add future playground

Signed-off-by: Tao Liu <liutaoaz@amazon.com>

.github/workflows/trigger-future-deploymnet.yml

@@ -0,0 +1,107 @@
+name: OpenSearch and OpenSearch Dashboards Deployment Template
+
+on:
+  push:
+    branches: [ ec2-runner ]
+  workflow_dispatch:
+    inputs:
+      deploy-fresh:
+        required: false
+        type: boolean
+        description: 'Fresh Deploy OpenSearch and OpenSearch Dashboards'
+        default: false
+      deploy-upgrade:
+        required: false
+        type: boolean
+        description: 'Upgrade OpenSearch and OpenSearch Dashboards'
+        default: true
+      osd-image-tag:
+        required: true
+        type: string
+        description: 'Image tag for OpenSearch Dashboards'
+        default: '3.0.0-8219474312'
+      osd-image-repo:
+        required: true
+        type: string
+        description: 'Image repo for OpenSearch Dashboards'
+        default: 'public.ecr.aws/y0r0d3v8/actionrunner'
+      os-image-tag:
+        required: false
+        type: string
+        description: 'Image tag for OpenSearch'
+        default: '3.0.0'
+      os-image-repo:
+        required: false
+        type: string
+        description: 'Image repo for OpenSearch'
+        default: 'opensearchstaging/opensearch'
+
+jobs:
+
+  Future-OS-OSD-Deployment:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Replace Tokens for opensearch-dashboards.yml
+        uses: cschleiden/replace-tokens@v1
+        with:
+          files: '["${{ github.workspace }}/config/playground/helm/future/helm-opensearch-dashboards.yaml"]'
+          tokenPrefix: '${'
+          tokenSuffix: '}'
+        env:
+          OPENID_CLIENT_ID: ${{ secrets.OPENID_CLIENT_ID_FUTURE }}
+          OPENID_CLIENT_SECRET: ${{ secrets.OPENID_CLIENT_SECRET_FUTURE }}
+          OPENID_BASE_REDIRECT_URL: ${{ secrets.OPENID_BASE_REDIRECT_URL_FUTURE }}
+          OPENID_LOGOUT_URL: ${{ secrets.OPENID_LOGOUT_URL_FUTURE }}
+          GA_TRACKING_ID: ${{ secrets.GA_TRACKING_ID_FUTURE }}
+          CERTIFICATE_ARN: ${{ secrets.CERTIFICATE_ARN_FUTURE }}
+          KIBANASERVER: ${{ secrets.KIBANASERVER }}
+          OSD-IMAGE-TAG: ${{ inputs.osd-image-tag }}
+          OSD-IMAGE-REPO: ${{ inputs.osd-image-repo }}
+
+      - name: Replace Token in opensearch.yml
+        uses: cschleiden/replace-tokens@v1
+        with:
+          files: '["${{ github.workspace }}/config/playground/helm/future/helm-opensearch.yaml"]'
+          tokenPrefix: '${'
+          tokenSuffix: '}'
+        env:
+          ESNODE_CERT: ${{ secrets.esnode_cert }}
+          ESNODE_KEY_CERT: ${{ secrets.esnode_key_cert }}
+          ROOT_CA_CERT: ${{ secrets.root_ca_cert }}
+          OS-IMAGE-TAG: ${{ inputs.os-image-tag }}
+          OS-IMAGE-REPO: ${{ inputs.os-image-repo }}
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_PINK }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PINK }}
+          aws-region: ${{ secrets.AWS_REGION_PINK }}
+
+      - name: Fresh Deploy OpenSearch and OpenSearch Dashboards By Helm Chart
+        if: ${{ inputs.deploy-fresh }}
+        uses: elastic-analytics/dashboards-action@main
+        env:
+          KUBE_CONFIG_DATA: ${{ secrets.AWS_ACCESS_KEY_ID_PINK }}
+        with:
+          plugins: "" # optional, list of Helm plugins. eg. helm-secrets or helm-diff.
+          # Teardown the current OS and OSD and then install the lastest version
+          # of OS and OSD as it only takes 23 seconds for the process, will add
+          # blue/green deployment later.
+          command: |
+            kubectl get nodes
+
+      - name: Upgrade Deploy OpenSearch/OpenSearch Dashboards/ML By Helm Chart
+        if: ${{ inputs.deploy-upgrade }}
+        uses: elastic-analytics/dashboards-action@main
+        env:
+          KUBE_CONFIG_DATA: ${{ secrets.AWS_ACCESS_KEY_ID_PINK }}
+        with:
+          plugins: "" # optional, list of Helm plugins. eg. helm-secrets or helm-diff.
+          # Teardown the current OS and OSD and then install the lastest version
+          # of OS and OSD as it only takes 23 seconds for the process, will add
+          # blue/green deployment later.
+          command: |
+            kubectl get nodes
+

