[Monitoring] Deprecate `xpack.monitoring.elasticsearch.*` settings in favor of CCS

[chrisronline]

We are considering deprecating the following settings from Kibana:

xpack.monitoring.elasticsearch.hosts
xpack.monitoring.elasticsearch.username
xpack.monitoring.elasticsearch.password
xpack.monitoring.elasticsearch.pingTimeout

By deprecating this, we are going to stop creating and using a persistent connection to a dedicated monitoring cluster. This should greatly simply the security model necessary to support a dedicated monitoring cluster (like needing the same user/roles to exist on both), as well as make it easier for monitoring to integrate with future apis (new platform, alerting).

To replace this functionality, we are going to require (and build supporting UIs/links to the management UI) users to create a remote cluster connection to the dedicated monitoring cluster. The monitoring UI code is already designed to perform (and does perform) CCS queries.

This does mean that all monitoring queries will route through the production cluster, which is a change in how it works today. We don't think this will be an issue for most users, but if it is, the alternative is to spin up a dedicated Kibana instance for the dedicated monitoring cluster (which we recommend in our docs).

Questions

• As a way to optimize queries, perhaps we can require a specific name for the remote cluster, and we can add a new config that would change all monitoring UI ccs queries to only query against that remote cluster (instead of *)

TODO

• [ ] Ensure/update kibana monitoring UI code to perform CCS queries for every page
• [ ] Discuss with cloud how this might work there
• [x] Test how this will work with security on the prod cluster and no security on the monitoring cluster (which I think we support now) This works fine

[elasticmachine]

Pinging @elastic/stack-monitoring (Team:Monitoring)

[cachedout]

Adding myself as an owner to ensure I keep tabs on this. :)

[cachedout]

@chrisronline I don't see it called out anywhere specifically in here, but my recollection of this proposal was that it was strictly post-8.0. Is that your recollection as well? I want to be clear on that before I ping some of the cloud folks to get first impressions.

[Kushmaro]

I've referenced a ticket of a customer request, who wishes to be able to see both metrics & logs remotely from a monitored cluster (rather on the centralized monitoring cluster itself) just an FYI

[chrisronline]

Yes, that's right. We would mark these settings as deprecated in the 7.x lifecycle, with the message that these will be removed in 8.0 (then obviously remove them in 8.0)

[mshustov]

@chrisronline does this mean that monitoring won't use elasticsearch config anymore?

[chrisronline]

@restrry It's still in discussion, but if so, we'd remove the monitoring.ui.elasticsearch config. However, we are adding new configs that will not be deprecated by this decision