://kubernetes.github.io/ingress-nginx/
+#
+ingress:
+ enabled: false
+
+ # Annotations that will be applied to the Ingress resource. Note that some ingress controllers are controlled via annotations.
+ #
+ # Nginx Annotations: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
+ #
+ # Common annotations:
+ # kubernetes.io/ingress.class: gce # Configures the Ingress resource to use the GCE ingress controller and create an external Application Load Balancer.
+ # kubernetes.io/ingress.class: gce-internal # Configures the Ingress resource to use the GCE ingress controller and create an internal Application Load Balancer.
+ # kubernetes.io/ingress.class: nginx # Configures the Ingress resource to use the NGINX ingress controller.
+ #
+ annotations: {}
+
+ # Labels that will be applied to the Ingress resource.
+ #
+ labels: {}
+
+ # Some ingress controllers require the use of a specific class name to route traffic to the correct controller, notably AKS and EKS, which
+ # replaces the use of the 'kubernetes.io/ingress.class' annotation.
+ #
+ # className: webapprouting.kubernetes.azure.com | alb
+
+ # Ingress paths are required to have a corresponding path type. Defaults to 'Prefix'.
+ #
+ # There are 3 supported path types:
+ # - ImplementationSpecific
+ # - Prefix
+ # - Exact
+ #
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types
+ #
+ pathType: Prefix
+
+ # Hosts are a list of hosts included in the Ingress definition, with a corresponding path at which the Kibana service
+ # will be exposed. Each host in the list should be a fully qualified DNS name that will resolve to the exposed Ingress object.
+ #
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#name-based-virtual-hosting
+ #
+ hosts:
+ - host: chart-example.local
+ path: /
+
+ # TLS defines whether TLS will be enabled on the Ingress resource.
+ #
+ # *NOTE* Many Cloud Service Providers handle TLS in a custom manner, and as such, it is recommended to consult their documentation.
+ # Notably GKE and Nginx Ingress Controllers seems to respect the Ingress TLS settings, AKS and EKS ignore it.
+ #
+ # - AKS: https://learn.microsoft.com/en-us/azure/aks/app-routing-dns-ssl
+ # - GKE: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#options_for_providing_ssl_certificates
+ # - EKS: https://aws.amazon.com/blogs/containers/serve-distinct-domains-with-tls-powered-by-acm-on-amazon-eks/
+ # - Nginx: https://kubernetes.github.io/ingress-nginx/user-guide/tls/
+ #
+ # Kubernetes ingress TLS documentation:
+ # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+ #
+ tls:
+ enabled: false
+ # Optional Kubernetes secret name that contains a base64 encoded PEM certificate and private key that corresponds to the above 'hosts' definitions.
+ # If tls is enabled, but this field is not set, the self-signed certificate and key created by the ECK operator will be used.
+ # secretName: chart-example-tls
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/.helmignore b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/.helmignore
new file mode 100644
index 00000000..f1568daf
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+templates/tests
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/Chart.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/Chart.yaml
new file mode 100644
index 00000000..089f98c0
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+description: Logstash managed by the ECK operator
+icon: https://helm.elastic.co/icons/logstash.png
+kubeVersion: '>= 1.21.0-0'
+name: eck-logstash
+sources:
+- https://github.com/elastic/cloud-on-k8s
+- https://github.com/elastic/logstash
+type: application
+version: 0.17.0
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/LICENSE b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/LICENSE
new file mode 100644
index 00000000..92503a72
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/LICENSE
@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
\ No newline at end of file
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/basic-eck.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/basic-eck.yaml
new file mode 100644
index 00000000..644a44b1
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/basic-eck.yaml
@@ -0,0 +1,44 @@
+---
+# values corresponding to config/recipes/logstash/logstash-eck.yaml
+version: 9.2.0
+
+elasticsearchRefs:
+ - clusterName: eck
+ name: elasticsearch
+
+pipelines:
+ - pipeline.id: main
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+
+services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/es-role.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/es-role.yaml
new file mode 100644
index 00000000..5f1ddb15
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/es-role.yaml
@@ -0,0 +1,25 @@
+---
+# values corresponding to config/recipes/logstash/logstash-es-role.yaml
+version: 9.2.0
+
+elasticsearchRefs:
+ - clusterName: eck
+ name: elasticsearch
+
+pipelines:
+ - pipeline.id: main
+ config.string: |
+ input { exec { command => "uptime" interval => 10 } }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ ssl_enabled => true
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ index => "my-index"
+ data_stream => false
+ ilm_enabled => false
+ manage_template => false
+ }
+ }
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/monitored.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/monitored.yaml
new file mode 100644
index 00000000..24508ea7
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/monitored.yaml
@@ -0,0 +1,49 @@
+---
+# values corresponding to config/recipes/logstash/logstash-monitored.yaml
+version: 9.2.0
+
+monitoring:
+ metrics:
+ elasticsearchRefs:
+ - name: elasticsearch-monitoring
+
+pipelines:
+ - pipeline.id: main
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+
+elasticsearchRefs:
+ - clusterName: eck
+ name: elasticsearch
+
+services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/multi.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/multi.yaml
new file mode 100644
index 00000000..12036d92
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/multi.yaml
@@ -0,0 +1,78 @@
+---
+# values corresponding to config/recipes/logstash/logstash-multi.yaml
+version: 9.2.0
+
+pipelines:
+ - pipeline.id: main
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ pipeline {
+ send_to => 'prod'
+ }
+ pipeline {
+ send_to => 'qa'
+ }
+ }
+ - pipeline.id: production
+ config.string: |
+ input {
+ pipeline {
+ address => 'prod'
