How to edit securityconfig/config.yml in helm deployment

Build
1

Hello Everyone,
i went though documentation and still don’t know how to edit/add securityconfig/config.yml during deployment. I don’t want to edit it inside of container after deploy.
I managed to add SAML plugin in kibana.yml in values.yml
(opendistro_security.auth.type: “saml”)
and now i need to pass minimal configuration during deployment:

authc:
  saml_auth_domain:
    http_enabled: true
    (...)

Anyone know where to put SAML configuration during helm deployment?
Thanks!!

2

@ssj.gutman1 this doc has talked about this in the security configuration section: opendistro-build/helm at main · opendistro-for-elasticsearch/opendistro-build · GitHub Hope that it’s helpful for your case

3

I followed the same path as I wanted to modify the default “internal_users”.
So I’ve added the “internal_users.yml” file in a k8s secret.

It was getting mounted correctly, and I could see it from within the containers, but my changes were not getting picked up in Kibana.
Then, following the docs, I’ve set “elasticsearch.config.opendistro_security.allow_default_init_securityindex” to “true”, and everything came down crashing!

Now the containers do not start as they are looking for a certain “/usr/share/elasticsearch/config/elasticsearch.yml”, which I suppose I am not providing.

Do I need to create a secret for every single file in security/securityconfig at main · opendistro-for-elasticsearch/security · GitHub ?

If yes, I feel like the “difficulty” spikes from 1 to 100 in one single change (as I don’t know the meaning of all the settings and would be happy to keep them to default, for now).

All I wanted to do was changing the default internal users (creating one for fluent-bit, changing the admin password etc…). Nothing more.

Hopefully, I am missing a simpler path. Can anyone point me in the right direction, please?

Regards,
Andrea

4

I think the passwords were cached somewhere. Following this “old” post I managed to change the default password for the admin and kibanaserver users.

Now when loading Kibana I get “Kibana server is not ready yet”, which I guess it’s because I changed the kibanaserver default password. I need to find where to set that.

Regards,
Andrea