Bootstrap fails on OPENSEARCH_INITIAL_ADMIN_PASSWORD from operator

thoth · June 13, 2025, 1:09pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
opensearch/dash 3.0.0
serverOS: arch linux
browser: none cluster is not running so not needed

Describe the issue:

I have largely the same issue as:
https://forum.opensearch.org/t/new-cluster-bootstrap-only-failing-with-missing-opensearch-initial-admin-password/22934

But that issue appears dead so I thought I’d document everything I can here.

Configuration:

cluster.yaml

apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
  name:  opensearch-example
  namespace: example
spec:
  general:
    serviceName: opensearch-example
    version: "3"
  dashboards:
    enable: true
    tls:
      enable: true  # Configure TLS
      generate: true  # Have the Operator generate and sign a certificate
    version: "3"
    replicas: 1
    nodeSelector:
      opensearchrole: "worker"
    resources:
      requests:
         memory: "512Mi"
         cpu: "200m"
      limits:
         memory: "512Mi"
         cpu: "200m"
  security:
    config:  # Everything related to the securityconfig
      adminCredentialsSecret:
        name: "opensearch-example-admin-cred"
      securityConfigSecret:
        name: "opensearch-example-securityconfig-secret"
  nodePools:
    - component: nodes
      replicas: 3
      diskSize: "5Gi"
      nodeSelector:
        opensearchrole: "worker"
      resources:
         requests:
            memory: "512Mi"
            cpu: "200m"
         limits:
            memory: "512Mi"
            cpu: "200m"
      roles:
        - "cluster_manager"
        - "data"
    - component: masters
      replicas: 3
      diskSize: "5Gi"
      roles:
        - "data"
        - "master"
      nodeSelector:
        opensearchrole: "worker"
      persistence:
        pvc:
          storageClass: "example-hostpath"
          accessModes: # You can change the accessMode
          - ReadWriteOnce

apiVersion: v1
kind: Secret
metadata:
  name: opensearch-example-securityconfig-secret
type: Opaque
stringData:
      action_groups.yml: |-
         _meta:
           type: "actiongroups"
           config_version: 2
      internal_users.yml: |-
        _meta:
          type: "internalusers"
          config_version: 2
        admin:
          hash: "deadbeef"
          reserved: true
          backend_roles:
          - "admin"
          description: "Demo admin user"
        dashboarduser:
          hash: "deadbeef"
          reserved: true
          description: "Demo OpenSearch Dashboards user"
      nodes_dn.yml: |-
        _meta:
          type: "nodesdn"
          config_version: 2
      whitelist.yml: |-
        _meta:
          type: "whitelist"
          config_version: 2
      tenants.yml: |-
        _meta:
          type: "tenants"
          config_version: 2
      roles_mapping.yml: |-
        _meta:
          type: "rolesmapping"
          config_version: 2
        all_access:
          reserved: false
          backend_roles:
          - "admin"
          description: "Maps admin to all_access"
        own_index:
          reserved: false
          users:
          - "*"
          description: "Allow full access to an index named like the username"
        readall:
          reserved: false
          backend_roles:
          - "readall"
        manage_snapshots:
          reserved: false
          backend_roles:
          - "snapshotrestore"
        dashboard_server:
          reserved: true
          users:
          - "dashboarduser"
      roles.yml: |-
        _meta:
          type: "roles"
          config_version: 2
        dashboard_read_only:
          reserved: true
        security_rest_api_access:
          reserved: true
        # Allows users to view monitors, destinations and alerts
        alerting_read_access:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opendistro/alerting/alerts/get'
            - 'cluster:admin/opendistro/alerting/destination/get'
            - 'cluster:admin/opendistro/alerting/monitor/get'
            - 'cluster:admin/opendistro/alerting/monitor/search'
        # Allows users to view and acknowledge alerts
        alerting_ack_alerts:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opendistro/alerting/alerts/*'
        # Allows users to use all alerting functionality
        alerting_full_access:
          reserved: true
          cluster_permissions:
            - 'cluster_monitor'
            - 'cluster:admin/opendistro/alerting/*'
          index_permissions:
            - index_patterns:
                - '*'
              allowed_actions:
                - 'indices_monitor'
                - 'indices:admin/aliases/get'
                - 'indices:admin/mappings/get'
        # Allow users to read Anomaly Detection detectors and results
        anomaly_read_access:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opendistro/ad/detector/info'
            - 'cluster:admin/opendistro/ad/detector/search'
            - 'cluster:admin/opendistro/ad/detectors/get'
            - 'cluster:admin/opendistro/ad/result/search'
            - 'cluster:admin/opendistro/ad/tasks/search'
            - 'cluster:admin/opendistro/ad/detector/validate'
            - 'cluster:admin/opendistro/ad/result/topAnomalies'
        # Allows users to use all Anomaly Detection functionality
        anomaly_full_access:
          reserved: true
          cluster_permissions:
            - 'cluster_monitor'
            - 'cluster:admin/opendistro/ad/*'
          index_permissions:
            - index_patterns:
                - '*'
              allowed_actions:
                - 'indices_monitor'
                - 'indices:admin/aliases/get'
                - 'indices:admin/mappings/get'
        # Allows users to read Notebooks
        notebooks_read_access:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opendistro/notebooks/list'
            - 'cluster:admin/opendistro/notebooks/get'
        # Allows users to all Notebooks functionality
        notebooks_full_access:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opendistro/notebooks/create'
            - 'cluster:admin/opendistro/notebooks/update'
            - 'cluster:admin/opendistro/notebooks/delete'
            - 'cluster:admin/opendistro/notebooks/get'
            - 'cluster:admin/opendistro/notebooks/list'
        # Allows users to read observability objects
        observability_read_access:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opensearch/observability/get'
        # Allows users to all Observability functionality
        observability_full_access:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opensearch/observability/create'
            - 'cluster:admin/opensearch/observability/update'
            - 'cluster:admin/opensearch/observability/delete'
            - 'cluster:admin/opensearch/observability/get'
        # Allows users to read and download Reports
        reports_instances_read_access:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opendistro/reports/instance/list'
            - 'cluster:admin/opendistro/reports/instance/get'
            - 'cluster:admin/opendistro/reports/menu/download'
        # Allows users to read and download Reports and Report-definitions
        reports_read_access:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opendistro/reports/definition/get'
            - 'cluster:admin/opendistro/reports/definition/list'
            - 'cluster:admin/opendistro/reports/instance/list'
            - 'cluster:admin/opendistro/reports/instance/get'
            - 'cluster:admin/opendistro/reports/menu/download'
        # Allows users to all Reports functionality
        reports_full_access:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opendistro/reports/definition/create'
            - 'cluster:admin/opendistro/reports/definition/update'
            - 'cluster:admin/opendistro/reports/definition/on_demand'
            - 'cluster:admin/opendistro/reports/definition/delete'
            - 'cluster:admin/opendistro/reports/definition/get'
            - 'cluster:admin/opendistro/reports/definition/list'
            - 'cluster:admin/opendistro/reports/instance/list'
            - 'cluster:admin/opendistro/reports/instance/get'
            - 'cluster:admin/opendistro/reports/menu/download'
        # Allows users to use all asynchronous-search functionality
        asynchronous_search_full_access:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opendistro/asynchronous_search/*'
          index_permissions:
            - index_patterns:
                - '*'
              allowed_actions:
                - 'indices:data/read/search*'
        # Allows users to read stored asynchronous-search results
        asynchronous_search_read_access:
          reserved: true
          cluster_permissions:
            - 'cluster:admin/opendistro/asynchronous_search/get'
        # Allows user to use all index_management actions - ism policies, rollups, transforms
        index_management_full_access:
          reserved: true
          cluster_permissions:
            - "cluster:admin/opendistro/ism/*"
            - "cluster:admin/opendistro/rollup/*"
            - "cluster:admin/opendistro/transform/*"
          index_permissions:
            - index_patterns:
                - '*'
              allowed_actions:
                - 'indices:admin/opensearch/ism/*'
        # Allows users to use all cross cluster replication functionality at leader cluster
        cross_cluster_replication_leader_full_access:
          reserved: true
          index_permissions:
            - index_patterns:
                - '*'
              allowed_actions:
                - "indices:admin/plugins/replication/index/setup/validate"
                - "indices:data/read/plugins/replication/changes"
                - "indices:data/read/plugins/replication/file_chunk"
        # Allows users to use all cross cluster replication functionality at follower cluster
        cross_cluster_replication_follower_full_access:
          reserved: true
          cluster_permissions:
            - "cluster:admin/plugins/replication/autofollow/update"
          index_permissions:
            - index_patterns:
                - '*'
              allowed_actions:
                - "indices:admin/plugins/replication/index/setup/validate"
                - "indices:data/write/plugins/replication/changes"
                - "indices:admin/plugins/replication/index/start"
                - "indices:admin/plugins/replication/index/pause"
                - "indices:admin/plugins/replication/index/resume"
                - "indices:admin/plugins/replication/index/stop"
                - "indices:admin/plugins/replication/index/update"
                - "indices:admin/plugins/replication/index/status_check"
      config.yml: |-
        _meta:
          type: "config"
          config_version: "2"
        config:
          dynamic:
            http:
              anonymous_auth_enabled: false
            authc:
              basic_internal_auth_domain:
                http_enabled: true
                transport_enabled: true
                order: "4"
                http_authenticator:
                  type: basic
                  challenge: true
                authentication_backend:
                  type: intern

