From 19e6ad9962d068a40d63ab905c9420e58dc6d21c Mon Sep 17 00:00:00 2001
From: groundhog2k <10630407+groundhog2k@users.noreply.github.com>
Date: Tue, 5 Jan 2021 15:26:40 +0100
Subject: [PATCH] DRAFT: Initial draft for graylog without elastic (#165)
* Initial draft for graylog without elastic
* Fixed trailing spaces
* Added elasticsearch chart reference and input service ports
* Implemented extraServices and GeoIP database support
* Removed trailing spaces
---
charts/graylog/.helmignore | 23 ++
charts/graylog/Chart.lock | 9 +
charts/graylog/Chart.yaml | 22 ++
charts/graylog/README.md | 181 +++++++++++
charts/graylog/charts/elasticsearch-0.1.0.tgz | Bin 0 -> 5312 bytes
charts/graylog/charts/mongodb-0.2.7.tgz | Bin 0 -> 5174 bytes
charts/graylog/templates/_helpers.tpl | 169 ++++++++++
charts/graylog/templates/extraservices.yaml | 30 ++
charts/graylog/templates/geoipsecrets.yaml | 21 ++
charts/graylog/templates/ingress.yaml | 41 +++
charts/graylog/templates/scripts.yaml | 18 ++
charts/graylog/templates/secureconfig.yaml | 26 ++
.../graylog/templates/service-internal.yaml | 16 +
charts/graylog/templates/service.yaml | 24 ++
charts/graylog/templates/serviceaccount.yaml | 12 +
charts/graylog/templates/statefulset.yaml | 189 ++++++++++++
.../templates/tests/test-connection.yaml | 15 +
charts/graylog/values.yaml | 288 ++++++++++++++++++
18 files changed, 1084 insertions(+)
create mode 100644 charts/graylog/.helmignore
create mode 100644 charts/graylog/Chart.lock
create mode 100644 charts/graylog/Chart.yaml
create mode 100644 charts/graylog/README.md
create mode 100644 charts/graylog/charts/elasticsearch-0.1.0.tgz
create mode 100644 charts/graylog/charts/mongodb-0.2.7.tgz
create mode 100644 charts/graylog/templates/_helpers.tpl
create mode 100644 charts/graylog/templates/extraservices.yaml
create mode 100644 charts/graylog/templates/geoipsecrets.yaml
create mode 100644 charts/graylog/templates/ingress.yaml
create mode 100644 charts/graylog/templates/scripts.yaml
create mode 100644 charts/graylog/templates/secureconfig.yaml
create mode 100644 charts/graylog/templates/service-internal.yaml
create mode 100644 charts/graylog/templates/service.yaml
create mode 100644 charts/graylog/templates/serviceaccount.yaml
create mode 100644 charts/graylog/templates/statefulset.yaml
create mode 100644 charts/graylog/templates/tests/test-connection.yaml
create mode 100644 charts/graylog/values.yaml
diff --git a/charts/graylog/.helmignore b/charts/graylog/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/charts/graylog/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/graylog/Chart.lock b/charts/graylog/Chart.lock
new file mode 100644
index 00000000..4b665ed8
--- /dev/null
+++ b/charts/graylog/Chart.lock
@@ -0,0 +1,9 @@
+dependencies:
+- name: mongodb
+ repository: https://groundhog2k.github.io/helm-charts
+ version: 0.2.7
+- name: elasticsearch
+ repository: https://groundhog2k.github.io/helm-charts
+ version: 0.1.0
+digest: sha256:a060aad91af87a477e72361960c442acef3e4851fcc41690058d970d25481190
+generated: "2021-01-04T14:04:19.2835459+01:00"
diff --git a/charts/graylog/Chart.yaml b/charts/graylog/Chart.yaml
new file mode 100644
index 00000000..ad257804
--- /dev/null
+++ b/charts/graylog/Chart.yaml
@@ -0,0 +1,22 @@
+apiVersion: v2
+name: graylog
+description: A Helm chart for Graylog on Kubernetes
+
+type: application
+
+maintainers:
+ - name: groundhog2k
+
+version: 0.1.0
+
+appVersion: "4.0.1"
+
+dependencies:
+ - name: mongodb
+ version: 0.2.7
+ repository: "https://groundhog2k.github.io/helm-charts"
+ condition: mongodb.enabled
+ - name: elasticsearch
+ version: 0.1.0
+ repository: "https://groundhog2k.github.io/helm-charts"
+ condition: elasticsearch.enabled
diff --git a/charts/graylog/README.md b/charts/graylog/README.md
new file mode 100644
index 00000000..a154b8f9
--- /dev/null
+++ b/charts/graylog/README.md
@@ -0,0 +1,181 @@
+# Graylog
+
+  
+
+A Helm chart for Graylog on Kubernetes
+
+## TL;DR
+
+```bash
+$ helm repo add groundhog2k https://groundhog2k.github.io/helm-charts/
+$ helm install my-release groundhog2k/graylog
+```
+
+## Introduction
+
+This chart uses the original [Graylog image from Docker Hub](https://hub.docker.com/r/graylog/graylog/) to deploy a stateful Graylog instance in a Kubernetes cluster.
+
+## Prerequisites
+
+- Kubernetes 1.12+
+- Helm 3.x
+- PV provisioner support in the underlying infrastructure
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```bash
+$ helm install my-release groundhog2k/graylog
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```bash
+$ helm uninstall my-release
+```
+
+## Common parameters
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| fullnameOverride | string | `""` | Fully override the deployment name |
+| nameOverride | string | `""` | Partially override the deployment name |
+
+## Deployment parameters
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.repository | string | `"graylog/graylog"` | Image name |
+| image.tag | string | `""` | Image tag |
+| initImage.pullPolicy | string | `"IfNotPresent"` | Init container image pull policy |
+| initImage.repository | string | `"busybox"` | Default init container image |
+| initImage.tag | string | `"latest"` | Init container image tag |
+| imagePullSecrets | list | `[]` | Image pull secrets |
+| livenessProbe | object | `see values.yaml` | Liveness probe configuration |
+| readinessProbe | object | `see values.yaml` | Readiness probe configuration |
+| resources | object | `{}` | Resource limits and requests |
+| nodeSelector | object | `{}` | Deployment node selector |
+| podAnnotations | object | `{}` | Additional pod annotations |
+| podSecurityContext | object | `see values.yaml` | Pod security context |
+| securityContext | object | `see values.yaml` | Container security context |
+| env | list | `[]` | Additional container environmment variables |
+| args | list | `[]` | Additional container command arguments |
+| serviceAccount.annotations | object | `{}` | Additional service account annotations |
+| serviceAccount.create | bool | `false` | Enable service account creation |
+| serviceAccount.name | string | `""` | Name of the service account |
+| affinity | object | `{}` | Pod affinity |
+| tolerations | list | `[]` | Pod tolerations |
+| podManagementPolicy | string | `OrderedReady` | Pod management policy |
