OpenSearch 2
Jump to navigation
Jump to search
Here's a Helm install command for OpenSearch with LDAP authentication enabled and TLS for HTTP enabled, using the official OpenSearch Helm chart.
β Prerequisites
- Create a
values.yamlfile with your custom settings:
- TLS certificates for HTTP
- LDAP configuration
π Example values.yaml
# Enable HTTP TLS
opensearch:
security:
config:
opensearch_security.ssl.http.enabled: true
opensearch_security.ssl.http.pemcert_filepath: http.pem
opensearch_security.ssl.http.pemkey_filepath: http-key.pem
opensearch_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
opensearch_security.ssl.http.clientauth_mode: OPTIONAL
# Enable LDAP authentication
config.data:
opensearch_security.authc:
ldap_auth_domain:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: ldap
config:
enable_ssl: true
verify_hostnames: false
hosts:
- "ldap.yourdomain.com:636"
bind_dn: "cn=admin,dc=example,dc=com"
password: "your_ldap_password"
userbase: "ou=users,dc=example,dc=com"
usersearch: "(uid={0})"
username_attribute: "uid"
# Mount your custom certs and config
volumeMounts:
- name: certs
mountPath: /usr/share/opensearch/config/certs
volumes:
- name: certs
secret:
secretName: opensearch-certs
π Create the secret for TLS certs
kubectl create secret generic opensearch-certs \ --from-file=http.pem=./http.pem \ --from-file=http-key.pem=./http-key.pem \ --from-file=root-ca.pem=./root-ca.pem
π Install OpenSearch with Helm
helm repo add opensearch https://opensearch-project.github.io/helm-charts/ helm repo update helm install my-opensearch opensearch/opensearch -f values.yaml
β Verify
Check the logs of the OpenSearch pod:
kubectl logs -l app.kubernetes.io/name=opensearch
Let me know if you want:
- to use self-signed cert generation
- to configure Kibana (OpenSearch Dashboards)
- a working minimal
values.yamlwithout certs for quick testing