Created
December 15, 2021 05:16
-
-
Save fahadahammed/026d6cf05a627bf3e7f0233082fa0946 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Source: opensearch/templates/networkpolicy.yaml | |
| apiVersion: networking.k8s.io/v1 | |
| kind: NetworkPolicy | |
| metadata: | |
| name: opensearch-cluster-master-opensearch-net | |
| labels: | |
| helm.sh/chart: opensearch-1.5.3 | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| app.kubernetes.io/version: "1.1.0" | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: opensearch-cluster-master | |
| spec: | |
| ingress: | |
| - from: | |
| - podSelector: | |
| matchLabels: | |
| opensearch-cluster-master-transport-client: "true" | |
| podSelector: | |
| matchLabels: | |
| opensearch-cluster-master-transport-client: "true" | |
| --- | |
| # Source: opensearch/templates/poddisruptionbudget.yaml | |
| apiVersion: policy/v1 | |
| kind: PodDisruptionBudget | |
| metadata: | |
| name: "opensearch-cluster-master-pdb" | |
| labels: | |
| helm.sh/chart: opensearch-1.5.3 | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| app.kubernetes.io/version: "1.1.0" | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: opensearch-cluster-master | |
| spec: | |
| maxUnavailable: 1 | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| --- | |
| # Source: opensearch/templates/configmap.yaml | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: opensearch-cluster-master-config | |
| labels: | |
| helm.sh/chart: opensearch-1.5.3 | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| app.kubernetes.io/version: "1.1.0" | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: opensearch-cluster-master | |
| data: | |
| opensearch.yml: | | |
| cluster.name: opensearch-cluster | |
| # Bind to all interfaces because we don't know what IP address Docker will assign to us. | |
| network.host: 0.0.0.0 | |
| # # minimum_master_nodes need to be explicitly set when bound on a public IP | |
| # # set to 1 to allow single node clusters | |
| # discovery.zen.minimum_master_nodes: 1 | |
| # Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again. | |
| # discovery.type: single-node | |
| # Start OpenSearch Security Demo Configuration | |
| # WARNING: revise all the lines below before you go into production | |
| plugins: | |
| security: | |
| ssl: | |
| transport: | |
| pemcert_filepath: esnode.pem | |
| pemkey_filepath: esnode-key.pem | |
| pemtrustedcas_filepath: root-ca.pem | |
| enforce_hostname_verification: false | |
| http: | |
| enabled: true | |
| pemcert_filepath: esnode.pem | |
| pemkey_filepath: esnode-key.pem | |
| pemtrustedcas_filepath: root-ca.pem | |
| allow_unsafe_democertificates: true | |
| allow_default_init_securityindex: true | |
| authcz: | |
| admin_dn: | |
| - CN=kirk,OU=client,O=client,L=test,C=de | |
| audit.type: internal_opensearch | |
| enable_snapshot_restore_privilege: true | |
| check_snapshot_restore_write_privileges: true | |
| restapi: | |
| roles_enabled: ["all_access", "security_rest_api_access"] | |
| system_indices: | |
| enabled: true | |
| indices: | |
| [ | |
| ".opendistro-alerting-config", | |
| ".opendistro-alerting-alert*", | |
| ".opendistro-anomaly-results*", | |
| ".opendistro-anomaly-detector*", | |
| ".opendistro-anomaly-checkpoints", | |
| ".opendistro-anomaly-detection-state", | |
| ".opendistro-reports-*", | |
| ".opendistro-notifications-*", | |
| ".opendistro-notebooks", | |
| ".opendistro-asynchronous-search-response*", | |
| ] | |
| ######## End OpenSearch Security Demo Configuration ######## | |
| --- | |
| # Source: opensearch/templates/service.yaml | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| name: opensearch-cluster-master | |
| labels: | |
| helm.sh/chart: opensearch-1.5.3 | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| app.kubernetes.io/version: "1.1.0" | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: opensearch-cluster-master | |
| annotations: | |
| {} | |
| spec: | |
| type: ClusterIP | |
| selector: | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| ports: | |
| - name: http | |
| protocol: TCP | |
| port: 9200 | |
| - name: transport | |
| protocol: TCP | |
| port: 9300 | |
| --- | |
| # Source: opensearch/templates/service.yaml | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| name: opensearch-cluster-master-headless | |
| labels: | |
| helm.sh/chart: opensearch-1.5.3 | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| app.kubernetes.io/version: "1.1.0" | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: opensearch-cluster-master | |
| annotations: | |
