What is the best practice for the user and role management with the operator?
Is it preferable to create users k8s resources or is it better to create users via Kibana?
is there a way to do custom roles via k8s resources?
What is the best practice for the user and role management with the operator?
Is it preferable to create users k8s resources or is it better to create users via Kibana?
is there a way to do custom roles via k8s resources?
The user CRD that exists in 0.8.0 is going away in the next release. The recommended way to manage users is through the native realm either via the API or Kibana.
Without a User CRD how are we expected to automate the creation of Users for clients in the cluster and , as part of user creation, create a Kubernetes Secret for clients to consume ?
We are using flux as a gitops operator and just started testing the eck operator so creating the users out of band with API or Kibana is kind of an antipattern for us ... in our current implementation we are not using users and just relying on network policy to control access but was hoping that moving to the eck operator would allow us to use the security plugin properly.
@fciocchetti we are still discussing making this easier for users that want gitops style file based configuration. One issue to follow is https://github.com/elastic/cloud-on-k8s/issues/728
This issue also contains hints how to configure users today without a dedicated CRD by creating a k8s secret with the correct metadata in https://github.com/elastic/cloud-on-k8s/issues/728#issuecomment-553139824
Please note that the approach described in the comment is not an officially supported way of configuring users and we might change the format of the secret in future releases.
@pebrc Thank you for pointing that out to me, i am now following the issue
I will give a try to the secret for user creation, it might be just enough for me right now
thanks!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.