Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow TLS connection to ElasticSearch clusters with untrusted certs #485

Closed
zarelit opened this issue May 11, 2021 · 0 comments
Closed

Allow TLS connection to ElasticSearch clusters with untrusted certs #485

zarelit opened this issue May 11, 2021 · 0 comments
Labels
enhancement New feature or request

Comments

@zarelit
Copy link
Contributor

zarelit commented May 11, 2021

By default the ECK operator will deploy an ES cluster with TLS enabled with certificates that are not signed by a trusted CA.

ES clusters signed by custom CAs are pretty common when the service is not exposed to the Internet so it would be nice to support this usecase by adding an option to opt out of the certificate validation with something SkipCertValidation in the configuration file

cc/ @CDimonaco who experienced the same issue
@zarelit zarelit added the enhancement New feature or request label May 11, 2021
zarelit added a commit to phoops/botkube that referenced this issue May 12, 2021
@zarelit
Allow skipping certs validation of Elastic
a056244 
Allow user to skip certificate validation when connecting to the
Elasticsearch cluster (opt-in). It permits to use botkube with clusters
that don't have certificates signed by a CA that is trusted by the
botkube image, it often happens with clusters that are for internal use
only.

See kubeshop#485

Co-Authored-By: Carmine Di Monaco <carmine.dimonaco@computer.org>
@zarelit zarelit mentioned this issue May 12, 2021
Merged
PrasadG193 pushed a commit that referenced this issue Jul 2, 2021
@zarelit @CDimonaco
Allow skipping certs validation of Elastic (#487)
bcda42a 
* Allow skipping certs validation of Elastic

Allow user to skip certificate validation when connecting to the
Elasticsearch cluster (opt-in). It permits to use botkube with clusters
that don't have certificates signed by a CA that is trusted by the
botkube image, it often happens with clusters that are for internal use
only.

See #485

Co-Authored-By: Carmine Di Monaco <carmine.dimonaco@computer.org>

* Update go.sum

* Add the default value of skipTLSVerify in deploy manifests

Co-authored-by: David Costa <david@zarel.net>

* Add skipTLSVerify elasticsearch option to helm chart

Co-authored-by: David Costa <david@zarel.net>

* Bool instead of boolean in helm chart docs for skipTLSVerify elastic

Co-authored-by: David Costa <david@zarel.net>

Co-authored-by: Carmine Di Monaco <carmine.dimonaco@computer.org>
Co-authored-by: Carmine Di Monaco <carmine.dimonaco@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zarelit @PrasadG193