通过cluster-configuration.yaml设置opensearch admin用户的凭据不起作用

[dalamudx]

ks版本：kubesphere/ks-installer:v3.4.1-patch.0
kubernetes版本：

Client Version: version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.15", GitCommit:"1649f592f1909b97aa3c2a0a8f968a3fd05a7b8b", GitTreeState:"clean", BuildDate:"2024-03-14T01:05:39Z", GoVersion:"go1.21.8", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v4.5.7
Server Version: version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.15", GitCommit:"1649f592f1909b97aa3c2a0a8f968a3fd05a7b8b", GitTreeState:"clean", BuildDate:"2024-03-14T00:54:27Z", GoVersion:"go1.21.8", Compiler:"gc", Platform:"linux/amd64"}

测试发现，虽然ks根据cluster-configuration.yaml设置创建了opensearch-credentials，但opensearch使用的还是默认用户名密码

[dalamudx]

从官方社区找到的，手动修改

 /usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh \
  -icl \
  -cacert /usr/share/opensearch/config/root-ca.pem \
  -cert /usr/share/opensearch/config/kirk.pem \
  -key /usr/share/opensearch/config/kirk-key.pem \
  -r  \
  -cd current-config

./plugins/opensearch-security/tools/hash.sh -p $NEW_PASSWORD

修改current-config/internal_users_$DATE.yml里面admin用户的hash，提交变更

/usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh \
  -icl \
  -t internalusers \
  -f current-config/internal_users_$DATE.yml \
  -cacert /usr/share/opensearch/config/root-ca.pem \
  -cert /usr/share/opensearch/config/kirk.pem \
  -key /usr/share/opensearch/config/kirk-key.pem

另外定时任务看起来是正常获取到凭据的，所以密码与secret配置中密码保持一致，不然任务会报错