ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 29 Packages Projects Releases Wiki Activity

Feat: first working Opensearch V3

Browse Source
This commit is contained in:
Stefan Reimer 2025-05-23 14:08:35 +00:00
parent 405eea7119
commit e7673a1e59
10 changed files with 79 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/kubezero-telemetry/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-telemetry name: kubezero-telemetry
description: KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc. description: KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
type: application type: application
version: 0.4.2 version: 0.5.0
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:
@ -46,4 +46,4 @@ dependencies:
version: 0.49.0 version: 0.49.0
repository: https://fluent.github.io/helm-charts repository: https://fluent.github.io/helm-charts
condition: fluent-bit.enabled condition: fluent-bit.enabled
kubeVersion: ">= 1.26.0" kubeVersion: ">= 1.30.0-0"

21
charts/kubezero-telemetry/README.md
View File

@ -14,7 +14,7 @@ KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
## Requirements ## Requirements
Kubernetes: `>= 1.26.0` Kubernetes: `>= 1.30.0-0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
@ -173,10 +173,23 @@ Kubernetes: `>= 1.26.0`
| opensearch-dashboards.istio.enabled | bool | `false` | | | opensearch-dashboards.istio.enabled | bool | `false` | |
| opensearch-dashboards.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | | opensearch-dashboards.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
| opensearch-dashboards.istio.url | string | `"telemetry-dashboard.example.com"` | | | opensearch-dashboards.istio.url | string | `"telemetry-dashboard.example.com"` | |
| opensearch-dashboards.resources.limits.cpu | string | `nil` | |
| opensearch-dashboards.resources.limits.memory | string | `"512M"` | |
| opensearch-dashboards.resources.requests.cpu | string | `"100m"` | |
| opensearch-dashboards.resources.requests.memory | string | `"512M"` | |
| opensearch-dashboards.serviceMonitor.enabled | bool | `false` | |
| opensearch-dashboards.serviceMonitor.interval | string | `"30s"` | |
| opensearch.config."opensearch.yml" | string | `"cluster.name: opensearch-cluster\nnetwork.host: 0.0.0.0\ndiscovery.type: single-node\n"` | |
| opensearch.enabled | bool | `false` | | | opensearch.enabled | bool | `false` | |
| opensearch.nodeSets | list | `[]` | | | opensearch.maxUnavailable | int | `0` | |
| opensearch.prometheus | bool | `false` | | | opensearch.opensearchJavaOpts | string | `"-Xmx1024M -Xms1024M"` | |
| opensearch.version | string | `"2.17.0"` | | | opensearch.persistence.size | string | `"8Gi"` | |
| opensearch.resources.limits.memory | string | `"2Gi"` | |
| opensearch.resources.requests.cpu | string | `"500m"` | |
| opensearch.resources.requests.memory | string | `"2Gi"` | |
| opensearch.serviceMonitor.enabled | bool | `false` | |
| opensearch.serviceMonitor.interval | string | `"30s"` | |
| opensearch.singleNode | bool | `true` | |
| opentelemetry-collector.config.exporters.otlp/data-prepper.endpoint | string | `"telemetry-data-prepper:21890"` | | | opentelemetry-collector.config.exporters.otlp/data-prepper.endpoint | string | `"telemetry-data-prepper:21890"` | |
| opentelemetry-collector.config.exporters.otlp/data-prepper.tls.insecure | bool | `true` | | | opentelemetry-collector.config.exporters.otlp/data-prepper.tls.insecure | bool | `true` | |
| opentelemetry-collector.config.exporters.otlp/jaeger.endpoint | string | `"telemetry-jaeger-collector:4317"` | | | opentelemetry-collector.config.exporters.otlp/jaeger.endpoint | string | `"telemetry-jaeger-collector:4317"` | |