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${PROD_ES_ES_HOSTS}" ]
+ user => "${PROD_ES_ES_USER}"
+ password => "${PROD_ES_ES_PASSWORD}"
+ ssl_certificate_authorities => "${PROD_ES_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+ - pipeline.id: qa
+ config.string: |
+ input {
+ pipeline {
+ address => 'qa'
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${QA_ES_ES_HOSTS}" ]
+ user => "${QA_ES_ES_USER}"
+ password => "${QA_ES_ES_PASSWORD}"
+ ssl_certificate_authorities => "${QA_ES_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+
+elasticsearchRefs:
+ - clusterName: prod-es
+ name: production
+ - clusterName: qa-es
+ name: qa
+ namespace: qa
+
+services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
+
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/volumes.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/volumes.yaml
new file mode 100644
index 00000000..67cfd133
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/examples/volumes.yaml
@@ -0,0 +1,107 @@
+---
+# values corresponding to config/recipes/logstash/logstash-volumes.yaml
+version: 9.2.0
+
+config:
+ log.level: info
+ queue.type: persisted
+ path.queue: /usr/share/logstash/pq
+
+podTemplate:
+ spec:
+ containers:
+ - name: logstash
+ volumeMounts:
+ - mountPath: /usr/share/logstash/pq
+ name: pq
+ readOnly: false
+ - mountPath: /usr/share/logstash/dlq
+ name: dlq
+ readOnly: false
+
+pipelines:
+ - pipeline.id: dlq_read
+ dead_letter_queue.enable: false
+ config.string: |
+ input {
+ dead_letter_queue {
+ path => "/usr/share/logstash/dlq"
+ commit_offsets => true
+ pipeline_id => "beats"
+ clean_consumed => true
+ }
+ }
+ filter {
+ mutate {
+ remove_field => "[geoip][location]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+ - pipeline.id: beats
+ dead_letter_queue.enable: true
+ path.dead_letter_queue: /usr/share/logstash/dlq
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+
+volumeClaimTemplates:
+ - metadata:
+ name: pq
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Gi
+ - metadata:
+ name: dlq
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 5Gi
+
+
+elasticsearchRefs:
+ - clusterName: eck
+ name: elasticsearch
+
+services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
+
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/templates/NOTES.txt b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/templates/NOTES.txt
new file mode 100644
index 00000000..c2f255af
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/templates/NOTES.txt
@@ -0,0 +1,6 @@
+
+1. Check Logstash status
+ $ kubectl get logstash {{ include "logstash.fullname" . }} -n {{ .Release.Namespace }}
+
+2. Check Logstash pod status
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l logstash.k8s.elastic.co/name={{ include "logstash.fullname" . }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/templates/_helpers.tpl b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/templates/_helpers.tpl
new file mode 100644
index 00000000..7efd669f
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "logstash.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "logstash.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "logstash.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "logstash.labels" -}}
+helm.sh/chart: {{ include "logstash.chart" . }}
+{{ include "logstash.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "logstash.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "logstash.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/templates/logstash.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/templates/logstash.yaml
new file mode 100644
index 00000000..8ba52ef6
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/templates/logstash.yaml
@@ -0,0 +1,58 @@
+---
+apiVersion: logstash.k8s.elastic.co/v1alpha1
+kind: Logstash
+metadata:
+ name: {{ include "logstash.fullname" . }}
+ labels:
+ {{- include "logstash.labels" . | nindent 4 }}
+ annotations:
+ eck.k8s.elastic.co/license: basic
+ {{- with .Values.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ version: {{ required "A Logstash version is required" .Values.version }}
+ count: {{ required "A pod count is required" .Values.count }}
+ {{- with .Values.image }}
+ image: {{ . }}
+ {{- end }}
+ {{- with .Values.serviceAccountName }}
+ serviceAccountName: {{ . }}
+ {{- end }}
+ {{- with .Values.revisionHistoryLimit }}
+ revisionHistoryLimit: {{ . }}
+ {{- end }}
+
+ {{- if and .Values.config .Values.configRef }}
+ {{- fail "config and configRef are mutually exclusive!" }}
+ {{- end }}
+ {{- with .Values.config }}
+ config:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.configRef }}
+ configRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.podTemplate }}
+ podTemplate:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.monitoring }}
+ monitoring:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if and .Values.pipelines .Values.pipelinesRef }}
+ {{- fail "pipelines and pipelinesRef are mutually exclusive!" }}
+ {{- end }}
+ {{- with .Values.pipelinesRef }}
+ pipelinesRef:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if .Values.pipelines }}
+ pipelines: {{ toYaml .Values.pipelines | nindent 4 }}
+ {{- end }}
+ volumeClaimTemplates: {{ toYaml .Values.volumeClaimTemplates | nindent 4 }}
+ elasticsearchRefs: {{ toYaml .Values.elasticsearchRefs | nindent 4 }}
+ services: {{ toYaml .Values.services | nindent 4 }}
+ secureSettings: {{ toYaml .Values.secureSettings | nindent 4 }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/values.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/values.yaml
new file mode 100644
index 00000000..f82ad0a5
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/charts/eck-logstash/values.yaml
@@ -0,0 +1,115 @@
+---
+# Default values for eck-logstash.
+# This is a YAML-formatted file.
+
+# Overridable names of the Logstash resource.
+# By default, this is the Release name set for the chart,
+# followed by 'eck-logstash'.
+#
+# nameOverride will override the name of the Chart with the name set here,
+# so nameOverride: quickstart, would convert to '{{ Release.name }}-quickstart'
+#
+# nameOverride: "quickstart"
+#
+# fullnameOverride will override both the release name, and the chart name,
+# and will name the Logstash resource exactly as specified.
+#
+# fullnameOverride: "quickstart"
+
+# Version of Logstash.
+#
+version: 9.2.0
+
+# Logstash Docker image to deploy
+#
+# image:
+
+# Used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace.
