kubezero/charts/kubezero-telemetry/templates/opensearch/cluster.yaml

#pluginsList: ["repository-s3","https://github.com/aiven/prometheus-exporter-plugin-for-opensearch/releases/download/2.11.1.0/prometheus-exporter-2.11.1.0.zip"]
{{- if .Values.opensearch.nodeSets }}
apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
  name: {{ template "kubezero-lib.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
  general:
    serviceName: {{ template "kubezero-lib.fullname" . }}
    version: {{ .Values.opensearch.version }}
    setVMMaxMapCount: false
    pluginsList: ["repository-s3"]
    monitoring:
      enable: {{ .Values.opensearch.prometheus }}
      tlsConfig:
        insecureSkipVerify: true
  {{- if .Values.opensearch.dashboard.enabled }}
  # https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml
  dashboards:
    enable: true
    version: {{ .Values.opensearch.version }}
    replicas: 1
    resources:
      requests:
         memory: "512Mi"
         cpu: "200m"
      limits:
         memory: "1Gi"
         #cpu: "200m"
  {{- end }}
  nodePools:
    {{- range .Values.opensearch.nodeSets }}
    - component: nodes-{{ .name }}
      replicas: {{ .replicas }}
      diskSize:  {{ .storage.size }}
      {{- with .storage.class }}
      persistence:
        pvc:
          storageClass: {{ . }}
      {{- end }}
      {{- with .resources }}
      resources: {{ toYaml . | nindent 8 }}
      {{- end }}
      roles:
        - "cluster_manager"
        - "data"
      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: kubernetes.io/hostname
          whenUnsatisfiable: DoNotSchedule
          labelSelector:
            matchLabels:
              opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }}
      additionalConfig:
        index.codec: zstd_no_dict
        indices.time_series_index.default_index_merge_policy: log_byte_size 
        {{- with .zone }}
        cluster.routing.allocation.awareness.attributes: k8s_node_name,zone
        node.attr.zone: {{ . }}
        {{- end }}
    {{- end }}
  security:
    config:
      adminSecret: 
        name: {{ template "kubezero-lib.fullname" . }}-admin-tls
    tls:
      transport:
        generate: false
        perNode: false
        secret:
          name: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls
        nodesDn:
          - 'CN={{ template "kubezero-lib.fullname" . }}-nodes'
          - 'CN={{ template "kubezero-lib.fullname" . }}-nodes-*'
          - 'CN={{ template "kubezero-lib.fullname" . }}-bootstrap-0'
        adminDn:
          - 'CN={{ template "kubezero-lib.fullname" . }}-admin'
      http:
        generate: false
        secret:
          name: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls
{{- end }}