Kubernetes ingress for elasticsearch not working after enabling security

Elastic Orchestration Elastic Cloud on Kubernetes (ECK)
1

I am using Official helm chart to install ELK stack on my on-premise VMWare hanzu k8s cluster.

An Ingress controller to the cluster is already created by k8s admin using Contour

Following this instruction of creating self-signed certificate using elasticsearch-certutil. After all the setup and pods running when I try to connect to elastic search using the dns - getting this error

upstream connect error or disconnect/reset before headers

I am however able to access the same when security is disabled. Really appreciate any pointers

2

Hi @anoopkv , this part of the forums is mostly for the elastic security solutions such as beats agents and SIEM.

You might have better luck finding answers to the regular Elastic forums here:

4

Hello @anoopkv,

You might be interested by Elastic Cloud on Kubernetes (ECK) that automates the deployment, provisioning, management, and orchestration of Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats on Kubernetes based on the operator pattern.

In particular, ECK manages the TLS certificates for you and also has a Helm chart.

5

okay. Thanks for the reply

6

We dont want to go with ECk solution, but thanks for the suggestions

7

Thought of posting the solution that worked. Switched to nginx ingress controller, which has gave the option to do ssl passthrough to the elastic stack.

ingress:

  enabled: true

  annotations:

    ingress.kubernetes.io/ssl-passthrough: "true"

    kubernetes.io/ingress.class: nginx

    nginx.ingress.kubernetes.io/backend-protocol: HTTPS

    nginx.ingress.kubernetes.io/secure-backends: "true"
2 Likes