Have an issue of updating security.authc.reamls in elasticsearcy.yml file in ECK.
Installed ECK open source 1.0 in EKS.
I can get password for "elastic" user using following command.
kubectl get secret canoo-elasticserach-es-elastic-user -o=jsonpath='{.data.elastic}' -n elasticsearch| base64 --decode; echo
Since I wanted to create a user and share with other team, I created one user under the menu of "Security/Users" in Kibana.
However I can't login with a new created account.
I figure out that security realms setting is file. In order to use users created in Kibana, I need to use native type.
Original:
security:
authc:
realms:
file:
file1:
order: -100
reserved_realm:
enabled: "false"
enabled: "true"
Want to change to
xpack:
security:
authc:
realms:
file:
file1:
order: 0
native:
native1:
order: 1
reserved_realm:
enabled: "false"
enabled: "true"
But some reason it is not changed.
What I tried to was delete secret and create a new one with data, or kubectl edit secrets... but the setting of elasticsearcy.yml is not updated. Can you help me to change the setting?
Here is my secret of elasticsearch.
apiVersion: v1
data:
elasticsearch.yml: Y2x1c3RlcjoKICBuYW1lOiBjYW5vby1lbGFzdGljc2VyYWNoCiAgcmVtb3RlOgogICAgY29ubmVjdDogZmFsc2UKZGlzY292ZXJ5OgogIHplbjoKICAgIGhvc3RzX3Byb3ZpZGVyOiBmaWxlCm5ldHdvcms6CiAgaG9zdDogMC4wLjAuMAogIHB1Ymxpc2hfaG9zdDogJHtQT0RfSVB9Cm5vZGU6CiAgZGF0YTogdHJ1ZQogIGluZ2VzdDogZmFsc2UKICBtYXN0ZXI6IGZhbHNlCiAgbWw6IGZhbHNlCiAgbmFtZTogJHtQT0RfTkFNRX0KICBzdG9yZToKICAgIGFsbG93X21tYXA6IGZhbHNlCnBhdGg6CiAgZGF0YTogL3Vzci9zaGFyZS9lbGFzdGljc2VhcmNoL2RhdGEKICBsb2dzOiAvdXNyL3NoYXJlL2VsYXN0aWNzZWFyY2gvbG9ncwp4cGFjazoKICBzZWN1cml0eToKICAgIGF1dGhjOgogICAgICByZWFsbXM6CiAgICAgICAgZmlsZToKICAgICAgICAgIGZpbGUxOgogICAgICAgICAgICBvcmRlcjogLTEwMAogICAgICByZXNlcnZlZF9yZWFsbToKICAgICAgICBlbmFibGVkOiAiZmFsc2UiCiAgICBlbmFibGVkOiAidHJ1ZSIKICAgIGh0dHA6CiAgICAgIHNzbDoKICAgICAgICBjZXJ0aWZpY2F0ZTogL3Vzci9zaGFyZS9lbGFzdGljc2VhcmNoL2NvbmZpZy9odHRwLWNlcnRzL3Rscy5jcnQKICAgICAgICBjZXJ0aWZpY2F0ZV9hdXRob3JpdGllczogL3Vzci9zaGFyZS9lbGFzdGljc2VhcmNoL2NvbmZpZy9odHRwLWNlcnRzL2NhLmNydAogICAgICAgIGVuYWJsZWQ6IHRydWUKICAgICAgICBrZXk6IC91c3Ivc2hhcmUvZWxhc3RpY3NlYXJjaC9jb25maWcvaHR0cC1jZXJ0cy90bHMua2V5CiAgICB0cmFuc3BvcnQ6CiAgICAgIHNzbDoKICAgICAgICBjZXJ0aWZpY2F0ZTogL3Vzci9zaGFyZS9lbGFzdGljc2VhcmNoL2NvbmZpZy9ub2RlLXRyYW5zcG9ydC1jZXJ0L3RyYW5zcG9ydC50bHMuY3J0CiAgICAgICAgY2VydGlmaWNhdGVfYXV0aG9yaXRpZXM6CiAgICAgICAgLSAvdXNyL3NoYXJlL2VsYXN0aWNzZWFyY2gvY29uZmlnL3RyYW5zcG9ydC1jZXJ0cy9jYS5jcnQKICAgICAgICBlbmFibGVkOiAidHJ1ZSIKICAgICAgICBrZXk6IC91c3Ivc2hhcmUvZWxhc3RpY3NlYXJjaC9jb25maWcvbm9kZS10cmFuc3BvcnQtY2VydC90cmFuc3BvcnQudGxzLmtleQogICAgICAgIHZlcmlmaWNhdGlvbl9tb2RlOiBjZXJ0aWZpY2F0ZQo=
kind: Secret
metadata:
creationTimestamp: "2019-11-22T19:35:10Z"
labels:
common.k8s.elastic.co/type: elasticsearch
elasticsearch.k8s.elastic.co/cluster-name: elasticserach
elasticsearch.k8s.elastic.co/statefulset-name: elasticserach-es-data
name: elasticserach-es-data-es-config
namespace: elasticsearch
ownerReferences:
- apiVersion: elasticsearch.k8s.elastic.co/v1beta1
blockOwnerDeletion: true
controller: true
kind: Elasticsearch
name: elasticserach
uid: ca8492e5-ff76-11e9-a259-02a9107eed52
resourceVersion: "5620293"
selfLink: /api/v1/namespaces/elasticsearch/secrets/elasticserach-es-data-es-config
uid: 324aefdc-0d5f-11ea-a259-02a9107eed52
type: Opaque