Feat: first working Opensearch V3

charts/kubezero-telemetry/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-telemetry
 description: KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
 type: application
-version: 0.4.2
+version: 0.5.0
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -46,4 +46,4 @@ dependencies:
     version: 0.49.0
     repository: https://fluent.github.io/helm-charts
     condition: fluent-bit.enabled
-kubeVersion: ">= 1.26.0"
+kubeVersion: ">= 1.30.0-0"

charts/kubezero-telemetry/README.md

@@ -14,7 +14,7 @@ KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
 
 ## Requirements
 
-Kubernetes: `>= 1.26.0`
+Kubernetes: `>= 1.30.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
@@ -173,10 +173,23 @@ Kubernetes: `>= 1.26.0`
 | opensearch-dashboards.istio.enabled | bool | `false` |  |
 | opensearch-dashboards.istio.gateway | string | `"istio-ingress/private-ingressgateway"` |  |
 | opensearch-dashboards.istio.url | string | `"telemetry-dashboard.example.com"` |  |
+| opensearch-dashboards.resources.limits.cpu | string | `nil` |  |
+| opensearch-dashboards.resources.limits.memory | string | `"512M"` |  |
+| opensearch-dashboards.resources.requests.cpu | string | `"100m"` |  |
+| opensearch-dashboards.resources.requests.memory | string | `"512M"` |  |
+| opensearch-dashboards.serviceMonitor.enabled | bool | `false` |  |
+| opensearch-dashboards.serviceMonitor.interval | string | `"30s"` |  |
+| opensearch.config."opensearch.yml" | string | `"cluster.name: opensearch-cluster\nnetwork.host: 0.0.0.0\ndiscovery.type: single-node\n"` |  |
 | opensearch.enabled | bool | `false` |  |
-| opensearch.nodeSets | list | `[]` |  |
-| opensearch.prometheus | bool | `false` |  |
-| opensearch.version | string | `"2.17.0"` |  |
+| opensearch.maxUnavailable | int | `0` |  |
+| opensearch.opensearchJavaOpts | string | `"-Xmx1024M -Xms1024M"` |  |
+| opensearch.persistence.size | string | `"8Gi"` |  |
+| opensearch.resources.limits.memory | string | `"2Gi"` |  |
+| opensearch.resources.requests.cpu | string | `"500m"` |  |
+| opensearch.resources.requests.memory | string | `"2Gi"` |  |
+| opensearch.serviceMonitor.enabled | bool | `false` |  |
+| opensearch.serviceMonitor.interval | string | `"30s"` |  |
+| opensearch.singleNode | bool | `true` |  |
 | opentelemetry-collector.config.exporters.otlp/data-prepper.endpoint | string | `"telemetry-data-prepper:21890"` |  |
 | opentelemetry-collector.config.exporters.otlp/data-prepper.tls.insecure | bool | `true` |  |
 | opentelemetry-collector.config.exporters.otlp/jaeger.endpoint | string | `"telemetry-jaeger-collector:4317"` |  |

charts/kubezero-telemetry/templates/opensearch/certificates.yaml

@@ -1,72 +0,0 @@
-{{- if .Values.opensearch.nodeSets }}
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: {{ template "kubezero-lib.fullname" . }}-nodes-transport
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{ include "kubezero-lib.labels" . | nindent 4 }}
-spec:
-  secretName: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls
-  issuerRef:
-    name: kubezero-local-ca-issuer
-    kind: ClusterIssuer
-  duration: 8760h0m0s
-  privateKey:
-    encoding: PKCS8
-  usages:
-  - "client auth"
-  - "server auth"
-  commonName: {{ template "kubezero-lib.fullname" . }}-nodes
-  dnsNames:
-  # <cluster-name>-<nodepool-component>-<index>
-  - '{{ template "kubezero-lib.fullname" . }}-nodes'
-  - '{{ template "kubezero-lib.fullname" . }}-nodes-*'
-  - '{{ template "kubezero-lib.fullname" . }}-bootstrap-0'
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: {{ template "kubezero-lib.fullname" . }}-nodes-http
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{ include "kubezero-lib.labels" . | nindent 4 }}
-spec:
-  secretName: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls
-  issuerRef:
-    name: kubezero-local-ca-issuer
-    kind: ClusterIssuer
-  duration: 8760h0m0s
-  privateKey:
-    encoding: PKCS8
-  usages:
-  - "client auth"
-  - "server auth"
-  commonName: {{ template "kubezero-lib.fullname" . }}
-  dnsNames:
-  # <cluster-name>, <cluster-name>.<namespace>, <cluster-name>.<namespace>.svc,<cluster-name>.<namespace>.svc.cluster.local
-  - '{{ template "kubezero-lib.fullname" . }}'
-  - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc'
-  - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local'
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: {{ template "kubezero-lib.fullname" . }}-admin
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{ include "kubezero-lib.labels" . | nindent 4 }}
-spec:
-  secretName: {{ template "kubezero-lib.fullname" . }}-admin-tls
-  issuerRef:
-    name: kubezero-local-ca-issuer
-    kind: ClusterIssuer
-  duration: 8760h0m0s
-  usages:
-  - "client auth"
-  commonName: {{ template "kubezero-lib.fullname" . }}-admin
-  privateKey:
-    encoding: PKCS8
-{{- end }}

