Elasticsearch Connection Failure: "Response Error: 401 Unauthorized"

I am trying to install siren using the following instructions:

Kubernetes deployment preparation :: SIREN DOCS

I have configured the Elasticsearch connection parameters as follows:

# Set to the URL of your Elasticsearch cluster including the port
elasticsearch.url: "https://elasticsearch-master.observability:9200"

# If you want to disable completely the verification of the Elasticsearch Cluster certificate, set to "none".
#
# If your cluster is using a public CA, for example if it's hosted on Elastic Cloud, set the verificationMode to "full"
#
# If your cluster is using a private CA, set the verification mode to "certificate"
# and set elasticsearch.ssl.certificateAuthorities to the path of a file containing the CA certificate chain.
elasticsearch.ssl.verificationMode: none
elasticsearch.username: "elastic"

# Specify the password of the sirenserver user
elasticsearch.password: "lololololol0001zxx"
kibana.defaultAppId: "home"

(Note: I have verified that the elasticsearch username & password are correct , and the endpoint is reachable)

However, I still get the statefulset failing to run with the following errors in the logs:

{"type":"log","@timestamp":"2025-01-10T09:20:53Z","tags":["error","elasticsearch"],"pid":480,"message":"Response Error: 401 Unauthorized"}
"type":"log","@timestamp":"2025-01-10T09:20:56Z","tags":["error","elasticsearch"],"pid":480,"message":"Response Error: 401 Unauthorized"}

This 401 auth error is happening despite the fact that we’ve verified the username and password are correct.

Please advise how I can confirm further what the cause of this auth failure could be and perhaps if there are other specific ways to debug in more detail?

Hi Traiano

Did you configure investigate_access_control section in investigate.yml? Can you paste it here please.
This one:

investigate_access_control:
  enabled: true
  acl:
    enabled: true
  admin_role: investigate_admin
  cookie:
    name: 'kac'
    # This password will be used to encrypt the session cookie, make sure to customize it
    password: '7vGx4(hLwNur19trqYZkSnOvT$U@*o9r'
    # Change to true when exposing Investigate to the Internet using TLS
    secure: false
  backend: xpack

You also wrote that the endpoint is reachable.
Can you confirm that you check it from another pod in your kubernetes cluster?

Hi Simon

Thanks for your response.

It turns out after further troubleshooting this issue was due to us having multiple ECK deployments on the same cluster and getting the configuration details crossed.

I think we can close this issue now.

Regards,

Traiano