0

I am trying to setup an FluentD + ECK on my Kubernetes Cluster.

But FluentD is failing to establish connection with ElasticSearch which is on SSL.

Error log

2022-10-12 04:55:27 +0000 [info]: adding match in @OUTPUT pattern="**" type="elasticsearch"
2022-10-12 04:55:29 +0000 [warn]: #0 Could not communicate to Elasticsearch, resetting connection and trying again. EOFError (EOFError)
2022-10-12 04:55:29 +0000 [warn]: #0 Remaining retry: 14. Retry to communicate after 2 second(s).
2022-10-12 04:55:33 +0000 [warn]: #0 Could not communicate to Elasticsearch, resetting connection and trying again. EOFError (EOFError)
2022-10-12 04:55:33 +0000 [warn]: #0 Remaining retry: 13. Retry to communicate after 4 second(s).

FluentD output Conf

<label @OUTPUT>
      <match **>
        @type elasticsearch
        host elasticsearch-es-http
        port 9200
        path ""
        user elastic
        password XXXXXXXXX
        ca_path "/etc/ssl/certs/ca.crt"
      </match>
    </label>

Mounted the below ElasticSearch secret as cert on fluentd

- name: elasticsearch-es-http-certs-public
  secret:
    secretName: elasticsearch-es-http-certs-public

- name: elasticsearch-es-http-certs-public
  mountPath: "/etc/ssl/certs"

elasticsearch-es-http is the ElasticSearch Service name and the PODs are up and running.

Please guide me on where I went wrong.

Manoj Kumar
  • 55
  • 11
  • can you also add `kubectl get svc`, whats the service name for elasticsearch? both are in same namespace? also try to disable TLS, `scheme: http` – Adiii Oct 12 '22 at 05:58
  • Hi Adi, Yeah , the service name is same as the hostname. Issue is same even if I change the scheme to http , the elasticsearch is configured with https as per ECK. – Manoj Kumar Oct 12 '22 at 07:09

0 Answers0