Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): Opensearch and Dashboard version is 3.0.0. Opensearch-controller is 2.7.0
Describe the issue: Opensearch-security POD definition does not support any option to specify a node pool (nodeSelector, nodeAffinity or taints/tolerations). In my values-files I can indicate to the manager, nodes, bootstrap and dashboard PODs the nodepool I want to deploy to, but it seems this options is not available for the opsearch-security POD.
I ran kubectl explain and cannot find it anywhere under opensearchcluster.spec.security.
Is there a way to actually do it at deployment time ?
I’ve been following the user guide for my deployment.
However this would need to be used with opensearch-operator-3.0.0 or later (or build from source), as the current image (alpha) doesnt seem to be updated to action this configuration.
Hi @Anthony is version 3.0.0 for operator-controller fully functional ?
I tested a couple weeks ago but it never reached the running state and I also noticed that the kube-rbac-proxy container was no longer available (compared to the 2.7.0).
@GTGabaaron The removal of kube-rbac-proxy is expected and not a bug, this was part of this PR. The kube-rbac-proxy sidecar used to sit in front of the metrics endpoint as an RBAC proxy. It has been replaced by controller-runtime’s native WithAuthenticationAndAuthorization filter.
Whether 3.0.0 is production-ready is a separate question. It is currently published as 3.0.0-alpha on Docker Hub, which suggests the project itself does not yet consider it a stable release. But it is working for me while testing locally. What issues exactly are you having? Are you able to share your yaml file, feel free to redact any sensitive information.
Hi @Anthony I’m currently running on operator 2.7.0 but I’ll try to create a separate deployment during the weekend using the 3.0.0 and share the error messages with you.
