Search code examples
elasticsearchkubernetesgoogle-kubernetes-enginekubernetes-helm

Elasticsearch helm chart with basic authentication

i want to set basic authentication only username:password to ES clutser. i have created kubernetes secret and added in values.yaml file also added xpack.security.enabled: true.

my web app would be sending request over simple HTTP only.

Please let me know if it is possible just set basic authentication username: credentials without setting up SSL transport layer security.

UPDATE

i am done with basic setup, mean basic auth and certificate creation working well also cluster is up.

but when i am sending curl request getting

curl localhost:9200

curl: (52) Empty reply from server

but when sending curl with --insecure or with -k getting response


{
  "name" : "elasticsearch-master-0",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "sUVANxDTQI2L8iSYBXIijg",
  "version" : {
    "number" : "7.3.2",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "1c1faf1",
    "build_date" : "2019-09-06T14:40:30.409026Z",
    "build_snapshot" : false,
    "lucene_version" : "8.1.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

any solution of this --insecure i think error occurring due to self-sign certificates.

elasticsearach.yaml file

esConfig:
  elasticsearch.yml: |
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.authc.realms.native.local.order: 0

Thanks. Please help

Solution

  • Sure. Comment any http.ssl strings. You will connect via http not https but your password will be transferred in plain text. Not recommend in prod.