+# Can only be used if ECK is enforcing RBAC on references.
+#
+# serviceAccountName: ""
+
+# Labels that will be applied to Logstash.
+#
+labels: {}
+
+# Annotations that will be applied to Logstash.
+#
+annotations: {}
+
+# Number of revisions to retain to allow rollback in the underlying StatefulSets.
+# By default, if not set, Kubernetes sets 10.
+#
+# revisionHistoryLimit: 2
+
+# Controlling the number of pods.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-scaling-logstash.html
+#
+count: 1
+
+# The logstash configuration, the ECK equivalent to logstash.yml
+#
+# NOTE: The `config` and `configRef` fields are mutually exclusive. Only one of them should be defined at a time,
+# as using both may cause conflicts.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-logstash-configuring-logstash
+#
+config: {}
+
+# Reference a configuration in a Secret.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-logstash-configuring-logstash
+#
+# configRef:
+# secretName: ''
+
+# Set podTemplate to customize the pod used by Logstash
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-customize-pods.html
+#
+podTemplate: {}
+
+# Settings for configuring stack monitoring.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-stack-monitoring.html
+#
+monitoring: {}
+ # metrics:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+ # logs:
+ # elasticsearchRefs:
+ # - name: monitoring
+ # namespace: observability
+
+# The Logstash pipelines, the ECK equivalent to pipelines.yml
+#
+# NOTE: The `pipelines` and `pipelinesRef` fields are mutually exclusive. Only one of them should be defined at a time,
+# as using both may cause conflicts.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-logstash-pipelines
+#
+pipelines: []
+
+# Reference a pipelines configuration in a Secret.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-logstash-pipelines
+#
+# pipelinesRef:
+# secretName: ''
+
+# volumeClaimTemplates
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-volume-claim-settings
+#
+volumeClaimTemplates: []
+
+# ElasticsearchRefs are references to Elasticsearch clusters running in the same Kubernetes cluster.
+# Ensure that the 'clusterName' field matches what is referenced in the pipeline.
+# ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-logstash-configuration.html#k8s-logstash-pipelines-es
+#
+elasticsearchRefs: []
+# - namespace: ''
+# name: ''
+# clusterName: ''
+# serviceName: ''
+# secretName: ''
+
+services: []
+
+# SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Logstash
+secureSettings: []
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/agent/fleet-agents.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/agent/fleet-agents.yaml
new file mode 100644
index 00000000..4358b6f6
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/agent/fleet-agents.yaml
@@ -0,0 +1,122 @@
+---
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ # Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: elasticsearch
+
+ config:
+ # Note that these are specific to the namespace into which this example is installed, and are
+ # using `elastic-stack` as configured here and detailed in the README when installing:
+ #
+ # `helm install es-kb-quickstart elastic/eck-stack -n elastic-stack`
+ #
+ # If installed outside of the `elastic-stack` namespace, the following 2 lines need modification.
+ xpack.fleet.agents.elasticsearch.hosts: ["https://elasticsearch-es-http.elastic-stack.svc:9200"]
+ xpack.fleet.agents.fleet_server.hosts: ["https://fleet-server-agent-http.elastic-stack.svc:8220"]
+ xpack.fleet.packages:
+ - name: system
+ version: latest
+ - name: elastic_agent
+ version: latest
+ - name: fleet_server
+ version: latest
+ - name: kubernetes
+ version: latest
+ xpack.fleet.agentPolicies:
+ - name: Fleet Server on ECK policy
+ id: eck-fleet-server
+ namespace: default
+ is_managed: true
+ monitoring_enabled:
+ - logs
+ - metrics
+ package_policies:
+ - name: fleet_server-1
+ id: fleet_server-1
+ package:
+ name: fleet_server
+ - name: Elastic Agent on ECK policy
+ id: eck-agent
+ namespace: default
+ is_managed: true
+ monitoring_enabled:
+ - logs
+ - metrics
+ unenroll_timeout: 900
+ package_policies:
+ - package:
+ name: system
+ name: system-1
+ - package:
+ name: kubernetes
+ name: kubernetes-1
+
+eck-agent:
+ enabled: true
+
+ # Agent policy to be used.
+ policyID: eck-agent
+ # Reference to ECK-managed Kibana instance.
+ #
+ kibanaRef:
+ name: kibana
+ elasticsearchRefs: []
+ # Reference to ECK-managed Fleet instance.
+ #
+ fleetServerRef:
+ name: fleet-server
+
+ mode: fleet
+ daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: elastic-agent
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ automountServiceAccountToken: true
+ securityContext:
+ runAsUser: 0
+
+eck-fleet-server:
+ enabled: true
+
+ fullnameOverride: "fleet-server"
+
+ deployment:
+ replicas: 1
+ podTemplate:
+ spec:
+ serviceAccountName: fleet-server
+ automountServiceAccountToken: true
+
+ # Agent policy to be used.
+ policyID: eck-fleet-server
+ kibanaRef:
+ name: kibana
+ elasticsearchRefs:
+ - name: elasticsearch
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/apm-server/basic.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/apm-server/basic.yaml
new file mode 100644
index 00000000..227b5825
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/apm-server/basic.yaml
@@ -0,0 +1,52 @@
+---
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ spec:
+ config:
+ xpack.fleet.packages:
+ - name: apm
+ version: latest
+
+eck-apm-server:
+ enabled: true
+
+ # Count of APM Server replicas to create.
+ #
+ count: 1
+
+ # Reference to ECK-managed Elasticsearch resource.
