OpenSearch Dashboards
OpenSearch Dashboards is currently not managed by the operator but the Stackable Data Platform provides a supported OCI image.
One way to deploy OpenSearch Dashboards is by using the official Helm chart.
A basic values.yaml file to deploy OpenSearch Dashboards with this chart might look like this:
opensearchHosts: null (1)
image: (2)
repository: oci.stackable.tech/sdp/opensearch-dashboards
tag: 3.1.0-stackable0.0.0-dev
serviceAccount:
create: false
name: opensearch-serviceaccount (3)
config:
opensearch_dashboards.yml:
server:
ssl:
enabled: true (4)
certificate: /stackable/opensearch-dashboards/config/tls/tls.crt (5)
key: /stackable/opensearch-dashboards/config/tls/tls.key (6)
opensearch:
username: kibanaserver (7)
ssl:
verificationMode: full (8)
certificateAuthorities:
- /stackable/opensearch-dashboards/config/tls/ca.crt (9)
opensearch_security:
cookie:
secure: true (10)
extraEnvs:
- name: OPENSEARCH_HOSTS
valueFrom:
configMapKeyRef:
name: opensearch (11)
key: OPENSEARCH_HOSTS
- name: OPENSEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: opensearch-credentials
key: kibanaserver (12)
extraVolumes:
- name: tls (13)
ephemeral:
volumeClaimTemplate:
metadata:
annotations:
secrets.stackable.tech/class: tls
secrets.stackable.tech/scope: service=opensearch-dashboards
spec:
storageClassName: secrets.stackable.tech
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "1"
extraVolumeMounts:
- mountPath: /stackable/opensearch-dashboards/config/tls
name: tls
- mountPath: /stackable/opensearch-dashboards/config/opensearch_dashboards.yml
name: config (14)
subPath: opensearch_dashboards.yml
podSecurityContext:
fsGroup: 1000 (15)| 1 | The address of the OpenSearch cluster is provided in extraEnvs in the OPENSEARCH_HOSTS variable. |
| 2 | Use the OCI image provided by the Stackable Data Platform |
| 3 | If running on OpenShift, use the ServiceAccount of OpenSearch because its permissions are already configured to work on OpenShift. This ServiceAccount name must probably adapted according to your deployment. |
| 4 | Enable TLS, so that OpenSearch Dashboards is served over HTTPS. |
| 5 | The TLS server certificate |
| 6 | The key for the TLS server certificate |
| 7 | OpenSearch Dashboards uses the user kibanaserver to communicate with OpenSearch. |
| 8 | OpenSearch Dashboards verifies the certificate of OpenSearch. This is disabled by default. |
| 9 | The CA certificate which is used to verify the OpenSearch certificate |
| 10 | Ensure that cookies are not sent via an insecure connection. |
| 11 | Address of the OpenSearch Service taken from the discovery ConfigMap The name of the discovery ConfigMap corresponds to the name of the OpenSearch cluster and must be adapted according to your deployment. |
| 12 | The password for the kibanaserver user |
| 13 | This example uses the secret operator to provide a TLS certificate. |
| 14 | The Helm chart only adds a volume mount at /usr/share/opensearch-dashboards/config, but in the image provided by Stackable, OpenSearch Dashboards is located in /stackable/opensearch-dashboards. |
| 15 | Mount the volumes with the stackable group so that the files are accessible by OpenSearch Dashboards. |
After the values are adjusted according to your deployment, especially opensearchHosts and serviceAccount.name, you can deploy the Helm chart as follows:
helm install opensearch-dashboards opensearch-dashboards \
--repo https://opensearch-project.github.io/helm-charts \
--version 3.1.0 \
--values opensearch-dashboards-values.yaml \
--wait