Skip to content


OpenSearch® is an open source search and analytics suite including search engine, NoSQL document database, and visualization interface. OpenSearch offers a distributed, full-text search engine based on Apache Lucene® with a RESTful API interface and support for JSON documents.


Create an OpenSearch instance

1. Create a file named os-sample.yaml, and add the following content:

kind: OpenSearch
  name: os-sample
  # gets the authentication token from the `aiven-token` Secret
    name: aiven-token
    key: token

  # outputs the OpenSearch connection on the `os-secret` Secret
    name: os-secret

  # add your Project name here
  project: PROJECT_NAME

  # cloud provider and plan of your choice
  # you can check all of the possibilities here
  cloudName: google-europe-west1
  plan: startup-4

  # general Aiven configuration
  maintenanceWindowDow: friday
  maintenanceWindowTime: 23:00:00

2. Create the service by applying the configuration:

kubectl apply -f os-sample.yaml

3. Review the resource you created with this command:

kubectl describe os-sample

The output is similar to the following:

    Last Transition Time:  2023-01-19T14:41:43Z
    Message:               Successfully created or updated the instance in Aiven
    Reason:                Created
    Status:                True
    Type:                  Initialized
    Last Transition Time:  2023-01-19T14:41:43Z
    Message:               Successfully created or updated the instance in Aiven, status remains unknown
    Reason:                Created
    Status:                Unknown
    Type:                  Running
  State:                   REBUILDING

The resource will be in the REBUILDING state for a few minutes. Once the state changes to RUNNING, you can access the resource.

Use the connection Secret

For your convenience, the operator automatically stores the OpenSearch connection information in a Secret created with the name specified on the connInfoSecretTarget field.

To view the details of the Secret, use the following command:

kubectl describe secret os-secret

The output is similar to the following:

Name:         os-secret
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

HOST:      61 bytes
PASSWORD:  24 bytes
PORT:      5 bytes
USER:      8 bytes

You can use the jq to quickly decode the Secret:

kubectl get secret os-secret -o json | jq '.data | map_values(@base64d)'

The output is similar to the following:

  "HOST": "",
  "PASSWORD": "<secret>",
  "PORT": "13041",
  "USER": "avnadmin"

Create an OpenSearch user

You can create service users for your instance of Aiven for OpenSearch. Service users are unique to this instance and are not shared with any other services.

1. Create a file named os-service-user.yaml:

kind: ServiceUser
  name: os-service-user
    name: aiven-token
    key: token

    name: os-service-user-secret

  project: PROJECT_NAME
  serviceName: os-sample

2. Create the user by applying the configuration:

kubectl apply -f os-service-user.yaml

The ServiceUser resource generates a Secret with connection information.

3. View the details of the Secret using the following command:

kubectl get secret os-service-user-secret -o json | jq '.data | map_values(@base64d)'

The output is similar to the following:

  "ACCESS_CERT": "<secret>",
  "ACCESS_KEY": "<secret>",
  "CA_CERT": "<secret>",
  "HOST": "",
  "PASSWORD": "<secret>",
  "PORT": "14609",
  "USERNAME": "os-service-user"

You can connect to the OpenSearch instance using these credentials and the host information from the os-secret Secret.