config/playground/helm/future/helm-opensearch-dashboards.yaml

@@ -0,0 +1,246 @@
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+
+# Default values for opensearch-dashboards.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+opensearchHosts: "https://opensearch-cluster-leader:9200"
+replicaCount: 2
+
+image:
+  repository: ${OSD_IMAGE_REPOSITORY}
+  # override image tag, which is .Chart.AppVersion by default
+  tag: ${OSD_IMAGE_TAG}
+  pullPolicy: "Always"
+
+startupProbe:
+  tcpSocket:
+    port: 5601
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 20
+  successThreshold: 1
+  initialDelaySeconds: 10
+
+livenessProbe:
+  tcpSocket:
+    port: 5601
+  periodSeconds: 20
+  timeoutSeconds: 5
+  failureThreshold: 10
+  successThreshold: 1
+  initialDelaySeconds: 10
+
+readinessProbe:
+  tcpSocket:
+    port: 5601
+  periodSeconds: 20
+  timeoutSeconds: 5
+  failureThreshold: 10
+  successThreshold: 1
+  initialDelaySeconds: 10
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+rbac:
+  create: true
+
+# A list of secrets and their paths to mount inside the pod
+# This is useful for mounting certificates for security and for mounting
+# the X-Pack license
+secretMounts: []
+
+podAnnotations: {}
+
+extraEnvs: []
+
+envFrom: []
+
+extraVolumes: []
+
+extraVolumeMounts: []
+
+extraInitContainers: ""
+
+extraContainers: ""
+
+podSecurityContext: {}
+
+securityContext:
+  capabilities:
+    drop:
+      - ALL
+  # readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+
+config:
+  # Default OpenSearch Dashboards configuration from docker image of Dashboards
+  opensearch_dashboards.yml:
+    opensearch.hosts: [https://localhost:9200]
+    opensearch.ssl.verificationMode: none
+    opensearch.username: kibanaserver
+    opensearch.password: ${KIBANASERVER}
+    opensearch.requestHeadersWhitelist: [authorization, securitytenant]
+    opensearch_security.auth.anonymous_auth_enabled: true
+    opensearch_security.multitenancy.enabled: true
+    opensearch_security.multitenancy.tenants.enable_global: true
+    opensearch_security.multitenancy.tenants.enable_private: true
+    opensearch_security.multitenancy.tenants.preferred: [Global, Private]
+    opensearch_security.readonly_mode.roles: [kibana_read_only]
+    # Use this setting if you are running opensearch-dashboards without https
+    opensearch_security.cookie.secure: false
+    server.host: '0.0.0.0'
+    # Use the consolidated menu and global header bar
+    opensearchDashboards.branding.useExpandedHeader: false
+    # Enable multiple datasource
+    data_source.enabled: true
+    data_source.endpointDeniedIPs: [
+      '127.0.0.0/8',
+      '::1/128',
+      '169.254.0.0/16',
+      'fe80::/10',
+      '10.0.0.0/8',
+      '172.16.0.0/12',
+      '192.168.0.0/16',
+      'fc00::/7',
+      '0.0.0.0/8',
+      '100.64.0.0/10',
+      '192.0.0.0/24',
+      '192.0.2.0/24',
+      '198.18.0.0/15',
+      '192.88.99.0/24',
+      '198.51.100.0/24',
+      '203.0.113.0/24',
+      '224.0.0.0/4',
+      '240.0.0.0/4',
+      '255.255.255.255/32',
+      '::/128',
+      '2001:db8::/32',
+      'ff00::/8',
+    ]
+    # Enable ml_commons_dashboards
+    # ml_commons_dashboards.enabled: true