+| updateStrategyType | string | `RollingUpdate` | Update strategy |
+| replicaCount | int | `1` | Number of replicas (Not supported - Don't change in this chart version) |
+
+## Service paramters
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| service.type | string | `"ClusterIP"` | Service type |
+| service.http | int | `80` | Graylog http service port |
+| service.nodePort | int | `nil` | The http node port (only relevant for type LoadBalancer or NodePort) |
+| service.clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
+| service.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
+
+## Extra service parameters
+
+Section to define all additional UDP/TCP inputs for Graylog
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| extraServices[].name | string | `nil` | Unique name of the input service |
+| extraServices[].type | string | `nil` | Service type (ClusterIP / NodePort / LoadBalancer) |
+| extraServices[].protocol | string | `nil` | Protocol type (TCP / UDP) |
+| extraServices[].containerPort | int | `nil` | Container port |
+| extraServices[].port | int | `nil` | Service port |
+| extraServices[].nodePort | int | `nil` | The http node port (only relevant for type LoadBalancer or NodePort) |
+| extraServices[].clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
+| extraServices[].loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
+
+
+## Ingress parameters
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| ingress.enabled | bool | `false` | Enable ingress for Gitea service |
+| ingress.annotations | string | `nil` | Additional annotations for ingress |
+| ingress.hosts[].host | string | `nil` | Hostname for the ingress endpoint |
+| ingress.hosts[].host.paths[] | string | `nil` | Path routing for the ingress endpoint host |
+| ingress.tls | list | `[]` | Ingress TLS parameters |
+
+## Database settings
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| externalDatabase.host | string | `nil` | External MongoDB database host |
+| externalDatabase.name | string | `"graylog"` | External database name |
+| externalDatabase.user | string | `nil` | External database user name |
+| externalDatabase.password | string | `nil` | External database user password |
+| mongodb.enabled | bool | `false` | Enable MongoDB deployment (will disable external database settings) |
+| mongodb.settings.rootUsername | string | `admin` | The root username |
+| mongodb.settings.rootPassword | string | `{}` | The root users password (Random value if not specified) |
+| mongodb.userDatabase | object | `{}` | Optional MongoDB user database |
+| mongodb.userDatabase.name | string | `nil` | Name of the user database |
+| mongodb.userDatabase.user | string | `nil` | User name with full access to user database|
+| mongodb.userDatabase.password | string | `nil` | Password of created user (Random value if not specified) |
+| mongodb.storage | object | `see values.yaml` | MongoDB storage settings |
+| elasticsearch.enabled | bool | `false` | Enable Elasticsearch deployment (will disable `elastic.hosts` setting) |
+| elasticsearch.javaOpts | string | `"-Xms512m -Xmx512m"` | Additional JVM options for Elasticsearch |
+| elasticsearch.clusterName | string | `"graylog"` | Elasticsearch cluster name |
+| elasticsearch.storage | object | `see values.yaml` | Elasticsearch storage settings |
+
+## MaxMind GeoIP2 database
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| initGeoIPDatabase.enabled | bool | `false` | Enable GeoIP database download |
+| initGeoIPDatabase.accountId | string | `""` | MaxMind UserId / AccountId |
+| initGeoIPDatabase.licenseKey | string | `""` | MaxMind license key |
+| initGeoIPDatabase.editionId | string | `"GeoLite2-City"` | Default database edition Id (https://www.maxmind.com/en/accounts/473747/geoip/downloads) |
+| initGeoIPDatabase.host | string | `""` | The MaxMind download host (not necessary to change that - default updates.maxmind.com)|
+| initGeoIPDatabase.proxy | string | `""` | A valid proxy if internet access is running through a proxy |
+| initGeoIPDatabase.proxyUserPassword | string | `""` | Proxy username and password in format "username:password" |
+
+## Storage parameters
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| storage.accessModes[0] | string | `"ReadWriteOnce"` | Storage access mode |
+| storage.persistentVolumeClaimName | string | `nil` | PVC name when existing storage volume should be used |
+| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
+| storage.className | string | `nil` | Storage class name |
+
+## Graylog parameters
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| settings.http.externalUri | string | `http://127.0.0.1:9000/` | External URI for Graylog |
+| settings.http.publishUri | string | `nil` | Graylog publish URI |
+| settings.clusterName | string | `singlenode-cluster` | Cluster name |
+| settings.javaOpts | string | `nil` | Additional JVM options for Graylog |
+| settings.passwordSecret | string | `somepasswordpepper` | Secret for password encryption and salting |
+| settings.rootUser.username | string | `"admin"` | Graylog root user name |
+| settings.rootUser.sha2password | string | `"8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"` | Graylog root user password SHA2 (default: "admin") |
+| settings.rootUser.email | string | `""` | Graylog root user email address |
+| settings.rootUser.timezone | string | `"UTC"` | Graylog root user timezone |
+| settings.journal.maxAge | string | `"12h"` | Graylog max. journal age |
+| settings.journal.maxSize | string | `"5gb"` | Graylog max. journal size |
+| settings.elastic.hosts | string | `"http://127.0.0.1:9200"` | Comma separated list of Elasticsearch hosts (only used when `elasticsearch.enabled` is false) |
+| settings.elastic.indexPrefix | string | `"graylog"` | Elasticsearch index prefix |
+| settings.smtp.enabled | bool | `false` | Enable/Disable SMTP |
+| settings.smtp.host | string | `"mail.example.com"` | SMTP host name |
+| settings.smtp.port | int | `587` | SMTP port |
+| settings.smtp.useAuth | bool | `true` | Use SMTP authentication |
+| settings.smtp.useTls | bool | `true` | Use SMTP with STARTTLS |
+| settings.smtp.useSsl | bool | `false` | Enable SMTP over SSL (SMTPS) |
+| settings.smtp.username | string | `"you@example.com"` | SMTP username |
