Update kibana authentication values in endpoints and deployment

The Kibana username and password needs to match the Elasticsearch username and password, as Kibana requires an authorized elasticsearch user to make queries against the elasticsearch backend to display its dashboards and set up the initial .kibana index. This changes the apache proxy running in front of kibana to consume the elasticsearch username and password via the elasticsearch secret in the chart to ensure kibana has proper access Change-Id: Ife3fd916e8d9a3f8877d01a9048a892f92e412d8
2018-04-17 18:48:15 -05:00 · 2018-04-17 18:48:15 -05:00 · a31afb2f85
commit a31afb2f85
parent 56c556363e
7 changed files with 9 additions and 44 deletions
--- a/elasticsearch/templates/etc/_elasticsearch-host.conf.tpl
+++ b/elasticsearch/templates/etc/_elasticsearch-host.conf.tpl
@ -21,7 +21,7 @@ limitations under the License.
  </Location>
  <Proxy *>
      AuthType Basic
-      AuthName "Authentication Required"
+      AuthName "Authentication Required for Elasticsearch"
      AuthUserFile {{.Values.conf.apache.htpasswd | quote}}
      Require valid-user
  </Proxy>
--- a/elasticsearch/templates/secret-elasticsearch.yaml
+++ b/elasticsearch/templates/secret-elasticsearch.yaml
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}

-{{- if .Values.manifests.secret_admin }}
+{{- if .Values.manifests.secret_elasticsearch }}
 {{- $envAll := . }}
 {{- $secretName := index $envAll.Values.secrets.elasticsearch.user }}

--- a/elasticsearch/values.yaml
+++ b/elasticsearch/values.yaml
@ -375,7 +375,7 @@ manifests:
  job_snapshot_repository: false
  helm_tests: true
  pvc_snapshots: false
-  secret_admin: true
+  secret_elasticsearch: true
  monitoring:
    prometheus:
      configmap_bin_exporter: true
--- a/kibana/templates/deployment.yaml
+++ b/kibana/templates/deployment.yaml
@ -16,6 +16,7 @@ limitations under the License.

 {{- if .Values.manifests.deployment }}
 {{- $envAll := . }}
+
 {{- $esUserSecret := .Values.secrets.elasticsearch.user }}

 {{- $serviceAccountName := "kibana" }}
@ -59,13 +60,13 @@ spec:
            - name: KIBANA_USERNAME
              valueFrom:
                secretKeyRef:
-                  name: kibana-admin-creds
-                  key: KIBANA_USERNAME
+                  name: {{ $esUserSecret }}
+                  key: ELASTICSEARCH_USERNAME
            - name: KIBANA_PASSWORD
              valueFrom:
                secretKeyRef:
-                  name: kibana-admin-creds
-                  key: KIBANA_PASSWORD
+                  name: {{ $esUserSecret }}
+                  key: ELASTICSEARCH_PASSWORD
          volumeMounts:
            - name: kibana-bin
              mountPath: /tmp/apache.sh
--- a/kibana/templates/etc/_kibana-host.conf.tpl
+++ b/kibana/templates/etc/_kibana-host.conf.tpl
@ -21,7 +21,7 @@ limitations under the License.
  </Location>
  <Proxy *>
      AuthType Basic
-      AuthName "Authentication Required"
+      AuthName "Authentication Required for Kibana"
      AuthUserFile {{.Values.conf.apache.htpasswd | quote}}
      Require valid-user
  </Proxy>
--- a/kibana/templates/secret-admin-creds.yaml
+++ b/kibana/templates/secret-admin-creds.yaml
@ -1,29 +0,0 @@
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.secret_admin }}
-{{- $envAll := . }}
-{{- $secretName := index $envAll.Values.secrets.kibana.admin }}
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ $secretName }}
-type: Opaque
-data:
-  KIBANA_USERNAME: {{ .Values.endpoints.kibana.auth.admin.username | b64enc }}
-  KIBANA_PASSWORD: {{ .Values.endpoints.kibana.auth.admin.password | b64enc }}
-{{- end }}
--- a/kibana/values.yaml
+++ b/kibana/values.yaml
@ -68,8 +68,6 @@ pod:
 secrets:
  elasticsearch:
    user: kibana-elasticsearch-user
-  kibana:
-    admin: kibana-admin-creds

 dependencies:
  dynamic:
@ -153,10 +151,6 @@ endpoints:
  kibana:
    name: kibana
    namespace: null
-    auth:
-      admin:
-        username: admin
-        password: changeme
    hosts:
      default: kibana-dash
      public: kibana
@ -193,6 +187,5 @@ manifests:
  ingress: true
  job_image_repo_sync: true
  secret_elasticsearch: true
-  secret_admin: true
  service: true
  service_ingress: true