Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Baic authentication ES clutser in production

See original GitHub issue

i want to set basic authentication only username:password to ES clutser. i have created kubernetes secret and added in values.yaml file also added xpack.security.enabled: true.

my web app would be sending request over simple HTTP only.

Please let me know if it is possible just set basic authentication username: credentials without setting up SSL transport layer security.

UPDATE

i am done with basic setup, mean basic auth and certificate creation working well also cluster is up.

but when i am sending curl request getting

curl localhost:9200

curl: (52) Empty reply from server

but when sending curl with --insecure or with -k getting response


{
  "name" : "elasticsearch-master-0",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "sUVANxDTQI2L8iSYBXIijg",
  "version" : {
    "number" : "7.3.2",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "1c1faf1",
    "build_date" : "2019-09-06T14:40:30.409026Z",
    "build_snapshot" : false,
    "lucene_version" : "8.1.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

any solution of this --insecure i think error occurring due to self-sign certificates.

elasticsearach.yaml file

esConfig:
  elasticsearch.yml: |
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.authc.realms.native.local.order: 0

i just want to run on HTTPS and simple basic password, if anyone can please help.

is it okay if i remove from yaml file

xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12

by removing above three line it’s working with curl without insecure mode.

Thanks. Please help

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:8

github_iconTop GitHub Comments

1reaction
harsh4870commented, Aug 14, 2020

@sanvir10 thanks working well. how about

esConfig:
  elasticsearch.yml: |
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    #xpack.security.http.ssl.enabled: true
    #xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    #xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.authc.realms.native.local.order: 0

you must be commenting http.ssl

1reaction
sanvir10commented, Aug 13, 2020

Or maybe you are using

bin/elasticsearch-certutil cert ...

And not

bin/elasticsearch-certutil http

Check SSL/TLS

Read more comments on GitHub >

github_iconTop Results From Across the Web

Cluster authentication - Amazon EKS - AWS Documentation
Amazon EKS uses IAM to provide authentication to your Kubernetes cluster (through the aws eks get-token command, available in version 1.16.156 or later...
Read more >
Identity and Access Management - EKS Best Practices Guides
While IAM is the preferred way to authenticate users who need access to an EKS cluster, it is possible to use an OIDC...
Read more >
Secure an Amazon EKS Cluster With IAM & RBAC - Medium
Amazon EKS uses aws-iam-authenticator for the authentication layer which is a tool that uses IAM credentials to authenticate to the cluster.
Read more >
EKS Authentication: Part 1 - Security Boulevard
EKS uses IAM for cluster authentication, but the authorization still happens on native Kubernetes using RBAC (Role Based Access Control).
Read more >
Kubernetes Client Authentication on Amazon EKS - ITNEXT
The IAM identity that created the EKS cluster is automatically “hardwired” in the AWS IAM Authenticator. This means that this IAM identity is ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How to resize ES storage volume?

Next page

monitore elasticsearch cluster with metricbeat