Hey
I've configured Elasticsearch for Anonymous access which works.
but because of this I can't login inside of my kibana instance is there a way to disable the login auth screen for kibana ?
Hey
I've configured Elasticsearch for Anonymous access which works.
but because of this I can't login inside of my kibana instance is there a way to disable the login auth screen for kibana ?
its not my password but good catch
I believe you are running into this issue: https://github.com/elastic/kibana/issues/35613 There are some other related issues: https://github.com/elastic/kibana/issues/18331 https://github.com/elastic/kibana/issues/54023
Reading through all of those, it seems like we are not recommending setting xpack.security.disabled: false
in Kibana, but it's possible that that is what you are looking for.
these are my setting for kibana.yaml
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
name: kibana
spec:
version: 7.5.1
count: 1
elasticsearchRef:
name: "elasticsearch"
config:
#xpack.security.anonymous.enable: true
elasticsearch.hosts: http://elasticsearch-es-http.<namespace>.local:9200
# elasticsearch.username: "jamal"
# elasticsearch.password: "jamal"
http:
tls:
selfSignedCertificate:
disabled: true
These are the setting for elasticsearch.yaml
apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
name: elasticsearch
spec:
version: 7.5.1
nodeSets:
- name: elastic
count: 3
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
parameters:
type: pd-standard
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Gi
storageClassName: standard
config:
node.master: true
node.data: true
node.ingest: true
node.store.allow_mmap: false
xpack.security.authc:
anonymous:
username: elastic
roles: superuser, kibana_user
authz_exception: false
http:
tls:
selfSignedCertificate:
disabled: true
but I can't login with any of the passwords ? even after I create a new user in elasticsearch with role kibana_user
kibana doesn't allow you to authenticate the newly created user ?
xpack.security.anonymous.enable: true
this configuration is not actually valid and it doesn't work
I'm going to ask some of the folks who work on this to take a look. Please change your password as you've pasted it here.
Okay, got some more clarity.
As a workaround, we generally recommend that users configure a reverse-proxy that hard-codes a username/password in the Authorization header so when accessing Kibana via the reverse-proxy they're automatically authenticated and can continue to use the user/role management screens and all of the other Kibana RBAC work
It seems like you're using the K8s operator, which might be why you can't disable the the security plugin. You may need to use a reverse proxy as suggested here.
sounds good two things
there's an optional flag in the kibana.yaml file
xpack.security.enabled: false
I'm guessing this is not valid cause I'm using the operator
At the end I don't want to authenticate whenever I'm making request to elasticsearch is there a way to only allow authentication from kibana and not from logstash
Unidirectional instead bidirectional
auth kibana ----> elasticsearch ----> no auth <----- logstash
If you don't use our official operator, you would be allowed to remove the security requirement. This is a leading source of unintentional data breaches due to having publicly available ES endpoints.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.