From eefa4edfe280d0f6d85cefd0e44c96a853f52d75 Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Thu, 7 Dec 2023 11:46:39 -0500 Subject: [PATCH 1/4] Remove hard coded opensearch.yml Signed-off-by: Derek Ho --- charts/opensearch/CHANGELOG.md | 9 +++ charts/opensearch/Chart.yaml | 2 +- charts/opensearch/values.yaml | 130 ++++++++++++++++----------------- 3 files changed, 75 insertions(+), 66 deletions(-) diff --git a/charts/opensearch/CHANGELOG.md b/charts/opensearch/CHANGELOG.md index 87ee8251..509032be 100644 --- a/charts/opensearch/CHANGELOG.md +++ b/charts/opensearch/CHANGELOG.md @@ -13,6 +13,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed ### Security --- +## [2.17.1] +### Added +### Changed +### Deprecated +### Removed +- Removed hard coded opensearch.yml +### Fixed +### Security +--- ## [2.17.0] ### Added - Updated OpenSearch appVersion to 2.11.1 diff --git a/charts/opensearch/Chart.yaml b/charts/opensearch/Chart.yaml index a46d3189..54242ed9 100644 --- a/charts/opensearch/Chart.yaml +++ b/charts/opensearch/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.17.0 +version: 2.17.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/opensearch/values.yaml b/charts/opensearch/values.yaml index 090cb0c8..c215dd84 100644 --- a/charts/opensearch/values.yaml +++ b/charts/opensearch/values.yaml @@ -31,71 +31,71 @@ global: # Allows you to add any config files in {{ .Values.opensearchHome }}/config opensearchHome: /usr/share/opensearch # such as opensearch.yml and log4j2.properties -config: - # Values must be YAML literal style scalar / YAML multiline string. - # : | - # - # log4j2.properties: | - # status = error - # - # appender.console.type = Console - # appender.console.name = console - # appender.console.layout.type = PatternLayout - # appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n - # - # rootLogger.level = info - # rootLogger.appenderRef.console.ref = console - opensearch.yml: | - cluster.name: opensearch-cluster - - # Bind to all interfaces because we don't know what IP address Docker will assign to us. - network.host: 0.0.0.0 - - # Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again. - # Implicitly done if ".singleNode" is set to "true". - # discovery.type: single-node - - # Start OpenSearch Security Demo Configuration - # WARNING: revise all the lines below before you go into production - plugins: - security: - ssl: - transport: - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - enforce_hostname_verification: false - http: - enabled: true - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - allow_unsafe_democertificates: true - allow_default_init_securityindex: true - authcz: - admin_dn: - - CN=kirk,OU=client,O=client,L=test,C=de - audit.type: internal_opensearch - enable_snapshot_restore_privilege: true - check_snapshot_restore_write_privileges: true - restapi: - roles_enabled: ["all_access", "security_rest_api_access"] - system_indices: - enabled: true - indices: - [ - ".opendistro-alerting-config", - ".opendistro-alerting-alert*", - ".opendistro-anomaly-results*", - ".opendistro-anomaly-detector*", - ".opendistro-anomaly-checkpoints", - ".opendistro-anomaly-detection-state", - ".opendistro-reports-*", - ".opendistro-notifications-*", - ".opendistro-notebooks", - ".opendistro-asynchronous-search-response*", - ] - ######## End OpenSearch Security Demo Configuration ######## +# config: +# # Values must be YAML literal style scalar / YAML multiline string. +# # : | +# # +# # log4j2.properties: | +# # status = error +# # +# # appender.console.type = Console +# # appender.console.name = console +# # appender.console.layout.type = PatternLayout +# # appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n +# # +# # rootLogger.level = info +# # rootLogger.appenderRef.console.ref = console +# opensearch.yml: | +# cluster.name: opensearch-cluster + +# # Bind to all interfaces because we don't know what IP address Docker will assign to us. +# network.host: 0.0.0.0 + +# # Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again. +# # Implicitly done if ".singleNode" is set to "true". +# # discovery.type: