OpenSearch Config Schema¶
Note
This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.
Return to the root config schema
https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/opensearch
Configuration for OpenSearch.
OpenSearch ingests logs sent from Fluentd in the workload cluster, and presents them in OpenSearch Dashboards.
Note
OpenSearch and its components are installed in the service cluster, so this configuration mainly applies there.
| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
|---|---|---|---|---|---|---|---|
| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | config/schemas/config.yaml* |
TYPE:
object (OpenSearch Config)
PROPERTIES:
| Property | Type | Required | Nullable | Defined by |
|---|---|---|---|---|
| enabled | boolean |
Required | cannot be null | Welkin Apps Config |
| clusterName | string |
Optional | cannot be null | Welkin Apps Config |
| subdomain | string |
Required | cannot be null | Welkin Apps Config |
| sso | object |
Optional | cannot be null | Welkin Apps Config |
| dashboards | object |
Required | cannot be null | Welkin Apps Config |
| masterNode | object |
Optional | cannot be null | Welkin Apps Config |
| dataNode | object |
Optional | cannot be null | Welkin Apps Config |
| clientNode | object |
Optional | cannot be null | Welkin Apps Config |
| extraRoles | array |
Optional | cannot be null | Welkin Apps Config |
| extraRoleMappings | array |
Optional | cannot be null | Welkin Apps Config |
| indexPerNamespace | boolean |
Required | cannot be null | Welkin Apps Config |
| defaultTemplates | boolean |
Optional | cannot be null | Welkin Apps Config |
| overwriteTemplates | boolean |
Optional | cannot be null | Welkin Apps Config |
| additionalTemplates | object |
Optional | cannot be null | Welkin Apps Config |
| createIndices | boolean |
Optional | cannot be null | Welkin Apps Config |
| ism | object |
Optional | cannot be null | Welkin Apps Config |
| ingress | object |
Optional | cannot be null | Welkin Apps Config |
| maxClauseCount | number |
Optional | cannot be null | Welkin Apps Config |
| maxShardsPerNode | number |
Optional | cannot be null | Welkin Apps Config |
| curator | object |
Optional | cannot be null | Welkin Apps Config |
| snapshot | object |
Optional | cannot be null | Welkin Apps Config |
| securityadmin | object |
Optional | cannot be null | Welkin Apps Config |
| exporter | object |
Optional | cannot be null | Welkin Apps Config |
| promIndexAlerts | array |
Optional | cannot be null | Welkin Apps Config |
| plugins | object |
Optional | cannot be null | Welkin Apps Config |
enabled¶
Note
Must be set for both service and workload cluster.
enabled
-
is required
-
Type:
boolean(OpenSearch Enabled) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
boolean (OpenSearch Enabled)
DEFAULTS:
The default value is:
true
clusterName¶
clusterName
-
is optional
-
Type:
string(OpenSearch Cluster Name) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string (OpenSearch Cluster Name)
DEFAULTS:
The default value is:
"opensearch"
subdomain¶
Subdomain of opsDomain that the Ingress to OpenSearch will be created with.
Note
Must be set for both service and workload cluster.
subdomain
-
is required
-
Type:
string(OpenSearch Subdomain) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string (OpenSearch Subdomain)
CONSTRAINTS:
hostname: the string must be a hostname, according to RFC 1123, section 2.1
DEFAULTS:
The default value is:
"opensearch"
sso¶
Configures Single Sign On to OpenSearch via Dex.
sso
-
is optional
-
Type:
object(OpenSearch Single Sign On) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Single Sign On)
dashboards¶
Configures the Dashboards deployment of OpenSearch providing the UI to view and query logs.
dashboards
-
is required
-
Type:
object(OpenSearch Dashboards) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Dashboards)
masterNode¶
Configures the main stateful set of OpenSearch that takes on all roles not provided by other nodes (dataNode, clientNode).
masterNode
-
is optional
-
Type:
object(OpenSearch Master Node) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Master Node)
dataNode¶
Configures the data stateful set of OpenSearch that takes on the roll to index and store logs.
dataNode
-
is optional
-
Type:
object(OpenSearch Data Node) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Data Node)
clientNode¶
Configures the client stateful set of OpenSearch that takes on the roll to ingest and query logs.
clientNode
-
is optional
-
Type:
object(OpenSearch Client Node) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Client Node)
extraRoles¶
Configures extra roles for OpenSearch Security.
extraRoles
-
is optional
-
Type:
object[](OpenSearch Role) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object[] (OpenSearch Role)
extraRoleMappings¶
Configures extra role mappings for OpenSearch Security.
