I have 2 master node and 2 worker node cluster setup in kubernets. I want to deploy Elasticsearch in this manner 1 master 2 data and 1 client . I did this its working fine. And i run this in load balancer with my k8 master 1 machine ip like 172.16.25.137 and its working fine and i create the custom certificates for that like secret name es-certs and call this certs in Elasticsearch manifest file.
Now issue is that i want to run Kibana also but its not working fine when i used the default certs which provided by Elasticsearch opeartor on both Elasticsearch and Kibana its working fine but when i used my custom certs its create issue unable to verify the first certificate of Elasticsearch or Unable to retrieve version information from Elasticsearch nodes. unable to get issuer certificate i use same certs for both same secret name es-certs used in Kibana manifest and i also run Kibana in LoadBalancer with external ip like above 172.16.25.137 and appoint dns against this ip
172.16.25.137---> es-demo.doamin.pk
kb-demo.domain.pk
Hi @Nauman_Kyani,
Welcome to the community! Can you share your Elasticsearch and Kibana config?
this is my elasticsearch.yaml
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elasticsearchtest
spec:
version: 8.9.0
http:
tls:
selfSignedCertificate:
disabled: true
certificate:
secretName: kb-certs
nodeSets:
- name: master
count: 1
config:
node.roles: ["master"]
- name: data
count: 2
config:
node.roles: ["data"]
- name: client
count: 1
config:
node.roles: []
this kibana.yml
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: kibana
spec:
version: 8.9.1 # Match this version with your Elasticsearch version
http:
tls:
selfSignedCertificate:
disabled: true
certificate:
secretName: test-certs
count: 1
config:
elasticsearch.hosts:
- https://test-es-demo.valentiatech.com:9200
elasticsearch.ssl.certificateAuthorities: [ "/home/tech/certs/intermediate_ca_chain.pem" ]
elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/config/certs/ca.crt" ]
#elasticsearch.ssl.certificateAuthorities: /home/f3tech/certs/ca.crt
#elasticsearch.hosts:
#- https://indici-copilot-es-demo.valentiatech.com:9200
#xpack.security.enabled: true
#elasticsearch.ssl:
#certificateAuthorities: /usr/share/kibana/config/certs/ca.crt # Path to your CA if required
#verificationMode: full # Adjust as needed
elasticsearchRef:
name: elasticsearchtest
this is my service.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-controller
spec:
type: LoadBalancer
externalIPs:
- 172.16.25.137
ports:
- name: https
port: 9200
targetPort: 9200
protocol: TCP
selector:
elasticsearch.k8s.elastic.co/cluster-name: "elasticsearchtest"
elasticsearch.k8s.elastic.co/node-master: "false"
elasticsearch.k8s.elastic.co/node-data: "false"
elasticsearch.k8s.elastic.co/node-ingest: "false"
elasticsearch.k8s.elastic.co/node-ml: "false"
elasticsearch.k8s.elastic.co/node-transform: "false"
---
apiVersion: v1
kind: Service
metadata:
name: kibana-service
spec:
type: LoadBalancer
externalIPs:
- 172.16.25.137
ports:
- name: https
port: 5601
targetPort: 5601
protocol: TCP
selector:
kibana.k8s.elastic.co/name: "kibana"
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.