You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
^^
- There's room for merging more things together later but this does a
minimal cleanup and alignment between what the various files say.
- Also moved API key tabs to display 1st because the Certificate model
is deprecated
- Cleaned up references to Elasticsearch service, some became ecloud,
some became ech
- I intentionally left mentions of some things that are pre-9.0 because
in a cloud context, users can still run older versions of the stack, and
if we remove them, they'll be documented nowhere since the cloud docs
are unversionned.
- Might have to revisit applies tags once we have the final
implementation in hands
Closes: elastic/docs-projects#345
---------
Co-authored-by: shainaraskas <[email protected]>
Co-authored-by: shainaraskas <[email protected]>
By setting up **remote clusters**, you can connect an {{es}} cluster to other {{es}} clusters. Remote clusters can be located in different data centers, geographic regions, and run on a different type of environment: {{ech}}, {{ece}}, {{eck}}, or self-managed.
6
14
7
-
% Scope notes: "Landing page for cross cluster comms, used by CCS and CCR.
8
-
We will cover here the raw configuration at Elasticsearch level and the docs to enable remote clusters in ESS / ECE / ECK.
9
-
We can include links to the use cases of remote clusters, such as CCR and CCS."
15
+
Remote clusters are especially useful in two cases:
16
+
17
+
-**Cross-cluster replication**
18
+
With [cross-cluster replication](/deploy-manage/tools/cross-cluster-replication.md), or CCR, you ingest data to an index on a remote cluster. This leader index is replicated to one or more read-only follower indices on your local cluster. Creating a multi-cluster architecture with cross-cluster replication enables you to configure disaster recovery, bring data closer to your users, or establish a centralized reporting cluster to process reports locally.
19
+
20
+
-**Cross-cluster search**
21
+
[Cross-cluster search](/solutions/search/cross-cluster-search.md), or CCS, enables you to run a search request against one or more remote clusters. This capability provides each region with a global view of all clusters, allowing you to send a search request from a local cluster and return results from all connected remote clusters. For full {{ccs}} capabilities, the local and remote cluster must be on the same [subscription level](https://www.elastic.co/subscriptions).
22
+
23
+
::::{note} about terminology
24
+
In the case of remote clusters, the {{es}} cluster or deployment initiating the connection and requests is often referred to as the **local cluster**, while the {{es}} cluster or deployment receiving the requests is referred to as the **remote cluster**.
25
+
::::
26
+
27
+
## Setup
28
+
29
+
Depending on the environment the local and remote clusters are deployed on and the security model you wish to use, the exact details needed to add a remote cluster vary but generally follow the same path:
30
+
31
+
1.**Configure trust between clusters.** In the settings of the local deployment or cluster, configure the trust security model that your remote connections will use to access the remote cluster. This step involves specifying API keys or certificates retrieved from the remote clusters.
32
+
33
+
2.**Establish the connection.** In {{kib}} on the local cluster, finalize the connection by specifying each remote cluster's details.
34
+
35
+
Find the instructions with details on the supported security models and available connection modes for your specific scenario:
36
+
37
+
-[Remote clusters with {{ech}}](remote-clusters/ec-enable-ccs.md)
38
+
-[Remote clusters with {{ece}}](remote-clusters/ece-enable-ccs.md)
39
+
-[Remote clusters with {{eck}}](remote-clusters/eck-remote-clusters.md)
40
+
-[Remote clusters with self-managed installations](remote-clusters/remote-clusters-self-managed.md)
* Any node can communicate with another node on the same major version. For example, 9.0 can talk to any 9.x node.
4
+
* Version compatibility is symmetric, meaning that if 7.16 can communicate with 8.0, 8.0 can also communicate with 7.16. The following table depicts version compatibility between local and remote nodes.
Elastic only supports {{ccs}} on a subset of these configurations. See [Supported {{ccs}} configurations](../../../solutions/search/cross-cluster-search.md#ccs-supported-configurations).