72
charts/kubezero-telemetry/templates/opensearch/certificates.yaml
View File

@ -1,72 +0,0 @@
{{- if .Values.opensearch.nodeSets }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "kubezero-lib.fullname" . }}-nodes-transport
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
secretName: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls
issuerRef:
name: kubezero-local-ca-issuer
kind: ClusterIssuer
duration: 8760h0m0s
privateKey:
encoding: PKCS8
usages:
- "client auth"
- "server auth"
commonName: {{ template "kubezero-lib.fullname" . }}-nodes
dnsNames:
# <cluster-name>-<nodepool-component>-<index>
- '{{ template "kubezero-lib.fullname" . }}-nodes'
- '{{ template "kubezero-lib.fullname" . }}-nodes-*'
- '{{ template "kubezero-lib.fullname" . }}-bootstrap-0'
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "kubezero-lib.fullname" . }}-nodes-http
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
secretName: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls
issuerRef:
name: kubezero-local-ca-issuer
kind: ClusterIssuer
duration: 8760h0m0s
privateKey:
encoding: PKCS8
usages:
- "client auth"
- "server auth"
commonName: {{ template "kubezero-lib.fullname" . }}
dnsNames:
# <cluster-name>, <cluster-name>.<namespace>, <cluster-name>.<namespace>.svc,<cluster-name>.<namespace>.svc.cluster.local
- '{{ template "kubezero-lib.fullname" . }}'
- '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc'
- '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local'
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "kubezero-lib.fullname" . }}-admin
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
secretName: {{ template "kubezero-lib.fullname" . }}-admin-tls
issuerRef:
name: kubezero-local-ca-issuer
kind: ClusterIssuer
duration: 8760h0m0s
usages:
- "client auth"
commonName: {{ template "kubezero-lib.fullname" . }}-admin
privateKey:
encoding: PKCS8
{{- end }}

111
charts/kubezero-telemetry/templates/opensearch/cluster.yaml
View File

@ -1,111 +0,0 @@
{{- if .Values.opensearch.nodeSets }}
#pluginsList: ["repository-s3","https://github.com/aiven/prometheus-exporter-plugin-for-opensearch/releases/download/2.11.1.0/prometheus-exporter-2.11.1.0.zip"]
apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
name: {{ template "kubezero-lib.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
general:
serviceName: {{ template "kubezero-lib.fullname" . }}
version: {{ .Values.opensearch.version }}
setVMMaxMapCount: false
pluginsList: ["repository-s3"]
monitoring:
enable: {{ .Values.opensearch.prometheus }}
tlsConfig:
insecureSkipVerify: true
podSecurityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
privileged: false
{{- if .Values.opensearch.dashboard.enabled }}
# https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml
dashboards:
enable: true
version: {{ .Values.opensearch.version }}
replicas: 1
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1Gi"
#cpu: "200m"
podSecurityContext:
runAsNonRoot: true
fsGroup: 1000
securityContext:
capabilities:
drop:
- ALL
privileged: false
additionalConfig:
opensearchDashboards.branding.useExpandedHeader: "false"
opensearchDashboards.branding.applicationTitle: "KubeZero Dashboards"
opensearchDashboards.branding.mark.defaultUrl: "https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png"
{{- end }}
nodePools:
{{- range .Values.opensearch.nodeSets }}
- component: nodes-{{ .name }}
replicas: {{ .replicas }}
diskSize: {{ .storage.size }}
{{- with .storage.class }}
persistence:
pvc:
storageClass: {{ . }}
{{- end }}
{{- with .resources }}
resources: {{ toYaml . | nindent 8 }}
{{- end }}
roles:
- "cluster_manager"
- "data"
{{- if gt (int .replicas) 1 }}
pdb:
enable: true
maxUnavailable: 1
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }}
{{- end }}
additionalConfig:
index.codec: zstd_no_dict
indices.time_series_index.default_index_merge_policy: log_byte_size
{{- with .zone }}
cluster.routing.allocation.awareness.attributes: k8s_node_name,zone
node.attr.zone: {{ . }}
{{- end }}
{{- with $.Values.opensearch.settings }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
security:
config:
adminSecret:
name: {{ template "kubezero-lib.fullname" . }}-admin-tls
tls:
transport:
generate: false
perNode: false
secret:
name: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls
nodesDn:
- 'CN={{ template "kubezero-lib.fullname" . }}-nodes'
adminDn:
- 'CN={{ template "kubezero-lib.fullname" . }}-admin'
http:
generate: false
secret:
name: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls
{{- end }}

39
charts/kubezero-telemetry/templates/opensearch/ism-policy.yaml
View File

@ -1,39 +0,0 @@
{{- if .Values.opensearch.nodeSets }}
apiVersion: opensearch.opster.io/v1
kind: OpenSearchISMPolicy
metadata:
name: {{ template "kubezero-lib.fullname" . }}-ism-default-retention
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
opensearchCluster:
name: {{ template "kubezero-lib.fullname" . }}
description: Default KubeZero retention policy
defaultState: hot
states:
- name: hot
actions:
- replicaCount:
numberOfReplicas: 1
transitions:
- stateName: warm
conditions:
minIndexAge: "7d"
- name: warm
actions:
- replicaCount:
numberOfReplicas: 0
transitions:
- stateName: delete
conditions:
minIndexAge: "32d"
- name: delete
actions:
- delete: {}
ismTemplate:
indexPatterns:
- "logstash-*"
- "jaeger-*"
- "otel-v1-apm-span-*"
{{- end }}