+| settings.smtp.password | string | `"secret"` | SMTP password |
+| settings.smtp.emailFrom | string | `"you@example.com"` | Mail from address |
+| settings.smtp.subjectPrefix | string | `"[graylog]"` | Mail subject prefix |
+
+Further Graylog parameter can be set via environment variables (see Deployment parameter: env)
diff --git a/charts/graylog/charts/elasticsearch-0.1.0.tgz b/charts/graylog/charts/elasticsearch-0.1.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..1a614c4f56efed73f57b9908cdd12a7f42871560
GIT binary patch
literal 5312
zcmV;x6hG@9iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKDLa}znT`2IY9MW1t5n{ex~odme^r}p!T7ubb62r0sH_llxG
zo{?=WGt#W2G58YR-~LM9W+crxP9TKa_cA{OkEYe#YPDLemek+^2}v@65zm&Rqb1@p
zU8A!2?i!!*cs#y$c&Ps!kH_)9<NbU4-%Sqg-#@%J8Q;4%`EEQp98d0j2jlBxV$)L#
ziTHQpFQyeY?sxK_ioC*H5Jso4+D}kbHLv&6$vB-PITjfwmDFVq;4v;r$dsPIoN;*M
z>klvrf3IhlQ!KGaN<^qcgkmnH$q*<i@e~%E)ihtS#s2%mlmsf6$aRIMfU2q>8B#=(
zm1Ag}PSSDmttIxq>j}sI3KcaL*KGi{jQ_iL@86Bb|Ni~)?fAcmXJ;oG!a2*{V-BQ5
z3!Lb`(*%IyiU}eaU&rGWpsI`FgcT%PPvOb@n8_241*S3q*n#IO%sI)i0J+2lD@e3}
z4@)L6<amziLIN?Ljag}JP?~@Op2A>|7+y~5qBzAF$5Kq;^&4$L90?6JuZyBnnC$Gp
zb8W#;0Rr<C$uOWSV>OkDeSctHr<&{23TI?auz(LsESH!AitB+`vbxA&h9Tn^Nt`EO
ze@$VI3V}7I2b40Y?U(?`0Oh&*M>RI)0|2$KQ#kvi>%UxLZ8(9=`)Vm<wZN%{eKH5i
zBnT`4(cChlWy@>)10aKl2v}f>xndb=LFhswc7g+m%c?+9v2X0N5@5yh2N8ElsLv2Z
z3tVC<q0$=g1JqTns0yhFEY_M6T9-4-RTDVYc3mihZDprD&v}kH&R<}ZuM>ml)Z%%m
zr-c`+C<tBrqCX`T*^%xym}o9faaMC8*GG&>{84x3T>Q*gT}@#!9*;HK53Sk>3k<Ak
zdWhFF8WBhU$0!Fzi#24-PHFIg$R(>KRGh3xffpFC$WUSCEYW2H6$Sfn;(#ADu&uT<
znDVwvQGQN~^$W)2Po%(NEhH|dx=YpPnm!Q6jH=IJq2Fd(^ozi}M+#wUoq|=2OW_8G
z;@?cnM@20p=1)!%fTfhx3FC4Kf8EzqBu7-JinjDXm+n|CX1T=*yIPbS7kGuJ@go#=
zc*;=zpQu1IQ`*AenB`cZ+Ox#m`_!l97g|!8VG>BC1{}xY^GIf{tsd%vp?v1xuZUma
zEWCGxSark`y3jZ>M(1QvbE87Ulv>)4D4G=*Y$0HpSBz+@f%TV0WeoU(JSW!PxhkG@
z>9sY=g1m2>x0JAvt(j&85@HH;LFmU`Kv{?(%CxOeDmbuAJZ3^FT1)lsRM#Bp7xNpS
zLUL*BxE1izQ)Rs*p$nl!xU?8#VZan=7^-p0u{_q+NzWNW{1KH^frqjX2FRnjV~7ny
z(6nF~DzyAxV8LphVJJvRq|hdd<KJqmh;#d~HOU6bVa}>rkEznWm$=lk<YfOZ&xkH_
zs4iC{342eE8i5O(NyZcPc4}XY5tgjL-1VapB%03&C30;(`{TSID@>IpRGiIl;$BbG
z+tgPiYep0rf{KT@K<iVSF`A1h9O!XQO3Z566y8-<7LlUn_~nvgv1CO)g@Xh@)LDjw
z@Jc7j&|yxrsW#Oop*>P2k9dqW@BcQOdi{gxif~5t6u3g1D8@vB>B{tm0_KZaeKs1c
z-JE6)!Bq0K9>}V#ihhFl!uF&a397|85gA)yZs);)nzjo(RQfPT0DeU)^t@6&(O~$`
zQrw;FmoWTi`BD8Cw3f__7+YD@9oi4ZMLLy?EB~xQ9F<sNE_#-DIg)6G1Wts3w)P25
zu~gC$L`Y2KD^{pR9~Fp{$J(o4!0{Y&OqKIO0e>VywGK{R9T_<XHJgf4XV40XIYpAJ
zuy%0lpu+hn`Ip9?<2j*N`Dv;^@r@u~(-M&k6>8!(PMW0`RChGAe`RH$ZJu_3wD^z^
zJ~vKPk=7X~)gawfZp%M7k@z{yu(I{$>ob<)#`*;?{|-ypaQ)|eKQVf{#D(gVR90WS
z6x_1@J3QQv*MIj8Z{t5V^PHWH?j(;sR%*_Z(ON^#muYfm^yyP_b~bcFY!K*7s%i{i
z*uv<Mk(yAV9{cGl6ISroWpJ*HH_hPQf&NL#(|SH9A7L;YfW?Jru6`z($0M_vK@A19
zU|GX&H7e9fEmzA%&3&5u0~_2LUMdQzB?4wRL$$ylSc$zjm1*;w;35}*xOD@tU8oTO
zyR)^H$HU`O1*@!<sBpHICQs(t<wL>>&RTY1SF&ckCE)`p3bjzIh2m2H(#%_Kw}{uR
z%UThWc_Yzywd*9e@%v?@UWf+IA9V|+KVH6DTOJ!(7$oTnBPdhX@fj3ek-3T!D(5ix
zlNkO<3?f{H=;f8H|7W0jUZ1MbV#AWEKXt!aB{5J1n&Dz=-)h*lW8((-vNpeMTm;Vb
zLK<Zl27eyF;O*e*!-<t8qlQnhjZXt*7+vC`OvQ4fd7r}B84#Kkb-t-_sUg1!%DJ{r
zEs50AAlv8%O*}|_LsgZAtB)o=e0J7T<s5#inZ%J0x>!mbjmU?ywL#>x>C~==`-JFR
z@k@#^ZtJj@5fgOTEHPsY(*9NuDx_LlhHdbNT%TsghQB|^w7q$LAnkaQ%?iO%8>Nb-
zkKGN8Z>?dvw+SQlTkF{ihkIau3@(LWgH4EoCU()fB51>sV2kj)N*knRD5TESSFE@_
zl}D#<|MuY3gSXF5UY;fZI*M;JU}Nq6VX=v5u>9~THy={DuJFaQLnK#Yz+1rh<ZW?k
z{qzfn`v^9Zwm-kMQ+9*TCjZ~Xey(FHXp8^9KfZg|@&EU4{r?+zq5<c+-9}g%OY}!&
zc#o|!xZO6l^~5SWVO*+ek+n@-_}Djh0+%byk62kLM||-Af1IR~!{JytL#RSCQV>b7
zNR{*M_K1Ea(#`c|LTxv+DV84?e^2Nleg7BZD@<lsqDeb9#8vP|iK+T2LRe!M-V>Tn
zUA#6au|zqNXxeO*oSk`+`t&IQ>lv8kziwl{?25+yIR{E;uI7$IgF)5$K;*L1M_vfm
zK>9J=hM;8sh00<RV%sjYoSE999&M0?r6B#La6}h)Gpq~t3K#7SYUwWy&;Tp5?b~L*
zmgUnF_~BnwseN}aL6zWz*9G3%hJZO6veuN;uP%#9k=sU^pmy^b(9z%gwkh<g(4Y^$
z0L)PK9@Bgp6oPZljyI@W52)FXQJ`)-29S}2H%aeX+p62=`kzhnzg3(ep*rqbe2F8l
z?flpM`}f27e}BAxczgciMxNmO*Thb6cFo&A!ChkZ|MaQRn`@W?-Q?8WfNnQv;h0gq
zh0b`p)mS;Jx6$)xte`}Ef$g@n`sy|)Ig>17#S~s1o!BxXhz95aGQoCuKdlC2D?uO9
z1roN(v>RQCWV>zr--!Ref6x>Ezk56WZ{qn%<Nw-+ec$l1v50Rm>Kj)X(HwSxaoEMb
z^>aAzkAMvJE&z0APX>Fi2fKajH>XqDHc)r`WmA(~owiEk?tKdj_Dv+%IWlxvF?K3$
zkfq<EOE)Hl3Qq`G7NcWBeN2WRvGZ=YZF%gFZRS!-(VJU)h&5k(mRQ#~JKa8C``I%8
z+Z})}a|5>d|92;G{O|t#+w<Qy^IU3kCJvItj)DchlE2WmTXapHLr=^sYS%S}&VJ|d
zk&WYDB8lg9A@G;q2fKLuPxkMR590BEus^vS|2OgY!x~kU7`0>DYQQPJ+Q9y53xPQ7
zdF4Pv@0|nBx#{`tdrt1|LQu!QgJ7B)-dmW0Zg*!9)4ko$=RB22X3M9Z{65>Cx@QCU
zc7R*-Ubprb&G6Dk>+^Pu<pl=wFTFu!^%Oy~KD%KJ0jDOtO^GiLwQO{*6<xYTy*m@}
zr1qIp;HLhFuD1kxBJqWj&u#^wL>{sB>ZU_AY{$NTHc1aMBBT9;X!_m2_Jyop!2V?a
z!W|5+Yo{>qhMg`-+uLmL>C?3HS)v7;$4B0RQ%HlD%87Reu7j_=AQ$qNv9d(U)V}^+
zEWiH&z8_}lZ&tzZ1&nIJM`DRM9))wXxg|2X1NPVVZ#<MMeR}$t(kBrLvN<xLD@EHx
zrK)hE_n}4sKz0>1xYdBGYJeBGilys?np%Caoe^BR@}IuoONcfO!fe8QaB19_uDTtz
z!Qus{oG$9kmSM_r?9TW2k3Q@36K7?-I|}9~?+ZNdezD(-rn}iM#@^9gOjj{?S60d{
zClQ#p2n%lJG)FN4#GT7K?V}XuXDs8!n_cEnTpGtdeJqbL%7c;b9@jUInTYiWpgD%6
zFIefl^Nyx=L>#my7IyFT9yP{#KE!q73qYz`SQgjlUJp`r;?lTQ_xg}NnGlu6wW8}q
zs!CAQr*<79x3SPusqhX}zfN`US%vEGyHl#LLAP3UJz5os*xrteRmokNytb)4QfR~%
z5lww@u0t+7;M1+u96b7LnOx*@`F@ow<KbXu<fuHXb+H%Ni?HX@<!}~kA$l<u>~qkm
zxwRKv05&x8+qCBKZ@h-PHK)N!89r~R)1l|C&w8s}ccJ!L>3H{cy?r(BGVhmAGa~JA
z*+X5!WhK`S32!cd`=DW;UkKV!xClCqF`Fxv>Bc*s;jzH2Is>rb{%ANFv*t=^u%UH1
zX8gMZO@k<t9X#Q^)T=k7M|3USRm<8-7pZmI-eD}~QiH7<gSm2mZZh^l5MBVLZv|*2
z<lTz(<<q$=d!hFGbbIac2Ayke^7^p$<56?Vw@*QOYxWTCo%;L~0PW*$Q1_AR(W9?&
zEOS%*Un+L>-(kim#hJ27pScsTZU67y!6Z8WH`zb9jsM@s)4Q#A!t$Pw|KQRw_egC9
z*RrSAi8>G5Rm3G@?*~)RRIP8^Y#PJ?EN6y4EU;T;*dWoY7V8=N*aW_s*qj1wf^0TD
z!}ph!#q{EXNE$E4N(Y-AiDSIN{H8V&!||Ugk&*>v9A6`it^5C-^M8l?xA%W;=GlQ0
zBqio1`IYH<_^`wjW;H2tLKje>>^)jwktRFva!CY;x-xm3#1a<;EDAO=J5_`(egKXO
zlcu9Wa_N;LnkPFz@j{Pb*sVC8laDwzUcw*tQg}{_H884cDwdR22L+)xP11*_Z%-xT
zIN1Svb@|oNDddEUBwY|W(ti#6Njm!%AL+lYV7VBnKkikm=%__BL)rVff;rLGG*j`R
zO75gH^gg+hDu4M-$~ajhcm6xsfmetVRttFY@R3N;inCvFCX<xp7>x`#XTK)tN@Og@
zqu;}UfN=c3c=X`mvqx!}Un`Am`~Q=}d(rqmIJkRwJN|FtiPAqN$sb<73i7SK*;Uh(
zn2tuIT%=;D(`2NCjb<oc;E@F$YS<y6bH+<#awGkRkm~~fI4_VKir;F)@gDr)^~*TF
z>lOkEe&~T;hQ@<V7TYaE+6qGhzm-aoTqzZ9qO+U*zlSf9<lVb>GbEPDA3;sFI<uxu
z3+W}s1;?ycrtI6Yo++MHy`iQnMh=a>_+J!Iu7@roiB~y{%qSLY;yKA#UTY^UNwjS@
z&8dY=*r`k(p{Rh@Ve3pH&pBr$JTwVIAJ?;1$cj;uNHon@IeHsKhW1RtrmA3TK;VuV
zMFMoG41iETe!3QS={rfDxGXTujAW4NtM@jSL0K1)3>8KqaVBeygA}K!7Q|Ch5|<k<
zdAY=ZGFhX-O2cLP&?){JQV6^xToLas0pYGYGlC`j2$Q`OeyTMKb+zC~t$=lE7@ZnY
z$wX90HP-N~@wScK*?|*|)w+-fqIGKMOJ$Ny_Wzs=jZz+@ACn=Ryn>3e6;aG%?l@QS
zRD!8#j(M?GGd!Vlj)dg3mXB2ptxqmHsNMlhl9#Mev^Lj?p1;*=kP7ErtBLQX9j*T?
