diff --git a/charts/opensearch/CHANGELOG.md b/charts/opensearch/CHANGELOG.md index 2e91071a..5234649b 100644 --- a/charts/opensearch/CHANGELOG.md +++ b/charts/opensearch/CHANGELOG.md @@ -14,6 +14,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed ### Security --- +## [2.27.1] +### Added +### Changed +### Deprecated +### Removed +### Fixed +- Remove default opensearch.yml config in Values.yaml to avoid security plugin conflicts +### Security +--- ## [2.27.0] ### Added - Updated OpenSearch appVersion to 2.18.0 @@ -521,7 +530,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed ### Security -[Unreleased]: https://github.com/opensearch-project/helm-charts/compare/opensearch-2.27.0...HEAD +[Unreleased]: https://github.com/opensearch-project/helm-charts/compare/opensearch-2.27.1...HEAD +[2.27.1]: https://github.com/opensearch-project/helm-charts/compare/opensearch-2.27.0...opensearch-2.27.1 [2.27.0]: https://github.com/opensearch-project/helm-charts/compare/opensearch-2.26.1...opensearch-2.27.0 [2.26.1]: https://github.com/opensearch-project/helm-charts/compare/opensearch-2.26.0...opensearch-2.26.1 [2.26.0]: https://github.com/opensearch-project/helm-charts/compare/opensearch-2.25.0...opensearch-2.26.0 diff --git a/charts/opensearch/Chart.yaml b/charts/opensearch/Chart.yaml index 835a0d50..a5bce599 100644 --- a/charts/opensearch/Chart.yaml +++ b/charts/opensearch/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.27.0 +version: 2.27.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/opensearch/ci/ci-ingress-class-name-values.yaml b/charts/opensearch/ci/ci-ingress-class-name-values.yaml index c02e2756..d78f930f 100644 --- a/charts/opensearch/ci/ci-ingress-class-name-values.yaml +++ b/charts/opensearch/ci/ci-ingress-class-name-values.yaml @@ -51,47 +51,47 @@ config: # Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again. # discovery.type: single-node - # Start OpenSearch Security Demo Configuration - # WARNING: revise all the lines below before you go into production - plugins: - security: - ssl: - transport: - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - enforce_hostname_verification: false - http: - enabled: true - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - allow_unsafe_democertificates: true - allow_default_init_securityindex: true - authcz: - admin_dn: - - CN=kirk,OU=client,O=client,L=test,C=de - audit.type: internal_opensearch - enable_snapshot_restore_privilege: true - check_snapshot_restore_write_privileges: true - restapi: - roles_enabled: ["all_access", "security_rest_api_access"] - system_indices: - enabled: true - indices: - [ - ".opendistro-alerting-config", - ".opendistro-alerting-alert*", - ".opendistro-anomaly-results*", - ".opendistro-anomaly-detector*", - ".opendistro-anomaly-checkpoints", - ".opendistro-anomaly-detection-state", - ".opendistro-reports-*", - ".opendistro-notifications-*", - ".opendistro-notebooks", - ".opendistro-asynchronous-search-response*", - ] - ######## End OpenSearch Security Demo Configuration ######## + # # Start OpenSearch Security Demo Configuration + # # WARNING: revise all the lines below before you go into production + # plugins: + # security: + # ssl: + # transport: + # pemcert_filepath: esnode.pem + # pemkey_filepath: esnode-key.pem + # pemtrustedcas_filepath: root-ca.pem + # enforce_hostname_verification: false + # http: + # enabled: true + # pemcert_filepath: esnode.pem + # pemkey_filepath: esnode-key.pem + # pemtrustedcas_filepath: root-ca.pem + # allow_unsafe_democertificates: true + # allow_default_init_securityindex: true + # authcz: + # admin_dn: + # - CN=kirk,OU=client,O=client,L=test,C=de + # audit.type: internal_opensearch + # enable_snapshot_restore_privilege: true + # check_snapshot_restore_write_privileges: true + # restapi: + # roles_enabled: ["all_access", "security_rest_api_access"] + # system_indices: + # enabled: true + # indices: + # [ + # ".opendistro-alerting-config", + # ".opendistro-alerting-alert*", + # ".opendistro-anomaly-results*", + # ".opendistro-anomaly-detector*", + # ".opendistro-anomaly-checkpoints", + # ".opendistro-anomaly-detection-state", + # ".opendistro-reports-*", + # ".opendistro-notifications-*", + # ".opendistro-notebooks", + # ".opendistro-asynchronous-search-response*", + # ] + # ######## End