Hi All
I have enabled Xpack security for Elasticsearch and Kibana which are hosted in IBM Cloud Kubernetes environment.
Please find elasticsearch values.yml file
clusterName: "elasticsearch"
nodeGroup: "master"
masterService: ""
roles:
master: "true"
ingest: "true"
data: "true"
replicas: 3
minimumMasterNodes: 2
esMajorVersion: ""
esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/http.p12
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/http.p12
extraEnvs:
- name: ELASTIC_USERNAME
value: "elastic" - name: ELASTIC_PASSWORD
value: "elastic"
secretMounts:
- name: elk-cert
secretName: elk-cert
path: /usr/share/elasticsearch/config/certs
defaultMode: 0755
Please find kibana values.yml file
elasticsearchHosts: "https://elasticsearch-master:9200"
replicas: 1
extraEnvs:
- name: ELASTICSEARCH_USERNAME
value: "elastic" - name: ELASTICSEARCH_PASSWORD
value: "elastic" - name: "NODE_OPTIONS"
value: "--max-old-space-size=1800"
kibanaConfig:
kibana.yml: |
server.ssl:
enabled: true
key: /usr/share/kibana/config/certs/kibana-server.key
certificate: /usr/share/kibana/config/certs/kibana-server.crt
elasticsearch.ssl:
certificateAuthorities: /usr/share/kibana/config/certs/elasticsearch-ca.pem
verificationMode: certificate
resources:
requests:
cpu: "1000m"
memory: "2Gi"
limits:
cpu: "1000m"
memory: "2Gi"
protocol: https
serverHost: "0.0.0.0"
healthCheckPath: "/api/status"
secretMounts:
- name: kibana-cert
secretName: kibana-cert
path: /usr/share/kibana/config/certs
Elasticsearch and Kibana pods are up and running.
[elasticsearch@elasticsearch-master-1 ~]$ curl --user elastic:elastic -k https://localhost:9200/_cluster/health?pretty
{
"cluster_name" : "elasticsearch",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 7,
"active_shards" : 14,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
curl --user elastic:elastic -k https://localhost:5601/api/status
{"name":"kibana-kibana-5f758cd74b-72f5s","uuid":"2ef99012-3fd6-4432-bbcd-609e6a263b7a","version":{"number":"7.9.3","build_hash":"289d92053be5ed25458b66db6c57148106bf9a5e","build_number":34038,"build_snapshot":false},"status":{"overall":{"state":"green","title":"Green","nickname":"Looking good","icon":"success","uiColor":"secondary","since":"2021-03-02T16:20:06.421Z"},"statuses":[{"id":"plugin:kibana@7.9.3","state":"green","icon":"success","message":"Ready","uiColor":"secondary","since":"2021-03-02T16:20:06.421Z"},{"id":"plugin:elasticsearch@7.9.3","state":"green","icon":"success","message":"Ready","uiColor":"secondary","since":"2021-03-02T16:20:06.430Z"},{"id":"plugin:xpack_main@7.9.3","state":"green","icon":"success","message":"Ready","uiColor":"secondary","since":"2021-03-02T16:20:06.433Z"},{"id":"plugin:monitoring@7.9.3","state":"green","icon":"success","message":"Ready","uiColor":"secondary","since":"2021-03-02T16:20:06.444Z"},{"id":"plugin:spaces@7.9.3","state":"green","icon":"success","message":"Ready","uiColor":"secondary","since":"2021-03-02T16:20:06.447Z"},{"id":"plugin:security@7.9.3","state":"green","icon":"success","message":"Ready","uiColor":"secondary","since":"2021-03-02T16:20:06.449Z"},{"id":"plugin:beats_management@7.9.3","state":"green","icon":"success","message":"Ready","uiColor":"secondary","since":"2021-03-02T16:20:06.452Z"},{"id":"plugin:apm_oss@7.9.3","state":"green","icon":"success","message":"Ready","uiColor":"secondary","since":"2021-03-02T16:20:06.526Z"},{"id":"plugin:console_legacy@7.9.3","state":"green","icon":"success","message":"Ready","uiColor":"secondary","since":"2021-03-02T16:20:06.532Z"}]},"metrics":{"last