Elasticsearch security with a multiple Helm charts cluster

ebuildy · March 23, 2021, 11:08am

We are running elasticsearch on kubernetes, via official elastic Helm chart. As per elastic recommandation, we run 3 Helm releases with dedicated role:

master
data
client

Usually, I deploy master release first, then data, end client.

Now we have a gold licence, so to apply it I must setup security: TLS communication and authentication.

TLS seems fine (I use an initContainer to create cert for each container).

Now, I am trying to deploy the master release (only master nodes), but I got this error:

UnavailableShardsException: at least one primary shard for the index [.security-7] is unavailable

I guess ES need data nodes to store this data, so it cannot start master nodes, which is required to start data nodes !

What should be the process here?

ebuildy · March 23, 2021, 1:24pm

The only solution I have found , is to declare an anonymous user:

      xpack.security.authc:
        anonymous:
          username: anonymous 
          roles: superuser
          authz_exception: true

I will configure user later, once all nodes are up and ready.

system · April 20, 2021, 1:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.