Extra users can be configured in secrets.yaml under extraUsers and extra roles under extraRoles.
extraRoleMappings
-
is optional
-
Type:
object[](OpenSearch Role Mapping) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object[] (OpenSearch Role Mapping)
indexPerNamespace¶
When enabled logs are ingested into multiple indices per namespace.
When disabled logs are ingested into a single kubernetes index.
Note
Must be set for both service and workload cluster.
indexPerNamespace
-
is required
-
Type:
boolean(OpenSearch Index Per Namespace) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
boolean (OpenSearch Index Per Namespace)
defaultTemplates¶
When enabled OpenSearch will be configured with the default index templates for:
authlogkubeauditkubernetesother
defaultTemplates
-
is optional
-
Type:
boolean(OpenSearch Default Templates) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
boolean (OpenSearch Default Templates)
DEFAULTS:
The default value is:
true
overwriteTemplates¶
When set OpenSearch can be configured with index templates via additionalTemplates that overwrite the ones configured via defaultTemplates.
overwriteTemplates
-
is optional
-
Type:
boolean(OpenSearch Overwrite Templates) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
boolean (OpenSearch Overwrite Templates)
DEFAULTS:
The default value is:
true
additionalTemplates¶
When set OpenSearch will be configured with additional index templates.
The keys will be used as the name of the index templates.
Note
See the upstream documentation for reference.
additionalTemplates
-
is optional
-
Type:
object(OpenSearch Additional Templates) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Additional Templates)
createIndices¶
When enabled OpenSearch will be configured with initial indices for:
authlogkubeauditkubernetesother
createIndices
-
is optional
-
Type:
boolean(OpenSearch Create Indices) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
boolean (OpenSearch Create Indices)
DEFAULTS:
The default value is:
true
ism¶
Configures index state management in OpenSearch.
ism
-
is optional
-
Type:
object(OpenSearch Index State Management) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Index State Management)
ingress¶
Configures the ingress for OpenSearch master or client nodes.
ingress
-
is optional
-
Type:
object(OpenSearch Ingress) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Ingress)
maxClauseCount¶
Configures the maximum number of clauses permitted in a query.
maxClauseCount
-
is optional
-
Type:
number(OpenSearch Maximum Clause Count) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
number (OpenSearch Maximum Clause Count)
DEFAULTS:
The default value is:
1024
maxShardsPerNode¶
Configures the maximum number of shards permitted on one node.
maxShardsPerNode
-
is optional
-
Type:
number(OpenSearch Maximum Shards Per Node) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
number (OpenSearch Maximum Shards Per Node)
DEFAULTS:
The default value is:
1000
curator¶
Configures the CronJob that removes indices.
curator
-
is optional
-
Type:
object(OpenSearch Curator) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Curator)
snapshot¶
Configures the CronJob and repository to take snapshots in OpenSearch.
This requires that objectStorage is configured, and will use the bucket or container set in objectStorage.buckets.opensearch.
snapshot
-
is optional
-
Type:
object(OpenSearch Snapshot) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Snapshot)
securityadmin¶
Configures the Job that initialises OpenSearch Security.
securityadmin
-
is optional
-
Type:
object(OpenSearch Security Admin) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Security Admin)
exporter¶
Configures the exporter exposing metrics from OpenSearch.
exporter
-
is optional
-
Type:
object(OpenSearch Exporter) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Exporter)
promIndexAlerts¶
Configures the index alerts monitoring the function of index state management.
promIndexAlerts
-
is optional
-
Type:
object[](OpenSearch Prometheus Index Alert) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object[] (OpenSearch Prometheus Index Alert)
DEFAULTS:
The default value is:
[
{
"prefix": "authlog-default",
"alertSizeMB": 2
},
{
"prefix": "kubeaudit-default",
"alertSizeMB": 5500
},
{
"prefix": "kubernetes-default",
"alertSizeMB": 5500
},
{
"prefix": "other-default",
"alertSizeMB": 400
}
]
plugins¶
Configures plugins used in OpenSearch.
plugins
-
is optional
-
Type:
object(OpenSearch Plugins) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Plugins)
Definitions¶
node¶
Reference this group by using
{"$ref":"https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/opensearch/$defs/node"}
| Property | Type | Required | Nullable | Defined by |
|---|---|---|---|---|
| javaOpts | string |
Optional | cannot be null | Welkin Apps Config |
| storageClass | string |
Optional | can be null | Welkin Apps Config |
| storageSize | string |
Optional | cannot be null | Welkin Apps Config |
javaOpts¶
Set Java Virtual Machine Options to control the memory allocation of OpenSearch.