+ #
+ elasticsearchRef:
+ name: elasticsearch
+ kibanaRef:
+ name: kibana
+ http:
+ service:
+ spec:
+ ports:
+ - name: http
+ port: 8200
+ targetPort: 8200
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/apm-server/jaeger-with-http-configuration.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/apm-server/jaeger-with-http-configuration.yaml
new file mode 100644
index 00000000..b694955f
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/apm-server/jaeger-with-http-configuration.yaml
@@ -0,0 +1,60 @@
+---
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ spec:
+ config:
+ xpack.fleet.packages:
+ - name: apm
+ version: latest
+
+eck-apm-server:
+ enabled: true
+
+ # Count of APM Server replicas to create.
+ #
+ count: 1
+
+ config:
+ name: elastic-apm
+ apm-server.jaeger.grpc.enabled: true
+ apm-server.jaeger.grpc.host: "0.0.0.0:14250"
+
+ # Reference to ECK-managed Elasticsearch resource.
+ #
+ elasticsearchRef:
+ name: elasticsearch
+ kibanaRef:
+ name: kibana
+ http:
+ service:
+ spec:
+ ports:
+ - name: http
+ port: 8200
+ targetPort: 8200
+ - name: grpc
+ port: 14250
+ targetPort: 14250
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/beats/metricbeat_hosts.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/beats/metricbeat_hosts.yaml
new file mode 100644
index 00000000..235aaa6e
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/beats/metricbeat_hosts.yaml
@@ -0,0 +1,217 @@
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch resource.
+ #
+ fullnameOverride: quickstart
+
+ # Version of Elasticsearch.
+ #
+ version: 9.2.0
+
+ nodeSets:
+ - name: default
+ count: 3
+ config:
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 100Gi
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana resource.
+ #
+ fullnameOverride: quickstart
+
+ # Version of Kibana.
+ #
+ version: 9.2.0
+
+ spec:
+ # Count of Kibana replicas to create.
+ #
+ count: 1
+
+ # Reference to ECK-managed Elasticsearch resource, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: quickstart
+
+eck-beats:
+ enabled: true
+ name: metricbeat
+ type: metricbeat
+ version: 9.2.0
+ elasticsearchRef:
+ name: quickstart
+ kibanaRef:
+ name: quickstart
+ config:
+ # Since filebeat is used in the default values, this needs to be removed with an empty list.
+ filebeat.inputs: []
+ metricbeat:
+ autodiscover:
+ providers:
+ - hints:
+ default_config: {}
+ enabled: "true"
+ node: ${NODE_NAME}
+ type: kubernetes
+ modules:
+ - module: system
+ period: 10s
+ metricsets:
+ - cpu
+ - load
+ - memory
+ - network
+ - process
+ - process_summary
+ process:
+ include_top_n:
+ by_cpu: 5
+ by_memory: 5
+ processes:
+ - .*
+ - module: system
+ period: 1m
+ metricsets:
+ - filesystem
+ - fsstat
+ processors:
+ - drop_event:
+ when:
+ regexp:
+ system:
+ filesystem:
+ mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib)($|/)
+ - module: kubernetes
+ period: 10s
+ node: ${NODE_NAME}
+ hosts:
+ - https://${NODE_NAME}:10250
+ bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+ ssl:
+ verification_mode: none
+ metricsets:
+ - node
+ - system
+ - pod
+ - container
+ - volume
+ processors:
+ - add_cloud_metadata: {}
+ - add_host_metadata: {}
+ daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: metricbeat
+ automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
+ containers:
+ - args:
+ - -e
+ - -c
+ - /etc/beat.yml
+ - --system.hostfs=/hostfs
+ name: metricbeat
+ volumeMounts:
+ - mountPath: /hostfs/sys/fs/cgroup
+ name: cgroup
+ - mountPath: /var/run/docker.sock
+ name: dockersock
+ - mountPath: /hostfs/proc
+ name: proc
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true # Allows to provide richer host metadata
+ securityContext:
+ runAsUser: 0
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - hostPath:
+ path: /sys/fs/cgroup
+ name: cgroup
+ - hostPath:
+ path: /var/run/docker.sock
+ name: dockersock
+ - hostPath:
+ path: /proc
+ name: proc
+
+ clusterRole:
+ # permissions needed for metricbeat
+ # source: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-kubernetes.html
+ name: metricbeat
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ - namespaces
+ - events
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - "extensions"
+ resources:
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ - deployments
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - nodes/stats
+ verbs:
+ - get
+ - nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+
+ serviceAccount:
+ name: metricbeat
+
+ clusterRoleBinding:
+ name: metricbeat
+ subjects:
+ - kind: ServiceAccount
+ name: metricbeat
+ roleRef:
+ kind: ClusterRole
+ name: metricbeat
+ apiGroup: rbac.authorization.k8s.io
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/custom-elasticsearch-kibana.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/custom-elasticsearch-kibana.yaml
new file mode 100644
index 00000000..1c3adb3e
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/custom-elasticsearch-kibana.yaml
@@ -0,0 +1,78 @@
+---
+eck-elasticsearch:
+ # Name of the Elasticsearch resource.
+ #
+ fullnameOverride: quickstart
+
+ # Version of Elasticsearch.
+ #
+ version: 9.2.0
+
+ nodeSets:
+ - name: default
+ count: 1
+ config:
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 100Gi
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+
+eck-kibana:
+ # Name of the Kibana resource.
+ #
+ fullnameOverride: quickstart
+
+ # Version of Kibana.
+ #
+ version: 9.2.0
+
+ spec:
+ # Count of Kibana replicas to create.
+ #
+ count: 1
+
+ # Reference to ECK-managed Elasticsearch resource, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: quickstart
+ # namespace: default
+ http:
+ service:
+ spec:
+ # Type of service to deploy for Kibana.
+ # This deploys a load balancer in a cloud service provider, where supported.