zb^V2sO<dLP(<sLUwka)q7Cg=9a?{lI_-UwGFQH9}mL%u!cf5vku!#&@HZb+8$(0S~
z$@x${=CAuF_@&>HbLdIaBP3U?JcoCK!8<sIpR}Gc2cVkg>AFdFlbpjAEGLLdf-Zr{
z<l}2fzh>h*JLCb|enMg0geThaC~%u{7Fs0Uu6}?dP$v&dBQ}56KbF~(CTDR2=^rFI
zhl1!!!S7zbiTD!^BsmW^Y~dW(Ou3G#n!p&myxR)L(;!o0m={!Ii*~lQpnDM}RP4p)
zwsCw^XP->%&Dk-H&iNtwZhcRUf@GGuZgj+~TiZ*uSh3s>0=W9|k*F=gIAM94_cwEO
zlJocw$~HXB0jYj$n65gi;kCt20cnmzgy~{54!v7-DI_*pp=#J%lcq%*4?SNf=s5jP
zEcE_E;^#19tWXGbB3gyhCasO}=?YHu`f~4d2jTGr*@?8M+_p`(VXDL1&&j#J%hHjq
z0uH_#9qSwm^*QvjRy!PJoETeU>N)i3BMP!xD@?ycxwOqt^$wh#1JQrqO|+0YX|`ea
zm`OMB;~a+YkkRj@nz-o#8&9Bd`mCF?XU)G$e5Gyw*D?LU#i*dun_IrR_Z=$+&a2o&
z(i%bhb$>k8su%cU3NFZO9bgG>xwWVc`cO5%oACv=?izHIXuF}jOU+J`5Buu5sr$LV
zkYvmDb<u6FfcZV=k-Uy9+yTYthT8_R3JN|uMYmOcmy-LdIzCaZoy`W+rSMiP|4bxq
z|1$y~PiWsevhfVO52<iE{603F1LgG_m-3{8?lBY6B+j&1jpNkh8?l)zD6il2VLd@|
z37pkBHSk8vh9?ibEP5O<TkGZ1Q$M5e`G!=-U%|R{H#}dD!&VQ1e89%mS<d{_!alam
z8`XW{e05};TpiJEaxS|h$7VO!`=2ayB1@lIxDDAu;nZbYruc&*_k$rtS&-owi0I;O
zcU1fEcJeUWo(rw<SM9$|iR)Tsy$C>T^_oiltkuoJ*W&6V?v4iS-(Edy{-25fTbSA|
zX3kIZt^HQZpA+d%HP`>a$p*PXhN#jEf#v4phOny~<i7RdR8`pfJp{sUpWEm5xqbeR
SJ^vE`0RR8IxQx~SasU8H*NpW5
literal 0
HcmV?d00001
diff --git a/charts/graylog/charts/mongodb-0.2.7.tgz b/charts/graylog/charts/mongodb-0.2.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..0381de981febb699e64e3c1bfb5bfedc3e5d2bf4
GIT binary patch
literal 5174
zcmV-66v^u!iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH;dQyV$5`}6!2edewfa`D&(0=K@pdc{KaE_EBi!z5d;Qd>cu
zk!@`>(yXL`_yX^5f2FS(&4)1|gzWA^KY(YZ)!k}!w?4Zw&gMLw4h|PcsCbDo`pvzU
z;cz(I+ub$)hr?m>|8RR}@0-!i{{HUH&ffmBy>Eu2Z4C~?`)8$H3aOCzX875(nvMIN
z6qJ)USV+Rz7%sLWl;`E+ZoD0jMp24oB1o>xy94+arWqt!TR?G0aZdRXUTQ5m`aa4K
zVG0q3g&aqHU?{_5m<wL8biwD_?<4!hDP5$NIUWPbb4n7V2}Bp3_%Pm%_oJ^Zoj-o@
z_J4tBf#sKR0Bh`j@7d07!~S<hqtT=NKSbGpBRoR|RbVv$W?XptjH75{!`n8bJb8}=
zkPOXnWd4pL0D*HZiQ;1E%sK+d3rbHoCCPFOFJ{MFod_&3QxU)hyt=?bkQ7T$3v980
zLUXuWaET#x%n<w8`kBfp#Sv)WG4y(dx08ZWkT?-oNkA+$9tXH10o-^kX}Q&~6AL<q
zw?7+K<e4!DX9cCLmzv5eg9d3z;({a?P?GS1smMJa*vGMH-z3KgnGr1Ea)H$X3qZ|!
zAQ!x#DNHdW0waaf2;8qR%n+5>U^-xoE8`ZWcC{!?^*=3^CLaK(f*r%hYg7Mhft@^N
zU9~i_LgLuKzL){y3M5uWjFuVG3!=bJ0a-*u!W=U!G|Ny(!sZ6C7aS;@<rFE+zIF6k
zfH_YO8r+$#<EiesLJ+kqJ1Xbt#JxM@OyLhks5ALb!Hawh-+lL;se8oPx0?SVSwJ5c
z2W|xIuz)P`oD0n(VW1X7Iz4iOi>C4tF*L^+X38t-E0JP>(^HJnWmM!TQh1_tOXtfo
zGfbUwN(r04HlHGa&7gH?Ivz%rEvLNAW@$-_g25?Hi3B8pan=`{tEV6^N`W)FgoL}1
z6E2Bb@IpZ@$OWNzjseRAQ9D4&ws;Vw{PM&DKQCb`T`Do9)jLi36{E{j&eacuV!4zG
zXJgah`g6e!<S}RZbNyw|7w*k#iG}MNr(>EeJGdXxLMkj?oM<+<P-EEMACC65(m4&~
zDK=kV)5t+!iZ2jT#t~^8@FPd*_lP2v=sp&3%u{^Ah1$|;=6;VWgo&jHB-bV*u#|Vg
zoOs3q)Rd!i>ft{Tzs5;}XN_1Z%_)|=5D5lKGUB|Lz`qt)Dj5m)u`+54WnB$Gk{4qb
z4TqU~&TwWt@o4*RFNt~QQQfXasKu0AV5VD_3qHk>e>~Ao8XIP4O0`Bg<sghGg6I*Z
zXgR?NXQ>>+&QNOt$uKWe`SO{zX+&rt@YzCOx!^P%!%hSsizLBP25(1NZ?GW7G1%&(
zVU16%$RuF2eE!XFdXT2XjUYzbC8ju0Ttxb5;vQ;_QE{rhtnrD#Z!>Or7&M#dhAboh
zqr?!<Lt<WNFK5SfGo+S&1~Vm=IVViJ8m?OtAu+Fr1ZXh3Ac8ZE2`-QzTAnh(?7{*|
ztQ28$8JLQ8Z+dtUW?<NK<N6p-nh~aLK?A&Y-^b81?|U8fAxBbPa*>8eU^Fy7JqAQ`
zv|vSs1xXMEfmq73s?H^$RFAXeu;odgIEZn5gf|pZq|g*e43`U%EcB@7hG|F(p$EMg
z5mJGkII1Ey{@Pa5w(Chp`puEU<jr>jj)MWYM$Fiw5k_PoeO(J?i0FY<58qnZ1(`3D
zG_^E<ujSk2X{0qQ_a?%P^1Bt_VIdXIv~tbJys+vDn}x(cm{ewvn?b^}Op8cs*;bU8
zDu<@V7_Opd115?KJs-@GKp9q8$Y=w8T3`l9o0cR}VW!@2s&)F1B9a}uX^AI{Q`2ha
z^>8{N|G}nPtkhm|J@ND{B6G%d4gFo$!XJp#dJHFT4nYe|56$L_QDR@MkT{Jt?40A0
zNDK(lB|{lW0w&?Ya9LLJ8f5xW<F96B<^06+5j5t;hD2uGHsxv&NDPp`kP&HSXGpVw
z6rmV!rt;+x5lzN)YxJDt6iuf@z5H*Gwi6=v-`Vs8tDCw&&v5Vz3(WKclhs6N{bH?V
zS<$QQ0ae-+C~|?#B(&acv(YdkOp99T7uuPXQb$xzpPYOxy;^lo!_0x5h9wk9Y5Kqn
z^+?K)8$Yx-Q_Hl|-qbV0p9E3(6-%(TfuJX}kO2BngZW+TUikIDpSsJzy9K7Yzhaf&
z(^kNm_5aS!UUUEN+4k<<<NE(0%Eym`C(-i{x%WNcg3)-TIC?U;zK%YA?0XyR`RxG>
z+k<}f)fi1|w~~!ph~L<4rEpmdS9%`C64=`@KS?$zW;5~udi@?aT$rW$XJoiLw2M(x
zQqaTT5`HZZ)eG$uP@WsU<LD=BaT|E0Dd;vxnBoNK!ASB9!@r9u77QzF9RSP-rm6Lt
zW_FF;I-5w?oGy(dj*cf9Ry#DA<76w2Ud+sVUyrN?iJMk=S8kWfs^w*o9m6fRD+TKp
z)Rl0_tdwPQo5IU%<@ejjo5~W;pAGNhf84%9D;`TJSS0bO6_Ks$`K-PCMCNiqn3_TF
zFS7p^*=yjkL~pNN-9Kwe7xbpK5VwP%d(!l%Qx6M8(G=4gdeuNxUD|9)C}sQGZF<2K
z2%J-tVCem|2fcT_Pd6c+Wt>?K<!TP?cgx}e(=3*Yf#G@#A3p+N2`$oggJMgv{oSu~
zespN#KvP^356Z1Q{SD=L{Jyl#nD9Y)9`NyFN0lr1wcrXjn%u^cncbeWKV4cxUTY?9
zN32U^eqFX!Xw6pkJ6W*HoGvL@Lyx;T*RyBD5?tpyG^Z}DZ94Mqoxhu!6z*#tuku87
zu-I)HHim=ER)Z_=7H_S>#ljW__V2Ow+>hR^5VUOkYmd6WozkBF*>#y+gWS(~(7N;A
z-O)~C{<pWi|2Y49kkT;ea8a%e<vn5P80_;)lt;DW;!%`gg;J!@xZLsY@^FE{!}WDP
zRImt~f3+(p!%ed~Er*XQV1%W5b-k;Z^OP;ZSYsT+Rlmg4*{BAN|L;zrZU2N3RY)w-
z>3y9Bue1NXy=Tq!-~O}xNBe(>(y;$<)6&jJYW8m3fjvdNoAF!C`Yf}TN)R?ba+I~Y
z8m#?v8vi0o2cYMtW<v5>VzFsn0ep1-!S0ztPtU44nr<H8`nvbDtdL)(H^7&>rB~I&
zM<A9S(0qZ8iws7?tvWuzDVAe+3q9dCje1X^mrf7NPB{GRAg|5;t-pUEPt~@6bHa!p
za{S-hAGXH-NBe)6a^D7ikCwg0H37VQb^Om)?_M0gI6M0O-O<6>!S@G~=XRykWutC)
zpj<Lq3eKb&*iK))I(zqe^8EDp;AI`9KkJIa1FSmQHl~w<$>gV3r$?(Xo!rKO1XS*;
z|GVtpETsB`nJszx`95Hs{Xg3uHSB+X`0UxE{XaxmVgE)2?l!`Ez4<&(kmIEL5=nJ0
z1CBYv?pjHC0%Px()U3?3B{o+~uCLvws*sptWp0j?w^7|VFSz0fr(-xfJaO;pw^pG%
zz`vno?Y*x?3%_>9yRy>$@9`?=8v7sZ?ltZI+4k=Cqy0Zbxp(`&N3-v+Vsov^5P5j3
zFPk$nX91hQ1#IG9yLs$|cfWdDHvsxeXT2@hg3Tt3zu>l2wW7T9*41GDu>!A6azg%Z
z&3Y56evQp>*0|f&#akVuV+z*2zZ{n?-$Df=KnIZqa1H+-$Zy|QS?T}XS;2h_18e7h
z!`Aw5Z!~=L{|`}ab)?f@y%Q9I-*UX@I$iqgk;B59+f^&t5?qnD6~a67B}K*m2W4~>
z{y*MHQiuI3r0}eu65m%m;LY|w+TPvWZrcCo@&3=ll+dhEp36aH+fENAUu7rAO$6&B
zc7{~4_%T3whe3SLPX&x~IKIQGwljPrn2B_Jw=`YMh^#?}fg~2J9(*ze)6&+AxE-Pb
z*Vmwdy(v4H1zqO_R&$f}_?&9q*m93IxX8b)m~QGqYyEYH9xIW1rRZ!%Gsdf8pcVb~
zIjw0AUY|V3t?GqF<Woqq74vgv{>$tCff)LgO^3IT$~v74%T?Uo$ngzakG9(sYpj=j
zSwDv{ui`2W5w5Stt<MV0gPql`%SXK?m6ITfv4yV+ajf$ftV)~GtuG{fDf{E37916p
zuC*yZYqeAh(1~5lOP#w`3{O??hsw4p-pqad=4;&~AL`kB-|yoK<0P9Odg(MaF&>8&
z>E^dNVe@addNtV2$ecj<^)_}u*W23;=vj%Y4%kG~i0fI2r3TkT(hekAiKhwLMAeQy
zT8XL&dJ7|KC{{h7s#~+#L07*w)oQfz^K`3$?5@hyKy!EPY9RV7^=ja{qkh%Kk}}M(
zsZ>7t@!rM{%r1TqJZpMr8$y1HXKjW2gz4_e_F;C>V&neWWP<iu*aTwp>b|yyY4&p8
z^lI~MCy9=&Id^v1yf9WL(C?Smyu#N5tdfBd;~==ZwVn+dy7W@ds8$TJD$5%^m}%$}
zq!wcsG`}{6=Dx*$0|Gsf9yG@AH8<$$^g?9og`h2QYN1zy*d{bC)vXcaEe_XLac$E;
z^sC^}zIK)AG)@PNt2nEgax<81PIU=wMPurfR?Vuz0NeTo`lPn7gu6|qTl9P=Zm^2-
z!MXQJCx{6SPB(%;;m@IFt)OFlP&Xf(<!X6Ego|zMRI63S(7#!06Mx^dZsd2pVOkZp
z0C>q$Jci-!?l5X=)~dFwGLimGDr*OpdNb_1Tkkw{n87WZ(e&9i_Ay==jM>$ym9DW9
zOTD2<8Rc0!sJR^*;m!ZDDU7QYo_eV0r!=9V!F7rk6;o$^Z`2<*HuqHEW=hQ+kWbhQ
z8x4bPfIOT>w-@A29$}<&AdObEYK5k2;xTMm!p+9viI<_YA*}m&ScchlsY7SY4#J(2
