Is there an option to have login/password connectivity(tls is optional) to elasticsearch and authentication enabled on kibana without xpack installation?
Do you have any concern using the default distribution of elasticsearch which contains the basic license with this security feature you are looking for?
I use the following chart https://hub.helm.sh/charts/elastic/elasticsearch and tried to use the image:
docker.elastic.co/elasticsearch/elasticsearch:7.3.0
but xpack isn't enabled by default there and if I enable xpack, I have an issue described Elasticsearch with xpack.security.enabled throws Cluster is not yet ready
Can you please suggest which elasticsearch versions include xpack for basic license?
Here is how I'm setting that with docker compose ( docker-compose.yml
):
---
version: '3'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:$ELASTIC_VERSION
environment:
- bootstrap.memory_lock=true
- discovery.type=single-node
- cluster.name=elasticsearch
- "ES_JAVA_OPTS=-Xms2g -Xmx2g"
- cluster.routing.allocation.disk.threshold_enabled=false
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- xpack.security.enabled=$ELASTIC_SECURITY
ulimits:
memlock:
soft: -1
hard: -1
ports:
- 9200:9200
- 9300:9300
networks: ['stack']
kibana:
image: docker.elastic.co/kibana/kibana:$ELASTIC_VERSION
environment:
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=$ELASTIC_PASSWORD
ports: ['5601:5601']
networks: ['stack']
links: ['elasticsearch']
depends_on: ['elasticsearch']
networks:
stack: {}
.env
file is:
ELASTIC_VERSION=7.2.0
ELASTIC_SECURITY=true
ELASTIC_PASSWORD=changeme
It has security enabled.
I used only these parameters in different section of helm chart with version 7.2.0:
- name: ELASTIC_PASSWORD value: changeme - name: xpack.security.enabled value: "true"
Now I have an error:
Readiness probe failed: Waiting for elasticsearch cluster to become cluster to be ready (request params: "wait_for_status=green&timeout=5s" )
Cluster is not yet ready (request params: "wait_for_status=green&timeout=5s" )
Even with this setting:
replicas: 1
minimumMasterNodes: 1
and
antiAffinity: "soft"
The fun thin is that I the problem is only with pods starting, when I do curl I receive response.
Do you have any idea how to get a cluster ready?
curl -u "elastic:changeme" -k "http://localhost:9200"
It seems adding - ELASTICSEARCH_USERNAME=elastic
into elasticsearch env var helped
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.