Hi, I am trying to install opendistro elastic in kubernetes using helm:
But did not find any info on how to enable ldap.
Can anyone help me here.
@satya There are a couple of things that need to be addressed.
First, you will need to list all the security configuration files in values.yaml as they are required (if you don’t want to start changing the various templates in that repo). Like so:
config:
securityConfigSecret: <anyname>
data:
whitelist.yml: |-
---
_meta:
type: "whitelist"
config_version: 2
config:
enabled: false
requests:
/_cluster/settings:
- GET
/_cat/nodes:
- GET
roles_mapping.yml: |-
_meta:
type: "rolesmapping" ...
...
The files are (yml) whitelist, roles_mapping, nodes_dn, audit, config, internal_users, roles, tenants, action_groups. I recommend running vanilla instance of odfe (same version you are working with) and extracting these files after demo install runs. As its very easy to make a typo or mix up version format.
You can comment out the section above config, although I’m not sure if you need to:
#actionGroupsSecret:
#configSecret:
#internalUsersSecret:
#rolesSecret:
#rolesMappingSecret:
#tenantsSecret:
The configuration for ldap needs to go in config.yml section, see example here Create role for only LDAP Users - #3 by HeiDri
It uses authc and authz for group/role extraction.
Once that is entered, run the command on the link you provided to deploy the package. Once it’s up and running, next step would be initialise security plugin. You can do that in many ways, the most straight forward is to connect to master or data pod and run it manually (./usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh). Any mistakes in config files will be displayed.
If you don’t see any errors - you should be good to go. Port forward to kibana service and fire away
Hope this helps