OpenSearch Storage Examples¶
OpenSearch/Elasticsearch backend for flexible search and analytics capabilities.
Simple OpenSearch Setup¶
Basic configuration for development environments.
opensearch-simple-values.yaml
# Default values for jaeger.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
jaeger:
storage:
type: elasticsearch
# cassandraSchemaJob is ignored if jaeger.storage.type is set to elasticsearch.
elasticsearch:
client:
username: ...replace by username...
password: ...replace by password...
scheme: https
url: opensearch.opensearch.svc:9200
indexCleaner:
install: true
collector:
install: true
query:
install: true
ingress:
install: true
host: query.<cloud_dns_name>
# This section is optional and allow to deploy a test service to generate some traces
# Useful if you want to verify how Jaeger receive, store and show traces
hotrod:
install: true
ingress:
install: true
host: hotrod.<cloud_dns_name>
Key parameters:
- elasticsearch.client.url - OpenSearch endpoint
- indexCleaner.install: true - Enables automatic index cleanup
- scheme: https - Secure connection
OpenSearch with TLS¶
Secure connection with custom certificates.
opensearch-tls-with-certificates-values.yaml
# Default values for jaeger.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
jaeger:
storage:
type: elasticsearch
elasticsearch:
client:
username: admin
password: admin
scheme: https
url: opensearch.opensearch.svc:9200
tls:
enabled: true
ca: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
cert: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
key: |-
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
rollover:
install: true
schedule: "*/10 * * * *"
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 256m
memory: 128Mi
collector:
install: true
query:
install: true
ingress:
install: true
host: query.<cloud_dns_name>
Key parameters:
- tls.enabled: true - Enables TLS verification
- skipHostVerify: false - Strict certificate validation
- tls.secretName - Kubernetes secret with certificates
OpenSearch with Rollover¶
Automatic index management for large deployments.
opensearch-rollover-values.yaml
# Default values for jaeger.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
jaeger:
storage:
type: "elasticsearch"
# cassandraSchemaJob is ignored if jaeger.storage.type is set to elasticsearch.
elasticsearch:
client:
username: admin
password: admin
scheme: https
url: elasticsearch.elasticsearch.svc:9200
rollover:
install: true
initHook:
ttlSecondsAfterFinished: 120
schedule: "10 0 * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 256m
memory: 128Mi
lookback:
install: true
schedule: "5 0 * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 256m
memory: 128Mi
collector:
install: true
query:
install: true
route:
install: true
host: query.<cloud_dns_name>
# This section is optional and allow to deploy a test service to generate some traces
# Useful if you want to verify how Jaeger receive, store and show traces
hotrod:
install: true
ingress:
install: true
host: hotrod.<cloud_dns_name>
Key parameters:
- indexCleaner.numberOfDays: 7 - Retain 7 days of data
- rollover.conditions.maxAge: "1d" - Daily index rotation
- rollover.conditions.maxSize: "10gb" - Size-based rotation
OpenSearch Single Node¶
Minimal setup for testing.
opensearch-one-node-values.yaml
# Default values for jaeger.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
jaeger:
storage:
type: "elasticsearch"
# cassandraSchemaJob is ignored if jaeger.storage.type is set to elasticsearch.
elasticsearch:
client:
username: admin
password: admin
scheme: https
url: elasticsearch.elasticsearch.svc:9200
rollover:
install: true
schedule: "10 0 * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
# These parameters specify how the initial rollout job will create indices
initHook:
extraEnv:
# Specify 0 replicas and 5 shards
- name: REPLICAS
value: "0"
- name: SHARDS
value: "5"
collector:
install: true
extraEnv:
# Specify 0 replicas
- name: ES_NUM_REPLICAS
value: "0"
query:
install: true
extraEnv:
# Specify 0 replicas
- name: ES_NUM_REPLICAS
value: "0"
ingress:
install: true
host: query.<cloud_dns_name>
# This section is optional and allow to deploy a test service to generate some traces
# Useful if you want to verify how Jaeger receive, store and show traces
hotrod:
install: true
ingress:
install: true
host: hotrod.<cloud_dns_name>
Key parameters:
- scheme: http - Non-secure connection for testing
- indexCleaner.install: false - Disabled for testing
- Minimal resource allocation
OpenSearch with Insecure TLS¶
TLS with certificate verification disabled.
opensearch-tls-with-insecure-skip-verify-values.yaml
# Default values for jaeger.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
jaeger:
storage:
type: elasticsearch
elasticsearch:
client:
username: admin
password: admin
scheme: https
url: opensearch.opensearch.svc:9200
tls:
enabled: true
insecureSkipVerify: true
rollover:
install: true
schedule: "*/10 * * * *"
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 256m
memory: 128Mi
collector:
install: true
query:
install: true
ingress:
install: true
host: query.<cloud_dns_name>
Key parameters:
- tls.enabled: true - Enables TLS
- skipHostVerify: true - Disables certificate validation
- Useful for self-signed certificates
OpenSearch with Predefined Secret¶
Use existing Kubernetes secret for TLS certificates.
opensearch-tls-with-predefined-secret-values.yaml
# Default values for jaeger.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
jaeger:
storage:
type: elasticsearch
elasticsearch:
client:
username: admin
password: admin
scheme: https
url: opensearch.opensearch.svc:9200
tls:
enabled: true
existingSecret: test-opensearch-secret
rollover:
install: true
schedule: "*/10 * * * *"
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 256m
memory: 128Mi
collector:
install: true
query:
install: true
ingress:
install: true
host: query.<cloud_dns_name>
Key parameters:
- tls.secretName - Existing Kubernetes secret
- Pre-configured TLS certificates
- External certificate management
OpenSearch Custom Security Context¶
Configure security context for OpenSearch pods.
opensearch-custom-secuirty-context.yaml
# Default values for jaeger.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
jaeger:
storage:
type: "elasticsearch"
# cassandraSchemaJob is ignored if jaeger.storage.type is set to elasticsearch.
elasticsearch:
client:
username: admin
password: admin
scheme: https
url: elasticsearch.elasticsearch.svc:9200
rollover:
install: true
schedule: "10 0 * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
securityContext:
runAsUser: 2000
fsGroup: 2000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
collector:
install: true
securityContext:
runAsUser: 2000
fsGroup: 2000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
query:
install: true
securityContext:
runAsUser: 2000
fsGroup: 2000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ingress:
install: true
host: query.<cloud_dns_name>
# This section is optional and allow to deploy a test service to generate some traces
# Useful if you want to verify how Jaeger receive, store and show traces
hotrod:
install: true
securityContext:
runAsUser: 2000
fsGroup: 2000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ingress:
install: true
host: hotrod.<cloud_dns_name>
Key parameters:
- securityContext - Pod security settings
- runAsUser - User ID for container execution
- fsGroup - File system group ownership
Usage¶
- Update OpenSearch connection details
- Configure authentication credentials
- Deploy with Helm: