File-based
SUSE Observability Self-hosted
Last updated
SUSE Observability Self-hosted
Last updated
In case no external authentication provider can be used, you can use file based authentication. This will require every SUSE Observability user to be pre-configured in the configuration file. For every change made to a user in the configuration, SUSE Observability will automatically restart after applying the changes with Helm.
SUSE Observability includes a number of default roles, see the example configuration below. The permissions assigned to each default role and instructions on how to create other roles can be found in the .
To configure file based authentication on Kubernetes, SUSE Observability users need to be added to the authentication.yaml
file. For example:
Follow the steps below to configure users and apply changes:
In authentication.yaml
- add users. The following configuration should be added for each user (see the example above):
username - the username used to log into SUSE Observability. Only alphanumeric and _ characters are allowed.
passwordHash - the password used to log into SUSE Observability. Passwords are stored as a bcrypt hash.
Store the file authentication.yaml
together with the file values.yaml
from the SUSE Observability installation instructions.
Run a Helm upgrade to apply the changes:
Follow the steps below to configure users and apply changes:
In authentication.yaml
- add users. The following configuration should be added for each user (see the example above):
username - the username used to log into SUSE Observability. Only alphanumeric and _ characters are allowed.
password - the password used to log into SUSE Observability. Passwords are stored as either an MD5 hash or a bcrypt hash.
Restart SUSE Observability to apply the changes.
For every user in the logins section, a record should be added to the secret, filling in the template. For example:
roles - the list of roles that the user is a member of. The are stackstate-admin
, stackstate-power-user
and stackstate-guest
, for details on how to create other roles, see .
roles - the list of roles that the user is a member of. The are stackstate-admin
, stackstate-power-user
, stackstate-k8s-troubleshooter
and stackstate-guest
, for details on how to create other roles, see .
When the user passwords should come from an external secret, follow but fill in the following data: