how to add email sender credentials in opensearch-keystore which is hosted on kubernetes?

opensearch-project / helm-charts

:wheel_of_dharma: A community repository for Helm Charts of OpenSearch Project.

https://opensearch.org/docs/latest/opensearch/install/helm/

Apache License 2.0

167 stars 227 forks source link

how to add email sender credentials in opensearch-keystore which is hosted on kubernetes? #392

Open chasegame-alpha opened 1 year ago

chasegame-alpha commented 1 year ago

./bin/opensearch-keystore add plugins.alerting.destination.email..username ./bin/opensearch-keystore add plugins.alerting.destination.email..password,

These are the commands mentioned in documentation to add alerting notifications, at run time we can get inside a container and we can add them. But how to add it in configuration of opensearch?

prudhvigodithi commented 1 year ago

[Triage] Hey @chasegame-alpha there is a keystore setting for the chart, but I do see this is little tricy as it does not contain the key value pair, @TheAlgo @DandyDeveloper @smlx @PaulLesur can you please add an example here? @bbarani @rishabh6788

gaiksaya commented 1 year ago

[Triage] Hi @opensearch-project/alerting-plugin , @opensearch-project/notifications Can you look into this issue?

prudhvigodithi commented 1 year ago

Just checking is there a way we can add this settings as a key value pair?

qreshi commented 1 year ago

I see an example in the values.yml from the code directory that @prudhvigodithi linked above:

https://github.com/opensearch-project/helm-charts/blob/af9e379b18b5cdc1f72c51fba376bab29753d9c9/charts/opensearch/values.yaml#L419-L421

Looks like it supports the key value pair to me

vamsi-amazon commented 1 year ago

@Flyingliuhub I guess we have done this for datasources config. can you help here?

Flyingliuhub commented 1 year ago

you can create a key value pair secrets for Kubernetes based on the json file or individual value, please see sample below:

kubectl create secret generic opensearch-dashboards-sample --from-file=plugins.query.federation.datasources.config=input.json

and then use those secretName in your value.yaml file's keystore.

keystore:
  - secretName: opensearch-dashboards-sample

chasegame-alpha commented 1 year ago

hey @Flyingliuhub @prudhvigodithi @qreshi @gaiksaya @vamsi-amazon hello all, thanks for responding to the issue. But even after adding them as secrets, and adding the secret to the keystore, but that didnt worked for me. how to add to the keystore(credentials) opensearch nodes running in kubernetes (pods), and how to add them to each node without restarting the deployments. Even after adding to the keystore how can we update(credentials) them without restarting the deployments. is there any REST call to do all this for opensearch? thankyou.

qreshi commented 1 year ago

If the keystore settings were added after OpenSearch has come up, you can call the reload API (POST _nodes/reload_secure_settings) to have the credentials changes reflected in Alerting without restarting. The credentials do need to be added to the keystore per node but the API will refresh all nodes.

Also, if you are using OpenSearch 2.0 or greater, I recommend using the updated setting for Notifications keystore settings:

opensearch.notifications.core.email.<sender_name>.username
opensearch.notifications.core.email.<sender_name>.password

The legacy ones you've mentioned above will still work in 2.x but will be removed in 3.0. Using the new namespace now will allow you to avoid the sudden migration on upgrading to 3.0 in the future. It seems the documentation isn't reflecting the newer setting. I'll ask the team to update the documentation.

chasegame-alpha commented 1 year ago

@qreshi @prudhvigodithi @Flyingliuhub @gaiksaya @vamsi-amazon hello qureshi, thanks for replying to the issue. Where can i find the updated setting for Notifications Keystore settings, in deployment files, as we are following with helm deployment. I am not able to add the keystore settings and configure email to send alerts. where can i add these two settings for the pods deployed in kubernetes with helm installation. opensearch.notifications.core.email..username opensearch.notifications.core.email..password

Thankyou.

danielcastropalomares commented 1 year ago

I followed these steps to add SMTP credentials to Helm with a keystore:

Create the secrets in k8s:

kubectl create secret generic -n <my_np> notifications-core-mail --from-literal=opensearch.notifications.core.email.<sender_name>.username=<my_email_account>
kubectl create secret generic -n <my_np> notifications-core-password --from-literal=opensearch.notifications.core.email.<sender_name>.password=<my_password>

In helm, add these new secrets:

keystore:
  - secretName: notifications-core-password
  - secretName: notifications-core-mail

Upgrade the Helm configuration.
To check if the secret is added to the keystore, run the following command:

kubectl exec -it -n <my_np>  <my_pod_name> -- /bin/bash
opensearch-keystore list

aakharbotli commented 1 month ago

adding to @danielcastropalomares, you can add the secrets to the extraObjects object in values.yaml like this:

extraObjects: 
  - apiVersion: v1
    data:
      opensearch.notifications.core.email.<sender_name>.password: <password_base64_encoded>
    kind: Secret
    metadata:
      name: notifications-core-password
      namespace: opensearch
  - apiVersion: v1
    data:
      opensearch.notifications.core.email.<sender_name>.password: <password_base64_encoded>
    kind: Secret
    metadata:
      name: notifications-core-password
      namespace: opensearch

Then, reference the secrets added in the keystore object in the values.yaml:

keystore: 
  - secretName: notifications-core-email
  - secretName: notifications-core-password