renaming dashboards index

Author: lunkan93

helmfile.d/charts/opensearch/curator/templates/configmap.yaml

@@ -27,7 +27,7 @@ data:
           timestring: '%Y.%m.%d'
         - filtertype: pattern
           kind: regex
-          value: '^\.opensearch_dashboards.*$'
+          value: '^\opensearch_dashboards.*$'
           exclude: True
       {{- $c = add1 $c }}
       {{ $c }}:
@@ -49,7 +49,7 @@ data:
           unit_count: {{ $v.ageDays }}
         - filtertype: pattern
           kind: regex
-          value: '^\.opensearch_dashboards.*$'
+          value: '^\opensearch_dashboards.*$'
           exclude: True
     {{- $c = add1 $c }}
     {{- end }}

helmfile.d/values/opensearch/configurer.yaml.gotmpl

@@ -93,8 +93,9 @@ config:
         index_permissions:
         {{- if .Values.opensearch.indexPerNamespace }}
         - index_patterns:
-          # Only allow indices not starting with ".", except ".orphaned-"
+          # Only allow indices not starting with ".", except ".orphaned-" and that do not contain opensearch_dashboards
           - '/^[^.].*/'
+          - '/^(?!.*opensearch_dashboards).*$/'
           - ".orphaned-*"
           allowed_actions:
           - "indices:admin/create"
@@ -120,11 +121,14 @@ config:
           - "indices_monitor"
         - index_patterns:
           - '/^[^.].*/'
+          - '/^(?!.*opensearch_dashboards).*$/'
           - ".orphaned-*"
           allowed_actions:
           - "indices:admin/delete"
     - role_name: kubernetes_log_reader
       definition:
+        cluster_permissions:
+        - "cluster:admin/opensearch/ql/datasources/read"
         index_permissions:
         - index_patterns:
           {{- if .Values.opensearch.indexPerNamespace }}

helmfile.d/values/opensearch/dashboards.yaml.gotmpl

@@ -13,7 +13,7 @@ config:
         - securitytenant
 
     opensearchDashboards:
-      index: .opensearch_dashboards
+      index: opensearch_dashboards
 
     opensearch_security:
       {{ if .Values.opensearch.sso.enabled }}

helmfile.d/values/opensearch/securityadmin.yaml.gotmpl

@@ -59,6 +59,7 @@ securityConfig:
       reserved: true
       opendistro_security_roles:
       - "kibana_server"
+      - "dashboards"
       description: "OpenSearch Dashboards user"
 
     configurer:
@@ -127,6 +128,34 @@ securityConfig:
         - "indices:admin/opensearch/ism/managedindex"
         - "indices:admin/rollover"
         - "indices:monitor/stats"
+    dashboards:
+      static: false
+      hidden: false
+      reserved: false
+      index_permissions:
+      - index_patterns:
+        - "*opensearch_dashboards*"
+        allowed_actions:
+        - "indices_all"
+    dashboards_user:
+      static: false
+      hidden: false
+      reserved: false
+      index_permissions:
+      - index_patterns:
+        - "*opensearch_dashboards*"
+        allowed_actions:
+        - "read"
+        - "delete"
+        - "manage"
+        - "index"
+      - index_patterns:
+        - ".tasks"
+        - ".management-beats"
+        - "*:.tasks"
+        - "*:.management-beats"
+        allowed_actions:
+        - "indices_all"
 
   # Needed
   roles_mapping.yml: |-

migration/v0.43/README.md

@@ -137,7 +137,7 @@ As with all scripts in this repository `CK8S_CONFIG_PATH` is expected to be set.
 1. Upgrade Opensearch:
 
     ```bash
-    ./migration/v0.43/apply/10-upgrade-opensearch.sh execute
+    ./migration/v0.43/apply/20-upgrade-opensearch.sh execute
     ```
 
 1. Upgrade applications: