We are using eck operator and oauth2-proxy for single sign on. And we want to disable the kibana login page so that after successful sign in, oauth2 directly will take the user to dashboard. But how should we do that? when we do xpack.security.disabled: false on Elasticsearch.yml, It gives error:
{"timestamp": "2022-05-12T15:15:24+00:00", "message": "readiness probe failed", "curl_rc": "35"}
Elasticsearch.yml:
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: es_cluster
spec:
version: 8.2.0
nodeSets:
- name: default
count: 1
config:
xpack.security.enabled: false
podTemplate:
spec:
containers:
- name: elasticsearch
env:
- name: ES_JAVA_OPTS
value: 1
resources:
requests:
memory: 1
cpu: 2
limits:
memory: 128
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 70
storageClassName: gp2
kibana.yml:
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: kibana
spec:
version: 8.2.0
http:
service:
spec:
type: LoadBalancer
ports:
- name: https
port: 443
targetPort: 3000
metadata:
annotations:
# Note that the backend talks over HTTP.
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# TODO: Fill in with the ARN of your certificate.
service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
# Only run SSL on the port named "https" below.
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
tls:
selfSignedCertificate:
disabled: true
count: 1
elasticsearchRef:
name: kube-es
podTemplate:
spec:
containers:
- name: kibana
resources:
requests:
memory: 1Gi
cpu: 0.5
limits:
memory: 2.5Gi
cpu: 2
- name: kibana-proxy
image: 'quay.io/oauth2-proxy/oauth2-proxy:latest'
imagePullPolicy: IfNotPresent
args:
- --cookie-secret=
- --client-id=
- --client-secret=
- --upstream=http://localhost:5601
- --email-domain=
- --footer=-
- --http-address=http://:3000
- --redirect-url=
ports:
- containerPort: 3000
name: http
protocol: TCP
resources:
limits:
memory: 500Mi
requests:
cpu: 0.5
memory: 256Mi