Single password

SUSE Observability Self-hosted

Out of the box, SUSE Observability is configured with a single password configuration, configured during installation. This authenticates users with a single, randomly generated password created by the suse-observability-values chart. The password value can be found as comment in the generated suse-observability-values/templates/baseConfig_values.yaml.

This setup provisions an admin user with the generated password

This method for providing a password is suited to get started out-of-the-box, but for production one of the other authentication options is recommended.

Setting the single password through the values chart

To set an alternative password during installation, add the following line to the values generation command during installation:

helm template \
  ...
  --set adminPassword='<password>' \
  ...
  suse-observability-values \
  suse-observability/suse-observability-values --output-dir $VALUES_DIR

Setting the single password in the helm chart

It is also possible to set the single password directly in the helm install invocation. This is done by creating a bcrypted string of the required password, using htpasswd -bnBC 10 "" <password> | tr -d ':\n' or using an online tool. The fill it into the helm invocation or separate values.yaml.

helm install \
  ...
  --set stackstate.authentication.adminPassword='<bcrypted_password>' \
  ...
  suse-observability \
  suse-observability/suse-observability --output-dir $VALUES_DIR

Using an external secret

When the single password should come from an external secret, follow these steps but fill in the following data:

kind: Secret
metadata:
   name: "<custom-secret-name>"
type: Opaque
data:
  default_password: <base64 of bcrypted password>

Creating a bcrypted version of a password can be done using htpasswd -bnBC 10 "" <password> | tr -d ':\n'.

Setting the single password through the values chart

Setting the single password in the helm chart

Using an external secret

See also