K
Q

How can I disable Elasticsearch authentication when launching it in K8S?

9/26/2021

I am launching Elasticsearch cluster in K8S and below is the spec file. It failed to launch the pod with below error. I am trying to disable authentication and want to connect to the cluster without any credentials. But it stops me doing that. It says the configuration is internal use. What is the correct way for me to set this settings?

Warning  ReconciliationError      84s                elasticsearch-controller              Failed to apply spec change: adjust resources: adjust discovery config: Operation cannot be fulfilled on elasticsearches.elasticsearch.k8s.elastic.co "datasource": the object has been modified; please apply your changes to the latest version and try again
  Normal   AssociationStatusChange  1s (x16 over 86s)  es-monitoring-association-controller  Association status changed from [] to []
  Warning  Validation               1s (x20 over 84s)  elasticsearch-controller              [spec.nodeSets[0].config.xpack.security.enabled: Forbidden: Configuration setting is reserved for internal use. User-configured use is unsupported, spec.nodeSets[0].config.xpack.security.http.ssl.enabled: Forbidden: Configuration setting is reserved for internal use. User-configured use is unsupported, spec.nodeSets[0].config.xpack.security.transport.ssl.enabled: Forbidden: Configuration setting is reserved for internal use. User-configured use is unsupported]
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: datasource
spec:
  version: 7.14.0
  nodeSets:
  - name: node
    count: 2
    config:
      node.store.allow_mmap: false
      xpack.security.http.ssl.enabled: false
      xpack.security.transport.ssl.enabled: false
      xpack.security.enabled: false
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
          - ReadWriteOnce
        storageClassName: ebs-sc
        resources:
          requests:
            storage: 1024Gi
-- Joey Yi Zhao
elasticsearch
kubernetes

Similar Questions

Getting started with docker swarm using a bare metal server
Connecting to redis (from helm chart) inside Kubernetes cluster
Route incoming traffic in Docker swarm setup
How to set up istio on kubenetes cluster created by kubeadm?
gke nginx ingress create additional load balancer

1 Answer

9/26/2021

You can try this: https://discuss.elastic.co/t/cannot-disable-tls-and-security-in-eks/222335/2

I have tested and its working fine for me without any issues:

cat <<EOF | kubectl apply -f -
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: quickstart
spec:
  version: 7.15.0
  nodeSets:
  - name: default
    count: 1
    config:
      node.master: true
      node.data: true
      node.ingest: true
      node.store.allow_mmap: false
      xpack.security.authc:
          anonymous:
            username: anonymous
            roles: superuser
            authz_exception: false
EOF

To Disable basic authentication:

https://www.elastic.co/guide/en/elasticsearch/reference/7.14/anonymous-access.html

To disable SSL self signed certificate:

https://www.elastic.co/guide/en/cloud-on-k8s/0.9/k8s-accessing-elastic-services.html#k8s-disable-tls

-- Amjad Hussain Syed
Source: StackOverflow