From f10414c0e3349d1b16353c85c59c70acb173c9f1 Mon Sep 17 00:00:00 2001 From: LemonDouble Date: Sun, 10 Nov 2024 03:45:15 +0900 Subject: [PATCH] Remove opensearch.yml config in Values.yaml to avoid security plugin conflicts --- charts/opensearch/values.yaml | 102 +++++++++++++++++----------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/charts/opensearch/values.yaml b/charts/opensearch/values.yaml index 02e356f4..24be5fc9 100644 --- a/charts/opensearch/values.yaml +++ b/charts/opensearch/values.yaml @@ -46,57 +46,57 @@ config: # # rootLogger.level = info # rootLogger.appenderRef.console.ref = console - opensearch.yml: | - cluster.name: opensearch-cluster - - # Bind to all interfaces because we don't know what IP address Docker will assign to us. - network.host: 0.0.0.0 - - # Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again. - # Implicitly done if ".singleNode" is set to "true". - # discovery.type: single-node - - # Start OpenSearch Security Demo Configuration - # WARNING: revise all the lines below before you go into production - plugins: - security: - ssl: - transport: - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - enforce_hostname_verification: false - http: - enabled: true - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - allow_unsafe_democertificates: true - allow_default_init_securityindex: true - authcz: - admin_dn: - - CN=kirk,OU=client,O=client,L=test,C=de - audit.type: internal_opensearch - enable_snapshot_restore_privilege: true - check_snapshot_restore_write_privileges: true - restapi: - roles_enabled: ["all_access", "security_rest_api_access"] - system_indices: - enabled: true - indices: - [ - ".opendistro-alerting-config", - ".opendistro-alerting-alert*", - ".opendistro-anomaly-results*", - ".opendistro-anomaly-detector*", - ".opendistro-anomaly-checkpoints", - ".opendistro-anomaly-detection-state", - ".opendistro-reports-*", - ".opendistro-notifications-*", - ".opendistro-notebooks", - ".opendistro-asynchronous-search-response*", - ] - ######## End OpenSearch Security Demo Configuration ######## + #opensearch.yml: | + # cluster.name: opensearch-cluster + # + # # Bind to all interfaces because we don't know what IP address Docker will assign to us. + # network.host: 0.0.0.0 + # + # # Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again. + # # Implicitly done if ".singleNode" is set to "true". + # # discovery.type: single-node + # + # # Start OpenSearch Security Demo Configuration + # # WARNING: revise all the lines below before you go into production + # plugins: + # security: + # ssl: + # transport: + # pemcert_filepath: esnode.pem + # pemkey_filepath: esnode-key.pem + # pemtrustedcas_filepath: root-ca.pem + # enforce_hostname_verification: false + # http: + # enabled: true + # pemcert_filepath: esnode.pem + # pemkey_filepath: esnode-key.pem + # pemtrustedcas_filepath: root-ca.pem + # allow_unsafe_democertificates: true + # allow_default_init_securityindex: true + # authcz: + # admin_dn: + # - CN=kirk,OU=client,O=client,L=test,C=de + # audit.type: internal_opensearch + # enable_snapshot_restore_privilege: true + # check_snapshot_restore_write_privileges: true + # restapi: + # roles_enabled: ["all_access", "security_rest_api_access"] + # system_indices: + # enabled: true + # indices: + # [ + # ".opendistro-alerting-config", + # ".opendistro-alerting-alert*", + # ".opendistro-anomaly-results*", + # ".opendistro-anomaly-detector*", + # ".opendistro-anomaly-checkpoints", + # ".opendistro-anomaly-detection-state", + # ".opendistro-reports-*", + # ".opendistro-notifications-*", + # ".opendistro-notebooks", + # ".opendistro-asynchronous-search-response*", + # ] + # ######## End OpenSearch Security Demo Configuration ######## # log4j2.properties: # Extra environment variables to append to this nodeGroup