opensearch-hashpass.py

#!/usr/bin/env python
import bcrypt
import sys
argumentList = sys.argv[1:]
if len(argumentList) == 1:
    plain_text_password = argumentList[0]
    print(bcrypt.hashpw(plain_text_password.encode("utf-8"), bcrypt.gensalt(12, prefix=b"2a")).decode("utf-8"))
else:
    print("useage: ", sys.argv[0], " password")
    exit(1)

mksecret.sh

#!/usr/bin/env bash
source .env
PASS_LENGTH=33
THIS_OPENSEARCH_ADMIN_PASSWORD=$(< /dev/random tr -dc _A-Z-a-z-0-9 | head -c${PASS_LENGTH})
export THIS_OPENSEARCH_ADMIN_PASSHASH=$(src/opensearch-hashpass.py ${THIS_OPENSEARCH_ADMIN_PASSWORD})
secret_maker () {
  local secret_name=$1
  local secret_user=$2
  local secret_pass=$3
  kubectl create secret generic \
    "${secret_name}" \
    -n "${THIS_NAMESPACE}" \
    --from-literal=username="${secret_user}" \
    --from-literal=password="${secret_pass}"
}

secret_maker "${THIS_OPENSEARCH_ADMIN_CRED_SECRET}" "${THIS_OPENSEARCH_ADMIN_USER}" "${THIS_OPENSEARCH_ADMIN_PASSWORD}"

Relevant Logs or Screenshots:

Enabling OpenSearch Security Plugin
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin 
OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin a change that requires an initial password for 'admin' user. 
Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string. 
If a password is not provided, the setup will quit. 
 For more details, please visit: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 6.12.33-1-lts amd64
OpenSearch config dir: /usr/share/opensearch/config/
OpenSearch config file: /usr/share/opensearch/config/opensearch.yml
OpenSearch bin dir: /usr/share/opensearch/bin/
OpenSearch plugins dir: /usr/share/opensearch/plugins/
OpenSearch lib dir: /usr/share/opensearch/lib/
Detected OpenSearch Version: 3.0.0
Detected OpenSearch Security Version: 3.0.0.0
No custom admin password found. Please provide a password via the environment variable OPENSEARCH_INITIAL_ADMIN_PASSWORD.

these are gist links to logs.

pablo · June 13, 2025, 3:43pm

@thoth Did you follow the solution from that forum case?