@@ -12,7 +15,7 @@ From a deployment’s **Security** page, you can manage trusted environments tha
12
15
* You want to remove or update the access level granted by a cross-cluster API key.
13
16
14
17
15
-
## Remove a trusted environment [ec_remove_a_trusted_environment]
18
+
## Remove a certificate-based trusted environment [ec_remove_a_trusted_environment]
16
19
17
20
By removing a trusted environment, this deployment will no longer be able to establish remote connections using certificate trust to clusters of that environment. The remote environment will also no longer be able to connect to this deployment using certificate trust.
18
21
@@ -25,11 +28,11 @@ With this method, you can only remove trusted environments relying exclusively o
25
28
2. In the list of trusted environments, locate the one you want to remove.
26
29
3. Remove it using the corresponding `delete` icon.
4. Edit the trust configuration for that environment:
47
50
48
-
* From the **Trust level** tab, you can add or remove trusted deployments.
49
-
* From the **Environment settings** tab, you can manage the certificates and the label of the environment.
51
+
* From the **Trust level** tab, you can add or remove trusted deployments.
52
+
* From the **Environment settings** tab, you can manage the certificates and the label of the environment.
50
53
51
54
5. Save your changes.
52
55
@@ -56,28 +59,26 @@ With this method, you can only remove trusted environments relying exclusively o
56
59
This section describes the steps to change the API key used for an existing remote connection. For example, if the previous key expired and you need to rotate it with a new one.
57
60
58
61
::::{note}
59
-
If you need to update the permissions granted by a cross-cluster API key for a remote connection, you only need to update the privileges granted by the API key directly in Kibana.
62
+
If you need to update the permissions granted by a cross-cluster API key for a remote connection, you only need to update the privileges granted by the API key directly in {{kib}}.
60
63
::::
61
64
62
65
63
-
1. On the deployment you will use as remote, use the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) or [Kibana](../api-keys/elasticsearch-api-keys.md) to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for {{ccs}} or {{ccr}}.
66
+
1. On the deployment you will use as remote, use the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) or [{{kib}}](../api-keys/elasticsearch-api-keys.md) to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for {{ccs}} or {{ccr}}.
64
67
2. Copy the encoded key (`encoded` in the response) to a safe location. You will need it in the next steps.
65
68
3. Go to the **Security** page of the local deployment and locate the **Remote connections** section.
66
69
4. Locate the API key currently used for connecting to the remote cluster, copy its current alias, and delete it.
67
70
5. Add the new API key by selecting **Add an API key**.
68
71
69
72
* For the **Setting name**, enter the same alias that was used for the previous key.
70
73
71
-
::::{note}
72
-
If you use a different alias, you also need to re-create the remote cluster in Kibana with a **Name** that matches the new alias.
73
-
::::
74
+
::::{note}
75
+
If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
76
+
::::
74
77
75
-
* For the **Secret**, paste the encoded cross-cluster API key.
78
+
* For the **Secret**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
76
79
77
-
1. Click **Add** to save the API key to the keystore.
80
+
6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
78
81
79
-
6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart Elasticsearch**.<br>
80
-
81
-
::::{note}
82
-
If the local deployment runs on version 8.13 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
83
-
::::
82
+
::::{note}
83
+
If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
# Enabling CCS/R between Elasticsearch Service and ECK [ec-enable-ccs-for-eck]
11
+
# Remote clusters between {{ech}} and ECK [ec-enable-ccs-for-eck]
7
12
8
-
These steps describe how to configure remote clusters between an {{es}} cluster in Elasticsearch Service and an {{es}} cluster running within [Elastic Cloud on Kubernetes (ECK)](/deploy-manage/deploy/cloud-on-k8s.md). Once that’s done, you’ll be able to [run CCS queries from {{es}}](/solutions/search/cross-cluster-search.md) or [set up CCR](/deploy-manage/tools/cross-cluster-replication/set-up-cross-cluster-replication.md).
