Opensearch는 Elastic Search가 기업화를 꾀하는데에 대한 반발로 나온 오픈소스이다!
https://aws.amazon.com/ko/blogs/opensource/introducing-opensearch/
https://aws.amazon.com/ko/what-is/opensearch/
https://opensearch.org/docs
opensearch는 기존 ES (Elastic Search)를 대체해서 등장했기에 다양한 스택과 조합이 가능.
Opensearch를 시작할때 필수로 해야하는 부분이 클러스터 생성이다.
Operator를 활용해 CRD로 리소스를 새롭게 정의해 사용한다.
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: opensearch-master
labels:
app: opensearch
role: master
spec:
replicas: 1
serviceName: opensearch-master
selector:
matchLabels:
app: opensearch
role: master
template:
metadata:
labels:
app: opensearch
role: master
spec:
initContainers:
- name: init-sysctl
image: busybox:latest
command:
- sysctl
- -w
- vm.max_map_count=262144
securityContext:
privileged: true
containers:
- name: opensearch-master
image: opensearchproject/opensearch:1.0.0
imagePullPolicy: IfNotPresent
env:
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ES_JAVA_OPTS
value: -Xms512m -Xmx512m
- name: node.data
value: "false"
- name: node.master
value: "true"
ports:
- containerPort: 9300
name: transport
- containerPort: 9200
name: http
volumeMounts:
- name: opensearch-data
mountPath: /usr/share/opensearch/data
- name: config
mountPath: /usr/share/opensearch/config/opensearch.yml
subPath: opensearch.yml
- name: ca-cert
mountPath: /usr/share/opensearch/config/certificates/ca
readOnly: true
- name: opensearch-cert
mountPath: /usr/share/opensearch/config/certificates/opensearch
readOnly: true
volumes:
- name: config
configMap:
name: opensearch-config
- name: ca-cert
secret:
secretName: ca-cert
- name: opensearch-cert
secret:
secretName: opensearch-cert
volumeClaimTemplates:
- metadata:
name: opensearch-data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1Gi
https://opensearch.org/docs/latest/security-plugin/audit-logs/index/
plugins.security.audit.type: internal_opensearch
Sharding