You must set OPENSEARCH_INITIAL_ADMIN_PASSWORD as env variable.

This is required since version 2.12.

thoth · June 13, 2025, 4:23pm

I don’t really want it set in the yaml, I want it set as a secret as the documentation clearly shows:

github.com/opensearch-project/opensearch-k8s-operator

docs/userguide/main.md

main

# Opensearch Operator User Guide

This guide is intended for users of the Opensearch Operator. If you want to contribute to the development of the Operator, please see the [Design documents](../designs/high-level.md) and the [Developer guide](../developing.md) instead.

## Installation

The Operator can be easily installed using Helm:

1. Add the helm repo: `helm repo add opensearch-operator https://opensearch-project.github.io/opensearch-k8s-operator/`
2. Install the Operator: `helm install opensearch-operator opensearch-operator/opensearch-operator`

Follow the instructions in this video to install the Operator:

[![Watch the video](https://opster.com/wp-content/uploads/2022/05/Operator-Installation-Tutorial.png)](https://player.vimeo.com/video/708641527)

A few notes on operator releases:

* Please see the project README for a compatibility matrix which operator release is compatible with which OpenSearch release.
* The userguide in the repository corresponds to the current development state of the code. To view the documentation for a specific released version switch to that tag in the Github menu.
* We track feature requests as Github Issues. If you are missing a feature and find an issue for it, please be aware that an issue ticket closed as completed only means that feature has been implemented in the development version. After that it might still take some for the feature to be contained in a release. If you are unsure, please check the list of releases in our Github project if your feature is mentioned in the release notes.

This file has been truncated. show original

why are we moving backwards?

EDIT: that is a link to the docs, not spam

thoth · June 14, 2025, 1:17am

And I did try setting that env var for the bootstrap in the yaml like so:

apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
  name:  opensearch-example
  namespace: example
spec:
  #plugins.security.allow_default_init_securityindex: true
  general:
    serviceName: opensearch-example
    version: "3"
  dashboards:
    enable: true
    tls:
      enable: true  # Configure TLS
      generate: true  # Have the Operator generate and sign a certificate
    version: "3"
    replicas: 1
    nodeSelector:
      opensearchrole: "worker"
    resources:
      requests:
         memory: "512Mi"
         cpu: "200m"
      limits:
         memory: "512Mi"
         cpu: "200m"
  bootstrap:
    additionalConfig:
      OPENSEARCH_INITIAL_ADMIN_PASSWORD: "deadbeefDeluxe333!"
  #security:
  #  config:  # Everything related to the securityconfig
  #    adminCredentialsSecret:
  #      name: "opensearch-example-admin-cred"
  #    securityConfigSecret:
  #      name: "opensearch-example-securityconfig-secret"
  nodePools:
    - component: nodes
      replicas: 3
      diskSize: "5Gi"
      nodeSelector:
        opensearchrole: "worker"
      resources:
         requests:
            memory: "512Mi"
            cpu: "200m"
         limits:
            memory: "512Mi"
            cpu: "200m"
      roles:
        - "cluster_manager"
        - "data"
    - component: masters
      replicas: 3
      diskSize: "5Gi"
      roles:
        - "data"
        - "master"
      nodeSelector:
        opensearchrole: "worker"
      persistence:
        pvc:
          storageClass: "example-hostpath"
          accessModes: # You can change the accessMode
          - ReadWriteOnce

but the bootstrap pod still complains:

gist.github.com

https://gist.github.com/joshuacox/3bc7e6755428142bcee5a0dfa6f60dd1

gistfile0.txt

Enabling OpenSearch Security Plugin
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin 
OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin a change that requires an initial password for 'admin' user. 
Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string. 
If a password is not provided, the setup will quit. 
 For more details, please visit: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 6.12.33-1-lts amd64
OpenSearch config dir: /usr/share/opensearch/config/

This file has been truncated. show original

as does the master:

Enabling OpenSearch Security Plugin
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin 
OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin a change that requires an initial password for 'admin' user. 
Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string. 
If a password is not provided, the setup will quit. 
 For more details, please visit: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 6.12.33-1-lts amd64
OpenSearch config dir: /usr/share/opensearch/config/
OpenSearch config file: /usr/share/opensearch/config/opensearch.yml
OpenSearch bin dir: /usr/share/opensearch/bin/
OpenSearch plugins dir: /usr/share/opensearch/plugins/
OpenSearch lib dir: /usr/share/opensearch/lib/
Detected OpenSearch Version: 3.0.0
Detected OpenSearch Security Version: 3.0.0.0
No custom admin password found. Please provide a password via the environment variable OPENSEARCH_INITIAL_ADMIN_PASSWORD.

and the node:

Enabling OpenSearch Security Plugin
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin 
OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin a change that requires an initial password for 'admin' user. 
Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string. 
If a password is not provided, the setup will quit. 
 For more details, please visit: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 6.12.33-1-lts amd64
OpenSearch config dir: /usr/share/opensearch/config/
OpenSearch config file: /usr/share/opensearch/config/opensearch.yml
OpenSearch bin dir: /usr/share/opensearch/bin/
OpenSearch plugins dir: /usr/share/opensearch/plugins/
OpenSearch lib dir: /usr/share/opensearch/lib/
Detected OpenSearch Version: 3.0.0
Detected OpenSearch Security Version: 3.0.0.0
No custom admin password found. Please provide a password via the environment variable OPENSEARCH_INITIAL_ADMIN_PASSWORD.

