I am using EFK stack on Kubernetes, Elastic and Kibana 8.7.0:
- I changed the passwords for built-in users elastic and kibana_system with ./bin/elasticsearch-reset-password user --username kibana_system and ./bin/elasticsearch-reset-password user --username elastic
- Then I added them to the elasticsearch-keystore with ./bin/elasticsearch-keystore add kibana_pass and ./bin/elasticsearch-keystore add elastic_pass
- I have created Secretc with both passwords
And everything is working fine, but after restart I get this error in my kibana logs:
[2023-05-15T06:54:11.417+00:00][ERROR][plugins.security.authentication] License is not available, authentication is not possible.
[2023-05-15T06:54:11.429+00:00][WARN ][plugins.licensing] License information could not be obtained from Elasticsearch due to ResponseError: security_exception
Root causes:
security_exception: unable to authenticate user [kibana_system] for REST request [/_xpack] error
and this is my elastic log:
{"@timestamp":"2023-05-15T09:25:40.548Z", "log.level": "INFO", "message":"Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch-client][transport_worker][T#7]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","trace.id":"5451638a596cc9a373336ecc3552088a","elasticsearch.cluster.uuid":"6h24ceJZS6-w0WZ3EPg8PA","elasticsearch.node.id":"Cu3XJpMASA20AMH2QcnvoQ","elasticsearch.node.name":"elasticsearch-client","elasticsearch.cluster.name":"elasticsearch"}
And I need to change the passwords again and create new Secrets so I can authenticate both users, I need help how to make them persistent so I dont have to do this everytime a node restarts