I set up a cluster by using Elastic Cloud on Kubernetes.
I want t provide our predefined custom users / roles as well as predefined credentials for the elastic
user.
Setup the password for the elastic
user by providing the <clustername>-es-elastic-user secret
works.
For our custom users I provide secrets for my roles, users and users_roles relations as described in Users and roles | Elastic Cloud on Kubernetes [1.2] | Elastic .
The credentials for the users I've created as described in the linked documentation with the elasticsearch-users
command.
I just get a HTTP 401 when I try to communicate with the cluster and the API shows no custom users / roles. So no users or roles are created at cluster startup
My cluster-setup is very basic yet. The nodeset contains just one node without any specification similar to the "quickstart" example. Do I need more configuration for getting the usermanagement working? (We currently run version 1.2.1 of the eck operator.)
The cluster:
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: mycluster
spec:
version: 7.9.1
auth:
# define our custom roles here
roles:
- secretname: mycluster-roles
# define our users here
fileRealm:
- secretname: mycluster-users
- secretname: mycluster-users-roles
[...]
mycluster-roles:
kind: Secret
apiVersion: v1
metadata:
name: mycluster-roles
namespace: my-namspace
stringData:
roles.yml: |-
my-role:
run_as: []
cluster: [ 'monitor' ]
[...]
mycluster-users:
apiVersion: v1
kind: Secret
metadata:
name: mycluster-users
namespace: my-namspace
stringData:
users: |-
my-user1:<clear text password | brypted password - does no matter>
my-user2:<clear text password | brypted password - does no matter>
my-user3:<clear text password | brypted password - does no matter>