OpenShift Log Aggregation - Directly querying elasticsearch

Solution In Progress - Updated -


  • A client requirement has arisen in which directly querying the elasticsearch instance as provided by the the OpenShift log aggregation deployment.

  • Looking at the elasticsearch pod, I've noted that there are 3 ACL's configured system.logging.fluentd, system.logging.kibana and system.admin

  • For this specific requirement, read access to all indices will be required (and hence will be using the system.admin ACL).

  • I'd like to find out where I can find the cert and keypair for the system.admin user? I've extracted the fluent and kibana certs/key pairs from the pods directly, but unfortunately neither have sufficient privileges:

curl -XGET -k -E ./cert.pem --key ./key 'https://172.30.x.x:9200/_cat/count'
{"error":"ForbiddenException[Attempt from null to _all indices for indices:data/read/count and User [name=system.logging.kibana, roles=[]]]","status":403}

I've also looked at the trustedstore java kestore but it does not appear to contain a key.


  • Red Hat OpenShift Container Platform
    • 3.0+

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In