I'm running the following:
- v1.17 of Kubernetes
- v0.9 of MetalLB
- v2.2 of Traefik
- v1.1 of ECK
The setup is very basic and manifests look like the following:
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: logging
namespace: elastic-system
annotations:
traefik.ingress.kubernetes.io/service.sticky.cookie: "true"
spec:
version: 7.7.0
count: 1
elasticsearchRef:
name: logging
namespace: elastic-system
# xpack.security.enabled: false
podTemplate:
spec:
containers:
- name: kibana
resources:
limits:
memory: 4Gi
env:
- name: SERVER_BASEPATH
value: /
http:
tls:
selfSignedCertificate:
disabled: true
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-kibana
namespace: elastic-system
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: http
traefik.ingress.kubernetes.io/router.pathmatcher: PathPrefix
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: logging-kb-http
servicePort: 5601
Traefik is published externally by using MetalLB. When accessing Kibana on the exposed IP I'm greeted by the Kibana Welcome/Login screen. However, when I enter "elastic/" I get the following response in the browser:
|statusCode|401|
|---|---|
|error|"Unauthorized"|
|message|"[security_exception] unable to authenticate user [elastic] for REST request [/_security/_authenticate], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\"security\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } }"|
The password I use is fetched from the logging-es-elastic-user secret.
Furthermore, when I specify (in kibana.yaml):
env:
- name: SERVER_BASEPATH
value: /logging/kibana
and (in ingress.yaml)
path /logging/kibana
I get an URL which "seems to go on forever" - it looks recursive...
What am I doing wrong here? Are there any additional annotations that have to be placed on the Kibana or Ingress resource(s)?
Many, many thanks in advance!!!!