helm-charts icon indicating copy to clipboard operation
helm-charts copied to clipboard

Published 20 hours ago verified publisher icon opensearch-project

how to add email sender credentials in opensearch-keystore which is hosted on kubernetes?

Open chasegame-alpha opened this issue 1 year ago • 11 comments

./bin/opensearch-keystore add plugins.alerting.destination.email.<sender_name>.username ./bin/opensearch-keystore add plugins.alerting.destination.email.<sender_name>.password,

These are the commands mentioned in documentation to add alerting notifications, at run time we can get inside a container and we can add them. But how to add it in configuration of opensearch?

chasegame-alpha avatar Feb 28 '23 09:02 chasegame-alpha

[Triage] Hey @chasegame-alpha there is a keystore setting for the chart, but I do see this is little tricy as it does not contain the key value pair, @TheAlgo @DandyDeveloper @smlx @PaulLesur can you please add an example here? @bbarani @rishabh6788

prudhvigodithi avatar Mar 07 '23 20:03 prudhvigodithi

[Triage] Hi @opensearch-project/alerting-plugin , @opensearch-project/notifications Can you look into this issue?

gaiksaya avatar Mar 14 '23 19:03 gaiksaya

Just checking is there a way we can add this settings as a key value pair?

prudhvigodithi avatar Mar 14 '23 19:03 prudhvigodithi

I see an example in the values.yml from the code directory that @prudhvigodithi linked above:

https://github.com/opensearch-project/helm-charts/blob/af9e379b18b5cdc1f72c51fba376bab29753d9c9/charts/opensearch/values.yaml#L419-L421

Looks like it supports the key value pair to me

qreshi avatar Mar 14 '23 20:03 qreshi

@Flyingliuhub I guess we have done this for datasources config. can you help here?

vamsi-amazon avatar Mar 14 '23 20:03 vamsi-amazon

you can create a key value pair secrets for Kubernetes based on the json file or individual value, please see sample below:

kubectl create secret generic opensearch-dashboards-sample --from-file=plugins.query.federation.datasources.config=input.json

and then use those secretName in your value.yaml file's keystore.

keystore:
  - secretName: opensearch-dashboards-sample

Flyingliuhub avatar Mar 14 '23 20:03 Flyingliuhub

hey @Flyingliuhub @prudhvigodithi @qreshi @gaiksaya @vamsi-amazon hello all, thanks for responding to the issue. But even after adding them as secrets, and adding the secret to the keystore, but that didnt worked for me. how to add to the keystore(credentials) opensearch nodes running in kubernetes (pods), and how to add them to each node without restarting the deployments. Even after adding to the keystore how can we update(credentials) them without restarting the deployments. is there any REST call to do all this for opensearch? thankyou.

chasegame-alpha avatar Mar 30 '23 09:03 chasegame-alpha

If the keystore settings were added after OpenSearch has come up, you can call the reload API (POST _nodes/reload_secure_settings) to have the credentials changes reflected in Alerting without restarting. The credentials do need to be added to the keystore per node but the API will refresh all nodes.

Also, if you are using OpenSearch 2.0 or greater, I recommend using the updated setting for Notifications keystore settings:

opensearch.notifications.core.email.<sender_name>.username
opensearch.notifications.core.email.<sender_name>.password

The legacy ones you've mentioned above will still work in 2.x but will be removed in 3.0. Using the new namespace now will allow you to avoid the sudden migration on upgrading to 3.0 in the future. It seems the documentation isn't reflecting the newer setting. I'll ask the team to update the documentation.

qreshi avatar Mar 30 '23 18:03 qreshi

@qreshi @prudhvigodithi @Flyingliuhub @gaiksaya @vamsi-amazon hello qureshi, thanks for replying to the issue. Where can i find the updated setting for Notifications Keystore settings, in deployment files, as we are following with helm deployment. I am not able to add the keystore settings and configure email to send alerts. where can i add these two settings for the pods deployed in kubernetes with helm installation. opensearch.notifications.core.email.<sender_name>.username opensearch.notifications.core.email.<sender_name>.password

Thankyou.

chasegame-alpha avatar Mar 31 '23 07:03 chasegame-alpha

I followed these steps to add SMTP credentials to Helm with a keystore:

  1. Create the secrets in k8s:
kubectl create secret generic -n <my_np> notifications-core-mail --from-literal=opensearch.notifications.core.email.<sender_name>.username=<my_email_account>
kubectl create secret generic -n <my_np> notifications-core-password --from-literal=opensearch.notifications.core.email.<sender_name>.password=<my_password>
  1. In helm, add these new secrets:
keystore:
  - secretName: notifications-core-password
  - secretName: notifications-core-mail

  1. Upgrade the Helm configuration.

  2. To check if the secret is added to the keystore, run the following command:

kubectl exec -it -n <my_np>  <my_pod_name> -- /bin/bash
opensearch-keystore list

danielcastropalomares avatar Apr 19 '23 11:04 danielcastropalomares

adding to @danielcastropalomares, you can add the secrets to the extraObjects object in values.yaml like this:

extraObjects: 
  - apiVersion: v1
    data:
      opensearch.notifications.core.email.<sender_name>.password: <password_base64_encoded>
    kind: Secret
    metadata:
      name: notifications-core-password
      namespace: opensearch
  - apiVersion: v1
    data:
      opensearch.notifications.core.email.<sender_name>.password: <password_base64_encoded>
    kind: Secret
    metadata:
      name: notifications-core-password
      namespace: opensearch

Then, reference the secrets added in the keystore object in the values.yaml:

keystore: 
  - secretName: notifications-core-email
  - secretName: notifications-core-password

aakharbotli avatar Aug 01 '24 14:08 aakharbotli