solved issues

elasticsearch/kibana

Warning

Ok, this one was a dumb one. The key I was using had a passphrase. I don’t see a way to add a passphrase or anything so using an unencrypted key seems to work. duh

Using the Elastic TLS _certificates documentation to add custom certs for the elasticsearch and kibana nodes hasn’t worked for me.

I have a CA certificate chain (ca.crt), a certificate for the elasticsearch nodes (tls.crt) in pem format, and a secret key (without password tls.key). I created the same setup for kibana.

I loaded the secrets as k8s secrets using the command:

kubectl create secret generic elastic-cert --from-file=ca.crt --from-file=tls.crt --from-file=tls.key

and a similar command for kibana.

The secrets were added to the configuration.

spec:
  http:
    tls:
      certificate:
        secretName: elastic-cert

Then after applying the changes (kubectl apply -f 2-elastic.yml), the pods never appear in a pod list. If I delete them (kubectl delete -f 2-elastic.yml), it doesn’t complain about them being missing. So I guess they exist but are failing?

I need to figure out which logs to look at to find out why.

Maybe selfSignedCertificate needs to be disabled as well as the added configuration?