Baic authentication ES clutser in production
See original GitHub issuei want to set basic authentication only username:password to ES clutser. i have created kubernetes secret and added in values.yaml
file also added xpack.security.enabled: true
.
my web app would be sending request over simple HTTP only.
Please let me know if it is possible just set basic authentication username: credentials without setting up SSL transport layer security.
UPDATE
i am done with basic setup, mean basic auth and certificate creation working well also cluster is up.
but when i am sending curl request getting
curl localhost:9200
curl: (52) Empty reply from server
but when sending curl with --insecure
or with -k
getting response
{
"name" : "elasticsearch-master-0",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "sUVANxDTQI2L8iSYBXIijg",
"version" : {
"number" : "7.3.2",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "1c1faf1",
"build_date" : "2019-09-06T14:40:30.409026Z",
"build_snapshot" : false,
"lucene_version" : "8.1.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
any solution of this --insecure
i think error occurring due to self-sign certificates.
elasticsearach.yaml file
esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.authc.realms.native.local.order: 0
i just want to run on HTTPS and simple basic password, if anyone can please help.
is it okay if i remove from yaml file
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
by removing above three line it’s working with curl without insecure mode.
Thanks. Please help
Issue Analytics
- State:
- Created 3 years ago
- Comments:8
Top GitHub Comments
@sanvir10 thanks working well. how about
you must be commenting
http.ssl
Or maybe you are using
And not
Check SSL/TLS