feat: shared elasticsearch

Description

Sets up a single ElasticSearch (ES) instance per cluster that will be shared between Open edX instances. To enable the feature the operator needs to add TF_VAR_enable_shared_elasticsearch: true to their cluster-wide vars and GROVE_ENABLE_SHARED_ELASTICSEARCH to every instance.

To run multi-tenant ES we need to set up users and make sure they can't access each others resources.

We achieve this by:

• Creating an ES user based on the instance name
• Only allow ES user access to instances prefixed by their username, eg for demo they'll get access to all indexes of the form "demo-abcd-*". We add a random string "adcd" inbetween so that an instance named de doesn't have access to demo's indexes.

Notes

• I've disabled this feature by default as I would like to run some load testing first.

Testing instructions

Steps to test the changes:

1. Register an account and verify that you can add a Discussion question successfully on https://es3.kgdocluster.opencraft.hosting/
2. Verify that there aren't any ES pods running in the es3 namespace

Dependencies

• https://github.com/openedx/cs_comments_service/pull/404
• https://github.com/openedx/edx-search/pull/128
• https://github.com/open-craft/tutor-forum/pull/1
• https://github.com/open-craft/tutor-forum/pull/2
• tutor-contrib-grove!19 (merged)

Checklist

If any of the items below is not applicable, do not remove them, but put a check in it.

• All providers include the new feature/change
• All affected providers can provision new clusters
• Unit tests are added/updated
• Documentation is added/updated
• The TOOLS_CONTAINER_IMAGE_VERSION in ci_vars.yml is updated
• The grove-template repository is updated