I am using the yaml file below to deploy ElasticSearch to Azure Kubernetes.
I can reach the Elasticsearch with port forwarding "localhost:9200" without authentication. How can I add a basic user/pass authentication in this file? I would be appreciated if you provide a code sample.
I searched couple of documentation about xpack but I couldn't find how to implement to yaml file.
Thanks!
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elastic
spec:
http:
service:
metadata:
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
loadbalancerIP: 10.10.10.10
type: LoadBalancer
tls:
selfSignedCertificate:
disabled: true
subjectAltNames:
- ip: 10.10.10.10
nodeSets:
- config:
node.data: true
node.ingest: false
node.master: true
node.ml: false
node.store.allow_mmap: false
xpack.security.authc:
anonymous:
authz_exception: true
roles: superuser
username: anonymous
count: 1
name: masters
podTemplate:
metadata: {}
spec:
containers:
- env:
- name: ES_JAVA_OPTS
value: -Xms150m -Xmx150m
name: elasticsearch
resources:
limits:
memory: 3Gi
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: elastic-storageclass
- config:
indices.memory.index_buffer_size: 40%
node.data: true
node.ingest: true
node.master: false
node.ml: true
node.store.allow_mmap: false
xpack.security.authc:
anonymous:
authz_exception: false
roles: superuser
username: anonymous
count: 1
name: data
podTemplate:
metadata: {}
spec:
containers:
- env:
- name: ES_JAVA_OPTS
value: -Xms150m -Xmx150m
name: elasticsearch
resources:
limits:
memory: 3Gi
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: elastic-storageclass
version: 7.5.1
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: elastic-storageclass
parameters:
kind: Managed
storageaccounttype: Premium_LRS
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Retain
volumeBindingMode: Immediate
You need to add
xpack.security.enabled: true
to the elasticsearch configuration which you have, this will enable basic RBAC in your cluster.