_updated":"2021-03-16T09:10:55.473Z","collection_interval_in_millis":5000,"process":{"memory":{"heap":{"total_in_bytes":468369408,"used_in_bytes":343811112,"size_limit":1953421074},"resident_set_size_in_bytes":554905600},"event_loop_delay":0.10432815551757812,"pid":7,"uptime_in_millis":1183937726},"os":{"load":{"1m":0.6181640625,"5m":0.46240234375,"15m":0.45703125},"memory":{"total_in_bytes":33703239680,"free_in_bytes":599408640,"used_in_bytes":33103831040},"uptime_in_millis":5466765000,"platform":"linux","platformRelease":"linux-4.15.0-128-generic","distro":"Centos","distroRelease":"Centos-7.8.2003","cgroup":{"cpuacct":{"control_group":"/","usage_nanos":16693993822510},"cpu":{"control_group":"/","cfs_period_micros":20000,"cfs_quota_micros":20000,"stat":{"number_of_elapsed_periods":4473840,"number_of_times_throttled":83433,"time_throttled_nanos":2874207172907}}}},"response_times":{"avg_in_millis":42,"max_in_millis":71},"requests":{"disconnects":0,"statusCodes":{},"total":2,"status_codes":{"200":1,"404":1}},"concurrent_connections":0}
curl --user elastic:elastic -k https://localhost:5601/app/kibana
data-error-message="Elastic did not load properly. Check the server output for more information.">Loading Elastic</div><div class="kbnProgress"></div></div></div><div class="kbnWelcomeView" id="kbn_legacy_browser_error" style="display:none"><svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32"><g fill="none"><path fill="#FDD009" d="M11.9338171,13.1522761 L19.2872353,16.5080972 L26.7065664,10.0005147 C26.8139592,9.46384495 26.866377,8.92859725 26.866377,8.36846422 C26.866377,3.78984954 23.1459864,0.0647302752 18.5719941,0.0647302752 C15.8357526,0.0647302752 13.2836129,1.41337248 11.7323847,3.67480826 L10.4983628,10.0839872 L11.9338171,13.1522761 Z"></path><path fill="#23BAB1" d="M4.32214501,20.9473399 C4.21475229,21.4841518 4.1596354,22.0410142 4.1596354,22.6044179 C4.1596354,27.1948353 7.89096419,30.9300509 12.4774572,30.9300509 C15.2361432,30.9300509 17.8007837,29.5687528 19.3495969,27.2841381 L20.5743853,20.8965739 L18.9399136,17.7698399 L11.5573744,14.401505 L4.32214501,20.9473399 Z"></path><path fill="#EE5097" d="M4.27553714,8.20847294 L9.31503995,9.3995555 L10.4190826,3.6639867 C9.73040545,3.1371289 8.88035513,2.84874358 8.00601361,2.84874358 C5.81596922,2.84874358 4.0348979,4.63252339 4.0348979,6.82484908 C4.0348979,7.30904633 4.11572655,7.77333532 4.27553714,8.20847294"></path><path fill="#17A7E0" d="M3.83806807,9.40996468 C1.58651435,10.1568087 0.0210807931,12.3172812 0.0210807931,14.6937583 C0.0210807931,17.0078087 1.45071086,19.0741436 3.5965765,19.8918041 L10.6668813,13.494428 L9.36879313,10.717795 L3.83806807,9.40996468 Z"></path><path fill="#92C73D" d="M20.6421734,27.2838537 C21.3334075,27.8156885 22.1793383,28.1057803 23.0428837,28.1057803 C25.232786,28.1057803 27.0138574,26.3228537 27.0138574,24.130528 C27.0138574,23.6470417 26.9331708,23.1827528 26.7732181,22.7477573 L21.7379769,21.5681931 L20.6421734,27.2838537 Z"></path><path fill="#0678A0" d="M21.6667227,20.2469532 L27.2099485,21.5446872 C29.4623545,20.7995495 31.0277881,18.6382239 31.0277881,16.2608936 C31.0277881,13.9511092 29.5947487,11.8871917 27.4447635,11.0719486 L20.1946185,17.4303615 L21.6667227,20.2469532 Z"></path></g></svg><h2 class="kbnWelcomeTitle">Please upgrade your browser</h2><div class="kbnWelcomeText">This Elastic installation has strict security requirements enabled that your current browser does not meet.</div></div><script>
Kibana pod is giving this error.
Please help me in fixing this issue.`