Skip to content

OpenSearch Config Schema

Note

This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.

Return to the root config schema

https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/opensearch

Configuration for OpenSearch.

OpenSearch ingests logs sent from Fluentd in the workload cluster, and presents them in OpenSearch Dashboards.

Note

OpenSearch and its components are installed in the service cluster, so this configuration mainly applies there.

Abstract Extensible Status Identifiable Custom Properties Additional Properties Access Restrictions Defined In
Can be instantiated No Unknown status No Forbidden Forbidden none config/schemas/config.yaml*

TYPE:

object (OpenSearch Config)

PROPERTIES:

Property Type Required Nullable Defined by
enabled boolean Required cannot be null Welkin Apps Config
clusterName string Optional cannot be null Welkin Apps Config
subdomain string Required cannot be null Welkin Apps Config
sso object Optional cannot be null Welkin Apps Config
dashboards object Required cannot be null Welkin Apps Config
masterNode object Optional cannot be null Welkin Apps Config
dataNode object Optional cannot be null Welkin Apps Config
clientNode object Optional cannot be null Welkin Apps Config
extraRoles array Optional cannot be null Welkin Apps Config
extraRoleMappings array Optional cannot be null Welkin Apps Config
indexPerNamespace boolean Required cannot be null Welkin Apps Config
defaultTemplates boolean Optional cannot be null Welkin Apps Config
overwriteTemplates boolean Optional cannot be null Welkin Apps Config
additionalTemplates object Optional cannot be null Welkin Apps Config
createIndices boolean Optional cannot be null Welkin Apps Config
ism object Optional cannot be null Welkin Apps Config
ingress object Optional cannot be null Welkin Apps Config
maxClauseCount number Optional cannot be null Welkin Apps Config
maxShardsPerNode number Optional cannot be null Welkin Apps Config
curator object Optional cannot be null Welkin Apps Config
snapshot object Optional cannot be null Welkin Apps Config
securityadmin object Optional cannot be null Welkin Apps Config
exporter object Optional cannot be null Welkin Apps Config
promIndexAlerts array Optional cannot be null Welkin Apps Config
plugins object Optional cannot be null Welkin Apps Config

enabled

Note

Must be set for both service and workload cluster.

enabled

TYPE:

boolean (OpenSearch Enabled)

DEFAULTS:

The default value is:

true

clusterName

clusterName

TYPE:

string (OpenSearch Cluster Name)

DEFAULTS:

The default value is:

"opensearch"

subdomain

Subdomain of opsDomain that the Ingress to OpenSearch will be created with.

Note

Must be set for both service and workload cluster.

subdomain

TYPE:

string (OpenSearch Subdomain)

CONSTRAINTS:

hostname: the string must be a hostname, according to RFC 1123, section 2.1

DEFAULTS:

The default value is:

"opensearch"

sso

Configures Single Sign On to OpenSearch via Dex.

sso

TYPE:

object (OpenSearch Single Sign On)

dashboards

Configures the Dashboards deployment of OpenSearch providing the UI to view and query logs.

dashboards

TYPE:

object (OpenSearch Dashboards)

masterNode

Configures the main stateful set of OpenSearch that takes on all roles not provided by other nodes (dataNode, clientNode).

masterNode

TYPE:

object (OpenSearch Master Node)

dataNode

Configures the data stateful set of OpenSearch that takes on the roll to index and store logs.

dataNode

TYPE:

object (OpenSearch Data Node)

clientNode

Configures the client stateful set of OpenSearch that takes on the roll to ingest and query logs.

clientNode

TYPE:

object (OpenSearch Client Node)

extraRoles

Configures extra roles for OpenSearch Security.

extraRoles

TYPE:

object[] (OpenSearch Role)

extraRoleMappings

Configures extra role mappings for OpenSearch Security.

Extra users can be configured in secrets.yaml under extraUsers and extra roles under extraRoles.

extraRoleMappings

TYPE:

object[] (OpenSearch Role Mapping)

indexPerNamespace

When enabled logs are ingested into multiple indices per namespace. When disabled logs are ingested into a single kubernetes index.

Note

Must be set for both service and workload cluster.

indexPerNamespace

TYPE:

boolean (OpenSearch Index Per Namespace)

defaultTemplates

When enabled OpenSearch will be configured with the default index templates for:

  • authlog
  • kubeaudit
  • kubernetes
  • other

defaultTemplates

TYPE:

boolean (OpenSearch Default Templates)

DEFAULTS:

The default value is:

true

overwriteTemplates

When set OpenSearch can be configured with index templates via additionalTemplates that overwrite the ones configured via defaultTemplates.

overwriteTemplates

TYPE:

boolean (OpenSearch Overwrite Templates)

DEFAULTS:

The default value is:

true

additionalTemplates

When set OpenSearch will be configured with additional index templates.

The keys will be used as the name of the index templates.

