如何向elastic.yaml添加基本用户/通过身份验证

7xzttuei  于 2021-06-13  发布在  ElasticSearch
关注(0)|答案(1)|浏览(347)

我正在使用下面的yaml文件将elasticsearch部署到azurekubernetes。
我可以通过端口转发到达elasticsearch”localhost:9200“没有身份验证。如何在此文件中添加基本的用户/通过身份验证?如果您能提供一个代码示例,我将不胜感激。
我搜索了一些关于xpack的文档,但找不到如何实现yaml文件。
谢谢!

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elastic
spec:
  http:
    service:
      metadata:
        annotations:
          service.beta.kubernetes.io/azure-load-balancer-internal: "true"
      spec:
        loadbalancerIP: 10.10.10.10
        type: LoadBalancer
    tls:
      selfSignedCertificate:
        disabled: true
        subjectAltNames:
        - ip: 10.10.10.10
  nodeSets:
  - config:
      node.data: true
      node.ingest: false
      node.master: true
      node.ml: false
      node.store.allow_mmap: false
      xpack.security.authc:
        anonymous:
          authz_exception: true
          roles: superuser
          username: anonymous
    count: 1
    name: masters
    podTemplate:
      metadata: {}
      spec:
        containers:
        - env:
          - name: ES_JAVA_OPTS
            value: -Xms150m -Xmx150m
          name: elasticsearch
          resources:
            limits:
              memory: 3Gi
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        storageClassName: elastic-storageclass
  - config:
      indices.memory.index_buffer_size: 40%
      node.data: true
      node.ingest: true
      node.master: false
      node.ml: true
      node.store.allow_mmap: false
      xpack.security.authc:
        anonymous:
          authz_exception: false
          roles: superuser
          username: anonymous
    count: 1
    name: data
    podTemplate:
      metadata: {}
      spec:
        containers:
        - env:
          - name: ES_JAVA_OPTS
            value: -Xms150m -Xmx150m
          name: elasticsearch
          resources:
            limits:
              memory: 3Gi
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        storageClassName: elastic-storageclass
  version: 7.5.1
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: elastic-storageclass
parameters:
  kind: Managed
  storageaccounttype: Premium_LRS
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Retain
volumeBindingMode: Immediate
p8h8hvxi

p8h8hvxi1#

你需要加上 xpack.security.enabled: true 对于您拥有的elasticsearch配置,这将在集群中启用基本的rbac。

相关问题