Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack monitoring: trust custom cert. in output configuration #5945

Merged
merged 7 commits into from
Aug 22, 2022
Merged

Stack monitoring: trust custom cert. in output configuration #5945

merged 7 commits into from
Aug 22, 2022

Conversation

barkbay
Copy link
Contributor

@barkbay barkbay commented Aug 11, 2022

Fix #5917 by setting ssl.verification_mode to certificate in the Beat output configuration.

This PR also adds a unit test to cover newBeatConfig and buildOutputConfig.

@barkbay barkbay added >bug Something isn't working v2.5.0 labels Aug 11, 2022
@barkbay barkbay marked this pull request as draft August 11, 2022 14:03
@barkbay barkbay marked this pull request as ready for review August 18, 2022 11:50
@barkbay
Copy link
Contributor Author

barkbay commented Aug 18, 2022

Sorry for the lag. PR is ready for review, it has been tested with the following configurations for the monitoring cluster:

  • Custom CA with the 3 required files (ca.crt, tls.crt and tls.key)
  • Certificate from a well known issuer, Let's Encrypt in my tests, with an empty ca.crt
  • TLS disabled

pebrc
pebrc reviewed Aug 19, 2022
View reviewed changes
Copy link
Collaborator

@pebrc pebrc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM there is one compile error due to a change in main,

pkg/controller/common/stackmon/config_test.go Show resolved Hide resolved
pkg/controller/common/stackmon/config_test.go Outdated Show resolved Hide resolved
@barkbay barkbay merged commit 61d81a2 into elastic:main Aug 22, 2022
@barkbay barkbay deleted the stackmon/verification_mode_certificate branch August 22, 2022 09:01
fantapsody pushed a commit to fantapsody/cloud-on-k8s that referenced this pull request Feb 7, 2023
@barkbay @fantapsody
Stack monitoring: trust custom cert. in output configuration (elastic…
66a05e0 
…#5945)

Stack monitoring: set "ssl.verification_mode" to "certificate" in the Beat output configuration in order to trust Elasticsearch certificates issued by "well known" certificate authorities or custom CA, which do not include the "private" service hostname used by Filebeat and Metricbeat.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pebrc pebrc pebrc approved these changes

Assignees
No one assigned
Labels
>bug Something isn't working v2.5.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Stack Monitoring certificate validation on beats
2 participants
@barkbay @pebrc