Merge branch 'main' of https://github.com/drycc-addons/addons into main

Author: EamonZhang

addons/opensearch/2.10/chart/opensearch/templates/dashboards/tls-secret.yaml

@@ -4,11 +4,11 @@ SPDX-License-Identifier: APACHE-2.0
 */}}
 
 {{- if and (include "opensearch.dashboards.enabled" .) (include "opensearch.dashboards.createTlsSecret" .) }}
-{{- $ca := genCA "opensearch-ca" 365 }}
+{{- $ca := genCA "opensearch-ca" 36500 }}
 {{- $releaseNamespace := include "common.names.namespace" . }}
 {{- $clusterDomain := .Values.clusterDomain }}
 {{- $dashboardsFullname := include "opensearch.dashboards.fullname" . }}
-{{- $cert := genSignedCert $dashboardsFullname nil nil 365 $ca }}
+{{- $cert := genSignedCert $dashboardsFullname nil nil 36500 $ca }}
 {{- $secretDashboardsName := printf "%s-crt" (include "opensearch.dashboards.fullname" .) }}
 ---
 apiVersion: v1

addons/opensearch/2.10/chart/opensearch/templates/ingress-tls-secrets.yaml

@@ -24,8 +24,8 @@ data:
 {{- end }}
 {{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
 {{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
-{{- $ca := genCA "opensearch-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "opensearch-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -65,8 +65,8 @@ data:
 {{- end }}
 {{- if and .Values.ingest.ingress.tls .Values.ingest.ingress.selfSigned }}
 {{- $secretName := printf "%s-tls" .Values.ingest.ingress.hostname }}
-{{- $ca := genCA "opensearch-ingest-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingest.ingress.hostname nil (list .Values.ingest.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "opensearch-ingest-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingest.ingress.hostname nil (list .Values.ingest.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:

addons/opensearch/2.10/chart/opensearch/templates/tls-secret.yaml

@@ -4,10 +4,10 @@ SPDX-License-Identifier: APACHE-2.0
 */}}
 
 {{- if (include "opensearch.createTlsSecret" .) }}
-{{- $ca := genCA "opensearch-ca" 365 }}
+{{- $ca := genCA "opensearch-ca" 36500 }}
 {{- $releaseNamespace := include "common.names.namespace" . }}
 {{- $clusterDomain := .Values.clusterDomain }}
-{{- $cert := genSignedCert "admin" nil nil 365 $ca }}
+{{- $cert := genSignedCert "admin" nil nil 36500 $ca }}
 {{- $secretAdminName := printf "%s-admin-crt" (include "common.names.fullname" .) }}
 apiVersion: v1
 kind: Secret
@@ -30,7 +30,7 @@ data:
 {{- $altNames = append $altNames (include "opensearch.service.name" .) }}
 {{- $altNames = append $altNames (printf "%s.%s.svc.%s" (include "opensearch.service.name" .) $releaseNamespace $clusterDomain) }}
 {{- end }}
-{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $cert := genSignedCert $fullname nil $altNames 36500 $ca }}
 {{- $secretName := printf "%s-crt" (include "opensearch.master.fullname" .) }}
 ---
 apiVersion: v1
@@ -53,7 +53,7 @@ data:
 {{- $fullname := include "opensearch.data.fullname" . }}
 {{- $serviceName := include "opensearch.data.servicename" . }}
 {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
-{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $cert := genSignedCert $fullname nil $altNames 36500 $ca }}
 {{- $secretName := printf "%s-crt" (include "opensearch.data.fullname" .) }}
 ---
 apiVersion: v1
@@ -76,7 +76,7 @@ data:
 {{- $fullname := include "opensearch.coordinating.fullname" . }}
 {{- $serviceName := include "opensearch.coordinating.servicename" . }}
 {{- $altNames := list (include "opensearch.service.name" .) (printf "%s.%s.svc.%s" (include "opensearch.service.name" .) $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
-{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $cert := genSignedCert $fullname nil $altNames 36500 $ca }}
 {{- $secretName := printf "%s-crt" (include "opensearch.coordinating.fullname" .) }}
 ---
 apiVersion: v1
@@ -103,7 +103,7 @@ data:
 {{- $altNames = append $altNames (include "opensearch.ingest.fullname" .) }}
 {{- $altNames = append $altNames (printf "%s.%s.svc.%s" (include "opensearch.ingest.fullname" .) $releaseNamespace $clusterDomain) }}
 {{- end }}
-{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $cert := genSignedCert $fullname nil $altNames 36500 $ca }}
 {{- $secretName := printf "%s-crt" (include "opensearch.ingest.fullname" .) }}
 ---
 apiVersion: v1