single-node + +# # Start OpenSearch Security Demo Configuration +# # WARNING: revise all the lines below before you go into production +# plugins: +# security: +# ssl: +# transport: +# pemcert_filepath: esnode.pem +# pemkey_filepath: esnode-key.pem +# pemtrustedcas_filepath: root-ca.pem +# enforce_hostname_verification: false +# http: +# enabled: true +# pemcert_filepath: esnode.pem +# pemkey_filepath: esnode-key.pem +# pemtrustedcas_filepath: root-ca.pem +# allow_unsafe_democertificates: true +# allow_default_init_securityindex: true +# authcz: +# admin_dn: +# - CN=kirk,OU=client,O=client,L=test,C=de +# audit.type: internal_opensearch +# enable_snapshot_restore_privilege: true +# check_snapshot_restore_write_privileges: true +# restapi: +# roles_enabled: ["all_access", "security_rest_api_access"] +# system_indices: +# enabled: true +# indices: +# [ +# ".opendistro-alerting-config", +# ".opendistro-alerting-alert*", +# ".opendistro-anomaly-results*", +# ".opendistro-anomaly-detector*", +# ".opendistro-anomaly-checkpoints", +# ".opendistro-anomaly-detection-state", +# ".opendistro-reports-*", +# ".opendistro-notifications-*", +# ".opendistro-notebooks", +# ".opendistro-asynchronous-search-response*", +# ] +# ######## End OpenSearch Security Demo Configuration ######## # log4j2.properties: # Extra environment variables to append to this nodeGroup From ca53350a81fa904eb9afc2f35be97019b4e20203 Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Mon, 22 Jan 2024 10:34:52 -0500 Subject: [PATCH 2/4] Update changelog after merge Signed-off-by: Derek Ho --- charts/opensearch/CHANGELOG.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/opensearch/CHANGELOG.md b/charts/opensearch/CHANGELOG.md index 1015c4a1..c18fc508 100644 --- a/charts/opensearch/CHANGELOG.md +++ b/charts/opensearch/CHANGELOG.md @@ -14,18 +14,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Security --- -## [2.17.2] +## [2.17.3] ### Added -- - Allow user-defined labels on ingress resource ### Changed ### Deprecated ### Removed +- Removed hard coded opensearch.yml ### Fixed ### Security --- -## [2.17.1] +## [2.17.2] ### Added -- Added ability to specify custom pod anti-affinity and pod affinity +- - Allow user-defined labels on ingress resource ### Changed ### Deprecated ### Removed @@ -34,10 +34,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 --- ## [2.17.1] ### Added +- Added ability to specify custom pod anti-affinity and pod affinity ### Changed ### Deprecated ### Removed -- Removed hard coded opensearch.yml ### Fixed ### Security --- From 2d8a0a084d294354421ae41c92a42ee04d35bd1c Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Mon, 29 Jan 2024 14:06:32 -0500 Subject: [PATCH 3/4] Bump versions Signed-off-by: Derek Ho --- charts/opensearch/CHANGELOG.md | 2 +- charts/opensearch/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/opensearch/CHANGELOG.md b/charts/opensearch/CHANGELOG.md index c18fc508..a91c4338 100644 --- a/charts/opensearch/CHANGELOG.md +++ b/charts/opensearch/CHANGELOG.md @@ -14,7 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Security --- -## [2.17.3] +## [2.18.1] ### Added ### Changed ### Deprecated diff --git a/charts/opensearch/Chart.yaml b/charts/opensearch/Chart.yaml index 1387b071..4be1db21 100644 --- a/charts/opensearch/Chart.yaml +++ b/charts/opensearch/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.17.3 +version: 2.18.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 0563f1481a5630b5bb21f65ba2b47093bd656f6b Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Mon, 29 Jan 2024 14:28:22 -0500 Subject: [PATCH 4/4] Changed removed to commented out Signed-off-by: Derek Ho --- charts/opensearch/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/opensearch/CHANGELOG.md b/charts/opensearch/CHANGELOG.md index a91c4338..dec0727d 100644 --- a/charts/opensearch/CHANGELOG.md +++ b/charts/opensearch/CHANGELOG.md @@ -19,7 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed ### Deprecated ### Removed -- Removed hard coded opensearch.yml +- Commented out hard coded opensearch.yml ### Fixed ### Security ---