This repository has been archived by the owner on Oct 5, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
/
elasticsearch.yml.all
72 lines (64 loc) · 2.11 KB
/
elasticsearch.yml.all
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
searchguard.ssl.transport.http.enabled: true
cluster:
name: elasticsearch
script:
disable_dynamic: false
discovery:
zen:
ping:
multicast:
enabled: false
minimum_master_nodes: ${NODE_QUORUM}
gateway:
recover_after_nodes: ${RECOVER_AFTER_NODES}
expected_nodes: ${RECOVER_EXPECTED_NODES}
recover_after_time: ${RECOVER_AFTER_TIME}
io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd"]
cloud:
k8s:
servicedns: es-viaq-cluster
discovery:
type: io.fabric8.elasticsearch.discovery.k8s.K8sDiscoveryModule
path:
data: /elasticsearch/persistent/${CLUSTER_NAME}/data
logs: /elasticsearch/${CLUSTER_NAME}/logs
work: /elasticsearch/${CLUSTER_NAME}/work
searchguard:
config_index_name: ".searchguard.${HOSTNAME}"
key_path: /elasticsearch/${CLUSTER_NAME}
allow_all_from_loopback: false
authentication:
authentication_backend:
impl: com.floragunn.searchguard.authentication.backend.simple.AlwaysSucceedAuthenticationBackend
authorizer:
impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator
http_authenticator:
impl: io.fabric8.elasticsearch.plugin.HTTPSProxyClientCertAuthenticator
proxy:
header: X-Proxy-Remote-User
trusted_ips: ["*"]
authorization:
settingsdb:
roles:
admin: ["root"]
fluentd: ["fluentd"]
kibana: ["kibana"]
ssl:
transport:
http:
keystore_type: JKS
keystore_filepath: /etc/elasticsearch/keys/key
keystore_password: kspass
enforce_clientauth: true
truststore_type: JKS
truststore_filepath: /etc/elasticsearch/keys/truststore
truststore_password: tspass
actionrequestfilter:
names: ["readonly", "fluentd", "kibana"]
readonly:
allowed_actions: ["indices:data/read/*", "*monitor*"]
forbidden_actions: ["cluster:*", "indices:admin*"]
fluentd:
allowed_actions: ["indices:data/write/*", "indices:admin/create"]
kibana:
allowed_actions: ["indices:data/read/*", "*monitor*", "indices:admin/read", "indices:admin/mappings/fields/get*"]