{{- if .Values.opensearch.nodeSets }} #pluginsList: ["repository-s3","https://github.com/aiven/prometheus-exporter-plugin-for-opensearch/releases/download/2.11.1.0/prometheus-exporter-2.11.1.0.zip"] apiVersion: opensearch.opster.io/v1 kind: OpenSearchCluster metadata: name: {{ template "kubezero-lib.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{ include "kubezero-lib.labels" . | nindent 4 }} spec: general: serviceName: {{ template "kubezero-lib.fullname" . }} version: {{ .Values.opensearch.version }} setVMMaxMapCount: false pluginsList: ["repository-s3"] monitoring: enable: {{ .Values.opensearch.prometheus }} tlsConfig: insecureSkipVerify: true podSecurityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true securityContext: allowPrivilegeEscalation: false privileged: false {{- if .Values.opensearch.dashboard.enabled }} # https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml dashboards: enable: true version: {{ .Values.opensearch.version }} replicas: 1 resources: requests: memory: "512Mi" cpu: "200m" limits: memory: "1Gi" #cpu: "200m" podSecurityContext: runAsNonRoot: true fsGroup: 1000 securityContext: capabilities: drop: - ALL privileged: false additionalConfig: opensearchDashboards.branding.useExpandedHeader: "false" opensearchDashboards.branding.applicationTitle: "KubeZero Dashboards" opensearchDashboards.branding.mark.defaultUrl: "https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png" {{- end }} nodePools: {{- range .Values.opensearch.nodeSets }} - component: nodes-{{ .name }} replicas: {{ .replicas }} diskSize: {{ .storage.size }} {{- with .storage.class }} persistence: pvc: storageClass: {{ . }} {{- end }} {{- with .resources }} resources: {{ toYaml . | nindent 8 }} {{- end }} roles: - "cluster_manager" - "data" {{- if gt (int .replicas) 1 }} pdb: enable: true maxUnavailable: 1 topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }} {{- end }} additionalConfig: index.codec: zstd_no_dict indices.time_series_index.default_index_merge_policy: log_byte_size {{- with .zone }} cluster.routing.allocation.awareness.attributes: k8s_node_name,zone node.attr.zone: {{ . }} {{- end }} {{- with $.Values.opensearch.settings }} {{- toYaml . | nindent 8 }} {{- end }} {{- end }} security: config: adminSecret: name: {{ template "kubezero-lib.fullname" . }}-admin-tls tls: transport: generate: false perNode: false secret: name: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls nodesDn: - 'CN={{ template "kubezero-lib.fullname" . }}-nodes' adminDn: - 'CN={{ template "kubezero-lib.fullname" . }}-admin' http: generate: false secret: name: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls {{- end }}