As a rule of thumb the minimum allocation -Xms and maximum allocation -Xmx arguments should be the same to be more predictable.
Additionally until memory allocation is at 2 GiB and more it is recommended that the memory limit set in Kubernetes is twice the allocation as OpenSearch uses this for cache.
javaOpts
-
is optional
-
Type:
string(OpenSearch Node Java Options) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string (OpenSearch Node Java Options)
DEFAULTS:
The default value is:
"-Xms512m -Xmx512m"
storageClass¶
Set storage class for OpenSearch.
- If set to
null, the default storage class will be used to provision the volumes. - If set to
-, no storage class will be used to provision the volumes.
storageClass
-
is optional
-
Type:
string(OpenSearch Node Storage Class) -
can be null
-
defined in: Welkin Apps Config
TYPE:
string (OpenSearch Node Storage Class)
storageSize¶
Configure the requested size of the persistent volume for this OpenSerch node.
storageSize
-
is optional
-
Type:
string(OpenSearch Node Storage Size) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string (OpenSearch Node Storage Size)
role¶
Reference this group by using
{"$ref":"https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/opensearch/$defs/role"}
| Property | Type | Required | Nullable | Defined by |
|---|---|---|---|---|
| name | string |
Optional | cannot be null | Welkin Apps Config |
| definition | object |
Optional | cannot be null | Welkin Apps Config |
| clusterPermissions | array |
Optional | cannot be null | Welkin Apps Config |
| indexPermissions | array |
Optional | cannot be null | Welkin Apps Config |
| indexPatterns | array |
Optional | cannot be null | Welkin Apps Config |
| allowedActions | array |
Optional | cannot be null | Welkin Apps Config |
name¶
Configures the name of the create role.
name
-
is optional
-
Type:
string(OpenSearch Role Name) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string (OpenSearch Role Name)
definition¶
Configures the permissions the role will have.
This schema does not cover the entire upstream object.
definition
-
is optional
-
Type:
object(OpenSearch Role Definition) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Role Definition)
clusterPermissions¶
Configure permissions that applies cluster-wide.
clusterPermissions
-
is optional
-
Type:
string[](OpenSearch Cluster Permission) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string[] (OpenSearch Cluster Permission)
indexPermissions¶
Configure permissions that applies per index.
indexPermissions
-
is optional
-
Type:
object[](OpenSearch Role Index Permission) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object[] (OpenSearch Role Index Permission)
indexPatterns¶
Configure the index pattern this permission applies to.
indexPatterns
-
is optional
-
Type:
string[](OpenSearch Role Index Pattern) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string[] (OpenSearch Role Index Pattern)
allowedActions¶
Configure the actions this permission allows.
allowedActions
-
is optional
-
Type:
string[](OpenSearch Role Allowed Action) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string[] (OpenSearch Role Allowed Action)
roleMapping¶
Reference this group by using
{"$ref":"https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/opensearch/$defs/roleMapping"}
| Property | Type | Required | Nullable | Defined by |
|---|---|---|---|---|
| name | string |
Optional | cannot be null | Welkin Apps Config |
| definition | object |
Optional | cannot be null | Welkin Apps Config |
| groups | array |
Optional | cannot be null | Welkin Apps Config |
| users | array |
Optional | cannot be null | Welkin Apps Config |
name¶
name
-
is optional
-
Type:
string(OpenSearch Role Mapping Name) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string (OpenSearch Role Mapping Name)
definition¶
Configures the backend roles or groups and users the role mapping applies to.
This schema does not cover the entire upstream object.
definition
-
is optional
-
Type:
object(OpenSearch Role Mapping Definition) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (OpenSearch Role Mapping Definition)
groups¶
Configures the backend roles or groups that this role mapping applies to.
groups
-
is optional
-
Type:
string[] -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string[]
users¶
Configures the user that this role mapping applies to.
users
-
is optional
-
Type:
string[] -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string[]
Return to the root config schema
Generated Sun Nov 17 03:51:36 UTC 2024 from elastisys/compliantkubernetes-apps@main