Metricbeat failed with Certificate error

Hi Team,

I have configure EFK with xpack enabled. I was able to configure kibana and fluent-bit with same ssl certificates. Now i am trying to configure metricbeat in my cluster.
It failed to pass readiness probe check.

I createdCA certificate without any dns name /elasticsearch-certutil ca and generate certficates. I converteed PKC#12 keystore to PEM format. I was able to use same certificate for kibana and fluent-bit ( tls.verify Off). I am not abel to use same certificate with metricbeat.

sh-4.2# metricbeat test output
elasticsearch: https://elasticsearch-master:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.233.33.200
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... ERROR x509: certificate is not valid for any names, but wanted to match elasticsearch-master
sh-4.2#

metricbeat.yaml output.


sh-4.2# cat metricbeat.yml
metricbeat.modules:
- module: kubernetes
  metricsets:
    - container
    - node
    - pod
    - system
    - volume
  period: 10s
  host: "${NODE_NAME}"
  hosts: ["${NODE_NAME}:10255"]
  processors:
  - add_kubernetes_metadata:
      in_cluster: true
- module: kubernetes
  enabled: true
  metricsets:
    - event
- module: system
  period: 10s
  metricsets:
    - cpu
    - load
    - memory
    - network
    - process
    - process_summary
  processes: ['.*']
  process.include_top_n:
    by_cpu: 5
    by_memory: 5
- module: system
  period: 1m
  metricsets:
    - filesystem
    - fsstat
  processors:
  - drop_event.when.regexp:
      system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'
output.elasticsearch:
  username: '${ELASTICSEARCH_USERNAME}'
  password: '${ELASTICSEARCH_PASSWORD}'
  protocol: https
  hosts: ["elasticsearch-master:9200"]
  ssl.certificate_authorities: ["/usr/share/metricbeat/config/certs/elastic-certificate.pem"]

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.