# Default values for elastic-stack. # This is a YAML-formatted file. # Declare variables to be passed into your templates. elasticsearch: enabled: true # prefix elasticsearch resources with the name of the releases # looks like we can't use {{ .Release.Name }}-elasticsearch # https://github.com/helm/helm/issues/2133 clusterName: "elastic-stack-elasticsearch" filebeat: enabled: true filebeatConfig: filebeat.yml: | output.file.enabled: false output.elasticsearch: hosts: ["http://elastic-stack-elasticsearch-master:9200"] filebeat.inputs: - type: container paths: - '/var/lib/docker/containers/*/*.log' json.keys_under_root: true json.ignore_decoding_error: true processors: - add_id: target_field: tie_breaker_id - add_cloud_metadata: ~ - add_kubernetes_metadata: ~ - decode_json_fields: fields: ["message"] when: equals: kubernetes.container.namespace: "gitlab-managed-apps" kubernetes.container.name: "modsecurity-log" kibana: enabled: false elasticsearchHosts: "http://elastic-stack-elasticsearch-master:9200" elasticsearch-curator: enabled: true configMaps: config_yml: |- --- client: hosts: - elastic-stack-elasticsearch-master port: 9200 action_file_yml: |- --- actions: 1: action: delete_indices description: >- Delete indices older than 30 days (based on index name), for filebeat- prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly. options: ignore_empty_list: True allow_ilm_indices: True filters: - filtertype: pattern kind: prefix value: filebeat- - filtertype: age source: name direction: older timestring: '%Y.%m.%d' unit: days unit_count: 30