Skip to content

[Helm] Allow providing SSL settings to the Elastic Agent (standalone mode) #7785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pkoutsovasilis merged 2 commits into from
Apr 9, 2025
Merged

[Helm] Allow providing SSL settings to the Elastic Agent (standalone mode) #7785

pkoutsovasilis merged 2 commits into from
Apr 9, 2025

Conversation

@pkoutsovasilis
Copy link
Contributor

@pkoutsovasilis pkoutsovasilis commented Apr 9, 2025

What does this PR do?

This PR enhances the standalone deployment of Elastic Agent via the Helm chart by introducing support for configuring SSL settings on output definitions. Users can now specify custom certificate authorities, verification modes, and trusted CA fingerprints to establish secure connections to Elasticsearch clusters that use self-signed certificates.

Why is it important?

Without this, standalone agents cannot connect to Elasticsearch clusters using custom or self-signed certificates. This makes it difficult to deploy agents in secured environments. The PR fixes that by allowing SSL configuration on outputs.

Checklist

  • I have read and understood the pull request guidelines of this project.
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
  • I have added an integration test or an E2E test

Disruptive User Impact

This is a backwards compatible change, so no impact is expected.

How to test this PR locally

Follow the kubernetes-custom-output example.

Related issues

@pkoutsovasilis pkoutsovasilis added Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team skip-changelog backport-8.x Automated backport to the 8.x branch with mergify backport-8.18 Automated backport to the 8.18 branch backport-9.0 Automated backport to the 9.0 branch labels Apr 9, 2025
@pkoutsovasilis pkoutsovasilis self-assigned this Apr 9, 2025
@elasticmachine
Copy link
Contributor

elasticmachine commented Apr 9, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @pkoutsovasilis

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Apr 9, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@pkoutsovasilis pkoutsovasilis marked this pull request as ready for review April 9, 2025 12:36
@pkoutsovasilis pkoutsovasilis requested a review from a team as a code owner April 9, 2025 12:36
@elasticmachine
Copy link
Contributor

elasticmachine commented Apr 9, 2025

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@pkoutsovasilis
Copy link
Contributor Author

pkoutsovasilis commented Apr 9, 2025

just a gentle heads up @pchila @swiatekm that it would be ideal if that could make it in before tomorrow's last BC of 9.0 🙂

ebeahan
ebeahan approved these changes Apr 9, 2025
View reviewed changes
Copy link
Member

@ebeahan ebeahan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed at high-level, and the templating and manifest changes LGTM.

pchila
pchila approved these changes Apr 9, 2025
View reviewed changes
Copy link
Member

@pchila pchila left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM overall.
Minor nitpick on volumeMounts naming convention, not blocking.

@pkoutsovasilis pkoutsovasilis merged commit 6e1300c into elastic:main Apr 9, 2025
18 checks passed
mergify bot pushed a commit that referenced this pull request Apr 9, 2025
@pkoutsovasilis @mergify
[Helm] Allow providing SSL settings to the Elastic Agent (standalone …
e885183 
…mode) (#7785)

* feat(helm-chart): support specifying ssl settings to outputs for standalone agents

* doc(helm-chart): update kubernetes-custom-output example to include ssl settings

(cherry picked from commit 6e1300c)
@mergify mergify bot mentioned this pull request Apr 9, 2025
Merged
8 tasks
mergify bot pushed a commit that referenced this pull request Apr 9, 2025
@pkoutsovasilis @mergify
[Helm] Allow providing SSL settings to the Elastic Agent (standalone …
3b4adfa 
…mode) (#7785)

* feat(helm-chart): support specifying ssl settings to outputs for standalone agents

* doc(helm-chart): update kubernetes-custom-output example to include ssl settings

(cherry picked from commit 6e1300c)
mergify bot pushed a commit that referenced this pull request Apr 9, 2025
@pkoutsovasilis @mergify
[Helm] Allow providing SSL settings to the Elastic Agent (standalone …
cb59f50 
…mode) (#7785)

* feat(helm-chart): support specifying ssl settings to outputs for standalone agents

* doc(helm-chart): update kubernetes-custom-output example to include ssl settings

(cherry picked from commit 6e1300c)
This was referenced Apr 9, 2025
Merged
Merged
ebeahan pushed a commit that referenced this pull request Apr 9, 2025
@mergify @pkoutsovasilis
[Helm] Allow providing SSL settings to the Elastic Agent (standalone …
1c9cf29 
…mode) (#7785) (#7802)

* feat(helm-chart): support specifying ssl settings to outputs for standalone agents

* doc(helm-chart): update kubernetes-custom-output example to include ssl settings

(cherry picked from commit 6e1300c)

Co-authored-by: Panos Koutsovasilis <panos.koutsovasilis@elastic.co>
ebeahan pushed a commit that referenced this pull request Apr 9, 2025
@mergify @pkoutsovasilis
[Helm] Allow providing SSL settings to the Elastic Agent (standalone …
9786ac7 
…mode) (#7785) (#7803)

* feat(helm-chart): support specifying ssl settings to outputs for standalone agents

* doc(helm-chart): update kubernetes-custom-output example to include ssl settings

(cherry picked from commit 6e1300c)

Co-authored-by: Panos Koutsovasilis <panos.koutsovasilis@elastic.co>
ebeahan pushed a commit that referenced this pull request Apr 9, 2025
@mergify @pkoutsovasilis
[Helm] Allow providing SSL settings to the Elastic Agent (standalone …
a816166 
…mode) (#7785) (#7801)

* feat(helm-chart): support specifying ssl settings to outputs for standalone agents

* doc(helm-chart): update kubernetes-custom-output example to include ssl settings

(cherry picked from commit 6e1300c)

Co-authored-by: Panos Koutsovasilis <panos.koutsovasilis@elastic.co>
@pkoutsovasilis pkoutsovasilis deleted the helm/agent_output_ssl branch June 3, 2025 04:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pchila pchila pchila approved these changes

@ebeahan ebeahan ebeahan approved these changes

@swiatekm swiatekm Awaiting requested review from swiatekm

Assignees

@pkoutsovasilis pkoutsovasilis

Labels

backport-8.x Automated backport to the 8.x branch with mergify backport-8.18 Automated backport to the 8.18 branch backport-9.0 Automated backport to the 9.0 branch skip-changelog Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Helm] Allow providing SSL settings to the Elastic Agent (standalone mode)

4 participants

@pkoutsovasilis @elasticmachine @ebeahan @pchila