From 382c1526bc855d337e10e6d68c75fc43852dbd11 Mon Sep 17 00:00:00 2001 From: alborotogarcia Date: Wed, 8 Sep 2021 07:55:33 +0200 Subject: [PATCH 1/5] fix --- charts/opensearch/templates/securityconfig.yaml | 6 +++--- charts/opensearch/values.yaml | 15 +++++++++++---- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/charts/opensearch/templates/securityconfig.yaml b/charts/opensearch/templates/securityconfig.yaml index 4557464e..90101621 100644 --- a/charts/opensearch/templates/securityconfig.yaml +++ b/charts/opensearch/templates/securityconfig.yaml @@ -5,9 +5,9 @@ metadata: name: {{ .Values.securityConfig.config.securityConfigSecret }} namespace: {{ .Release.Namespace }} labels: - app: {{ .Chart.Name }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app: "{{ .Chart.Name }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} type: Opaque data: {{- range $key, $val := .Values.securityConfig.config.data }} diff --git a/charts/opensearch/values.yaml b/charts/opensearch/values.yaml index ad6761a5..291134bc 100755 --- a/charts/opensearch/values.yaml +++ b/charts/opensearch/values.yaml @@ -196,10 +196,17 @@ extraContainers: [] # image: busybox # command: ['do', 'something'] -extraInitContainers: [] - # - name: do-somethings - # image: busybox - # command: ['do', 'something'] +extraInitContainers: + - name: volume-chmod + image: busybox + command: ['sh', '-c'] + args: + - 'chown -R 1000:1000 /usr/share/opensearch' + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /usr/share/opensearch/data + name: opensearch-cluster-master # This is the PriorityClass settings as defined in # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass From 4414b1aa166f29b87f27d0e6cce00735544a8c1d Mon Sep 17 00:00:00 2001 From: alborotogarcia Date: Thu, 9 Sep 2021 09:08:32 +0200 Subject: [PATCH 2/5] chart app + stateful csi fsgroup mount --- charts/opensearch/templates/securityconfig.yaml | 6 +++--- charts/opensearch/templates/statefulset.yaml | 14 +++++++++++++- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/charts/opensearch/templates/securityconfig.yaml b/charts/opensearch/templates/securityconfig.yaml index 90101621..4557464e 100644 --- a/charts/opensearch/templates/securityconfig.yaml +++ b/charts/opensearch/templates/securityconfig.yaml @@ -5,9 +5,9 @@ metadata: name: {{ .Values.securityConfig.config.securityConfigSecret }} namespace: {{ .Release.Namespace }} labels: - app: "{{ .Chart.Name }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} + app: {{ .Chart.Name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} type: Opaque data: {{- range $key, $val := .Values.securityConfig.config.data }} diff --git a/charts/opensearch/templates/statefulset.yaml b/charts/opensearch/templates/statefulset.yaml index d5772c85..83cf648f 100644 --- a/charts/opensearch/templates/statefulset.yaml +++ b/charts/opensearch/templates/statefulset.yaml @@ -211,8 +211,20 @@ spec: {{- if .Values.hostAliases }} hostAliases: {{ toYaml .Values.hostAliases | nindent 8 }} {{- end }} - {{- if or (.Values.extraInitContainers) (.Values.keystore) }} initContainers: +{{- if .Values.persistence.enabled }} + - name: fsgroup-volume + image: busybox + command: ['sh', '-c'] + args: + - 'chown -R 1000:1000 /usr/share/opensearch/data' + securityContext: + runAsUser: 0 + volumeMounts: + - name: "{{ template "opensearch.uname" . }}" + mountPath: {{ .Values.opensearchHome }}/data +{{- end }} + {{- if or (.Values.extraInitContainers) (.Values.keystore) }} {{ if .Values.keystore }} - name: keystore image: "{{ .Values.image }}:{{ .Values.imageTag | default .Chart.AppVersion }}" From adcf8ef7917876e4c1413641495d5f20f5e64d22 Mon Sep 17 00:00:00 2001 From: alborotogarcia Date: Thu, 9 Sep 2021 09:10:48 +0200 Subject: [PATCH 3/5] values.yaml clean --- charts/opensearch/values.yaml | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/charts/opensearch/values.yaml b/charts/opensearch/values.yaml index 291134bc..78d3fea3 100755 --- a/charts/opensearch/values.yaml +++ b/charts/opensearch/values.yaml @@ -196,18 +196,6 @@ extraContainers: [] # image: busybox # command: ['do', 'something'] -extraInitContainers: - - name: volume-chmod - image: busybox - command: ['sh', '-c'] - args: - - 'chown -R 1000:1000 /usr/share/opensearch' - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /usr/share/opensearch/data - name: opensearch-cluster-master - # This is the PriorityClass settings as defined in # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" @@ -285,7 +273,8 @@ securityConfig: # config.yml: |- # internal_users.yml: |- # roles.yml: |- - # rolesMapping.yml: |- + # roles_mapping.yml: |- + # action_groups.yml: |- # tenants.yml: |- # How long to wait for opensearch to stop gracefully From 4ffa808c92820539130b75301c9581b1eec11729 Mon Sep 17 00:00:00 2001 From: alborotogarcia Date: Tue, 14 Sep 2021 00:27:57 +0200 Subject: [PATCH 4/5] missing extraInitContainers --- charts/opensearch/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/opensearch/values.yaml b/charts/opensearch/values.yaml index dfed3f34..5411ebb9 100755 --- a/charts/opensearch/values.yaml +++ b/charts/opensearch/values.yaml @@ -196,6 +196,11 @@ extraContainers: [] # image: busybox # command: ['do', 'something'] +extraInitContainers: [] + # - name: do-somethings + # image: busybox + # command: ['do', 'something'] + # This is the PriorityClass settings as defined in # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" From 5a86350eb87c261c2006de239497bfbbc6f6b0b2 Mon Sep 17 00:00:00 2001 From: alborotogarcia Date: Fri, 17 Sep 2021 00:27:11 +0200 Subject: [PATCH 5/5] conditional initcontainers --- charts/opensearch/templates/statefulset.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/opensearch/templates/statefulset.yaml b/charts/opensearch/templates/statefulset.yaml index e144359e..50875277 100644 --- a/charts/opensearch/templates/statefulset.yaml +++ b/charts/opensearch/templates/statefulset.yaml @@ -211,6 +211,7 @@ spec: {{- if .Values.hostAliases }} hostAliases: {{ toYaml .Values.hostAliases | nindent 8 }} {{- end }} + {{- if or (.Values.extraInitContainers) (.Values.keystore) (.Values.persistence.enabled) }} initContainers: {{- if .Values.persistence.enabled }} - name: fsgroup-volume @@ -223,8 +224,7 @@ spec: volumeMounts: - name: "{{ template "opensearch.uname" . }}" mountPath: {{ .Values.opensearchHome }}/data -{{- end }} - {{- if or (.Values.extraInitContainers) (.Values.keystore) }} +{{- end }} {{ if .Values.keystore }} - name: keystore image: "{{ .Values.image }}:{{ .Values.imageTag | default .Chart.AppVersion }}"