diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 733af4bd..e3303d58 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -95,6 +95,10 @@ jobs:
docker image tag "opensearch-custom:latest" "$REMOTE_IMAGE_REF"
docker push "$REMOTE_IMAGE_REF"
+ - name: Download Helm dependencies
+ run: |
+ helm dependency update ./target/helm/openshift/search-quarkus-io
+
- name: Deploy Helm charts
run: |
helm upgrade --install search-quarkus-io ./target/helm/openshift/search-quarkus-io \
diff --git a/pom.xml b/pom.xml
index ed78558b..09f11c56 100644
--- a/pom.xml
+++ b/pom.xml
@@ -36,7 +36,11 @@
2.23.0
1.9.0
- 2.14
+ 2.14.0
+
+ 2.20.0
1.4.0
@@ -273,6 +277,7 @@
${revision}
${project.basedir}/src/test/resources
${version.opensearch}
+ ${version.opensearch.helm-chart}
diff --git a/src/main/helm/values.staging.yaml b/src/main/helm/values.staging.yaml
index 7a314ccb..46738e86 100644
--- a/src/main/helm/values.staging.yaml
+++ b/src/main/helm/values.staging.yaml
@@ -12,8 +12,7 @@ app:
cpu: 400m
memory: 500Mi
opensearch:
- envs:
- OPENSEARCH_JAVA_OPTS: ' -Xms700m -Xmx700m '
+ opensearchJavaOpts: ' -Xms700m -Xmx700m '
resources:
limits:
cpu: 1000m
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
new file mode 100644
index 00000000..f17b1dce
--- /dev/null
+++ b/src/main/helm/values.yaml
@@ -0,0 +1,64 @@
+opensearch:
+ # See https://github.com/opensearch-project/helm-charts/blob/main/charts/opensearch/values.yaml
+ # Openshift naming, labels and annotations
+ nameOverride: search-backend
+ podAnnotations:
+ alpha.image.policy.openshift.io/resolve-names: '*'
+# labels:
+# - app.kubernetes.io/part-of: 'part-of'
+ # Openshift security overrides
+ # We can't use UID 1000 on OpenShift, so we clear this preset.
+ # We also remove a chown further down.
+ fsGroup: null
+ podSecurityContext:
+ runAsUser: null
+ securityContext:
+ runAsUser: null
+ fsGroup: null
+ # We use a custom image to fix permission problems on OpenShift and install custom plugins.
+ # See src/docker.
+ image:
+ repository: opensearch-custom
+ #version: "SET_IN_QUARKUS_APPLICATION_PROPERTIES"
+ # OpenSearch configuration
+ config: null
+ #clusterName: "SET_IN_QUARKUS_APPLICATION_PROPERTIES"
+ singleNode: true
+ extraEnvs:
+ - name: bootstrap.memory_lock
+ value: 'false'
+ # This is necessary to avoid OpenSearch trying to install various things on startup,
+ # which leads to filesystem operations (chmod/chown) that won't work
+ # because only user 1000 has the relevant permissions,
+ # and we can't run with user 1000 on OpenShift.
+ # See also:
+ # - https://github.com/opensearch-project/opensearch-devops/issues/97
+ # - src/main/docker/opensearch-custom.Dockerfile
+ - name: DISABLE_PERFORMANCE_ANALYZER_AGENT_CLI
+ value: 'true'
+ - name: DISABLE_INSTALL_DEMO_CONFIG
+ value: 'true'
+ # Not exposed to the internet, no sensitive data
+ # => We don't bother with HTTPS and pesky self-signed certificates
+ # Setting this env variable is better than setting plugins.security.disabled
+ # because this skips installing the plugin altogether (see above)
+ - name: DISABLE_SECURITY_PLUGIN
+ value: 'true'
+ envFrom:
+ - configMapRef:
+ name: search-backend-config
+ - secretRef:
+ name: search-backend-secrets
+ # Resource requirements (overridden for staging, see values.staging.yaml)
+ opensearchJavaOpts: ' -Xms1g -Xmx1g '
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 2Gi
+ requests:
+ cpu: 500m
+ memory: 1.9Gi
+ persistence:
+ size: 5Gi
+ # Disable chown: we can't do that, see security overrides further up.
