How to install Elasticsearch on Kubernetes using Helm (3 nodes) and production SSL certificates

12/10/2021

I am trying to install Elasticsearch using Helm using a 3 nodes setup (2 master, 1 replica). But I am not able to make it work

This is my config file values.yml:

clusterName: "my-cluster"
nodeGroup: "master"

roles:
  master: "true"
  ingest: "true"
  data: "true"
esJavaOpts: "-Xmx1024m -Xms1024m"
resources: 
  requests:
    cpu: "100m"
    memory: "1024M"
  limits:
    cpu: "1000m"
    memory: "1500M"
volumeClaimTemplate:
  accessModes: [ "ReadWriteOnce" ]
  resources:
    requests:
      storage: 10G

protocol: https

esConfig: 
  elasticsearch.yml: |
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.authc.anonymous.username: anonymous_user
    xpack.security.authc.anonymous.roles: my_anonymous_user
    xpack.security.authc.anonymous.authz_exception: true

  roles.yml: |
    my_anonymous_user:
      indices:
        - names: [ 'my_index' ]
        privileges: [ 'read' ]
        
  my_text_file.txt: |
  
extraEnvs:
  - name: ELASTIC_USERNAME
    valueFrom:
      secretKeyRef:
        name: elastic-credentials
        key: username
  - name: ELASTIC_PASSWORD
    valueFrom:
      secretKeyRef:
        name: elastic-credentials
        key: password


secretMounts:
  - name: elastic-certificates
    secretName: elastic-certificates
    path: /usr/share/elasticsearch/config/certs

and I use the following Helm commands to install the chart:

helm repo add elastic https://helm.elastic.co
helm install -f values.yml elasticsearch --version 7.13 elastic/elasticsearch

How can I make it work with 3 nodes and how can I create valid production certificates for each of them?

-- Peter Schwarz
elasticsearch
helm3
kubernetes
kubernetes-helm

0 Answers