Skip to content

added sections and references in credentials handling in ECK #2366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Aug 8, 2025
Merged

added sections and references in credentials handling in ECK #2366

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
a572aa8
added sections and references in credentials handling in ECK
eedugon Aug 1, 2025
9b7bb06
Update deploy-manage/users-roles/cluster-or-deployment-auth/managed-c…
eedugon Aug 2, 2025
9527680
updated eck creds
eedugon Aug 8, 2025
3e57e51
Merge remote-tracking branch 'origin/main' into eck_users_roles_redirect
eedugon Aug 8, 2025
e37eaf8
added link to ECK users and roles from configure deployments landing …
eedugon Aug 8, 2025
bd8595c
applying Michael's suggestions
eedugon Aug 8, 2025
20c8bf6
Merge branch 'main' into eck_users_roles_redirect
eedugon Aug 8, 2025
215c423
applying Michael's suggestions
eedugon Aug 8, 2025
6ce89d7
Merge branch 'main' into eck_users_roles_redirect
eedugon Aug 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions deploy-manage/deploy/cloud-on-k8s/configure-deployments.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ This section provides details around {{kib}} and {{es}} configuration when runni

Additionally, the following topics apply to both {{es}} and {{kib}}, and in some cases, to other applications supported by ECK:

* [**Users and roles**](/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md): Learn how to work with managed credentials, create custom users, and configure authentication realms.

* [**Access services**](accessing-services.md): Learn how to access to the orchestrated clusters and how to adapt the Kubernetes services to your needs.

* [**Customize Pods**](customize-pods.md): Learn how to adapt the `podTemplate` field to your needs.
Expand Down
28 changes: 28 additions & 0 deletions deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,3 +72,31 @@ kubectl delete secret -l eck.k8s.elastic.co/credentials=true
::::{warning}
This command regenerates auto-generated credentials of **all** {{stack}} applications in the namespace.
::::

## Creating custom users

{{eck}} provides functionality to facilitate custom user creation through various authentication realms. You can create users using the native realm, file realm, or external authentication methods.

### Native realm

You can create custom users in the {{es}} native realm using {{es}} user management APIs or {{kib}}.

Refer to [Native user authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/native.md) for more details.

### File realm
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the same reasons I would move this one before Native realm.


Custom users can also be created by providing the desired file realm content or a username and password in Kubernetes secrets, referenced in the {{es}} resource.

For more information, refer to [File-based user authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/file-based.md).

### External authentication realms

You can also configure external authentication realms such as LDAP, OpenID Connect, or SAML in your ECK deployments by providing the appropriate {{es}} or {{kib}} configuration settings and any required [certificates or configuration files](/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md).

For more information, refer to [External authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/external-authentication.md).

## Creating custom roles

Roles can be specified using the Role management API, or the Role management UI in {{kib}}. Additionally, file-based role management can be achieved by referencing Kubernetes secrets containing the roles specification.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I would mention the Kubernetes Secrets first. The reason is that being able to create users and roles in a declarative way is more aligned with how resources are managed in Kubernetes. I feel like manually interacting with a web ui is the last thing you want to do when you setup something in K8s (maybe I'm biased by all these years spent on Kubernetes 😄 ).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect, makes sense! I'll rephrase that a bit :)

I just took the same approach as in the original doc, but it's true that the original doc then provided all examples with secrets after the initial sentence.


Refer to [Managing custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#managing-custom-roles) for details and examples.
Loading