diff --git a/charts/opensearch/CHANGELOG.md b/charts/opensearch/CHANGELOG.md index 232a1eb7..f5d9bb7a 100644 --- a/charts/opensearch/CHANGELOG.md +++ b/charts/opensearch/CHANGELOG.md @@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 --- ## [Unreleased] ### Added +- Updated StatefulSet with node_dn.yml and whitelist.yml ### Changed ### Deprecated ### Removed diff --git a/charts/opensearch/Chart.yaml b/charts/opensearch/Chart.yaml index 712b7cab..7db8cd09 100644 --- a/charts/opensearch/Chart.yaml +++ b/charts/opensearch/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.0.1 +version: 2.0.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/opensearch/templates/statefulset.yaml b/charts/opensearch/templates/statefulset.yaml index a018322f..099a9fdb 100644 --- a/charts/opensearch/templates/statefulset.yaml +++ b/charts/opensearch/templates/statefulset.yaml @@ -190,6 +190,16 @@ spec: secret: secretName: {{ .Values.securityConfig.tenantsSecret }} {{- end }} + {{- if .Values.securityConfig.nodesDnSecret }} + - name: nodes-dn + secret: + secretName: {{ .Values.securityConfig.nodesDnSecret }} + {{- end }} + {{- if .Values.securityConfig.whitelistSecret }} + - name: whitelist + secret: + secretName: {{ .Values.securityConfig.whitelistSecret }} + {{- end }} {{- if .Values.keystore }} - name: keystore emptyDir: {} @@ -226,7 +236,7 @@ spec: - 'chown -R 1000:1000 /usr/share/opensearch/data' securityContext: runAsUser: 0 - resources: + resources: {{ toYaml .Values.initResources | nindent 10 }} volumeMounts: - name: "{{ template "opensearch.uname" . }}" @@ -260,7 +270,7 @@ spec: cp -a {{ .Values.opensearchHome }}/config/opensearch.keystore /tmp/keystore/ env: {{ toYaml .Values.extraEnvs | nindent 10 }} envFrom: {{ toYaml .Values.envFrom | nindent 10 }} - resources: + resources: {{ toYaml .Values.initResources | nindent 10 }} volumeMounts: - name: keystore @@ -375,6 +385,16 @@ spec: name: tenants subPath: tenants.yml {{- end }} + {{- if .Values.securityConfig.whitelistSecret }} + - mountPath: {{ .Values.securityConfig.path }}/whitelist.yml + name: whitelist + subPath: whitelist.yml + {{- end }} + {{- if .Values.securityConfig.nodesDnSecret }} + - mountPath: {{ .Values.securityConfig.path }}/nodes_dn.yml + name: nodes-dn + subPath: nodes_dn.yml + {{- end }} {{- if .Values.securityConfig.config.data }} {{- if .Values.securityConfig.config.dataComplete }} - mountPath: {{ .Values.securityConfig.path }} @@ -483,4 +503,4 @@ spec: {{- else }} {{ toYaml .Values.extraContainers | indent 6 }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/charts/opensearch/values.yaml b/charts/opensearch/values.yaml index 17cb0943..a80ef6c3 100644 --- a/charts/opensearch/values.yaml +++ b/charts/opensearch/values.yaml @@ -296,6 +296,8 @@ securityConfig: rolesSecret: rolesMappingSecret: tenantsSecret: + nodesDnSecret: + whitelistSecret: # The following option simplifies securityConfig by using a single secret and # specifying the config files as keys in the secret instead of creating # different secrets for for each config file.