Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Kibana: Missing service.httpPortName config in chart #841

Closed
aaaaahaaaaa opened this issue Oct 15, 2020 · 2 comments · Fixed by #843
Closed

Kibana: Missing service.httpPortName config in chart #841

aaaaahaaaaa opened this issue Oct 15, 2020 · 2 comments · Fixed by #843
Labels
enhancement New feature or request kibana

Comments

@aaaaahaaaaa
Copy link

Chart version:
7.9.2
Kubernetes version:
v1.17.9-gke.1504
Kubernetes provider: E.g. GKE (Google Kubernetes Engine)
GKE
Helm Version:
3

helm get release output

Output of helm get release

Describe the bug:

The Kibana chart is missing a way to configure the port name of the service (e.g. service.httpPortName like in the Elastic Search chart). This is required when Kibana is running behind Istio's service mesh and TLS is enabled in the chart. The reason is that Istio is doing protocol selection based on the port name, which remains called http in the chart when SSL is enabled. This results in HTTPS traffic being sent to an HTTP port with the following error:

error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number

Steps to reproduce:

  1. Setup a GKE cluster with Istio (e.g. 1.6)
  2. Install Kibana chart with TLS enabled
  3. Add Istio Gateway with TLS passthrough
  4. Add Istio Virtual Service pointing to kibana-kibana service.
  5. ==> HTTPS request failing
  6. Patch the kibana-kibana service by changing to port name to https.
  7. ==> HTTPS request successful

Expected behavior:
service.httpPortName option is available in the Helm Chart.

Provide logs and/or server output (if relevant):

Be careful to obfuscate every secrets (credentials, token, public IP, ...) that could be visible in the output before copy-pasting

curl -v https://kibana.example.com/
*   Trying 34.77.80.28...
* TCP_NODELAY set
* Connected to kibana.example.com (x.x.x.x) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
* Closing connection 0
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number

Any additional context:
Using GKE's Istio addon (1.6)
This was referenced Oct 18, 2020
Merged
Closed
@jmlrt jmlrt added enhancement New feature or request kibana labels Nov 4, 2020
@jmlrt
Copy link
Member

jmlrt commented Nov 4, 2020

Hi @aaaaahaaaaa,
Thank you for submitting this request. Would you be interested to create a PR for that?

@jmlrt
Copy link
Member

jmlrt commented Nov 4, 2020

Thank you for submitting this request. Would you be interested to create a PR for that?

Didn't see there was already #843 by @ebuildy ^^

@jmlrt jmlrt closed this as completed in #843 Dec 1, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request kibana
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[kibana] add service.httpPortName config in chart
2 participants
@aaaaahaaaaa @jmlrt