Hi there,
This is such a strange issue I am not sure if it is a defect or something that I am doing wrong. I will say in my defence that I see it when I just use the quickstart guide also.
Versions:
- IBM Kubernetes Service version 1.25.4
- ECK Operator version 2.5.0
- Elasticsearch version 8.5.3
Steps to reproduce:
-
Install the operator with the helm charts using all default values.
helm install elastic-operator elastic/eck-operator -n elastic-system --create-namespace
-
Install the quickstart guide elasticsearch cluster in the
elastic-stack
namespace. I have modified the quickstart guide to workaround an open issue which an ES engineer is helping me investigate.
cat <<EOF | kubectl apply -f -
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: quickstart
spec:
version: 8.5.3
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
podTemplate:
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
runAsGroup: 0
initContainers:
- name: elastic-internal-init-filesystem
securityContext:
runAsUser: 0
runAsGroup: 0
EOF
- Wait for the
quickstart-es-default-0
to be ready and running for about 5 minutes. - Check the logs of
quickstart-es-default-0
.kubectl logs -f quickstart-es-default-0
:
{"@timestamp":"2022-12-13T11:30:02.444Z", "log.level": "INFO", "message":"successfully downloaded geoip database [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][generic][T#13]","log.logger":"org.elasticsearch.ingest.geoip.GeoIpDownloader","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:02.993Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][generic][T#20]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:30.070Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:50708}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#6]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:30.081Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:50718}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#7]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:31.072Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:50918}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#9]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:31.076Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:50922}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#10]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:32.044Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:51074}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#11]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:32.062Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:51080}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#12]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:33.064Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:51248}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#13]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:33.069Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:51264}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#14]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:34.069Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:51418}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#15]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:34.080Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:51422}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#16]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:35.050Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:51568}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#17]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
{"@timestamp":"2022-12-13T11:30:35.060Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:51572}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#18]","log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport","elasticsearch.cluster.uuid":"QoPjTRQ4QZyHTKUrSkXcLA","elasticsearch.node.id":"9R1-dv3WRB-8fDYgqGFUOg","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
Expected behaviour:
- I don't expect to see the http messages. There is no Kibana or any other services connecting to ES at this point, the service is not exposed outside the cluster.
I am not sure how to debug this issue any further. It looks like the erroneous connections are originating from within the ES pod itself? Remote Address is always 127.0.0.1 but with a different port.
Any help would be greatly appreciated - Is it possible to set the log level for org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport
to ERROR
while I debug this? It is killing my logs.