An administrator certificate, key, and CA that can be used to communicate with and perform administrative operations on Elasticsearch are provided within the elasticsearch secret in the openshift-logging project.
|
Note
|
To confirm whether your OpenShift Logging installation provides these, run: $ oc describe secret elasticsearch -n openshift-logging |
-
Connect to an Elasticsearch pod that is in the cluster on which you are attempting to perform maintenance.
-
To find a pod in a cluster use:
$ oc get pods -l component=elasticsearch -o name -n openshift-logging | head -1
-
Connect to a pod:
$ oc rsh <your_Elasticsearch_pod>
-
Once connected to an Elasticsearch container, you can use the certificates mounted from the secret to communicate with Elasticsearch per its Indices APIs documentation.
Fluentd sends its logs to Elasticsearch using the index format infra-00000x or app-00000x.
For example, to delete all logs for the openshift-logging index, app-000001, we can run:
$ curl --key /etc/elasticsearch/secret/admin-key \ --cert /etc/elasticsearch/secret/admin-cert \ --cacert /etc/elasticsearch/secret/admin-ca -XDELETE \ "https://localhost:9200/app-000001"