With helm-managed backends
You can find below 3 recommended deployment sized for your OCTI stack.
The sample are based on the following assumptions :
- You followed the requirements for a Helm-managed deployment
- You're using Nginx as ingress controller
Warning
Please take time to review all credential values (such as admin password and tokens) to set them with a value of your own. Do not use the current values for sensitive fields as is.
S(mall)
Recommended for PoV, dev environments (like Minikube single node cluster)
opencti:
env:
# OpenCTI
APP__BASE_URL: "http://opencti.local"
APP__ADMIN__EMAIL: admin@opencti.io
APP__ADMIN__PASSWORD: WhatA_Strong-P4ssword*!
APP__ADMIN__TOKEN: d99208c3-0eca-4c65-9633-42be3b9c6bb8
APP__HEALTH_ACCESS_KEY: RANDOM_ACCESS_KEY
# MinIO
MINIO__ENDPOINT: "minio"
MINIO__PORT: "80"
MINIO__BUCKET_NAME: opencti
MINIO__USE_AWS_ROLE: false
MINIO__USE_SSL: false
# Elasticsearch
ELASTICSEARCH__URL: "https://es-data-nodes:9200"
ELASTICSEARCH__NUMBER_OF_REPLICAS: '0'
ELASTICSEARCH__SSL__REJECT_UNAUTHORIZED: "false"
ELASTICSEARCH__USERNAME: "elastic"
# RabbitMQ
RABBITMQ__HOSTNAME: rabbitmq
RABBITMQ__PORT: 5672
RABBITMQ__QUEUE_TYPE: quorum
RABBITMQ__USE_SSL: false
RABBITMQ__PORT_MANAGEMENT: 15672
RABBITMQ__MANAGEMENT_SSL: false
RABBITMQ__HOSTNAME_MANAGEMENT: rabbitmq
# REDIS
REDIS__TRIMMING: 10000
REDIS__ACTIVITY_TRIMMING: 50000
REDIS__NOTIFICATION_TRIMMING: 50000
REDIS__NAMESPACE: opencti
REDIS__USE_SSL: false
envFromSecrets:
ELASTICSEARCH__PASSWORD:
key: elastic
secretName: elasticsearch-es-elastic-user
MINIO__ACCESS_KEY:
key: accessKey
secretName: minio-credentials
MINIO__SECRET_KEY:
key: secretKey
secretName: minio-credentials
RABBITMQ__USERNAME:
key: username
secretName: rabbitmq-default-user
RABBITMQ__PASSWORD:
key: password
secretName: rabbitmq-default-user
front:
ingress:
enabled: true
className: "nginx"
hosts:
- host: opencti.local
paths:
- path: /
pathType: Prefix
resources:
limits:
cpu: "0.5"
memory: 1024Mi
requests:
cpu: "0.25"
memory: 512Mi
ingest:
replicaCount: 1
resources:
limits:
cpu: "0.5"
memory: 1024Mi
requests:
cpu: "0.25"
memory: 512Mi
worker:
env:
OPENCTI_URL: http://opencti-ingest:80
OPENCTI_TOKEN: d99208c3-0eca-4c65-9633-42be3b9c6bb8
replicaCount: 1
resources:
limits:
cpu: "0.5"
memory: 1024Mi
requests:
cpu: "0.5"
memory: 512Mi
elasticsearch:
enabled: true
clusterName: elasticsearch
disableDowngradeValidation: "true"
masterNodes:
replicas: 1
dataNodes:
replicas: 1
allowMmap: false
enableXpackML: false
threadPoolSearchQueueSize: 5000
loggerDiscoveryLevel: ERROR
storageSize: 20Gi
dataNodeJavaOpts: -Xms2g -Xmx2g -Xlog:disable -Xlog:all=warning:stderr:utctime,level,tags -Xlog:gc=debug:stderr:utctime
resources:
limits:
cpu: "1"
memory: 3072Mi
requests:
cpu: "1"
memory: 2048Mi
service:
name: es-data-nodes
port: 9200
targetPort: 9200
kibana:
enabled: true
name: kibana
elasticsearchRequestTimeout: 1800000
serverSocketTimeout: 1800000
telemetryOptIn: false
telemetryAllowChangingOptInStatus: false
ingress:
enabled: true
http:
tls:
selfSignedCertificate:
disabled: true
rabbitmq:
enabled: true
replicas: 3
storageSize: 5Gi
resources:
limits:
cpu: "1"
memory: 1024Mi
requests:
cpu: "0.5"
memory: 256Mi
ingress:
enabled: true
redis:
enabled: true
mode: standalone
storageSize: 4Gi
resources:
requests:
cpu: "0.5"
memory: 2Gi
limits:
memory: 2Gi
minio:
enabled: true
standardClass: 0
standardPool:
serversCount: 1
storageSize: 5G
resources:
requests:
cpu: "0.2"
memory: 256Mi
limits:
memory: 1Gi
certificate:
requestAutoCert: false
podManagementPolicy: Parallel
logging:
anonymous: true
json: true
quiet: true
ingress:
enabled: true
M(edium)
Recommended as a standard production deployment.
