Elasticsearch security with a multiple Helm charts cluster

ebuildy · March 23, 2021, 11:08am

We are running elasticsearch on kubernetes, via official elastic Helm chart. As per elastic recommandation, we run 3 Helm releases with dedicated role:

master
data
client

Usually, I deploy master release first, then data, end client.

Now we have a gold licence, so to apply it I must setup security: TLS communication and authentication.

TLS seems fine (I use an initContainer to create cert for each container).

Now, I am trying to deploy the master release (only master nodes), but I got this error:

UnavailableShardsException: at least one primary shard for the index [.security-7] is unavailable

I guess ES need data nodes to store this data, so it cannot start master nodes, which is required to start data nodes !

What should be the process here?

ebuildy · March 23, 2021, 1:24pm

The only solution I have found , is to declare an anonymous user:

      xpack.security.authc:
        anonymous:
          username: anonymous 
          roles: superuser
          authz_exception: true

I will configure user later, once all nodes are up and ready.

system · April 20, 2021, 1:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic search with XPack on Azure K8S Elasticsearch elastic-stack-security , docker	6	849	December 25, 2019
Can't get nodes communicate to each other via TLS-secured transport Elasticsearch	2	426	January 10, 2022
How to install Elasticsearch on Kubernetes using Helm (3 nodes) and production SSL certificates Elasticsearch elastic-stack-security	2	794	January 14, 2022
Install only one elasticsearch master with helm? Elasticsearch	14	16738	March 19, 2019
Unable to start elasticsearch 7.8 container with a password Elasticsearch elastic-stack-security	3	1336	September 14, 2020

Elasticsearch security with a multiple Helm charts cluster

Related topics