Closed schotten closed 5 months ago
@schotten Can you try adding another permission to security.json as follows...
{
"name":"k8s-probe-1",
"role":null,
"collection":null,
"path":"/admin/info/health"
}
I think the operator needs access to the /admin/info/health
endpoint for readiness probes.
@dan-niles, i tryed your suggestion. Unfortunitly, the problem not solve. Even adding the rule in the security.json, the problem persist (not create the StatefulSets to Solr)
@schotten Maybe the password of your k8s-oper is not the same as the one in the secret. Can you try including basicAuthSecret
in your helm config like this...
security:
authenticationType: Basic
basicAuthSecret: solr-basic-auth
bootstrapSecurityJson:
name: solr-security-roles
key: security.json
First you will have to create a new Basic Authentication Secret called solr-basic-auth
like this...
apiVersion: v1
kind: Secret
metadata:
name: solr-basic-auth
type: kubernetes.io/basic-auth
stringData:
username: k8s-oper
password: some-password ### Change this
Then replace the password for the k8s-oper
in your security.json with the one you set in the above solr-basic-auth
. You will have to encrypt the password, when you put it in security.json. You can do it with this Online Solr Password Encryption Tool.
After that, update your solr-security-roles
with the new security.json.
@dan-niles ! Fantastic!!! Now, the problem is solved!!!
Only for informations (for other people who may have this problem), I:
1 - Create the solr-basic-auth
2 - Created the my security.json in the k8s
The user is necessary granted roles. In my case, i used the user "admin".
Again @dan-niles , tanks for your help!!!
Dear, I'm configure the solr in the kubernets with the helms
I managed to successfully configure the enviroment without authentication. I was able to configure authentication with standard security.json with the config:![image](https://github.com/apache/solr-operator/assets/57331623/8b2ec682-df29-40b1-be2a-b4ffec436984)
The problem showed, when, i tryed add the custom security config because the StatefulSets to solr not more created when execute the helm. To security configuration, i was there information: helm envs:
Secret in kubernets
![image](https://github.com/apache/solr-operator/assets/57331623/3fea75b8-67b0-4721-8881-922dbeb6f457)
Data of security.json
{ "authentication":{ "blockUnknown": false, "class":"solr.BasicAuthPlugin", "credentials": {"admin":"mc3VwRwy3tp/H9is7tqwAgxWfrUKCZKY13nrLI0NDE0= ntYIIAFZJR9MtewC7B7Wldz/9ZO5ipvMJiPpUbdH8Zs=","k8s-oper":"mRjDtN/bNbPP+OdcyqCg+35ZoiwC3hMMiL54T/UjrJ4= nt5ls0z++zxZ8AEUZ66d2D9EkY6uM5a3amxobr00qKY=","solr":"4wN1+kTNTs9kIvCITmzIOqrpIFHluaYLwYV8jo2JxXc= UdtJJIPfX8NGws33FWvQ4CHcvZ+R2QwS9eMvVMx6DhY="}, "realm":"Solr Basic Auth", "forwardCredentials": false }, "authorization": { "class": "solr.RuleBasedAuthorizationPlugin", "user-role": { "admin": ["admin", "k8s"], "k8s-oper": ["k8s"], "solr": ["users", "k8s"] }, "permissions": [ { "name": "k8s-probe-0", "role":null, "collection": null, "path":"/admin/info/system" }, { "name": "k8s-status", "role":"k8s", "collection": null, "path":"/admin/collections" }, { "name": "k8s-metrics", "role":"k8s", "collection": null, "path":"/admin/metrics" }, { "name": "k8s-zk", "role":"k8s", "collection": null, "path":"/admin/zookeeper/status" }, { "name": "k8s-ping", "role":"k8s", "collection": "*", "path":"/admin/ping" }, { "name": "read", "role":["admin","users"] }, { "name": "update", "role":["admin"] }, { "name": "security-read", "role": ["admin"] }, { "name": "security-edit", "role": ["admin"] }, { "name": "all", "role":["admin"] } ] } }
Result after helm install![image](https://github.com/apache/solr-operator/assets/57331623/e65edc96-004e-45be-b9a4-538c49a4be0e)
Can you help me?
Obs: I used the same secret that automatic generate when used only the "authenticationType: Basic" without "bootstrapSecurityJson". The Kubernets not showed any message of error or warning.