How to add basic user/pass authentication to elastic.yaml

721 views Asked by At

I am using the yaml file below to deploy ElasticSearch to Azure Kubernetes.

I can reach the Elasticsearch with port forwarding "localhost:9200" without authentication. How can I add a basic user/pass authentication in this file? I would be appreciated if you provide a code sample.

I searched couple of documentation about xpack but I couldn't find how to implement to yaml file.

Thanks!

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elastic
spec:
  http:
    service:
      metadata:
        annotations:
          service.beta.kubernetes.io/azure-load-balancer-internal: "true"
      spec:
        loadbalancerIP: 10.10.10.10
        type: LoadBalancer
    tls:
      selfSignedCertificate:
        disabled: true
        subjectAltNames:
        - ip: 10.10.10.10
  nodeSets:
  - config:
      node.data: true
      node.ingest: false
      node.master: true
      node.ml: false
      node.store.allow_mmap: false
      xpack.security.authc:
        anonymous:
          authz_exception: true
          roles: superuser
          username: anonymous
    count: 1
    name: masters
    podTemplate:
      metadata: {}
      spec:
        containers:
        - env:
          - name: ES_JAVA_OPTS
            value: -Xms150m -Xmx150m
          name: elasticsearch
          resources:
            limits:
              memory: 3Gi
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        storageClassName: elastic-storageclass
  - config:
      indices.memory.index_buffer_size: 40%
      node.data: true
      node.ingest: true
      node.master: false
      node.ml: true
      node.store.allow_mmap: false
      xpack.security.authc:
        anonymous:
          authz_exception: false
          roles: superuser
          username: anonymous
    count: 1
    name: data
    podTemplate:
      metadata: {}
      spec:
        containers:
        - env:
          - name: ES_JAVA_OPTS
            value: -Xms150m -Xmx150m
          name: elasticsearch
          resources:
            limits:
              memory: 3Gi
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        storageClassName: elastic-storageclass
  version: 7.5.1
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: elastic-storageclass
parameters:
  kind: Managed
  storageaccounttype: Premium_LRS
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Retain
volumeBindingMode: Immediate
1

There are 1 answers

3
Amit On BEST ANSWER

You need to add xpack.security.enabled: true to the elasticsearch configuration which you have, this will enable basic RBAC in your cluster.