Kibana helmchart throws error

Hi Team,
I have used helmchart to deploy the stack and i have created own self-signed using openssl as per the documentation. seems fine for master, data and client communication.


root@N81111:/mnt/d/elasticsearch# kubectl get pod -n de-elasticsearch
NAME                              READY   STATUS    RESTARTS   AGE
elasticsearch-client-0            2/2     Running   0          2m1s
elasticsearch-client-1            2/2     Running   0          2m
elasticsearch-data-0              2/2     Running   0          13h
elasticsearch-data-1              2/2     Running   0          19h
elasticsearch-data-2              2/2     Running   0          19h
elasticsearch-master-0            2/2     Running   0          6h59m
elasticsearch-master-1            2/2     Running   0          5h31m
elasticsearch-master-2            2/2     Running   0          20h
pre-install-kibana-kibana-jg6ds   1/2     Error     0          51m
root@N81111:/mnt/d/elasticsearch#

this is how it looks like.

But when i try deploying elasticsearch, the pre-install pod is throwing error as below.


Creating a new Elasticsearch token for Kibana
Cleaning previous token
DELETE undefined failed:  Client network socket disconnected before secure TLS connection was established
Error: Client network socket disconnected before secure TLS connection was established
    at connResetException (node:internal/errors:705:14)
    at TLSSocket.onConnectEnd (node:_tls_wrap:1594:19)
    at TLSSocket.emit (node:events:525:35)
    at endReadableNT (node:internal/streams/readable:1358:12)
    at processTicksAndRejections (node:internal/process/task_queues:83:21) {
  code: 'ECONNRESET',
  path: null,
  host: 'elasticsearch-master',
  port: 9200,
  localAddress: undefined
}

Can someone help me on this..

This is my elasticsearch-master.yaml

---
clusterName: "elasticsearch"
nodeGroup: "master"

masterService: ""
# https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html#node-roles
roles:
  - master

replicas: 3
minimumMasterNodes: 2

esMajorVersion: ""

# Allows you to add any config files in /usr/share/elasticsearch/config/
# such as elasticsearch.yml and log4j2.properties
esConfig:
  elasticsearch.yml: |
    #Turn on DEBUG logging for Discovery so we can figure out 
    logger.org.elasticsearch.gateway: DEBUG
    logger.org.elasticsearch.recovery: DEBUG
    logger.org.elasticsearch.deprecation: ERROR
    logger.org.elasticsearch.transport: DEBUG
    logger.org.elasticsearch.http: DEBUG

createCert: false
# Disable it to use your own elastic-credential Secret.
secret:
  enabled: true
  password: "Admin@123" # generated randomly if not defined
# the X-Pack license
extraEnvs:
  - name: ELASTIC_PASSWORD
    valueFrom:
      secretKeyRef:
        name: elasticsearch-master-credentials
        key: password
  - name: xpack.security.enabled
    value: "true"
  - name: xpack.security.transport.ssl.enabled
    value: "true"
  - name: xpack.security.http.ssl.enabled
    value: "true"
  - name: xpack.security.transport.ssl.verification_mode
    value: "certificate"
  - name: xpack.security.transport.ssl.key
    value: "/usr/share/elasticsearch/config/certs/tls.key"
  - name: xpack.security.transport.ssl.certificate
    value: "/usr/share/elasticsearch/config/certs/tls.crt"
  - name: xpack.security.transport.ssl.certificate_authorities
    value: "/usr/share/elasticsearch/config/certs/ca.crt"
  - name: xpack.security.http.ssl.key
    value: "/usr/share/elasticsearch/config/certs/tls.key"
  - name: xpack.security.http.ssl.certificate
    value: "/usr/share/elasticsearch/config/certs/tls.crt"
  - name: xpack.security.http.ssl.certificate_authorities
    value: "/usr/share/elasticsearch/config/certs/ca.crt"


secretMounts:
  - name: elastic-certificates
    secretName: es-cert
    path: /usr/share/elasticsearch/config/certs


image: "docker.elastic.co/elasticsearch/elasticsearch"
imageTag: "8.5.1"
imagePullPolicy: "IfNotPresent"

networkHost: "0.0.0.0"

protocol: https
httpPort: 9200
transportPort: 9300

this is my kibana.yaml

---
elasticsearchHosts: "https://elasticsearch-master:9200"
elasticsearchCertificateSecret: es-cert
elasticsearchCertificateAuthoritiesFile: ca.crt
elasticsearchCredentialSecret: elasticsearch-master-credentials

replicas: 1

extraEnvs:
  - name: ELASTIC_USERNAME
    valueFrom:
      secretKeyRef:
        name: elasticsearch-master-credentials
        key: username
  - name: ELASTIC_PASSWORD
    valueFrom:
      secretKeyRef:
        name: elasticsearch-master-credentials
        key: password
  - name: "NODE_OPTIONS"
    value: "--max-old-space-size=1800"

image: "docker.elastic.co/kibana/kibana"
imageTag: "8.5.1"
imagePullPolicy: "IfNotPresent"

protocol: http

secretMounts:
  - name: elastic-certificates
    secretName: es-cert
    path: /usr/share/kibana/config/certs

serverHost: "0.0.0.0"

httpPort: 5601

service:
  type: ClusterIP
  loadBalancerIP: ""
  port: 5601
  nodePort: ""
  labels: {}
  annotations: {}
  loadBalancerSourceRanges: []

##You can explicitly disable TLS for Kibana
http:
  tls:
    selfSignedCertificate:
      disabled: true

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.