From 19a9fbb0de61fe6d4e186b1b763b6473ff8706ea Mon Sep 17 00:00:00 2001
From: josunect <josune.cordoba@gmail.com>
Date: Tue, 10 Sep 2024 12:03:55 +0100
Subject: [PATCH] Update faq

---
 .../p8s-jaeger-grafana/grafana.md             |  4 +-
 .../p8s-jaeger-grafana/prometheus.md          |  4 +-
 .../p8s-jaeger-grafana/tracing/jaeger.md      |  4 +-
 .../p8s-jaeger-grafana/tracing/tempo.md       |  4 +-
 content/en/docs/FAQ/authentication.md         | 56 +++++++++++++++++++
 5 files changed, 68 insertions(+), 4 deletions(-)

diff --git a/content/en/docs/Configuration/p8s-jaeger-grafana/grafana.md b/content/en/docs/Configuration/p8s-jaeger-grafana/grafana.md
index 775776bc7..4ae97de37 100644
--- a/content/en/docs/Configuration/p8s-jaeger-grafana/grafana.md
+++ b/content/en/docs/Configuration/p8s-jaeger-grafana/grafana.md
@@ -69,4 +69,6 @@ spec:
         use_kiali_token: false
         username: "user"
       health_check_url: ""
-```
\ No newline at end of file
+```
+
+To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../FAQ/authentication#how-to-configure-a-secret-as-password-for-external-services" >}})
\ No newline at end of file
diff --git a/content/en/docs/Configuration/p8s-jaeger-grafana/prometheus.md b/content/en/docs/Configuration/p8s-jaeger-grafana/prometheus.md
index b00e3bace..3d179bb66 100644
--- a/content/en/docs/Configuration/p8s-jaeger-grafana/prometheus.md
+++ b/content/en/docs/Configuration/p8s-jaeger-grafana/prometheus.md
@@ -187,4 +187,6 @@ spec:
         use_kiali_token: false
         username: "user"
       health_check_url: ""
-```
\ No newline at end of file
+```
+
+To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../FAQ/authentication#how-to-configure-a-secret-as-password-for-external-services" >}})
\ No newline at end of file
diff --git a/content/en/docs/Configuration/p8s-jaeger-grafana/tracing/jaeger.md b/content/en/docs/Configuration/p8s-jaeger-grafana/tracing/jaeger.md
index fd4d2b131..389cb7953 100644
--- a/content/en/docs/Configuration/p8s-jaeger-grafana/tracing/jaeger.md
+++ b/content/en/docs/Configuration/p8s-jaeger-grafana/tracing/jaeger.md
@@ -70,4 +70,6 @@ spec:
         use_kiali_token: false
         username: "user"
       health_check_url: ""
-```
\ No newline at end of file
+```
+
+To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../../FAQ/authentication#how-to-configure-a-secret-as-password-for-external-services" >}})
\ No newline at end of file
diff --git a/content/en/docs/Configuration/p8s-jaeger-grafana/tracing/tempo.md b/content/en/docs/Configuration/p8s-jaeger-grafana/tracing/tempo.md
index b0018c7d6..df6d1a85b 100644
--- a/content/en/docs/Configuration/p8s-jaeger-grafana/tracing/tempo.md
+++ b/content/en/docs/Configuration/p8s-jaeger-grafana/tracing/tempo.md
@@ -251,4 +251,6 @@ spec:
         use_kiali_token: false
         username: "user"
       health_check_url: ""
-```
\ No newline at end of file
+```
+
+To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../../FAQ/authentication#how-to-configure-a-secret-as-password-for-external-services" >}})
\ No newline at end of file
diff --git a/content/en/docs/FAQ/authentication.md b/content/en/docs/FAQ/authentication.md
index 325b3ea28..13089e85d 100644
--- a/content/en/docs/FAQ/authentication.md
+++ b/content/en/docs/FAQ/authentication.md
@@ -59,3 +59,59 @@ spec:
           number: 20001
 ```
 
+### How to configure a secret as password for external services
+
+The external services as [Prometheus]({{< relref "../Configuration/p8s-jaeger-grafana/prometheus" >}}), [Grafana]({{< relref "../Configuration/p8s-jaeger-grafana/grafana" >}}), [Jaeger]({{< relref "../Configuration/p8s-jaeger-grafana/tracing/jaeger" >}}) or [Tempo]({{< relref "../Configuration/p8s-jaeger-grafana/tracing/tempo" >}}), can use a secret in order to specify the password for authentication. 
+
+1. Create a secret with the prometheus password in it. The key must be value.txt:
+```
+kubectl -n istio-system create secret generic my-prom-secret --from-literal=value.txt=my-own-password
+```
+
+2. Create a values file that:
+
+* Defines a custom secret and mounts it to the place that Kiali Server expects to see it
+* Tell Kiali to use that secret for the prometheus password:
+
+```
+ deployment:
+   custom_secrets:
+   - name: "my-prom-secret"
+     mount: "/kiali-override-secrets/prometheus-password"
+```
+
+The custom folders should be one of the following: 
+
+- grafana-password
+- grafana-token
+- prometheus-password
+- prometheus-token
+- tracing-password
+- tracing-token
+- login-token-signing-key
+
+```
+ external_services:
+   prometheus:
+     auth:
+       password: "secret:my-prom-secret:value.txt"
+```
+
+3. Install with the server helm chart using that values file:
+
+```
+helm install \
+    --namespace istio-system \
+    --set deployment.custom_secrets[0].name="my-prom-secret" \
+    --set deployment.custom_secrets[0].mount="/kiali-override-secrets/prometheus-password" \
+    --set external_services.prometheus.auth.password="secret:my-prom-secret:value.txt" \
+    --set auth.strategy="anonymous" \
+    --set deployment.logger.log_level="debug" \
+    kiali-server \
+    kiali/kiali-server
+```
+
+If this works, there should be a debug log message in the kiali server:
+```
+2024-09-10T09:56:24Z DBG Credentials loaded from secret file [/kiali-override-secrets/prometheus-password/value.txt]
+```
\ No newline at end of file