Adding elasticsearch-keystore with docker/kubernetes

Elastic Stack Elasticsearch
1

Hi,

I'm following below documents to make a test ELK cluster integrate with key cloak and I'm at the step to add client secret in the elasticsearch keystore.

https://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-docker.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.x/oidc-guide-authentication.html#oidc-enable-token

But to add this secret i need to have my cluster up and running which is failing due to below exception

"Caused by: org.elasticsearch.common.settings.SettingsException: The configuration setting [xpack.security.authc.realms.oidc.oidc1.rp.client_secret] is required",
"at org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealm.buildRelyingPartyConfiguration(OpenIdConnectRealm.java:251) ~[?:?]",
"at org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealm.<init>(OpenIdConnectRealm.java:104) ~[?:?]",
"at org.elasticsearch.xpack.security.authc.InternalRealms.lambda$getFactories$7(InternalRealms.java:119) ~[?:?]",
"at org.elasticsearch.xpack.security.authc.Realms.initRealms(Realms.java:216) ~[?:?]",
"at org.elasticsearch.xpack.security.authc.Realms.<init>(Realms.java:71) ~[?:?]",
"at org.elasticsearch.xpack.security.Security.createComponents(Security.java:442) ~[?:?]",
"at org.elasticsearch.xpack.security.Security.createComponents(Security.java:388) ~[?:?]",
"at org.elasticsearch.node.Node.lambda$new$9(Node.java:457) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:271) ~[?:?]",
"at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]",
"at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]",
"at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]",
"at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]",
"at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]",
"at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]",
"at org.elasticsearch.node.Node.<init>(Node.java:460) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.node.Node.<init>(Node.java:258) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.3.2.jar:7.3.2]",
"... 6 more"] }

I tried following to set the keystore:

  1. Adding command in the docker compose file
    command: >
    bash -c '
    echo "client secret" | elasticsearch-keystore add xpack.security.authc.realms.oidc.keycloak.rp.client_secret -xsf
    '
    Container is not coming up and no logs as well.

  2. Setting the ketstore using Dockerfile to create my own image but even that is not working.

Would really appreciate if you can provide the recommended approach to set keystore in docker/kuberntes env.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.