However, I may be doing something wrong in the above yaml. I have a full example here in this repo:

EDIT: that is a legitimate repo with code that will spin up opensearch in kind along with some other things I am testing. It is not spam.

Gsmitt · June 14, 2025, 3:17am

Hey @thoth

Have you tried setting that on the host?

vi /etc/environment

OPENSEARCH_INITIAL_ADMIN_PASSWORD=deadbeefDeluxe333!

thoth · June 14, 2025, 4:08pm

@Gsmitt I just tried anyhow, but it did not change anything. I have that value in a .env file I am sourcing beforehand so I did not think that would make a difference.

grepping around for OPENSEARCH_INITIAL_ADMIN_PASSWORD comes up with nothing in the opensearch-k8s-operator repo.

Is it possible to get the examples/securityconfig-secret.yaml working?

thoth · June 15, 2025, 12:22am

Adding the configs:

      additionalConfig:
        OPENSEARCH_INITIAL_ADMIN_PASSWORD: "deadbeefDeluxe333!"

to all nodes and masters gets further, but then bootstrap, and every node and master will all be setting the initial password? That doesn’t make sense.

apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
  name:  opensearch-example
  namespace: example
spec:
  #plugins.security.allow_default_init_securityindex: true
  general:
    serviceName: opensearch-example
    version: "2.19.2"
  dashboards:
    enable: true
    tls:
      enable: true  # Configure TLS
      generate: true  # Have the Operator generate and sign a certificate
    version: "2.19.2"
    replicas: 1
    nodeSelector:
      opensearchrole: "worker"
    resources:
      requests:
         memory: "512Mi"
         cpu: "200m"
      limits:
         memory: "512Mi"
         cpu: "200m"
  bootstrap:
    additionalConfig:
      OPENSEARCH_INITIAL_ADMIN_PASSWORD: "deadbeefDeluxe333!"
  #security:
  #  config:  # Everything related to the securityconfig
  #    adminCredentialsSecret:
  #      name: "opensearch-example-admin-cred"
  #    securityConfigSecret:
  #      name: "opensearch-example-securityconfig-secret"
  nodePools:
    - component: nodes
      additionalConfig:
        OPENSEARCH_INITIAL_ADMIN_PASSWORD: "deadbeefDeluxe333!"
      replicas: 3
      diskSize: "5Gi"
      nodeSelector:
        opensearchrole: "worker"
      resources:
         requests:
            memory: "512Mi"
            cpu: "200m"
         limits:
            memory: "512Mi"
            cpu: "200m"
      roles:
        - "cluster_manager"
        - "data"
    - component: masters
      additionalConfig:
        OPENSEARCH_INITIAL_ADMIN_PASSWORD: "deadbeefDeluxe333!"
      replicas: 3
      diskSize: "5Gi"
      roles:
        - "data"
        - "master"
      nodeSelector:
        opensearchrole: "worker"
      persistence:
        pvc:
          storageClass: "example-hostpath"
          accessModes: # You can change the accessMode
          - ReadWriteOnce

However, they are not healthy:

example              opensearch-example-bootstrap-0                                    1/1     Running   0               21m
example              opensearch-example-dashboards-5b4c4dd978-474mc                    0/1     Running   5 (2m21s ago)   20m
example              opensearch-example-masters-0                                      0/1     Running   0               21m
example              opensearch-example-nodes-0                                        0/1     Running   7 (5m29s ago)   21m
example              opensearch-operator-example-controller-manager-7cf598c68f-7mbqq   2/2     Running   0               21m

bootstrap logs:

gist.github.com

https://gist.github.com/joshuacox/538df0d4ec56890a1accd618febc2281

gistfile0.txt

Enabling OpenSearch Security Plugin
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin 
OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin a change that requires an initial password for 'admin' user. 
Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string. 
If a password is not provided, the setup will quit. 
 For more details, please visit: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 6.12.33-1-lts amd64
OpenSearch config dir: /usr/share/opensearch/config/

This file has been truncated. show original

masters logs:

gist.github.com

https://gist.github.com/joshuacox/d7bcd6ee5a062ce541d1e1ec4bfcb57a

gistfile0.txt

Enabling OpenSearch Security Plugin
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin 
OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin a change that requires an initial password for 'admin' user. 
Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string. 
If a password is not provided, the setup will quit. 
 For more details, please visit: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 6.12.33-1-lts amd64
OpenSearch config dir: /usr/share/opensearch/config/

This file has been truncated. show original

and the master’s description:

