Helm install OpenSearch Cluster with persistence to local disk + Hunspell
kubectl apply -f values.yaml
values.yaml
# Only create this for K8s 1.9+
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
# Supported policies: Delete, Retain
reclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: opensearch-agent-1
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 10Gi
local:
path: /usr/share/opensearch/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- rke2-agent-1
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: opensearch-agent-2
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 10Gi
local:
path: /usr/share/opensearch/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- rke2-agent-2
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: opensearch-agent-3
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 10Gi
local:
path: /usr/share/opensearch/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- rke2-agent-3
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
volumeMode: Filesystem# on all nodes labeled rke2-agent-1, rke2-agent-2, rke2-agent-3
mkdir -p /usr/share/opensearch/data
$ helm repo add opensearch https://opensearch-project.github.io/helm-charts/
$ helm repo update
$ helm install --namespace opensearch -f values.yaml opensearch/opensearch
values.yaml
antiAffinity: soft
antiAffinityTopologyKey: kubernetes.io/hostname
clusterName: opensearch-cluster
config:
opensearch.yml: >
cluster.name: opensearch-cluster
# Bind to all interfaces because we don't know what IP address Docker will
assign to us.
network.host: 0.0.0.0
# Setting network.host to a non-loopback address enables the annoying
bootstrap checks. "Single-node" mode disables them again.
# Implicitly done if ".singleNode" is set to "true".
# discovery.type: single-node
enableServiceLinks: true
envFrom: []
extraContainers: []
extraEnvs:
- name: DISABLE_INSTALL_DEMO_CONFIG
value: 'true'
- name: DISABLE_SECURITY_PLUGIN
value: 'true'
extraInitContainers:
- command:
- cp
- '-R'
- /usr/share/elasticsearch/config/hunspell/
- /data/
image: insekticid/elasticsearch-hunspell
name: hunspell
volumeMounts:
- mountPath: /data/hunspell/
name: shared-data
- command:
- sysctl
- '-w'
- vm.max_map_count=262144
image: busybox:latest
name: ini-sysctl
securityContext:
privileged: true
runAsUser: 0
extraObjects: []
extraVolumeMounts:
- mountPath: /usr/share/opensearch/config/hunspell/
name: shared-data
extraVolumes:
- emptyDir: {}
name: shared-data
fsGroup: ''
fullnameOverride: ''
global:
dockerRegistry: ''
cattle:
systemProjectId: p-frfbh
hostAliases: []
httpPort: 9200
image:
pullPolicy: IfNotPresent
repository: opensearchproject/opensearch
tag: ''
imagePullSecrets: []
ingress:
annotations: {}
enabled: false
hosts:
- chart-example.local
path: /
tls: []
initResources: {}
keystore: []
labels: {}
lifecycle: {}
livenessProbe: {}
majorVersion: ''
masterService: opensearch-cluster-master
masterTerminationFix: false
maxUnavailable: 1
nameOverride: ''
networkHost: 0.0.0.0
networkPolicy:
create: false
http:
enabled: false
nodeAffinity: {}
nodeGroup: master
nodeSelector: {}
opensearchHome: /usr/share/opensearch
opensearchJavaOpts: '-Xmx512M -Xms512M'
persistence:
accessModes:
- ReadWriteOnce
annotations: {}
enableInitChown: true
enabled: true
labels:
enabled: true
size: 8Gi
storageClass: local-storage
plugins:
enabled: true
installList:
- analysis-icu
- analysis-phonetic
podAnnotations: {}
podManagementPolicy: Parallel
podSecurityContext:
fsGroup: 1000
runAsUser: 1000
podSecurityPolicy:
create: false
name: ''
spec:
fsGroup:
rule: RunAsAny
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- secret
- configMap
- persistentVolumeClaim
- emptyDir
priorityClassName: ''
protocol: https
rbac:
create: false
serviceAccountAnnotations: {}
serviceAccountName: ''
readinessProbe:
failureThreshold: 3
periodSeconds: 5
tcpSocket:
port: 9200
timeoutSeconds: 3
replicas: 3
resources:
requests:
cpu: 1000m
memory: 100Mi
roles:
- master
- ingest
- data
- remote_cluster_client
schedulerName: ''
secretMounts: []
securityConfig:
actionGroupsSecret: null
config:
data: {}
dataComplete: true
securityConfigSecret: ''
configSecret: null
enabled: true
internalUsersSecret: null
path: /usr/share/opensearch/plugins/opensearch-security/securityconfig
rolesMappingSecret: null
rolesSecret: null
tenantsSecret: null
securityContext:
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
service:
annotations: {}
externalTrafficPolicy: ''
headless:
annotations: {}
httpPortName: http
labels: {}
labelsHeadless: {}
loadBalancerIP: ''
loadBalancerSourceRanges: []
nodePort: ''
transportPortName: transport
type: ClusterIP
sidecarResources: {}
singleNode: false
startupProbe:
failureThreshold: 30
initialDelaySeconds: 5
periodSeconds: 10
tcpSocket:
port: 9200
timeoutSeconds: 3
sysctl:
enabled: false
sysctlInit:
enabled: false
sysctlVmMaxMapCount: 262144
terminationGracePeriod: 120
tolerations: []
topologySpreadConstraints: []
transportPort: 9300
updateStrategy: RollingUpdate