Added security for OpenSearch to Grove
Description
Contains code from !53 (merged)
This PR adds configuration for security to the OpenSearch installation.
- Password protects the OpenSearch installation
- Use HTTPS (although self-signed) for internal communication.
In order to set the password SSL certificates have to be generated for the OpenSearch cluster.
Unfortunately, the private key for this cert needs to be in PKCS8
format, which Terraform
doesn't support out of the box, so there's a hacky workaround.
I'll rebase before merging.
Supporting information
Testing instructions
- Run terraform (
./tf plan && ./tf apply
) - Retrieved the OpenSearch password with
./tf output -raw opensearch_dashboard_admin_password
- Start the dashboard:
./kubectl --namespace monitoring port-forward --address 0.0.0.0 deployments/opensearch-dashboard-opensearch-dashboards 8001:5601
- You can then login to http://localhost:8001 with the username
admin
and the password retrieved.
Deadline
18 April 2022
Other information
Edited by Keith Grootboom