How to setup custom tls certificate files for Kibana in helm

Hi all,

I am a newbie of opendistro and helm and want to do setup https for kibana using my customer certificate files. I am using a helm chart here https://github.com/opendistro-for-elasticsearch/community/tree/master/open-distro-elasticsearch-kubernetes.

Thanks
Nhan

@tranminhhoainhan Which part exactly are you stuck on? The first thing you would need to do is have all the certificates that are needed by elasticsearch and kibana:
Elasticsearch:

  • node-crt.pem
  • node-key.pem
  • admin-crt.pem
  • admin-key.pem
  • root-ca-cert.pem
    Kibana:
  • kibana-crt.pem
  • kibana-key.pem
  • kibana-root-ca.pem

To get started I would recommend running locally odfe docker-compose file which created demo certificates by default (these should never be used in prod) and copying them from docker image.
Once you have that, you can follow the link you mentioned and update the community/open-distro-elasticsearch-kubernetes/elasticsearch/35-es-bootstrap-secrets.yml and …/kibana/25-kb-bootstrap-secrets.yml with the content of the relevant certificates. it should look something like this:

stringData:
elk-crt.pem: |-
     -----BEGIN CERTIFICATE-----
     MIIEyTCCA7GgAwIBAgIGAWLrc1O2MA0GCSqGSIb3DQEBCwUAMIGPMR...

Once that is done the rest should work as mentioned in the link. I only tested on minikube however so had change a couple of files to find a workaround for PV and PVC etc, Let me know how you get on if you end up trying and if you need that workaround for minikubes as well.

Thanks for you reply. I have solved my problem. For my case I defined secret templates for those certificates to read content of pem files stored under a specific folder. Some settings also needed to be set.

hi, @tranminhhoainhan can i ask you more details about your solution? I’m using the same github repository and trying to set custom certs. What extra settings you used for kibana?