helm-charts
helm-charts copied to clipboard
opensearch-project
[Enhancement][Chart Name]
No OpenId configuration openid_auth_domain with default helm deployment config
I install the helm chart from this repo on which I would like to configure open-id (keycloak) as auth domain as it is mentionned in the official doc: https://opensearch.org/docs/latest/security-plugin/configuration/openid-connect/ But this config doesn't seem to appear in the cluster-master pod deployed :opensearch-cluster-master-0 as I only get:
- kerberos_auth_domain:
- basic_internal_auth_domain:
- proxy_auth_domain:
- jwt_auth_domain:
- clientcert_auth_domain:
Solution
I know there is something to do with the following config map in values.yaml that creates a secret for security config: l. 314
securityconfig: data: {} # config.yml: |-
As in https://github.com/opensearch-project/helm-charts/issues/125#issuecomment-981804970
My question is: Is there a way to pass the open-id config as such and disable internal_auth in deployment: set internal_auth_domain enabled to false and:
openid_auth_domain: http_enabled: true transport_enabled: true order: 0 http_authenticator: type: openid challenge: false config: subject_key: preferred_username roles_key: roles openid_connect_url: https://keycloak.example.com:8080/auth/realms/master/.well-known/openid-configuration authentication_backend: type: noop
Thank you for your time.
Hey @Foglia-m, looks to me like this goes with config.yml, you can pre create a secret that has config.yml and try passing in to configSecret .
Hello @Foglia-m any luck with your issue ?
I'm trying to set up OIDC too but it seems to me that I can't update config.yml properly with the Helm chart... I tried mounting a secret an add it to securityConfig.configSecret, i tried securityConfig.config.data, I even tried to change the path of securityConfig to /usr/share/opensearch/config/opensearch-security/, but nothing seems to do the trick.
I deleted reference to basic_internal_auth_domain and still can login to dashboard with basic auth...
