feat(opensearch): add dashboard ingresses

opensearch/README.md

@@ -63,6 +63,7 @@ This guide provides a quick and straightforward way to use **OpenSearch** as a G
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | additionalRuleLabels | object | `{}` | Additional labels for PrometheusRule alerts |
+| certManager.dashboardsDnsNames | list | `["opensearch-dashboards.tld"]` | Override DNS names for OpenSearch Dashboards endpoints (used for dashboards ingress certificate) |
 | certManager.defaults.durations.ca | string | `"8760h"` | Validity period for CA certificates (1 year) |
 | certManager.defaults.durations.leaf | string | `"4800h"` | Validity period for leaf certificates (200 days to comply with CA/B Forum baseline requirements) |
 | certManager.defaults.privateKey.algorithm | string | `"RSA"` | Algorithm used for generating private keys |
@@ -248,6 +249,7 @@ This guide provides a quick and straightforward way to use **OpenSearch** as a G
 | operator.tolerations | list | `[]` |  |
 | operator.useRoleBindings | bool | `false` |  |
 | siem.actionGroups | list | `[]` | List of OpensearchActionGroup for SIEM cluster. Check values.yaml file for examples. |
+| siem.certManager.dashboardsDnsNames | list | `["opensearch-siem-dashboards.tld"]` | Override DNS names for SIEM OpenSearch Dashboards endpoints (used for dashboards ingress certificate) |
 | siem.certManager.httpDnsNames | list | `["opensearch-siem-client.tld"]` | Override HTTP DNS names for SIEM OpenSearch client endpoints |
 | siem.cluster.annotations | object | `{}` | OpenSearchCluster annotations |
 | siem.cluster.bootstrap.additionalConfig | object | `{}` | bootstrap additional configuration, key-value pairs that will be added to the opensearch.yml configuration |

opensearch/chart/Chart.yaml

@@ -3,7 +3,7 @@
 
 apiVersion: v2
 name: opensearch
-version: 0.0.46
+version: 0.0.47
 description: A Helm chart for the OpenSearch operator
 type: application
 maintainers:

opensearch/chart/ci/test-values.yaml

@@ -4,6 +4,8 @@
 certManager:
   httpDnsNames:
     - opensearch-logs-client.local
+  dashboardsDnsNames:
+    - logs.local
   issuer:
     digicert:
       name: opensearch-ca-issuer  # Internal CA instead of Digicert for testing
@@ -55,6 +57,19 @@ cluster:
               - opensearch-logs-client.local
             secretName: opensearch-http-cert-external
 
+      dashboards:
+        enabled: true
+        className: nginx
+        hosts:
+          - host: logs.local
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - logs.local
+            secretName: opensearch-http-cert
+
     nodePools:
       - component: main
         diskSize: "2Gi"
@@ -98,6 +113,8 @@ siem:
   certManager:
     httpDnsNames:
       - opensearch-siem-client.local
+    dashboardsDnsNames:
+      - siem.local
   usersCredentials:
     siemadmin:
       username: "siemadmin"
@@ -151,6 +168,19 @@ siem:
               - opensearch-siem-client.local
             secretName: opensearch-siem-http-cert-external
 
+      dashboards:
+        enabled: true
+        className: nginx
+        hosts:
+          - host: siem.local
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - siem.local
+            secretName: opensearch-siem-http-cert
+
     nodePools:
       - component: main
         diskSize: "5Gi"

opensearch/chart/templates/certificates.yaml

@@ -103,4 +103,26 @@ spec:
   usages:
 {{ toYaml .Values.certManager.defaults.usages | indent 4 }}
 {{- end }}
+
+{{- if .Values.cluster.cluster.ingress.dashboards.enabled }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: opensearch-dashboards-cert-external
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "opensearch.labels" . | nindent 4 }}
+spec:
+  duration: {{ .Values.certManager.defaults.durations.leaf }}
+  issuerRef:
+{{ toYaml .Values.certManager.issuer.digicert | indent 4 }}
+  privateKey:
+{{ toYaml .Values.certManager.defaults.privateKey | indent 4 }}
+  secretName: opensearch-dashboards-cert-external
+  dnsNames:
+{{ toYaml .Values.certManager.dashboardsDnsNames | indent 4 }}
+  usages:
+{{ toYaml .Values.certManager.defaults.usages | indent 4 }}
+{{- end }}
 {{- end }}

opensearch/chart/templates/siem-certificates.yaml

@@ -106,4 +106,26 @@ spec:
   usages:
 {{ toYaml .Values.certManager.defaults.usages | indent 4 }}
 {{- end }}
+
+{{- if .Values.siem.cluster.ingress.dashboards.enabled }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: opensearch-siem-dashboards-cert-external
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "opensearch.labels" . | nindent 4 }}
+spec:
+  duration: {{ .Values.certManager.defaults.durations.leaf }}
+  issuerRef:
+{{ toYaml .Values.certManager.issuer.digicert | indent 4 }}
+  privateKey:
+{{ toYaml .Values.certManager.defaults.privateKey | indent 4 }}
+  secretName: opensearch-siem-dashboards-cert-external
+  dnsNames:
+{{ toYaml .Values.siem.certManager.dashboardsDnsNames | indent 4 }}
+  usages:
+{{ toYaml .Values.certManager.defaults.usages | indent 4 }}
+{{- end }}
 {{- end }}

opensearch/chart/values.yaml

@@ -43,6 +43,10 @@ certManager:
   httpDnsNames:
     - opensearch-client.tld
 
+  # -- Override DNS names for OpenSearch Dashboards endpoints (used for dashboards ingress certificate)
+  dashboardsDnsNames:
+    - opensearch-dashboards.tld
+
 operator:
   namespace: ""
   nameOverride: ""
@@ -812,6 +816,10 @@ siem:
     httpDnsNames:
       - opensearch-siem-client.tld
 
+    # -- Override DNS names for SIEM OpenSearch Dashboards endpoints (used for dashboards ingress certificate)
+    dashboardsDnsNames:
+      - opensearch-siem-dashboards.tld
+
   serviceAccount:
     # -- Create Service Account
     create: false

opensearch/plugindefinition.yaml

@@ -6,14 +6,14 @@ kind: PluginDefinition
 metadata:
   name: opensearch
 spec:
-  version: 0.0.46
+  version: 0.0.47
   displayName: OpenSearch
   description: Creates and manages an OpenSearch environment with automated deployment, provisioning, and orchestration of clusters and dashboards using the OpenSearch Operator.
   icon: 'https://raw.githubusercontent.com/cloudoperators/greenhouse-extensions/main/opensearch/logo.png'
   helmChart:
     name: opensearch
     repository: oci://ghcr.io/cloudoperators/greenhouse-extensions/charts
-    version: 0.0.46
+    version: 0.0.47
   options:
     - name: cluster.cluster.general.monitoring.pluginUrl
       description: "Defines a custom URL for the monitoring plugin. Leave blank to use the default monitoring configuration."