Using AWS managed OpenSearch
Camunda 8 Self-Managed has two different types of components: Camunda components (Operate, Optimize, Tasklist, etc.) and non-Camunda dependency components (such as Keycloak and Elasticsearch). For more details, review the architecture documentation for more information on the different types of applications.
This guide steps through using an existing AWS managed OpenSearch instance. By default, Helm chart deployment creates a new Elasticsearch instance, but it's possible to use AWS managed OpenSearch instead.
Preparation
Authentication
There are two layers of permissions with OpenSearch: AWS IAM and OpenSearch internal. If you would like to connect to OpenSearch using AWS IAM roles for service accounts (IRSA) then please also refer to the IAM roles for service accounts documentation.
Otherwise, if it is intended to connect to AWS managed OpenSearch with basic auth, then the example below can be followed:
Values file
The migration step within Optimize is currently not supported with OpenSearch. Disable the migration as shown in the example below.
The following values can be configured in the Camunda 8 Self-Managed Helm chart in order to use AWS managed OpenSearch:
Connecting to AWS managed OpenSearch with basic auth
global:
elasticsearch:
enabled: false
opensearch:
enabled: true
auth:
username: user
password: pass
url:
protocol: https
host: opensearch.example.com
port: 443
optimize:
migration:
enabled: false
elasticsearch:
enabled: false
From the above configuration, the internal Elasticsearch component and the Elasticsearch configuration for all components are disabled. This is required to use AWS managed OpenSearch.
If you do not wish to specify the username and password in plaintext within the values.yaml
file, then the following configuration can be used:
global:
opensearcn:
auth:
existingSecret: secretName
existingSecretKey: secretKey
Next steps
Use the custom values file to deploy Camunda 8 as usual:
helm install camunda camunda/camunda-platform -f existing-elasticsearch-values.yaml