Added security for OpenSearch to Grove (!53) · Merge requests · opencraft / dev / Grove

Keith Grootboom requested to merge keith/se_5436_opensearch_security into main Apr 18, 2022

Description

Contains code from !53 (merged)

This PR adds configuration for security to the OpenSearch installation.

Password protects the OpenSearch installation
Use HTTPS (although self-signed) for internal communication.

In order to set the password SSL certificates have to be generated for the OpenSearch cluster. Unfortunately, the private key for this cert needs to be in PKCS8 format, which Terraform doesn't support out of the box, so there's a hacky workaround.

I'll rebase before merging.

Supporting information

Testing instructions

Run terraform (./tf plan && ./tf apply)
Retrieved the OpenSearch password with ./tf output -raw opensearch_dashboard_admin_password
Start the dashboard: ./kubectl --namespace monitoring port-forward --address 0.0.0.0 deployments/opensearch-dashboard-opensearch-dashboards 8001:5601
You can then login to http://localhost:8001 with the username admin and the password retrieved.

Deadline

18 April 2022

Other information

Edited Apr 18, 2022 by Keith Grootboom

Added security for OpenSearch to Grove

Description

Supporting information

Testing instructions

Deadline

Other information

Merge request reports