ECE docs: update access-kibana.md

[alstolten]

This PR fixes a documentation bug that tell ECE users that they can use 9243 or 443 ports interchangeably when accessing Kibana. That's true for ECH but not for ECE. On ECE the port will depend on the customer load balancer configuration, and ECE proxies only support 9243.

Preview:

• Access Kibana

[eedugon]

Suggesting a different statement pointing ECE users to the details of from where the URL comes from.

[eedugon]

@shainaraskas : I'd like to get your thoughts of the new wording suggestion for this PR.

ECE docs included by mistake a suggestion for users to use either 9243 or 443 ports interchangeably when accessing Kibana URL. That's ok in ECH, but has never been ok in ECE, as on ECE that depends on the external load balancers configuration.

I'm not sure if my suggestion looks good enough or if you would prefer to show this in a different way.

The URL comes form the ECE "Endpoint URL" configuration, which the ECE admin needs to configure, and this URL must be aligned with their traffic and solution design, usually pointing to their external Load Balancer to whatever port they like (that's irrelevant for us).

Of course if a customer configures their load balancer listening in both 9243 and 443, then the original statement would be valid (the client could use either 9243 or 443 when accessing Kibana), but ECE proxies themselves only listen in port 9243.

Maybe we should explain this better in the load balancer or endpoint URL pages more than in this page.

[eedugon]

If we want to keep the original message around SSO (which maybe there's no need) we could also consider:

Proposal

The URL provided to access {{kib}} is based on the endpoint URL configured in the ECE Settings UI. This URL should resolve either to your external load balancer, or directly to the ECE proxies.

If your load balancer is configured to accept traffic on both ports 9243 and 443, you can use either port when connecting to {{kib}}. However, SSO will only work with the port provided by the UI. Direct connections to ECE proxies must use port 9243, as ECE proxies only listen on this port for deployments traffic.

[shainaraskas]

@eedugon I think the edit is good - the SSO info should be kept, I think, just in case.

what does "deployments traffic" mean? Does it mean "traffic directly to deployments"?

Finally, we have a rendering error in the version currently in this branch. looks like it needs a little more indentation.

[eedugon]

deployments traffic = Elasticsearch and Kibana traffic, as opposite of ECE admin UI / API traffic --> Probably better to keep {{es}} and {{kib}} traffic, as it's clearer.

traffic sent directly to deployments is a concept not feasible on ECE, everything goes through the proxies.

[eedugon]

@shainaraskas : I've updated a bit the sentence and fixed the indentation issue, let me know your thoughts.

I've kept the SSO message, linking to the page where we describe the ECE SSO feature, and I've called it built-in SSO, but maybe you prefer a different name :)

[shainaraskas]

lgtm

[eedugon]

Backport PR created in cloud docs for 3.x: https://github.com/elastic/cloud/pull/141781

[eedugon]

New backport PR is https://github.com/elastic/cloud/pull/141836