Name:             opensearch-example-masters-0
Namespace:        example
Priority:         0
Service Account:  default
Node:             vigilant-octo-waffle-worker2/172.18.0.2
Start Time:       Sat, 14 Jun 2025 18:59:17 -0500
Labels:           apps.kubernetes.io/pod-index=0
                  controller-revision-hash=opensearch-example-masters-547d998c4f
                  opensearch.role=cluster_manager
                  opster.io/opensearch-cluster=opensearch-example
                  opster.io/opensearch-nodepool=masters
                  statefulset.kubernetes.io/pod-name=opensearch-example-masters-0
Annotations:      banzaicloud.com/last-applied:
                    UEsDBBQACAAIAAAAAAAAAAAAAAAAAAAAAAAIAAAAb3JpZ2luYWzMVm1v27YT/yr+H/4vVkCy5aRpGwF7YSTtlqFODDt9wFLDoMhLzIUiNZJy4gX67sNRskM3TvZmA4oAAU3dHe/u97...
                  opster.io/config: 
Status:           Running
IP:               10.244.2.19
IPs:
  IP:           10.244.2.19
Controlled By:  StatefulSet/opensearch-example-masters
Init Containers:
  init:
    Container ID:  containerd://e927e2925ad9c3b3bb4be20ef3e3e97a555efb8169efbac5f011f67b05e46413
    Image:         docker.io/busybox:latest
    Image ID:      docker.io/library/busybox@sha256:f85340bf132ae937d2c2a763b8335c9bab35d6e8293f70f606b9c6178d84f42b
    Port:          <none>
    Host Port:     <none>
    Command:
      sh
      -c
    Args:
      chown -R 1000:1000 /usr/share/opensearch/data
    State:          Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Sat, 14 Jun 2025 18:59:20 -0500
      Finished:     Sat, 14 Jun 2025 18:59:20 -0500
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /usr/share/opensearch/data from data (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-ln9xb (ro)
Containers:
  opensearch:
    Container ID:  containerd://f036d39232e1907ddbf043461622ce6b6429bdd87ac27f299eb8b3fe5d42a349
    Image:         docker.io/opensearchproject/opensearch:3
    Image ID:      docker.io/opensearchproject/opensearch@sha256:00565f63fa1aa1643d5a2cf61cb5f09b4aeddee2f12703f01c534f051bff1a99
    Ports:         9200/TCP, 9300/TCP
    Host Ports:    0/TCP, 0/TCP
    Command:
      /bin/bash
      -c
      ./opensearch-docker-entrypoint.sh
    State:          Running
      Started:      Sat, 14 Jun 2025 19:00:40 -0500
    Ready:          False
    Restart Count:  0
    Liveness:       tcp-socket :9200 delay=10s timeout=5s period=20s #success=1 #failure=10
    Readiness:      exec [/bin/bash -c curl -k -u "$(cat /mnt/admin-credentials/username):$(cat /mnt/admin-credentials/password)" --silent --fail https://localhost:9200] delay=60s timeout=30s period=30s #success=1 #failure=5
    Startup:        tcp-socket :9200 delay=10s timeout=5s period=20s #success=1 #failure=10
    Environment:
      cluster.initial_master_nodes:       opensearch-example-bootstrap-0
      discovery.seed_hosts:               opensearch-example-discovery
      cluster.name:                       opensearch-example
      network.bind_host:                  0.0.0.0
      network.publish_host:               opensearch-example-masters-0 (v1:metadata.name)
      OPENSEARCH_JAVA_OPTS:               -Xmx512M -Xms512M -Dopensearch.transport.cname_in_publish_address=true
      node.roles:                         data,cluster_manager
      http.port:                          9200
      OPENSEARCH_INITIAL_ADMIN_PASSWORD:  FlMdZUMl!xV9y1z6
    Mounts:
      /mnt/admin-credentials from admin-credentials (rw)
      /usr/share/opensearch/data from data (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-ln9xb (ro)
Conditions:
  Type                        Status
  PodReadyToStartContainers   True 
  Initialized                 True 
  Ready                       False 
  ContainersReady             False 
  PodScheduled                True 
Volumes:
  data:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  data-opensearch-example-masters-0
    ReadOnly:   false
  admin-credentials:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  opensearch-example-admin-password
    Optional:    false
  kube-api-access-ln9xb:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    Optional:                false
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              opensearchrole=worker
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age                   From               Message
  ----     ------     ----                  ----               -------
  Normal   Scheduled  22m                   default-scheduler  Successfully assigned example/opensearch-example-masters-0 to vigilant-octo-waffle-worker2
  Normal   Pulling    22m                   kubelet            Pulling image "docker.io/busybox:latest"
  Normal   Pulled     22m                   kubelet            Successfully pulled image "docker.io/busybox:latest" in 1.858s (2.455s including waiting). Image size: 2156518 bytes.
  Normal   Created    22m                   kubelet            Created container: init
  Normal   Started    22m                   kubelet            Started container init
  Normal   Pulling    22m                   kubelet            Pulling image "docker.io/opensearchproject/opensearch:3"
  Normal   Pulled     21m                   kubelet            Successfully pulled image "docker.io/opensearchproject/opensearch:3" in 2.1s (1m19.071s including waiting). Image size: 1040964215 bytes.
  Normal   Created    21m                   kubelet            Created container: opensearch
  Normal   Started    21m                   kubelet            Started container opensearch
  Warning  Unhealthy  4m44s (x37 over 19m)  kubelet            Readiness probe failed:

these are just logs not advertisements.

thoth · June 16, 2025, 5:58am

Hmm for some reason I can’t link to this projects github, but there are a few issues that follow this as well:

opensearch-k8s-operator/issues/759

which leads to

opensearch-project/opensearch-k8s-operator/issues/759#issuecomment-2283329133

or the workaround:

yeah, Install 2.11.0 and then upgrade to a version you want to. during upgrade, bootstrap pod is no longer used.

which is an interesting workaround.

pablo · June 17, 2025, 12:47am

@thoth Could you try this instead? I’ve added TLS certs generation for OpenSearch nodes HTTP and Transport layer.

apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
  name:  opensearch-example
  namespace: example
spec:
  general:
    serviceName: opensearch-example
    version: "3"
  dashboards:
    enable: true
    tls:
      enable: true  # Configure TLS
      generate: true  # Have the Operator generate and sign a certificate
    version: "3"
    replicas: 1
    nodeSelector:
      opensearchrole: "worker"
    resources:
      requests:
         memory: "512Mi"
         cpu: "200m"
      limits:
         memory: "512Mi"
         cpu: "200m"
  security:
    config:  # Everything related to the securityconfig
      adminCredentialsSecret:
        name: "opensearch-example-admin-cred"
      securityConfigSecret:
        name: "opensearch-example-securityconfig-secret"
    tls: #Add here
       http:
         generate: true
       transport:
         generate: true
         perNode: true

  nodePools:
    - component: nodes
      replicas: 3
      diskSize: "5Gi"
      nodeSelector:
        opensearchrole: "worker"
      resources:
         requests:
            memory: "512Mi"
            cpu: "200m"
         limits:
            memory: "512Mi"
            cpu: "200m"
      roles:
        - "cluster_manager"
        - "data"
    - component: masters
      replicas: 3
      diskSize: "5Gi"
      roles:
        - "data"
        - "master"
      nodeSelector:
        opensearchrole: "worker"
      persistence:
        pvc:
          storageClass: "example-hostpath"
          accessModes: # You can change the accessMode
          - ReadWriteOnce

thoth · June 17, 2025, 2:55pm

@Pablo let me make those changes:

git diff main|\cat
diff --git a/init/opensearch-operator/cluster.yaml b/init/opensearch-operator/cluster.yaml
index e554cc0..7108b66 100644
--- a/init/opensearch-operator/cluster.yaml
+++ b/init/opensearch-operator/cluster.yaml
@@ -34,6 +34,12 @@ spec:
         name: "${THIS_OPENSEARCH_ADMIN_CRED_SECRET}"
       securityConfigSecret:
         name: "opensearch-${THIS_NAME}-securityconfig-secret"
+    tls:
+       http:
+         generate: true
+       transport:
+         generate: true
+         perNode: true
   nodePools:
     - component: nodes
   #    additionalConfig:

But I get this reconciler error, it looks as if it is not making the service?

{"level":"error","ts":"2025-06-17T14:00:01.203Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"01fe5a20-4e35-4afe-a213-5437ffcb932b","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}

more logs here for the operator:

