TLS implementation for Elasticsearch in Openshift

Janakiraman · March 25, 2021, 5:12am

Hi team,
I am trying to implement TLS for single node elasticsearch(v 7.4.1) and when i try to run the elastic cert utility i am facing the below error. can you help me in providing a path to fix this? note: i do not have admin/super user access to the openshift cluster where i am trying to implement this.

"WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/usr/share/elasticsearch/lib/tools/security-cli/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun()
WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.drbg.DRBG
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release"

Added on 30/03/2021 : <<Error was "no file exception" , i resolved this error as there was some permission issues. >>

ikakavas · March 27, 2021, 8:34am

Hi @Janakiraman,

These are warnings, not errors. This wouldn't cause elasticsearch-certutil to fail, so it either succeeds or it fails for some other reason. In anyway you need to share the exact command you run and all the output you get.

Janakiraman · March 30, 2021, 9:26am

Thanks @ikakavas , managed to resolve the above issue. Another clarification required :
Do we need a permanent storage in Openshift to implement this TLS ? I have an elastic node running in openshift but when i restart the node the generated certificates gets deleted as i do not have a permanent storage in Openshift. Also, can you mention any specific documentation on implementing TLS for elasticsearch in openshift container platform? i could not find one Thanks

system · April 27, 2021, 9:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.