Using client certificate for a readiness check
21 views
Skip to first unread message
apt221
Mar 28, 2019, 4:08:13 PM3/28/19
to Search Guard Community Forum
Elasticsearch Version: 5.6.14
Search Guard Version: 5.6.14-19.2
Is there a "secure" way to perform this with a client certificate (ex. spock.pem) and readall user to do a health check?
Search Guard Version: 5.6.14-19.2
I was not sure about how to use the client certificate to perform a health check for elasticsearch. In the SG Docs under Testing the installation they perform a curl request to check the SG config
Is there a "secure" way to perform this with a client certificate (ex. spock.pem) and readall user to do a health check?
curl -X GET "localhost:9200/_cluster/health"
Jochen Kressin
Mar 28, 2019, 6:07:19 PM3/28/19
to Search Guard Community Forum
If you just want to perform a normal health check, for example because you have a load balancer in place, you can just use this SG healthcheck endpoint which does not require authentication:
Is there any particular reason you want to access the health check endpoint with a client certificate?
Is there any particular reason you want to access the health check endpoint with a client certificate?
apt221
Mar 28, 2019, 6:19:04 PM3/28/19
to search...@googlegroups.com
I did not know about this, is this available for version 5.6.14-19.2? Also I didn't specifically need to use client certificates, but I couldn't find any reasons for having them. Are there any examples that use client certificates on the docs? I can't seem to find any.
The reason for the health check is just for the kubernetes cluster. The readiness probe will keep checking the health to see if we need to restart any pods
SG
Apr 2, 2019, 8:40:58 AM4/2/19
to mchakradeo via Search Guard Community Forum
Search Guard Community Forum - We are moving!
We are moving the Search Guard Community Forum to a new home:
https://forum.search-guard.com/
All content hosted has been migrated to the new forum.
Starting from 2019/03/30 please ask your questions on https://forum.search-guard.com/ only.
The Google Group forum will not be maintained anymore.
Thanks!
> Am 28.03.2019 um 23:19 schrieb apt221 <akash...@sysdig.com>:
>
> I did not know about this, is this available for version 5.6.14-19.2?
>
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/65fbccb3-ec20-414a-885c-8068967a12c6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
We are moving the Search Guard Community Forum to a new home:
https://forum.search-guard.com/
All content hosted has been migrated to the new forum.
Starting from 2019/03/30 please ask your questions on https://forum.search-guard.com/ only.
The Google Group forum will not be maintained anymore.
Thanks!
> Am 28.03.2019 um 23:19 schrieb apt221 <akash...@sysdig.com>:
>
> I did not know about this, is this available for version 5.6.14-19.2?
>
> On Thursday, March 28, 2019 at 3:07:19 PM UTC-7, Jochen Kressin wrote:
> If you just want to perform a normal health check, for example because you have a load balancer in place, you can just use this SG healthcheck endpoint which does not require authentication:
>
> https://docs.search-guard.com/latest/search-guard-installation#search-guard-health-check
>
> Is there any particular reason you want to access the health check endpoint with a client certificate?
>
>
> On Thursday, March 28, 2019 at 9:08:13 PM UTC+1, apt221 wrote:
> Elasticsearch Version: 5.6.14
> Search Guard Version: 5.6.14-19.2
>
> I was not sure about how to use the client certificate to perform a health check for elasticsearch. In the SG Docs under Testing the installation they perform a curl request to check the SG config
> curl --insecure -u admin:admin 'https://localhost:9200/_searchguard/authinfo?pretty'
>
> Is there a "secure" way to perform this with a client certificate (ex. spock.pem) and readall user to do a health check?
> curl -X GET "localhost:9200/_cluster/health"
>
>
>
> --
> If you just want to perform a normal health check, for example because you have a load balancer in place, you can just use this SG healthcheck endpoint which does not require authentication:
>
> https://docs.search-guard.com/latest/search-guard-installation#search-guard-health-check
>
> Is there any particular reason you want to access the health check endpoint with a client certificate?
>
>
> On Thursday, March 28, 2019 at 9:08:13 PM UTC+1, apt221 wrote:
> Elasticsearch Version: 5.6.14
> Search Guard Version: 5.6.14-19.2
>
> I was not sure about how to use the client certificate to perform a health check for elasticsearch. In the SG Docs under Testing the installation they perform a curl request to check the SG config
> curl --insecure -u admin:admin 'https://localhost:9200/_searchguard/authinfo?pretty'
>
> Is there a "secure" way to perform this with a client certificate (ex. spock.pem) and readall user to do a health check?
> curl -X GET "localhost:9200/_cluster/health"
>
>
>
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/65fbccb3-ec20-414a-885c-8068967a12c6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages