Closed nataliekwong closed 1 month ago
dantonbertuol
commented
1 month ago Hello @nataliekwong, I'm using the Kubernetes version through Helm Chart, will basic authentication also work for it? Today there are none.
And about this: https://github.com/airbytehq/airbyte/issues/17866#issuecomment-2056838210 Will it still be implemented?
Thankssss so much.
timroes
commented
1 month ago @dantonbertuol The Kubernetes version won't get "basic auth" in the sense of "HTTP Basic Auth". We're currently replacing this via an in app login screen running regular "in product authentication" for a single username/password. So airbyte-proxy won't be existing in that new scenario and will vanish with our deprecation of docker compose.
enhendrickson
commented
1 month ago @nataliekwong where is there an article that describes the default username and password (or is this covered in the augmented Helm chart for k8s?)?
dantonbertuol
commented
1 month ago @dantonbertuol The Kubernetes version won't get "basic auth" in the sense of "HTTP Basic Auth". We're currently replacing this via an in app login screen running regular "in product authentication" for a single username/password. So
airbyte-proxywon't be existing in that new scenario and will vanish with our deprecation of docker compose.
Thanks for the answer. So for now, do we have any way of authenticating or managing API keys in Kubernetes, other than using an ingress like Nginx?
dantonbertuol
commented
1 month ago @nataliekwong where is there an article that describes the default username and password (or is this covered in the augmented Helm chart for k8s?)?
https://docs.airbyte.com/using-airbyte/getting-started/oss-quickstart#2-run-airbyte
But from what I understand, abctl uses nginx as a reverse proxy and is therefore able to authenticate. I'm deploying Airbyte on k8s without a reverse proxy and authentication doesn't work.
enhendrickson
commented
1 month ago Yeah, that's what I'm currently doing too, but prior versions of OSS didn't have a password... I'm just wondering, how is this being "turned on by default" ... I mainly worried about locking myself out after the next upgrade
timroes
commented
1 month ago where is there an article that describes the default username and password (or is this covered in the augmented Helm chart for k8s?)?
Those are described here for the new abctl deployment method: https://docs.airbyte.com/using-airbyte/getting-started/oss-quickstart#2-run-airbyte
Thanks for the answer. So for now, do we have any way of authenticating or managing API keys in Kubernetes, other than using an ingress like Nginx?
Yes prior to the abctl method by just deploying Kubernetes you won't have any form of authentication in Airbyte and it's up to you to secure that (either on a network level or configuring a reverse proxy in front that handles auth).
Yeah, that's what I'm currently doing too, but prior versions of OSS didn't have a password... I'm just wondering, how is this being "turned on by default" ... I mainly worried about locking myself out after the next upgrade
There won't be any unknown passwords for you. It will be in the documentation (as linked above) what's the default username/password. In case - what we're currently evaluating - of generating unique passwords per installation (since default username/passwords have a danger of net getting changed and therefore not providing any security), we'll offer a way (via abctl) to retrieve the username/password from the instance, so you can log in. This will be all be documented once we should introduce this.
dantonbertuol
commented
1 month ago where is there an article that describes the default username and password (or is this covered in the augmented Helm chart for k8s?)?
Those are described here for the new
abctldeployment method: https://docs.airbyte.com/using-airbyte/getting-started/oss-quickstart#2-run-airbyteThanks for the answer. So for now, do we have any way of authenticating or managing API keys in Kubernetes, other than using an ingress like Nginx?
Yes prior to the
abctlmethod by just deploying Kubernetes you won't have any form of authentication in Airbyte and it's up to you to secure that (either on a network level or configuring a reverse proxy in front that handles auth).Yeah, that's what I'm currently doing too, but prior versions of OSS didn't have a password... I'm just wondering, how is this being "turned on by default" ... I mainly worried about locking myself out after the next upgrade
There won't be any unknown passwords for you. It will be in the documentation (as linked above) what's the default username/password. In case - what we're currently evaluating - of generating unique passwords per installation (since default username/passwords have a danger of net getting changed and therefore not providing any security), we'll offer a way (via
abctl) to retrieve the username/password from the instance, so you can log in. This will be all be documented once we should introduce this.
Thanks @timroes. And about it: https://github.com/airbytehq/airbyte/issues/17866#issuecomment-2056838210, any news?
timroes
commented
1 month ago @dantonbertuol as mentioned above, there are no plans to add the Airbyte proxy to helm, since it's going away fully in favor of the in product login screen. The linked issue is already closed.
dantonbertuol
commented
1 month ago @dantonbertuol as mentioned above, there are no plans to add the Airbyte proxy to helm, since it's going away fully in favor of the in product login screen. The linked issue is already closed.
Thanks @timroes, how can I stay updated on the login screen? Is there any issue?
timroes
commented
1 month ago @dantonbertuol yes, this very issue here is our roadmap issue about the new native login (screen). So you are already subscribed. We plan to roll this out over the upcoming weeks and will update this issue accordingly.
timroes
commented
1 month ago @dantonbertuol The newest version of abctl (v0.11.0) now generates the credentials randomly and you can use abctl local credentials to retrieve them, see this documentation.
Also find more detailed documentation about authentication here: https://docs.airbyte.com/deploying-airbyte/integrations/authentication
I'm going to close this roadmap issue, since with those changes we consider the native authentication to be available as planned.
To help secure your instance of Airbyte, we will be adding a simple single username/password authentication to all of the OSS Airbyte by default. That way you don't need to worry about accidentally leaking your Airbyte instance in publicly accessible networks. If you prefer to run a custom auth solution (via a reverse proxy or otherwise), you'll still be able to disable the built-in authentication.
RBAC (role based access control) will not be available to OSS, but is included in our Self-Managed Enterprise (https://airbyte.com/product/airbyte-enterprise) version already.