Anonymous user config

Hi there,

We are currently running ECK with an anonymous user for users to log in with, which looks like;

kibana:
  enabled: true
  name: foo
  version: 7.11.2
  http:
  image:
  count: 1
  config:
    xpack.security.authc.providers:
      basic.basic1:
        order: 0
      anonymous.anonymous1:
        order: 1
        credentials:
          username: "xxxx"
          password: "xxxx"

The above works fine but that means we'd have to store the user and password in git which is less than ideal. Is it possible to set this part of the config as a secret somehow?

Hello Mark,

Yes, by combining these two things:

Example:

# create a secret with the credentials of the anonymous user
kubectl create secret generic test-kibana-anonymous-user --from-literal=username=anonymous --from-file=password=test-anonymous-user-password.txt
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: test
spec:
  version: 7.14.1
  count: 1
  [...]
  config:
    xpack.security.authc.providers:
      basic.basic1:
        order: 1
      anonymous.anonymous1:
        order: 0
        credentials:
          username: ${ANONYMOUS_USERNAME}
          password: ${ANONYMOUS_PASSWORD}
  podTemplate:
    spec:
      containers:
        - name: kibana
          env:
            - name: ANONYMOUS_USERNAME
              valueFrom:
                secretKeyRef:
                  name: test-kibana-anonymous-user
                  key: username
            - name: ANONYMOUS_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: test-kibana-anonymous-user
                  key: password