8
charts/kubezero-telemetry/templates/opensearch/istio-authorization-policy.yaml
View File

@ -1,5 +1,5 @@
{{- if .Values.opensearch.dashboard.istio.enabled }} {{- if index .Values "opensearch-dashboards" "istio" "enabled" }}
{{- if .Values.opensearch.dashboard.istio.ipBlocks }} {{- if index .Values "opensearch-dashboards" "istio" "ipBlocks" }}
apiVersion: security.istio.io/v1beta1 apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy kind: AuthorizationPolicy
metadata: metadata:
@ -16,10 +16,10 @@ spec:
- from: - from:
- source: - source:
notIpBlocks: notIpBlocks:
{{- toYaml .Values.opensearch.dashboard.istio.ipBlocks | nindent 8 }} {{- toYaml (index .Values "opensearch-dashboards" "istio" "ipBlocks") | nindent 8 }}
to: to:
- operation: - operation:
hosts: [{{ .Values.opensearch.dashboard.istio.url }}] hosts: [{{ index .Values "opensearch-dashboards" "istio" "url" }}]
when: when:
- key: connection.sni - key: connection.sni
values: values:

10
charts/kubezero-telemetry/templates/opensearch/istio-virtualservice.yaml
View File

@ -1,20 +1,20 @@
{{- if .Values.opensearch.dashboard.istio.enabled }} {{- if index .Values "opensearch-dashboards" "istio" "enabled" }}
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: VirtualService kind: VirtualService
metadata: metadata:
name: {{ template "kubezero-lib.fullname" . }}-kibana name: {{ template "kubezero-lib.fullname" . }}-kibana
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
{{ include "kubezero-lib.labels" . | indent 4 }} {{ include "kubezero-lib.labels" . | indent 4 }}
spec: spec:
hosts: hosts:
- {{ .Values.opensearch.dashboard.istio.url }} - {{ index .Values "opensearch-dashboards" "istio" "url" }}
gateways: gateways:
- {{ default "istio-system/ingressgateway" .Values.opensearch.dashboard.istio.gateway }} - {{ default "istio-system/ingressgateway" ( index .Values "opensearch-dashboards" "istio" "gateway" ) }}
http: http:
- route: - route:
- destination: - destination:
host: telemetry-dashboards host: telemetry-opensearch-dashboards
port: port:
number: 5601 number: 5601
{{- end }} {{- end }}

54
charts/kubezero-telemetry/values.yaml
View File

@ -227,39 +227,55 @@ jaeger:
gateway: istio-ingress/private-ingressgateway gateway: istio-ingress/private-ingressgateway
url: jaeger.example.com url: jaeger.example.com
opensearch: opensearch:
enabled: false enabled: false
version: 2.17.0 singleNode: true
prometheus: false maxUnavailable: 0
# custom cluster settings config:
#settings: opensearch.yml: |
# index.number_of_shards: 1 cluster.name: opensearch-cluster
network.host: 0.0.0.0
discovery.type: single-node
opensearchJavaOpts: "-Xmx1024M -Xms1024M"
resources:
requests:
cpu: "500m"
memory: "2Gi"
limits:
memory: "2Gi"
persistence:
size: 8Gi
serviceMonitor:
enabled: false
interval: 30s
nodeSets: []
#- name: default-nodes
# replicas: 2
# storage:
# size: 16Gi
# class: my-fancy-SSDs
# zone: us-west-2a
# resources:
# limits:
# #cpu: 1
# memory: 2Gi
# requests:
# cpu: 500m
# memory: 2Gi
opensearch-dashboards: opensearch-dashboards:
enabled: false enabled: false
resources:
requests:
cpu: "100m"
memory: "512M"
limits:
cpu: null
memory: "512M"
serviceMonitor:
enabled: false
interval: 30s
istio: istio:
enabled: false enabled: false
gateway: istio-ingress/private-ingressgateway gateway: istio-ingress/private-ingressgateway
url: telemetry-dashboard.example.com url: telemetry-dashboard.example.com
# New logging pipeline # New logging pipeline
fluentd: fluentd:
enabled: false enabled: false

