What im using:
The offical Helm Chart verion 7.17.3 from artifacthub.io
Image version is also 7.17.3
My Problem:
I'm struggling set up the minimal Security and the configure the TLS
My Steps:
- Create the p12
elasticsearch@elasticsearch-master-0:~$ bin/elasticsearch-certutil cert -out -- elastic-certificates.p12 -pass ""
- Copy the p12 to the local computer
kubectl cp elasticsearch-master-0:elastic-certificates.p12 elastic-certificates.p12
- Create a K8S Secret
kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12
- Stop Elasticsearch and Kibana
helm uninstall elasticsearch
equal with Kibana - Edit Elasticsearch valus.yaml
elasticsearch.yaml |
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.http.ssl.verification_mode: none
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
protocol: https
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates
path: /usr/share/elasticsearch/config/certs
- Restart Elasticsearch
helm install elasticsearch .
- Set up Passwords
elasticsearch@elasticsearch-master-0:~$ bin/elasticsearch-setup-passwords auto
Changed password for user
...
Afterwards I get this errors
Error log from the Pod
elasticsearch-master-0: {"type": "server", "timestamp": "XXXX-XX-XXTXX:XX:XX,XXXZ", "level": "INFO", "component": "o.e.x.s.a.RealmsAuthenticator", "cluster.name": "XXXXXXXX", "node.name": "elasticsearch-master-0", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "cluster.uuid": "XXXXXXXXXXX", "node.id": "XXXXXXXXXXX" }
Error log from the Cluster
Readiness probe failed: Waiting for elasticsearch cluster to become ready (request params: "wait_for_status=green&timeout=1s" ) Cluster is not yet ready (request params: "wait_for_status=green&timeout=1s" )
I think I need to set the elastic user and password some where but where and how can I set this in the Helm Chart?