OpenSearch Security Demo Configuration ######## # log4j2.properties: # Extra environment variables to append to this nodeGroup diff --git a/charts/opensearch/ci/ci-rbac-enabled-values.yaml b/charts/opensearch/ci/ci-rbac-enabled-values.yaml index b2463d55..91b4a595 100755 --- a/charts/opensearch/ci/ci-rbac-enabled-values.yaml +++ b/charts/opensearch/ci/ci-rbac-enabled-values.yaml @@ -51,47 +51,47 @@ config: # Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again. # discovery.type: single-node - # Start OpenSearch Security Demo Configuration - # WARNING: revise all the lines below before you go into production - plugins: - security: - ssl: - transport: - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - enforce_hostname_verification: false - http: - enabled: true - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - allow_unsafe_democertificates: true - allow_default_init_securityindex: true - authcz: - admin_dn: - - CN=kirk,OU=client,O=client,L=test,C=de - audit.type: internal_opensearch - enable_snapshot_restore_privilege: true - check_snapshot_restore_write_privileges: true - restapi: - roles_enabled: ["all_access", "security_rest_api_access"] - system_indices: - enabled: true - indices: - [ - ".opendistro-alerting-config", - ".opendistro-alerting-alert*", - ".opendistro-anomaly-results*", - ".opendistro-anomaly-detector*", - ".opendistro-anomaly-checkpoints", - ".opendistro-anomaly-detection-state", - ".opendistro-reports-*", - ".opendistro-notifications-*", - ".opendistro-notebooks", - ".opendistro-asynchronous-search-response*", - ] - ######## End OpenSearch Security Demo Configuration ######## + # # Start OpenSearch Security Demo Configuration + # # WARNING: revise all the lines below before you go into production + # plugins: + # security: + # ssl: + # transport: + # pemcert_filepath: esnode.pem + # pemkey_filepath: esnode-key.pem + # pemtrustedcas_filepath: root-ca.pem + # enforce_hostname_verification: false + # http: + # enabled: true + # pemcert_filepath: esnode.pem + # pemkey_filepath: esnode-key.pem + # pemtrustedcas_filepath: root-ca.pem + # allow_unsafe_democertificates: true + # allow_default_init_securityindex: true + # authcz: + # admin_dn: + # - CN=kirk,OU=client,O=client,L=test,C=de + # audit.type: internal_opensearch + # enable_snapshot_restore_privilege: true + # check_snapshot_restore_write_privileges: true + # restapi: + # roles_enabled: ["all_access", "security_rest_api_access"] + # system_indices: + # enabled: true + # indices: + # [ + # ".opendistro-alerting-config", + # ".opendistro-alerting-alert*", + # ".opendistro-anomaly-results*", + # ".opendistro-anomaly-detector*", + # ".opendistro-anomaly-checkpoints", + # ".opendistro-anomaly-detection-state", + # ".opendistro-reports-*", + # ".opendistro-notifications-*", + # ".opendistro-notebooks", + # ".opendistro-asynchronous-search-response*", + # ] + # ######## End OpenSearch Security Demo Configuration ######## # log4j2.properties: # Extra environment variables to append to this nodeGroup diff --git a/charts/opensearch/ci/ci-values.yaml b/charts/opensearch/ci/ci-values.yaml index fbd24cc8..b09ef89a 100755 --- a/charts/opensearch/ci/ci-values.yaml +++ b/charts/opensearch/ci/ci-values.yaml @@ -51,47 +51,47 @@ config: # Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again. # discovery.type: single-node - # Start OpenSearch Security Demo Configuration - # WARNING: revise all the lines below before you go into production - plugins: - security: - ssl: - transport: - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - enforce_hostname_verification: false - http: - enabled: true - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - allow_unsafe_democertificates: true - allow_default_init_securityindex: true - authcz: - admin_dn: - - CN=kirk,OU=client,O=client,L=test,C=de - audit.type: internal_opensearch - enable_snapshot_restore_privilege: true - check_snapshot_restore_write_privileges: true - restapi: - roles_enabled: ["all_access", "security_rest_api_access"] - system_indices: - enabled: true - indices: - [ - ".opendistro-alerting-config", - ".opendistro-alerting-alert*", - ".opendistro-anomaly-results*", - ".opendistro-anomaly-detector*", - ".opendistro-anomaly-checkpoints", - ".opendistro-anomaly-detection-state", - ".opendistro-reports-*", - ".opendistro-notifications-*", - ".opendistro-notebooks", - ".opendistro-asynchronous-search-response*", - ] - ######## End OpenSearch Security Demo Configuration ######## + # # Start OpenSearch Security Demo Configuration + # # WARNING: revise all the lines below before you go into production + # plugins: + # security: + # ssl: + # transport: + # pemcert_filepath: esnode.pem + # pemkey_filepath: esnode-key.pem + # pemtrustedcas_filepath: root-ca.pem + # enforce_hostname_verification: false + # http: + # enabled: true + # pemcert_filepath: esnode.pem + # pemkey_filepath: esnode-key.pem + # pemtrustedcas_filepath: root-ca.pem + # allow_unsafe_democertificates: true + # allow_default_init_securityindex: true + # authcz: + # admin_dn: + # - CN=kirk,OU=client,O=client,L=test,C=de + # audit.type: internal_opensearch + # enable_snapshot_restore_privilege: true + # check_snapshot_restore_write_privileges: true + # restapi: + # roles_enabled: ["all_access", "security_rest_api_access"] + # system_indices: + # enabled: true + # indices: + # [ + # ".opendistro-alerting-config", + # ".opendistro-alerting-alert*", + # ".opendistro-anomaly-results*", + # ".opendistro-anomaly-detector*", + # ".opendistro-anomaly-checkpoints", + # ".opendistro-anomaly-detection-state", + # ".opendistro-reports-*", + # ".opendistro-notifications-*", + # ".opendistro-notebooks", + # ".opendistro-asynchronous-search-response*", + # ] + # ######## End OpenSearch Security Demo Configuration ######## # log4j2.properties: # Extra environment variables to append to this nodeGroup diff --git a/charts/opensearch/values.yaml b/charts/opensearch/values.yaml index 02e356f4..8e5c6eaf 100644 --- a/charts/opensearch/values.yaml +++ b/charts/opensearch/values.yaml @@ -58,44 +58,44 @@ config: # Start OpenSearch Security Demo Configuration # WARNING: revise all the lines below before you go into production - plugins: - security: - ssl: - transport: - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - enforce_hostname_verification: false - http: - enabled: true - pemcert_filepath: esnode.pem - pemkey_filepath: esnode-key.pem - pemtrustedcas_filepath: root-ca.pem - allow_unsafe_democertificates: true - allow_default_init_securityindex: true - authcz: - admin_dn: - - CN=kirk,OU=client,O=client,L=test,C=de - audit.type: internal_opensearch - enable_snapshot_restore_privilege: true - check_snapshot_restore_write_privileges: true - restapi: - roles_enabled: ["all_access", "security_rest_api_access"] - system_indices: - enabled: true - indices: - [ - ".opendistro-alerting-config", - ".opendistro-alerting-alert*", - ".opendistro-anomaly-results*", - ".opendistro-anomaly-detector*", - ".opendistro-anomaly-checkpoints", - ".opendistro-anomaly-detection-state", - ".opendistro-reports-*", - ".opendistro-notifications-*", - ".opendistro-notebooks", - ".opendistro-asynchronous-search-response*", - ] + # plugins: + # security: + # ssl: + # transport: + # pemcert_filepath: esnode.pem + # pemkey_filepath: esnode-key.pem + # pemtrustedcas_filepath: root-ca.pem + # enforce_hostname_verification: false + # http: + # enabled: true + # pemcert_filepath: esnode.pem + # pemkey_filepath: esnode-key.pem + # pemtrustedcas_filepath: root-ca.pem + # allow_unsafe_democertificates: true + # allow_default_init_securityindex: true + # authcz: + # admin_dn: + # - CN=kirk,OU=client,O=client,L=test,C=de + # audit.type: internal_opensearch + # enable_snapshot_restore_privilege: true + # check_snapshot_restore_write_privileges: true + # restapi: + # roles_enabled: ["all_access", "security_rest_api_access"] + # system_indices: + # enabled: true + # indices: + # [ + # ".opendistro-alerting-config", + # ".opendistro-alerting-alert*", + # ".opendistro-anomaly-results*", + # ".opendistro-anomaly-detector*", + # ".opendistro-anomaly-checkpoints", + # ".opendistro-anomaly-detection-state", + # ".opendistro-reports-*", + # ".opendistro-notifications-*", + # ".opendistro-notebooks", + # ".opendistro-asynchronous-search-response*", + # ] ######## End OpenSearch Security Demo Configuration ######## # log4j2.properties: