HI,
I am using Search guard version sg-sgadmin:7.1.0-35.0.0. I have installed search guard using HELM. I have an ingress proxy server already running on my Kubernetes cluster. It has its own certificate which verifies the DNS (lets say abc.com). This certificate is generated using Lets encrypt.The search guard elastic stack setup uses its own random generated certificates, which is its default behavior. Now I want to access the Search Guard Kibana UI using this DNS (https://abc.com/kibana). I have already made changes in the ingress rules where open accessing the path https://abc.com/kibana search guard kibana service will be called (this service is exposed as of type ClusterIP).See ingress rules ````
- backend:
serviceName: elk11-sg-helm
servicePort: 5601
path: /kibana
When I access the https://DNS-Name/kibana from the chrome browser I get HTTP error 503. Kibana pod logs shows this message in iteration
{“type”:“response”,“@timestamp”:“2019-07-21T22:16:18Z”,“tags”:[“api”],“pid”:1,“method”:“get”,“statusCode”:200,“req”:{“url”:“/api/status”,“method”:“get”,“headers”:{“host”:“10.244.2.38:5601”,“user-agent”:“kube-probe/1.12”,“accept-encoding”:“gzip”,“connection”:“close”},“remoteAddress”:“10.244.2.1”,“userAgent”:“10.244.2.1”},“res”:{“statusCode”:200,“responseTime”:6,“contentLength”:9},“message”:“GET /api/status 200 6ms - 9.0B”}
Ingress controller pod shows log as
10.244.0.1 - [10.244.0.1] - - [21/Jul/2019:22:06:27 +0000] “GET /kibana HTTP/2.0” 503 599 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36” 313 0.000 [eic-elk11-sg-helm-5601] - - - - cf5c5c0e9cb2dd908f2450b716527e5d
So basically my objective is to access Kibana from a proxy server. How can I achieve this? As already asked in some of the previous questions, I was informed that I cannot use my own generated certificates with HELM as this feature is pending for implementation. I am stuck as this point. Plz help.
/Nitesh