[Doc] Document (in one place) which secure settings are reloadable

[jakommo]

It's possible to reload some secure settings via POST _nodes/reload_secure_settings.
The docs currently say:

This API will decrypt and re-read the entire keystore, on every cluster node, but only the reloadable secure settings will be applied.

But it's not clear which settings are reloadable and which not.
As far as I can see it's only the ones that are explicitly marked as reloadable:
I.e. the s3 repository plugin docs indicate that all it's secure settings are reloadable.

But it would be nice to have a single overview page that lists all secure settings that are currently reloadable across Elasticsearch and it's Elastic owned plugins.

[elasticmachine]

Pinging @elastic/es-core-infra

[lcawl]

Related to #46102

[jrodewig]

[docs issue triage]

Leaving open. This is still relevant.

[ppf2]

+1.

https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-settings.html#reloadable-secure-settings

Re-reading settings requires a node restart. However, certain secure settings are marked as reloadable.

Where? 😄

This above suggests that the user can look at one of the settings page (e.g., https://www.elastic.co/guide/en/elasticsearch/reference/7.8/notification-settings.html) and be able to find settings that are marked "reloadable".

For example, #31746 indicates that Watcher secure settings are reloadable but no settings on the Watcher settings page are marked as reloadable.

[lcawl]

Sorry @ppf2 , I accidentally edited your comment!

Where? 😄

I think the idea was that the page you linked (https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-settings.html#reloadable-secure-settings) would list the groupings for which there are reloadable settings. For example:

... There are reloadable secure settings for:

• The Azure repository plugin
• The EC2 discovery plugin
• The GCS repository plugin
• The S3 repository plugin
• Monitoring settings

You can search within those pages (e.g. https://www.elastic.co/guide/en/elasticsearch/reference/current/monitoring-settings.html) to see that there are settings identified as "reloadable".

I think the problem occurs when there are reloadable settings that aren't added to that list and/or aren't identified properly as being reloadable. I think for now we need to fix the documentation for those settings on a case-by-case basis.

[jrodewig]

Closing this as complete with #64998.

We currently link to features and plugins with reloadable secure settings here:
https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-settings.html#reloadable-secure-settings

On those linked pages, we indicate which secure settings are reloadable:

Going forward, we should address any reloadable secure setting missing this indicator on a case-by-case basis.