Can't login with users created by FileRealm and secrets

Elastic Orchestration Elastic Cloud on Kubernetes (ECK)
1

Hey,

I'm trying to create a new user on ECK using secrets and FileRealm.

  1. I created the user like explained in the documentation:
# create a folder with the 2 files
mkdir filerealm
touch filerealm/users filerealm/users_roles

# create user 'myuser' with role 'monitoring_user'
docker run \
    -v ${PWD}/filerealm:/usr/share/elasticsearch/config \
    docker.elastic.co/elasticsearch/elasticsearch:{version} \
    bin/elasticsearch-users useradd myuser -p mypassword -r monitoring_user

# create a Kubernetes secret with the file realm content
kubectl create secret generic my-file-realm-secret --from-file filerealm

The user "mysuser" with password "mypassword" now exists inside a secret.

  1. My elastic config looks like this:
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: quickstart
spec:
  version: 7.6.1
  auth:
    fileRealm:
    - secretName: my-filerealm-secret
  nodeSets:
  - name: default
    count: 1
    config:
      node.master: true
      node.data: true
      node.ingest: true
      node.store.allow_mmap: false

Unfortunatly, trying to loging with the credentials set above is not working.
I can't login within Kibana and curling elastic-http is also forbiden if using this particular user.

2

What version of ECK are you running? This is an unreleased feature at the moment, so you would need to be running a pre-release build for those docs to apply. You can click the link in the header at the top of the doc page you linked to make sure you are looking at the current documentation on the site.

3

You're right ! This functionnality seems to be availble on version "1.1" and "master" only.

I have been using the eck version 1.0 which deploys elastic in version 7.6.1.

As the "1.1" version deploys elastic 7.6.2, I updated to 7.6.2 but its still isn't working.

FYI I still have 1.0.1 operator as the link used to download "all-in-one.yaml" for 1.1.0 returns 404.

So I'm still stuck... What should I be deploying if elastic 7.6.2 is not working either ?

Thanks in advance :wink:

4

As @Anya_Sabo said, this is an unreleased feature. You will have to wait until ECK 1.1 is released before you can use this feature.

You can find the latest release of ECK here: https://www.elastic.co/downloads/elastic-cloud-kubernetes

Because you mentioned it: the Elasticsearch version is not tied to the ECK version. We just update the examples in the repository to the latest Elastic stack version on each release. But they are just examples! So you can deploy Elasticsearch or other Elastic stack applications in version 7.6.2 with the already released versions of ECK. It will not give you access to unreleased features though.

5

Ok thanks, I get it.

I'll wait then... :smile:

6

ECK 1.1 just got released. Creating users from secrets works great with elasticsearch !

Though I still have a question which you may help me ? :sweat_smile:

The accounts I made don't work with Kibana... How should I created default users for Kibana as I did for elastic ?

Thx

7

Kibana relies on the Elasticsearch authentication realms.
Any user you create for Elasticsearch can also be used with Kibana, as long as it has the right role (kibana_admin).

8

ah ! Its working. Thx a lot.