pieterlange
commented
6 years ago With this announcement, expect to see more happening in this space in the (near?) future.
elasticsearch-operator looks like a perfect fit to orchestrate all of this
Open vpm-bradleyhession opened 6 years ago
pieterlange
commented
6 years ago With this announcement, expect to see more happening in this space in the (near?) future.
elasticsearch-operator looks like a perfect fit to orchestrate all of this
stevesloka
commented
6 years ago @vpm-bradleyhession there are ways to enable auth, just need to document. Auth adds much bigger issues since there are so many iterations to how you could do it and what way to auth. I'll look to add one to get it started.
@pieterlange yup that's exciting news! Right now the current components will do auth, so not sure we we'd want to swap out or not, will have to dig in to see.
vpm-bradleyhession
commented
6 years ago For now I got around this by using a nginx ingress controller with basic auth. This works fine for now, but would be really nice to have the operator natively support authentication targets.
Thanks,
kfox1111
commented
6 years ago @pieterlange : "Is X-Pack now Open Source?
Open Source licensing maintains a strict definition from the Open Source Initiative (OSI).
As of 6.3, the X-Pack code will be opened under an Elastic EULA. However, it will not be ‘Open Source’ as it will not be covered by an OSI approved license. The interaction model for open X-Pack will be identical to the open source Elastic Stack, including the ability to inspect code, create issues and open pull requests via our existing GitHub repositories. The specific language for the license is still being finalized and will be added to the repositories in the near future. "
stevesloka
commented
6 years ago What does X-Pack do over the current implementation with SearchGuard? We can enable auth with SearchGuard, it's just harder to automate, I need to put together a guide.
pieterlange
commented
6 years ago The licensing remains an issue indeed, thanks for pointing that out @kfox1111.
The benefit of using X-Pack would be to follow the implementations by the vendor but it looks like they're not fully adopting the FLOSS philosophy - security is still a paid addon.
stevesloka
commented
6 years ago I'm going to be doing some work to get OIDC enabled using Search Guard, see #221
kfox1111
commented
6 years ago See https://search-guard.com/product/ for a comparison of the various products and license requirements. OIDC is not a community edition feature FYI. https://docs.search-guard.com/latest/proxy-authentication + keycloak proxy might work. though the page says proxy-auth is deprecated but provides no alternative. :/
kfox1111
commented
5 years ago https://opendistro.github.io/for-elasticsearch/features/security.html looks interesting. :)
Any way to enable authentication for a cluster produced by the operator?
I notice Search Guard is installed for SSL. SearchGuard has native support for many auth providers - https://docs.search-guard.com/latest/authentication-authorization
How can I enable/add these settings to a cluster?
Thanks,