charts/kubezero-telemetry/templates/opensearch/cluster.yaml

@@ -1,111 +0,0 @@
-{{- if .Values.opensearch.nodeSets }}
-#pluginsList: ["repository-s3","https://github.com/aiven/prometheus-exporter-plugin-for-opensearch/releases/download/2.11.1.0/prometheus-exporter-2.11.1.0.zip"]
-apiVersion: opensearch.opster.io/v1
-kind: OpenSearchCluster
-metadata:
-  name: {{ template "kubezero-lib.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{ include "kubezero-lib.labels" . | nindent 4 }}
-spec:
-  general:
-    serviceName: {{ template "kubezero-lib.fullname" . }}
-    version: {{ .Values.opensearch.version }}
-    setVMMaxMapCount: false
-    pluginsList: ["repository-s3"]
-    monitoring:
-      enable: {{ .Values.opensearch.prometheus }}
-      tlsConfig:
-        insecureSkipVerify: true
-    podSecurityContext:
-      runAsUser: 1000
-      runAsGroup: 1000
-      runAsNonRoot: true
-      fsGroup: 1000
-    securityContext:
-      allowPrivilegeEscalation: false
-      privileged: false
-  {{- if .Values.opensearch.dashboard.enabled }}
-  # https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml
-  dashboards:
-    enable: true
-    version: {{ .Values.opensearch.version }}
-    replicas: 1
-    resources:
-      requests:
-         memory: "512Mi"
-         cpu: "200m"
-      limits:
-         memory: "1Gi"
-         #cpu: "200m"
-    podSecurityContext:
-      runAsNonRoot: true
-      fsGroup: 1000
-    securityContext:
-      capabilities:
-        drop:
-        - ALL
-      privileged: false
-    additionalConfig:
-      opensearchDashboards.branding.useExpandedHeader: "false"
-      opensearchDashboards.branding.applicationTitle: "KubeZero Dashboards"
-      opensearchDashboards.branding.mark.defaultUrl: "https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png"
-  {{- end }}
-  nodePools:
-    {{- range .Values.opensearch.nodeSets }}
-    - component: nodes-{{ .name }}
-      replicas: {{ .replicas }}
-      diskSize:  {{ .storage.size }}
-      {{- with .storage.class }}
-      persistence:
-        pvc:
-          storageClass: {{ . }}
-      {{- end }}
-      {{- with .resources }}
-      resources: {{ toYaml . | nindent 8 }}
-      {{- end }}
-      roles:
-        - "cluster_manager"
-        - "data"
-      {{- if gt (int .replicas) 1 }}
-      pdb:
-        enable: true
-        maxUnavailable: 1
-      topologySpreadConstraints:
-        - maxSkew: 1
-          topologyKey: kubernetes.io/hostname
-          whenUnsatisfiable: DoNotSchedule
-          labelSelector:
-            matchLabels:
-              opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }}
-      {{- end }}
-      additionalConfig:
-        index.codec: zstd_no_dict
-        indices.time_series_index.default_index_merge_policy: log_byte_size
-        {{- with .zone }}
-        cluster.routing.allocation.awareness.attributes: k8s_node_name,zone
-        node.attr.zone: {{ . }}
-        {{- end }}
-        {{- with $.Values.opensearch.settings }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    {{- end }}
-  security:
-    config:
-      adminSecret:
-        name: {{ template "kubezero-lib.fullname" . }}-admin-tls
-    tls:
-      transport:
-        generate: false
-        perNode: false
-        secret:
-          name: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls
-        nodesDn:
-          - 'CN={{ template "kubezero-lib.fullname" . }}-nodes'
-        adminDn:
-          - 'CN={{ template "kubezero-lib.fullname" . }}-admin'
-      http:
-        generate: false
-        secret:
-          name: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls
-{{- end }}

