Page MenuHomePhabricator
Create Task
Maniphest T399335

OpenSearch on K8s: build a new OpenSearch 2 Docker image
Closed, ResolvedPublic
Actions

Description

I created a proof-of-concept OpenSearch 2 image in T373034. The time has come to create a working production image for the OpenSearch on K8s project ( T362105 ).

AC:

  • Image is running OpenSearch 2
  • Image uses Debian's java packages instead of OpenSearch's bundled java
  • Image is compatible with the upstream OpenSearch helm chart and operator

Potential sources of inspiration:

Details

Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
Add curl, java security policyrepos/data-engineering/opensearch!6bkingcurlmain
Use the docker entrypoint script from Amazon's build repo; clean uprepos/data-engineering/opensearch!5bkingentrypointmain
use openjdk-17-jre as base imagerepos/data-engineering/opensearch!4bkinguse-openjdk-imgmain
blubber.yaml: changes to mimic upstream opensearch imagerepos/data-engineering/opensearch!3bkingmimic-upstreammain
Test CI...againrepos/data-engineering/opensearch!2bkingci_testmain
README cleanup, trigger CIrepos/data-engineering/opensearch!1bkingdeb_javamain
Customize query in GitLab

Related Objects
Search...

Event Timeline

bking created this task.Jul 11 2025, 6:53 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 11 2025, 6:53 PM
bking moved this task from Backlog - project to In Progress on the Data-Platform-SRE (2025.07.05 - 2025.07.25) board.Jul 11 2025, 6:53 PM
bking updated the task description. (Show Details)Jul 11 2025, 7:06 PM
bking updated the task description. (Show Details)Jul 14 2025, 10:00 PM

I've updated our OpenSearch docker image repo with a working image. There's still a bit left to do (see checkboxes above), but we're making progress.

bking changed the task status from Open to In Progress.Jul 15 2025, 2:54 PM
bking triaged this task as High priority.
bking updated the task description. (Show Details)Jul 15 2025, 3:35 PM
bking updated the task description. (Show Details)Jul 15 2025, 3:57 PM
bking updated the task description. (Show Details)Jul 15 2025, 3:59 PM
CodeReviewBot added a project: Patch-For-Review.Jul 15 2025, 4:02 PM

bking opened https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/1

README cleanup, trigger CI

CodeReviewBot added a comment.Jul 15 2025, 4:05 PM

bking merged https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/1

README cleanup, trigger CI

CodeReviewBot added a comment.Jul 15 2025, 4:27 PM

bking opened https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/2

Test CI...again

CodeReviewBot added a comment.Jul 15 2025, 4:30 PM

bking merged https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/2

Test CI...again

Maintenance_bot removed a project: Patch-For-Review.Jul 15 2025, 4:32 PM
CodeReviewBot added a project: Patch-For-Review.Jul 17 2025, 10:07 PM

bking opened https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/3

blubber.yaml: changes to mimic upstream opensearch image

CodeReviewBot added a comment.Jul 17 2025, 10:13 PM

bking merged https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/3

blubber.yaml: changes to mimic upstream opensearch image

Maintenance_bot removed a project: Patch-For-Review.Jul 17 2025, 10:31 PM
bking updated the task description. (Show Details)Jul 21 2025, 10:14 PM
bking added a comment.EditedJul 21 2025, 10:22 PM

Progress report:

I've been building the OpenSearch image using releng's java image because Debian's java packages are ill-behaved: they assume a manpage directory exists, and they won't install if it doesn't. I haven't been able to figure out how to work around this in Blubber.

However, that image is based on Bullseye and the systemd-standalone-tmpfiles package appears to have disappeared from our Bullseye repos sometime over the weekend. Unfortunately, this package is required for installing the opensearch package inside a container.

I've asked the Infrastructure Foundations team what happened to the package, but assuming it isn't becoming back, I'll need to either:

  • Figure out how to get Blubber to Java to install cleanly in a Bookworm container (maybe a separate step just to create a manpage dir, similar to the Dockerfile?)
  • Convince releng to make a Bookworm-based Java 17 image
  • Use Dockerfile or some alternative container building method

I'll start by talking to Releng.

BTullis subscribed.Jul 21 2025, 11:35 PM

You can use this image instead. https://docker-registry.wikimedia.org/openjdk-17-jre/tags/

That's based on bookworm, so you will still be able to install the systemd-standalone-tmpfiles package.

CodeReviewBot added a project: Patch-For-Review.Jul 21 2025, 11:50 PM

bking opened https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/4

use openjdk-17-jre as base image

CodeReviewBot added a comment.Jul 22 2025, 12:42 AM

bking merged https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/4

use openjdk-17-jre as base image

Maintenance_bot removed a project: Patch-For-Review.Jul 22 2025, 1:31 AM
bking updated the task description. (Show Details)Jul 23 2025, 7:36 PM
CodeReviewBot added a project: Patch-For-Review.Jul 25 2025, 9:30 PM

bking opened https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/5

Use the docker entrypoint script from Amazon's build repo; clean up

CodeReviewBot added a comment.Jul 25 2025, 9:34 PM

bking merged https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/5

Use the docker entrypoint script from Amazon's build repo; clean up

Maintenance_bot removed a project: Patch-For-Review.Jul 25 2025, 10:30 PM
BTullis edited projects, added Data-Platform-SRE (2025.07.26 - 2025.08.15); removed Data-Platform-SRE (2025.07.05 - 2025.07.25).Jul 28 2025, 4:47 PM
BTullis moved this task from Backlog - project to In Progress on the Data-Platform-SRE (2025.07.26 - 2025.08.15) board.
CodeReviewBot added a project: Patch-For-Review.Jul 30 2025, 10:22 PM

bking opened https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/6

Add curl, java security policy

CodeReviewBot added a comment.Jul 30 2025, 10:22 PM

bking merged https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/6

Add curl, java security policy

bking updated the task description. (Show Details)Jul 30 2025, 10:24 PM
bking closed this task as Resolved.Jul 30 2025, 10:28 PM
bking moved this task from In Progress to Done on the Data-Platform-SRE (2025.07.26 - 2025.08.15) board.

I've confirmed that our new opensearch image does work with the upstream cluster and operator charts . You can find the values files I used to deploy the operator and cluster here.

As we've satisfied the AC, I'm closing this ticket. Work to build an opensearch operator image continues in T400295...

Maintenance_bot removed a project: Patch-For-Review.Jul 30 2025, 10:30 PM
BTullis moved this task from Done to Reported on the Data-Platform-SRE (2025.07.26 - 2025.08.15) board.Aug 20 2025, 10:32 AM
bking changed the status of subtask T400295: OpenSearch on K8s: build a new opensearch-operator image from Open to In Progress.Aug 26 2025, 2:24 PM
bking closed subtask T400295: OpenSearch on K8s: build a new opensearch-operator image as Resolved.Aug 27 2025, 2:26 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits