compliantkubernetes-apps
compliantkubernetes-apps copied to clipboard
elastisys
Revise default config
[!warning] This is a public repository, ensure not to disclose:
- [x] personal data beyond what is necessary for interacting with this pull request, nor
- [x] business confidential information, such as customer names.
What kind of PR is this?
Required: Mark one of the following that is applicable:
- [ ] kind/feature
- [x] kind/improvement
- [ ] kind/deprecation
- [ ] kind/documentation
- [ ] kind/clean-up
- [ ] kind/bug
- [ ] kind/other
Optional: Mark one or more of the following that are applicable:
[!important] Breaking changes should be marked
kind/admin-changeorkind/dev-changedepending on type Critical security fixes should be marked withkind/security
- [x] kind/admin-change
- [ ] kind/dev-change
- [ ] kind/security
- [ ] [kind/adr](set-me)
Release notes
Default Opensearch setup has been changed. Opensearch is now configured to use 3 master nodes, 0 data nodes and 0 client nodes by default. There's no easy migration path for the new configuration, if the old default Opensearch setup is used it should be added to the override config. Proxy protocol is now enabled by default in ingress-nginx when using ElastX as infrastructure provider. Fluentd audit is now enabled by default. Log retention is now 30 days by default.
Platform Administrator notice
Default Opensearch setup has been changed. Opensearch is now configured to use 3 master nodes, 0 data nodes and 0 client nodes by default. There's no easy migration path for the new configuration, if the old default Opensearch setup is used it should be added to the override config. Proxy protocol is now enabled by default in ingress-nginx when using ElastX as infrastructure provider. Fluentd audit is now enabled by default.
What does this PR do / why do we need this PR?
Changed some default configuration
- Part of https://github.com/elastisys/ck8s-issue-tracker/issues/352
Information to reviewers
Checklist
- [x] Proper commit message prefix on all commits
- Change checks:
- [ ] The change is transparent
- [x] The change is disruptive
- [x] The change requires no migration steps
- [ ] The change requires migration steps
- [ ] The change updates CRDs
- [x] The change updates the config and the schema
- Documentation checks:
- [x] The public documentation required no updates
- [ ] The public documentation required an update - [link to change](set-me)
- Metrics checks:
- [x] The metrics are still exposed and present in Grafana after the change
- [x] The metrics names didn't change (Grafana dashboards and Prometheus alerts required no updates)
- [ ] The metrics names did change (Grafana dashboards and Prometheus alerts required an update)
- Logs checks:
- [x] The logs do not show any errors after the change
- PodSecurityPolicy checks:
- [x] Any changed Pod is covered by Kubernetes Pod Security Standards
- [x] Any changed Pod is covered by Gatekeeper Pod Security Policies
- [x] The change does not cause any Pods to be blocked by Pod Security Standards or Policies
- NetworkPolicy checks:
- [x] Any changed Pod is covered by Network Policies
- [ ] The change does not cause any dropped packets in the NetworkPolicy Dashboard
- Audit checks:
- [x] The change does not cause any unnecessary Kubernetes audit events
- [ ] The change requires changes to Kubernetes audit policy
- Falco checks:
- [x] The change does not cause any alerts to be generated by Falco
- Bug checks:
- [x] The bug fix is covered by regression tests
