Open sfisli opened 2 months ago
Hi @sfisli Can you please check the logs of the operator if it is reporting anything (make sure to check the operator-controller-manager
container)? There will likely be a log line about an error or something the operator is waiting for.
I tried applying your config on a local cluster, and aside from the secret having an illegal value (illegal base64 data at input byte 9
) pods are being started.
@swoehrl-mw now i got new error when i tried to configure certif with cert-manager and let'sencrypt:
opensearch-node-0:
[2024-04-22T15:17:51,121][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [adeiz-opensearch-cluster-nodes-0] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
Config: cluster.yaml :
kind: OpenSearchCluster
metadata:
name: adeiz-opensearch-cluster
namespace: labadeiz
spec:
security:
tls:
transport:
generate: false
perNode: false
secret:
name: opensearch-secret
# caSecret:
# name: opensearch-secret
nodesDn: ['CN=opensearch.mydomain.mycompany.com']
http:
generate: false
secret:
name: opensearch-secret # Name of the secret that contains the provided certificate
# caSecret:
# name: opensearch-secret # Name of the secret that contains a CA the Operator should use
config:
adminCredentialsSecret: # these are the admin credentials for the Operator to use
name: admin-credentials-secret
securityConfigSecret: # this is the whole security configuration for OpenSearch
name: securityconfig-secret
general:
setVMMaxMapCount: true
serviceName: adeiz-opensearch-cluster
version: 2.3.0
dashboards:
opensearchCredentialsSecret:
name: admin-credentials-secret
enable: true
tls:
enable: true
generate: true
version: 2.3.0
replicas: 1
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "200m"
nodePools:
- component: nodes
replicas: 2
diskSize: "3Gi"
nodeSelector:
resources:
requests:
memory: "2Gi"
cpu: "1000m"
limits:
# memory: "2Gi"
#cpu: "500m"
roles:
- "cluster_manager"
- "data"
opensearch-secret.yaml:
apiVersion: v1
data:
ca.crt: LS0tLS...
tls.key: LS0tL...
tls.crt: LS0tOZ
kind: Secret
metadata:
name: opensearch-secret
type: kubernetes.io/tls
did u fix it ?
the second issue ? not yet.
@sfisli From the little information you've provided its impossible to tell what is happening. You'll need to check the logs of the securityconfig-update job if it has successfully run. And if not, check the operator logs if it is reporting any problems.
Also: You will need a cluster with at least 3 replicas, anything less is not supported by the operator and can lead to non-functioning clusters.
What is the bug?
i'am trying to configure tls for opensearch operator, i followed the steps mentioned on the docs but the pods are not created ! and when i see controller logs there's nothing ( if i delete security:http section it works normally)
What is the expected behavior?
Cluster up and running with tls
Do you have any screenshots?
cluster.yaml:
security-config.secret:
admin-credentials-secret:
kubectl describe opensearchclusters :