Hi,
I wanted to setup Stack Monitoring as described here: Stack Monitoring | Elastic Cloud on Kubernetes [2.3] | Elastic
I've provided my own certificate to the elasticsearch cluster which didn't contain a SAN entry for "elasticsearch-es-http.elastic.svc". Therefore the connections from the metric/filebeat to elasticsearch is failing with the following error message:
{"log.level":"error","@timestamp":"2022-07-28T13:26:36.239Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(https://elasticsearch-es-http.elastic.svc:9200)): Get \"https://elasticsearch-es-http.elastic.svc:9200\": x509: certificate is valid for REDACTED, REDACTED, not elasticsearch-es-http.elastic.svc","service.name":"metricbeat","ecs.version":"1.6.0"}
Config looks like:
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elasticsearch
namespace: elastic
spec:
version: 8.3.2
[...]
monitoring:
metrics:
elasticsearchRefs:
- name: elasticsearch
logs:
elasticsearchRefs:
- name: elasticsearch
[...]
http:
tls:
certificate:
secretName: elasticsearch-certificate
Is there any possibility to disable the certificate validation for metric/filebeat or change to ssl.verification_mode: certificate
?
Thanks!