Are OpenSearch requirements addressed with this project?

[miaeyg]

Looking at https://documentation.sas.com/doc/en/itopscdc/v_045/itopssr/n1ika6zxghgsoqn1mq4bck9dx695.htm#n1c7hsl3jvlwr7n1v3xm4gxprta0

There is this section:

One of the following requirements for OpenSearch: A cluster-wide setting to enable privileged containers Increased virtual memory settings on the nodes that host stateful workloads

For more information about these requirements, see OpenSearch Requirements.

Wondering if this viya4-iac-aws addresses this requirement or not?

[dhoucgitter]

Hi @miaeyg, for the requirement:

A cluster-wide setting to enable privileged containers

viya4-iac-aws contains no built in support to set Pod Security Levels related to Pod Security Admission that provide support for the security controls outlined in the Pod Security Standards (PSS). Here's a tutorial that explains the steps to apply a Pod Security Standard at the cluster level if you have cluster admin access.

[miaeyg]

Hi @dhoucgitter

So just to be sure I get this right - if the project does not set any Pod Security Levels then are there any Pod Security Levels set by default by AWS when this project creates the cluster? If so, can those defaults cause SAS Viya to malfunction?

[dhoucgitter]

No, the Terraform AWS provider does not set any Pod Security Levels by default when creating EKS clusters. Pod Security Levels are a Kubernetes feature that enforces security constraints on pods and they need to be configured separately.