elasticsearch,Kubernetes" />
elasticsearch,kubernetes,Java,Spring Boot,Java 如何在Spring Boot上针对部署在Openshift(基于云的Kubernetes)上的Elasticsearch使用自签名证书实现SSL
有人知道如何在Spring Boot应用程序上使用SSL来连接以https形式部署在Openshift的ElasticSearch吗?我的Spring Boot应用程序中有一个config.java,如下所示:Java 如何在Spring Boot上针对部署在Openshift(基于云的Kubernetes)上的Elasticsearch使用自签名证书实现SSL,java,spring-boot,
elasticsearch,kubernetes,Java,Spring Boot,
@Configuration
@EnableElasticsearchRepositories(basePackages = "com.siolbca.repository")
@ComponentScan(basePackages = "com.siolbca.services")
public class Config {
@Bean
public RestHighLevelClient client() {
ClientConfiguration clientConfiguration
= ClientConfiguration.builder()
.connectedTo("elasticsearch-siol-es-http.siolbca-dev.svc.cluster.local")
.usingSsl()
.withBasicAuth("elastic","G0D1g6TurJ79pcxr1065pU0U")
.build();
return RestClients.create(clientConfiguration).rest();
}
@Bean
public ElasticsearchOperations elasticsearchTemplate() {
return new ElasticsearchRestTemplate(client());
}
}
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
cluster:
name: elasticsearch-siol
routing:
allocation:
awareness:
attributes: k8s_node_name
discovery:
seed_providers: file
http:
publish_host: ${POD_NAME}.${HEADLESS_SERVICE_NAME}.${NAMESPACE}.svc
network:
host: "0"
publish_host: ${POD_IP}
node:
attr:
attr_name: attr_value
k8s_node_name: ${NODE_NAME}
name: ${POD_NAME}
roles:
- master
- data
store:
allow_mmap: false
path:
data: /usr/share/elasticsearch/data
logs: /usr/share/elasticsearch/logs
xpack:
license:
upload:
types:
- trial
- enterprise
security:
authc:
realms:
file:
file1:
order: -100
native:
native1:
order: -99
reserved_realm:
enabled: "false"
enabled: "true"
http:
ssl:
certificate: /usr/share/elasticsearch/config/http-certs/tls.crt
certificate_authorities: /usr/share/elasticsearch/config/http-certs/ca.crt
enabled: true
key: /usr/share/elasticsearch/config/http-certs/tls.key
transport:
ssl:
certificate: /usr/share/elasticsearch/config/node-transport-cert/transport.tls.crt
certificate_authorities:
- /usr/share/elasticsearch/config/transport-certs/ca.crt
- /usr/share/elasticsearch/config/transport-remote-certs/ca.crt
enabled: "true"
key: /usr/share/elasticsearch/config/node-transport-cert/transport.tls.key
verification_mode: certificate
有人知道如何在我的Spring Boot应用程序中使用提供的证书吗?谢谢。我在从后端(Spring Boot)连接到elasticsearch时忽略了SSL证书验证,从而解决了我的问题。我遵循了以下网站的一些指示: 我还通过添加基本身份验证修改了代码,如下所示:
@Configuration
@EnableElasticsearchRepositories(basePackages = "com.siolbca.repository")
@ComponentScan(basePackages = "com.siolbca.services")
public class Config {
@Bean
public RestHighLevelClient createSimpleElasticClient() throws Exception {
try {
final CredentialsProvider credentialsProvider =
new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials("elastic","G0D1g6TurJ79pcxr1065pU0U"));
SSLContextBuilder sslBuilder = SSLContexts.custom()
.loadTrustMaterial(null, (x509Certificates, s) -> true);
final SSLContext sslContext = sslBuilder.build();
RestHighLevelClient client = new RestHighLevelClient(RestClient
.builder(new HttpHost("elasticsearch-siol-es-http.siolbca-dev.svc.cluster.local", 9200, "https"))
//port number is given as 443 since its https schema
.setHttpClientConfigCallback(new HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
return httpClientBuilder
.setSSLContext(sslContext)
.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
.setDefaultCredentialsProvider(credentialsProvider);
}
})
.setRequestConfigCallback(new RestClientBuilder.RequestConfigCallback() {
@Override
public RequestConfig.Builder customizeRequestConfig(
RequestConfig.Builder requestConfigBuilder) {
return requestConfigBuilder.setConnectTimeout(5000)
.setSocketTimeout(120000);
}
}));
System.out.println("elasticsearch client created");
return client;
} catch (Exception e) {
System.out.println(e);
throw new Exception("Could not create an elasticsearch client!!");
}
}
}