z!Z6E4U}!Faxr<zf*0gNLK78#R+AmxD{(ro{G_wKm_fBK&`QJ|S{`b!C+0Nts|3j1w
zI6+EbVY3uj1%S&1W-u)XO$nPrj*|Cij%6Hez}bS7`IRKd1*R0{luzx}JYn;vATYIY
z{5evK;5}k#v;hpyU2=$A;2HVgQzHCnD~4B$E`c*sQ?sPU7@&mVIEs%Z?<R^19BqIL
zW_)uvfs_at#dD$t=C5Txil_e(1M}CvSj-3dkAIXGY)~PZqU3#%!;DZYqbISv%%dmq
z6upn0#Cpc_B<6z5qbL6xZNM8O2rneOIC?IlI2ZgEoTw-!DMkYeF8D7|d?6E_;=%9X
zaM0WT>GOl5m(SxY{Q@-Boc|5?cbf5E+uOs({C^Kp%KUy&^ryFPYS}k`-dre^%kf}9
zvUw~QCQLpid@x1n91k3D-@x_>n{kmLn?~oqq*_w^j~PX(FMlnNz+3RAw`a|4pKAzc
z_<jI>8yW|#{H1G%R2BLbel3+KswF|4aZ#p7<Sa-oVDjRe{rLBz(<nMWKc6DGi2e+E
zm^DcgO+LRMH7a;EgLm4eEsCk;R@dtrigMu5nBZVaAzSu+E`p%)z#llApPw6EUN9wi
zS|lcqTy$3DohhWt#;6?~VTi(8-y)lzaVB^MM>hZCzlv!kQq7#*5Qr0=4c@u^jIAIw
zECPR_pcIo2Y6ijph3OdF-K{u^Uid5z<yd3UnG94esyQpDB7G#11yMLrg}}8Ol{S0j
ziNJcQM<g*_(htdv;?eeBqrUCUo%lo4hm$vu3w}YgLSW&k+dP683YKC)mwHenY$lLY
zqA-M=d`)-wtcd1}DT>Z`*-urf05jy-L`6XkiSw!>&&MsL`NZCS&B!W#3jb-4Vv1e7
zct|`DcAJl~cECwV)eWgZ0;lK-{*9M#1?GtQs?4pUf0c=a;VQc7>tg@<f3;ucDY}A=
z{1!HD1g_w`*E@$R_`#@7nFiG4!K&2925dxEum;Ns5{jT(V6xfh%C}##@vYOx8rxyA
zRnvqQ#(Xt6<PN?>5}cUUkQhY@YM0^)Pg0w*dQs+aEg{3R_$#19>Smw6{kg%H&)%x*
z)lRP93iwpduXHtuF$5`!HI5%^`3W1T$27M3LB%?Br}Z>~o%sAIMTqL-wXMB6i=)-G
za3``|KTw}qia=AhaYLhBJIK_R^EAA<;p;c=7OW9QEjerA>qJ-0gZ*`Q4$EYNo!BtD
zXsJffmM~SJ%|BRAKxlB7lZ{&;3DVEGoQSqXD{l$jDClNRji%7MZ&F^tlyj;Pnmnu;
z=W}zO+QMflc-8AlZqYWv;~P?b7*YA%>2|}ygpvj}++l7?w~?XJ>sag3Q^;YMUf1Ku
z$_k-(>bTexBC4g~)tKxr4Ph!cQw=UvT>&wF&qqc`MK;Aki^*Tdg3V*Df~3KHmtQzp
zm?N~#9Ku`9?fVQe#^-+-mtVV^U+eTTEXwr0XT`z=70nE$6oR>7qT&5)%xj7T3+k1j
z1Z7=Dj8%VT+TI$G>bic|w1Cikr1Py&Y(ycfAgiI^&bfZQcC_<Z-oJXZw|(CZf37P^
zEiIu{7ROnb;V{IudUL)*US&E<vu{+Ue)PE(UBbyK>A6Xr6;i8j#&%Gc_@s{vUutqs
zEh)z9IXj7L<F59VyYRNsLAsvv#_=V4u923c#hlBj>RG8zNT!r0??Ek4m1EAF(%Lk0
zGeV8y>ONz3=FlC-T(M#9)OdTS=kskL2*Q^u1a@et)s{gz-&31t)=U}v;f{3K^HXcH
zwKKQ&s8y!z^)jlb?`>jekDE@?E0glJQJBviD6|B9n%G9BUYl*JLfXQacL~qiR*=uv
k=Qy>geAkNaYi}(*mdEl~e≷0ssL2|AToA3jk~Y05JkYP5=M^
literal 0
HcmV?d00001
diff --git a/charts/graylog/templates/_helpers.tpl b/charts/graylog/templates/_helpers.tpl
new file mode 100644
index 00000000..c66cfee7
--- /dev/null
+++ b/charts/graylog/templates/_helpers.tpl
@@ -0,0 +1,169 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "graylog.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "graylog.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "elasticsearch.servicename" -}}
+{{- if .Values.elasticsearch.fullnameOverride }}
+{{- .Values.elasticsearch.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default "elasticsearch" .Values.elasticsearch.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "mongodb.servicename" -}}
+{{- if .Values.mongodb.fullnameOverride }}
+{{- .Values.mongodb.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default "mongodb" .Values.mongodb.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "graylog.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "graylog.labels" -}}
+helm.sh/chart: {{ include "graylog.chart" . }}
+{{ include "graylog.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "graylog.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "graylog.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "graylog.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "graylog.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Graylog settings via environment variables
+*/}}
+{{- define "graylog.environment" -}}
+{{- if .Values.elasticsearch.enabled }}
+- name: GRAYLOG_ELASTICSEARCH_HOSTS
+ value: http://{{ include "elasticsearch.servicename" . }}:{{ .Values.elasticsearch.service.httpPort }}
+{{- else }}
+{{- if .Values.settings.elastic.hosts }}
+- name: GRAYLOG_ELASTICSEARCH_HOSTS
+ value: {{ .Values.settings.elastic.hosts | quote }}
+{{- end }}
+{{- end }}
+{{- if .Values.settings.javaOpts }}
+- name: GRAYLOG_SERVER_JAVA_OPTS
+ value: {{ .Values.settings.javaOpts | quote }}
+{{- end }}
+{{- if .Values.settings.http.externalUri }}
+- name: GRAYLOG_HTTP_EXTERNAL_URI
+ value: {{ .Values.settings.http.externalUri | quote }}
+{{- end }}
+{{- if .Values.settings.http.publishUri }}
+- name: GRAYLOG_HTTP_PUBLISH_URI
+ value: {{ .Values.settings.http.publishUri | quote }}
+{{- end }}
+{{- if .Values.settings.rootUser.email }}
+- name: GRAYLOG_ROOT_EMAIL
+ value: {{ .Values.settings.rootUser.email | quote }}
+{{- end }}
+{{- if .Values.settings.rootUser.timezone }}
+- name: GRAYLOG_ROOT_TIMEZONE
+ value: {{ .Values.settings.rootUser.timezone | quote }}
+{{- end }}
+{{- if .Values.settings.elastic.indexPrefix }}
+- name: GRAYLOG_ELASTICSEARCH_INDEX_PREFIX
+ value: {{ .Values.settings.elastic.indexPrefix | quote }}
+{{- end }}
+{{- if .Values.settings.journal.maxAge }}
+- name: GRAYLOG_MESSAGE_JOURNAL_MAX_AGE
+ value: {{ .Values.settings.journal.maxAge | quote }}
+{{- end }}
+{{- if .Values.settings.journal.maxSize }}
+- name: GRAYLOG_MESSAGE_JOURNAL_MAX_SIZE
+ value: {{ .Values.settings.journal.maxSize | quote }}
+{{- end }}
+{{- if .Values.settings.smtp.enabled }}
+{{- if .Values.settings.smtp.host }}
+- name: GRAYLOG_TRANSPORT_EMAIL_HOSTNAME
+ value: {{ .Values.settings.smtp.host | quote }}
+{{- end }}
+{{- if .Values.settings.smtp.port }}
+- name: GRAYLOG_TRANSPORT_EMAIL_PORT
+ value: {{ .Values.settings.smtp.port | quote }}
+{{- end }}
+{{- if .Values.settings.smtp.useAuth }}
+- name: GRAYLOG_TRANSPORT_EMAIL_USE_AUTH
+ value: {{ .Values.settings.smtp.useAuth | quote }}
+{{- end }}
+{{- if .Values.settings.smtp.useTls }}
+- name: GRAYLOG_TRANSPORT_EMAIL_USE_TLS
+ value: {{ .Values.settings.smtp.useTls | quote }}
+{{- end }}
+{{- if .Values.settings.smtp.useSsl }}
+- name: GRAYLOG_TRANSPORT_EMAIL_USE_SSL
+ value: {{ .Values.settings.smtp.useSsl | quote }}
+{{- end }}
+{{- if .Values.settings.smtp.username }}
+- name: GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME
+ value: {{ .Values.settings.smtp.username | quote }}
+{{- end }}
+{{- if .Values.settings.smtp.subjectPrefix }}
+- name: GRAYLOG_TRANSPORT_EMAIL_SUBJECT_PREFIX
+ value: {{ .Values.settings.smtp.subjectPrefix | quote }}
+{{- end }}
+{{- if .Values.settings.smtp.emailFrom }}
+- name: GRAYLOG_TRANSPORT_EMAIL_FROM_EMAIL
