Anonymous user config

Hi there,

We are currently running ECK with an anonymous user for users to log in with, which looks like;

kibana:
  enabled: true
  name: foo
  version: 7.11.2
  http:
  image:
  count: 1
  config:
    xpack.security.authc.providers:
      basic.basic1:
        order: 0
      anonymous.anonymous1:
        order: 1
        credentials:
          username: "xxxx"
          password: "xxxx"

The above works fine but that means we'd have to store the user and password in git which is less than ideal. Is it possible to set this part of the config as a secret somehow?

Hello Mark,

Yes, by combining these two things:

• A Secret can be used with a Pod as container environment variable. (Secrets | Kubernetes).
• Environment variables can be injected into Kibana configuration using ${MY_ENV_VAR} syntax (Configure Kibana | Kibana Guide [7.14] | Elastic).

Example:

# create a secret with the credentials of the anonymous user
kubectl create secret generic test-kibana-anonymous-user --from-literal=username=anonymous --from-file=password=test-anonymous-user-password.txt

apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: test
spec:
  version: 7.14.1
  count: 1
  [...]
  config:
    xpack.security.authc.providers:
      basic.basic1:
        order: 1
      anonymous.anonymous1:
        order: 0
        credentials:
          username: ${ANONYMOUS_USERNAME}
          password: ${ANONYMOUS_PASSWORD}
  podTemplate:
    spec:
      containers:
        - name: kibana
          env:
            - name: ANONYMOUS_USERNAME
              valueFrom:
                secretKeyRef:
                  name: test-kibana-anonymous-user
                  key: username
            - name: ANONYMOUS_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: test-kibana-anonymous-user
                  key: password