- Elastic Cloud on Kubernetes:
- Overview
- Quickstart
- Operating ECK
- Orchestrating Elastic Stack applications
- Run Elasticsearch on ECK
- Node configuration
- Volume claim templates
- Storage recommendations
- Transport settings
- Virtual memory
- Settings managed by ECK
- Secure settings
- Custom configuration files and plugins
- Init containers for plugin downloads
- Update strategy
- Pod disruption budget
- Nodes orchestration
- Advanced Elasticsearch node scheduling
- Create automated snapshots
- Remote clusters
- Readiness probe
- Pod PreStop hook
- Elasticsearch autoscaling
- JVM heap dumps
- Security Context
- Run Kibana on ECK
- Run APM Server on ECK
- Run standalone Elastic Agent on ECK
- Run Fleet-managed Elastic Agent on ECK
- Run Elastic Maps Server on ECK
- Run Enterprise Search on ECK
- Run Beats on ECK
- Run Logstash on ECK
- Elastic Stack Helm Chart
- Recipes
- Secure the Elastic Stack
- Access Elastic Stack services
- Customize Pods
- Manage compute resources
- Autoscaling stateless applications
- Elastic Stack configuration policies
- Upgrade the Elastic Stack version
- Connect to external Elastic resources
- Run Elasticsearch on ECK
- Advanced topics
- Troubleshooting ECK
- Reference
- API Reference
- agent.k8s.elastic.co/v1alpha1
- apm.k8s.elastic.co/v1
- apm.k8s.elastic.co/v1beta1
- autoscaling.k8s.elastic.co/v1alpha1
- beat.k8s.elastic.co/v1beta1
- common.k8s.elastic.co/v1
- common.k8s.elastic.co/v1alpha1
- common.k8s.elastic.co/v1beta1
- elasticsearch.k8s.elastic.co/v1
- elasticsearch.k8s.elastic.co/v1beta1
- enterprisesearch.k8s.elastic.co/v1
- enterprisesearch.k8s.elastic.co/v1beta1
- kibana.k8s.elastic.co/v1
- kibana.k8s.elastic.co/v1beta1
- logstash.k8s.elastic.co/v1alpha1
- maps.k8s.elastic.co/v1alpha1
- stackconfigpolicy.k8s.elastic.co/v1alpha1
- Glossary
- Third-party dependencies
- API Reference
- Release highlights
- 2.16.1 release highlights
- 2.16.0 release highlights
- 2.15.0 release highlights
- 2.14.0 release highlights
- 2.13.0 release highlights
- 2.12.1 release highlights
- 2.12.0 release highlights
- 2.11.1 release highlights
- 2.11.0 release highlights
- 2.10.0 release highlights
- 2.9.0 release highlights
- 2.8.0 release highlights
- 2.7.0 release highlights
- 2.6.2 release highlights
- 2.6.1 release highlights
- 2.6.0 release highlights
- 2.5.0 release highlights
- 2.4.0 release highlights
- 2.3.0 release highlights
- 2.2.0 release highlights
- 2.1.0 release highlights
- 2.0.0 release highlights
- 1.9.1 release highlights
- 1.9.0 release highlights
- 1.8.0 release highlights
- 1.7.1 release highlights
- 1.7.0 release highlights
- 1.6.0 release highlights
- 1.5.0 release highlights
- 1.4.1 release highlights
- 1.4.0 release highlights
- 1.3.2 release highlights
- 1.3.1 release highlights
- 1.3.0 release highlights
- 1.2.2 release highlights
- 1.2.1 release highlights
- 1.2.0 release highlights
- 1.1.2 release highlights
- 1.1.1 release highlights
- 1.1.0 release highlights
- 1.0.1 release highlights
- 1.0.0 release highlights
- 1.0.0-beta1 release highlights
- Release notes
- Elastic Cloud on Kubernetes version 2.16.1
- Elastic Cloud on Kubernetes version 2.16.0
- Elastic Cloud on Kubernetes version 2.15.0
- Elastic Cloud on Kubernetes version 2.14.0
- Elastic Cloud on Kubernetes version 2.13.0
- Elastic Cloud on Kubernetes version 2.12.1
- Elastic Cloud on Kubernetes version 2.12.0
- Elastic Cloud on Kubernetes version 2.11.1
- Elastic Cloud on Kubernetes version 2.11.0
- Elastic Cloud on Kubernetes version 2.10.0
- Elastic Cloud on Kubernetes version 2.9.0
- Elastic Cloud on Kubernetes version 2.8.0
