Hello, I have a problem, and I don't know where to find it.
I have an ingress with its certificate, and I have the ingress configured for elasticsearch.
Now, I want to attack that endpoint using metricbeats, which I have in another cluster and it gives me the following error:
(*MetricSet).Fetch","file.name":"node/node.go","file.line":91},"message":"error making http request: Get \"https://vsphere-general-worker-2:10250/stats/summary\": lookup vsphere-general-worker-2 on 10.43.0.10:53: server misbehaving","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-03-04T11:27:14.883Z","log.origin":{"function":"github.com/elastic/beats/v7/metricbeat/mb/module.(*metricSetWrapper).fetch","file.name":"module/wrapper.go","file.line":256},"message":"Error fetching data for metricset elasticsearch.node_stats: error making http request: Get \"https://xxxxx/_nodes/_local/stats\": x509: certificate signed by unknown authority","service.name":"metricbeat","ecs.version":"1.6.0"}
Can you help me? or give any indication of what it could be?
Does the certificate have to be that of the entry? from elasticsearch? of metricbeat?
---
daemonset:
# Annotations to apply to the daemonset
annotations: {}
# additionals labels
labels: {}
affinity: {}
# Include the daemonset
enabled: true
# Extra environment variables for Metricbeat container.
envFrom: []
# - configMapRef:
# name: config-secret
extraEnvs:
- name: "ELASTICSEARCH_USERNAME"
valueFrom:
secretKeyRef:
name: elasticsearch-master-credentials
key: username
- name: "ELASTICSEARCH_PASSWORD"
valueFrom:
secretKeyRef:
name: elasticsearch-master-credentials
key: password
# - name: MY_ENVIRONMENT_VAR
# value: the_value_goes_here
extraVolumes: []
# - name: extras
# emptyDir: {}
extraVolumeMounts: []
# - name: extras
# mountPath: /usr/share/extras
# readOnly: true
hostAliases: []
#- ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - "bar.local"
hostNetworking: false
# Allows you to add any config files in /usr/share/metricbeat
# such as metricbeat.yml for daemonset
metricbeatConfig:
metricbeat.yml: |
metricbeat.modules:
- module: elasticsearch
xpack.enabled: true
period: 10s
#hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]'
hosts: 'https://xxx.com'
ssl.enabled: false
ssl.certificate_authorities: ["/usr/share/metricbeat/certs/ca.crt"]
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
- module: kubernetes
metricsets:
- container
- node
- pod
- system
- volume
period: 10s
host: "${NODE_NAME}"
hosts: ["https://${NODE_NAME}:10250"]
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
#ssl.verification_mode: "none"
# If using Red Hat OpenShift remove ssl.verification_mode entry and
# uncomment these settings:
ssl.certificate_authorities: ["/usr/share/metricbeat/certs/ca.crt"]
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
#ssl.certificate_authorities:
# - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
processors:
- add_kubernetes_metadata: ~
- module: kubernetes
enabled: true
metricsets:
- event
- module: system
period: 10s
metricsets:
- cpu
- load
- memory
- network
- process
- process_summary
processes: ['.*']
process.include_top_n:
by_cpu: 5
by_memory: 5
- module: system
period: 1m
metricsets:
- filesystem
- fsstat
processors:
- drop_event.when.regexp:
system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'
output.elasticsearch:
#hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]'
hosts: 'hosts: 'https://xxx.com'
ssl.enabled: true
ssl.certificate_authorities: ["/usr/share/metricbeat/certs/ca.crt"]
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
nodeSelector: {}
# A list of secrets and their paths to mount inside the pod
# This is useful for mounting certificates for security other sensitive values
secretMounts:
- name: elasticsearch-master-certs
secretName: elasticsearch-master-certs
path: /usr/share/metricbeat/certs/
#- name: ingress-cert-tls
# secretName: ingress-cert-tls
# path: /usr/share/metricbeat/certs/
# - name: metricbeat-certificates
# secretName: metricbeat-certificates
# path: /usr/share/metricbeat/certs
# Various pod security context settings. Bear in mind that many of these have an impact on metricbeat functioning properly.
# - Filesystem group for the metricbeat user. The official elastic docker images always have an id of 1000.
# - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs.
# - Whether to execute the metricbeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift.
securityContext:
runAsUser: 0
privileged: false
resources:
requests:
cpu: "100m"
memory: "100Mi"
limits:
cpu: "1000m"
memory: "200Mi"
tolerations:
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 60
deployment:
# Annotations to apply to the deployment
annotations: {}
# additionals labels
labels: {}
affinity: {}
# Include the deployment
enabled: true
# Extra environment variables for Metricbeat container.
envFrom: []
# - configMapRef:
# name: config-secret
extraEnvs:
- name: "ELASTICSEARCH_USERNAME"
valueFrom:
secretKeyRef:
name: elasticsearch-master-credentials
key: username
- name: "ELASTICSEARCH_PASSWORD"
valueFrom:
secretKeyRef:
name: elasticsearch-master-credentials
key: password
# - name: MY_ENVIRONMENT_VAR
# value: the_value_goes_here
# Allows you to add any config files in /usr/share/metricbeat
extraVolumes: []
# - name: extras
# emptyDir: {}
extraVolumeMounts: []
# - name: extras
# mountPath: /usr/share/extras
# readOnly: true
# such as metricbeat.yml for deployment
hostAliases: []
#- ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - "bar.local"
metricbeatConfig:
metricbeat.yml: |
metricbeat.modules:
- module: elasticsearch
xpack.enabled: true
period: 10s
#hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]'
hosts: 'https://xxx.com'
ssl.enabled: false
ssl.certificate_authorities: ["/usr/share/metricbeat/certs/ca.crt"]
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
- module: kubernetes
enabled: true
metricsets:
- state_node
- state_deployment
- state_replicaset
- state_pod
- state_container
period: 10s
hosts: ["${KUBE_STATE_METRICS_HOSTS}"]
output.elasticsearch:
#hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]'
hosts: 'https://xxx.com'
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
ssl.enabled: true
ssl.certificate_authorities: ["/usr/share/metricbeat/certs/ca.crt"]
nodeSelector: {}
# A list of secrets and their paths to mount inside the pod
# This is useful for mounting certificates for security other sensitive values
secretMounts:
- name: elasticsearch-master-certs
secretName: elasticsearch-master-certs
path: /usr/share/metricbeat/certs/
#- name: ingress-cert-tls
# secretName: ingress-cert-tls
# path: /usr/share/metricbeat/certs/
# - name: metricbeat-certificates
# secretName: metricbeat-certificates
# path: /usr/share/metricbeat/certs
securityContext:
runAsUser: 0
privileged: false
resources:
requests:
cpu: "100m"
memory: "100Mi"
limits:
cpu: "1000m"
memory: "200Mi"
tolerations:
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 60
# Replicas being used for the kube-state-metrics metricbeat deployment
replicas: 1
extraContainers: ""
# - name: dummy-init
# image: busybox
# command: ['echo', 'hey']
extraInitContainers: ""
# - name: dummy-init
# image: busybox
# command: ['echo', 'hey']
# Root directory where metricbeat will write data to in order to persist registry data across pod restarts (file position and other metadata).
hostPathRoot: /var/lib