addons/opensearch/2.10/chart/opensearch/values.yaml

@@ -432,7 +432,7 @@ ingress:
   ## NOTE: 'key' and 'certificate' are expected in PEM format
   ## NOTE: 'name' should line up with a 'secretName' set further up
   ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
   ## It is also possible to create and manage the certificates outside of this helm chart
   ## Please see README.md for more information
   ## e.g:
@@ -2142,7 +2142,7 @@ ingest:
     ## NOTE: 'key' and 'certificate' are expected in PEM format
     ## NOTE: 'name' should line up with a 'secretName' set further up
     ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
     ## It is also possible to create and manage the certificates outside of this helm chart
     ## Please see README.md for more information
     ## e.g:
@@ -2800,7 +2800,7 @@ dashboards:
     ## NOTE: 'key' and 'certificate' are expected in PEM format
     ## NOTE: 'name' should line up with a 'secretName' set further up
     ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
     ## It is also possible to create and manage the certificates outside of this helm chart
     ## Please see README.md for more information
     ## e.g:

addons/opensearch/2.10/plans/standard-1c2g16/bind.yaml

@@ -1,4 +1,6 @@
 credential:
+{{- $releaseNamespace := include "common.names.namespace" . }}
+{{- $clusterDomain := .Values.clusterDomain }}
   {{- if (eq .Values.service.type "LoadBalancer") }}
   - name: EXTERNAL_OPENSEARCH_HOST
     valueFrom:
@@ -66,4 +68,53 @@ credential:
       secretKeyRef:
         name: {{ template "common.names.fullname" . }}
         jsonpath: '{ .data.logstash-password }'
-  {{- end }}
+  {{- end }}
+
+
+  {{- if (include "opensearch.createTlsSecret" .) }}
+  {{ if not (include "opensearch.coordinating.enabled" .) }}
+  - name: OPENSEARCH_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" (include "opensearch.service.name" .) $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_MASTER_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.master.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.data.enabled" .) (not .Values.security.tls.data.existingSecret) }}
+  {{- $serviceName := include "opensearch.data.servicename" . }}
+  - name: OPENSEARCH_DATA_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_DATA_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.data.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.coordinating.enabled" .) (not .Values.security.tls.coordinating.existingSecret) }}
+  - name: OPENSEARCH_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" (include "opensearch.service.name" .) $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_COORDINATING_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.coordinating.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.ingest.enabled" .) (not .Values.security.tls.ingest.existingSecret) }}
+  {{- $serviceName := include "opensearch.ingest.servicename" . }}
+  - name: OPENSEARCH_INGEST_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain)  }}
+
+  - name: OPESEARCH_INGEST_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.ingest.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+  {{- end }}

addons/opensearch/2.10/plans/standard-2c4g32/bind.yaml

@@ -1,4 +1,6 @@
 credential:
+{{- $releaseNamespace := include "common.names.namespace" . }}
+{{- $clusterDomain := .Values.clusterDomain }}
   {{- if (eq .Values.service.type "LoadBalancer") }}
   - name: EXTERNAL_OPENSEARCH_HOST
     valueFrom:
@@ -47,6 +49,7 @@ credential:
         jsonpath: '{ .spec.ports[?(@.name=="http")].port }'
   {{- end }}
 
+
   {{- if .Values.security.enabled }}
   - name: OPENSEARCH_PASSWORD
     valueFrom:
@@ -65,4 +68,53 @@ credential:
       secretKeyRef:
         name: {{ template "common.names.fullname" . }}
         jsonpath: '{ .data.logstash-password }'
-  {{- end }}
+  {{- end }}
+
+
+  {{- if (include "opensearch.createTlsSecret" .) }}
+  {{ if not (include "opensearch.coordinating.enabled" .) }}
+  - name: OPENSEARCH_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" (include "opensearch.service.name" .) $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_MASTER_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.master.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.data.enabled" .) (not .Values.security.tls.data.existingSecret) }}
+  {{- $serviceName := include "opensearch.data.servicename" . }}
+  - name: OPENSEARCH_DATA_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_DATA_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.data.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.coordinating.enabled" .) (not .Values.security.tls.coordinating.existingSecret) }}
+  - name: OPENSEARCH_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" (include "opensearch.service.name" .) $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_COORDINATING_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.coordinating.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.ingest.enabled" .) (not .Values.security.tls.ingest.existingSecret) }}
+  {{- $serviceName := include "opensearch.ingest.servicename" . }}
+  - name: OPENSEARCH_INGEST_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain)  }}
+
+  - name: OPESEARCH_INGEST_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.ingest.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+  {{- end }}

