Quarkus Opensearch Extension
The quarkus-opensearch extension allows you to connect to an OpenSearch cluster using the clients provided by the OpenSearch project.
|
OpenSearch 3.x Support
This version supports OpenSearch 3.x which requires:
If you need OpenSearch 2.x support, use an earlier version of this extension. |
OpenSearch Clients
OpenSearch Java Client
This is the recommended and only supported OpenSearch client for OpenSearch 3.x. The OpenSearch Java client lets you interact with OpenSearch through Java methods and data structures, and provides both synchronous and asynchronous client implementations.
Installation
OpenSearch Java client
The java client does not have any dependencies on the REST client. All clients are sharing most of the configuration properties.
The AWS related configuration properties quarkus.opensearch.aws.* are only applicable to this java client.
If you want to use this client all you need to do is add the io.quarkiverse.opensearch:quarkus-opensearch-java-client extension first to your build file.
with Maven, add the following dependency to your POM file:
<dependency>
<groupId>io.quarkiverse.opensearch</groupId>
<artifactId>quarkus-opensearch-java-client</artifactId>
<version>2.2.0</version>
</dependency>Transport Provider (Required)
The Java client requires a transport provider to communicate with OpenSearch. You must add one of the following transport dependencies based on your deployment target.
Apache HttpClient5 Transport (Recommended)
Use this transport for:
-
Local development with Dev Services
-
Self-hosted OpenSearch clusters
-
Any non-AWS deployment
<dependency>
<groupId>io.quarkiverse.opensearch</groupId>
<artifactId>quarkus-opensearch-transport-apache</artifactId>
</dependency>AWS SDK2 Transport
Use this transport only when connecting to AWS OpenSearch Service or AWS OpenSearch Serverless. This transport requires the quarkus.opensearch.aws.service configuration property to be set.
<dependency>
<groupId>io.quarkiverse.opensearch</groupId>
<artifactId>quarkus-opensearch-transport-aws</artifactId>
</dependency># Required for AWS transport to activate
quarkus.opensearch.aws.service=es # or 'aoss' for OpenSearch Serverless
quarkus.opensearch.aws.region=us-west-2Using Both Transports
If you deploy to AWS but also use Dev Services for local development, you can include both transport dependencies. The appropriate transport will be selected automatically based on your configuration:
-
When
quarkus.opensearch.aws.serviceis set → AWS transport is used -
When
quarkus.opensearch.aws.serviceis not set → Apache transport is used
<!-- For local development and Dev Services -->
<dependency>
<groupId>io.quarkiverse.opensearch</groupId>
<artifactId>quarkus-opensearch-transport-apache</artifactId>
</dependency>
<!-- For AWS deployment -->
<dependency>
<groupId>io.quarkiverse.opensearch</groupId>
<artifactId>quarkus-opensearch-transport-aws</artifactId>
</dependency># Only set AWS config in production profile
%prod.quarkus.opensearch.aws.service=es
%prod.quarkus.opensearch.aws.region=us-west-2
%prod.quarkus.opensearch.hosts=search-mydomain.us-west-2.es.amazonaws.com|
If no matching transport provider is found, the application will fail at runtime with a detailed error message explaining which providers are available and what configuration is needed. |
Configuring Additional Named Clients
This extension supports defining and injecting multiple named OpenSearch clients, useful when your application needs to connect to different OpenSearch clusters (e.g., for analytics, logging, or operational data).
A named client can be configured using quarkus.opensearch."client-name".*.
