Hi - I'm trying to establish TLS communication between Kibana and ES clusters so that I could explore the Kibana alerting for anomaly detection in ML (since this is a pre-requisite for Kibana alerts).
Existing setup:
ESv7.13 on RHEL
Two ES clusters in non-prod - say, cluster A & B
All self signed certs generated from one of the nodes in Cluster A
One instance of Kibana (taslk to cluster A) for all developers - utilizing cross cluster indices
So far, tested the below on one of the nodes in cluster B:
- Generated self signed certs (elasticsearch-cert-util http) that created elasticsearch-ca.pem and http.p12
- Updated elasticsearch.yml with the below and added pwds to keystore/truststore:
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /path_to_cert/http.p12
- ES node restart worked fine
- Updated metricbeat output to reflect ssl params - it works fine
ssl:
certificate_authorities: ["<path_to_cer>/elasticsearch-ca.pem"]
verification_mode: "certificate"
- Updated logstash config to reflect ssl params - it works fine.
#ssl entries
ssl => true
cacert => "path_to_cer/elasticsearch-ca.pem"
ssl_certificate_verification => true
- Updates to Kibana - yet to be tested as I believe this can be done only after all nodes are updated?
Before I roll it out to rest of the nodes, and potentially running into any unforeseen issues - I would like to clarify a few things:
-
Can I enable tls for client communication on cluster B, independent of cluster A? Or should they both be updated at the same time for cross cluster indices to show up data from both clusters?
-
Any other way of testing this (apart from the one node testing on cluster B that I did) as these are heavily used by developers and I am trying to avoid any downtime.
Appreciate any help in this regard.
Thanks!