Hi all
Our Elasticsearch environment is deployed on our kubernetes platform using the official helm chart.
We only have 2 elasticsearch pods. We are using xpack.security.enabled: true and setup the password for elastic build-in account by creating a kubernetes secret and using extraEnvs for the chart.
extraEnvs:
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
- name: ELASTIC_USERNAME
valueFrom:
secretKeyRef:
name: elastic-credentials
key: username
We have a requirement to change the password every 3 months for users that is able to login on kibana this includes the elastic built-in account. Upon trying to change the elastic built-in account am getting this error and my cluster stop.
{"type": "server", "timestamp": "2021-06-17T08:47:32,208Z", "level": "INFO", "component": "o.e.x.s.a.AuthenticationService", "cluster.name": "elastic", "node.name": "elastic-master-0", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "cluster.uuid": "02_vnO8NQs2sXEawOdE6mQ", "node.id": "-wQ_uf-VR52tzq_UyXR-Og" }
{"type": "server", "timestamp": "2021-06-17T08:47:42,195Z", "level": "INFO", "component": "o.e.x.s.a.AuthenticationService", "cluster.name": "elastic", "node.name": "elastic-master-0", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "cluster.uuid": "02_vnO8NQs2sXEawOdE6mQ", "node.id": "-wQ_uf-VR52tzq_UyXR-Og" }
{"type": "server", "timestamp": "2021-06-17T08:47:44,287Z", "level": "INFO", "component": "o.e.x.s.a.AuthenticationService", "cluster.name": "elastic", "node.name": "elastic-master-0", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "cluster.uuid": "02_vnO8NQs2sXEawOdE6mQ", "node.id": "-wQ_uf-VR52tzq_UyXR-Og" }
Does this mean in order to change the password for elastic built-in account I have to redeploy the cluster again? Creating a new kubernetes secrets and using that for the deployment of elastic.
Or is there a way for the elastic built in account not able to log-in to kibana but still able to talk to other nodes in elastic?