charts/kubezero-telemetry/templates/opensearch/ism-policy.yaml

@@ -1,39 +0,0 @@
-{{- if .Values.opensearch.nodeSets }}
-apiVersion: opensearch.opster.io/v1
-kind: OpenSearchISMPolicy
-metadata:
-  name: {{ template "kubezero-lib.fullname" . }}-ism-default-retention
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{ include "kubezero-lib.labels" . | nindent 4 }}
-spec:
-   opensearchCluster:
-     name: {{ template "kubezero-lib.fullname" . }}
-   description: Default KubeZero retention policy
-   defaultState: hot
-   states:
-     - name: hot
-       actions:
-         - replicaCount:
-             numberOfReplicas: 1
-       transitions:
-         - stateName: warm
-           conditions:
-             minIndexAge: "7d"
-     - name: warm
-       actions:
-         - replicaCount:
-             numberOfReplicas: 0
-       transitions:
-         - stateName: delete
-           conditions:
-             minIndexAge: "32d"
-     - name: delete
-       actions:
-         - delete: {}
-   ismTemplate:
-     indexPatterns:
-       - "logstash-*"
-       - "jaeger-*"
-       -  "otel-v1-apm-span-*"
-{{- end }}

charts/kubezero-telemetry/templates/opensearch/istio-authorization-policy.yaml

@@ -1,5 +1,5 @@
-{{- if .Values.opensearch.dashboard.istio.enabled }}
-{{- if .Values.opensearch.dashboard.istio.ipBlocks }}
+{{- if index .Values "opensearch-dashboards" "istio" "enabled" }}
+{{- if index .Values "opensearch-dashboards" "istio" "ipBlocks" }}
 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
@@ -16,10 +16,10 @@ spec:
   - from:
     - source:
         notIpBlocks:
-        {{- toYaml .Values.opensearch.dashboard.istio.ipBlocks | nindent 8 }}
+        {{- toYaml (index .Values "opensearch-dashboards" "istio" "ipBlocks") | nindent 8 }}
     to:
     - operation:
-        hosts: [{{ .Values.opensearch.dashboard.istio.url }}]
+        hosts: [{{ index .Values "opensearch-dashboards" "istio" "url" }}]
     when:
     - key: connection.sni
       values:

charts/kubezero-telemetry/templates/opensearch/istio-virtualservice.yaml

@@ -1,20 +1,20 @@
-{{- if .Values.opensearch.dashboard.istio.enabled }}
+{{- if index .Values "opensearch-dashboards" "istio" "enabled" }}
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: {{ template "kubezero-lib.fullname" . }}-kibana
   namespace: {{ .Release.Namespace }}
   labels:
-{{ include "kubezero-lib.labels" . | indent 4 }} 
+{{ include "kubezero-lib.labels" . | indent 4 }}
 spec:
   hosts:
-  - {{ .Values.opensearch.dashboard.istio.url }}
+  - {{ index .Values "opensearch-dashboards" "istio" "url" }}
   gateways:
-  - {{ default "istio-system/ingressgateway" .Values.opensearch.dashboard.istio.gateway }}
+  - {{ default "istio-system/ingressgateway" ( index .Values "opensearch-dashboards" "istio" "gateway" ) }}
   http:
   - route:
     - destination:
-        host: telemetry-dashboards
+        host: telemetry-opensearch-dashboards
         port:
           number: 5601
 {{- end }}

charts/kubezero-telemetry/values.yaml

@@ -227,39 +227,55 @@ jaeger:
     gateway: istio-ingress/private-ingressgateway
     url: jaeger.example.com
 
+
 opensearch:
   enabled: false
 
-  version: 2.17.0
-  prometheus: false
+  singleNode: true
+  maxUnavailable: 0
 
-  # custom cluster settings
-  #settings:
-  # index.number_of_shards: 1
+  config:
+    opensearch.yml: |
+      cluster.name: opensearch-cluster
+      network.host: 0.0.0.0
+      discovery.type: single-node
+
+  opensearchJavaOpts: "-Xmx1024M -Xms1024M"
+  resources:
+    requests:
+      cpu: "500m"
+      memory: "2Gi"
+    limits:
+      memory: "2Gi"
+  persistence:
+    size: 8Gi
+
+  serviceMonitor:
+    enabled: false
+    interval: 30s
 
