Representation of User role. The name ElasticsearchRole (instead of plain Role)
was chosen to avoid clash with RBAC resources.
No special lifecycle is applied for User role - when the role is deleted from K8s, it is also deleted from ES.
Create and Update are done using the same PUT /_security/role/ API.
See Create or update roles API
in official documentation.
| Key | Type | Description |
|---|---|---|
metadata.name |
string | Name of the Snapshot Lifecycle Policy |
spec.targetInstance.name |
string | Name of the Elasticsearch Instance to which this ElasticsearchRole will be deployed to |
spec.body |
string | Role definition - same you would use when creating role using ES REST API |
apiVersion: es.eck.github.com/v1alpha1
kind: ElasticsearchRole
metadata:
name: elasticsearchrole-sample
spec:
targetInstance:
name: elasticsearch-quickstart
body: |
{
"cluster": ["all"],
"indices": [
{
"names": [ "index-sample"],
"privileges": ["all"]
}
],
"metadata" : {
"version" : 1
}
}