not able to set extraVolumeMounts and volumes

[TH12380923]

my usecase is to add new saml metafile file into the opensearch and right now it is not possible and looking for options to attach the volume from config map. The operator is not allowing me to modify any kubernetes resources. Is it possible to modify the kubernetes resources post deployment using the operator?

[dbason]

We're currently working on the option to add volumes in to the resources. This should land pretty soon.

[dbason]

This will be solved with #213

[hpkuppuraj]

@dbason , Thanks as this is some feature that will help a lot. Is there any plan to make the configmap or secret to edit. Looks like this is not possible when the resources are deployed using this operator.

[dbason]

The operator won't manager the secrets or configmaps to be mounted. Because these are completely arbitrary we would need to basically include the entire resource definition, at which point it's just as easy to create the resource separately.

There is an option to reload the operator when the content of the secret or configmap changes, would this achieve what you need?

[hpkuppuraj]

Yes, this looks like a solution where we include the resource definition to create the resources separately. However, if we create the resources separately, we need to include those resources into the pod definition file which at the moment i believe is work in progress as per this thread https://github.com/Opster/opensearch-k8s-operator/pull/213

[dbason]

That looks like it might be a bug when certs are mounted looking at the values from the issue. Would you be able to share your custom resource yaml with us?

Another thing to note is that it looks like you're trying to mount a single additional file into the config directory. We currently don't have the option for subPath mounts - you will need to mount that to another folder (check out the userguide for examples).

[hpkuppuraj]

@dbason , Thanks for the fast response. May i know how can i share the custom resource as a file I even tried mounting the configMap/Secret as it is without subpath, but no luck. If I view the CRD inside the cluster i could see additionalVolume attributes but the OpenSearchCluster resource doesnt have any mention of additionalVolume attribute.

Below is the cluster manifest file.

apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
  name: opensearch-os
  namespace: monitoring-events
spec:
  general:
    version: 2.0.0
    httpPort: 9200
    vendor: opensearch
    serviceName: opensearch-os
    additionalVolumes:
    - name: metafile
      path: /usr/share/opensearch/config/
      secret:
        secretName: saml-metafile-secret
  dashboards:
    version: 2.0.0
    enable: true
    tls:
      enable: true
      generate: true
    replicas: 1
    resources:
      requests:
         memory: "1Gi"
         cpu: "500m"
      limits:
         memory: "1Gi"
         cpu: "500m"
  confMgmt:
    smartScaler: true
  security:
    config:
      securityConfigSecret:
##Pre create this secret with required security configs, to override the default settings
       name: securityconfig-secret
      adminSecret:
       name: opensearch-os-admin-cert

    tls:
      transport:
        generate: true
        perNode: true
      http:
        generate: true
  nodePools:
    - component: masters
      replicas: 3
      diskSize: "30Gi"
      NodeSelector:
      resources:
         requests:
            memory: "2Gi"
            cpu: "500m"
         limits:
            memory: "2Gi"
            cpu: "500m"
      roles:
        - "master"
    - component: data
      replicas: 2
      diskSize: "100Gi"
      NodeSelector:
      resources:
         requests:
            memory: "2Gi"
            cpu: "500m"
         limits:
            memory: "2Gi"
            cpu: "500m"
      roles:
        - "data"

[dbason]

That's fine, that's the file I was looking for. I will do some testing and see if I can narrow down what is happening.

One thing to note is that I still wouldn't use the following:

additionalVolumes:
    - name: metafile
      path: /usr/share/opensearch/config/
      secret:
        secretName: saml-metafile-secret

A better idea might be

additionalVolumes:
    - name: metafile
      path: /usr/share/opensearch/config/saml/
      secret:
        secretName: saml-metafile-secret

Then in your security configuration you can adjust the path. This avoid trying to mount the config directory which might be causing some issues.

[dbason]

I haven't been able to replicate the problem, so any logs you can share would be very useful. Also it might be worth manually building the docker image yourself just incase there was a problem with the CI

[hpkuppuraj]

I tried the suggested change, but not working. So what i have decided to add the saml meta file as part of the security config secret, which i have a control to edit, and set the security configuration path to /usr/share/opensearch/config/opensearch-security/metafile.xml. Will see this one works for my usecase or not. But I am aware that we should not place any configs in the opensearch-security directory.

[hpkuppuraj]

@dbason , just an update here. Still not able to set the extravolume. However, i have deployed the custom configuration as part of the security configuration. So far no issues has been observed.

[Leweyy]

Also looks like the Helm CRDs dont support this general.additionalVolumes field yet

[swoehrl-mw]

The fields were added to the helm chart CRD in #273. Once we cut the next release this should work.

[swoehrl-mw]

Fixed in 2.1.0. Closing as completed.