Link Search Menu Expand Document Documentation Menu
Documentation

Operator configuration

You can configure general options for the operator itself using Helm values you provide during installation: helm install opensearch-operator opensearch-operator/opensearch-operator -f values.yaml.

For a list of all supported values, see the default chart values.yaml. The following are some important configuration options:

manager:
  # Log level of the operator. Possible values: debug, info, warn, error
  loglevel: info

  # If specified, the operator will be restricted to watch objects only in the desired namespace. The default is to watch all namespaces.
  # To watch multiple namespaces, either separate their names using commas or define them as a list.
  # Examples:
  # watchNamespaces: 'ns1,ns2'
  # watchNamespace: [ns1, ns2]
  watchNamespace:

  # Configure extra environment variables for the operator. You can also pull them from secrets or ConfigMaps.
  extraEnv: []
  #  - name: MY_ENV
  #    value: somevalue

The operator uses admission controller webhooks to validate OpenSearch Custom Resource Definitions (CRDs).

pprof endpoints

To diagnose memory issues, you can enable the standard Go pprof endpoints by adding the following to your values.yaml:

manager:
  pprofEndpointsEnabled: true

For security reasons, the endpoints are only exposed on localhost inside the pod. To access them, use port-forwarding:

kubectl port-forward deployment/opensearch-operator-controller-manager 6060

Then use the Go pprof tool from another terminal:

go tool pprof http://localhost:6060/debug/pprof/heap

Custom operator communication URL

You can configure the operator to use a custom URL when communicating with OpenSearch by setting the operatorClusterURL field:

spec:
  general:
    serviceName: my-cluster
    version: "3.0.0"
    httpPort: 9200
    vendor: "opensearch"
    operatorClusterURL: "opensearch.example.com"  # Optional: custom FQDN for operator communication

Use this configuration when you have external certificates (for example, from cert-manager) valid for a specific FQDN. The operator uses this custom URL instead of the default internal Kubernetes DNS name, allowing you to use the same certificate for both external access and operator communication.

350 characters left

Have a question? .

Want to contribute? or .