add remote cluster traffic filter info in remote-cluster connection page

[bobbybho]

This pull request updates the documentation for Elastic Cloud remote clusters to include a note about traffic filtering requirements when it is enabled. The note provides guidance for administrators on configuring a traffic filter for remote clusters.

Documentation updates for traffic filtering:

• deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md: Added a note explaining that when traffic filtering is enabled, the remote cluster administrator must configure a traffic filter of type remote cluster using the organization ID or Elasticsearch cluster ID. A link to detailed instructions is also provided.
• deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md: Added the same note about traffic filtering configuration as in the previous file, ensuring consistent guidance across documentation for remote clusters.
  https://elasticco.atlassian.net/browse/ECPTRAFFIC-546

[kunisen]

Thanks @bobbybho !! 🙏

---

Please allow me to add some notes about background:

• Internal slack link

Excerpt:

• TL;DR: CP team is helping us update this doc: https://www.elastic.co/docs/deploy-manage/remote-clusters/ec-remote-cluster-other-ess as it seems to be outdated.
• In detail,
  • It says to allow remote connection, we need to use either TLS certificate or API key auth.
  • But it says TLS certificate (deprecated in Elastic Stack 9.0.0) which indicates TLS cert can't be used for remote cluster connection in stack 9
  • It also says API key authentication can't be used in combination with traffic filters. which indicates API key is not an option.
  • Per sync with Bobby, he pointed out that we could follow this public doc (link) and in specific, this doc (link), the traffic filter for remote cluster

The above is an internal slack discussion. Should we have any further internal discussions, let's use another repo (https://github.com/elastic/docs-projects/issues/) as we synced earlier.

---

Thanks!

[eedugon]

thanks @bobbybho and @kunisen for the PR and background info.

@bobbybho , I'm totally ok with the change but I would include the note (or the text of the note) much closer to the beginning of the page, in the Allow the remote connection initial section.

It feels a bit hidden in the bottom, and it's not clear that the note is applicable only when TLS certificates is the method used for the remote cluster authentication and authorization.

Do you want us (me and @shainaraskas ) to take over and edit directly your PR?

PS - this is the preview of the PR:

https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/1478/deploy-manage/remote-clusters/ec-remote-cluster-same-ess

[bobbybho]

Do you want us (me and @shainaraskas ) to take over and edit directly your PR?

Thank you for reviewing this PR and sharing your feedback, @eedugon. Please feel free to make any additional changes directly in this PR, or alternatively, you can open a new PR if you prefer.

[shainaraskas]

@eedugon related? https://github.com/elastic/platform-docs-team/issues/642

[eedugon]

@shainaraskas , yes, the linked issue from Florent is clearly related, but I don't think we are solving it completely in this PR.

At the moment I have only moved upwards the note added by @bobbybho , as it was added at the bottom in the heading 3 section called Using the Elastic Cloud RESTful API and the note was not only related with that section (if i'm not mistaken), but generic for ECH and remote clusters configuration.

I've also added a line in the parent page when it talks about remote clusters and traffic filters to clarify that API key based authentication cannot be used in conjunction with traffic filters.

While reviewing all this I've detected other issues in the way we are presenting the docs for remote clusters in ECE and ECH (we have a lot of duplicated content without snippets and there are a lot of non clear areas, some of them related with traffic filters). I'd like to discuss that in private.

@bobbybho , @kunisen , let us know if you are ok with this change, and we will plan for extra improvements in other PRs.

btw, @kunisen , in your original analysis, when you said:

But it says TLS certificate (deprecated in Elastic Stack 9.0.0) which indicates TLS cert can't be used for remote cluster connection in stack 9

The conclusion (which indicates TLS cert can't be used) is not accurate. Deprecated means the feature will be removed in the next major, but TLS cert can be used for remote connection in stack 9 (we should clearly recommend API keys but TLS certs are still an option). Otherwise the feature would have been removed, not deprecated.

We definitely have an issue if we are deprecating a feature which is the only way to make remote clusters with traffic filters to work on ECH, but that's a different story.