Apologies I have had some other items on my plate.
Remember I did this via ECK not Helm, I am an expert in neither, but I did this all very vanilla.
So basically following at the steps above here is what I deployed.
I did notice sometimes seems like perhaps there is a race condition or something so I deployed the elasticsearch and kibana separate and let it all come up first. Then I applied the the ingress so.
kubectl -f es-kb.yml
# elasticsearch kibana deploy with ECK
apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
name: d3m0
spec:
version: 7.11.1
nodeSets:
- name: default
count: 3
config:
node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
name: d3m0
spec:
version: 7.11.1
count: 1
elasticsearchRef:
name: d3m0
http:
tls:
selfSignedCertificate:
disabled: true
Then I let is all come up... then I applied the ingress and of course I had real certs.
It can take a while to come up... With no annotations it uses the default GKE ingress. I have pretty healthy privileges in this project.
kubectl apply -f ingress.yml
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: kibana-ingress
# annotations:
# kubernetes.io/ingress.class: nginx
spec:
tls:
- hosts:
- kbeck.mydomain.net
# Assumes Realcert with above host in it
secretName: my-kb-cert
rules:
- host: kbeck.mydomain.net
http:
# NOTE
# seems like for default ingress path: /*
# for ngnix ingress path: /
paths:
- path: /*
backend:
serviceName: d3m0-kb-http
servicePort: 5601
kubectl describe ingress
Name: kibana-ingress
Namespace: default
Address: 35.244.190.155
Default backend: default-http-backend:80 (10.20.1.5:8080)
TLS:
my-kb-cert terminates kbeck.mydomain.net
Rules:
Host Path Backends
---- ---- --------
kbeck.bvader.net
/* d3m0-kb-http:5601 (10.20.2.2:5601)
Annotations: ingress.kubernetes.io/backends: {"k8s-be-31576--fddf248ac95c1118":"HEALTHY","k8s1-fddf248a-default-d3m0-kb-http-5601-5123ae18":"HEALTHY"}
.....