kl -n example opensearch-operator-example-controller-manager-7cf598c68f-vpnpj -c operator-controller-manager
{"level":"info","ts":"2025-06-17T13:59:51.940Z","logger":"controller-runtime.metrics","msg":"Metrics server is starting to listen","addr":"127.0.0.1:8080"}
{"level":"info","ts":"2025-06-17T13:59:51.941Z","logger":"setup","msg":"Starting manager"}
{"level":"info","ts":"2025-06-17T13:59:51.941Z","msg":"starting server","path":"/metrics","kind":"metrics","addr":"127.0.0.1:8080"}
{"level":"info","ts":"2025-06-17T13:59:51.941Z","msg":"Starting server","kind":"health probe","addr":"[::]:8081"}
I0617 13:59:51.941390       1 leaderelection.go:245] attempting to acquire leader lease example/a867c7dc.opensearch.opster.io...
I0617 13:59:51.996211       1 leaderelection.go:255] successfully acquired lease example/a867c7dc.opensearch.opster.io
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting EventSource","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","source":"kind source: *v1.OpenSearchCluster"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting EventSource","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","source":"kind source: *v1.Pod"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting EventSource","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","source":"kind source: *v1.Secret"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting EventSource","controller":"opensearchrole","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchRole","source":"kind source: *v1.OpensearchRole"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting EventSource","controller":"opensearchtenant","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchTenant","source":"kind source: *v1.OpensearchTenant"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting EventSource","controller":"opensearchtenant","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchTenant","source":"kind source: *v1.OpenSearchCluster"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting EventSource","controller":"opensearchrole","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchRole","source":"kind source: *v1.OpenSearchCluster"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting Controller","controller":"opensearchrole","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchRole"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting Controller","controller":"opensearchtenant","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchTenant"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting EventSource","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","source":"kind source: *v1.ConfigMap"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting EventSource","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","source":"kind source: *v1.Service"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting EventSource","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","source":"kind source: *v1.Deployment"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting EventSource","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","source":"kind source: *v1.StatefulSet"}
{"level":"info","ts":"2025-06-17T13:59:51.996Z","msg":"Starting Controller","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting EventSource","controller":"opensearchismpolicy","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchISMPolicy","source":"kind source: *v1.OpenSearchISMPolicy"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting EventSource","controller":"opensearchismpolicy","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchISMPolicy","source":"kind source: *v1.OpenSearchCluster"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting Controller","controller":"opensearchismpolicy","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchISMPolicy"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting EventSource","controller":"opensearchactiongroup","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchActionGroup","source":"kind source: *v1.OpensearchActionGroup"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting EventSource","controller":"opensearchactiongroup","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchActionGroup","source":"kind source: *v1.OpenSearchCluster"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting Controller","controller":"opensearchactiongroup","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchActionGroup"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting EventSource","controller":"opensearchcomponenttemplate","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchComponentTemplate","source":"kind source: *v1.OpensearchComponentTemplate"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting EventSource","controller":"opensearchcomponenttemplate","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchComponentTemplate","source":"kind source: *v1.OpenSearchCluster"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting Controller","controller":"opensearchcomponenttemplate","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchComponentTemplate"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting EventSource","controller":"opensearchindextemplate","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchIndexTemplate","source":"kind source: *v1.OpensearchIndexTemplate"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting EventSource","controller":"opensearchindextemplate","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchIndexTemplate","source":"kind source: *v1.OpenSearchCluster"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting Controller","controller":"opensearchindextemplate","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchIndexTemplate"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting EventSource","controller":"opensearchuserrolebinding","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUserRoleBinding","source":"kind source: *v1.OpensearchUserRoleBinding"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting EventSource","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","source":"kind source: *v1.OpensearchUser"}
{"level":"info","ts":"2025-06-17T13:59:51.998Z","msg":"Starting EventSource","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","source":"kind source: *v1.OpenSearchCluster"}
{"level":"info","ts":"2025-06-17T13:59:51.998Z","msg":"Starting EventSource","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","source":"kind source: *v1.Secret"}
{"level":"info","ts":"2025-06-17T13:59:51.998Z","msg":"Starting Controller","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser"}
{"level":"info","ts":"2025-06-17T13:59:51.997Z","msg":"Starting EventSource","controller":"opensearchuserrolebinding","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUserRoleBinding","source":"kind source: *v1.OpenSearchCluster"}
{"level":"info","ts":"2025-06-17T13:59:52.037Z","msg":"Starting Controller","controller":"opensearchuserrolebinding","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUserRoleBinding"}
{"level":"info","ts":"2025-06-17T13:59:52.337Z","msg":"Starting workers","controller":"opensearchcomponenttemplate","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchComponentTemplate","worker count":1}
{"level":"info","ts":"2025-06-17T13:59:52.337Z","msg":"Starting workers","controller":"opensearchindextemplate","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchIndexTemplate","worker count":1}
{"level":"info","ts":"2025-06-17T13:59:52.337Z","msg":"Starting workers","controller":"opensearchactiongroup","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchActionGroup","worker count":1}
{"level":"info","ts":"2025-06-17T13:59:52.337Z","msg":"Starting workers","controller":"opensearchrole","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchRole","worker count":1}
{"level":"info","ts":"2025-06-17T13:59:52.337Z","msg":"Starting workers","controller":"opensearchtenant","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchTenant","worker count":1}
{"level":"info","ts":"2025-06-17T13:59:52.337Z","msg":"Starting workers","controller":"opensearchismpolicy","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchISMPolicy","worker count":1}
{"level":"info","ts":"2025-06-17T13:59:52.338Z","msg":"Starting workers","controller":"opensearchuserrolebinding","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUserRoleBinding","worker count":1}
{"level":"info","ts":"2025-06-17T13:59:52.344Z","msg":"Starting workers","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","worker count":1}
{"level":"info","ts":"2025-06-17T13:59:52.396Z","msg":"Starting workers","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","worker count":1}
{"level":"info","ts":"2025-06-17T13:59:55.260Z","msg":"Reconciling OpenSearchCluster","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"b75d2777-1e79-484f-86cb-00ea240b8d81","cluster":{"name":"opensearch-example","namespace":"example"}}
{"level":"info","ts":"2025-06-17T13:59:55.270Z","logger":"KubeAPIWarningLogger","msg":"metadata.finalizers: \"Opster\": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers"}
{"level":"info","ts":"2025-06-17T13:59:55.270Z","msg":"Start reconcile - Phase: PENDING","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"b75d2777-1e79-484f-86cb-00ea240b8d81","cluster":{"name":"opensearch-example","namespace":"example"}}