+ enableInitChown: 'false'
\ No newline at end of file
diff --git a/src/main/kubernetes/openshift.yml b/src/main/kubernetes/openshift.yml
deleted file mode 100644
index d41c9238..00000000
--- a/src/main/kubernetes/openshift.yml
+++ /dev/null
@@ -1,137 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: search-backend
- labels:
- app: search-backend
- app.kubernetes.io/name: search-backend
- app.kubernetes.io/component: datastore
- app.kubernetes.io/part-of: '{{ .Values.app.name }}'
- app.kubernetes.io/version: '{{ .Values.app.version }}'
-spec:
- ports:
- - name: http
- port: 9200
- protocol: TCP
- - name: inter-node
- protocol: TCP
- port: 9300
- selector:
- app.kubernetes.io/name: search-backend
- type: ClusterIP
- # Using a StatefulSet, each pod has its own immutable address,
- # so we don't need the service to have an IP.
- clusterIP: None
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: search-backend
- labels:
- app: search-backend
- app.kubernetes.io/name: search-backend
- app.kubernetes.io/component: datastore
- app.kubernetes.io/part-of: '{{ .Values.app.name }}'
- app.kubernetes.io/version: '{{ .Values.app.version }}'
-# See https://www.hafifbilgiler.com/hafif-bilgiler/elasticsearch-installation-on-openshift/
-spec:
- serviceName: search-backend
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/name: search-backend
- template:
- metadata:
- labels:
- app: search-backend
- app.kubernetes.io/name: search-backend
- app.kubernetes.io/component: datastore
- app.kubernetes.io/part-of: '{{ .Values.app.name }}'
- app.kubernetes.io/version: '{{ .Values.app.version }}'
- annotations:
- alpha.image.policy.openshift.io/resolve-names: '*'
- spec:
- containers:
- - name: opensearch
- # The image gets pushed manually as part of the "deploy" workflow.
- # This gets replaced with the correct image ref (exact tag).
- image: opensearch-custom:latest
- imagePullPolicy: Always
- resources:
- limits:
- cpu: '{{ .Values.opensearch.resources.limits.cpu }}'
- memory: '{{ .Values.opensearch.resources.limits.memory }}'
- requests:
- cpu: '{{ .Values.opensearch.resources.requests.cpu }}'
- memory: '{{ .Values.opensearch.resources.requests.memory }}'
- readinessProbe:
- httpGet:
- scheme: HTTP
- path: /_cluster/health?local=true
- port: 9200
- initialDelaySeconds: 5
- ports:
- - name: http
- containerPort: 9200
- protocol: TCP
- - name: inter-node
- containerPort: 9300
- protocol: TCP
- volumeMounts:
- - name: data
- mountPath: /usr/share/opensearch/data
- env:
- - name: cluster.name
- value: search-quarkus-io
- - name: node.name
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- # We don't have enough nodes/memory available in the cluster to allow for 3 decently-sized pods,
- # and 3 pods with low memory perform badly, so we'll have to make do with a single pod.
- - name: discovery.type
- value: "single-node"
- # Memory locking doesn't work on our OpenShift instance,
- # but this shouldn't be too bad as we don't expect swapping to be enabled.
- - name: bootstrap.memory_lock
- value: "false"
- # OpenSearch doesn't seem to automatically adapt -Xmx to available memory, for some reason
- - name: OPENSEARCH_JAVA_OPTS
- value: '{{ .Values.opensearch.envs.OPENSEARCH_JAVA_OPTS }}'
- # This is necessary to avoid OpenSearch trying to install various things on startup,
- # which leads to filesystem operations (chmod/chown) that won't work
- # because only user 1000 has the relevant permissions,
- # and we can't run with user 1000 on OpenShift.