Example: Default and Additional Client
# Default client (unnamed)
quarkus.opensearch.hosts=localhost:9200
# Additional client named "analytics"
quarkus.opensearch.analytics.hosts=analytics-cluster.internal:9200
quarkus.opensearch.analytics.username=some-user
quarkus.opensearch.analytics.password=some-password
quarkus.opensearch.analytics.aws.region=us-west-2Injecting the Default Client
If you’re using only a single OpenSearch cluster, you can inject the default client without any qualifiers:
import jakarta.inject.Inject;
import org.opensearch.client.opensearch.OpenSearchClient;
public class MyService {
@Inject
OpenSearchClient defaultClient;
public void run() {
// Use the defaultClient to interact with OpenSearch
}
}Injecting Named Clients in Your Code
To use a named client in your application, inject it using the @OpenSearchClientName qualifier:
import jakarta.inject.Inject;
import io.quarkiverse.opensearch.OpenSearchClientName;
import org.opensearch.client.opensearch.OpenSearchClient;
public class ReportService {
@Inject
@OpenSearchClientName("analytics")
OpenSearchClient analyticsClient;
public void runQuery() {
// Use the analyticsClient to run a search
}
}|
The |
OpenSearch REST High-Level Client
The REST High-Level Client depends on the REST client and does not require any additional configuration.
If you want to use this client all you need to do is add the io.quarkiverse.opensearch:quarkus-opensearch-rest-high-level-client extension first to your build file.
with Maven, add the following dependency to your POM file:
<dependency>
<groupId>io.quarkiverse.opensearch</groupId>
<artifactId>quarkus-opensearch-rest-high-level-client</artifactId>
<version>2.2.0</version>
</dependency>OpenSearch REST Low-Level Client
If you want to use this extension, you need to add the io.quarkiverse.opensearch:quarkus-opensearch-rest-client extension first to your build file.
For instance, with Maven, add the following dependency to your POM file:
<dependency>
<groupId>io.quarkiverse.opensearch</groupId>
<artifactId>quarkus-opensearch-rest-client</artifactId>
<version>2.2.0</version>
</dependency>Configuring Opensearch
The main property to configure is the URL to connect to the Opensearch cluster.
For a typical clustered Opensearch service, a sample configuration would look like the following:
# configure the Elasticsearch client for a cluster of two nodes
quarkus.opensearch.hosts = opensearch-01:9200,opensearch-02:9200In this case, we are using a single instance running on localhost:
# configure the Opensearch client for a single instance on localhost
quarkus.opensearch.hosts = localhost:9200If you need a more advanced configuration, you can find the comprehensive list of supported configuration properties at the end of this guide.
SSL/TLS Configuration
When connecting to OpenSearch over HTTPS, you can configure TLS settings using the Quarkus TLS registry. This is the recommended approach for managing SSL/TLS configuration.
Basic HTTPS Connection
For HTTPS connections with valid certificates trusted by the JVM:
quarkus.opensearch.hosts=opensearch.example.com:9200
quarkus.opensearch.protocol=https
quarkus.opensearch.username=admin
quarkus.opensearch.password=adminUsing a Custom Trust Store
To use a custom trust store (e.g., for self-signed certificates):
quarkus.opensearch.hosts=opensearch.example.com:9200
quarkus.opensearch.protocol=https
quarkus.opensearch.tls.tls-configuration-name=opensearch-tls
# Define the TLS configuration
quarkus.tls.opensearch-tls.trust-store.p12.path=/path/to/truststore.p12
quarkus.tls.opensearch-tls.trust-store.p12.password=changeitDisabling SSL Verification (Development Only)
|
Disabling SSL verification should only be used in development environments. Never disable SSL verification in production. |
For development environments where you don’t have valid certificates:
quarkus.opensearch.hosts=opensearch.example.com:9200
quarkus.opensearch.protocol=https
quarkus.opensearch.tls.tls-configuration-name=opensearch-dev
# Trust all certificates and disable hostname verification
quarkus.tls.opensearch-dev.trust-all=true
quarkus.tls.opensearch-dev.hostname-verification-algorithm=NONEYou can scope this to development mode only using profiles:
# Production uses proper certificates
%prod.quarkus.opensearch.protocol=https
# Development trusts all certificates
%dev.quarkus.opensearch.tls.tls-configuration-name=dev-tls
%dev.quarkus.tls.dev-tls.trust-all=true
%dev.quarkus.tls.dev-tls.hostname-verification-algorithm=NONE|
The legacy |
Dev Services
Quarkus supports a feature called Dev Services that allows you to start various containers without any config.