+ #
+ type: LoadBalancer
+ # tls:
+ # selfSignedCertificate:
+ # subjectAltNames:
+ # - ip: 1.2.3.4
+ # - dns: kibana.example.com
+ podTemplate:
+ spec:
+ containers:
+ - name: kibana
+ env:
+ - name: NODE_OPTIONS
+ value: "--max-old-space-size=2048"
+ resources:
+ requests:
+ memory: 1Gi
+ cpu: 0.5
+ limits:
+ memory: 2.5Gi
+ cpu: 2
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/elasticsearch/hot-warm-cold.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/elasticsearch/hot-warm-cold.yaml
new file mode 100644
index 00000000..919cb4c7
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/elasticsearch/hot-warm-cold.yaml
@@ -0,0 +1,199 @@
+---
+eck-elasticsearch:
+ nodeSets:
+ - name: masters
+ count: 1
+ config:
+ node.roles: ["master"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 8Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highio
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+ - name: hot
+ count: 1
+ config:
+ node.roles: ["data_hot", "data_content", "ingest"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 16Gi
+ cpu: 4
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highio
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+ - name: warm
+ count: 1
+ config:
+ node.roles: ["data_warm"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 16Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highstorage
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
+ - name: cold
+ count: 1
+ config:
+ node.roles: ["data_cold"]
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 8Gi
+ cpu: 2
+ # Affinity/Anti-affinity settings for controlling the 'spreading' of Elasticsearch
+ # pods across existing hosts.
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-affinity-options
+ #
+ # affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: beta.kubernetes.io/instance-type
+ # operator: In
+ # # This should be adjusted to the instance type according to your setup
+ # #
+ # values:
+ # - highstorage
+ # Volume Claim settings.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-volume-claim-templates.html
+ #
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 20Ti
+ # Adjust to your storage class name
+ #
+ # storageClassName: local-storage
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/elasticsearch/ingress/elasticsearch-ingress-gke.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/elasticsearch/ingress/elasticsearch-ingress-gke.yaml
new file mode 100644
index 00000000..0ca2e8a5
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/elasticsearch/ingress/elasticsearch-ingress-gke.yaml
@@ -0,0 +1,40 @@
+# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in a GKE cluster.
+# Additional examples of exposing Elasticsearch with Ingress resources can be found in the following location:
+# https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-stack/charts/eck-elasticsearch/examples/ingress
+#
+eck-elasticsearch:
+ enabled: true
+
+ ingress:
+ enabled: true
+ annotations:
+ my: annotation
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "elasticsearch.company.dev"
+ path: "/"
+ http:
+ service:
+ metadata:
+ annotations:
+ # This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters.
+ cloud.google.com/neg: '{"ingress": true}'
+ # This is required to enable the GKE Ingress Controller to use HTTPS as the backend protocol.
+ cloud.google.com/app-protocols: '{"https":"HTTPS"}'
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+ # Enable anonymous access to allow GCLB health probes to succeed
+ xpack.security.authc:
+ anonymous:
+ username: anon
+ roles: monitoring_user
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/enterprise-search/basic.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/enterprise-search/basic.yaml
new file mode 100644
index 00000000..aeb61b06
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/enterprise-search/basic.yaml
@@ -0,0 +1,42 @@
+---
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ elasticsearchRef:
+ name: elasticsearch
+
+ spec:
+ enterpriseSearchRef:
+ name: enterprise-search
+
+eck-enterprise-search:
+ enabled: true
+
+ # Name of the Enterprise Search instance.
+ #
+ fullnameOverride: enterprise-search
+
+ elasticsearchRef:
+ name: elasticsearch
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/enterprise-search/with-custom-configuration.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/enterprise-search/with-custom-configuration.yaml
new file mode 100644
index 00000000..a7c3ad49
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/enterprise-search/with-custom-configuration.yaml
@@ -0,0 +1,52 @@
+---
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ elasticsearchRef:
+ name: elasticsearch
+
+ spec:
+ enterpriseSearchRef:
+ name: enterprise-search
+
+eck-enterprise-search:
+ enabled: true
+
+ # Name of the Enterprise Search instance.
+ #
+ fullnameOverride: enterprise-search
+
+ config:
+ # configure app search document size limit
+ app_search.engine.document_size.limit: 100kb
+
+ http:
+ service:
+ metadata:
+ labels:
+ my-custom: label
+
+ elasticsearchRef:
+ name: elasticsearch
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/kibana/http-configuration.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/kibana/http-configuration.yaml
new file mode 100644
index 00000000..d8a4831d
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/kibana/http-configuration.yaml
@@ -0,0 +1,23 @@
+---
+eck-kibana:
+ # Count of Kibana replicas to create.
+ #
+ count: 1
+
+ # Reference to ECK-managed Elasticsearch resource, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: es-quickstart-eck-elasticsearch
+ # namespace: default
+ http:
+ service:
+ spec:
+ # Type of service to deploy for Kibana.
+ # This deploys a load balancer in a cloud service provider, where supported.
+ #
+ type: LoadBalancer
+ # tls:
+ # selfSignedCertificate:
+ # subjectAltNames:
+ # - ip: 1.2.3.4
+ # - dns: kibana.example.com
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/kibana/ingress/kibana-gke.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/kibana/ingress/kibana-gke.yaml
new file mode 100644
index 00000000..4aa1dc06
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/kibana/ingress/kibana-gke.yaml
@@ -0,0 +1,80 @@
+# The following is an example of a Kibana resource that is configured to use an Ingress resource in a GKE cluster.
+# Additional examples of exposing Kibana with Ingress resources can be found in the following location:
+# https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-stack/charts/eck-kibana/examples/ingress
+#
+eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ ingress:
+ enabled: true
+ annotations:
+ my: annotation
+ labels:
+ my: label
+ pathType: Prefix
+ hosts:
+ - host: "elasticsearch.company.dev"
+ path: "/"
+ tls:
+ enabled: true
+
+ http:
+ service:
+ metadata:
+ annotations:
+ # This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters.