- # See also:
- # - https://github.com/opensearch-project/opensearch-devops/issues/97
- # - src/main/docker/opensearch-custom.Dockerfile
- - name: DISABLE_PERFORMANCE_ANALYZER_AGENT_CLI
- value: 'true'
- - name: DISABLE_INSTALL_DEMO_CONFIG
- value: 'true'
- # Not exposed to the internet, no sensitive data
- # => We don't bother with HTTPS and pesky self-signed certificates
- # Setting this env variable is better than setting plugins.security.disabled
- # because this skips installing the plugin altogether (see above)
- - name: DISABLE_SECURITY_PLUGIN
- value: 'true'
- envFrom:
- - configMapRef:
- name: search-backend-config
- - secretRef:
- name: search-backend-secrets
- volumeClaimTemplates:
- - metadata:
- name: data
- labels:
- app: search-backend
- app.kubernetes.io/name: search-backend
- app.kubernetes.io/component: datastore
- app.kubernetes.io/part-of: search-quarkus-io
- spec:
- accessModes: [ "ReadWriteOnce" ]
- storageClassName: "gp2"
- resources:
- requests:
- storage: 5Gi
\ No newline at end of file
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index e1dff970..af82d565 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -81,7 +81,7 @@ quarkus.datasource.jdbc.min-size=0
# Hibernate Search
########################
# This version needs to match the version in src/main/docker/opensearch-custom.Dockerfile
-quarkus.hibernate-search-orm.elasticsearch.version=opensearch:2.14
+quarkus.hibernate-search-orm.elasticsearch.version=opensearch:${maven.version.opensearch}
# Not using :latest here as a workaround until we get https://github.com/quarkusio/quarkus/pull/38896
quarkus.elasticsearch.devservices.image-name=opensearch-custom:${maven.version.opensearch}
# Limit parallelism of indexing, because OpenSearch can only handle so many documents in its buffers.
@@ -237,19 +237,21 @@ quarkus.openshift.add-version-to-label-selectors=false
########################
# OpenShift - Backend config
########################
+quarkus.helm.dependencies.opensearch.alias=opensearch
+quarkus.helm.dependencies.opensearch.version=${maven.version.opensearch.helm-chart}
+quarkus.helm.dependencies.opensearch.repository=https://opensearch-project.github.io/helm-charts/
+# Wait for OpenSearch to be started before starting the app
+quarkus.helm.dependencies.opensearch.wait-for-service=chart-database:5432
+# Openshift naming, labels and annotations
+quarkus.helm.values."@.opensearch.labels".value-as-map."app.kubernetes.io/part-of"=${quarkus.application.name}
+quarkus.helm.values-schema.properties."@.opensearch.labels".type=object
+# OpenSearch configuration
+quarkus.helm.values."@.opensearch.clusterName".value=${quarkus.application.name}
# We must use a unique tag for our image,
# so that changes to the image can be rolled back in sync with the app.
# It happens that the revision passed to maven is a convenient unique version,
# but in theory we could use another unique string.
-quarkus.helm.values."opensearch-image".paths=(kind == StatefulSet).spec.template.spec.containers.image
-quarkus.helm.values."opensearch-image".value=opensearch-custom:${maven.revision}
-quarkus.helm.values."opensearch-image".property=@.opensearch.image
-# Resource requirements (overridden for staging, see src/main/helm)
-quarkus.helm.values."@.opensearch.envs.OPENSEARCH_JAVA_OPTS".value=\ -Xms1g -Xmx1g
-quarkus.helm.values."@.opensearch.resources.limits.cpu".value=2000m
-quarkus.helm.values."@.opensearch.resources.requests.cpu".value=500m
-quarkus.helm.values."@.opensearch.resources.limits.memory".value=2Gi
-quarkus.helm.values."@.opensearch.resources.requests.memory".value=1.9Gi
+quarkus.helm.values."@.opensearch.image.version".value=${maven.revision}
########################
# Web Bundler config