OpenSearch Dashboards
OpenSearch Dashboards is currently not managed by the operator but the Stackable Data Platform provides a supported OCI image.
One way to deploy OpenSearch Dashboards is by using the official Helm chart.
A basic values.yaml file to deploy OpenSearch Dashboards with this chart might look like this:
opensearchHosts: https://opensearch-nodes-default.<opensearch-namespace>.svc.cluster.local:9200 (1)
image: (2)
repository: oci.stackable.tech/sdp/opensearch-dashboards
tag: 3.1.0-stackable0.0.0-dev
serviceAccount:
create: false
name: opensearch-serviceaccount (3)
config:
opensearch_dashboards.yml:
server:
ssl:
enabled: true (4)
certificate: /stackable/opensearch-dashboards/config/tls/tls.crt (5)
key: /stackable/opensearch-dashboards/config/tls/tls.key (6)
opensearch:
username: kibanaserver (7)
ssl:
verificationMode: full (8)
certificateAuthorities:
- /stackable/opensearch-dashboards/config/tls/ca.crt (9)
opensearch_security:
cookie:
secure: true (10)
extraEnvs:
- name: OPENSEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: opensearch-credentials
key: kibanaserver (11)
extraVolumes:
- name: tls (12)
ephemeral:
volumeClaimTemplate:
metadata:
annotations:
secrets.stackable.tech/class: tls
secrets.stackable.tech/scope: service=opensearch-dashboards
spec:
storageClassName: secrets.stackable.tech
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "1"
extraVolumeMounts:
- mountPath: /stackable/opensearch-dashboards/config/tls
name: tls
- mountPath: /stackable/opensearch-dashboards/config/opensearch_dashboards.yml
name: config (13)
subPath: opensearch_dashboards.yml
podSecurityContext:
fsGroup: 1000 (14)| 1 | Address of the OpenSearch Service deployed by the operator; This address must be adapted according to your deployment. |
| 2 | Use the OCI image provided by the Stackable Data Platform |
| 3 | If running on OpenShift, use the ServiceAccount of OpenSearch because its permissions are already configured to work on OpenShift. This ServiceAccount name must probably adapted according to your deployment. |
| 4 | Enable TLS, so that OpenSearch Dashboards is served over HTTPS. |
| 5 | The TLS server certificate |
| 6 | The key for the TLS server certificate |
| 7 | OpenSearch Dashboards uses the user kibanaserver to communicate with OpenSearch. |
| 8 | OpenSearch Dashboards verifies the certificate of OpenSearch. This is disabled by default. |
| 9 | The CA certificate which is used to verify the OpenSearch certificate |
| 10 | Ensure that cookies are not sent via an insecure connection. |
| 11 | The password for the kibanaserver user |
| 12 | This example uses the secret operator to provide a TLS certificate. |
| 13 | The Helm chart only adds a volume mount at /usr/share/opensearch-dashboards/config, but in the image provided by Stackable, OpenSearch Dashboards is located in /stackable/opensearch-dashboards. |
| 14 | Mount the volumes with the stackable group so that the files are accessible by OpenSearch Dashboards. |
After the values are adjusted according to your deployment, especially opensearchHosts and serviceAccount.name, you can deploy the Helm chart as follows:
helm install opensearch-dashboards opensearch-dashboards \
--repo https://opensearch-project.github.io/helm-charts \
--version 3.1.0 \
--values opensearch-dashboards-values.yaml \
--wait