Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OS: Ubuntu 22.04
k8s version: 1.22.17
Opensource version:
opensearch-2.18.0
opensearch-dashboards-2.16.0
Describe the issue:
Charts used to setup helm-charts/charts at main · opensearch-project/helm-charts · GitHub
- Setting up Opensearch for the first time, Opensearch pods are up and running and able to curl within the pod with 9200
- Setup of Opensearch-dashboards with pods are in up and running state.
Getting 502 Bad gateway error while browsing the URL
a. updated ingress to point to the right URL under values.yaml
b. created ingress for opensearch-dashboards
Observed that if I do not create ingress, it throws an error 404 Not found. Once ingress is created, it started with 502 Bad gateway.
Configuration:
values.yaml of opensearch-dashboards are attached here with
Relevant Logs or Screenshots:
ingress.yaml
apiVersion: v1
items:
- apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.io/backend-protocol: HTTPS
nginx.io/secure-backends: "true"
creationTimestamp: "2024-03-25T08:44:55Z"
generation: 1
name: opensearch-dashboard-ingress
namespace: os
resourceVersion: "129757396"
uid: 8feb1954-85e8-4440-8c93-c50ba927ee2f
spec:
rules:
- host: explore.abc.xyz.com
http:
paths:
- backend:
service:
name: os-dashboard-opensearch-dashboards
port:
number: 5601
path: /
pathType: ImplementationSpecific
tls:
- hosts:
- explore.abc.xyz.com
secretName: explore.abc.xyz.com
Values.yaml
# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
# Default values for opensearch-dashboards.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
opensearchHosts: "https://opensearch-cluster-master:9200"
replicaCount: 1
image:
repository: "opensearchproject/opensearch-dashboards"
# override image tag, which is .Chart.AppVersion by default
tag: ""
pullPolicy: "IfNotPresent"
startupProbe:
tcpSocket:
port: 5601
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 20
successThreshold: 1
initialDelaySeconds: 10
livenessProbe:
tcpSocket:
port: 5601
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 10
successThreshold: 1
initialDelaySeconds: 10
readinessProbe:
tcpSocket:
port: 5601
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 10
successThreshold: 1
initialDelaySeconds: 10
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
rbac:
create: true
# A list of secrets and their paths to mount inside the pod
# This is useful for mounting certificates for security and for mounting
# the X-Pack license
secretMounts: []
# - name: certs
# secretName: dashboard-certs
# path: /usr/share/dashboards/certs
podAnnotations: {}
# Deployment annotations
dashboardAnnotations: {}
extraEnvs: []
# - name: "NODE_OPTIONS"
# value: "--max-old-space-size=1800"
envFrom: []
extraVolumes: []
# - name: extras
# emptyDir: {}
extraVolumeMounts: []
# - name: extras
# mountPath: /usr/share/extras
# readOnly: true
extraInitContainers: ""
extraContainers: ""
podSecurityContext: {}
securityContext:
capabilities:
drop:
- ALL
# readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
config: {}
# Default OpenSearch Dashboards configuration from docker image of Dashboards
# opensearch_dashboards.yml: |
# server:
# name: dashboards
# host: "{{ .Values.serverHost }}"
# opensearch_dashboards.yml:
# server:
# name: dashboards
# host: "{{ .Values.serverHost }}"
# Dashboards TLS Config (Ensure the cert files are present before enabling SSL
# ssl:
# enabled: true
# key: /usr/share/opensearch-dashboards/certs/dashboards-key.pem
# certificate: /usr/share/opensearch-dashboards/certs/dashboards-crt.pem
# determines how dashboards will verify certificates (needs to be none for default opensearch certificates to work)
# opensearch:
# ssl:
# certificateAuthorities: /usr/share/opensearch-dashboards/certs/dashboards-root-ca.pem
# if utilizing custom CA certs for connection to opensearch, provide the CA here
opensearchDashboardsYml:
defaultMode:
# value should be 0-0777
priorityClassName: ""
opensearchAccount:
secret: ""
keyPassphrase:
enabled: false
labels: {}
hostAliases: []
# - ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - "bar.local"
serverHost: "0.0.0.0"
service:
type: ClusterIP
# The IP family and IP families options are to set the behaviour in a dual-stack environment
# Omitting these values will let the service fall back to whatever the CNI dictates the defaults
# should be
#
# ipFamilyPolicy: SingleStack
# ipFamilies:
# - IPv4
port: 5601
loadBalancerIP: ""
nodePort: ""
labels: {}
annotations: {}
loadBalancerSourceRanges: []
# 0.0.0.0/0
httpPortName: http
ingress:
enabled: true
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
#nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.io/backend-protocol: HTTPS
# nginx.io/secure-backends: "true"
labels: {}
ingressClassName: nginx
hosts:
- host: explore.abc.xyz.com
paths:
- path: /
serviceName: "os-dashboard-opensearch-dashboards"
#pathType: ImplementationSpecific
servicePort: 5601
tls:
- secretName: explore.abc.xyz.com
hosts:
- explore.abc.xyz.com
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources:
requests:
cpu: "100m"
memory: "512M"
limits:
cpu: "100m"
memory: "512M"
autoscaling:
# This requires metrics server to be installed, to install use kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
# See https://github.com/kubernetes-sigs/metrics-server
enabled: false
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 80
updateStrategy:
type: "Recreate"
nodeSelector: {}
tolerations: []
affinity: {}
# This is the pod topology spread constraints
# https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
# -- Array of extra K8s manifests to deploy
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
# kind: SecretProviderClass
# metadata:
# name: argocd-secrets-store
# spec:
# provider: aws
# parameters:
# objects: |
# - objectName: "argocd"
# objectType: "secretsmanager"
# jmesPath:
# - path: "client_id"
# objectAlias: "client_id"
# - path: "client_secret"
# objectAlias: "client_secret"
# secretObjects:
# - data:
# - key: client_id
# objectName: client_id
# - key: client_secret
# objectName: client_secret
# secretName: argocd-secrets-store
# type: Opaque
# labels:
# app.kubernetes.io/part-of: argocd
# - |
# apiVersion: policy/v1
# kind: PodDisruptionBudget
# metadata:
# name: {{ template "opensearch-dashboards.fullname" . }}
# labels:
# {{- include "opensearch-dashboards.labels" . | nindent 4 }}
# spec:
# minAvailable: 1
# selector:
# matchLabels:
# {{- include "opensearch-dashboards.selectorLabels" . | nindent 6 }}
# pod lifecycle policies as outlined here:
# https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
lifecycle: {}
# preStop:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
# postStart:
# exec:
# command:
# - bash
# - -c
# - |
# #!/bin/bash
# curl -I "http://admin:admin@127.0.0.1:5601/status -H "kbn-xsrf: true" -H 'kbn-xsrf: true' -H "Content-Type: application/json"
## Enable to add 3rd Party / Custom plugins not offered in the default OpenSearchDashboards image.
plugins:
enabled: false
installList: []
# - example-fake-plugin-downloadable-url