Enterprise Search (App Search) - doesn't expose with custom 443 port in Kubernetes

Hi guys! Spent 2 days digging and trying to debug things, but now I'm stuck.

I deployed Kibana, ES, and App Search (Enterprise Search) to my Kubernetes cluster via this guide

Everything works great within the cluster with default configs.

Making a step further I exposed my Kibana to the world using Ingress and DNS:

  • Kibana Pod (port 5601) -> Kibana Service (5601:5601) -> Ingress (https://kibana.MYSITE.com on default 80 or 443)
    And it works GREAT.

Next thing I want to do is expose my App Search (Enterprise Search) the same way.
So I changed the config to serve App Search on port 443.

    cat <<EOF | kubectl apply -f -
    apiVersion: enterprisesearch.k8s.elastic.co/v1
    kind: EnterpriseSearch
    metadata:
      name: enterprise-search-quickstart
    spec:
      version: 7.12.1
      count: 1
      elasticsearchRef:
        name: quickstart
      config:
        ent_search.listen_port: 443
        ent_search.external_url: https://appsearch.MYSITE.com:443
        ent_search.ssl.redirect_http_from_port: 80
    EOF

...but for some reason this setup doesn't work.
As I can see, Service which is created is still serving on port 3002 (default port of App Search).
From the Pod logs I can see that the server starts.
I also tried adding ent_search.ssl.enabled: false config, but still no luck.

Feeling kinda desperate trying to make this thing work :disappointed_relieved:
What I'm trying to reach is that App Search (Enterprise Search) is both available inside the cluster via cluster.local DNS and via Ingress+DNS to external clients.
Please, help

Found the solution for dev now:

cat <<EOF | kubectl apply -f -
apiVersion: enterprisesearch.k8s.elastic.co/v1
kind: EnterpriseSearch
metadata:
  name: enterprise-search-quickstart
spec:
  version: 7.12.1
  count: 1
  elasticsearchRef:
    name: quickstart
  http:
    tls:
      selfSignedCertificate:
        disabled: true       
  config:
    ent_search.external_url: https://appsearch.MYSITE.com
    ent_search.ssl.redirect_http_from_port: 80
EOF

So probably the solution for production is in the realm of having your own SSL certificate in config. :thinking:

Hey @111476,

Just wanted to confirm you've seen this documentation for configuring SSL/TLS in Enterprise Search (not specific to K8s): Configure SSL/TLS | Elastic Enterprise Search Documentation [master] | Elastic.

Ross