Skip to content

Security plugin configuration #43

New issue
New issue
Open
Open
Security plugin configuration#43
@siegfriedweber

Description

@siegfriedweber
siegfriedweber
opened on Oct 15, 2025

Part of #1

Tasks

  • Decision: Configure the OpenSearch security plugin #51
  • Allow config overrides also for the plugin configuration files
  • Update changed security config via tools/securityadmin.sh
  • Create a basic configuration for the security plugin
  • Fix admin authentication
    It's currently done via Client TLS Authentication by comparing the CN in the certificate. But the secret-operator hard-codes it to CN=generated certificate for pod. OpenSearch complains that admin and node certificates must not have the same CN. see Use more clever certificate subject secret-operator#617
  • Add authentication support
    • HTTP Basic authentication
    • LDAP
    • JSON Web Token (not sure if required)
    • OpenID Connect (not sure if required)
  • Avoid insecure file permissions (e.g. use defaultMode in volumes and subPath for volumeMounts)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions