Customize ECK Elastic Search for Active Directory Realms?

Adam_Fink · May 11, 2020, 8:23pm

Hi Team,

I have a new Elastic Search ECK installation (Running ECK 1.1 and Elastic 7.6.2 ) and need to implement AD Realm security. Is this possible?

I see where ECK supports Native and File Security Realms
https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-users-and-roles.html

Is there a way to customize ECK Elastic Search for Active Directory Realms?

As with the standard ES product?
https://www.elastic.co/guide/en/elasticsearch/reference/current/active-directory-realm.html

Thanks!
Adam

charith-elastic · May 12, 2020, 7:16am

You can follow the Elasticsearch documentation for configuring Active Directory with ECK. The configuration values go into the spec.nodeSets[].config section of the YAML manifest. This is an example of how it could be done: https://github.com/elastic/cloud-on-k8s/issues/40#issuecomment-571621798

Adam_Fink · May 12, 2020, 9:33pm

Hi Charith, thank you very much for your reply. This is exactly what I needed but I do have a follow-up question please...

What is the recommended way in ECK to edit the role_mapping.yml information? Can I specify the AD role mapping in the nodeSet config?

Such as the following role mapping:

super_user:
  - "CN=Web_Elastic_Admin,OU=DataAccess,OU=ouGroups,DC=bcbsnc,DC=com"

charith-elastic · May 13, 2020, 7:18am

You can use the role-mapping APIs or use Kubernetes secrets to provide your own role-mapping file.

Adam_Fink · May 14, 2020, 2:21pm

Awesome! Thank you!