13
+
These steps describe how to configure remote clusters between an {{es}} cluster in {{ech}} and an {{es}} cluster running within [{{eck}} (ECK)](/deploy-manage/deploy/cloud-on-k8s.md). Once that’s done, you’ll be able to [run CCS queries from {{es}}](/solutions/search/cross-cluster-search.md) or [set up CCR](/deploy-manage/tools/cross-cluster-replication/set-up-cross-cluster-replication.md).
9
14
10
15
11
16
## Establish trust between two clusters [ec_establish_trust_between_two_clusters]
12
17
13
18
The first step is to establish trust between the two clusters.
14
19
15
20
16
-
### Establish trust in the Elasticsearch Service cluster [ec_establish_trust_in_the_elasticsearch_service_cluster]
21
+
### Establish trust in the {{ech}} cluster [ec_establish_trust_in_the_elasticsearch_service_cluster]
17
22
18
23
1. Save the ECK CA certificate to a file. For a cluster named `quickstart`, run:
19
24
@@ -22,7 +27,7 @@ The first step is to establish trust between the two clusters.
22
27
```
23
28
24
29
25
-
1. Update the trust settings forthe Elasticsearch Service deployment. Follow the steps providedin [Access clusters of a self-managed environment](ec-remote-cluster-self-managed.md), and specifically the first three steps in**Specify the deployments trusted to be used as remote clusters** using TLS certificate as security model.
30
+
1. Update the trust settings forthe {{ech}} deployment. Follow the steps providedin [Access clusters of a self-managed environment](ec-remote-cluster-self-managed.md), and specifically the first three steps in**Specify the deployments trusted to be used as remote clusters** using TLS certificate as security model.
26
31
27
32
* Use the certificate file saved in the first step.
28
33
* Select the {{ecloud}} pattern and enter `default.es.local`for the `Scope ID`.
@@ -32,7 +37,7 @@ The first step is to establish trust between the two clusters.
32
37
33
38
### Establish trust in the ECK cluster [ec_establish_trust_in_the_eck_cluster]
34
39
35
-
1. Upload the Elasticsearch Service certificate (that you downloaded in the last step of the previous section) as a Kubernetes secret.
40
+
1. Upload the {{ech}} certificate (that you downloaded in the last step of the previous section) as a Kubernetes secret.
36
41
37
42
```sh
38
43
kubectl create secret generic ce-aws-cert --from-file=<path to certificate file>
@@ -73,16 +78,16 @@ The first step is to establish trust between the two clusters.
73
78
74
79
75
80
76
-
## Setup CCS/R [ec_setup_ccsr]
81
+
## Set up CCS/R [ec_setup_ccsr]
77
82
78
-
Now that trust has been established, you can set up CCS/R from the ECK cluster to the Elasticsearch Service cluster or from the Elasticsearch Service cluster to the ECK cluster.
83
+
Now that trust has been established, you can set up CCS/R from the ECK cluster to the {{ech}} cluster or from the {{ech}} cluster to the ECK cluster.
79
84
80
85
81
-
### ECK Cluster to Elasticsearch Service cluster [ec_eck_cluster_to_elasticsearch_service_cluster]
86
+
### ECK Cluster to {{ech}} cluster [ec_eck_cluster_to_elasticsearch_service_cluster]
82
87
83
88
Configure the ECK cluster [using certificate based authentication](ec-remote-cluster-self-managed.md).
84
89
85
90
86
-
### Elasticsearch Service cluster to ECK Cluster [ec_elasticsearch_service_cluster_to_eck_cluster]
91
+
### {{ech}} cluster to ECK Cluster [ec_elasticsearch_service_cluster_to_eck_cluster]
87
92
88
93
Follow the steps outlined in the [ECK documentation](/deploy-manage/remote-clusters/eck-remote-clusters.md#k8s_configure_the_remote_cluster_connection_through_the_elasticsearch_rest_api).
0 commit comments