8
charts/kubezero/README.md
View File

@ -32,7 +32,7 @@ Kubernetes: `>= 1.32.0-0`
| addons.external-dns.enabled | bool | `false` | | | addons.external-dns.enabled | bool | `false` | |
| addons.forseti.enabled | bool | `false` | | | addons.forseti.enabled | bool | `false` | |
| addons.sealed-secrets.enabled | bool | `false` | | | addons.sealed-secrets.enabled | bool | `false` | |
| addons.targetRevision | string | `"0.8.13"` | | | addons.targetRevision | string | `"0.8.14"` | |
| argo.argo-cd.enabled | bool | `false` | | | argo.argo-cd.enabled | bool | `false` | |
| argo.argo-cd.istio.enabled | bool | `false` | | | argo.argo-cd.istio.enabled | bool | `false` | |
| argo.argocd-image-updater.enabled | bool | `false` | | | argo.argocd-image-updater.enabled | bool | `false` | |
@ -77,10 +77,10 @@ Kubernetes: `>= 1.32.0-0`
| network.cilium.cluster | object | `{}` | | | network.cilium.cluster | object | `{}` | |
| network.enabled | bool | `true` | | | network.enabled | bool | `true` | |
| network.retain | bool | `true` | | | network.retain | bool | `true` | |
| network.targetRevision | string | `"0.5.7"` | | | network.targetRevision | string | `"0.5.8"` | |
| operators.enabled | bool | `false` | | | operators.enabled | bool | `false` | |
| operators.namespace | string | `"operators"` | | | operators.namespace | string | `"operators"` | |
| operators.targetRevision | string | `"0.2.0"` | | | operators.targetRevision | string | `"0.2.1"` | |
| storage.aws-ebs-csi-driver.enabled | bool | `false` | | | storage.aws-ebs-csi-driver.enabled | bool | `false` | |
| storage.aws-efs-csi-driver.enabled | bool | `false` | | | storage.aws-efs-csi-driver.enabled | bool | `false` | |
| storage.enabled | bool | `false` | | | storage.enabled | bool | `false` | |
@ -88,7 +88,7 @@ Kubernetes: `>= 1.32.0-0`
| storage.k8up.enabled | bool | `false` | | | storage.k8up.enabled | bool | `false` | |
| storage.lvm-localpv.enabled | bool | `false` | | | storage.lvm-localpv.enabled | bool | `false` | |
| storage.snapshotController.enabled | bool | `false` | | | storage.snapshotController.enabled | bool | `false` | |
| storage.targetRevision | string | `"0.8.10"` | | | storage.targetRevision | string | `"0.8.11"` | |
| telemetry.enabled | bool | `false` | | | telemetry.enabled | bool | `false` | |
| telemetry.namespace | string | `"telemetry"` | | | telemetry.namespace | string | `"telemetry"` | |
| telemetry.targetRevision | string | `"0.4.1"` | | | telemetry.targetRevision | string | `"0.4.1"` | |

29
charts/kubezero/templates/telemetry.yaml
View File

@ -57,27 +57,22 @@ jaeger:
{{- if .Values.telemetry.opensearch }} {{- if .Values.telemetry.opensearch }}
opensearch: opensearch:
{{- if .Values.telemetry.opensearch.nodeSets }} {{- with .Values.telemetry.opensearch }}
nodeSets: {{- toYaml . | nindent 2 }}
{{- with .Values.telemetry.opensearch.nodeSets }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.telemetry.opensearch.dashboard }} serviceMonitor:
dashboard: enabled: {{ .Values.metrics.enabled }}
{{- with .Values.telemetry.opensearch.dashboard }} {{- end }}
{{- toYaml . | nindent 4 }}
{{- end }} {{- if index .Values "telemetry" "opensearch-dashboards" }}
opensearch-dashboards:
{{- with index .Values "telemetry" "opensearch-dashboards" }}
{{- toYaml . | nindent 2 }}
{{- end }} {{- end }}
{{- with .Values.telemetry.opensearch.settings }} serviceMonitor:
settings: enabled: {{ .Values.metrics.enabled }}
{{- toYaml . | nindent 4 }}
{{- end }}
prometheus: {{ .Values.metrics.enabled }}
{{- end }} {{- end }}
{{- end }} {{- end }}