When rolling our CA certificates on our azure k8s clusters I noticed that our Elasticsearch is not using HTTPS/TLS.
So I have attempted to updated the yamls and apply however my enterprise search is no longer working and throwing an error
[2023-03-06T04:42:42.322+00:00][7][4004][app-server][WARN]: [pre-flight] Failed to connect to Elasticsearch backend. Make sure it is running and healthy.
[2023-03-06T04:42:42.323+00:00][7][4004][app-server][INFO]: [pre-flight] Error: /usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/elasticsearch_checks.class:142: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (Faraday::ClientError)
The moment I add the secret and apply, enterprise search throws the error and if i navigate to Kibana UI in my browser the "server is not ready yet".
Elastic.yaml
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: quickstart
namespace: sandbox
spec:
version: 8.5.1
http:
tls:
certificate:
secretName: ca-2023
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
enterprise-search.yaml
apiVersion: enterprisesearch.k8s.elastic.co/v1
kind: EnterpriseSearch
metadata:
name: enterprise-search-quickstart
namespace: sandbox
spec:
version: 8.5.1
count: 1
elasticsearchRef:
name: quickstart
http:
tls:
certificate:
secretName: ca-2023
kibana.yaml
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: quickstart
namespace: sandbox
spec:
version: 8.5.1
count: 1
elasticsearchRef:
name: quickstart
enterpriseSearchRef:
name: enterprise-search-quickstart
http:
tls:
certificate:
secretName: ca-2023
What is wrong in my setup please?