Hi all, I am trying to put together a kubernetes yaml file to deploy opendistro & kibana. The default login is admin/admin. Are there any environment variables that you can use to set the default admin to a hash of your own for security reasons on initial deploy?
Regards
So in the mean time until environment variables are available I created an initContainer to get around this. It’s a bit of a dirty fix but works for now. You can create your hash and then place the script in an s3 bucket or storage of your choice, just keep it secure though. the script is as follows:
#!/bin/bash
sed -i ‘/admin:/!b;n;c hash: “your-very-secure-hash”’ /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
sed -i ‘/logstash:/!b;n;c hash: “your-very-secure-hash”’ /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
sh /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -icl -nhnv -cacert /usr/share/elasticsearch/config/root-ca.pem -cert /usr/share/elasticsearch/config/kirk.pem -key /usr/share/elasticsearch/config/kirk-key.pem
then call it in the yaml as follows:
initContainers:
- name: fixauthadmin
command: [“wget”, “https://s3.mybucket.amazon.com/opendistro_fix.sh”, “;”, “chmod”, “755”, “opendistro_fix.sh”, “;”, “./opendistro_fix.sh”]
image: amazon/opendistro-for-elasticsearch:1.8.0
volumeMounts:
- mountPath: /usr/share/elasticsearch/data
name: data
subPath: