Skip to content

Commit d1ea259

Browse files
migruiz4bitnami-bot
migruiz4
and
bitnami-bot
authored
[bitnami/opensearch] Set usePasswordFiles=true by default (#32797)
* [bitnami/opensearch] Set `usePasswordFiles=true` by default Signed-off-by: Miguel Ruiz <[email protected]> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <[email protected]> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Bot <[email protected]> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <[email protected]> --------- Signed-off-by: Miguel Ruiz <[email protected]> Signed-off-by: Bitnami Bot <[email protected]> Co-authored-by: Bitnami Bot <[email protected]>
1 parent 89677d4 commit d1ea259

File tree

10 files changed

+117
-8
lines changed

10 files changed

+117
-8
lines changed

bitnami/opensearch/CHANGELOG.md

+6-2
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,12 @@
11
# Changelog
22

3-
## 1.8.2 (2025-04-02)
3+
## 1.9.0 (2025-04-04)
44

5-
* [bitnami/opensearch] Release 1.8.2 ([#32783](https://github.com/bitnami/charts/pull/32783))
5+
* [bitnami/opensearch] Set `usePasswordFiles=true` by default ([#32797](https://github.com/bitnami/charts/pull/32797))
6+
7+
## <small>1.8.2 (2025-04-02)</small>
8+
9+
* [bitnami/opensearch] Release 1.8.2 (#32783) ([be1ab6d](https://github.com/bitnami/charts/commit/be1ab6dd868fdbd45d25d97e9cbc5cf54005b0e4)), closes [#32783](https://github.com/bitnami/charts/issues/32783)
610

711
## <small>1.8.1 (2025-03-31)</small>
812

bitnami/opensearch/Chart.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -31,4 +31,4 @@ maintainers:
3131
name: opensearch
3232
sources:
3333
- https://github.com/bitnami/charts/tree/main/bitnami/opensearch
34-
version: 1.8.2
34+
version: 1.9.0

bitnami/opensearch/README.md

+1
Original file line numberDiff line numberDiff line change
@@ -219,6 +219,7 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
219219
| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
220220
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
221221
| `namespaceOverride` | String to fully override common.names.namespace | `""` |
222+
| `usePasswordFiles` | Mount credentials as files instead of using environment variables | `true` |
222223
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
223224
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
224225
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |

bitnami/opensearch/templates/_helpers.tpl

+24
Original file line numberDiff line numberDiff line change
@@ -580,6 +580,14 @@ Add environment variables to configure database values
580580
value: {{ coalesce .Values.security.tls.adminDN "CN=admin;CN=admin" }}
581581
- name: OPENSEARCH_ENABLE_SECURITY
582582
value: "true"
583+
{{- if .Values.usePasswordFiles }}
584+
- name: OPENSEARCH_PASSWORD_FILE
585+
value: "/opt/bitnami/opensearch/secrets/opensearch-password"
586+
- name: OPENSEARCH_DASHBOARDS_PASSWORD_FILE
587+
value: "/opt/bitnami/opensearch/secrets/opensearch-dashboards-password"
588+
- name: LOGSTASH_PASSWORD_FILE
589+
value: "/opt/bitnami/opensearch/secrets/logstash-password"
590+
{{- else }}
583591
- name: OPENSEARCH_PASSWORD
584592
valueFrom:
585593
secretKeyRef:
@@ -595,6 +603,7 @@ Add environment variables to configure database values
595603
secretKeyRef:
596604
name: {{ include "opensearch.secretName" . }}
597605
key: logstash-password
606+
{{- end }}
598607
- name: OPENSEARCH_ENABLE_FIPS_MODE
599608
value: {{ .Values.security.fipsMode | quote }}
600609
- name: OPENSEARCH_TLS_VERIFICATION_MODE
@@ -611,26 +620,41 @@ Add environment variables to configure database values
611620
value: "/opt/bitnami/opensearch/config/certs/{{ .Values.security.tls.truststoreFilename }}"
612621
{{- end }}
613622
{{- if and (not .Values.security.tls.usePemCerts) (or .Values.security.tls.keystorePassword .Values.security.tls.passwordsSecret) }}
623+
{{- if .Values.usePasswordFiles }}
624+
- name: OPENSEARCH_KEYSTORE_PASSWORD_FILE
625+
value: {{ printf "/opt/bitnami/opensearch/secrets/%s" (include "opensearch.keystorePasswordKey" .) }}
626+
{{- else }}
614627
- name: OPENSEARCH_KEYSTORE_PASSWORD
615628
valueFrom:
616629
secretKeyRef:
617630
name: {{ include "opensearch.tlsPasswordsSecret" . }}
618631
key: {{ include "opensearch.keystorePasswordKey" . | quote }}
619632
{{- end }}
633+
{{- end }}
620634
{{- if and (not .Values.security.tls.usePemCerts) (or .Values.security.tls.truststorePassword .Values.security.tls.passwordsSecret) }}
635+
{{- if .Values.usePasswordFiles }}
636+
- name: OPENSEARCH_KEYSTORE_PASSWORD_FILE
637+
value: {{ printf "/opt/bitnami/opensearch/secrets/%s" (include "opensearch.truststorePasswordKey" .) }}
638+
{{- else }}
621639
- name: OPENSEARCH_TRUSTSTORE_PASSWORD
622640
valueFrom:
623641
secretKeyRef:
624642
name: {{ include "opensearch.tlsPasswordsSecret" . }}
625643
key: {{ include "opensearch.truststorePasswordKey" . | quote }}
626644
{{- end }}
645+
{{- end }}
627646
{{- if and .Values.security.tls.usePemCerts (or .Values.security.tls.keyPassword .Values.security.tls.passwordsSecret) }}
647+
{{- if .Values.usePasswordFiles }}
648+
- name: OPENSEARCH_KEY_PASSWORD_FILE
649+
value: {{ printf "/opt/bitnami/opensearch/secrets/%s" (include "opensearch.keyPasswordKey" .) }}
650+
{{- else }}
628651
- name: OPENSEARCH_KEY_PASSWORD
629652
valueFrom:
630653
secretKeyRef:
631654
name: {{ include "opensearch.tlsPasswordsSecret" . }}
632655
key: {{ include "opensearch.keyPasswordKey" . | quote }}
633656
{{- end }}
657+
{{- end }}
634658
{{- end -}}
635659