{"level":"info","ts":"2025-06-17T13:59:55.279Z","msg":"Reconciling OpenSearchCluster","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a9b4a020-1ec5-4fe5-bf62-b51ebab71f26","cluster":{"name":"opensearch-example","namespace":"example"}}
{"level":"info","ts":"2025-06-17T13:59:55.337Z","msg":"Generating certificates","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a9b4a020-1ec5-4fe5-bf62-b51ebab71f26","interface":"transport"}
{"level":"error","ts":"2025-06-17T13:59:55.537Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"22bf7107-ef42-4b7e-b90e-4cff4108f270","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T13:59:55.549Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"e51a2e9d-4ce8-483c-beaf-aa86f037c053","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T13:59:55.704Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"92a0ca30-0d25-4f35-b7ec-67e2078872e4","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T13:59:55.805Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"08c55c9c-3b19-4bb6-857e-87a55ee4e5e3","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T13:59:55.996Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"048ddb74-b2fc-4b63-8c70-bcfb543268e3","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T13:59:56.008Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"ea222bf9-bd0c-4fa1-a4e9-8a6aa39efd08","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T13:59:56.107Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"de2fad77-853b-44bb-bfa7-f90713135934","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T13:59:56.504Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"689661c6-a3fa-4fba-87b8-5a42619e73d5","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T13:59:57.203Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"c2f754c9-ea56-40e3-ac69-87f80066ef7c","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T13:59:58.601Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"7e1017f1-03b8-40be-be40-c5da1bba4983","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T14:00:01.203Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"01fe5a20-4e35-4afe-a213-5437ffcb932b","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"info","ts":"2025-06-17T14:00:01.705Z","msg":"resource created","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a9b4a020-1ec5-4fe5-bf62-b51ebab71f26","name":"opensearch-example-ca","namespace":"example","apiVersion":"v1","kind":"Secret"}
{"level":"error","ts":"2025-06-17T14:00:06.405Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"fb22f729-f0d4-4a39-a84c-50ced373ca35","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T14:00:16.700Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"08564c3b-8039-48d1-825c-7a0e958bf75e","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2025-06-17T14:00:37.204Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"d7800559-dc97-479c-b5cf-d42f0e1f5d23","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"info","ts":"2025-06-17T14:00:40.914Z","msg":"resource created","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a9b4a020-1ec5-4fe5-bf62-b51ebab71f26","name":"opensearch-example-transport-cert","namespace":"example","apiVersion":"v1","kind":"Secret"}
{"level":"info","ts":"2025-06-17T14:00:40.914Z","msg":"Generating certificates","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a9b4a020-1ec5-4fe5-bf62-b51ebab71f26","interface":"http"}
{"level":"info","ts":"2025-06-17T14:00:49.513Z","msg":"resource created","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a9b4a020-1ec5-4fe5-bf62-b51ebab71f26","name":"opensearch-example-http-cert","namespace":"example","apiVersion":"v1","kind":"Secret"}
{"level":"info","ts":"2025-06-17T14:00:49.514Z","msg":"admin cert does not exist, creating","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a9b4a020-1ec5-4fe5-bf62-b51ebab71f26"}
{"level":"info","ts":"2025-06-17T14:00:56.917Z","msg":"resource created","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a9b4a020-1ec5-4fe5-bf62-b51ebab71f26","name":"opensearch-example-admin-cert","namespace":"example","apiVersion":"v1","kind":"Secret"}
{"level":"info","ts":"2025-06-17T14:00:56.917Z","msg":"Waiting for secret 'opensearch-example-securityconfig-secret' that contains the securityconfig to be created","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a9b4a020-1ec5-4fe5-bf62-b51ebab71f26"}
{"level":"info","ts":"2025-06-17T14:00:56.917Z","msg":"Reconciling OpenSearchCluster","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"9bcc0732-59e2-4816-b334-6ba0d7ce6e48","cluster":{"name":"opensearch-example","namespace":"example"}}
{"level":"info","ts":"2025-06-17T14:00:56.995Z","msg":"Generating certificates","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"9bcc0732-59e2-4816-b334-6ba0d7ce6e48","interface":"transport"}
{"level":"info","ts":"2025-06-17T14:00:57.000Z","msg":"Generating certificates","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"9bcc0732-59e2-4816-b334-6ba0d7ce6e48","interface":"http"}
{"level":"info","ts":"2025-06-17T14:00:57.000Z","msg":"Waiting for secret 'opensearch-example-securityconfig-secret' that contains the securityconfig to be created","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"9bcc0732-59e2-4816-b334-6ba0d7ce6e48"}
{"level":"info","ts":"2025-06-17T14:01:06.917Z","msg":"Reconciling OpenSearchCluster","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"92d24b98-3085-49ad-ae6c-191f81c3888d","cluster":{"name":"opensearch-example","namespace":"example"}}
{"level":"info","ts":"2025-06-17T14:01:06.929Z","msg":"Generating certificates","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"92d24b98-3085-49ad-ae6c-191f81c3888d","interface":"transport"}
{"level":"info","ts":"2025-06-17T14:01:06.933Z","msg":"Generating certificates","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"92d24b98-3085-49ad-ae6c-191f81c3888d","interface":"http"}
{"level":"info","ts":"2025-06-17T14:01:06.933Z","msg":"Waiting for secret 'opensearch-example-securityconfig-secret' that contains the securityconfig to be created","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"92d24b98-3085-49ad-ae6c-191f81c3888d"}
{"level":"info","ts":"2025-06-17T14:01:16.934Z","msg":"Reconciling OpenSearchCluster","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"3c19a1b3-137d-42c9-9f46-f666b8abf125","cluster":{"name":"opensearch-example","namespace":"example"}}
{"level":"info","ts":"2025-06-17T14:01:16.944Z","msg":"Generating certificates","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"3c19a1b3-137d-42c9-9f46-f666b8abf125","interface":"transport"}
{"level":"info","ts":"2025-06-17T14:01:16.948Z","msg":"Generating certificates","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"3c19a1b3-137d-42c9-9f46-f666b8abf125","interface":"http"}
{"level":"info","ts":"2025-06-17T14:01:16.948Z","msg":"Waiting for secret 'opensearch-example-securityconfig-secret' that contains the securityconfig to be created","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"3c19a1b3-137d-42c9-9f46-f666b8abf125"}
{"level":"error","ts":"2025-06-17T14:01:18.176Z","msg":"Reconciler error","controller":"opensearchuser","controllerGroup":"opensearch.opster.io","controllerKind":"OpensearchUser","OpensearchUser":{"name":"opensearchdash","namespace":"example"},"namespace":"example","name":"opensearchdash","reconcileID":"0c18a0e7-10bd-439d-9851-1c8992c27a63","error":"dial tcp: lookup opensearch-example.example.svc.cluster.local on 10.96.0.10:53: no such host","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"}
{"level":"info","ts":"2025-06-17T14:01:26.948Z","msg":"Reconciling OpenSearchCluster","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a151c7ee-785d-4eeb-9e3e-36d232b69350","cluster":{"name":"opensearch-example","namespace":"example"}}
{"level":"info","ts":"2025-06-17T14:01:26.960Z","msg":"Generating certificates","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a151c7ee-785d-4eeb-9e3e-36d232b69350","interface":"transport"}
{"level":"info","ts":"2025-06-17T14:01:26.964Z","msg":"Generating certificates","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a151c7ee-785d-4eeb-9e3e-36d232b69350","interface":"http"}
{"level":"info","ts":"2025-06-17T14:01:26.964Z","msg":"Waiting for secret 'opensearch-example-securityconfig-secret' that contains the securityconfig to be created","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"a151c7ee-785d-4eeb-9e3e-36d232b69350"}
{"level":"info","ts":"2025-06-17T14:01:36.964Z","msg":"Reconciling OpenSearchCluster","controller":"opensearchcluster","controllerGroup":"opensearch.opster.io","controllerKind":"OpenSearchCluster","OpenSearchCluster":{"name":"opensearch-example","namespace":"example"},"namespace":"example","name":"opensearch-example","reconcileID":"6a09cbc3-dc18-4185-82d5-810c9340beff","cluster":{"name":"opensearch-example","namespace":"example"}}

Topic		Replies	Views
New Cluster - Bootstrap only failing with missing OPENSEARCH_INITIAL_ADMIN_PASSWORD OpenSearch troubleshoot , install	2	209	January 17, 2025
Unable to change admin user password while deploying OpenSearch Security	11	1781	August 9, 2023
Problem with the default admin Passwort OpenSearch	22	10973	March 12, 2025
Bootstrap checks failed error in OpenSearch dashboard 1.3.15 OpenSearch Dashboards	1	520	August 14, 2024
Cannot update admin password OpenSearch troubleshoot , index-management	1	329	February 29, 2024

Bootstrap fails on OPENSEARCH_INITIAL_ADMIN_PASSWORD from operator

Related topics