added sections and references in credentials handling in ECK (#2366)

eedugon · shainaraskas · web-flow · commit ff063c63d809 · 2025-08-08T17:00:09.000Z
This PR improves [ECK managed credentials](https://www.elastic.co/docs/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck) doc, with: - Making it more complete, to look more similar to the original https://www.elastic.co/guide/en/cloud-on-k8s/2.16/k8s-users-and-roles.html - Adding a link to that doc from the ECK Configure deployments landing page, otherwise it's not easy to find that document. - Updated the example to use {{version.stack}} variable. [Preview](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/2366/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck) --------- Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com>
diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md b/deploy-manage/deploy/cloud-on-k8s/configure-deployments.md
@@ -19,6 +19,8 @@ This section provides details around {{kib}} and {{es}} configuration when runni
 
 Additionally, the following topics apply to both {{es}} and {{kib}}, and in some cases, to other applications supported by ECK:
 
+* [**Users and roles**](/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md): Learn how to work with managed credentials, create custom users, and configure authentication realms.
+
 * [**Access services**](accessing-services.md): Learn how to access to the orchestrated clusters and how to adapt the Kubernetes services to your needs.
 
 * [**Customize Pods**](customize-pods.md): Learn how to adapt the `podTemplate` field to your needs.
diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
@@ -36,13 +36,13 @@ kubectl get secret quickstart-es-elastic-user -o go-template='{{.data.elastic |
 
 If your prefer to manage all users via SSO, for example using [SAML Authentication](../../../deploy-manage/users-roles/cluster-or-deployment-auth/saml.md) or OpenID Connect, you can disable the default `elastic` superuser by setting the `auth.disableElasticUser` field in the {{es}} resource to `true`:
 
-```yaml
+```yaml subs=true
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
   name: elasticsearch-sample
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   auth:
     disableElasticUser: true
   nodeSets:
@@ -72,3 +72,31 @@ kubectl delete secret -l eck.k8s.elastic.co/credentials=true
 ::::{warning}
 This command regenerates auto-generated credentials of **all** {{stack}} applications in the namespace.
 ::::
+
+## Creating custom users
+
+{{eck}} provides functionality to facilitate custom user creation through various authentication realms. You can create users using the native realm, file realm, or external authentication methods.
+
+### File realm
+
+ECK supports creating users through Kubernetes secrets referenced in the {{es}} resource. These secrets can contain either file realm content or standard authentication credentials with a username and password.
+
+For more information, refer to [File-based user authentication > Add users](/deploy-manage/users-roles/cluster-or-deployment-auth/file-based.md#add-users), and check the ECK examples.
+
+### Native realm
+
+You can create custom users in the {{es}} native realm using {{es}} user management APIs or {{kib}}.
+
+Refer to [Native user authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/native.md) for more details.
+
+### External authentication realms
+
+You can also configure external authentication realms such as LDAP, OpenID Connect, or SAML in your ECK deployments by providing the appropriate {{es}} or {{kib}} configuration settings and any required [certificates or configuration files](/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md).
+
+For more information, refer to [External authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/external-authentication.md).
+
+## Creating custom roles
+
+ECK facilitates file-based role management through Kubernetes secrets containing the roles specification. Alternatively, you can use the Role management API or the Role management UI in {{kib}}.
+
+Refer to [Managing custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#managing-custom-roles) for details and ECK based examples.