opencti:
env:
# OpenCTI
APP__BASE_URL: "http://opencti:8080"
APP__ADMIN__EMAIL: admin@opencti.io
APP__ADMIN__PASSWORD: WhatA_Strong-P4ssword*!
APP__ADMIN__TOKEN: "d99208c3-0eca-4c65-9633-42be3b9c6bb8"
APP__HEALTH_ACCESS_KEY: "8b55aac644e9e6f2701805584cc391ff81d3ecec"
# MinIO
MINIO__BUCKET_NAME: opencti
MINIO__USE_AWS_ROLE: false
MINIO__USE_SSL: false
# Elasticsearch
ELASTICSEARCH__URL: "https://es-data-nodes:9200"
ELASTICSEARCH__SSL__REJECT_UNAUTHORIZED: "false"
ELASTICSEARCH__USERNAME: "elastic"
ELASTICSEARCH__INDEX_PREFIX: "opencti"
# RabbitMQ
RABBITMQ__QUEUE_TYPE: quorum
RABBITMQ__USE_SSL: false
RABBITMQ__MANAGEMENT_SSL: false
# REDIS
REDIS__TRIMMING: 10000
REDIS__ACTIVITY_TRIMMING: 50000
REDIS__NOTIFICATION_TRIMMING: 50000
REDIS__NAMESPACE: opencti
REDIS__USE_SSL: "false"
REDIS__MODE: "sentinel"
REDIS__SENTINEL_MASTER_NAME: "myMaster"
REDIS__SENTINEL_UPDATE_SENTINELS: "false"
REDIS__SENTINEL_FAILOVER_DETECTOR: "true"
REDIS__HOSTNAMES: '["redis-sentinel-sentinel:26379"]'
envFromSecrets:
ELASTICSEARCH__PASSWORD:
key: elastic
secretName: elasticsearch-es-elastic-user
MINIO__ACCESS_KEY:
key: accessKey
secretName: minio-credentials
MINIO__SECRET_KEY:
key: secretKey
secretName: minio-credentials
RABBITMQ__USERNAME:
key: username
secretName: rabbitmq-default-user
RABBITMQ__PASSWORD:
key: password
secretName: rabbitmq-default-user
front:
resources:
requests:
cpu: 1
memory: 4Gi
limits:
memory: 8Gi
ingress:
enabled: true
className: "nginx" # Update it to reflect your environment
hosts:
- host: opencti.local # Update it to reflect your environment
paths:
- path: /
pathType: Prefix
ingest:
replicaCount: 3
resources:
requests:
cpu: 1
memory: 1Gi
limits:
memory: 2Gi
worker:
replicaCount: 9
env:
OPENCTI_TOKEN: "d99208c3-0eca-4c65-9633-42be3b9c6bb8"
resources:
limits:
memory: 1Gi
requests:
cpu: "1"
memory: 512Mi
elasticsearch:
enabled: true
masterNodes:
replicas: 3
dataNodes:
replicas: 5
storageSize: 200Gi
javaOpts: -Xms8g -Xmx8g -Xlog:disable -Xlog:all=warning:stderr:utctime,level,tags -Xlog:gc=debug:stderr:utctime
resources:
requests:
memory: 16Gi
cpu: 2
limits:
memory: 18Gi
kibana:
http:
tls:
selfSignedCertificate:
disabled: true
rabbitmq:
enabled: true
replicas: 3
storageSize: 20Gi
resources:
limits:
memory: 4Gi
requests:
cpu: 256m
memory: 2Gi
redis:
enabled: true
mode: sentinel
storageSize: 16Gi
resources:
limits:
cpu: "2"
memory: 12Gi
requests:
cpu: "1"
memory: 8Gi
minio:
enabled: true
standardPool:
storageSize: 30Gi
resources:
limits:
memory: 4Gi
requests:
cpu: 200m
memory: 1Gi
exposeServices:
console: true
L(arge)
Recommended for production instances with many feeds, connectors...
