Hi,
I am adding the LDAP authentication to my cluster, I need to create the group_to_role_mapping.yml file for the roles. Is there an example I can follow?
files:
role_mapping: "/mnt/elasticsearch/group_to_role_mapping.yml"
unmapped_groups_as_roles: false
Thanks
Sorry for the late reply!
In principle you would follow the approach outlined in our documentation for custom configuration files https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-bundles-plugins.html
spec:
nodes: # incomplete config, just to convey the idea!
- config:
xpack.security.authc.realms:
...
ldap.realm1: # adjust to your config of course
...
files.role_mapping: /mnt/config/role-mapping/group_to_role_mapping.yml
podTemplate:
spec:
containers:
- name: elasticsearch
volumeMounts:
- name: role-mapping
mountPath: /mnt/config/role-mapping # just an example, you can chose something that works for you here
volumes:
- name: role-mapping
configMap:
name: role-mappings
This assumes you have created a ConfigMap called role-mappings containing your group_to_role_mapping.yml file
Thanks for the code.
How do we update the new role mapping, on the running application?
do we need to update the configmap and restart the pods? or do we have any other method?
https://www.elastic.co/guide/en/elasticsearch/reference/7.4/mapping-roles.html#mapping-roles-file says role mapping files are checked for changes every 5 seconds. But the interval is configurable.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.