From 75aa0a119f84550b21cfc62da42e70098c9625bf Mon Sep 17 00:00:00 2001
From: Itamar Syn-Hershko <itamar@bigdataboutique.com>
Date: Fri, 5 Sep 2025 15:57:38 +0300
Subject: [PATCH 1/2] Fix #1079: Set setVMMaxMapCount default to true for
 production readiness

OpenSearch requires vm.max_map_count >= 262144 to prevent bootstrap
failures
in production deployments. The previous default of false would cause
OpenSearch to fail on most Kubernetes nodes that have the default
vm.max_map_count value of 65530.

Changes:
- Add kubebuilder:default=true annotation to SetVMMaxMapCount field
- Regenerate CRD manifests with the new default value
- Update documentation to clarify the default behavior

This ensures production-ready deployments work out of the box while
maintaining security by requiring explicit configuration.

Signed-off-by: Itamar Syn-Hershko <itamar@bigdataboutique.com>
---
 charts/opensearch-cluster/README.md                             | 2 +-
 .../files/opensearch.opster.io_opensearchclusters.yaml          | 1 +
 opensearch-operator/api/v1/opensearch_types.go                  | 1 +
 .../crd/bases/opensearch.opster.io_opensearchclusters.yaml      | 1 +
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/charts/opensearch-cluster/README.md b/charts/opensearch-cluster/README.md
index 86e9e882b..b9f96ddfd 100644
--- a/charts/opensearch-cluster/README.md
+++ b/charts/opensearch-cluster/README.md
@@ -59,7 +59,7 @@ A Helm chart for OpenSearch Cluster
 | cluster.general.securityContext | object | `{}` | Opensearch securityContext |
 | cluster.general.serviceAccount | string | `""` | Opensearch serviceAccount name. If Service Account doesn't exist it could be created by setting `serviceAccount.create` and `serviceAccount.name` |
 | cluster.general.serviceName | string | `""` | Opensearch service name |
-| cluster.general.setVMMaxMapCount | bool | `true` | Enable setVMMaxMapCount. OpenSearch requires the Linux kernel vm.max_map_count option to be set to at least 262144 |
+| cluster.general.setVMMaxMapCount | bool | `true` | Enable setVMMaxMapCount. OpenSearch requires the Linux kernel vm.max_map_count option to be set to at least 262144. Defaults to true for production readiness |
 | cluster.general.snapshotRepositories | list | `[]` | Opensearch snapshot repositories configuration |
 | cluster.general.vendor | string | `"Opensearch"` |  |
 | cluster.general.version | string | `"2.3.0"` | Opensearch version |
diff --git a/charts/opensearch-operator/files/opensearch.opster.io_opensearchclusters.yaml b/charts/opensearch-operator/files/opensearch.opster.io_opensearchclusters.yaml
index 063bbd00c..9286a86cd 100644
--- a/charts/opensearch-operator/files/opensearch.opster.io_opensearchclusters.yaml
+++ b/charts/opensearch-operator/files/opensearch.opster.io_opensearchclusters.yaml
@@ -4501,6 +4501,7 @@ spec:
                   serviceName:
                     type: string
                   setVMMaxMapCount:
+                    default: true
                     type: boolean
                   snapshotRepositories:
                     items:
diff --git a/opensearch-operator/api/v1/opensearch_types.go b/opensearch-operator/api/v1/opensearch_types.go
index 7bb88a994..459d927e5 100644
--- a/opensearch-operator/api/v1/opensearch_types.go
+++ b/opensearch-operator/api/v1/opensearch_types.go
@@ -50,6 +50,7 @@ type GeneralConfig struct {
 	Version          string  `json:"version,omitempty"`
 	ServiceAccount   string  `json:"serviceAccount,omitempty"`
 	ServiceName      string  `json:"serviceName"`
+	//+kubebuilder:default=true
 	SetVMMaxMapCount bool    `json:"setVMMaxMapCount,omitempty"`
 	DefaultRepo      *string `json:"defaultRepo,omitempty"`
 	// Extra items to add to the opensearch.yml
diff --git a/opensearch-operator/config/crd/bases/opensearch.opster.io_opensearchclusters.yaml b/opensearch-operator/config/crd/bases/opensearch.opster.io_opensearchclusters.yaml
index 063bbd00c..9286a86cd 100644
--- a/opensearch-operator/config/crd/bases/opensearch.opster.io_opensearchclusters.yaml
+++ b/opensearch-operator/config/crd/bases/opensearch.opster.io_opensearchclusters.yaml
@@ -4501,6 +4501,7 @@ spec:
                   serviceName:
                     type: string
                   setVMMaxMapCount:
+                    default: true
                     type: boolean
                   snapshotRepositories:
                     items:

From 55dd023743d51449114a056afac25743cccc0301 Mon Sep 17 00:00:00 2001
From: josedev-union <josebarato321@gmail.com>
Date: Wed, 8 Oct 2025 14:46:58 +0200
Subject: [PATCH 2/2] update design doc

Signed-off-by: josedev-union <josebarato321@gmail.com>
---
 docs/designs/crd.md                            | 2 +-
 opensearch-operator/api/v1/opensearch_types.go | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/designs/crd.md b/docs/designs/crd.md
index 52bb82b1e..f167f81de 100644
--- a/docs/designs/crd.md
+++ b/docs/designs/crd.md
@@ -167,7 +167,7 @@ GeneralConfig defines global Opensearch cluster configuration
         <td><b>SetVMMaxMapCount</b></td>
         <td>bool</td>
         <td>will add VMmaxMapCount</td>
-        <td>false</td>
+        <td>true</td>
         <td></td>
       </tr><tr>
         <td><b>additionalConfig</b></td>
diff --git a/opensearch-operator/api/v1/opensearch_types.go b/opensearch-operator/api/v1/opensearch_types.go
index 459d927e5..d089e0f9b 100644
--- a/opensearch-operator/api/v1/opensearch_types.go
+++ b/opensearch-operator/api/v1/opensearch_types.go
@@ -46,10 +46,10 @@ type GeneralConfig struct {
 	//+kubebuilder:default=9200
 	HttpPort int32 `json:"httpPort,omitempty"`
 	//+kubebuilder:validation:Enum=Opensearch;Op;OP;os;opensearch
-	Vendor           string  `json:"vendor,omitempty"`
-	Version          string  `json:"version,omitempty"`
-	ServiceAccount   string  `json:"serviceAccount,omitempty"`
-	ServiceName      string  `json:"serviceName"`
+	Vendor         string `json:"vendor,omitempty"`
+	Version        string `json:"version,omitempty"`
+	ServiceAccount string `json:"serviceAccount,omitempty"`
+	ServiceName    string `json:"serviceName"`
 	//+kubebuilder:default=true
 	SetVMMaxMapCount bool    `json:"setVMMaxMapCount,omitempty"`
 	DefaultRepo      *string `json:"defaultRepo,omitempty"`