opencti:
env:
# OpenCTI
APP__BASE_URL: "http://opencti:8080"
APP__ADMIN__EMAIL: admin@opencti.io
APP__ADMIN__PASSWORD: WhatA_Strong-P4ssword*!
APP__ADMIN__TOKEN: "d99208c3-0eca-4c65-9633-42be3b9c6bb8"
APP__HEALTH_ACCESS_KEY: "8b55aac644e9e6f2701805584cc391ff81d3ecec"
# MinIO
MINIO__BUCKET_NAME: opencti
MINIO__USE_AWS_ROLE: false
MINIO__USE_SSL: false
# Elasticsearch
ELASTICSEARCH__URL: "https://es-data-nodes:9200"
ELASTICSEARCH__SSL__REJECT_UNAUTHORIZED: "false"
ELASTICSEARCH__USERNAME: "elastic"
ELASTICSEARCH__INDEX_PREFIX: "opencti"
# RabbitMQ
RABBITMQ__QUEUE_TYPE: quorum
RABBITMQ__USE_SSL: false
RABBITMQ__MANAGEMENT_SSL: false
# REDIS
REDIS__TRIMMING: 10000
REDIS__ACTIVITY_TRIMMING: 50000
REDIS__NOTIFICATION_TRIMMING: 50000
REDIS__NAMESPACE: opencti
REDIS__USE_SSL: "false"
REDIS__MODE: "sentinel"
REDIS__SENTINEL_MASTER_NAME: "myMaster"
REDIS__SENTINEL_UPDATE_SENTINELS: "false"
REDIS__SENTINEL_FAILOVER_DETECTOR: "true"
REDIS__HOSTNAMES: '["redis-sentinel-sentinel:26379"]'
envFromSecrets:
ELASTICSEARCH__PASSWORD:
key: elastic
secretName: elasticsearch-es-elastic-user
MINIO__ACCESS_KEY:
key: accessKey
secretName: minio-credentials
MINIO__SECRET_KEY:
key: secretKey
secretName: minio-credentials
RABBITMQ__USERNAME:
key: username
secretName: rabbitmq-default-user
RABBITMQ__PASSWORD:
key: password
secretName: rabbitmq-default-user
front:
resources:
requests:
cpu: 1
memory: 4Gi
limits:
memory: 8Gi
ingress:
enabled: true
className: "nginx" # Update it to reflect your environment
hosts:
- host: opencti.local # Update it to reflect your environment
paths:
- path: /
pathType: Prefix
ingest:
replicaCount: 6
resources:
requests:
cpu: 1
memory: 1Gi
limits:
memory: 2Gi
worker:
replicaCount: 12
env:
OPENCTI_TOKEN: "d99208c3-0eca-4c65-9633-42be3b9c6bb8"
resources:
limits:
memory: 1Gi
requests:
cpu: "1"
memory: 512Mi
elasticsearch:
enabled: true
masterNodes:
replicas: 3
dataNodes:
replicas: 7
storageSize: 500Gi
javaOpts: -Xms16g -Xmx16g -Xlog:disable -Xlog:all=warning:stderr:utctime,level,tags -Xlog:gc=debug:stderr:utctime
resources:
requests:
memory: 32Gi
cpu: 2
limits:
memory: 36Gi
kibana:
http:
tls:
selfSignedCertificate:
disabled: true
rabbitmq:
enabled: true
replicas: 3
storageSize: 50Gi
resources:
limits:
memory: 8Gi
requests:
cpu: 256m
memory: 2Gi
redis:
enabled: true
mode: sentinel
storageSize: 30Gi
resources:
limits:
cpu: "2"
memory: 20Gi
requests:
cpu: "1"
memory: 15Gi
minio:
enabled: true
standardPool:
storageSize: 50Gi
resources:
limits:
memory: 4Gi
requests:
cpu: 200m
memory: 1Gi
exposeServices:
console: true