-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automating security index backup #133
Comments
Solved by using nginx-ingress annotation
But, I believe this should be solved from opensearch side not from the ingress controller, as in this case, we need to have all our applications communicate with opensearch with https rather than http, even if they are in the same kubernetes cluster where we could use opensearch serviceName.Namespace host. Please correct me if I am wrong, and advise other proper solution if available. Thank you. |
[Untriage]
Also when you mention WIth nginx can you try with the following annotations and yes it would have double encryption, one at the reverse proxy level (nginx) and other with OpenSearch.
|
Current Environment.
we have opensearch deployed behind nginx ingress on kubernetes cluster,
opensearch is deployed with helm charts,
opensearch-dashboards is also deployed with helm charts.
Since opensearch is deployed behind a proxy and we have ssl termination on nginx controllers, @dblock supported me previously by suggesting to update
http: true
, tohttp: false
in order to be able to reach opensearch, as when http is set to true, and using the nginx ingress with the request, we are making plain text requests to opensearch that is configured to receive a secure requests,The Issue
Since the documentation suggests excluding the security index from snapshots, and provides another way of taking a security configuration backup using the
securityadmin.sh
, I am facing the following case:while
http: false
, and executing the securityadmin.sh script I get the following errorQuestions:
1- Why securityadmin.sh script is related to the following configuration
http: true/false
?2- Does this have any other workaround to allow executing the securityadmin.sh script without having to modify the configuration from
http: false
tohttp: true
when having opensearch deployed behind nginx ingress on kubernetes cluster ?Amazing efforts being done on this project and I would gladly ask your help and support regarding this matter,
Thank you.
The text was updated successfully, but these errors were encountered: