With external backends

This sample will deploy only the OpenCTI application based on the following assumptions :

• All the dependencies are already deployed, running and accessible from your Kubernetes cluster

• You created the Kubernetes secrets referenced below containing the relevant credentials

• You're using Nginx as ingress controller

You can customize the values according to your own settings.

Warning

Please take time to review all credential values (such as admin password and tokens) to set them with a value of your own. Do not use the current values for sensitive fields as is.

opencti:
  env:
    # OpenCTI
    APP__BASE_URL: "http://opencti:8080"
    APP__ADMIN__EMAIL: admin@opencti.io
    APP__ADMIN__PASSWORD: WhatA_Strong-P4ssword*!
    APP__ADMIN__TOKEN: "d99208c3-0eca-4c65-9633-42be3b9c6bb8"
    APP__HEALTH_ACCESS_KEY: "8b55aac644e9e6f2701805584cc391ff81d3ecec"
    # MinIO
    MINIO__ENDPOINT: "https://minio"
    MINIO__PORT: "443"
    MINIO__BUCKET_NAME: opencti
    MINIO__BUCKET_REGION: "eu-west"
    MINIO__USE_SSL: true
    # Elasticsearch
    ELASTICSEARCH__URL: "https://elasticsearch"
    ELASTICSEARCH__SSL__REJECT_UNAUTHORIZED: "false"
    ELASTICSEARCH__USERNAME: "elastic"
    ELASTICSEARCH__INDEX_PREFIX: "opencti"
    # RabbitMQ
    RABBITMQ__HOSTNAME: https://rabbitmq
    RABBITMQ__PORT: "5671"
    RABBITMQ__QUEUE_TYPE: classic
    RABBITMQ__USE_SSL: "true"
    RABBITMQ__PORT_MANAGEMENT: "443"
    RABBITMQ__MANAGEMENT_SSL: "true"
    # REDIS
    REDIS__MODE: "cluster"
    REDIS__HOSTNAMES: '["redis:6379"]'
    REDIS__HOSTNAME: "redis"
    REDIS__NAMESPACE: opencti
    REDIS__USE_SSL: "true"
    REDIS__NOTIFICATION_TRIMMING: "50000"
    REDIS__ACTIVITY_TRIMMING: "50000"
    REDIS__TRIMMING: "500000"

  envFromSecrets:
    ELASTICSEARCH__PASSWORD:
      key: elastic
      secretName: elasticsearch-es-elastic-user
    MINIO__ACCESS_KEY:
      key: accessKey
      secretName:  minio-credentials
    MINIO__SECRET_KEY:
      key: secretKey
      secretName: minio-credentials
    RABBITMQ__USERNAME:
      key: username
      secretName: rabbitmq-default-user
    RABBITMQ__PASSWORD:
      key: password
      secretName: rabbitmq-default-user
    REDIS__USERNAME:
      secretName: redis-credentials
      key: username
    REDIS__PASSWORD:
      secretName: redis-credentials
      key: password

  front:
    ingress:
      enabled: true
      className: "nginx" # Update it to reflect your environment
      hosts:
        - host: opencti.local # Update it to reflect your environment
          paths:
            - path: /
              pathType: Prefix

  ingest:
    resources:
      requests:
        cpu: 1
        memory: 1Gi
      limits:
        memory: 2Gi

  worker:
    env:
      OPENCTI_TOKEN: "d99208c3-0eca-4c65-9633-42be3b9c6bb8"
    resources:
      limits:
        memory: 1Gi
      requests:
        cpu: "1"
        memory: 512Mi