Unable to retrieve version information from Elasticsearch nodes. unable to get issuer certificate

Nauman_Kyani · December 4, 2023, 4:52am

I have 2 master node and 2 worker node cluster setup in kubernets. I want to deploy Elasticsearch in this manner 1 master 2 data and 1 client . I did this its working fine. And i run this in load balancer with my k8 master 1 machine ip like 172.16.25.137 and its working fine and i create the custom certificates for that like secret name es-certs and call this certs in Elasticsearch manifest file.
Now issue is that i want to run Kibana also but its not working fine when i used the default certs which provided by Elasticsearch opeartor on both Elasticsearch and Kibana its working fine but when i used my custom certs its create issue unable to verify the first certificate of Elasticsearch or Unable to retrieve version information from Elasticsearch nodes. unable to get issuer certificate i use same certs for both same secret name es-certs used in Kibana manifest and i also run Kibana in LoadBalancer with external ip like above 172.16.25.137 and appoint dns against this ip
172.16.25.137---> es-demo.doamin.pk
kb-demo.domain.pk

carly.richmond · December 4, 2023, 10:53am

Hi @Nauman_Kyani,

Welcome to the community! Can you share your Elasticsearch and Kibana config?

Nauman_Kyani · December 4, 2023, 1:44pm

this is my elasticsearch.yaml

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elasticsearchtest
spec:
  version: 8.9.0
  http:
    tls:
      selfSignedCertificate:
        disabled: true
      certificate:
        secretName: kb-certs
  nodeSets:
  - name: master
    count: 1
    config:
      node.roles: ["master"]
  - name: data
    count: 2
    config:
      node.roles: ["data"]
  - name: client

    count: 1
    config:
      node.roles: []

this kibana.yml

apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana
spec:
  version: 8.9.1 # Match this version with your Elasticsearch version
  http:
    tls:
      selfSignedCertificate:
        disabled: true
      certificate:
        secretName: test-certs
  count: 1
  config:
    elasticsearch.hosts:
    - https://test-es-demo.valentiatech.com:9200
    elasticsearch.ssl.certificateAuthorities: [ "/home/tech/certs/intermediate_ca_chain.pem" ]
    elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/config/certs/ca.crt" ]
    #elasticsearch.ssl.certificateAuthorities: /home/f3tech/certs/ca.crt
    #elasticsearch.hosts:
     #- https://indici-copilot-es-demo.valentiatech.com:9200
    #xpack.security.enabled: true
    #elasticsearch.ssl:
      #certificateAuthorities: /usr/share/kibana/config/certs/ca.crt  # Path to your CA if required
      #verificationMode: full  # Adjust as needed
  elasticsearchRef:
    name: elasticsearchtest







this is my service.yaml

apiVersion: v1
kind: Service
metadata:
  name: ingress-controller
spec:
  type: LoadBalancer
  externalIPs:
  - 172.16.25.137
  ports:
    - name: https
      port: 9200
      targetPort: 9200
      protocol: TCP
  selector:
    elasticsearch.k8s.elastic.co/cluster-name: "elasticsearchtest"
    elasticsearch.k8s.elastic.co/node-master: "false"
    elasticsearch.k8s.elastic.co/node-data: "false"
    elasticsearch.k8s.elastic.co/node-ingest: "false"
    elasticsearch.k8s.elastic.co/node-ml: "false"
    elasticsearch.k8s.elastic.co/node-transform: "false"


---
apiVersion: v1
kind: Service
metadata:
  name: kibana-service
spec:
  type: LoadBalancer
  externalIPs:
  - 172.16.25.137
  ports:
  - name: https
    port: 5601
    targetPort: 5601
    protocol: TCP
  selector:
    kibana.k8s.elastic.co/name: "kibana"

system · January 1, 2024, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.