github.com/verrazzano/verrazzano@v1.7.1/platform-operator/thirdparty/manifests/opensearch-operator/opensearch_cluster_cr.yaml (about)

     1  # Copyright (c) 2023, Oracle and/or its affiliates.
     2  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  {{- if .isOpenSearchEnabled }}
     5  apiVersion: opensearch.opster.io/v1
     6  kind: OpenSearchCluster
     7  metadata:
     8    name: {{ .clusterName }}
     9    namespace: {{ .namespace }}
    10  spec:
    11    {{- if .bootstrapConfig }}
    12    bootstrap:
    13      additionalConfig:
    14        {{ .bootstrapConfig }}
    15    {{- end }}
    16    initHelper:
    17      image: {{ .initImage }}
    18    confMgmt:
    19      smartScaler: true
    20    dashboards:
    21      additionalConfig:
    22        opensearch.requestHeadersAllowlist: '["securitytenant","Authorization","x-forwarded-for","X-WEBAUTH-USER","x-proxy-roles"]'
    23        opensearch_security.auth.type: proxy
    24        opensearch_security.multitenancy.enabled: "false"
    25        opensearch_security.proxycache.roles_header: x-proxy-roles
    26        opensearch_security.proxycache.user_header: X-WEBAUTH-USER
    27        server.name: opensearch-dashboards
    28      enable: {{ .isOpenSearchDashboardsEnabled }}
    29      image: {{ .osdImage }}
    30      {{- if .osdPluginsEnabled }}
    31      pluginsList:
    32  {{ multiLineIndent 6 .osdPluginsList }}
    33      {{- end }}
    34      opensearchCredentialsSecret:
    35        name: admin-credentials-secret
    36      replicas: {{ .osdReplicas }}
    37      tls:
    38        enable: true
    39        generate: false
    40        secret:
    41          name: opensearch-dashboards-cert
    42      version: 2.3.0
    43      podSecurityContext:
    44        fsGroup: 1000
    45        runAsGroup: 1000
    46        runAsNonRoot: true
    47        runAsUser: 1000
    48        seccompProfile:
    49          type: RuntimeDefault
    50      securityContext:
    51        allowPrivilegeEscalation: false
    52        capabilities:
    53          drop:
    54            - ALL
    55    general:
    56      drainDataNodes: {{ .drainDataNodes }}
    57      httpPort: 9200
    58      image: {{ .opensearchImage }}
    59      serviceName: opensearch
    60      serviceAccount: opensearch-operator-controller-manager
    61      setVMMaxMapCount: true
    62      vendor: opensearch
    63      version: 2.3.0
    64      podSecurityContext:
    65        seccompProfile:
    66          type: RuntimeDefault
    67      securityContext:
    68        allowPrivilegeEscalation: false
    69        capabilities:
    70          drop:
    71            - ALL
    72        privileged: false
    73        runAsUser: 1000
    74      {{- if .osPluginsEnabled }}
    75      pluginsList:
    76  {{ multiLineIndent 6 .osPluginsList }}
    77      {{- end }}
    78    nodePools:
    79  {{ multiLineIndent 4 .nodePools }}
    80    security:
    81      config:
    82        adminCredentialsSecret:
    83          name: admin-credentials-secret
    84        securityConfigSecret:
    85          name: securityconfig-secret
    86        adminSecret:
    87          name: opensearch-admin-cert
    88      tls:
    89        transport:
    90          generate: false
    91          secret:
    92            name: opensearch-node-cert
    93          adminDn: [ "CN=admin,O=verrazzano" ]
    94          nodesDn: [ "CN=opensearch,O=verrazzano" ]
    95        http:
    96          generate: false
    97          secret:
    98            name: opensearch-master-cert
    99  {{- end }}