+ value: {{ .Values.settings.smtp.emailFrom | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/graylog/templates/extraservices.yaml b/charts/graylog/templates/extraservices.yaml
new file mode 100644
index 00000000..cc986300
--- /dev/null
+++ b/charts/graylog/templates/extraservices.yaml
@@ -0,0 +1,30 @@
+{{- $fullname := include "graylog.fullname" . }}
+{{- $labels := include "graylog.labels" . }}
+{{- $selectorLabels := include "graylog.selectorLabels" . }}
+{{- range $service := .Values.extraServices }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ $fullname }}-{{ $service.name }}
+ labels:
+ {{- $labels | nindent 4 }}
+spec:
+ type: {{ $service.type }}
+ ports:
+ - port: {{ $service.port }}
+ targetPort: {{ $service.name }}
+ protocol: {{ $service.protocol }}
+ name: {{ $service.name }}
+ {{- if and ( or (eq $service.type "LoadBalancer") (eq $service.type "NodePort") ) ($service.nodePort) }}
+ nodePort: {{ $service.nodePort }}
+ {{- end }}
+ {{- if and (eq $service.type "LoadBalancer") ($service.loadBalancerIP) }}
+ loadBalancerIP: {{ $service.loadBalancerIP }}
+ {{- end }}
+ {{- if $service.clusterIP }}
+ clusterIP: {{ $service.clusterIP }}
+ {{- end }}
+ selector:
+ {{- $selectorLabels | nindent 4 }}
+---
+{{- end }}
\ No newline at end of file
diff --git a/charts/graylog/templates/geoipsecrets.yaml b/charts/graylog/templates/geoipsecrets.yaml
new file mode 100644
index 00000000..fb8b0ed6
--- /dev/null
+++ b/charts/graylog/templates/geoipsecrets.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.initGeoIPDatabase.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "graylog.fullname" . }}-geoip
+ labels:
+ {{- include "graylog.labels" . | nindent 4 }}
+stringData:
+ GEOIPUPDATE_ACCOUNT_ID: {{ .Values.initGeoIPDatabase.accountId | quote }}
+ GEOIPUPDATE_LICENSE_KEY: {{ .Values.initGeoIPDatabase.licenseKey | quote }}
+ GEOIPUPDATE_EDITION_IDS: {{ .Values.initGeoIPDatabase.editionId | quote }}
+ {{- if .Values.initGeoIPDatabase.host }}
+ GEOIPUPDATE_HOST: {{ .Values.initGeoIPDatabase.host | quote }}
+ {{- end }}
+ {{- if .Values.initGeoIPDatabase.proxy }}
+ GEOIPUPDATE_PROXY: {{ .Values.initGeoIPDatabase.proxy | quote }}
+ {{- end }}
+ {{- if .Values.initGeoIPDatabase.proxyUserPassword }}
+ GEOIPUPDATE_PROXY_USER_PASSWORD: {{ .Values.initGeoIPDatabase.proxyUserPassword | quote }}
+ {{- end }}
+{{- end }}
diff --git a/charts/graylog/templates/ingress.yaml b/charts/graylog/templates/ingress.yaml
new file mode 100644
index 00000000..0641f690
--- /dev/null
+++ b/charts/graylog/templates/ingress.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "graylog.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ {{- include "graylog.labels" . | nindent 4 }}
+ {{- with .Values.ingress.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.ingress.tls }}
+ tls:
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . | quote }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ {{- range .paths }}
+ - path: {{ . }}
+ backend:
+ serviceName: {{ $fullName }}
+ servicePort: {{ $svcPort }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
diff --git a/charts/graylog/templates/scripts.yaml b/charts/graylog/templates/scripts.yaml
new file mode 100644
index 00000000..d6b59303
--- /dev/null
+++ b/charts/graylog/templates/scripts.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "graylog.fullname" . }}-scripts
+ labels:
+ {{- include "graylog.labels" . | nindent 4 }}
+data:
+ init.sh: |
+ #!/bin/bash
+ if [ ! -f /data/config/graylog.conf ]; then
+ mkdir -p /data/config
+ mkdir -p /data/journal
+ mkdir -p /data/log
+ mkdir -p /data/plugin
+ mkdir -p /data/contentpacks
+ cp /usr/share/graylog/data/config/* /data/config
+ chmod u+rw /data/config/*
+ fi
diff --git a/charts/graylog/templates/secureconfig.yaml b/charts/graylog/templates/secureconfig.yaml
new file mode 100644
index 00000000..8c42b400
--- /dev/null
+++ b/charts/graylog/templates/secureconfig.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "graylog.fullname" . }}
+ labels:
+ {{- include "graylog.labels" . | nindent 4 }}
+stringData:
+{{- if .Values.mongodb.enabled }}
+ GRAYLOG_MONGODB_URI: mongodb://{{ .Values.mongodb.userDatabase.user}}:{{ .Values.mongodb.userDatabase.password}}@{{ include "mongodb.servicename" . }}:{{ .Values.mongodb.service.port }}/{{ .Values.mongodb.userDatabase.name }}
+{{- else }}
+ {{- with .Values.externalDatabase }}
+ GRAYLOG_MONGODB_URI: mongodb://{{ .user }}:{{ .password }}@{{ .host }}/{{ .name }}
+ {{- end }}
+{{- end }}
+{{- if and (.Values.settings.smtp.enabled) (.Values.settings.smtp.password) }}
+ GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD: {{ .Values.settings.smtp.password | quote }}
+{{- end }}
+{{- if .Values.settings.passwordSecret }}
+ GRAYLOG_PASSWORD_SECRET: {{ .Values.settings.passwordSecret | quote }}
+{{- end }}
+{{- if .Values.settings.rootUser.username }}
+ GRAYLOG_ROOT_USERNAME: {{ .Values.settings.rootUser.username | quote }}
+{{- end }}
+{{- if .Values.settings.rootUser.sha2Password }}
+ GRAYLOG_ROOT_PASSWORD_SHA2: {{ .Values.settings.rootUser.sha2Password | quote }}
+{{- end }}
diff --git a/charts/graylog/templates/service-internal.yaml b/charts/graylog/templates/service-internal.yaml
new file mode 100644
index 00000000..319f8127
--- /dev/null
+++ b/charts/graylog/templates/service-internal.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "graylog.fullname" . }}-internal
+ labels:
+ {{- include "graylog.labels" . | nindent 4 }}
+spec:
+ type: ClusterIP
+ clusterIP: None
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ {{- include "graylog.selectorLabels" . | nindent 4 }}
diff --git a/charts/graylog/templates/service.yaml b/charts/graylog/templates/service.yaml
new file mode 100644
index 00000000..6598409d
--- /dev/null
+++ b/charts/graylog/templates/service.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "graylog.fullname" . }}
+ labels:
+ {{- include "graylog.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ {{- if and ( or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") ) (.Values.service.nodePort) }}
+ nodePort: {{ .Values.service.nodePort }}
+ {{- end }}
