Deploying search guard with Helm charts on kubernetes

Search Guard
1

I am trying to deploy Search Guard secured Elasticsearch using https://github.com/floragunncom/search-guard-helm

I was unable to deploy and got some errors:

{“type”:“log”,“@timestamp”:“2018-11-13T13:05:59Z”,“tags”:[“status”,“plugin:kibana@6.4.1”,“info”],“pid”:1,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}

{“type”:“log”,“@timestamp”:“2018-11-13T13:05:59Z”,“tags”:[“status”,“plugin:elasticsearch@6.4.1”,“info”],“pid”:1,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}

{“type”:“log”,“@timestamp”:“2018-11-13T13:05:59Z”,“tags”:[“status”,“plugin:timelion@6.4.1”,“info”],“pid”:1,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}

I tired on docker with the repo https://github.com/deviantony/docker-elk and it is working with Search guard. I am pretty new to this Search Guard and still reading its docs.

Also please let me know if someone have tried with this k8s HELM chart and some steps that I should follow and best practices.

Any help is appreciated.

Thanks

2

That looks like you have to few kubernetes worker nodes to start all ES master nodes.
Did you change something in the values.yml file? If not then you must have enough wokers and resources for 8 ES nodes (2 client, 3 data, 3 master)
Maybe you want edit values.yml and just start with 0 client, 1 data and 1 master (do not run this in production)

···

Am 13.11.2018 um 14:24 schrieb Suraj Shrestha <suraz.zarus@gmail.com>:

I am trying to deploy Search Guard secured Elasticsearch using GitHub - floragunncom/search-guard-helm: Search Guard Helm Chart for Kubernetes

I was unable to deploy and got some errors:

{"type":"log","@timestamp":"2018-11-13T13:05:59Z","tags":["status","plugin:kibana@6.4.1","info"],"pid":1,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2018-11-13T13:05:59Z","tags":["status","plugin:elasticsearch@6.4.1","info"],"pid":1,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2018-11-13T13:05:59Z","tags":["status","plugin:timelion@6.4.1","info"],"pid":1,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}

and

[2018-11-13T13:18:37,398][WARN ][o.e.d.z.ZenDiscovery ] [searchguard-sg-helm-client-5d96b9fc54-44brn] not enough master nodes discovered during pinging (found [[Candidate{node={searchguard-sg-helm-master-2}{OmB-snRUR4eoqtlnPDaXPw}{zvbATqyyRO6iqPY8NcyZgg}{10.200.36.42}{10.200.36.42:9300}, clusterStateVersion=-1}]], but needed [2]), pinging again

I tired on docker with the repo GitHub - deviantony/docker-elk: The Elastic stack (ELK) powered by Docker and Compose. and it is working with Search guard. I am pretty new to this Search Guard and still reading its docs.

Also please let me know if someone have tried with this k8s HELM chart and some steps that I should follow and best practices.

Any help is appreciated.

Thanks

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/1208ca68-0725-4678-9f44-aae5104b8b3d%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

3

Thank you for the reply.

I managed to deploy successfully. Now I created a user and trying to login.

I get this error:

{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=username, roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=username, roles=[], requestedTenant=null]"},"status":403}
4

Can you share your sg_*.yml files? Looks like the user “username” does not have the necessary permissions/roles assigned.

···

On Thursday, 15 November 2018 17:35:35 UTC+1, Suraj Shrestha wrote:

Thank you for the reply.

I managed to deploy successfully. Now I created a user and trying to login.

I get this error:

{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=username, roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=username, roles=[], requestedTenant=null]"},"status":403}