我正在使用下面的yaml文件将elasticsearch部署到azurekubernetes。
我可以通过端口转发到达elasticsearch”localhost:9200“没有身份验证。如何在此文件中添加基本的用户/通过身份验证?如果您能提供一个代码示例,我将不胜感激。
我搜索了一些关于xpack的文档,但找不到如何实现yaml文件。
谢谢!
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elastic
spec:
http:
service:
metadata:
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
loadbalancerIP: 10.10.10.10
type: LoadBalancer
tls:
selfSignedCertificate:
disabled: true
subjectAltNames:
- ip: 10.10.10.10
nodeSets:
- config:
node.data: true
node.ingest: false
node.master: true
node.ml: false
node.store.allow_mmap: false
xpack.security.authc:
anonymous:
authz_exception: true
roles: superuser
username: anonymous
count: 1
name: masters
podTemplate:
metadata: {}
spec:
containers:
- env:
- name: ES_JAVA_OPTS
value: -Xms150m -Xmx150m
name: elasticsearch
resources:
limits:
memory: 3Gi
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: elastic-storageclass
- config:
indices.memory.index_buffer_size: 40%
node.data: true
node.ingest: true
node.master: false
node.ml: true
node.store.allow_mmap: false
xpack.security.authc:
anonymous:
authz_exception: false
roles: superuser
username: anonymous
count: 1
name: data
podTemplate:
metadata: {}
spec:
containers:
- env:
- name: ES_JAVA_OPTS
value: -Xms150m -Xmx150m
name: elasticsearch
resources:
limits:
memory: 3Gi
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: elastic-storageclass
version: 7.5.1
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: elastic-storageclass
parameters:
kind: Managed
storageaccounttype: Premium_LRS
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Retain
volumeBindingMode: Immediate
1条答案
按热度按时间p8h8hvxi1#
你需要加上
xpack.security.enabled: true对于您拥有的elasticsearch配置,这将在集群中启用基本的rbac。