Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
I have installed Opensearch server version 2.19 using the official helm chart (more detail on helm chart available at Helm - OpenSearch Documentation)
Describe the issue:
I want to disable the basic authentication while keeping the SSL enabled. But i don’t find any option to do the same. I can disable basic auth using plugins.security.disabled = true option, but SSL is also getting disabled.
Note that I want to disable the basic auth to improve the REST API performance which uses opensearch to fetch the desired data. OpenSearch will be running in Kubernetes inside the VPC, so there won’t be any security issues. Also, note that we can provision AWS-managed Open search without basic authentication but SSL is enabled. So I think the same should be possible for self-hosted OpenSearch servers as well.
Configuration:
Below is my config on values.yaml file
config:
opensearch.yml: |
cluster.name: opensearch-cluster
network.host: 0.0.0.0
plugins:
security:
disabled: true
ssl:
transport:
pemcert_filepath: /usr/share/opensearch/config/certs/node.pem
pemkey_filepath: /usr/share/opensearch/config/certs/node-key.pem
pemtrustedcas_filepath: /usr/share/opensearch/config/certs/root-ca.pem
enforce_hostname_verification: false
http:
enabled: true
pemcert_filepath: /usr/share/opensearch/config/certs/node.pem
pemkey_filepath: /usr/share/opensearch/config/certs/node-key.pem
pemtrustedcas_filepath: /usr/share/opensearch/config/certs/root-ca.pem
allow_unsafe_democertificates: false
allow_default_init_securityindex: true
authcz:
admin_dn:
- "CN=*.opensearch.svc.cluster.local,OU=Unit,O=Org,L=Location,C=US"
Relevant Logs or Screenshots: