Skip to content

Commit

Permalink
Update link
Browse files Browse the repository at this point in the history
  • Loading branch information
josunect committed Sep 12, 2024
1 parent d9933ca commit 5a0e6e8
Show file tree
Hide file tree
Showing 5 changed files with 4 additions and 61 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -77,4 +77,4 @@ spec:
health_check_url: ""
```
To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../FAQ/authentication#how-to-configure-a-secret-as-password-for-external-services" >}})
To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../FAQ/installation#how-can-i-use-a-secret-to-pass-external-service-credentials-to-the-kiali-server" >}})
Original file line number Diff line number Diff line change
Expand Up @@ -189,4 +189,4 @@ spec:
health_check_url: ""
```

To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../FAQ/authentication#how-to-configure-a-secret-as-password-for-external-services" >}})
To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../FAQ/installation#how-can-i-use-a-secret-to-pass-external-service-credentials-to-the-kiali-server" >}})
Original file line number Diff line number Diff line change
Expand Up @@ -72,4 +72,4 @@ spec:
health_check_url: ""
```

To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../../FAQ/authentication#how-to-configure-a-secret-as-password-for-external-services" >}})
To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../../FAQ/installation#how-can-i-use-a-secret-to-pass-external-service-credentials-to-the-kiali-server" >}})
Original file line number Diff line number Diff line change
Expand Up @@ -253,4 +253,4 @@ spec:
health_check_url: ""
```

To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../../FAQ/authentication#how-to-configure-a-secret-as-password-for-external-services" >}})
To configure a secret to be used as a password, see this [FAQ entry]({{< relref "../../../FAQ/installation#how-can-i-use-a-secret-to-pass-external-service-credentials-to-the-kiali-server" >}})
57 changes: 0 additions & 57 deletions content/en/docs/FAQ/authentication.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,60 +58,3 @@ spec:
port:
number: 20001
```
### How to configure a secret as password for external services
The external services as [Prometheus]({{< relref "../Configuration/p8s-jaeger-grafana/prometheus" >}}), [Grafana]({{< relref "../Configuration/p8s-jaeger-grafana/grafana" >}}), [Jaeger]({{< relref "../Configuration/p8s-jaeger-grafana/tracing/jaeger" >}}) or [Tempo]({{< relref "../Configuration/p8s-jaeger-grafana/tracing/tempo" >}}), can use a secret in order to specify the password for authentication.
1. Create a secret with the prometheus password in it. The key must be value.txt:
```
kubectl -n istio-system create secret generic my-prom-secret --from-literal=value.txt=my-own-password
```

2. Create a values file that:

* Defines a custom secret and mounts it to the place that Kiali Server expects to see it
* Tell Kiali to use that secret for the prometheus password:

```
deployment:
custom_secrets:
- name: "my-prom-secret"
mount: "/kiali-override-secrets/prometheus-password"
```

The custom folders should be one of the following:

- grafana-password
- grafana-token
- prometheus-password
- prometheus-token
- tracing-password
- tracing-token
- login-token-signing-key

```
external_services:
prometheus:
auth:
password: "secret:my-prom-secret:value.txt"
```

3. Install with the server helm chart using that values file:

```
helm install \
--namespace istio-system \
--set deployment.custom_secrets[0].name="my-prom-secret" \
--set deployment.custom_secrets[0].mount="/kiali-override-secrets/prometheus-password" \
--set external_services.prometheus.auth.password="secret:my-prom-secret:value.txt" \
--set auth.strategy="anonymous" \
--set deployment.logger.log_level="debug" \
kiali-server \
kiali/kiali-server
```

If this works, there should be a debug log message in the kiali server:
```
2024-09-10T09:56:24Z DBG Credentials loaded from secret file [/kiali-override-secrets/prometheus-password/value.txt]
```

0 comments on commit 5a0e6e8

Please sign in to comment.