Setup well know user / roles / credentials on cluster setup

I set up a cluster by using Elastic Cloud on Kubernetes.
I want t provide our predefined custom users / roles as well as predefined credentials for the elastic user.
Setup the password for the elastic user by providing the <clustername>-es-elastic-user secret works. :slight_smile:

For our custom users I provide secrets for my roles, users and users_roles relations as described in Users and roles | Elastic Cloud on Kubernetes [1.2] | Elastic .
The credentials for the users I've created as described in the linked documentation with the elasticsearch-users command.
I just get a HTTP 401 when I try to communicate with the cluster and the API shows no custom users / roles. So no users or roles are created at cluster startup :frowning:

My cluster-setup is very basic yet. The nodeset contains just one node without any specification similar to the "quickstart" example. Do I need more configuration for getting the usermanagement working? (We currently run version 1.2.1 of the eck operator.)

The cluster:

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: mycluster
spec:
  version: 7.9.1
  auth:
    # define our custom roles here
    roles:
      - secretname: mycluster-roles
    # define our users here
    fileRealm:
      - secretname: mycluster-users
      - secretname: mycluster-users-roles
[...]

mycluster-roles:

kind: Secret
apiVersion: v1
metadata:
    name: mycluster-roles
    namespace: my-namspace
stringData:
    roles.yml: |-
        my-role:
          run_as: []
          cluster: [ 'monitor' ]
          [...]

mycluster-users:

apiVersion: v1
kind: Secret
metadata:
    name: mycluster-users
    namespace: my-namspace
stringData:
    users: |-
        my-user1:<clear text password | brypted password - does no matter>
        my-user2:<clear text password | brypted password - does no matter>
        my-user3:<clear text password | brypted password - does no matter>

This seems like a syntax issue in your cluster definition yaml.
The secret name key should be in camel case: secretName:

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: mycluster
spec:
  version: 7.9.1
  auth:
    # define our custom roles here
    roles:
      - secretName: mycluster-roles
    # define our users here
    fileRealm:
      - secretName: mycluster-users
      - secretName: mycluster-users-roles
[...]

Oh no. Really? Shame on me :frowning:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.