+ cloud.google.com/neg: '{"ingress": true}'
+ cloud.google.com/app-protocols: '{"https":"HTTPS"}'
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+ # Enable anonymous access to allow GCLB health probes to succeed
+ xpack.security.authc:
+ anonymous:
+ username: anon
+ roles: monitoring_user
+
+eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ # Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: elasticsearch
+
+ config:
+ server:
+ publicBaseUrl: "https://kibana.company.dev"
+
+ http:
+ service:
+ metadata:
+ annotations:
+ # This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters.
+ cloud.google.com/neg: '{"ingress": true}'
+ cloud.google.com/app-protocols: '{"https":"HTTPS"}'
+
+ ingress:
+ enabled: true
+ pathType: Prefix
+ hosts:
+ - host: "kibana.company.dev"
+ path: "/"
+ tls:
+ enabled: true
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/examples/logstash/basic-eck.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/logstash/basic-eck.yaml
new file mode 100644
index 00000000..8c2afa22
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/examples/logstash/basic-eck.yaml
@@ -0,0 +1,113 @@
+---
+eck-elasticsearch:
+ nodeSets:
+ - name: default
+ count: 3
+ config:
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ memory: 2Gi
+eck-kibana:
+ enabled: true
+ spec:
+ count: 1
+ elasticsearchRef:
+ name: elasticsearch
+eck-beats:
+ enabled: true
+ deployment:
+ podTemplate:
+ spec:
+ automountServiceAccountToken: true
+ initContainers:
+ - name: download-tutorial
+ image: curlimages/curl
+ command: ["/bin/sh"]
+ args: ["-c", "curl -L https://download.elastic.co/demos/logstash/gettingstarted/logstash-tutorial.log.gz | gunzip -c > /data/logstash-tutorial.log"]
+ volumeMounts:
+ - name: data
+ mountPath: /data
+ containers:
+ - name: filebeat
+ securityContext:
+ runAsUser: 1000
+ volumeMounts:
+ - name: data
+ mountPath: /data
+ - name: beat-data
+ mountPath: /usr/share/filebeat/data
+ volumes:
+ - name: data
+ emptydir: {}
+ - name: beat-data
+ emptydir: {}
+ type: filebeat
+ config:
+ filebeat.inputs:
+ - type: filestream
+ id: logstash-tutorial
+ paths:
+ - /data/logstash-tutorial.log
+ processors:
+ - add_host_metadata: {}
+ - add_cloud_metadata: {}
+ output.logstash:
+ # This needs to be {{logstash-name}}-ls-beats:5044
+ hosts: ["logstash-ls-beats-ls-beats:5044"]
+eck-logstash:
+ enabled: true
+ # This is required to be able to set the logstash
+ # output of beats in a consistent manner.
+ fullnameOverride: "logstash-ls-beats"
+ elasticsearchRefs:
+ # This clusterName is required to match the environment variables
+ # used in the below config.string output section.
+ - clusterName: eck
+ name: elasticsearch
+ pipelines:
+ - pipeline.id: main
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+ services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/templates/NOTES.txt b/packs/elastic-stack-0.17.0/charts/eck-stack/templates/NOTES.txt
new file mode 100644
index 00000000..65cdae60
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/templates/NOTES.txt
@@ -0,0 +1,10 @@
+Elasticsearch ECK-Stack {{ .Chart.Version }} has been deployed successfully!
+
+To see status of all resources, run
+
+kubectl get elastic -n {{ .Release.Namespace }} -l "app.kubernetes.io/instance"={{ .Release.Name }}
+
+More information on the Elastic ECK Operator, and its Helm chart can be found
+within our documentation.
+
+https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/templates/_helpers.tpl b/packs/elastic-stack-0.17.0/charts/eck-stack/templates/_helpers.tpl
new file mode 100644
index 00000000..cef61bdb
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/templates/_helpers.tpl
@@ -0,0 +1,48 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "eck-stack.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "eck-stack.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "eck-stack.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "eck-stack.labels" -}}
+helm.sh/chart: {{ include "eck-stack.chart" . }}
+{{ include "eck-stack.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "eck-stack.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "eck-stack.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/packs/elastic-stack-0.17.0/charts/eck-stack/values.yaml b/packs/elastic-stack-0.17.0/charts/eck-stack/values.yaml
new file mode 100644
index 00000000..5d504211
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/charts/eck-stack/values.yaml
@@ -0,0 +1,50 @@
+---
+# Default values for eck-stack.
+# This is a YAML-formatted file.
+
+# If enabled, will use the eck-elasticsearch chart and deploy an Elasticsearch resource.
+#
+eck-elasticsearch:
+ enabled: true
+ # This is adjusting the full name of the elasticsearch resource so that both the eck-elasticsearch
+ # and the eck-kibana chart work together by default in the eck-stack chart.
+ fullnameOverride: elasticsearch
+
+# If enabled, will use the eck-kibana chart and deploy a Kibana resource.
+#
+eck-kibana:
+ enabled: true
+ # This is also adjusting the kibana reference to the elasticsearch resource named previously so that
+ # both the eck-elasticsearch and the eck-kibana chart work together by default in the eck-stack chart.
+ elasticsearchRef:
+ name: elasticsearch
+
+# If enabled, will use the eck-agent chart and deploy an Elastic Agent instance.
+#
+eck-agent:
+ enabled: false
+
+# If enabled, will use the eck-fleet-server chart and deploy a Fleet Server resource.
+#
+eck-fleet-server:
+ enabled: false
+
+# If enabled, will use the eck-beats chart and deploy a Beats resource.
+#
+eck-beats:
+ enabled: false
+
+# If enabled, will use the eck-logstash chart and deploy a Logstash resource.
