如何将基本 user/pass 身份验证添加到 elastic.yaml
How to add basic user/pass authentication to elastic.yaml
我正在使用下面的 yaml 文件将 ElasticSearch 部署到 Azure Kubernetes。
我可以通过端口转发“localhost:9200”访问 Elasticsearch,无需身份验证。
如何在此文件中添加基本的 user/pass 身份验证?如果您提供代码示例,我将不胜感激。
我搜索了几个关于 xpack 的文档,但找不到如何实现到 yaml 文件。
谢谢!
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elastic
spec:
http:
service:
metadata:
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
loadbalancerIP: 10.10.10.10
type: LoadBalancer
tls:
selfSignedCertificate:
disabled: true
subjectAltNames:
- ip: 10.10.10.10
nodeSets:
- config:
node.data: true
node.ingest: false
node.master: true
node.ml: false
node.store.allow_mmap: false
xpack.security.authc:
anonymous:
authz_exception: true
roles: superuser
username: anonymous
count: 1
name: masters
podTemplate:
metadata: {}
spec:
containers:
- env:
- name: ES_JAVA_OPTS
value: -Xms150m -Xmx150m
name: elasticsearch
resources:
limits:
memory: 3Gi
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: elastic-storageclass
- config:
indices.memory.index_buffer_size: 40%
node.data: true
node.ingest: true
node.master: false
node.ml: true
node.store.allow_mmap: false
xpack.security.authc:
anonymous:
authz_exception: false
roles: superuser
username: anonymous
count: 1
name: data
podTemplate:
metadata: {}
spec:
containers:
- env:
- name: ES_JAVA_OPTS
value: -Xms150m -Xmx150m
name: elasticsearch
resources:
limits:
memory: 3Gi
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: elastic-storageclass
version: 7.5.1
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: elastic-storageclass
parameters:
kind: Managed
storageaccounttype: Premium_LRS
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Retain
volumeBindingMode: Immediate
您需要将 xpack.security.enabled: true 添加到您拥有的 elasticsearch 配置中,这将在您的集群中启用基本 RBAC。
我正在使用下面的 yaml 文件将 ElasticSearch 部署到 Azure Kubernetes。
我可以通过端口转发“localhost:9200”访问 Elasticsearch,无需身份验证。 如何在此文件中添加基本的 user/pass 身份验证?如果您提供代码示例,我将不胜感激。
我搜索了几个关于 xpack 的文档,但找不到如何实现到 yaml 文件。
谢谢!
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elastic
spec:
http:
service:
metadata:
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
loadbalancerIP: 10.10.10.10
type: LoadBalancer
tls:
selfSignedCertificate:
disabled: true
subjectAltNames:
- ip: 10.10.10.10
nodeSets:
- config:
node.data: true
node.ingest: false
node.master: true
node.ml: false
node.store.allow_mmap: false
xpack.security.authc:
anonymous:
authz_exception: true
roles: superuser
username: anonymous
count: 1
name: masters
podTemplate:
metadata: {}
spec:
containers:
- env:
- name: ES_JAVA_OPTS
value: -Xms150m -Xmx150m
name: elasticsearch
resources:
limits:
memory: 3Gi
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: elastic-storageclass
- config:
indices.memory.index_buffer_size: 40%
node.data: true
node.ingest: true
node.master: false
node.ml: true
node.store.allow_mmap: false
xpack.security.authc:
anonymous:
authz_exception: false
roles: superuser
username: anonymous
count: 1
name: data
podTemplate:
metadata: {}
spec:
containers:
- env:
- name: ES_JAVA_OPTS
value: -Xms150m -Xmx150m
name: elasticsearch
resources:
limits:
memory: 3Gi
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: elastic-storageclass
version: 7.5.1
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: elastic-storageclass
parameters:
kind: Managed
storageaccounttype: Premium_LRS
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Retain
volumeBindingMode: Immediate
您需要将 xpack.security.enabled: true 添加到您拥有的 elasticsearch 配置中,这将在您的集群中启用基本 RBAC。