I am experimenting with the Keycloak SSO integration and i could not finish the guide because i could not set the run_as parameter on the dashboard config file:
hosts:
- default:
url: https://localhost
port: 55000
username: wazuh-wui
password: "<WAZUH_WUI_PASSWORD>"
run_as: true
As a workaround i have used this little script on the post start hook since the additionalVolumes and additionalVolumeMounts attributes are not available for the dashboard:
extraSpec:
container:
lifecycle:
postStart:
exec:
command:
- /bin/bash
- -c
- |
for i in {1..30}; do
if grep -q "run_as" /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml; then
sed -i 's/run_as: false/run_as: true/g' /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
break
fi
sleep 2
doneSince the file to be edited is the config file at /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml, which also contains the api cred username and password, i think it would be preferable to add a parameter to set just the run_as option because one would then mount a configmap with a secret in clear text, which is not a good practice.
I am experimenting with the Keycloak SSO integration and i could not finish the guide because i could not set the run_as parameter on the dashboard config file:
As a workaround i have used this little script on the post start hook since the additionalVolumes and additionalVolumeMounts attributes are not available for the dashboard:
Since the file to be edited is the config file at /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml, which also contains the api cred username and password, i think it would be preferable to add a parameter to set just the run_as option because one would then mount a configmap with a secret in clear text, which is not a good practice.