Kibana unable to use elastic-http-public cert

hi team,

I would like to enable HTTPS communication between kibana and elasticsearch , but i am not able to do that

kibana config -->

    count: 1
    config:
      elasticsearch.ssl.certificateAuthorities: /mnt/usr/ca.crt
    elasticsearchRef:
      name: "elasticsearch-config"
    http:
     service:
       spec:
         type: LoadBalancer
     tls:
       certificate:
         secretName: elasticsearch-config-es-http-certs-public
    # this shows how to customize the Kibana pod
    # with labels and resource limits
    podTemplate:
      metadata:
        labels:
          kibana: node
      spec:
        containers:
        - name: kibana
          volumeMounts:
          - name: certs
            mountPath: /mnt/usr
          resources:
            limits:
              memory: 1Gi
              cpu: 1
          readinessProbe:
            httpGet:
              scheme: HTTPS
              path: "/login"
              port: 5601
        volumes:
        - name: certs
          secret:
            secretName: elasticsearch-config-es-http-certs-public 

operator error -->

can't find private key tls.key in elastic-operator-demo3/elasticsearch-config-es-http-certs-public","errorVerbose":"can't find private key tls.key in elastic-operator-demo3/elasticsearch-config-es-http-certs-public\ngithub.com/elast

can anyone help on this

You don't need to add 'tls.certificate' section.

If you remove the 'tls.certificate' part, the elastic-operator automatically configure self-signed certificate between Kibana and Elasticsearch.

Hey Bingu thanks for answering.

Let me understand you correctly , do you mean i only have to remove tls.certificate part and dont have to mount the cert volume , operator will do it automatically.

Yes,

Check the following example.

Hey Bingu,

Still unable to resolve the issue have removed the tls.cert section from the kibana config , now facing this error

{"type":"error","@timestamp":"2020-05-28T20:45:35Z","tags":["connection","client","error"],"pid":6,"level":"error","error":{"message":"140423381055360:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n","name":"Error","stack":"Error: 140423381055360:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"},"message":"140423381055360:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"}

i can see it has picked up the certs and all the details automatically into kibana.yaml , but still there is some issue i believe.

elasticsearch:
  hosts:
  - https://elasticsearch-config-es-http.test-demo.svc:9200
  password:<password>
  ssl:
    certificateAuthorities: /usr/share/kibana/config/elasticsearch-certs/ca.crt
    verificationMode: certificate
  username: test-demo-kibana-config-kibana-user
server:
  host: "0"
  name: kibana-config
  ssl:
    certificate: /mnt/elastic-internal/http-certs/tls.crt
    enabled: true
    key: /mnt/elastic-internal/http-certs/tls.key
xpack:
  license_management:
    ui:
      enabled: false
  monitoring:
    ui:
      container:
        elasticsearch:
          enabled: true
  security:
    encryptionKey: <key>

can you help me on this?

@aman26ps

I'm just wondering, if you have time to try the example that I shared.
Actually, there should be no problem about https communication between Elasticsearch and Kibana managed by ECK.

If you still cannot figure out the problem. please share your eck version and k8s env and full yaml that you used.