+    # Content security policy(csp) settings
+    csp.rules: [ "connect-src 'self' www.google-analytics.com vectors.maps.opensearch.org tiles.maps.opensearch.org maps.opensearch.org;" ]
+    csp.warnLegacyBrowsers: false
+    google_analytics_plugin.trackingID: ${GA_TRACKING_ID}
+
+    # security plugin for openid
+    opensearch_security.auth.type: ['Basicauth','openid']
+    opensearch_security.auth.multiple_auth_enabled: true
+    opensearch_security.ui.openid.login.buttonname: "Log in with Google account"
+    opensearch_security.ui.openid.login.brandimage: "https://opensearch.org/assets/brand/PNG/Mark/opensearch_mark_default.png"
+    opensearch_security.ui.openid.login.showbrandimage: true
+    opensearch_security.openid.base_redirect_url: ${OPENID_REDIRECT_URL}
+    opensearch_security.openid.scope: 'openid profile email'
+    opensearch_security.openid.verify_hostnames: false
+    opensearch_security.openid.refresh_tokens: false
+
+    opensearch_security.openid.connect_url: "https://accounts.google.com/.well-known/openid-configuration"
+    opensearch_security.openid.client_id: ${OPENID_CLIENT_ID}
+    opensearch_security.openid.client_secret: ${OPENID_CLIENT_SECRET}
+    opensearch_security.openid.logout_url: ${OPENID_LOGOUT_URL}
+
+    uiSettings:
+      overrides:
+        "theme:next": true
+        "theme:darkMode": false
+
+priorityClassName: ""
+
+opensearchAccount:
+  secret: ""
+  keyPassphrase:
+    enabled: false
+
+labels: {}
+
+hostAliases: []
+
+serverHost: "0.0.0.0"
+
+service:
+  type: NodePort
+  # The IP family and IP families options are to set the behaviour in a dual-stack environment
+  # Omitting these values will let the service fall back to whatever the CNI dictates the defaults
+  # should be
+  #
+  # ipFamilyPolicy: SingleStack
+  # ipFamilies:
+  # - IPv4
+  port: 5601
+  #targetPort: 5601
+  loadBalancerIP: ""
+  nodePort: ""
+  labels: {}
+  annotations: {}
+  loadBalancerSourceRanges: []
+  # 0.0.0.0/0
+  httpPortName: http
+
+ingress:
+  enabled: true
+  ingressClassName: alb
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/certificate-arn: ${CERTIFICATE_ARN}
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
+  labels: {}
+  hosts:
+    - host: future.playground.opensearch.org
+      paths:
+        - path: /
+          backend: 
+              service:
+                name: "dashboards-opensearch-dashboards"
+                port:
+                  number: 5601
+  tls: []
+
+resources:
+  requests:
+    cpu: "1"
+    memory: "8G"
+  limits:
+    cpu: "3"
+    memory: "24G"
+
+autoscaling:
+  # This requires metrics server to be installed, to install use kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
+  # See https://github.com/kubernetes-sigs/metrics-server
+  enabled: false
+  minReplicas: 2
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 80
+
+updateStrategy:
+  type: "Recreate"
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+# -- Array of extra K8s manifests to deploy
+extraObjects: []
+
+# specify the external plugins to install
+plugins:
+  enabled: true
+  installList: ["https://github.com/BionIT/google-analytics-plugin/releases/download/3.0.0/googleAnalytics-3.0.0.zip"]