EFK: Disable Elasticsearch server automatic TLS configuration #45

ricsanfre · 2022-03-22T16:29:28Z

Enhancement Request

Disabling TLS automatic configuration in Elasticsearch HTTP server to enable Linkerd to gather more statistics about connections. Linkerd is parsing plain text traffic (HTTP) and not encrypted (HTTPS)
Communications are still secured
- Communications, within the cluster, between components will be still secured by linkerd-proxy running as sidecars of Elasticsearch and Fluent-Bit pods (automatic mTLS provided by Linkerd service mesh)
- Communications, with components outside the cluster (i.e. ingestion of logs coming from control nodes like gateway), will be secured by Traefik acting as reverse proxy of Elasticsearch HTTP service, forcing TLS to the incoming communications (redirecting all HTTP traffic to HTTPS) and obtaining the corresponding TLS certificate from Cert-manager.

The text was updated successfully, but these errors were encountered:

ricsanfre added the enhancement New feature or request label Mar 22, 2022

ricsanfre changed the title ~~EFK: Disable Elasticsearch automatic TLS~~ EFK: Disable Elasticsearch server automatic TLS configuration Mar 22, 2022

ricsanfre added a commit that referenced this issue Mar 22, 2022

Fix #45: Disable Elasticsearch TLS configuratin

c3098cc

ricsanfre added a commit that referenced this issue Mar 22, 2022

Fix #45: Disable Elasticsearch TLS configuratin

2014c59

ricsanfre added this to the release 1.3 milestone Apr 1, 2022

ricsanfre mentioned this issue Apr 5, 2022

Feature/linkerd #48

Merged

ricsanfre closed this as completed in #48 Apr 5, 2022