I am a rookie, getting started with ElasticSearch and have a question regarding the SSL certificates used in the ELK stack.
From what I've read in the guides, an SSL certificate is needed for Kibana, but for Elasticsearch I am unsure which SANs are needed. In this topic it is said that it needs to have the node hostnames and not a single URL. (like for typical web applications) This would mean when new nodes are added the certificate needs to be re-issued and I would like to avoid that.
I also wanted to know to what extent can F5 loadbalancing be used? I read that there is also a coordinator role, which is a bit like a loadbalancer. So can F5 be used for Kibana load-balancing and what about the ingestion? (it is also documented that it needs to be pointed to a master node)
I plan to build up as a start a 3 node cluster with master and data roles.
I am just starting with SSL with Elasticsearch so I am by no means an expert.
I have setup my own CA and plan to use a wildcard cert for *.mydomain.com. That way I can use the same SSL certs for the whole cluster and add nodes as I like. That is the plan, not fully tested yet...
How do you put data into Elasticsearch? If you use Logstash or Filebeat, they offer load-balancing for writing to Elasticsearch. For Kibana, you can put a load-balancer in front, like most other web services. I use Nginx in front of Kibana. Nginx does the SSL termination and the group of Kibana instances are listed as HTTP backends/upstreams.
Unfortunately a wildcard certificate is not an option in our environment. I do plan to use Logstash and Filebeat.
So then only Kibana can be load-balanced using F5, it seems.
Thanks!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.