-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature]: It is necessary to add authentication to external etcd #28895
Comments
/assign @PowderLi |
issue: #28895 add 3 configuration for ETCD config Signed-off-by: PowderLi <min.li@zilliz.com>
@PowderLi Will TLS endpoints be supported as well? |
add configuration items like this:
/unassign |
what about externalEtcd. how to add auth. |
you mean how to use helm to deploy? |
update |
yep, I deployed by helm chats. it still nor recongnized username and password.
my config like this: extraConfigFiles:
user.yaml: |+
common:
security:
authorizationEnabled: true
etcd:
auth:
enable: true
userName: etcdusername
password: etcdpwd
........
externalEtcd:
enabled: true
endpoints:
- http://etcd.etcd.svc.cluster.local:2379 |
maybe forget to update etcd.rbac.enable: true, just try it if still fail, please upload etcd's log and related log |
my external etcd work well(enabled rbac), it verified by other program.
my etcd key config: image:
registry: docker.io
repository: bitnami/etcd
tag: 3.5.10-debian-11-r2
........
replicaCount: 5
........
auth:
## Role-based access control parameters
## ref: https://etcd.io/docs/current/op-guide/authentication/
##
rbac:
## @param auth.rbac.create Switch to enable RBAC authentication
##
create: true
## @param auth.rbac.allowNoneAuthentication Allow to use etcd without configuring RBAC authentication
##
allowNoneAuthentication: true
## @param auth.rbac.rootPassword Root user password. The root user is always `root`
##
rootPassword: "etcdpwd"
k8s milvus default.yaml etcd:
endpoints:
- http://etcd.etcd.svc.cluster.local:2379
metastore:
type: etcd k8s milvus user.yaml common:
security:
authorizationEnabled: true
etcd:
auth:
enable: true
userName: etcdusernmae
password: etcdpwd |
sorry, I'm not good at answering such questions: etcd's warning log, may related to network did milvus run well? any ERROR/WARN log? |
Thank you for your many thoughtful answer, I think it caused by milvus connected etcd uncorrectly,maybe has a little bug, I wait someone have same issue with me and find a way to solve this problem. thanks for your work. |
@PowderLi hi, I find the problem, no matter true or false for etcd.rbac.enable, the etcd authentication is still off in fact, so you get a wrong tested result. this is a bug. |
Is there an existing issue for this?
Is your feature request related to a problem? Please describe.
I deployed milvus used helm(cpu), when I enable external etcd rbac auth, milvus cannot connect it cause service configuration only has two parameters :externalEtcd.enabled and externalEtcd.endpoints.
Describe the solution you'd like.
configuration need add some parameters like this.
Describe an alternate solution.
used milvus internal etcd or disabled external etcd auth, milvus will work well now.
Anything else? (Additional Context)
No response
The text was updated successfully, but these errors were encountered: