Comments (4)
Thanks for helping solve this @dan-niles !
from solr-operator.
@sgauchan88 The password in your security.json should be a sha256(password+salt) hash. You can try using this online encryption tool to generate a password.
I tested out the security.json given below and it worked for me. I added some other endpoints in the permissions list and set the blockUnknown
option as false.
If you really want to secure all your endpoints (Including the probes) you can set probesRequireAuth:true
in the security config and use the following security.json to setup Solr. After the setup you can use the Solr UI or the Authorization API to update the permission for the probes.
{
"authentication": {
"blockUnknown": false,
"class": "solr.BasicAuthPlugin",
"credentials": {
"sandip": "kOPO6E/MScdL8KTc9nmFey0/JpJwZGRdo0RJQO+O4+w= ZnNibnR0Z2NzeG4wN2Jt"
},
"realm": "Solr Basic Auth",
"forwardCredentials": false
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin",
"user-role": {
"sandip": ["admin"]
},
"permissions": [
{
"name": "k8s-probe-0",
"role": null,
"collection": null,
"path": "/admin/info/health"
},
{
"name": "k8s-probe-1",
"role": null,
"collection": null,
"path": "/admin/info/system"
},
{
"name": "k8s-status",
"role": "admin",
"collection": null,
"path": "/admin/collections"
},
{
"name": "k8s-metrics",
"role": "admin",
"collection": null,
"path": "/admin/metrics"
},
{
"name": "k8s-zk",
"role": "admin",
"collection": null,
"path": "/admin/zookeeper/status"
},
{
"name": "k8s-ping",
"role": "admin",
"collection": "*",
"path": "/admin/ping"
},
{
"name": "read",
"role": ["admin"]
},
{
"name": "update",
"role": ["admin"]
},
{
"name": "security-read",
"role": ["admin"]
},
{
"name": "security-edit",
"role": ["admin"]
},
{
"name": "all",
"role": ["admin"]
}
]
}
}
from solr-operator.
@dan-niles thanks. this worked for me. is it necessary to create 2 secrets for solr authentication or it would work only with one secret.
from solr-operator.
@sgauchan88 Yes, I think both secrets are required initially.
- The
user-provided-secret
credential you created, is required by the Solr Operator to check Solr status, ZK status and metrics. - The
solr-basic-auth
you created holds the custom security.json that needs to be bootstrapped by the operator.
Once you have successfully setup authentication on Solr and verified everything is working correctly, I think you can safely delete the solr-basic-auth
secret. But the user-provided-secret
secret is still required.
from solr-operator.
Related Issues (20)
- Shards in a down state after an HPA scale up / scale down event. HOT 2
- User helm chart 0.8.0 with default values thorw the error in ValidationError(SolrCloud.spec): unknown field "scaling" in org.apache.solr.v1beta1.SolrCloud.spec HOT 1
- gen-pkcs12-keystore init container fails if the tls secret contains no ca.crt HOT 1
- Support running the solr operator on ARM nodes HOT 4
- Solr Backup recurrence/schedule not enabled by helm 0.7.1 HOT 1
- Actual running pod counts are different from the HPA-allocated HOT 1
- Add useful Operator metrics
- Support replicaPlacementFactory in solr.xml HOT 2
- Liveness probe failing for Prometheus Exporter connected to a large SolrCloud
- Disabling PodDisruptionBudgets for both zk pods and solr pods HOT 3
- adding automountServiceAccountToken HOT 1
- Replica allocation after Node is DisabledScheduling HOT 1
- zkHost and zkServer generated incorrectly - helm templates HOT 2
- Solr 8.11 with SolrMetrics produces duplicate samples with prometheus v2.52 HOT 12
- Scale down operation fails and is never requeued if `getReplicasForPod` fails transiently HOT 2
- Configure Resources for zookeeper operator HOT 1
- Allow resizing (expanding) of persistent data PVCs
- Upgrade from Kubebuilder 3 to 4
- SolrOperator leads to 404 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from solr-operator.