In the case of Opensearch, this support extends to the default Opensearch connection.
What that means practically is that, if you have not configured quarkus.opensearch.hosts, Quarkus will automatically
start an Opensearch container when running tests or dev mode, and automatically configure the connection.
When running the production version of the application, the Opensearch connection needs to be configured as usual,
so if you want to include a production database config in your application.properties and continue to use Dev Services
we recommend that you use the %prod. profile to define your Opensearch settings.
Extension Configuration Reference
Configuration property fixed at build time - All other configuration properties are overridable at runtime
Configuration property |
Type |
Default |
|---|---|---|
Whether a health check is published in case the smallrye-health extension is present. Environment variable: |
boolean |
|
If Dev Services for OpenSearch has been explicitly enabled or disabled. Dev Services are generally enabled by default, unless there is an existing configuration present. For OpenSearch, Dev Services starts a server unless Environment variable: |
boolean |
|
Optional fixed port the dev service will listen to. If not defined, the port will be chosen randomly. Environment variable: |
int |
|
The OpenSearch container image to use. Defaults to the opensearch image provided by OpenSearch. Environment variable: |
string |
|
The value for the OPENSEARCH_JAVA_OPTS env variable. Defaults to setting the heap to 512MB min - 1GB max. Environment variable: |
string |
|
Indicates if the OpenSearch server managed by Quarkus Dev Services is shared. When shared, Quarkus looks for running containers using label-based service discovery. If a matching container is found, it is used, and so a second one is not started. Otherwise, Dev Services for OpenSearch starts a new container. The discovery uses the Container sharing is only used in dev mode. Environment variable: |
boolean |
|
The value of the This property is used when you need multiple shared OpenSearch servers. Environment variable: |
string |
|
The list of hosts of the OpenSearch servers, when accessing AWS OpenSearch set to AWS endpoint name. Host Example: opensearch-01:9200,opensearch-02:9200 AWS Endpoint Example: search-domain-name-identifier.region.es.amazonaws.com Environment variable: |
list of string |
|
The protocol to use when contacting OpenSearch servers. Set to "https" to enable SSL/TLS. Environment variable: |
string |
|
The username for basic HTTP authentication. Environment variable: |
string |
|
The password for basic HTTP authentication. Environment variable: |
string |
|
The connection timeout. Environment variable: |
|
|
The connection timeout. Environment variable: |
|
|
The socket timeout. Environment variable: |
|
|
The maximum number of connections to all the OpenSearch servers. Environment variable: |
int |
|
The maximum number of connections per OpenSearch server. Environment variable: |
int |
|
The number of IO thread. By default, this is the number of locally detected processors. Thread counts higher than the number of processors should not be necessary because the I/O threads rely on non-blocking operations, but you may want to use a thread count lower than the number of processors. Environment variable: |
int |
|
AWS Region Environment variable: |
string |
|
Set to "es" or "aoss" to use AWS OpenSearch Service. es : Amazon OpenSearch Service aoss : Amazon OpenSearch Serverless Environment variable: |
string |
|
AWS Secret Access Key for setting up StaticCredentialsProvider Environment variable: |
string |
|
AWS Secret Access Key Secret for setting up StaticCredentialsProvider Environment variable: |
string |
|
The name of the TLS configuration to use. This refers to a configuration group defined under Environment variable: |
string |
required |
Defines if automatic discovery is enabled. Environment variable: |
boolean |
|
Refresh interval of the node list. Environment variable: |
|
|
This property is deprecated since Optional keyStoreFile to be used when connecting to cluster nodes Environment variable: |
string |
|
This property is deprecated since Optional password for accessing keyStoreFile Environment variable: |
string |
|
This property is deprecated since SSL Verify Hostname Environment variable: |
boolean |
|
This property is deprecated since Verify SSL Certificates Environment variable: |
boolean |
|
|
About the Duration format
To write duration values, use the standard You can also use a simplified format, starting with a number:
In other cases, the simplified format is translated to the
|