How to use transport.truststore_filepath with opendistro helm chart

Hi,

I’m trying to setup ldap authentication using opendistro helm chart but I’m experiencing issues with the following elasticsearch config.

opendistro_security.ssl.transport.truststore_filepath: /tmp/my-certs.jks
opendistro_security.ssl.transport.truststore_password: mypassword

I don’t see any secret that I can use to mount that file. I tried to modify the helm chart and put the file inside client pod, but it seems that some java policy is messing around (file has 777 permissions and user:group elasticsearch).

From opendistro-opendistro-es-client-7b5c78567b-tf6dp pod logs:

Caused by: org.ldaptive.LdapException: Unable to connect to any of those ldap servers [myldapdserver.local:636] due to java.security.AccessControlException: access denied (“java.io.FilePermission” “/tmp/my-certs.jks” “read”)
Caused by: java.security.AccessControlException: access denied (“java.io.FilePermission” “/tmp/my-certs.jks” “read”)

What is the correct way to configure the truststore using the helm chart?

Thanks in advance.

I found that if I put the file manually inside /usr/share/elasticsearch/config in the client pod, LDAP works. Unfortunately, if the pods restarts it will fail again. I guess that must be better approach to achieve that in the helm chart.