charts icon indicating copy to clipboard operation
charts copied to clipboard

Published 20 hours ago verified publisher icon falcosecurity

how to set falcosidekick password webui.user: "admin:admin"

Open lumszy opened this issue 2 years ago • 16 comments

We make use of argocd and don't want to specify password in manifest. Please, Is there a way around creating and setting a different password for falcosidekick.webui.user by using k8s secrets or other env without specifying or exposing it on the terminal or in manifest? How can we get to support ext auth?

The default admin:admin isn't a good fit for us.

lumszy avatar Aug 21 '23 17:08 lumszy

A more general note: we should have the ability to configure sensible informations with secret, like webhook URLs, passwords…

sambonbonne avatar Aug 22 '23 13:08 sambonbonne

@sambonbonne I was able to create a k8s secret containing the slack webhook url etc. and then used the key value in value.yaml file to read it in...

config:

-- Existing secret with configuration

existingSecret: ""

My challenge as stated in this issue is still on setting admin password.

lumszy avatar Aug 22 '23 15:08 lumszy

Hi,

I'm releasing a new version of falcosidekick-ui after my holidays, begining of September. I'll also update the helm chart and change the method to handle the credentials.

Issif avatar Aug 22 '23 15:08 Issif

Thanks @lumszy, I did not see the existingSecret key!

sambonbonne avatar Aug 23 '23 07:08 sambonbonne

Hello, you used to be able to customize the password through the following method, but now it seems to be invalid and cannot be set in this way

--Set falcosidekick. webui. user="admin: xxxA4567"

fricka676 avatar Sep 25 '23 12:09 fricka676

In the end, it's still the default account password

fricka676 avatar Sep 25 '23 12:09 fricka676

Hello, you used to be able to customize the password through the following method, but now it seems to be invalid and cannot be set in this way

--Set falcosidekick. webui. user="admin: xxxA4567"

I checked and I did a mistake in the last version of the chart, I'll fix it asap.

Issif avatar Sep 25 '23 12:09 Issif

Has this issue been updated to the latest helm? I am using the latest helm installation and have the same problem, thank you~

This is my helm install command: helm install falco falcosecurity/falco
--namespace falco --create-namespace
--set ebpf.enabled=true
--set falco.grpc.enabled=true
--set falco.grpc_output.enabled=true
--set falcosidekick.enabled=true
--set falcosidekick.webui.enabled=true
--set falcosidekick.webui.user="admin:admintest"
--set falcosidekick.webui.redis.storageClass=nfs
--set falco.grpc.unixSocketPath=""

This is my helm repository version: CHART:falco-3.7.1 APP VERSION:0.36.0

shaxiaozz avatar Oct 15 '23 14:10 shaxiaozz

The falcosidekick chart has been fixed, but it's still updated in the falco's Chart.yaml. As several PR are waiting to be merge for falcosidekic, we'll do it later. It will be quick I hope.

Issif avatar Oct 15 '23 20:10 Issif

got it, thank you very much Best Regards,

shaxiaozz avatar Oct 16 '23 01:10 shaxiaozz

The falco chart has been updated, use the 3.8.2 to fix this issue.

Issif avatar Oct 20 '23 14:10 Issif

extremely grateful

shaxiaozz avatar Oct 23 '23 01:10 shaxiaozz

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Jan 21 '24 03:01 poiana

@sambonbonne I was able to create a k8s secret containing the slack webhook url etc. and then used the key value in value.yaml file to read it in...

config:

-- Existing secret with configuration

existingSecret: ""

My challenge as stated in this issue is still on setting admin password.

how did you do this exactly? i am struggling to figure out how to reference the specific key within the secret

riabuz avatar Feb 06 '24 12:02 riabuz

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

poiana avatar Mar 07 '24 15:03 poiana

I would also like to see an example of how to use existingSecret.

tmsquill avatar Mar 20 '24 21:03 tmsquill

I would also like to see an example of how to use existingSecret.

You just have to create the secret with kubectl or else:

kubectl create secret generic falcosidekick-ui -n falco --from-literal=FALCOSIDEKICK_UI_USER=admin:xxxx

Then use the ref in the values.yaml:

...
falcosidekick:
  webui:
    existingSecret: "falcosidekick-ui"
...

That's all

Issif avatar Mar 25 '24 15:03 Issif

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community. /close

poiana avatar Apr 24 '24 15:04 poiana

@poiana: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community. /close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

poiana avatar Apr 24 '24 15:04 poiana

FALCOSIDEKICK_UI_USER FALCOSIDEKICK_UI_REDIS_PASSWORD in REDIS_ARGS I pass --reuirepass whatever is in FALCOSIDEKICK_UI_REDIS_PASSWORD but FALCOSIDEKICK_UI_USER points to some default webui_user or smth without having column pass, is that ok? I don't see any exceptions but not sure how to test it. @Issif

s7an-it-ez avatar Aug 14 '24 03:08 s7an-it-ez