Note

See the upstream documentation for reference.

additionalTemplates

TYPE:

object (OpenSearch Additional Templates)

createIndices

When enabled OpenSearch will be configured with initial indices for:

  • authlog
  • kubeaudit
  • kubernetes
  • other

createIndices

TYPE:

boolean (OpenSearch Create Indices)

DEFAULTS:

The default value is:

true

ism

Configures index state management in OpenSearch.

ism

TYPE:

object (OpenSearch Index State Management)

ingress

Configures the ingress for OpenSearch master or client nodes.

ingress

TYPE:

object (OpenSearch Ingress)

maxClauseCount

Configures the maximum number of clauses permitted in a query.

maxClauseCount

TYPE:

number (OpenSearch Maximum Clause Count)

DEFAULTS:

The default value is:

1024

maxShardsPerNode

Configures the maximum number of shards permitted on one node.

maxShardsPerNode

TYPE:

number (OpenSearch Maximum Shards Per Node)

DEFAULTS:

The default value is:

1000

curator

Configures the CronJob that removes indices.

curator

TYPE:

object (OpenSearch Curator)

snapshot

Configures the CronJob and repository to take snapshots in OpenSearch.

This requires that objectStorage is configured, and will use the bucket or container set in objectStorage.buckets.opensearch.

snapshot

TYPE:

object (OpenSearch Snapshot)

securityadmin

Configures the Job that initialises OpenSearch Security.

securityadmin

TYPE:

object (OpenSearch Security Admin)

exporter

Configures the exporter exposing metrics from OpenSearch.

exporter

TYPE:

object (OpenSearch Exporter)

promIndexAlerts

Configures the index alerts monitoring the function of index state management.

promIndexAlerts

TYPE:

object[] (OpenSearch Prometheus Index Alert)

DEFAULTS:

The default value is:

[
  {
    "prefix": "authlog-default",
    "alertSizeMB": 2
  },
  {
    "prefix": "kubeaudit-default",
    "alertSizeMB": 5500
  },
  {
    "prefix": "kubernetes-default",
    "alertSizeMB": 5500
  },
  {
    "prefix": "other-default",
    "alertSizeMB": 400
  }
]

plugins

Configures plugins used in OpenSearch.

plugins

TYPE:

object (OpenSearch Plugins)

Definitions

node

Reference this group by using

{"$ref":"https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/opensearch/$defs/node"}
Property Type Required Nullable Defined by
javaOpts string Optional cannot be null Welkin Apps Config
storageClass string Optional can be null Welkin Apps Config
storageSize string Optional cannot be null Welkin Apps Config

javaOpts

Set Java Virtual Machine Options to control the memory allocation of OpenSearch.

As a rule of thumb the minimum allocation -Xms and maximum allocation -Xmx arguments should be the same to be more predictable. Additionally until memory allocation is at 2 GiB and more it is recommended that the memory limit set in Kubernetes is twice the allocation as OpenSearch uses this for cache.

javaOpts

TYPE:

string (OpenSearch Node Java Options)

DEFAULTS:

The default value is:

"-Xms512m -Xmx512m"

storageClass

Set storage class for OpenSearch.

  • If set to null, the default storage class will be used to provision the volumes.
  • If set to -, no storage class will be used to provision the volumes.

storageClass

TYPE:

string (OpenSearch Node Storage Class)

storageSize

Configure the requested size of the persistent volume for this OpenSerch node.

storageSize

TYPE:

string (OpenSearch Node Storage Size)

role

Reference this group by using

{"$ref":"https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/opensearch/$defs/role"}
Property Type Required Nullable Defined by
name string Optional cannot be null Welkin Apps Config
definition object Optional cannot be null Welkin Apps Config
clusterPermissions array Optional cannot be null Welkin Apps Config
indexPermissions array Optional cannot be null Welkin Apps Config
indexPatterns array Optional cannot be null Welkin Apps Config
allowedActions array Optional cannot be null Welkin Apps Config

name

Configures the name of the create role.

name

TYPE:

string (OpenSearch Role Name)

definition

Configures the permissions the role will have.

This schema does not cover the entire upstream object.

definition

TYPE:

object (OpenSearch Role Definition)

clusterPermissions

Configure permissions that applies cluster-wide.

clusterPermissions

TYPE:

string[] (OpenSearch Cluster Permission)

indexPermissions

Configure permissions that applies per index.

indexPermissions

TYPE:

object[] (OpenSearch Role Index Permission)

indexPatterns

Configure the index pattern this permission applies to.

indexPatterns

TYPE:

string[] (OpenSearch Role Index Pattern)

allowedActions

Configure the actions this permission allows.

allowedActions

TYPE:

string[] (OpenSearch Role Allowed Action)

roleMapping

Reference this group by using

{"$ref":"https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/opensearch/$defs/roleMapping"}
Property Type Required Nullable Defined by
name string Optional cannot be null Welkin Apps Config
definition object Optional cannot be null Welkin Apps Config
groups array Optional cannot be null Welkin Apps Config
users array Optional cannot be null Welkin Apps Config

name

name

TYPE:

string (OpenSearch Role Mapping Name)

definition

Configures the backend roles or groups and users the role mapping applies to.

This schema does not cover the entire upstream object.

definition

TYPE:

object (OpenSearch Role Mapping Definition)

groups

Configures the backend roles or groups that this role mapping applies to.

groups

TYPE:

string[]

users

Configures the user that this role mapping applies to.

users

TYPE:

string[]

Return to the root config schema


Generated Thu Dec 19 03:51:01 UTC 2024 from elastisys/compliantkubernetes-apps@main