Creating a new Elasticsearch token for Kibana
Cleaning previous token
TypeError [ERR_INVALID_PROTOCOL]: Protocol "http:" not supported. Expected "https:"
at new NodeError (node:internal/errors:387:5)
at new ClientRequest (node:_http_client:186:11)
at Object.request (node:https:357:10)
at /usr/share/kibana/helm-scripts/..2024_06_12_11_35_09.910339330/manage-es-token.js:64:27
at new Promise ()
at requestPromise (/usr/share/kibana/helm-scripts/..2024_06_12_11_35_09.910339330/manage-es-token.js:63:10)
at createEsToken (/usr/share/kibana/helm-scripts/..2024_06_12_11_35_09.910339330/manage-es-token.js:100:10)
at Object. (/usr/share/kibana/helm-scripts/..2024_06_12_11_35_09.910339330/manage-es-token.js:144:5)
at Module._compile (node:internal/modules/cjs/loader:1155:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1209:10) {
code: 'ERR_INVALID_PROTOCOL'
}
Hi @Sunita_Rajput, Welcome to the Elastic community.
How you are trying to create this token ? By using elasticsearch-create-enrollment-token ?
Seems its trying to connect to elasticsearch but connecting over http rather https.
I am not trying to create token but install kibana with following command helm install kibana elastic/kibana --values values.yaml and then in pre-install pods getting this error , elasticsearch is accessible on http
Any doc you referring?
[Preformatted text](https://artifacthub.io/packages/helm/elastic/kibana)
values.yaml of kibana
elasticsearchHosts: "http//elasticsearch-master-headless:9200"
#elasticsearchCertificateSecret: elasticsearch-master-certs
#elasticsearchCertificateAuthoritiesFile: ca.crt
#elasticsearchCredentialSecret: elasticsearch-master-credentials
replicas: 1
# Extra environment variables to append to this nodeGroup
# This will be appended to the current 'env:' key. You can use any of the kubernetes env
# syntax here
extraEnvs:
- name: "NODE_OPTIONS"
value: "--max-old-space-size=1800"
# - name: MY_ENVIRONMENT_VAR
# value: the_value_goes_here
# Allows you to load environment variables from kubernetes secret or config map
envFrom: []
# - secretRef:
# name: env-secret
# - configMapRef:
# name: config-map
# A list of secrets and their paths to mount inside the pod
# This is useful for mounting certificates for security and for mounting
# the X-Pack license
secretMounts: []
# - name: kibana-keystore
# secretName: kibana-keystore
# path: /usr/share/kibana/data/kibana.keystore
# subPath: kibana.keystore # optional
hostAliases: []
#- ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - "bar.local"
image: "docker.elastic.co/kibana/kibana"
imageTag: "8.5.1"
imagePullPolicy: "IfNotPresent"
# additionals labels
labels: {}
annotations: {}
podAnnotations: {}
# iam.amazonaws.com/role: es-cluster
resources:
requests:
cpu: "1000m"
memory: "2Gi"
limits:
cpu: "1000m"
memory: "2Gi"
protocol: http
serverHost: "0.0.0.0"
#server.ssl.enabled: false
healthCheckPath: "/app/kibana"
# Allows you to add any config files in /usr/share/kibana/config/
# such as kibana.yml
kibanaConfig: {}
# kibana.yml: |
# key:
# nestedkey: value
# If Pod Security Policy in use it may be required to specify security context as well as service account
podSecurityContext:
fsGroup: 1000
securityContext:
capabilities:
drop:
- ALL
# readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
serviceAccount: ""
# Whether or not to automount the service account token in the pod. Normally, Kibana does not need this
automountToken: true
# This is the PriorityClass settings as defined in
# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: ""
httpPort: 5601
extraVolumes:
[]
# - name: extras
# emptyDir: {}
extraVolumeMounts:
[]
# - name: extras
# mountPath: /usr/share/extras
# readOnly: true
#
extraContainers: []
# - name: dummy-init
# image: busybox
# command: ['echo', 'hey']
extraInitContainers: []
# - name: dummy-init
# image: busybox
# command: ['echo', 'hey']
updateStrategy:
type: "Recreate"
service:
type: ClusterIP
loadBalancerIP: ""
port: 5601
nodePort: ""
labels: {}
annotations: {}
# cloud.google.com/load-balancer-type: "Internal"
# service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
# service.beta.kubernetes.io/azure-load-balancer-internal: "true"
# service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
# service.beta.kubernetes.io/cce-load-balancer-internal-vpc: "true"
loadBalancerSourceRanges: []
# 0.0.0.0/0
httpPortName: http
ingress:
enabled: false
className: "nginx"
pathtype: ImplementationSpecific
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: kibana-example.local
paths:
- path: /
#tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 3
timeoutSeconds: 5
imagePullSecrets: []
nodeSelector: {}
tolerations: []
affinity: {}
nameOverride: ""
fullnameOverride: ""
lifecycle: {}
# preStop:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
# postStart:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
After adding following in values.yaml still getting sam error
kibanaConfig:
kibana.yml: |
server.ssl.enabled: false
I have the same issue, deploying the ELK stack via each helm chart.
We were getting 502 responses, as the ingress controller was sending http messages to http ports.
So I configured Elasticsearch to use http, to allow traffic via Ingress.
# Helm values
extraEnvs:
- name: xpack.security.http.ssl.enabled
value: "false"
protocol: http
During the Kibana deployment, using all default values elasticsearchHosts: "https://elasticsearch-master:9200"
gives:
Creating a new Elasticsearch token for Kibana
Cleaning previous token
DELETE undefined failed: write EPROTO 139882170656704:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
Error: write EPROTO 139882170656704:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
at WriteWrap.onWriteComplete [as oncomplete] (node:internal/stream_base_commons:94:16) {
errno: -71,
code: 'EPROTO',
syscall: 'write'
}
Setting
elasticsearchHosts: "http://elasticsearch-master:9200"
results in the same ERR_INVALID_PROTOCOL error.
These errors show up during the Helm pre-install-kibana job.
I was able to solve my issue by following these steps, allowing me to use the default https settings.
Still have this issue with https disabled on Elasticsearch.
Is there a solution to this problem, I am also experiencing the same problem. Does this version not support the HTTP protocol?