I’m deploying Elasticsearch-oss 6.3.1 on Kubernetes 1.12.3. I have baked ReadOnlyRest plugin into the Elasticsearch image. Kube can start the container, but the health probes fail. Here are the error messages:
Readiness probe failed: Get http://192.168.131.86:9200/_cluster/health: dial tcp 192.168.131.86:9200: connect: connection refused
Liveness probe failed: Get http://192.168.131.86:9200/_cluster/health?local=true: net/http: request canceled (Client.Timeout exceeded while awaiting headers)
Here is my current readonlyrest.yml file:
readonlyrest:
# IMPORTANT FOR LOGIN/LOGOUT TO WORK
prompt_for_basic_auth: false
audit_collector: true
access_control_rules:
- name: 'Localhost'
hosts: [127.0.0.1]
-
ldap_authentication: everyone
ldap_authorization: {name: everyone, groups: [SG-App-Kibana-Ecosystem]}
name: Admins
kibana_access: admin
- name: 'Kibana Admin'
auth_key: 'kibana:foo'
- name: 'Lander Account'
auth_key: 'lander:foo'
kibana_access: ro
- name: 'Logstash User'
auth_key: 'logstash_user:foo'
actions: ["cluster:monitor/main","indices:admin/types/exists","indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
- name: 'Rover User'
actions: ['cluster:monitor/main', 'indices:data/read/*']
auth_key: 'rover:foo'
- name: Local Auth for admin
type: allow
kibana_access: admin
groups: ["Admins"]
users:
- username: es_admin
auth_key: es_admin:foo
groups: ["Admins"]
ldaps:
- name: everyone
host: my.host.local
port: 389
.... deleted...
QUESTION:
How can I allow the health probes to execute without authentication for those specific actions?