-  nodeSets: []
-  #- name: default-nodes
-  #  replicas: 2
-  #  storage:
-  #    size: 16Gi
-  #    class: my-fancy-SSDs
-  #  zone: us-west-2a
-  #  resources:
-  #    limits:
-  #      #cpu: 1
-  #      memory: 2Gi
-  #    requests:
-  #      cpu: 500m
-  #      memory: 2Gi
 
 opensearch-dashboards:
     enabled: false
 
+    resources:
+      requests:
+        cpu: "100m"
+        memory: "512M"
+      limits:
+        cpu: null
+        memory: "512M"
+
+    serviceMonitor:
+      enabled: false
+      interval: 30s
+
     istio:
       enabled: false
       gateway: istio-ingress/private-ingressgateway
       url: telemetry-dashboard.example.com
 
+
 # New logging pipeline
 fluentd:
   enabled: false

charts/kubezero/README.md

@@ -32,7 +32,7 @@ Kubernetes: `>= 1.32.0-0`
 | addons.external-dns.enabled | bool | `false` |  |
 | addons.forseti.enabled | bool | `false` |  |
 | addons.sealed-secrets.enabled | bool | `false` |  |
-| addons.targetRevision | string | `"0.8.13"` |  |
+| addons.targetRevision | string | `"0.8.14"` |  |
 | argo.argo-cd.enabled | bool | `false` |  |
 | argo.argo-cd.istio.enabled | bool | `false` |  |
 | argo.argocd-image-updater.enabled | bool | `false` |  |
@@ -77,10 +77,10 @@ Kubernetes: `>= 1.32.0-0`
 | network.cilium.cluster | object | `{}` |  |
 | network.enabled | bool | `true` |  |
 | network.retain | bool | `true` |  |
-| network.targetRevision | string | `"0.5.7"` |  |
+| network.targetRevision | string | `"0.5.8"` |  |
 | operators.enabled | bool | `false` |  |
 | operators.namespace | string | `"operators"` |  |
-| operators.targetRevision | string | `"0.2.0"` |  |
+| operators.targetRevision | string | `"0.2.1"` |  |
 | storage.aws-ebs-csi-driver.enabled | bool | `false` |  |
 | storage.aws-efs-csi-driver.enabled | bool | `false` |  |
 | storage.enabled | bool | `false` |  |
@@ -88,7 +88,7 @@ Kubernetes: `>= 1.32.0-0`
 | storage.k8up.enabled | bool | `false` |  |
 | storage.lvm-localpv.enabled | bool | `false` |  |
 | storage.snapshotController.enabled | bool | `false` |  |
-| storage.targetRevision | string | `"0.8.10"` |  |
+| storage.targetRevision | string | `"0.8.11"` |  |
 | telemetry.enabled | bool | `false` |  |
 | telemetry.namespace | string | `"telemetry"` |  |
 | telemetry.targetRevision | string | `"0.4.1"` |  |

charts/kubezero/templates/telemetry.yaml

@@ -57,27 +57,22 @@ jaeger:
 
 {{- if .Values.telemetry.opensearch }}
 opensearch:
-  {{- if .Values.telemetry.opensearch.nodeSets }}
-  nodeSets:
-    {{- with .Values.telemetry.opensearch.nodeSets }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
+  {{- with .Values.telemetry.opensearch }}
+  {{- toYaml . | nindent 2 }}
   {{- end }}
 
-  {{- if .Values.telemetry.opensearch.dashboard }}
-  dashboard:
-    {{- with .Values.telemetry.opensearch.dashboard }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
+  serviceMonitor:
+    enabled: {{ .Values.metrics.enabled }}
+{{- end }}
+
+{{- if index .Values "telemetry" "opensearch-dashboards" }}
+opensearch-dashboards:
+  {{- with index .Values "telemetry" "opensearch-dashboards" }}
+  {{- toYaml . | nindent 2 }}
   {{- end }}
 
-  {{- with .Values.telemetry.opensearch.settings }}
-  settings:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-
-  prometheus: {{ .Values.metrics.enabled }}
-
+  serviceMonitor:
+    enabled: {{ .Values.metrics.enabled }}
 {{- end }}
 
 {{- end }}