chore: ElasticSearch | master and data can be on the same node

2026-02-17 17:13:22 +05:00
parent 3033af3b36
commit b2f1d105de
1 changed files with 12 additions and 48 deletions
--- a/elasticsearch/cluster.yaml
+++ b/elasticsearch/cluster.yaml
@@ -1,13 +1,13 @@
---
-apiVersion: onepassword.com/v1
-kind: OnePasswordItem
-metadata:
-  name: kibana-authentik
-  namespace: elastic-system
-  annotations:
-    operator.1password.io/auto-restart: "true"
-spec:
-  itemPath: "vaults/Lab/items/kibana-authentik"
+# ---
+# apiVersion: onepassword.com/v1
+# kind: OnePasswordItem
+# metadata:
+#   name: kibana-authentik
+#   namespace: elastic-system
+#   annotations:
+#     operator.1password.io/auto-restart: "true"
+# spec:
+#   itemPath: "vaults/Lab/items/kibana-authentik"
 ---
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
@@ -26,7 +26,7 @@ spec:
    - key: client-secret
      path: "xpack.security.authc.realms.oidc.authentik.rp.client_secret"
  nodeSets:
-  - name: master
+  - name: node
    count: 3
    podTemplate:
      spec:
@@ -46,43 +46,7 @@ spec:
            storage: 10Gi
        storageClassName: longhorn
    config:
-      node.roles: ["master"]
-      xpack.security.authc.token.enabled: true
-      xpack.security.authc.realms.oidc.authentik:
-        order: 2
-        rp.client_id: "atlY82FGIBYvUg87cnENzks5ft1AUUtIfQsXSDog"
-        rp.response_type: code
-        rp.redirect_uri: "https://kibana.dogar.dev/api/security/oidc/callback"
-        op.issuer: "https://auth.dogar.dev/application/o/kibana/"
-        op.authorization_endpoint: "https://auth.dogar.dev/application/o/authorize/"
-        op.token_endpoint: "https://auth.dogar.dev/application/o/token/"
-        op.jwkset_path: "https://auth.dogar.dev/application/o/kibana/jwks/"
-        op.userinfo_endpoint: "https://auth.dogar.dev/application/o/userinfo/"
-        op.endsession_endpoint: "https://auth.dogar.dev/application/o/kibana/end-session/"
-        rp.post_logout_redirect_uri: "https://kibana.dogar.dev/security/logged_out"
-        claims.principal: sub
-        claims.groups: groups
-  - name: data
-    count: 3
-    podTemplate:
-      spec:
-        containers:
-        - name: elasticsearch
-          resources:
-            limits:
-              memory: 8Gi
-    volumeClaimTemplates:
-    - metadata:
-        name: elasticsearch-data
-      spec:
-        accessModes:
-        - ReadWriteOnce
-        resources:
-          requests:
-            storage: 50Gi
-        storageClassName: longhorn
-    config:
-      node.roles: ["data"]
+      node.roles: ["master", "data"]
      xpack.security.authc.token.enabled: true
      xpack.security.authc.realms.oidc.authentik:
        order: 2