From a31afb2f852c8d92ce13553100e9aa724d8fc044 Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Tue, 17 Apr 2018 18:48:15 -0500 Subject: [PATCH] Update kibana authentication values in endpoints and deployment The Kibana username and password needs to match the Elasticsearch username and password, as Kibana requires an authorized elasticsearch user to make queries against the elasticsearch backend to display its dashboards and set up the initial .kibana index. This changes the apache proxy running in front of kibana to consume the elasticsearch username and password via the elasticsearch secret in the chart to ensure kibana has proper access Change-Id: Ife3fd916e8d9a3f8877d01a9048a892f92e412d8 --- .../etc/_elasticsearch-host.conf.tpl | 2 +- ...n-creds.yaml => secret-elasticsearch.yaml} | 2 +- elasticsearch/values.yaml | 2 +- kibana/templates/deployment.yaml | 9 +++--- kibana/templates/etc/_kibana-host.conf.tpl | 2 +- kibana/templates/secret-admin-creds.yaml | 29 ------------------- kibana/values.yaml | 7 ----- 7 files changed, 9 insertions(+), 44 deletions(-) rename elasticsearch/templates/{secret-admin-creds.yaml => secret-elasticsearch.yaml} (96%) delete mode 100644 kibana/templates/secret-admin-creds.yaml diff --git a/elasticsearch/templates/etc/_elasticsearch-host.conf.tpl b/elasticsearch/templates/etc/_elasticsearch-host.conf.tpl index d9ba7a3cff..8b7a3207f6 100644 --- a/elasticsearch/templates/etc/_elasticsearch-host.conf.tpl +++ b/elasticsearch/templates/etc/_elasticsearch-host.conf.tpl @@ -21,7 +21,7 @@ limitations under the License. AuthType Basic - AuthName "Authentication Required" + AuthName "Authentication Required for Elasticsearch" AuthUserFile {{.Values.conf.apache.htpasswd | quote}} Require valid-user diff --git a/elasticsearch/templates/secret-admin-creds.yaml b/elasticsearch/templates/secret-elasticsearch.yaml similarity index 96% rename from elasticsearch/templates/secret-admin-creds.yaml rename to elasticsearch/templates/secret-elasticsearch.yaml index 72dc778900..91d3f15e86 100644 --- a/elasticsearch/templates/secret-admin-creds.yaml +++ b/elasticsearch/templates/secret-elasticsearch.yaml @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.secret_admin }} +{{- if .Values.manifests.secret_elasticsearch }} {{- $envAll := . }} {{- $secretName := index $envAll.Values.secrets.elasticsearch.user }} diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 9e13ea3500..48cf4885d9 100644 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -375,7 +375,7 @@ manifests: job_snapshot_repository: false helm_tests: true pvc_snapshots: false - secret_admin: true + secret_elasticsearch: true monitoring: prometheus: configmap_bin_exporter: true diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml index 0d81ebb529..ac8e788ace 100644 --- a/kibana/templates/deployment.yaml +++ b/kibana/templates/deployment.yaml @@ -16,6 +16,7 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} + {{- $esUserSecret := .Values.secrets.elasticsearch.user }} {{- $serviceAccountName := "kibana" }} @@ -59,13 +60,13 @@ spec: - name: KIBANA_USERNAME valueFrom: secretKeyRef: - name: kibana-admin-creds - key: KIBANA_USERNAME + name: {{ $esUserSecret }} + key: ELASTICSEARCH_USERNAME - name: KIBANA_PASSWORD valueFrom: secretKeyRef: - name: kibana-admin-creds - key: KIBANA_PASSWORD + name: {{ $esUserSecret }} + key: ELASTICSEARCH_PASSWORD volumeMounts: - name: kibana-bin mountPath: /tmp/apache.sh diff --git a/kibana/templates/etc/_kibana-host.conf.tpl b/kibana/templates/etc/_kibana-host.conf.tpl index f777598d52..6041c803c7 100644 --- a/kibana/templates/etc/_kibana-host.conf.tpl +++ b/kibana/templates/etc/_kibana-host.conf.tpl @@ -21,7 +21,7 @@ limitations under the License. AuthType Basic - AuthName "Authentication Required" + AuthName "Authentication Required for Kibana" AuthUserFile {{.Values.conf.apache.htpasswd | quote}} Require valid-user diff --git a/kibana/templates/secret-admin-creds.yaml b/kibana/templates/secret-admin-creds.yaml deleted file mode 100644 index edb0529817..0000000000 --- a/kibana/templates/secret-admin-creds.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.secret_admin }} -{{- $envAll := . }} -{{- $secretName := index $envAll.Values.secrets.kibana.admin }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} -type: Opaque -data: - KIBANA_USERNAME: {{ .Values.endpoints.kibana.auth.admin.username | b64enc }} - KIBANA_PASSWORD: {{ .Values.endpoints.kibana.auth.admin.password | b64enc }} -{{- end }} diff --git a/kibana/values.yaml b/kibana/values.yaml index ca2326a468..6f09659e51 100644 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -68,8 +68,6 @@ pod: secrets: elasticsearch: user: kibana-elasticsearch-user - kibana: - admin: kibana-admin-creds dependencies: dynamic: @@ -153,10 +151,6 @@ endpoints: kibana: name: kibana namespace: null - auth: - admin: - username: admin - password: changeme hosts: default: kibana-dash public: kibana @@ -193,6 +187,5 @@ manifests: ingress: true job_image_repo_sync: true secret_elasticsearch: true - secret_admin: true service: true service_ingress: true