OpenSearch 2

From UVOO Tech Wiki
Jump to navigation Jump to search

Here's a Helm install command for OpenSearch with LDAP authentication enabled and TLS for HTTP enabled, using the official OpenSearch Helm chart.


βœ… Prerequisites

  1. Create a values.yaml file with your custom settings:
  • TLS certificates for HTTP
  • LDAP configuration

πŸ“„ Example values.yaml

# Enable HTTP TLS
opensearch:
  security:
    config:
      opensearch_security.ssl.http.enabled: true
      opensearch_security.ssl.http.pemcert_filepath: http.pem
      opensearch_security.ssl.http.pemkey_filepath: http-key.pem
      opensearch_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
      opensearch_security.ssl.http.clientauth_mode: OPTIONAL

    # Enable LDAP authentication
    config.data:
      opensearch_security.authc:
        ldap_auth_domain:
          http_enabled: true
          transport_enabled: true
          order: 1
          http_authenticator:
            type: basic
            challenge: true
          authentication_backend:
            type: ldap
            config:
              enable_ssl: true
              verify_hostnames: false
              hosts:
                - "ldap.yourdomain.com:636"
              bind_dn: "cn=admin,dc=example,dc=com"
              password: "your_ldap_password"
              userbase: "ou=users,dc=example,dc=com"
              usersearch: "(uid={0})"
              username_attribute: "uid"

# Mount your custom certs and config
volumeMounts:
  - name: certs
    mountPath: /usr/share/opensearch/config/certs

volumes:
  - name: certs
    secret:
      secretName: opensearch-certs

πŸ” Create the secret for TLS certs

kubectl create secret generic opensearch-certs \
  --from-file=http.pem=./http.pem \
  --from-file=http-key.pem=./http-key.pem \
  --from-file=root-ca.pem=./root-ca.pem

πŸš€ Install OpenSearch with Helm

helm repo add opensearch https://opensearch-project.github.io/helm-charts/
helm repo update

helm install my-opensearch opensearch/opensearch -f values.yaml

βœ… Verify

Check the logs of the OpenSearch pod:

kubectl logs -l app.kubernetes.io/name=opensearch

Let me know if you want:

  • to use self-signed cert generation
  • to configure Kibana (OpenSearch Dashboards)
  • a working minimal values.yaml without certs for quick testing