######################################################################## # Common Elasticsearch configuration # # Common Elasticsearch configuration for all Elasticsearch instances # (master, data, etc.). Instance-type specific values must be set # in values.yaml # action: auto_create_index: ".*,sg7-*,searchguard,searchguard*" # Allow both primary and non-primary shards to be moved between nodes for # balancing purposes. cluster: routing.allocation.enable: all xpack: # Disable xpack.security when using SearchGuard. security.enabled: false # Cluster monitoring configuration. monitoring: enabled: true collection: enabled: true # SearchGuard configuration. searchguard: # Configure node certificates. nodes_dn: - ${SG_NODES_DN} allow_default_init_sgindex: true audit: type: internal_elasticsearch check_snapshot_restore_write_privileges: true enable_snapshot_restore_privilege: true restapi: roles_enabled: - SGS_ALL_ACCESS # Searchguard config ssl: http: enabled: true pemcert_filepath: certs/cert.pem pemkey_filepath: certs/key.p8 pemtrustedcas_filepath: certs/ca_bundle.pem # clientauth_mode: OPTIONAL clientauth_mode: NONE enabled_protocols: - TLSv1.3 - TLSv1.2 - TLSv1.1 transport: # Mount certs to /usr/share/elasticsearch/config pemcert_filepath: certs/cert.pem pemkey_filepath: certs/key.p8 pemtrustedcas_filepath: certs/ca_bundle.pem enforce_hostname_verification: false # Configure authorization authcz: admin_dn: - ${SG_ADMIN_DN}