aman26ps
(aman sharma)
May 21, 2020, 8:05pm
1
hi team,
I would like to enable HTTPS communication between kibana and elasticsearch , but i am not able to do that
kibana config -->
count: 1
config:
elasticsearch.ssl.certificateAuthorities: /mnt/usr/ca.crt
elasticsearchRef:
name: "elasticsearch-config"
http:
service:
spec:
type: LoadBalancer
tls:
certificate:
secretName: elasticsearch-config-es-http-certs-public
# this shows how to customize the Kibana pod
# with labels and resource limits
podTemplate:
metadata:
labels:
kibana: node
spec:
containers:
- name: kibana
volumeMounts:
- name: certs
mountPath: /mnt/usr
resources:
limits:
memory: 1Gi
cpu: 1
readinessProbe:
httpGet:
scheme: HTTPS
path: "/login"
port: 5601
volumes:
- name: certs
secret:
secretName: elasticsearch-config-es-http-certs-public
operator error -->
can't find private key tls.key in elastic-operator-demo3/elasticsearch-config-es-http-certs-public","errorVerbose":"can't find private key tls.key in elastic-operator-demo3/elasticsearch-config-es-http-certs-public\ngithub.com/elast
can anyone help on this
You don't need to add 'tls.certificate' section.
If you remove the 'tls.certificate' part, the elastic-operator automatically configure self-signed certificate between Kibana and Elasticsearch.
aman26ps
(aman sharma)
May 28, 2020, 1:49pm
3
Hey Bingu thanks for answering.
Let me understand you correctly , do you mean i only have to remove tls.certificate part and dont have to mount the cert volume , operator will do it automatically.
Yes,
Check the following example.
aman26ps
(aman sharma)
May 28, 2020, 8:51pm
5
Hey Bingu,
Still unable to resolve the issue have removed the tls.cert section from the kibana config , now facing this error
{"type":"error","@timestamp":"2020-05-28T20:45:35Z","tags":["connection","client","error"],"pid":6,"level":"error","error":{"message":"140423381055360:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n","name":"Error","stack":"Error: 140423381055360:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"},"message":"140423381055360:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"}
i can see it has picked up the certs and all the details automatically into kibana.yaml , but still there is some issue i believe.
elasticsearch:
hosts:
- https://elasticsearch-config-es-http.test-demo.svc:9200
password:<password>
ssl:
certificateAuthorities: /usr/share/kibana/config/elasticsearch-certs/ca.crt
verificationMode: certificate
username: test-demo-kibana-config-kibana-user
server:
host: "0"
name: kibana-config
ssl:
certificate: /mnt/elastic-internal/http-certs/tls.crt
enabled: true
key: /mnt/elastic-internal/http-certs/tls.key
xpack:
license_management:
ui:
enabled: false
monitoring:
ui:
container:
elasticsearch:
enabled: true
security:
encryptionKey: <key>
can you help me on this?
@aman26ps
I'm just wondering, if you have time to try the example that I shared.
Actually, there should be no problem about https communication between Elasticsearch and Kibana managed by ECK.
If you still cannot figure out the problem. please share your eck version and k8s env and full yaml that you used.