Closed vamsi-amazon closed 8 months ago
@prudhvigodithi Any idea on this?
Hey @vamsi-amazon, you can pre-create the secret and mount the secret using extraVolumes:
and extraVolumeMounts
Example:
volumeMounts:
- name: opensearch-config
mountPath: "/usr/share/opensearch/opensearch.yml"
readOnly: true
volumes:
- name: opensearch-config
secret:
secretName: opensearch-config-secret
optional: true
When you add as secret, make sure you comment this line https://github.com/opensearch-project/helm-charts/blob/main/charts/opensearch/values.yaml#L48 that asks for opensearch.yml:
setting.
@prudhvigodithi are you suggesting to create entire opensearch.yml as a secret volume and mount it?
yes @vamsi-amazon , that how a secret and a k8s secret mount works, the secrets will be encoded and will replace the mount path (the full file path or directory), so it needs to be a complete file.
Is there a way just for using k8's secrets inside of opensearch.yml, not whole file plugins.query.datasources.encryption.masterkey: {K8's secret}
Is this setting plugins.query.datasources.masterkey: "secret"
supported as environment variable ?
@vamsi-amazon Is your setting supported as env variable?
@prudhvigodithi @Flyingliuhub I didn't know what that means?
@vamsi-amazon certain OpenSearch configs can be passed as environment values ex cluster.initial_master_nodes
, network.publish_host
etc, in the same manner can this plugins.query.datasources.masterkey: "secret"
passed as environment values?
More examples https://github.com/Opster/opensearch-k8s-operator/blob/main/opensearch-operator/pkg/builders/cluster.go#L379-L412
Adding @TheAlgo @bbarani @peterzhuamazon
Closing this issue, please feel free to re-open if required. Thanks Adding @bbarani @peterzhuamazon
Is your feature request related to a problem? Please describe. I am looking out for a way to configure opensearch.yml with a secret.
For eg: plugins.query.datasources.masterkey: "secret" Above master key can't be committed to github, so we need a way to integrate opensearch.yml with secrets in K8s.