Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OS: 2.10
OD: 2.10
Describe the issue:
I deployed the opensearch as multi node cluster with 3 master and 2 data nodes, by following the below url instruction
the cluster is up and running.
kubectl get po -n opensearch
NAME READY STATUS RESTARTS AGE
opensearch-cluster-data-0 1/1 Running 0 138m
opensearch-cluster-data-1 1/1 Running 0 138m
opensearch-cluster-master-0 1/1 Running 0 140m
opensearch-cluster-master-1 1/1 Running 0 140m
opensearch-cluster-master-2 1/1 Running 0 140m
opensearch-dashboard-dcd7ffbd6-lfvlf 1/1 Running 0 131m
but the actual issue is the service account which used to authenticate with gcs bucket is not working.
it throws 403 permission error.
if i go with usual cluster setup the SA works fine.
Configuration:
rbac:
create: true
serviceAccountAnnotations: {“iam.gke.io/gcp-service-account”: “opensearch-prod@project-id.iam.gserviceaccount.com”}
serviceAccountName: “opensearch-dashboards”
i tried different approach like.
- enabled rbac only for master node
- enabled rbac only for data node
- enabled rbac for both master and data node.
Relevant Logs or Screenshots:
but still i face the permission error. did anyonce came across this issue.
Thanks in advance.