+#
+eck-logstash:
+ enabled: false
+
+# If enabled, will use the eck-apm-server chart and deploy a standalone APM Server resource.
+#
+eck-apm-server:
+ enabled: false
+
+# If enabled, will use the eck-enterprise-search chart and deploy a Enterprise Search resource.
+#
+eck-enterprise-search:
+ enabled: false
diff --git a/packs/elastic-stack-0.17.0/logo.png b/packs/elastic-stack-0.17.0/logo.png
new file mode 100644
index 00000000..fa70b78d
Binary files /dev/null and b/packs/elastic-stack-0.17.0/logo.png differ
diff --git a/packs/elastic-stack-0.17.0/pack.json b/packs/elastic-stack-0.17.0/pack.json
new file mode 100644
index 00000000..63a90fed
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/pack.json
@@ -0,0 +1,36 @@
+{
+ "addonType": "logging",
+ "annotations": {
+ "commit_msg": "Elastic Cloud on Kubernetes (ECK) Stack",
+ "source": "community",
+ "contributor" : "spectrocloud"
+ },
+ "charts": [
+ "charts/eck-stack-0.17.0.tgz"
+ ],
+ "cloudTypes": [
+ "all"
+ ],
+ "displayName": "ECK Stack",
+ "layer":"addon",
+ "name": "elastic-stack",
+ "version": "0.17.0",
+ "constraints": {
+ "dependencies": [
+ {
+ "packName": "elastic-operator",
+ "minVersion": "3.2.0",
+ "maxVersion": "",
+ "layer": "addon",
+ "type": "required"
+ },
+ {
+ "packName": "kubernetes",
+ "layer": "k8s",
+ "minVersion": "1.27",
+ "maxVersion": "",
+ "type": "optional"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/packs/elastic-stack-0.17.0/presets.yaml b/packs/elastic-stack-0.17.0/presets.yaml
new file mode 100644
index 00000000..0c8956ea
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/presets.yaml
@@ -0,0 +1,260 @@
+presets:
+ - name: "Fleet agents"
+ displayName: "Fleet agents with Elasticsearch and Kibana"
+ group: "OOB Examples"
+ remove:
+ - "charts.elasticsearch"
+ - "charts.eck-kibana"
+ - "charts.eck-agent"
+ - "charts.eck-fleet-server"
+ add: |
+ charts:
+ eck-stack:
+ eck-elasticsearch:
+ enabled: true
+
+ # Name of the Elasticsearch instance.
+ #
+ fullnameOverride: elasticsearch
+
+ nodeSets:
+ - name: default
+ count: 3
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html
+ #
+ config:
+ node.store.allow_mmap: false
+
+ eck-kibana:
+ enabled: true
+
+ # Name of the Kibana instance.
+ #
+ fullnameOverride: kibana
+
+ spec:
+ # Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }}
+ #
+ elasticsearchRef:
+ name: elasticsearch
+
+ config:
+ # Note that these are specific to the namespace into which this example is installed, and are
+ # using `elastic-stack` as configured here and detailed in the README when installing:
+ #
+ # `helm install es-kb-quickstart elastic/eck-stack -n elastic-stack`
+ #
+ # If installed outside of the `elastic-stack` namespace, the following 2 lines need modification.
+ xpack.fleet.agents.elasticsearch.hosts: ["https://elasticsearch-es-http.elastic-stack.svc:9200"]
+ xpack.fleet.agents.fleet_server.hosts: ["https://fleet-server-agent-http.elastic-stack.svc:8220"]
+ xpack.fleet.packages:
+ - name: system
+ version: latest
+ - name: elastic_agent
+ version: latest
+ - name: fleet_server
+ version: latest
+ - name: kubernetes
+ version: latest
+ xpack.fleet.agentPolicies:
+ - name: Fleet Server on ECK policy
+ id: eck-fleet-server
+ namespace: default
+ monitoring_enabled:
+ - logs
+ - metrics
+ package_policies:
+ - name: fleet_server-1
+ id: fleet_server-1
+ package:
+ name: fleet_server
+ - name: Elastic Agent on ECK policy
+ id: eck-agent
+ namespace: default
+ monitoring_enabled:
+ - logs
+ - metrics
+ unenroll_timeout: 900
+ package_policies:
+ - package:
+ name: system
+ name: system-1
+ - package:
+ name: kubernetes
+ name: kubernetes-1
+
+ eck-agent:
+ enabled: true
+
+ spec:
+ # Agent policy to be used.
+ policyID: eck-agent
+ # Reference to ECK-managed Kibana instance.
+ #
+ kibanaRef:
+ name: kibana
+
+ elasticsearchRefs: []
+
+ # Reference to ECK-managed Fleet instance.
+ #
+ fleetServerRef:
+ name: fleet-server
+
+ mode: fleet
+
+ daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: elastic-agent
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ automountServiceAccountToken: true
+ securityContext:
+ runAsUser: 0
+
+ eck-fleet-server:
+ enabled: true
+
+ fullnameOverride: "fleet-server"
+
+ spec:
+ # Agent policy to be used.
+ policyID: eck-fleet-server
+ kibanaRef:
+ name: kibana
+ elasticsearchRefs:
+ - name: elasticsearch
+
+
+ - name: "Logstash"
+ displayName: "Logstash with Elasticsearch, Kibana and Beats"
+ group: "OOB Examples"
+ remove:
+ - "charts.elasticsearch"
+ - "charts.eck-kibana"
+ - "charts.eck-beats"
+ - "charts.eck-logstash"
+ add: |
+ charts:
+ eck-stack:
+ eck-elasticsearch:
+ nodeSets:
+ - name: default
+ count: 3
+ config:
+ # Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive.
+ # For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144
+ # and leave node.store.allow_mmap unset.
