When I create a kibana pod which connects to an ES cluster managed by ECK, the default user in kibana.yaml is "default-quickstart-kibana-user", its role is kibana_system.
This user just has permissions to access internal indices, just like .kibana*、.monitoring-*.
I'd like to know how to modify the role, for example, setting it as a superuser.
apiVersion: v1
kind: Secret
metadata:
name: secret-basic-auth
type: kubernetes.io/basic-auth
stringData:
username: rdeniro # required field for kubernetes.io/basic-auth
password: mypassword # required field for kubernetes.io/basic-auth
roles: kibana_admin,ingest_admin # optional, not part of kubernetes.io/basic-auth
Thanks, I have read this document before and I can create a user with the permissions I need. However, I am not sure how to configure Kibana to use this user.
In the "Elasticsearch is managed by ECK" section of this document, it says: "The Kibana configuration file is automatically setup by ECK to establish a secure connection to Elasticsearch."
I would like to know how to specify my configured user in the Kibana config file, or give the default user more permissions.
This connection between Kibana and Elasticsearch does not affect how users log in, nor what permissions/access, etc, they have.. this is purely how the Kibana Server interacts with the Elasticsearch Server.... it is not about users that use the system
Changing the roles/permission/users is not recommended...as the kibana_system is the exact correct role for this use case / connections.
Authentication / Authorization / Roles / that Users Log into Kibana and / Elastic are managed separately via Users and Roles.
You should really look at this
and This
Or Got to Kibana -> Stack management -> User / Roles and set up the Users and Roles you want.
So to summarize, it is not recommended to change the Auth/Auth in the kibana.yml for the connection between kibana server and elasticsearch server
User Roles are managed as separate Roles and are assigned to Users in a normal RBAC pattern.
Thank you, I originally wanted to put a monitoring script in this image, and connect to the ES cluster using the url/user/password in the kibana configuration file. It seems that this method is not quite correct.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.