Enterprise Search Pods Fail to Create - Readiness Probe Fails

Hello,
I am having some issues deploying Enterprise Search into my K8's cluster.

I already have Elasticsearch & Kibana working via the crd & operator files:
https://download.elastic.co/downloads/eck/1.8.0/crds.yaml
https://download.elastic.co/downloads/eck/1.8.0/operator.yaml

Now I am trying to deploy Enterprise Search with the following template:

apiVersion: enterprisesearch.k8s.elastic.co/v1
kind: EnterpriseSearch
metadata:
  name: enterprise-search-example
spec:
  version: 7.15.1
  count: 1
  elasticsearchRef:
    # Name of Elastic Deployment
    name: elastic

I see this message when I deploy & the pods fail to start due to it:
"timestamp": "2021-11-01T22:18:57+00:00", "message": "readiness probe failed", "curl_rc": "7"

Would anyone have any suggestions?

To follow up,
The logs from the service are this:
Invalid config file (/usr/share/enterprise-search/config/enterprise-search.yml):
The setting '#/Elasticsearch/host' must use https if '#/Elasticsearch/ssl/enabled' is 'true', but the given value is 'http://elastic-es-http.elastic.svc:9200'

Is there a way to fix this?

Hey @thomasrice,

Either the host that serves Elasticsearch needs to do so over https, or your Enterprise Search enterprise-search.yml needs to specify elasticsearch.ssl.enabled: false. Using that configuration is not advised for security reasons, but I understand that may be acceptable in some closed environments.

You can find documentation on config options here: Configuration | Elastic Enterprise Search Documentation [7.15] | Elastic. I hope that helps!

Ross

Thanks @ross.bell that's really useful!

I'm now getting this message:

Elasticsearch API key service must be enabled. It is enabled automatically when you configure Elasticsearch to use TLS on the HTTP interface.
Alternatively, you can explicitly enable the setting within Elasticsearch by opening config/elasticsearch.yml and adding:
xpack.security.authc.api_key.enabled: true

Do I need to add xpack.security.authc.api_key.enabled: true
to my Elasticsearch.yml ? Something like this?

spec:
  version: 7.15.1
  nodeSets:
  - name: default
    count: 3
    config:
      xpack.security.authc.api_key.enabled: true

Yes, you'll want to enable that setting. I'm not able to tell if the snippet you provided is the correct way to do so in your environment, but I don't see anything wrong with it. There are a number of ways to configure Elasticsearch when running in Docker: Install Elasticsearch with Docker | Elasticsearch Guide [7.15] | Elastic.

1 Like