Skip to content
2 changes: 2 additions & 0 deletions deploy-manage/deploy/cloud-on-k8s/configure-deployments.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ This section provides details around {{kib}} and {{es}} configuration when runni

Additionally, the following topics apply to both {{es}} and {{kib}}, and in some cases, to other applications supported by ECK:

* [**Users and roles**](/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md): Learn how to work with managed credentials, create custom users, and configure authentication realms.

* [**Access services**](accessing-services.md): Learn how to access to the orchestrated clusters and how to adapt the Kubernetes services to your needs.

* [**Customize Pods**](customize-pods.md): Learn how to adapt the `podTemplate` field to your needs.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,13 @@ kubectl get secret quickstart-es-elastic-user -o go-template='{{.data.elastic |

If your prefer to manage all users via SSO, for example using [SAML Authentication](../../../deploy-manage/users-roles/cluster-or-deployment-auth/saml.md) or OpenID Connect, you can disable the default `elastic` superuser by setting the `auth.disableElasticUser` field in the {{es}} resource to `true`:

```yaml
```yaml subs=true
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elasticsearch-sample
spec:
version: 8.16.1
version: {{version.stack}}
auth:
disableElasticUser: true
nodeSets:
Expand Down Expand Up @@ -72,3 +72,31 @@ kubectl delete secret -l eck.k8s.elastic.co/credentials=true
::::{warning}
This command regenerates auto-generated credentials of **all** {{stack}} applications in the namespace.
::::

## Creating custom users

{{eck}} provides functionality to facilitate custom user creation through various authentication realms. You can create users using the native realm, file realm, or external authentication methods.

### File realm

ECK supports creating users through Kubernetes secrets referenced in the {{es}} resource. These secrets can contain either file realm content or standard authentication credentials with a username and password.

For more information, refer to [File-based user authentication > Add users](/deploy-manage/users-roles/cluster-or-deployment-auth/file-based.md#add-users), and check the ECK examples.

### Native realm

You can create custom users in the {{es}} native realm using {{es}} user management APIs or {{kib}}.

Refer to [Native user authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/native.md) for more details.

### External authentication realms

You can also configure external authentication realms such as LDAP, OpenID Connect, or SAML in your ECK deployments by providing the appropriate {{es}} or {{kib}} configuration settings and any required [certificates or configuration files](/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md).

For more information, refer to [External authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/external-authentication.md).

## Creating custom roles

ECK facilitates file-based role management through Kubernetes secrets containing the roles specification. Alternatively, you can use the Role management API or the Role management UI in {{kib}}.

Refer to [Managing custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#managing-custom-roles) for details and ECK based examples.
Loading