我有一个问题,我将 Elasticsearch 创建为 StatefulSet,我需要使用 x-pack。为此,我知道我需要配置以下安全属性:
- name: xpack.license.self_generated.type
value: "basic"
- name: xpack.security.enabled
value: 'true'
- name: xpack.security.transport.ssl.enabled
value: 'true'
- name: xpack.security.transport.ssl.verification_mode
value: 'certificate'
- name: xpack.security.transport.ssl.keystore.path
value: '/usr/share/elasticsearch/elastic-certificates.p12'
- name: xpack.security.transport.ssl.truststore.path
value: '/usr/share/elasticsearch/elastic-certificates.p12'
关于传输 TLS/SSL 加密,我知道我应该使用“bin/elasticsearch-certutil ca”来生成证书。
我的问题是什么?当我将 YAML 应用到我的集群时,证书还不存在。
当我尝试访问 bash 时,该 pod 不再可用。
这种部署的最佳策略是什么?
*错误:
ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager - access to read truststore file [/usr/share/elasticsearch/elastic-certificates.p12] is blocked; SSL resources should be placed in the [/usr/share/elasticsearch/config] directory]; nested: AccessControlException[access denied ("java.io.FilePermission" "/usr/share/elasticsearch/elastic-certificates.p12" "read")];
Likely root cause: java.security.AccessControlException: access denied ("java.io.FilePermission" "/usr/share/elasticsearch/elastic-certificates.p12" "read")