- Elastic Cloud on Kubernetes version 2.7.0
- Elastic Cloud on Kubernetes version 2.6.2
- Elastic Cloud on Kubernetes version 2.6.1
- Elastic Cloud on Kubernetes version 2.6.0
- Elastic Cloud on Kubernetes version 2.5.0
- Elastic Cloud on Kubernetes version 2.4.0
- Elastic Cloud on Kubernetes version 2.3.0
- Elastic Cloud on Kubernetes version 2.2.0
- Elastic Cloud on Kubernetes version 2.1.0
- Elastic Cloud on Kubernetes version 2.0.0
- Elastic Cloud on Kubernetes version 1.9.1
- Elastic Cloud on Kubernetes version 1.9.0
- Elastic Cloud on Kubernetes version 1.8.0
- Elastic Cloud on Kubernetes version 1.7.1
- Elastic Cloud on Kubernetes version 1.7.0
- Elastic Cloud on Kubernetes version 1.6.0
- Elastic Cloud on Kubernetes version 1.5.0
- Elastic Cloud on Kubernetes version 1.4.1
- Elastic Cloud on Kubernetes version 1.4.0
- Elastic Cloud on Kubernetes version 1.3.2
- Elastic Cloud on Kubernetes version 1.3.1
- Elastic Cloud on Kubernetes version 1.3.0
- Elastic Cloud on Kubernetes version 1.2.2
- Elastic Cloud on Kubernetes version 1.2.1
- Elastic Cloud on Kubernetes version 1.2.0
- Elastic Cloud on Kubernetes version 1.1.2
- Elastic Cloud on Kubernetes version 1.1.1
- Elastic Cloud on Kubernetes version 1.1.0
- Elastic Cloud on Kubernetes version 1.0.1
- Elastic Cloud on Kubernetes version 1.0.0
- Elastic Cloud on Kubernetes version 1.0.0-beta1
Securing Logstash API
editSecuring Logstash API
editEnable HTTPS
editAccess to the Logstash Monitoring APIs use HTTPS by default - the operator will set the values api.ssl.enabled: true
, api.ssl.keystore.path
and api.ssl.keystore.password
.
You can further secure the Logstash Monitoring APIs by requiring HTTP Basic authentication by setting api.auth.type: basic
, and providing the relevant credentials api.auth.basic.username
and api.auth.basic.password
:
apiVersion: v1 kind: Secret metadata: name: logstash-api-secret stringData: API_USERNAME: "AWESOME_USER" API_PASSWORD: "T0p_Secret" --- apiVersion: logstash.k8s.elastic.co/v1alpha1 kind: Logstash metadata: name: logstash-sample spec: version: 8.17.1 count: 1 config: api.auth.type: basic api.auth.basic.username: "${API_USERNAME}" api.auth.basic.password: "${API_PASSWORD}" podTemplate: spec: containers: - name: logstash envFrom: - secretRef: name: logstash-api-secret
Store the username and password in a Secret. |
|
Map the username and password to the environment variables of the Pod. |
|
At Logstash startup, |
An alternative is to set up keystore to resolve ${API_USERNAME}
and ${API_PASSWORD}
The variable substitution in config
does not support the default value syntax.
TLS keystore
editThe TLS Keystore is automatically generated and includes a certificate and a private key, with default password protection set to changeit
.
This password can be modified by configuring the api.ssl.keystore.password
value.
apiVersion: logstash.k8s.elastic.co/v1alpha1 kind: Logstash metadata: name: logstash-sample spec: count: 1 version: 8.17.1 config: api.ssl.keystore.password: "${SSL_KEYSTORE_PASSWORD}"
Provide your own certificate
editIf you want to use your own certificate, the required configuration is similar to Elasticsearch. Configure the certificate in api
Service. Check Custom HTTP certificate.
Disable TLS
editYou can disable TLS by disabling the generation of the self-signed certificate in the API service definition
apiVersion: logstash.k8s.elastic.co/v1alpha1 kind: Logstash metadata: name: logstash-sample spec: version: 8.17.1 count: 1 elasticsearchRef: name: "elasticsearch-sample" services: - name: api tls: selfSignedCertificate: disabled: true