+ {{- if and (eq .Values.service.type "LoadBalancer") (.Values.service.loadBalancerIP) }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+ {{- end }}
+ {{- if .Values.service.clusterIP }}
+ clusterIP: {{ .Values.service.clusterIP }}
+ {{- end }}
+ selector:
+ {{- include "graylog.selectorLabels" . | nindent 4 }}
diff --git a/charts/graylog/templates/serviceaccount.yaml b/charts/graylog/templates/serviceaccount.yaml
new file mode 100644
index 00000000..9eaa278e
--- /dev/null
+++ b/charts/graylog/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "graylog.serviceAccountName" . }}
+ labels:
+ {{- include "graylog.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/graylog/templates/statefulset.yaml b/charts/graylog/templates/statefulset.yaml
new file mode 100644
index 00000000..7e176bbc
--- /dev/null
+++ b/charts/graylog/templates/statefulset.yaml
@@ -0,0 +1,189 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "graylog.fullname" . }}
+ labels:
+ {{- include "graylog.labels" . | nindent 4 }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "graylog.selectorLabels" . | nindent 6 }}
+ serviceName: {{ include "graylog.fullname" . }}-internal
+ podManagementPolicy: {{ .Values.podManagementPolicy }}
+ replicas: {{ .Values.replicaCount }}
+ updateStrategy:
+ type: {{ .Values.updateStrategyType }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "graylog.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "graylog.serviceAccountName" . }}
+ {{- with .Values.podSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ initContainers:
+ {{- if .Values.initGeoIPDatabase.enabled }}
+ - name: {{ .Chart.Name }}-geocitydbinit
+ {{- with .Values.securityContext }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ privileged: false
+ {{- end }}
+ image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
+ imagePullPolicy: {{ .Values.initImage.pullPolicy }}
+ envFrom:
+ - secretRef:
+ name: {{ include "graylog.fullname" . }}-geoip
+ volumeMounts:
+ - name: geocity
+ mountPath: /usr/share/GeoIP
+ {{- end }}
+ - name: {{ .Chart.Name }}-init
+ {{- with .Values.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command: [ "/scripts/init.sh" ]
+ volumeMounts:
+ - name: scripts
+ mountPath: /scripts
+ - name: graylog-volume
+ mountPath: /data
+ containers:
+ - name: {{ .Chart.Name }}
+ {{- with .Values.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - name: http
+ containerPort: 9000
+ protocol: TCP
+ {{- range $service := .Values.extraServices }}
+ - name: {{ $service.name }}
+ containerPort: {{ $service.containerPort}}
+ protocol: {{ $service.protocol }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: {{ include "graylog.fullname" . }}
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ {{- include "graylog.environment" . | nindent 12 }}
+ {{- with .Values.env }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/system/lbstatus
+ port: http
+ httpHeaders:
+ - name: Host
+ value: localhost:9000
+ {{- with .Values.livenessProbe }}
+ initialDelaySeconds: {{ .initialDelaySeconds }}
+ timeoutSeconds: {{ .timeoutSeconds }}
+ failureThreshold: {{ .failureThreshold }}
+ successThreshold: {{ .successThreshold }}
+ periodSeconds: {{ .periodSeconds }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /api/system/lbstatus
+ port: http
+ httpHeaders:
+ - name: Host
+ value: localhost:9000
+ {{- with .Values.readinessProbe }}
+ initialDelaySeconds: {{ .initialDelaySeconds }}
+ timeoutSeconds: {{ .timeoutSeconds }}
+ failureThreshold: {{ .failureThreshold }}
+ successThreshold: {{ .successThreshold }}
+ periodSeconds: {{ .periodSeconds }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.resources }}
+ resources:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- if .Values.args }}
+ args:
+ {{- range .Values.args }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /etc/graylog/server
+ name: geocity
+ - mountPath: /tmp
+ name: tmp
+ - mountPath: /usr/share/graylog/data
+ name: graylog-volume
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: tmp
+ emptyDir: {}
+ - name: geocity
+ emptyDir: {}
+ - name: scripts
+ configMap:
+ name: {{ include "graylog.fullname" . }}-scripts
+ defaultMode: 0555
+ {{- if .Values.storage.persistentVolumeClaimName }}
+ - name: graylog-volume
+ persistentVolumeClaim:
+ claimName: {{ .Values.storage.persistentVolumeClaimName }}
+ {{- else }}
+ {{- if not .Values.storage.requestedSize }}
+ - name: graylog-volume
+ emptyDir: {}
+ {{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: graylog-volume
+ labels:
+ {{- include "graylog.labels" . | nindent 10 }}
+ spec:
+ {{- with .Values.storage.accessModes }}
+ accessModes:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- if .Values.storage.className }}
+ storageClassName: {{ .Values.storage.className }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.storage.requestedSize }}
+ {{- end }}
+ {{- end }}
\ No newline at end of file
diff --git a/charts/graylog/templates/tests/test-connection.yaml b/charts/graylog/templates/tests/test-connection.yaml
new file mode 100644
index 00000000..ce5105a3
--- /dev/null
+++ b/charts/graylog/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ include "graylog.fullname" . }}-test-connection"
+ labels:
+ {{- include "graylog.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": test-success
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "graylog.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
diff --git a/charts/graylog/values.yaml b/charts/graylog/values.yaml
new file mode 100644
index 00000000..4b896b21
--- /dev/null
+++ b/charts/graylog/values.yaml
@@ -0,0 +1,288 @@
+## Default values for Graylog deployment
+
+## Graylog docker image
+image:
+ repository: graylog/graylog
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+
+# Default Init container image
+initImage:
+ repository: maxmindinc/geoipupdate
+ pullPolicy: IfNotPresent
+ tag: "latest"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+## Optional service account
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+## Management policy, update strategy and number of replicas
+podManagementPolicy: OrderedReady
+updateStrategyType: RollingUpdate
