Hi,
I have set up a self-managed 3-node Elasticsearch cluster on Kubernetes using instructions here. I haven't yet added any extra bells and whistles, but pretty much used the YAML in the link.
I am able to cURL for various endpoints such as /_cluster/health using username and password, but now with an API key I generated.
I generated the API key as follows:
POST /_security/api_key
{
"name": "my-api-key",
"expiration": "365d",
"role_descriptors": {
"role-b": {
"cluster": ["all"],
"index": [
{
"names": ["*"],
"privileges": ["all"]
}
]
}
}
}
I then generated the credentials using
CREDENTIALS=$(echo "${API_ID}:${API_KEY}" | base64)
I then used the credentials to query for cluster health as follows (please note I'm using -k flag):
curl -H "Authorization: ApiKey $CREDENTIALS" -k https://${CLUSTER_IP}:${CLUSTER_PORT}/_cluster/health
I get the following error:
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/_cluster/health]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/_cluster/health]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}
Please note that if I use -u $USERNAME:$PASSWORD option for authorization, it does work.
I think this has to do with xpack security and certificates, etc.
Can somebody please opine?
Thanks!