Search-Guard Installatin in elasticsearch docker container

Hi,

I want to secure Kibana with search-guard in our kubernetes cluster, so that we can have different users in Kibana for different logs.

I am new to elasticsearch, kibana, search-guard and all of this, so forgive me my lacking knowledge.

My Question:

What would be the recommended approach to install Search-Guard into the efk stack?

As I understand the Search-Guard documentation right, I have to install the search-guard as plugin in elasticsearch and in kibana too kibana.

So I thought of using the official elasticsearch docker image from here: docker.elastic.co/elasticsearch/elasticsearch:6.2.4 from https://www.docker.elastic.co/#

Did anybody accomplish this before and can show me the right direction?

Although we do not have official Docker images (yet) you can refer to this project on GitHub:

It features an ELK stack including Search Guard based on the official ES Docker images.

···

On Friday, August 24, 2018 at 6:39:46 AM UTC-5, Andrej Friesen wrote:

Hi,

I want to secure Kibana with search-guard in our kubernetes cluster, so that we can have different users in Kibana for different logs.

I am new to elasticsearch, kibana, search-guard and all of this, so forgive me my lacking knowledge.

My Question:

What would be the recommended approach to install Search-Guard into the efk stack?

As I understand the Search-Guard documentation right, I have to install the search-guard as plugin in elasticsearch and in kibana too kibana.

So I thought of using the official elasticsearch docker image from here: docker.elastic.co/elasticsearch/elasticsearch:6.2.4 from https://www.docker.elastic.co/#

Did anybody accomplish this before and can show me the right direction?

Thanks, this helps a lot.
Have to learn, elasticsearch, kibana, searchguard and a logtool (fluentd or fluentbit) all together.

I want to use fluentbit or fluentd to transfer the logs to elasticsearch. Is this possible with searchguard? Only did see examples with logstash.

···

Am Freitag, 24. August 2018 22:46:54 UTC+2 schrieb Jochen Kressin:

Although we do not have official Docker images (yet) you can refer to this project on GitHub:

https://github.com/deviantony/docker-elk/tree/searchguard

It features an ELK stack including Search Guard based on the official ES Docker images.

On Friday, August 24, 2018 at 6:39:46 AM UTC-5, Andrej Friesen wrote:

Hi,

I want to secure Kibana with search-guard in our kubernetes cluster, so that we can have different users in Kibana for different logs.

I am new to elasticsearch, kibana, search-guard and all of this, so forgive me my lacking knowledge.

My Question:

What would be the recommended approach to install Search-Guard into the efk stack?

As I understand the Search-Guard documentation right, I have to install the search-guard as plugin in elasticsearch and in kibana too kibana.

So I thought of using the official elasticsearch docker image from here: docker.elastic.co/elasticsearch/elasticsearch:6.2.4 from https://www.docker.elastic.co/#

Did anybody accomplish this before and can show me the right direction?

As long as the tool you use can do HTTP Basic Authentication (or any other authentication schema that is supported by Search Guard) there should not be any problem.

Of course you need to configure a user that has the required permissions to execute the requests issued by this tool. So for example if you use fluentd and it would create an index names fluentd-MMDDYYYY this user needs to have permissions for this index.

···

On Tuesday, August 28, 2018 at 2:40:11 AM UTC-4, Andrej Friesen wrote:

Thanks, this helps a lot.
Have to learn, elasticsearch, kibana, searchguard and a logtool (fluentd or fluentbit) all together.

I want to use fluentbit or fluentd to transfer the logs to elasticsearch. Is this possible with searchguard? Only did see examples with logstash.

Am Freitag, 24. August 2018 22:46:54 UTC+2 schrieb Jochen Kressin:

Although we do not have official Docker images (yet) you can refer to this project on GitHub:

https://github.com/deviantony/docker-elk/tree/searchguard

It features an ELK stack including Search Guard based on the official ES Docker images.

On Friday, August 24, 2018 at 6:39:46 AM UTC-5, Andrej Friesen wrote:

Hi,

I want to secure Kibana with search-guard in our kubernetes cluster, so that we can have different users in Kibana for different logs.

I am new to elasticsearch, kibana, search-guard and all of this, so forgive me my lacking knowledge.

My Question:

What would be the recommended approach to install Search-Guard into the efk stack?

As I understand the Search-Guard documentation right, I have to install the search-guard as plugin in elasticsearch and in kibana too kibana.

So I thought of using the official elasticsearch docker image from here: docker.elastic.co/elasticsearch/elasticsearch:6.2.4 from https://www.docker.elastic.co/#

Did anybody accomplish this before and can show me the right direction?