Skip to content

Accessing OpenSearch from an application outside Nais

This guide will show you how to access an OpenSearch instance from an application outside of supported Nais clusters.

Enable access to the relevant instance in your manifest

.nais/aivenapp.yaml 
apiVersion: aiven.nais.io/v1
kind: AivenApplication
metadata:
  name: <MY-APP>
  namespace: <MY-TEAM>
spec:
  openSearch:
    instance: <MY-INSTANCE>
    access: read # read | readwrite | write | admin
    secretName: <MY-UNIQUE-SECRET-NAME>
  protected: true

Info

The secretName must be a valid DNS label, and must be unique within the namespace.

Info

The instance name follows the convention opensearch-<team>-<instance>. If you created your instance through Nais Console, use the full name including the opensearch-<team>- prefix.

The access field defines the access level your application will have to the OpenSearch instance. See the available access levels in the reference.

Apply the AivenApplication

Add the file to your application repository, alongside nais.yaml to deploy with Nais github action.

kubectl apply -f ./nais/aivenapp.yaml --namespace=<MY-TEAM> --context=<MY-ENV>

Extract the value of the generated secret

kubectl get secret <MY-UNIQUE-SECRET-NAME> --namespace <MY-TEAM> --context <MY-ENV> -o jsonpath='{.data}'

Make the values available to your application.

The secret contains the same environment variables as described in the OpenSearch reference.