Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to configure a secret in opensearch.yml config. #458

Closed
vamsi-amazon opened this issue Aug 1, 2023 · 10 comments
Closed

How to configure a secret in opensearch.yml config. #458

vamsi-amazon opened this issue Aug 1, 2023 · 10 comments
Labels
enhancement New feature or request good first issue Good for newcomers question Further information is requested

Comments

@vamsi-amazon
Copy link
Member

Is your feature request related to a problem? Please describe.
I am looking out for a way to configure opensearch.yml with a secret.

For eg:
plugins.query.datasources.masterkey: "secret"
Above master key can't be committed to github, so we need a way to integrate opensearch.yml with secrets in K8s.
@vamsi-amazon vamsi-amazon added enhancement New feature or request untriaged Issues that have not yet been triaged labels Aug 1, 2023
@vamsi-amazon
Copy link
Member Author

@prudhvigodithi Any idea on this?

@prudhvigodithi
Copy link
Collaborator

Hey @vamsi-amazon, you can pre-create the secret and mount the secret using extraVolumes: and extraVolumeMounts

Example:

      volumeMounts:
        - name: opensearch-config
          mountPath: "/usr/share/opensearch/opensearch.yml"
          readOnly: true
  volumes:
    - name: opensearch-config
      secret:
        secretName: opensearch-config-secret
        optional: true

When you add as secret, make sure you comment this line https://github.com/opensearch-project/helm-charts/blob/main/charts/opensearch/values.yaml#L48 that asks for opensearch.yml: setting.

@vamsi-amazon
Copy link
Member Author

@prudhvigodithi are you suggesting to create entire opensearch.yml as a secret volume and mount it?

@prudhvigodithi
Copy link
Collaborator

yes @vamsi-amazon , that how a secret and a k8s secret mount works, the secrets will be encoded and will replace the mount path (the full file path or directory), so it needs to be a complete file.

@Flyingliuhub
Copy link
Member

Is there a way just for using k8's secrets inside of opensearch.yml, not whole file plugins.query.datasources.encryption.masterkey: {K8's secret}

@prudhvigodithi
Copy link
Collaborator

Is this setting plugins.query.datasources.masterkey: "secret" supported as environment variable ?

@Flyingliuhub
Copy link
Member

@vamsi-amazon Is your setting supported as env variable?

@vamsi-amazon
Copy link
Member Author

@prudhvigodithi @Flyingliuhub I didn't know what that means?

@rishabh6788 rishabh6788 removed the untriaged Issues that have not yet been triaged label Aug 1, 2023
@prudhvigodithi
Copy link
Collaborator

@vamsi-amazon certain OpenSearch configs can be passed as environment values ex cluster.initial_master_nodes, network.publish_host etc, in the same manner can this plugins.query.datasources.masterkey: "secret" passed as environment values?
More examples https://github.com/Opster/opensearch-k8s-operator/blob/main/opensearch-operator/pkg/builders/cluster.go#L379-L412
Adding @TheAlgo @bbarani @peterzhuamazon

@prudhvigodithi prudhvigodithi added the question Further information is requested label Aug 1, 2023
@vamsi-amazon vamsi-amazon mentioned this issue Aug 1, 2023
Merged
1 task
@peterzhuamazon peterzhuamazon added the good first issue Good for newcomers label Sep 13, 2023
@prudhvigodithi prudhvigodithi mentioned this issue Jan 16, 2024
Open
@prudhvigodithi
Copy link
Collaborator

Closing this issue, please feel free to re-open if required.
Thanks
Adding @bbarani @peterzhuamazon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rishabh6788 @prudhvigodithi @Flyingliuhub @peterzhuamazon @vamsi-amazon