This issue contains my knowledge of SearchGuard configuration in image https://github.com/openshift/origin-aggregated-logging/tree/master/elasticsearch/sgconfig. Which is then used in https://github.com/openshift/elasticsearch-operator.
SearchGuard is configured in these files:
sg_action_groups.yml
- ES privileges https://www.elastic.co/guide/en/shield/2.2/privileges-list.html mapped into SG groups . Note that there are cluster and index privileges. These grous are then used insg_roles.yml
sg_roles.yml
- maps users with action groups - e.g.jaeger
canREAD
sg_roles_mapping.yml
- maps users/roles to authentication types
Curator will be authenticated via certificates: