diff --git a/charts/eck-resources/templates/kibana.yaml b/charts/eck-resources/templates/kibana.yaml index eeb45ef..cfb8c6b 100644 --- a/charts/eck-resources/templates/kibana.yaml +++ b/charts/eck-resources/templates/kibana.yaml @@ -11,26 +11,8 @@ spec: config: xpack.security.authc.selector.enabled: true xpack.security.authc.providers: - oidc.oidc1: + basic.basic1: order: 0 - realm: "keycloak" -{{- if and .Values.oidc .Values.oidc.existingSecret }} - {{- $secret := lookup "v1" "Secret" "monitoring" .Values.oidc.existingSecret }} - {{- if and $secret (hasKey $secret "data") }} - {{- $clientSecret := (hasKey $secret.data "clientSecret") | ternary ($secret.data.clientSecret | b64dec | quote) "\"\"" }} - xpack.security.authc.oidc.realms.keycloak: - order: 0 - rp.client_id: "kibana" - rp.response_type: "code" - rp.redirect_uri: "https://{{ .Values.host }}/api/security/oidc/callback" - rp.post_logout_redirect_uri: "https://{{ .Values.host }}" - rp.client_secret: {{ $clientSecret }} - idp.metadata_url: "https://keycloak.dvirlabs.com/realms/{{ .Values.oidc.realm }}/.well-known/openid-configuration" - idp.entity_id: "https://keycloak.dvirlabs.com/realms/{{ .Values.oidc.realm }}" - claim_patterns.principal: "preferred_username" - claim_patterns.groups: "roles" - {{- end }} -{{- end }} http: tls: selfSignedCertificate: diff --git a/manifests/external-secrets/kibana/external-secret.yaml b/manifests/external-secrets/kibana/external-secret.yaml deleted file mode 100644 index 0ade939..0000000 --- a/manifests/external-secrets/kibana/external-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: kibana-oidc - namespace: monitoring -spec: - refreshInterval: 1h - secretStoreRef: - name: vault-oidc-clients - kind: ClusterSecretStore - target: - name: kibana-oidc-secret - creationPolicy: Owner - data: - - secretKey: clientSecret - remoteRef: - key: oidc-clients/kibana-oidc - property: client_secret