+replicaCount: 1
+
+## Pod security options (default: Graylog as fsGroup)
+podSecurityContext:
+ fsGroup: 1100
+
+## Default security options to run Graylog as read only container without privilege escalation
+securityContext:
+ allowPrivilegeEscalation: false
+ privileged: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsGroup: 1100
+ runAsUser: 1100
+
+## Default Graylog service port (default web service port)
+service:
+ type: ClusterIP
+ port: 80
+ ## The node port (only relevant for type LoadBalancer or NodePort)
+ nodePort:
+ ## The cluster ip address (only relevant for type LoadBalancer or NodePort)
+ clusterIP:
+ ## The loadbalancer ip address (only relevant for type LoadBalancer)
+ loadBalancerIP:
+
+## List of extra service ports
+extraServices: {}
+# - name: udpinput
+ ## Service port type
+# type: ClusterIP
+ ## Service protocol
+# protocol: UDP
+ ## The container target port
+# containerPort: 12001
+ ## The service port
+# port: 12001
+ ## The node port (only relevant for type LoadBalancer or NodePort)
+# nodePort:
+ ## The cluster ip address (only relevant for type LoadBalancer or NodePort)
+# clusterIP:
+ ## The loadbalancer ip address (only relevant for type LoadBalancer)
+# loadBalancerIP:
+
+## Ingress configuration
+ingress:
+ ## Enable ingress endpoint
+ enabled: false
+
+ ## Additional ingress annotations
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+
+ ## Hosts
+ hosts:
+ - host:
+ paths: []
+
+ ## TLS settings for hosts
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+## Resource limits and requests
+resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+## Additional node selector
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+## Default liveness probe
+livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ timeoutSeconds: 5
+ failureThreshold: 3
+ successThreshold: 1
+ periodSeconds: 10
+
+## Default readiness probe
+readinessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ timeoutSeconds: 5
+ failureThreshold: 3
+ successThreshold: 1
+ periodSeconds: 10
+
+## Additional environment variables
+env: []
+
+## Arguments for the container entrypoint process
+args: []
+
+## Reference to external MongoDB database
+externalDatabase:
+ ## Name of the database (default: graylog)
+ name: "graylog"
+
+ ## Database user
+ user:
+
+ ## Database password
+ password:
+
+ ## Database host
+ host:
+
+## Optinal step to enable and initialize the GeoIP database file (for more info see: https://dev.maxmind.com/geoip/geoipupdate/)
+initGeoIPDatabase:
+ ## Enable GeoIP database download
+ enabled: false
+ ## MaxMind AccountId/UserId
+ accountId: ""
+ ## MaxMind license key
+ licenseKey: ""
+ ## GeoLite database edition (https://www.maxmind.com/en/accounts/473747/geoip/downloads)
+ editionId: "GeoLite2-City"
+
+ ## The MaxMind download host (not necessary to change that)
+ host:
+ ## A valid proxy if internet connection is running through a proxy
+ proxy:
+ ## Proxy username and password in format "username:password"
+ proxyUserPassword:
+
+## Graylog specific settings
+settings:
+ http:
+ externalUri: "http://127.0.0.1:9000/"
+ publishUri:
+
+ javaOpts:
+ passwordSecret: "somepasswordpepper"
+
+ rootUser:
+ username: "admin"
+ sha2Password: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"
+ email: ""
+ timezone: "UTC"
+
+ journal:
+ maxAge: "12h"
+ maxSize: "5gb"
+
+ elastic:
+ hosts: "http://127.0.0.1:9200"
+ indexPrefix: "graylog"
+
+ smtp:
+ enabled: false
+ host: "mail.example.com"
+ port: 587
+ useAuth: true
+ useTls: true
+ useSsl: false
+ username: "you@example.com"
+ password: "secret"
+ emailFrom: "you@example.com"
+ subjectPrefix: "[graylog]"
+
+## Storage parameters for Graylog journal
+storage:
+ ## Set persistentVolumenClaimName to reference an existing PVC
+ persistentVolumeClaimName:
+
+ ## Alternative set requestedSize to define a size for a dynmaically created PVC
+ requestedSize:
+
+ ## the storage class name
+ className:
+
+ ## Default access mode (ReadWriteOnce)
+ accessModes:
+ - ReadWriteOnce
+
+## MongoDB configuration
+mongodb:
+ ## Enable MongoDB helm chart for deployment (default: false)
+ enabled: false
+
+ ## Database settings
+ settings:
+ ## The root username (default: admin)
+ rootUsername: "admin"
+ ## The root user password (default: a 10 char. alpahnumerical random password will be generated)
+ rootPassword:
+
+ ## Optional user database which is created during first startup with user and password
+ userDatabase: {}
+ ## Name of the user database
+ # name:
+
+ ## Database user with full access rights
+ # user:
+
+ ## Password of the database user (default: a 10 char. alpahnumerical random password will be generated)
+ # password:
+
+ ## Custom configuration (use instead of command args)
+ customConfig: |
+
+ # Storage parameters
+ # When a persistentVolumenClaimName is configured the requestedSize and accessModes will be ignored and the existing PVC based on the name will be used
+ # otherwise a dynamic persistent volume will be created with PVC name of this chart and the configured requestedSize and accessModes
+ # If both parameters are missing a volatile emtpyDir volume will be used as Graylog storage
+ storage:
+ ## Set persistentVolumenClaimName to reference an existing PVC
+ persistentVolumeClaimName:
+
+ ## Alternative set requestedSize to define a size for a dynamically created PVC
+ requestedSize:
+
+ ## the storage class name
+ className:
+
+ ## Default access mode (ReadWriteOnce)
+ accessModes:
+ - ReadWriteOnce
+
+## Elasticsearch configuration
+elasticsearch:
+ ## Enable Elasticsearch helm chart for deployment (default: false)
+ enabled: false
+
+ settings:
+ javaOpts: "-Xms512m -Xmx512m"
+ clusterName: "graylog"
+
+ ## Storage parameters for Elasticsearch database
+ storage:
+ ## Set persistentVolumenClaimName to reference an existing PVC
+ persistentVolumeClaimName:
+
+ ## Alternative set requestedSize to define a size for a dynmaically created PVC
+ requestedSize:
+
+ ## the storage class name
+ className:
+
+ ## Default access mode (ReadWriteOnce)
+ accessModes:
+ - ReadWriteOnce
--
GitLab