docs: Restructure and deduplicate security docs #18594
Conversation
botelastic
bot
added
the
needs_team
|
I have no idea which team label to apply to this. I guess APM, as that was the initial motivation for these changes, but these changes impact all Beats. |
botelastic
bot
removed
the
needs_team
libbeat/docs/https.asciidoc
Outdated
| ifndef::apm-server[] | ||
| [role="xpack"] | ||
| [float] | ||
| [[securing-communication-kibana]] | ||
| === Secure communication with the Kibana endpoint | ||
|
|
||
| If you've configured the <<setup-kibana-endpoint,{kib} endpoint>>, | ||
| you can also specify credentials for authenticating with {kib} under `kibana.setup`. | ||
| If no credentials are specified, Kibana will use the configured authentication method | ||
| in the Elasticsearch output. | ||
|
|
||
| For example, specify a unique username and password to connect to Kibana like this: | ||
|
|
||
| -- | ||
| ["source","yaml",subs="attributes,callouts"] | ||
| ---- | ||
| setup.kibana: | ||
| host: "mykibanahost:5601" | ||
| username: "{beat_default_index_prefix}_kib_setup" <1> | ||
| password: "{pwd}" <2> | ||
| ---- | ||
| <1> This user needs privileges required to set up dashboards. To create a user like this, | ||
| see <<privileges-to-setup-beats>>. | ||
| <2> This example shows a hard-coded password, but you should store sensitive | ||
| values | ||
| ifndef::serverless[] | ||
| in the <<keystore,secrets keystore>>. | ||
| endif::[] | ||
| ifdef::serverless[] | ||
| in environment variables. | ||
| endif::[] | ||
| endif::apm-server[] | ||
| -- |
There was a problem hiding this comment.
Should this content move to its own top-level heading/page? The TOC would then include:
- Secure communication with Elasticsearch
- Secure communication with Kibana
- Secure communication with Logstash
Alternatively, we could group these under a new header, like this:
- Secure communication with the Elastic Stack
- Elasticsearch
- Kibana
- Logstash
There was a problem hiding this comment.
I do like the idea of grouping the content under a new heading, "Secure communication with the Elastic Stack".
💚 Build Succeeded
Expand to view the summary
Build stats
|
|
|
||
| [[privileges-to-setup-beats]] | ||
| ==== Grant privileges and roles needed for setup | ||
| === Grant privileges and roles needed for setup |
There was a problem hiding this comment.
If it's alright, I'll probably move each role into its own file in libbeat/docs/security/.
|
|
|
Ready for review again. Broken links have been fixed in elastic/elasticsearch#56875. |
|
@elasticmachine, run elasticsearch-ci/docs |
There was a problem hiding this comment.
Looks good! As a newbie to Elastic, I found the content clear and concise to follow. As it's still early days for me, I feel @dedemorton would be in a better position to make a judgement call on the overall restructuring.
There was a problem hiding this comment.
Thanks so much for taking this on! I like what you've done with the reorg. I had a couple of minor comments, but otherwise looks good! TBH it's been awhile since I've gone through the security setup myself. Let's make sure at least one developer from the beats team reviews this.
💚 Build Succeeded
Expand to view the summary
Build stats
|
What does this PR do?
This PR restructures the security documentation in a few different ways:
Before and after:
What doesn't this PR do?
This PR does not touch the Secure communication with Logstash or the Use Linux Secure Computing Mode (seccomp) files.
Related issues
elastic/apm-server#3596.
HTML preview
http://beats_18594.docs-preview.app.elstc.co/diff
Redirects
The following pages have been removed and will need redirects:
/beats-tls.html/securing-beats.html/beats-basic-auth.html