636660
{{/*

bitnami/opensearch/templates/coordinating/statefulset.yaml

+16-1
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ spec:
8787
{{- if .Values.sysctlImage.enabled }}
8888
{{- include "opensearch.sysctl.initContainer" . | nindent 8}}
8989
{{- end }}
90-
{{- include "opensearch.copy-default-plugins.initContainer" (dict "component" "coordinating" "context" $) | nindent 8 }}
90+
{{- include "opensearch.copy-default-plugins.initContainer" (dict "component" "coordinating" "context" $) | nindent 8 }}
9191
{{- if .Values.coordinating.initContainers }}
9292
{{- include "common.tplvalues.render" (dict "value" .Values.coordinating.initContainers "context" $) | nindent 8 }}
9393
{{- end }}
@@ -231,6 +231,10 @@ spec:
231231
subPath: app-plugins-dir
232232
- name: data
233233
mountPath: /bitnami/opensearch/data
234+
{{- if and .Values.usePasswordFiles .Values.security.enabled }}
235+
- name: opensearch-secrets
236+
mountPath: /opt/bitnami/opensearch/secrets
237+
{{- end }}
234238
{{- if .Values.config }}
235239
- mountPath: /opt/bitnami/opensearch/config/opensearch.yml
236240
name: config
@@ -289,6 +293,17 @@ spec:
289293
configMap:
290294
name: {{ include "common.names.fullname" . }}
291295
{{- end }}
296+
{{- if and .Values.usePasswordFiles .Values.security.enabled }}
297+
- name: opensearch-secrets
298+
projected:
299+
sources:
300+
- secret:
301+
name: {{ include "opensearch.secretName" . }}
302+
{{- if or .Values.security.tls.keystorePassword .Values.security.tls.truststorePassword .Values.security.tls.keyPassword .Values.security.tls.passwordsSecret }}
303+
- secret:
304+
name: {{ include "opensearch.tlsPasswordsSecret" . }}
305+
{{- end }}
306+
{{- end }}
292307
{{- if .Values.security.enabled }}
293308
- name: opensearch-certificates
294309
projected:

bitnami/opensearch/templates/dashboards/deployment.yaml

+18-1
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ spec:
6969
terminationGracePeriodSeconds: {{ .Values.dashboards.terminationGracePeriodSeconds }}
7070
{{- end }}
7171
initContainers:
72-
{{- include "opensearch.dashboards.copy-default-plugins.initContainer" . | nindent 8 }}
72+
{{- include "opensearch.dashboards.copy-default-plugins.initContainer" . | nindent 8 }}
7373
{{- if .Values.dashboards.initContainers }}
7474
{{- include "common.tplvalues.render" (dict "value" .Values.dashboards.initContainers "context" $) | nindent 8 }}
7575
{{- end }}
@@ -94,12 +94,17 @@ spec:
9494
- name: BITNAMI_DEBUG
9595
value: {{ ternary "true" "false" (or .Values.dashboards.image.debug .Values.diagnosticMode.enabled) | quote }}
9696
{{- if .Values.security.enabled }}
97+
{{- if .Values.usePasswordFiles }}
98+
- name: OPENSEARCH_DASHBOARDS_PASSWORD_FILE
99+
value: "/opt/bitnami/opensearch-dashboards/secrets/opensearch-dashboards-password"
100+
{{- else }}
97101
- name: OPENSEARCH_DASHBOARDS_PASSWORD
98102
valueFrom:
99103
secretKeyRef:
100104
name: {{ include "opensearch.secretName" . }}
101105
key: opensearch-dashboards-password
102106
{{- end }}
107+
{{- end }}
103108
{{- if .Values.dashboards.tls.enabled }}
104109
- name: OPENSEARCH_DASHBOARDS_SERVER_ENABLE_TLS
105110
value: "true"
@@ -174,6 +179,10 @@ spec:
174179
subPath: app-plugins-dir
175180
- name: dashboards-data
176181
mountPath: /bitnami/opensearch-dashboards
182+
{{- if and .Values.usePasswordFiles .Values.security.enabled }}
183+
- name: opensearch-dashboards-secrets
184+
mountPath: /opt/bitnami/opensearch-dashboards/secrets
185+
{{- end }}
177186
{{- if .Values.security.enabled }}
178187
- name: opensearch-certificates
179188
mountPath: /opt/bitnami/opensearch-dashboards/config/certs/opensearch
@@ -193,6 +202,14 @@ spec:
193202
volumes:
194203
- name: empty-dir
195204
emptyDir: {}
205+
{{- if and .Values.usePasswordFiles .Values.security.enabled }}
206+
- name: opensearch-dashboards-secrets
207+
secret:
208+
secretName: {{ include "opensearch.secretName" . }}
209+
items:
210+
- key: opensearch-dashboards-password
211+
path: opensearch-dashboards-password
212+
{{- end }}
196213
- name: dashboards-data
197214
{{- if .Values.dashboards.persistence.enabled }}
198215
persistentVolumeClaim:

bitnami/opensearch/templates/data/statefulset.yaml

+16-1
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,7 @@ spec:
109109
- name: data
110110
mountPath: /bitnami/opensearch/data
111111
{{- end }}
112-
{{- include "opensearch.copy-default-plugins.initContainer" (dict "component" "data" "context" $) | nindent 8 }}
112+
{{- include "opensearch.copy-default-plugins.initContainer" (dict "component" "data" "context" $) | nindent 8 }}
113113
{{- if .Values.data.initContainers }}
114114
{{- include "common.tplvalues.render" (dict "value" .Values.data.initContainers "context" $) | nindent 8 }}
115115
{{- end }}
@@ -257,6 +257,10 @@ spec:
257257
subPath: app-plugins-dir
258258
- name: data
259259
mountPath: /bitnami/opensearch/data
260+
{{- if and .Values.usePasswordFiles .Values.security.enabled }}
261+
- name: opensearch-secrets
262+
mountPath: /opt/bitnami/opensearch/secrets
263+
{{- end }}
260264
{{- if .Values.config }}
261265
- mountPath: /opt/bitnami/opensearch/config/opensearch.yml
262266
name: config
@@ -313,6 +317,17 @@ spec:
313317
configMap:
314318
name: {{ template "common.names.fullname" . }}
315319
{{- end }}
320+
{{- if and .Values.usePasswordFiles .Values.security.enabled }}
321+
- name: opensearch-secrets
322+
projected:
323+
sources:
324+
- secret:
325+
name: {{ include "opensearch.secretName" . }}
326+
{{- if or .Values.security.tls.keystorePassword .Values.security.tls.truststorePassword .Values.security.tls.keyPassword .Values.security.tls.passwordsSecret }}
327+
- secret:
328+
name: {{ include "opensearch.tlsPasswordsSecret" . }}
329+
{{- end }}
330+
{{- end }}
316331
{{- if .Values.security.enabled }}
317332
- name: opensearch-certificates
318333
projected:

bitnami/opensearch/templates/ingest/statefulset.yaml

+16-1
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ spec:
8787
{{- if .Values.sysctlImage.enabled }}
8888
{{- include "opensearch.sysctl.initContainer" . | nindent 8}}
8989
{{- end }}
90-
{{- include "opensearch.copy-default-plugins.initContainer" (dict "component" "ingest" "context" $) | nindent 8 }}
90+
{{- include "opensearch.copy-default-plugins.initContainer" (dict "component" "ingest" "context" $) | nindent 8 }}
9191
{{- if .Values.ingest.initContainers }}
9292
{{- include "common.tplvalues.render" (dict "value" .Values.ingest.initContainers "context" $) | nindent 8 }}
9393
{{- end }}
@@ -231,6 +231,10 @@ spec:
231231
subPath: app-plugins-dir
232232
- name: data
233233
mountPath: /bitnami/opensearch/data
234+
{{- if and .Values.usePasswordFiles .Values.security.enabled }}
235+
- name: opensearch-secrets
236+
mountPath: /opt/bitnami/opensearch/secrets
237+
{{- end }}
234238
{{- if .Values.config }}
235239
- mountPath: /opt/bitnami/opensearch/config/opensearch.yml
236240
name: config
@@ -289,6 +293,17 @@ spec:
289293
configMap:
290294
name: {{ template "common.names.fullname" . }}
291295
{{- end }}
296+
{{- if and .Values.usePasswordFiles .Values.security.enabled }}
297+
- name: opensearch-secrets
298+
projected:
299+
sources:
300+
- secret:
301+
name: {{ include "opensearch.secretName" . }}
302+
{{- if or .Values.security.tls.keystorePassword .Values.security.tls.truststorePassword .Values.security.tls.keyPassword .Values.security.tls.passwordsSecret }}
303+
- secret:
304+
name: {{ include "opensearch.tlsPasswordsSecret" . }}
305+
{{- end }}
306+
{{- end }}
292307
{{- if .Values.security.enabled }}
293308
- name: opensearch-certificates
294309
projected:

bitnami/opensearch/templates/master/statefulset.yaml

+16-1
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,7 @@ spec:
109109
- name: data
110110
mountPath: /bitnami/opensearch/data
111111
{{- end }}
112-
{{- include "opensearch.copy-default-plugins.initContainer" (dict "component" "master" "context" $) | nindent 8 }}
112+
{{- include "opensearch.copy-default-plugins.initContainer" (dict "component" "master" "context" $) | nindent 8 }}
113113
{{- if .Values.master.initContainers }}
114114
{{- include "common.tplvalues.render" (dict "value" .Values.master.initContainers "context" $) | nindent 8 }}
115115
{{- end }}
@@ -269,6 +269,10 @@ spec:
269269
subPath: app-plugins-dir
270270
- name: data
271271
mountPath: /bitnami/opensearch/data
272+
{{- if and .Values.usePasswordFiles .Values.security.enabled }}
273+
- name: opensearch-secrets
274+
mountPath: /opt/bitnami/opensearch/secrets
275+
{{- end }}
272276
{{- if .Values.config }}
273277
- mountPath: /opt/bitnami/opensearch/config/opensearch.yml
274278
name: config
@@ -325,6 +329,17 @@ spec:
325329
configMap:
326330
name: {{ template "common.names.fullname" . }}
327331
{{- end }}
332+
{{- if and .Values.usePasswordFiles .Values.security.enabled }}
333+
- name: opensearch-secrets
334+
projected:
335+
sources:
336+
- secret:
337+
name: {{ include "opensearch.secretName" . }}
338+
{{- if or .Values.security.tls.keystorePassword .Values.security.tls.truststorePassword .Values.security.tls.keyPassword .Values.security.tls.passwordsSecret }}
339+
- secret:
340+
name: {{ include "opensearch.tlsPasswordsSecret" . }}
341+
{{- end }}
342+
{{- end }}
328343
{{- if .Values.security.enabled }}
329344
- name: opensearch-certificates
330345
projected:

bitnami/opensearch/values.yaml

+3
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,9 @@ extraDeploy: []
6464
## @param namespaceOverride String to fully override common.names.namespace
6565
##
6666
namespaceOverride: ""
67+
## @param usePasswordFiles Mount credentials as files instead of using environment variables
68+
##
69+
usePasswordFiles: true
6770
## Enable diagnostic mode in the deployment
6871
##
6972
diagnosticMode:

0 commit comments

Comments
 (0)