Closed Oznup closed 2 years ago
Is that solved @Oznup ,could you check if there is '\n' at the end of the pem file?
Close this for now as there is no response for some time. Please feel free to re-open if you still have questions.
Thanks.
We're having the same issue.
You need to convert the key to pkcs8
format in order for Opensearch to be able to load it.
This is covered in the documentation here https://opensearch.org/docs/latest/security-plugin/configuration/generate-certificates/
@smlx I believe with these PRs we can also use pkcs1:
https://github.com/opensearch-project/OpenSearch/pull/4893 https://github.com/netty/netty/pull/12670
You need to convert the key to
pkcs8
format in order for Opensearch to be able to load it.This is covered in the documentation here https://opensearch.org/docs/latest/security-plugin/configuration/generate-certificates/
Does that mean I can't use elliptic curve certificates?
For those who need it. I had to use the following conf in cert-manager:
spec:
privateKey:
algorithm: RSA
size: 2048
encoding: PKCS8
rotationPolicy: Always
For those who need it. I had to use the following conf in cert-manager:
spec: privateKey: algorithm: RSA size: 2048 encoding: PKCS8 rotationPolicy: Always
smh, I figured it only can do RSA. What a shame.
Hello,
First of all, congratulations for this beautiful fork ^^ I've tried it with the demo configuration and everything is working well. Now, I try to use a more production ready configuration, and then use the certificates registered in secrets (created by cert-manager).
To do so, I use extraVolumes and extraVolumesMounts (I've tried secretMounts, but I don't have better results) to mount my certificates this way :
On startup, opensearch crashes with the following stacktrace :
If I cat the file in the container by typing
kubectl exec opensearch-cluster-master-0 -- cat /usr/share/opensearch/config/opensearch-key.pem
I get the RSA private key which looks like thisAnd if I compare it to the key in my cert-manager built secret :
kubectl get secret opensearch-secret -o jsonpath="{.data['tls\.key']}" | base64 -d
I get the same.Here is my opensearch-values.yaml file :
What am I missing ?
Thanks in advance for support :)