addons/opensearch/2.10/plans/standard-2c4g64/bind.yaml

@@ -1,4 +1,6 @@
 credential:
+{{- $releaseNamespace := include "common.names.namespace" . }}
+{{- $clusterDomain := .Values.clusterDomain }}
   {{- if (eq .Values.service.type "LoadBalancer") }}
   - name: EXTERNAL_OPENSEARCH_HOST
     valueFrom:
@@ -47,6 +49,7 @@ credential:
         jsonpath: '{ .spec.ports[?(@.name=="http")].port }'
   {{- end }}
 
+
   {{- if .Values.security.enabled }}
   - name: OPENSEARCH_PASSWORD
     valueFrom:
@@ -65,4 +68,53 @@ credential:
       secretKeyRef:
         name: {{ template "common.names.fullname" . }}
         jsonpath: '{ .data.logstash-password }'
-  {{- end }}
+  {{- end }}
+
+
+  {{- if (include "opensearch.createTlsSecret" .) }}
+  {{ if not (include "opensearch.coordinating.enabled" .) }}
+  - name: OPENSEARCH_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" (include "opensearch.service.name" .) $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_MASTER_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.master.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.data.enabled" .) (not .Values.security.tls.data.existingSecret) }}
+  {{- $serviceName := include "opensearch.data.servicename" . }}
+  - name: OPENSEARCH_DATA_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_DATA_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.data.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.coordinating.enabled" .) (not .Values.security.tls.coordinating.existingSecret) }}
+  - name: OPENSEARCH_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" (include "opensearch.service.name" .) $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_COORDINATING_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.coordinating.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.ingest.enabled" .) (not .Values.security.tls.ingest.existingSecret) }}
+  {{- $serviceName := include "opensearch.ingest.servicename" . }}
+  - name: OPENSEARCH_INGEST_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain)  }}
+
+  - name: OPESEARCH_INGEST_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.ingest.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+  {{- end }}

addons/opensearch/2.10/plans/standard-4c16g256/bind.yaml

@@ -1,4 +1,6 @@
 credential:
+{{- $releaseNamespace := include "common.names.namespace" . }}
+{{- $clusterDomain := .Values.clusterDomain }}
   {{- if (eq .Values.service.type "LoadBalancer") }}
   - name: EXTERNAL_OPENSEARCH_HOST
     valueFrom:
@@ -47,6 +49,7 @@ credential:
         jsonpath: '{ .spec.ports[?(@.name=="http")].port }'
   {{- end }}
 
+
   {{- if .Values.security.enabled }}
   - name: OPENSEARCH_PASSWORD
     valueFrom:
@@ -65,4 +68,53 @@ credential:
       secretKeyRef:
         name: {{ template "common.names.fullname" . }}
         jsonpath: '{ .data.logstash-password }'
-  {{- end }}
+  {{- end }}
+
+
+  {{- if (include "opensearch.createTlsSecret" .) }}
+  {{ if not (include "opensearch.coordinating.enabled" .) }}
+  - name: OPENSEARCH_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" (include "opensearch.service.name" .) $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_MASTER_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.master.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.data.enabled" .) (not .Values.security.tls.data.existingSecret) }}
+  {{- $serviceName := include "opensearch.data.servicename" . }}
+  - name: OPENSEARCH_DATA_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_DATA_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.data.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.coordinating.enabled" .) (not .Values.security.tls.coordinating.existingSecret) }}
+  - name: OPENSEARCH_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" (include "opensearch.service.name" .) $releaseNamespace $clusterDomain) }}
+
+  - name: OPESEARCH_COORDINATING_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.coordinating.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+
+  {{- if and (include "opensearch.ingest.enabled" .) (not .Values.security.tls.ingest.existingSecret) }}
+  {{- $serviceName := include "opensearch.ingest.servicename" . }}
+  - name: OPENSEARCH_INGEST_DOMAIN
+    value: {{ (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain)  }}
+
+  - name: OPESEARCH_INGEST_CA_CRT
+    valueFrom:
+      secretKeyRef:
+        name: {{ printf "%s-crt" (include "opensearch.ingest.fullname" .) }}
+        jsonpath: '{ .data.ca\.crt }'
+  {{- end }}
+  {{- end }}