Hi Team,
I have used helmchart to deploy the stack and i have created own self-signed using openssl as per the documentation. seems fine for master, data and client communication.
root@N81111:/mnt/d/elasticsearch# kubectl get pod -n de-elasticsearch
NAME READY STATUS RESTARTS AGE
elasticsearch-client-0 2/2 Running 0 2m1s
elasticsearch-client-1 2/2 Running 0 2m
elasticsearch-data-0 2/2 Running 0 13h
elasticsearch-data-1 2/2 Running 0 19h
elasticsearch-data-2 2/2 Running 0 19h
elasticsearch-master-0 2/2 Running 0 6h59m
elasticsearch-master-1 2/2 Running 0 5h31m
elasticsearch-master-2 2/2 Running 0 20h
pre-install-kibana-kibana-jg6ds 1/2 Error 0 51m
root@N81111:/mnt/d/elasticsearch#
this is how it looks like.
But when i try deploying elasticsearch, the pre-install pod is throwing error as below.
Creating a new Elasticsearch token for Kibana
Cleaning previous token
DELETE undefined failed: Client network socket disconnected before secure TLS connection was established
Error: Client network socket disconnected before secure TLS connection was established
at connResetException (node:internal/errors:705:14)
at TLSSocket.onConnectEnd (node:_tls_wrap:1594:19)
at TLSSocket.emit (node:events:525:35)
at endReadableNT (node:internal/streams/readable:1358:12)
at processTicksAndRejections (node:internal/process/task_queues:83:21) {
code: 'ECONNRESET',
path: null,
host: 'elasticsearch-master',
port: 9200,
localAddress: undefined
}
Can someone help me on this..
This is my elasticsearch-master.yaml
---
clusterName: "elasticsearch"
nodeGroup: "master"
masterService: ""
# https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html#node-roles
roles:
- master
replicas: 3
minimumMasterNodes: 2
esMajorVersion: ""
# Allows you to add any config files in /usr/share/elasticsearch/config/
# such as elasticsearch.yml and log4j2.properties
esConfig:
elasticsearch.yml: |
#Turn on DEBUG logging for Discovery so we can figure out
logger.org.elasticsearch.gateway: DEBUG
logger.org.elasticsearch.recovery: DEBUG
logger.org.elasticsearch.deprecation: ERROR
logger.org.elasticsearch.transport: DEBUG
logger.org.elasticsearch.http: DEBUG
createCert: false
# Disable it to use your own elastic-credential Secret.
secret:
enabled: true
password: "Admin@123" # generated randomly if not defined
# the X-Pack license
extraEnvs:
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: elasticsearch-master-credentials
key: password
- name: xpack.security.enabled
value: "true"
- name: xpack.security.transport.ssl.enabled
value: "true"
- name: xpack.security.http.ssl.enabled
value: "true"
- name: xpack.security.transport.ssl.verification_mode
value: "certificate"
- name: xpack.security.transport.ssl.key
value: "/usr/share/elasticsearch/config/certs/tls.key"
- name: xpack.security.transport.ssl.certificate
value: "/usr/share/elasticsearch/config/certs/tls.crt"
- name: xpack.security.transport.ssl.certificate_authorities
value: "/usr/share/elasticsearch/config/certs/ca.crt"
- name: xpack.security.http.ssl.key
value: "/usr/share/elasticsearch/config/certs/tls.key"
- name: xpack.security.http.ssl.certificate
value: "/usr/share/elasticsearch/config/certs/tls.crt"
- name: xpack.security.http.ssl.certificate_authorities
value: "/usr/share/elasticsearch/config/certs/ca.crt"
secretMounts:
- name: elastic-certificates
secretName: es-cert
path: /usr/share/elasticsearch/config/certs
image: "docker.elastic.co/elasticsearch/elasticsearch"
imageTag: "8.5.1"
imagePullPolicy: "IfNotPresent"
networkHost: "0.0.0.0"
protocol: https
httpPort: 9200
transportPort: 9300
this is my kibana.yaml
---
elasticsearchHosts: "https://elasticsearch-master:9200"
elasticsearchCertificateSecret: es-cert
elasticsearchCertificateAuthoritiesFile: ca.crt
elasticsearchCredentialSecret: elasticsearch-master-credentials
replicas: 1
extraEnvs:
- name: ELASTIC_USERNAME
valueFrom:
secretKeyRef:
name: elasticsearch-master-credentials
key: username
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: elasticsearch-master-credentials
key: password
- name: "NODE_OPTIONS"
value: "--max-old-space-size=1800"
image: "docker.elastic.co/kibana/kibana"
imageTag: "8.5.1"
imagePullPolicy: "IfNotPresent"
protocol: http
secretMounts:
- name: elastic-certificates
secretName: es-cert
path: /usr/share/kibana/config/certs
serverHost: "0.0.0.0"
httpPort: 5601
service:
type: ClusterIP
loadBalancerIP: ""
port: 5601
nodePort: ""
labels: {}
annotations: {}
loadBalancerSourceRanges: []
##You can explicitly disable TLS for Kibana
http:
tls:
selfSignedCertificate:
disabled: true
system
(system)
Closed
May 15, 2023, 8:41am
3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.