Customize ECK Elastic Search for Active Directory Realms?

Elastic Orchestration Elastic Cloud on Kubernetes (ECK)
1

Hi Team,

I have a new Elastic Search ECK installation (Running ECK 1.1 and Elastic 7.6.2 ) and need to implement AD Realm security. Is this possible?

I see where ECK supports Native and File Security Realms
https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-users-and-roles.html

Is there a way to customize ECK Elastic Search for Active Directory Realms?

As with the standard ES product?
https://www.elastic.co/guide/en/elasticsearch/reference/current/active-directory-realm.html

Thanks!
Adam

2

You can follow the Elasticsearch documentation for configuring Active Directory with ECK. The configuration values go into the spec.nodeSets[].config section of the YAML manifest. This is an example of how it could be done: https://github.com/elastic/cloud-on-k8s/issues/40#issuecomment-571621798

1 Like
3

Hi Charith, thank you very much for your reply. This is exactly what I needed but I do have a follow-up question please...

What is the recommended way in ECK to edit the role_mapping.yml information? Can I specify the AD role mapping in the nodeSet config?

Such as the following role mapping:

super_user:
  - "CN=Web_Elastic_Admin,OU=DataAccess,OU=ouGroups,DC=bcbsnc,DC=com"
4

You can use the role-mapping APIs or use Kubernetes secrets to provide your own role-mapping file.

1 Like
5

Awesome! Thank you!