I am trying to set up tls in my kubernetes cluster that is using the elastic operator version 1.2. I was able to set up tls with Elasticsearch but I am having issues with the APM issue and don't what is the correct configuration for the APM service this is the current configuration.
I am trying to use the default configured certs by elastic but I get the following errors. In Elasticsearch Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
Then in APM I get the error:
pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://kibana-test-es-es-http.kibana-test.svc:9200)): Get "https://kibana-test-es-es-http.kibana-test.svc:9200": x509: certificate is valid for *.server.com, *.server.com, server.com, server.com, not kibana-test-es-es-http.kibana-test.svc
APM.yaml
apiVersion: apm.k8s.elastic.co/v1
kind: ApmServer
metadata:
name: kibana-test-apm-server
namespace: kibana-test
spec:
version: 7.10.2
count: 1
elasticsearchRef:
name: kibana-test-es
kibanaRef:
name: kibana
http:
tls:
certificate:
secretName: kibana-test-es-es-http-certs-internal
Elasticsearch.yml
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: kibana-test-es
namespace: kibana-test
spec:
version: 7.10.2
http:
tls:
certificate:
secretName: kibana-test-es-es-http-certs-internal
nodeSets:
- name: default
count: 3
volumeClaimTemplates:
- metadata:
name: kibana-test-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: ssd
config:
node.master: true
node.data: true
node.ingest: true
podTemplate:
spec:
initContainers:
- name: sysctl
securityContext:
privileged: true
command: ["sh", "-c", "sysctl -w vm.max_map_count=262144"]
containers:
- name: elasticsearch
# specify resource limits and requests
resources:
limits:
memory: 8Gi
cpu: 2
env:
- name: ES_JAVA_OPTS
value: "-Xms4g -Xmx4g"
Any idea why I am getting the errors, are the certificates not correctly configured or are they the incorrect ones to use?