| service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" | |
| spec: | |
| clusterIP: None # This is needed for statefulset hostnames like opensearch-0 to resolve | |
| # Create endpoints also if the related pod isn't ready | |
| publishNotReadyAddresses: true | |
| selector: | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| ports: | |
| - name: http | |
| port: 9200 | |
| - name: transport | |
| port: 9300 | |
| --- | |
| # Source: opensearch/templates/statefulset.yaml | |
| apiVersion: apps/v1 | |
| kind: StatefulSet | |
| metadata: | |
| name: opensearch-cluster-master | |
| labels: | |
| helm.sh/chart: opensearch-1.5.3 | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| app.kubernetes.io/version: "1.1.0" | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: opensearch-cluster-master | |
| annotations: | |
| majorVersion: "1" | |
| spec: | |
| serviceName: opensearch-cluster-master-headless | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| replicas: 3 | |
| podManagementPolicy: Parallel | |
| updateStrategy: | |
| type: RollingUpdate | |
| volumeClaimTemplates: | |
| - metadata: | |
| name: opensearch-cluster-master | |
| spec: | |
| accessModes: | |
| - "ReadWriteOnce" | |
| resources: | |
| requests: | |
| storage: "8Gi" | |
| template: | |
| metadata: | |
| name: "opensearch-cluster-master" | |
| labels: | |
| helm.sh/chart: opensearch-1.5.3 | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| app.kubernetes.io/version: "1.1.0" | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: opensearch-cluster-master | |
| annotations: | |
| configchecksum: 1bb046b23492f1c0b54b12a26f0ee7c53491a95999d43afadf795ba142a95d6 | |
| spec: | |
| securityContext: | |
| fsGroup: 1000 | |
| runAsUser: 1000 | |
| affinity: | |
| podAntiAffinity: | |
| preferredDuringSchedulingIgnoredDuringExecution: | |
| - weight: 1 | |
| podAffinityTerm: | |
| topologyKey: kubernetes.io/hostname | |
| labelSelector: | |
| matchExpressions: | |
| - key: app.kubernetes.io/instance | |
| operator: In | |
| values: | |
| - RELEASE-NAME | |
| - key: app.kubernetes.io/name | |
| operator: In | |
| values: | |
| - opensearch | |
| terminationGracePeriodSeconds: 120 | |
| volumes: | |
| - name: config | |
| configMap: | |
| name: opensearch-cluster-master-config | |
| enableServiceLinks: true | |
| initContainers: | |
| - name: fsgroup-volume | |
| image: "busybox:latest" | |
| command: ['sh', '-c'] | |
| args: | |
| - 'chown -R 1000:1000 /usr/share/opensearch/data' | |
| securityContext: | |
| runAsUser: 0 | |
| volumeMounts: | |
| - name: "opensearch-cluster-master" | |
| mountPath: /usr/share/opensearch/data | |
| containers: | |
| - name: "opensearch" | |
| securityContext: | |
| capabilities: | |
| drop: | |
| - ALL | |
| runAsNonRoot: true | |
| runAsUser: 1000 | |
| image: "opensearchproject/opensearch:1.1.0" | |
| imagePullPolicy: "IfNotPresent" | |
| ports: | |
| - name: http | |
| containerPort: 9200 | |
| - name: transport | |
| containerPort: 9300 | |
| resources: | |
| requests: | |
| cpu: 1000m | |
| memory: 100Mi | |
| env: | |
| - name: node.name | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: cluster.initial_master_nodes | |
| value: "opensearch-cluster-master-0,opensearch-cluster-master-1,opensearch-cluster-master-2," | |
| - name: discovery.seed_hosts | |
| value: "opensearch-cluster-master-headless" | |
| - name: cluster.name | |
| value: "opensearch-cluster" | |
| - name: network.host | |
| value: "0.0.0.0" | |
| - name: OPENSEARCH_JAVA_OPTS | |
| value: "-Xmx512M -Xms512M" | |
| - name: node.roles | |
| value: "master,ingest,data,remote_cluster_client," | |
| volumeMounts: | |
| - name: "opensearch-cluster-master" | |
| mountPath: /usr/share/opensearch/data | |
| - name: config | |
| mountPath: /usr/share/opensearch/config/opensearch.yml | |
| subPath: opensearch.yml | |
| --- | |
| # Source: opensearch/templates/ingress.yaml | |
| apiVersion: networking.k8s.io/v1 | |
| kind: Ingress | |
| metadata: | |
| name: opensearch-cluster-master | |
| labels: | |
| helm.sh/chart: opensearch-1.5.3 | |
| app.kubernetes.io/name: opensearch | |
| app.kubernetes.io/instance: RELEASE-NAME | |
| app.kubernetes.io/version: "1.1.0" | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/component: opensearch-cluster-master | |
| spec: | |
| rules: | |
| - host: "opensearch.local" | |
| http: | |
| paths: | |
| - path: / | |
| pathType: Prefix | |
| backend: | |
| service: | |
| name: opensearch-cluster-master | |
| port: | |
| number: 9200 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment