Skip to content

Add ssl.certificate_authorities configuration #2613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Feb 2, 2022
Merged

Add ssl.certificate_authorities configuration #2613

merged 7 commits into from
Feb 2, 2022

Conversation

tetianakravchenko
Copy link
Contributor

@tetianakravchenko tetianakravchenko commented Jan 28, 2022
edited
Loading

Signed-off-by: Tetiana Kravchenko tetiana.kravchenko@elastic.co

What does this PR do?

To support Openshift k8s package is missing some configuration settings - for more details - https://github.com/elastic/observability-docs/pull/1498/files and https://github.com/elastic/beats/pull/30054/files

for kubernetes.state_*:
no way to set:

  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  ssl.certificate_authorities:
    - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt

to all datastreams that connnect to https://${env.NODE_NAME}:10250 (like kubernetes.container) no way to set:

  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  ssl.certificate_authorities:
    - /path/to/ca-bundle.crt

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

Related issues

Screenshots

For kubernetes.state_* resources:
Screenshot 2022-01-28 at 14 19 40

for kubernetes.container:
Screenshot 2022-01-28 at 11 42 18

@tetianakravchenko
add ssl.certificate_authorities configuration
9dc565e 
Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>
@tetianakravchenko
update changelog
d33b16b 
Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>
tetianakravchenko
tetianakravchenko commented Jan 28, 2022
View reviewed changes
packages/kubernetes/data_stream/state_container/manifest.yml
title: SSL Certificate Authorities
multi: true
required: false
show_user: false
Copy link
Contributor Author

@tetianakravchenko tetianakravchenko Jan 28, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not set here a default value, though it is mostly standard - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt (for kubernetes.state_* datasets) just to avoid getting ssl.certificate_authorities setting in final config.
@ChrsMark @MichaelKatsoulis is there any better way to handle it?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think leaving it blank is just fine since you have the ifs in the handlebars file (stream.yml.hbs ).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@tetianakravchenko tetianakravchenko changed the title add ssl.certificate_authorities configuration Add ssl.certificate_authorities configuration Jan 28, 2022
ChrsMark
ChrsMark requested changes Jan 28, 2022
View reviewed changes
Copy link
Member

@ChrsMark ChrsMark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice @tetianakravchenko ! Could you maybe move node and namespace settings under advanced settings too? This would make the basic setting panel more compact.

@elasticmachine
Copy link

elasticmachine commented Jan 28, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Reason: null

  • Start Time: 2022-02-02T11:34:42.431+0000

  • Duration: 38 min 9 sec

  • Commit: 6f48fba

Test stats 🧪

Test Results
Failed 0
Passed 116
Skipped 0
Total 116

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@tetianakravchenko
set show_user to false for node and namespace fields
f5bb008 
Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>
@tetianakravchenko
Merge branch 'main' into k8s-add-ssl-fields
4fa740a
@tetianakravchenko
Merge branch 'k8s-add-ssl-fields' of github.com:tetianakravchenko/int…
43825ee 
…egrations into k8s-add-ssl-fields
@tetianakravchenko
fix typo
b39cd81 
Signed-off-by: Tetiana Kravchenko <tetiana.kravchenko@elastic.co>
@tetianakravchenko
Copy link
Contributor Author

@ChrsMark done f5bb008, also updated the screenshot in description

@ChrsMark
Copy link
Member

ChrsMark commented Feb 2, 2022

Thank you @tetianakravchenko ! It looks good now but there are some conflicts to be resolved.

@tetianakravchenko tetianakravchenko merged commit a30b182 into elastic:main Feb 2, 2022
@tetianakravchenko tetianakravchenko deleted the k8s-add-ssl-fields branch February 2, 2022 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChrsMark ChrsMark ChrsMark approved these changes

@MichaelKatsoulis MichaelKatsoulis MichaelKatsoulis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tetianakravchenko @elasticmachine @ChrsMark @MichaelKatsoulis