1

I am using the yaml file below to deploy ElasticSearch to Azure Kubernetes.

I can reach the Elasticsearch with port forwarding "localhost:9200" without authentication. How can I add a basic user/pass authentication in this file? I would be appreciated if you provide a code sample.

I searched couple of documentation about xpack but I couldn't find how to implement to yaml file.

Thanks!

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elastic
spec:
  http:
    service:
      metadata:
        annotations:
          service.beta.kubernetes.io/azure-load-balancer-internal: "true"
      spec:
        loadbalancerIP: 10.10.10.10
        type: LoadBalancer
    tls:
      selfSignedCertificate:
        disabled: true
        subjectAltNames:
        - ip: 10.10.10.10
  nodeSets:
  - config:
      node.data: true
      node.ingest: false
      node.master: true
      node.ml: false
      node.store.allow_mmap: false
      xpack.security.authc:
        anonymous:
          authz_exception: true
          roles: superuser
          username: anonymous
    count: 1
    name: masters
    podTemplate:
      metadata: {}
      spec:
        containers:
        - env:
          - name: ES_JAVA_OPTS
            value: -Xms150m -Xmx150m
          name: elasticsearch
          resources:
            limits:
              memory: 3Gi
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        storageClassName: elastic-storageclass
  - config:
      indices.memory.index_buffer_size: 40%
      node.data: true
      node.ingest: true
      node.master: false
      node.ml: true
      node.store.allow_mmap: false
      xpack.security.authc:
        anonymous:
          authz_exception: false
          roles: superuser
          username: anonymous
    count: 1
    name: data
    podTemplate:
      metadata: {}
      spec:
        containers:
        - env:
          - name: ES_JAVA_OPTS
            value: -Xms150m -Xmx150m
          name: elasticsearch
          resources:
            limits:
              memory: 3Gi
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        storageClassName: elastic-storageclass
  version: 7.5.1
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: elastic-storageclass
parameters:
  kind: Managed
  storageaccounttype: Premium_LRS
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Retain
volumeBindingMode: Immediate
yatta
  • 423
  • 1
  • 7
  • 22

1 Answers1

2

You need to add xpack.security.enabled: true to the elasticsearch configuration which you have, this will enable basic RBAC in your cluster.

Amit
  • 30,756
  • 6
  • 57
  • 88
  • But how? How can I add to my yaml file? I tried couple of combinatipns but didn't worked. – yatta Dec 04 '20 at 14:52
  • 1
    I see you are already adding a lot of ES configs in your `.yml` file like ` node.data: true`, is this taking effect, if yes, under same section you can add provided config and it will work. – Amit Dec 04 '20 at 14:53
  • `@Amit` this `xpack.security.enabled: true` require additional properties must enabled to work, like `xpack.security.transport.ssl.*` and `xpack.security.http.ssl.*` in elasticsearch, after that kibana and filebeat also must be configured to work with each other using authentication. So you have any idea how to do it ?? – Andrew Jun 02 '22 at 05:42