elasticsearch cluster 구성을 위한 인증서 생성
2025. 3. 1. 19:00ㆍk8s/EFK
certificates 생성을 위한 pod 구성
kubectl run test --image=docker.elastic.co/elasticsearch/elasticsearch:{tag} -- tail -f /dev/null
kubectl exec -it pod/test -- shcertificates 생성
dns 등록이 중요
# ca 생성
elasticsearch-certutil ca --out certs/elastic-stack-ca.p12 --pass ""
# cert 생성
elasticsearch-certutil cert --ca certs/elastic-stack-ca.p12 --ca-pass "" \
--dns elastic-0.elastic-headless,elastic-1.elastic-headless,elastic-2.elastic-headless \
--out certs/elastic-cluster.p12 --pass ""certificates를 secret로 변환
# pod안의 certificates hos server로 복사
kubectl cp test:/usr/share/elasticsearch/certs/elastic-cluster.p12 certs/elastic-cluster.p12
# certificates dns 확인
keytool -list -v -keystore elastic-cluster.p12 -storetype PKCS12 -storepass ""
# secret 생성
kubectl create secret generic elastic-certificates --from-file=certs/elastic-cluster.p12 -n elasticdns 등록 안했을 때 에러
does not contain any trusted certificate entries'k8s > EFK' 카테고리의 다른 글
| elasticsearch self monitoring 여부 확인 (0) | 2025.03.02 |
|---|---|
| max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]; for more information (0) | 2025.03.01 |
| elasticsearch cluster 구성 (0) | 2025.03.01 |
| Elasticsearch max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] (0) | 2025.02.15 |
| Elasticsearch dynamic storage mount 하기 (0) | 2025.02.13 |