From 7a33d8212b0cc3a0fb0912a45441bd0638c1b50a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beatrice=20Dellac=C3=A0?= <hello@beatrice.wtf>
Date: Mon, 31 Mar 2025 10:30:57 +0200
Subject: [PATCH] make kibana use oauth2

---
 deploy/elk-stack/kibana.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/deploy/elk-stack/kibana.yaml b/deploy/elk-stack/kibana.yaml
index 70c5be0..d68730a 100644
--- a/deploy/elk-stack/kibana.yaml
+++ b/deploy/elk-stack/kibana.yaml
@@ -7,3 +7,13 @@ spec:
   count: 2
   elasticsearchRef:
     name: elasticsearch-ha
+  config:
+    # Enable OIDC and basic auth as available providers.
+    xpack.security.authc.providers: [oidc, basic]
+    # Specify which OIDC realm to use (this should match the name of your OIDC realm in Elasticsearch)
+    xpack.security.authc.oidc.realm: "panic-haus"
+    # Client settings that Kibana will use (and which must match your OIDC realm settings in Elasticsearch)
+    xpack.security.authc.oidc.client_id: "kibana"
+    xpack.security.authc.oidc.client_secret: "NDgPp4m8IhdpZ5z6wrCFByD9Y00dN7ga"
+    # The URL for the Keycloak OpenID Connect discovery document.
+    xpack.security.authc.oidc.openid_connect_url: "https://sso.panic.haus/realms/panic-haus/.well-known/openid-configuration"
\ No newline at end of file