I have multi-node opensearch cluster managed using helm on GKE. the question is how to change it's password properly?
I've found some information about creating user in internal_users.yaml and disabling demo security configuration.
If that's the key then do I have to do it in each of my files? I have data.yaml, master.yaml, client.yaml for different node types correspondingly.
maybe I can give you some hints on how to move forward as I just struggled with opensearch for quite some time; the steps for setting it up right are really tedious and anti-pattern, that's why it's so hard to figure out what to do.
In order to change the admin password, you have to:
hash the new password first, by using a tool inside your opensearch container called hash.sh. It's located in your securityconfig folder.
Once you have the hashed password, you have to add or modify a custom internal_users.yaml to your configuration. If you didn't make one already, you should pick up the default one inside the container, copy paste it in your values.yaml and modify the admin part, with the new hash you generated
But it's not over lol, the configuration doesn't apply itself for data loss reasons (briefly explained here https://opensearch.org/docs/latest/security-plugin/configuration/security-admin/#a-word-of-caution). As the documentation says, once you updated your deployment, you have to enter the master node, and update the security config by using securityadmin.sh (read link above for exact command).
And voila you changed admin password. Amazingly intuitive, right ? ;) Hope I helped
P.S.: If you want to use your own certificates, your own confs and so on you should disable install demo config. It's not made for production.
