The Opni Opensearch Operator is a Kubernetes operator designed to deploy and manage an Opensearch cluster
The Opensearch operator currently provides the following features:
- Deploy an Opensearch cluster with separate master, data, and client nodes.
- Manage certificates for the cluster, and rotate certificates when they are about to expire.
- Perform a rolling upgrade on the Opensearch cluster when a new version is applied in the custom resource.
To install the operator into your Kubernetes cluster you can use the kustomize manifests:
kubectl create -k config/defaultThis controls the deployment of an Opensearch cluster.
example.yaml
apiVersion: opensearch.opni.io/v1beta1
kind: OpensearchCluster
metadata:
name: example
namespace: opni
spec:
version: 1.1.0
master:
replicas: 3
resources:
requests:
memory: 1Gi
limits:
memory: 1Gi
data:
replicas: 2
resources:
requests:
memory: 2Gi
limits:
memory: 2Gi| Field | Required | Type | Description |
|---|---|---|---|
| version | No | string | Version of the Opendistro image to use. Defaults to latest |
| defaultRepo | No | string | Image repo to use for Opensearch images. Defaults to docker.io/amazon |
| image | No | ImageSpec | Explicit configuration for the Opensearch image |
| configSecret | No | LocalObjectReference | Reference to a secret containing logging.yml with the Opensearch logging config, and opensearch.yml with the Opensearch config |
| authConfigSecret | No | LocalObjectReference | Reference to a secret containing config.yml with the Opensearch auth config |
| adminPasswordFrom | No | SecretKeySelector | Secret key selector pointing to the admin password to use. If not set a password will be autogenerated and stored in the password key in a secret called opni-es-password |
| master | ElasticWorkloadOptions | Configuration for the Elasticsearch master node StatefulSet | |
| data | ElasticWorkloadOptions | Configuration for the Elasticsearch data node StatefulSet | |
| client | ElasticWorkloadOptions | Configuration for the Elasticsearch client node Deployment |
| Field | Required | Type | Description |
|---|---|---|---|
| replicas | No | int | Number of replicas to deploy. Defaults to 1 |
| resources | No | ResourceRequirements | Resources for the workload. The resources are used to calculate the Java memory options. If a memory limit exists this is used, if there is a memory request but no limit that is used, otherwise the Java optioms default to a heap size of 512MB |
| affinity | No | Affinity | Affinity settings for the workload pods |
| nodeSelector | No | map | NodeSelector for the workload pods. If this exists it will override the globalNodeSelector |
| tolerations | No | Toleration array | Tolerations for the workload. These will be combined with the globalTolerations (if any) |
| persistence | No | PersistenceSpec | Configure the persistence for Elasticsearch data |
| extraEnvVars | No | array EnvVar | Additional Env Vars to add to the pods |
| Field | Required | Type | Description |
|---|---|---|---|
| image | No | string | Explicit CRI image to use |
| imagePullPolicy | No | string | Image pull policy. One of Always, Never, IfNotPresent. Defaults to IfNotPresent |
| imagePullSecrets | No | LocalObjectReference array | List of secrets in the same namespace to use for pulling the image |
| Field | Required | Type | Description |
|---|---|---|---|
| enabled | No | bool | Whether persistent storage is enabled. Defaults to false |
| storageClassName | No | string | If persistent storage is enabled, the name of the StorageClass to use. If not set will use the default StorageClass |
| accessModes | No | string array | An array of the access modes the volume supports |
| request | No | string | The size of the volume to request. Defaults to 10Gi |
This controls the deployment of Opensearch Dashboards.
example.yaml
apiVersion: opensearch.opni.io/v1beta1
kind: Dashboards
metadata:
name: example
namespace: opni
spec:
version: 1.1.0
opensearch:
name: example| Field | Required | Type | Description |
|---|---|---|---|
| version | No | string | Version of the Opendistro Dashboards image to use. Defaults to latest |
| defaultRepo | No | string | Image repo to use for Opensearch Dashboards images. Defaults to docker.io/amazon |
| image | No | ImageSpec | Explicit configuration for the Opensearch Dashboards image |
| replicas | No | int | Number of replicas to deploy. Defaults to 1 |
| resources | No | ResourceRequirements | Resources for the workload. The resources are used to calculate the Java memory options. If a memory limit exists this is used, if there is a memory request but no limit that is used, otherwise the Java optioms default to a heap size of 512MB |
| affinity | No | Affinity | Affinity settings for the workload pods |
| nodeSelector | No | map | NodeSelector for the workload pods. If this exists it will override the globalNodeSelector |
| tolerations | No | Toleration array | Tolerations for the workload. These will be combined with the globalTolerations (if any) |
| opensearch | No | LocalObjectReference | Reference to an existing OpensearchCluster to point the Dashboards deployment at. Must be in the same namespace |
| opensearchConfig | No | OpensearchConfigSpec | Configuration for an external Opensearch cluster |
| tlsSecret | No | LocalObjectReference | A TLS secret containing the cert and key to use for Dashboards SSL. If the opensearch field is preset this isn't required as it will reuse the Opensearch HTTP CA to generate a cert |
| Field | Required | Type | Description |
|---|---|---|---|
| url | Yes | string | Endpoint for the Opensearch cluster |
| username | Yes | string | Username to connect to the cluster with |
| passwordFrom | Yes | SecretKeySelector | Secret key which contains the password for the cluster |
| verifySSL | No | bool | Whether to use strict SSL checking. Defaults to true |