https://tech.uvoo.io/index.php?action=history&feed=atom&title=OpenSearch_2 2026-04-19T15:57:21Z Revision history for this page on the wiki MediaWiki 1.35.2 https://tech.uvoo.io/index.php?title=OpenSearch_2&diff=5553&oldid=prev 2025-06-03T17:27:00Z

<p>Created page with &quot;Here&#039;s a **Helm install command** for OpenSearch with **LDAP authentication enabled** and **TLS for HTTP enabled**, using the official [OpenSearch Helm chart](https://github.c...&quot;</p> <p><b>New page</b></p><div>Here's a **Helm install command** for OpenSearch with **LDAP authentication enabled** and **TLS for HTTP enabled**, using the official [OpenSearch Helm chart](https://github.com/opensearch-project/helm-charts).<br /> <br /> ---<br /> <br /> ### ✅ Prerequisites<br /> <br /> 1. Create a `values.yaml` file with your custom settings:<br /> <br /> * TLS certificates for HTTP<br /> * LDAP configuration<br /> <br /> ---<br /> <br /> ### 📄 Example `values.yaml`<br /> <br /> ```yaml<br /> # Enable HTTP TLS<br /> opensearch:<br /> security:<br /> config:<br /> opensearch_security.ssl.http.enabled: true<br /> opensearch_security.ssl.http.pemcert_filepath: http.pem<br /> opensearch_security.ssl.http.pemkey_filepath: http-key.pem<br /> opensearch_security.ssl.http.pemtrustedcas_filepath: root-ca.pem<br /> opensearch_security.ssl.http.clientauth_mode: OPTIONAL<br /> <br /> # Enable LDAP authentication<br /> config.data:<br /> opensearch_security.authc:<br /> ldap_auth_domain:<br /> http_enabled: true<br /> transport_enabled: true<br /> order: 1<br /> http_authenticator:<br /> type: basic<br /> challenge: true<br /> authentication_backend:<br /> type: ldap<br /> config:<br /> enable_ssl: true<br /> verify_hostnames: false<br /> hosts:<br /> - &quot;ldap.yourdomain.com:636&quot;<br /> bind_dn: &quot;cn=admin,dc=example,dc=com&quot;<br /> password: &quot;your_ldap_password&quot;<br /> userbase: &quot;ou=users,dc=example,dc=com&quot;<br /> usersearch: &quot;(uid={0})&quot;<br /> username_attribute: &quot;uid&quot;<br /> <br /> # Mount your custom certs and config<br /> volumeMounts:<br /> - name: certs<br /> mountPath: /usr/share/opensearch/config/certs<br /> <br /> volumes:<br /> - name: certs<br /> secret:<br /> secretName: opensearch-certs<br /> ```<br /> <br /> ---<br /> <br /> ### 🔐 Create the secret for TLS certs<br /> <br /> ```bash<br /> kubectl create secret generic opensearch-certs \<br /> --from-file=http.pem=./http.pem \<br /> --from-file=http-key.pem=./http-key.pem \<br /> --from-file=root-ca.pem=./root-ca.pem<br /> ```<br /> <br /> ---<br /> <br /> ### 🚀 Install OpenSearch with Helm<br /> <br /> ```bash<br /> helm repo add opensearch https://opensearch-project.github.io/helm-charts/<br /> helm repo update<br /> <br /> helm install my-opensearch opensearch/opensearch -f values.yaml<br /> ```<br /> <br /> ---<br /> <br /> ### ✅ Verify<br /> <br /> Check the logs of the OpenSearch pod:<br /> <br /> ```bash<br /> kubectl logs -l app.kubernetes.io/name=opensearch<br /> ```<br /> <br /> ---<br /> <br /> Let me know if you want:<br /> <br /> * to use self-signed cert generation<br /> * to configure Kibana (OpenSearch Dashboards)<br /> * a working minimal `values.yaml` without certs for quick testing</div>

Busk