KubeZero/charts/kubezero-telemetry/templates/opensearch/cluster.yaml

{{- if .Values.opensearch.nodeSets }}
#pluginsList: ["repository-s3","https://github.com/aiven/prometheus-exporter-plugin-for-opensearch/releases/download/2.11.1.0/prometheus-exporter-2.11.1.0.zip"]
apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
  name: {{ template "kubezero-lib.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
  general:
    serviceName: {{ template "kubezero-lib.fullname" . }}
    version: {{ .Values.opensearch.version }}
    setVMMaxMapCount: false
    pluginsList: ["repository-s3"]
    monitoring:
      enable: {{ .Values.opensearch.prometheus }}
      tlsConfig:
        insecureSkipVerify: true
    podSecurityContext:
      runAsUser: 1000
      runAsGroup: 1000
      runAsNonRoot: true
      fsGroup: 1000
    securityContext:
      allowPrivilegeEscalation: false
      privileged: false
  {{- if .Values.opensearch.dashboard.enabled }}
  # https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml
  dashboards:
    enable: true
    version: {{ .Values.opensearch.version }}
    replicas: 1
    resources:
      requests:
         memory: "512Mi"
         cpu: "200m"
      limits:
         memory: "1Gi"
         #cpu: "200m"
    podSecurityContext:
      runAsNonRoot: true
      fsGroup: 1000
    securityContext:
      capabilities:
        drop:
        - ALL
      privileged: false
    additionalConfig:
      opensearchDashboards.branding.useExpandedHeader: "false"
      opensearchDashboards.branding.applicationTitle: "KubeZero Dashboards"
      opensearchDashboards.branding.mark.defaultUrl: "https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png"
  {{- end }}
  nodePools:
    {{- range .Values.opensearch.nodeSets }}
    - component: nodes-{{ .name }}
      replicas: {{ .replicas }}
      diskSize:  {{ .storage.size }}
      {{- with .storage.class }}
      persistence:
        pvc:
          storageClass: {{ . }}
      {{- end }}
      {{- with .resources }}
      resources: {{ toYaml . | nindent 8 }}
      {{- end }}
      roles:
        - "cluster_manager"
        - "data"
      {{- if gt (int .replicas) 1 }}
      pdb:
        enable: true
        maxUnavailable: 1
      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: kubernetes.io/hostname
          whenUnsatisfiable: DoNotSchedule
          labelSelector:
            matchLabels:
              opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }}
      {{- end }}
      additionalConfig:
        index.codec: zstd_no_dict
        indices.time_series_index.default_index_merge_policy: log_byte_size
        {{- with .zone }}
        cluster.routing.allocation.awareness.attributes: k8s_node_name,zone
        node.attr.zone: {{ . }}
        {{- end }}
        {{- with $.Values.opensearch.settings }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    {{- end }}
  security:
    config:
      adminSecret:
        name: {{ template "kubezero-lib.fullname" . }}-admin-tls
    tls:
      transport:
        generate: false
        perNode: false
        secret:
          name: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls
        nodesDn:
          - 'CN={{ template "kubezero-lib.fullname" . }}-nodes'
        adminDn:
          - 'CN={{ template "kubezero-lib.fullname" . }}-admin'
      http:
        generate: false
        secret:
          name: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls
{{- end }}