+ # ref: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-virtual-memory.html
+ #
+ node.store.allow_mmap: false
+ podTemplate:
+ spec:
+ containers:
+ - name: elasticsearch
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ memory: 2Gi
+ eck-kibana:
+ enabled: true
+ spec:
+ count: 1
+ elasticsearchRef:
+ name: elasticsearch
+
+ # AIRGAP DEPLOYMENTS PLEASE NOTE:
+ # This preset curls logstash data from an external location.
+ # If you want to use this in airgap you will have to move it to a local file server and replace the curl endpoint below
+ eck-beats:
+ enabled: true
+ spec:
+ type: filebeat
+ daemonSet: null
+ config:
+ filebeat.inputs:
+ - type: filestream
+ paths:
+ - /data/logstash-tutorial.log
+ processors:
+ - add_host_metadata: {}
+ - add_cloud_metadata: {}
+ output.logstash:
+ # This needs to be {{logstash-name}}-ls-beats:5044
+ hosts: ["logstash-ls-beats-ls-beats:5044"]
+ deployment:
+ podTemplate:
+ spec:
+ automountServiceAccountToken: true
+ initContainers:
+ - name: download-tutorial
+ image: curlimages/curl
+ command: ["/bin/sh"]
+ args: ["-c", "curl -L https://download.elastic.co/demos/logstash/gettingstarted/logstash-tutorial.log.gz | gunzip -c > /data/logstash-tutorial.log"]
+ volumeMounts:
+ - name: data
+ mountPath: /data
+ containers:
+ - name: filebeat
+ securityContext:
+ runAsUser: 1000
+ volumeMounts:
+ - name: data
+ mountPath: /data
+ - name: beat-data
+ mountPath: /usr/share/filebeat/data
+ volumes:
+ - name: data
+ emptydir: {}
+ - name: beat-data
+ emptydir: {}
+ eck-logstash:
+ enabled: true
+ # This is required to be able to set the logstash
+ # output of beats in a consistent manner.
+ fullnameOverride: "logstash-ls-beats"
+ elasticsearchRefs:
+ # This clusterName is required to match the environment variables
+ # used in the below config.string output section.
+ - clusterName: eck
+ name: elasticsearch
+ pipelines:
+ - pipeline.id: main
+ config.string: |
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ grok {
+ match => { "message" => "%{HTTPD_COMMONLOG}"}
+ }
+ geoip {
+ source => "[source][address]"
+ target => "[source]"
+ }
+ }
+ output {
+ elasticsearch {
+ hosts => [ "${ECK_ES_HOSTS}" ]
+ user => "${ECK_ES_USER}"
+ password => "${ECK_ES_PASSWORD}"
+ ssl_certificate_authorities => "${ECK_ES_SSL_CERTIFICATE_AUTHORITY}"
+ }
+ }
+ services:
+ - name: beats
+ service:
+ spec:
+ type: ClusterIP
+ ports:
+ - port: 5044
+ name: "filebeat"
+ protocol: TCP
+ targetPort: 5044
\ No newline at end of file
diff --git a/packs/elastic-stack-0.17.0/values.yaml b/packs/elastic-stack-0.17.0/values.yaml
new file mode 100644
index 00000000..52638800
--- /dev/null
+++ b/packs/elastic-stack-0.17.0/values.yaml
@@ -0,0 +1,71 @@
+# Default values for eck-elastic-operator
+# This is a YAML-formatted file
+pack:
+ content:
+ images:
+ - image: docker.elastic.co/kibana/kibana:9.2.0
+ - image: docker.elastic.co/elasticsearch/elasticsearch:9.2.0
+ - image: docker.elastic.co/logstash/logstash:9.2.0
+ - image: docker.elastic.co/beats/filebeat:9.2.0
+ - image: docker.io/curlimages/curl
+
+
+ charts:
+ - repo: https://helm.elastic.co/
+ name: eck-stack
+ version: 0.17.0
+ #The namespace (on the target cluster) to install this chart
+ #When not found, a new namespace will be created
+ namespace: "elastic-stack"
+
+charts:
+ eck-stack:
+ # Default values for eck-stack.
+ # This is a YAML-formatted file.
+
+ # If enabled, will use the eck-elasticsearch chart and deploy an Elasticsearch resource.
+ #
+ eck-elasticsearch:
+ enabled: true
+ # This is adjusting the full name of the elasticsearch resource so that both the eck-elasticsearch
+ # and the eck-kibana chart work together by default in the eck-stack chart.
+ fullnameOverride: elasticsearch
+
+ # If enabled, will use the eck-kibana chart and deploy a Kibana resource.
+ #
+ eck-kibana:
+ enabled: true
+ # This is also adjusting the kibana reference to the elasticsearch resource named previously so that
+ # both the eck-elasticsearch and the eck-kibana chart work together by default in the eck-stack chart.
+ elasticsearchRef:
+ name: elasticsearch
+
+ # If enabled, will use the eck-agent chart and deploy an Elastic Agent instance.
+ #
+ eck-agent:
+ enabled: false
+
+ # If enabled, will use the eck-fleet-server chart and deploy a Fleet Server resource.
+ #
+ eck-fleet-server:
+ enabled: false
+
+ # If enabled, will use the eck-beats chart and deploy a Beats resource.
+ #
+ eck-beats:
+ enabled: false
+
+ # If enabled, will use the eck-logstash chart and deploy a Logstash resource.
+ #
+ eck-logstash:
+ enabled: false
+
+ # If enabled, will use the eck-apm-server chart and deploy a standalone APM Server resource.
+ #
+ eck-apm-server:
+ enabled: false
+
+ # If enabled, will use the eck-enterprise-search chart and deploy a Enterprise Search resource.
+ #
+ eck-enterprise-search:
+ enabled: false
\ No newline at end of file