Hello. I have Elastic stack deployed on Kubernetes via up-to-date elastic Helm charts from here. Everything is running smoothly. Among other things, Metricbeat is sending data to Elasticsearch. I have trial license activated. Now I'd like to make Metricbeat authenticate to ES via mTLS as I have done with Logstash where it works fine.
However, ECK doesn't seem to create a key and certificate for this beat, but it created CA for it. I understand that this is due to MB not listening for any incoming connections, so I'm trying to set up a service to make ECK create a key and certificate.
I understand that the http directive is supposed to handle this, but I used it to no avail. I have it set to
http:
service:
metadata:
name: mb
spec:
ports:
- name: mb
port: 5066
protocol: TCP
targetPort: 5066
tls:
certificate: {}
with no extra indentation but no service gets created. When I see the settings as the beat got deployed in k8s (kubectl get beat my-beat -o yaml), this section isn't even there.
This is surely some minor mistake on my part but I just can't find it. Could someone please help?
Thank you.