LogoLogo
StackState.comDownloadSupportExplore playground
StackState v6.0
StackState v6.0
  • StackState docs!
  • Docs for all StackState products
  • 🚀Get started
    • Quick start guide
    • StackState walk-through
    • SUSE Rancher Prime
      • Air-gapped
      • Agent Air-gapped
  • 🦮Guided troubleshooting
    • What is guided troubleshooting?
    • YAML Configuration
    • Changes
    • Logs
  • 🚨Monitors and alerts
    • Monitors
    • Out of the box monitors for Kubernetes
    • Notifications
      • Configure notifications
      • Notification channels
        • Slack
        • Teams
        • Webhook
        • Opsgenie
      • Troubleshooting
    • Customize
      • Add a monitor using the CLI
      • Override monitor arguments
      • Write a remediation guide
  • 📈Metrics
    • Explore Metrics
    • Custom charts
      • Adding custom charts to components
      • Writing PromQL queries for representative charts
      • Troubleshooting custom charts
    • Advanced Metrics
      • Grafana Datasource
      • Prometheus remote_write
      • OpenMetrics
  • 📑Logs
    • Explore Logs
    • Log Shipping
  • 🔭Traces
    • Explore Traces
  • 📖Health
    • Health synchronization
    • Send health data over HTTP
      • Send health data
      • Repeat Snapshots JSON
      • Repeat States JSON
      • Transactional Increments JSON
    • Debug health synchronization
  • 🔍Views
    • Kubernetes views
    • Custom views
    • Component views
    • Explore views
    • View structure
      • Filters
      • Overview perspective
      • Highlights perspective
      • Topology perspective
      • Events perspective
      • Metrics perspective
      • Traces perspective
    • Timeline and time travel
  • 🕵️Agent
    • Network configuration
      • Proxy Configuration
    • Using a custom registry
    • Custom Secret Management
    • Request tracing
      • Certificates for sidecar injection
  • 🔭Open Telemetry
    • Getting started
    • Open telemetry collector
    • Languages
      • Generic Exporter configuration
      • Java
      • Node.js
      • .NET
      • Verify the results
    • Troubleshooting
  • CLI
    • StackState CLI
  • 🚀Self-hosted setup
    • Install StackState
      • Requirements
      • Kubernetes / OpenShift
        • Kubernetes install
        • OpenShift install
        • Required Permissions
        • Non-high availability setup
        • Small profile setup
        • Override default configuration
        • Configure storage
        • Exposing StackState outside of the cluster
      • Initial run guide
      • Troubleshooting
        • Logs
    • Configure StackState
      • Slack notifications
      • Stackpacks
    • Release Notes
      • v1.11.0 - 18/07/2024
      • v1.11.3 - 15/08/2024
      • v1.11.4 - 29/08/2024
      • v1.12.0 - 24/10/2024
      • v1.12.1 - 08/11/2024
    • Upgrade StackState
      • Steps to upgrade
      • Version-specific upgrade instructions
    • Uninstall StackState
    • Air-gapped
      • StackState air-gapped
      • StackState Kubernetes Agent air-gapped
    • Data management
      • Backup and Restore
        • Kubernetes backup
        • Configuration backup
      • Data retention
      • Clear stored data
    • Security
      • Authentication
        • Authentication options
        • File-based
        • LDAP
        • Open ID Connect (OIDC)
        • KeyCloak
        • Service tokens
      • RBAC
        • Role-based Access Control
        • Permissions
        • Roles
        • Scopes
      • Self-signed certificates
  • 🔐Security
    • Service Tokens
    • Ingestion API Keys
  • ☁️SaaS
    • User Management
  • Reference
    • StackState Query Language (STQL)
    • Chart units
Powered by GitBook
LogoLogo

Legal notices

  • Privacy
  • Cookies
  • Responsible disclosure
  • SOC 2/SOC 3
On this page
  • Overview
  • Set up file based authentication
  • Kubernetes
  • See also
  1. Self-hosted setup
  2. Security
  3. Authentication

File-based

StackState Self-hosted

PreviousAuthentication optionsNextLDAP

Last updated 10 months ago

Overview

In case no external authentication provider can be used, you can use file based authentication. This will require every StackState user to be pre-configured in the configuration file. For every change made to a user in the configuration, StackState will automatically restart after applying the changes with Helm.

StackState includes a number of default roles, see the example configuration below. The permissions assigned to each default role and instructions on how to create other roles can be found in the .

Set up file based authentication

Kubernetes

To configure file based authentication on Kubernetes, StackState users need to be added to the authentication.yaml file. For example:


stackstate:
  authentication:
    file:
      logins:
        - username: admin
          passwordHash: 5f4dcc3b5aa765d61d8327deb882cf99
          roles: [ stackstate-admin ]
        - username: platformadmin
          passwordHash: 5f4dcc3b5aa765d61d8327deb882cf99
          roles: [ stackstate-platform-admin ]
        - username: guest
          passwordHash: 5f4dcc3b5aa765d61d8327deb882cf99
          roles: [ stackstate-guest ]
        - username: power-user
          passwordHash: 5f4dcc3b5aa765d61d8327deb882cf99
          roles: [ stackstate-power-user ]
        - username: troubleshooter
          passwordHash: 5f4dcc3b5aa765d61d8327deb882cf99
          roles: [ stackstate-k8s-troubleshooter ]

Follow the steps below to configure users and apply changes:

  1. In authentication.yaml - add users. The following configuration should be added for each user (see the example above):

    • username - the username used to log into StackState.

    • passwordHash - the password used to log into StackState. Passwords are stored as a bcrypt hash.

  2. Store the file authentication.yaml together with the file values.yaml from the StackState installation instructions.

  3. Run a Helm upgrade to apply the changes:

     helm upgrade \
       --install \
       --namespace stackstate \
       --values values.yaml \
       --values authentication.yaml \
     stackstate \
     stackstate/stackstate-k8s

Note:

  • A bcrypt password hash can be generated using the following command line htpasswd -bnBC 10 "" <password> | tr -d ':\n' or using an online tool.

  • The first run of the helm upgrade command will result in pods restarting, which may cause a short interruption of availability.

  • Include authentication.yaml on every helm upgrade run.

  • The authentication configuration is stored as a Kubernetes secret.

Follow the steps below to configure users and apply changes:

  1. In authentication.yaml - add users. The following configuration should be added for each user (see the example above):

    • username - the username used to log into StackState.

    • password - the password used to log into StackState. Passwords are stored as either an MD5 hash or a bcrypt hash.

  2. Restart StackState to apply the changes.

Note:

  • An MD5 password hash can be generated using the md5sum or md5 command line applications on Linux and Mac.

  • A bcrypt password hash can be generated using the following command line htpasswd -bnBC 10 "" <password> | tr -d ':\n' or using an online tool.

See also

roles - the list of roles that the user is a member of. The are stackstate-admin,stackstate-platform-admin, stackstate-power-user and stackstate-guest, for details on how to create other roles, see .

roles - the list of roles that the user is a member of. The are stackstate-admin, stackstate-platform-admin, stackstate-power-user, stackstate-k8s-troubleshooter and stackstate-guest, for details on how to create other roles, see .

🚀
Role based access control (RBAC) documentation
Authentication options
Create RBAC roles
RBAC roles
RBAC roles
default StackState roles
default StackState roles
Permissions for predefined StackState roles