openstack-helm-infra/tls.yaml at 62ef04afb19a0eb51b045cb25249b8ea7b204f00 - openstack-helm-infra - OpenDev: Free Software Needs Free Tools

openstack/openstack-helm-infra

Lo, Chi (cl566n) 9a719e2a18 Enable TLS between Elasticsearch and Kibana

This change enables TLS between Elasticsearch and Kibana
data path. Note that TLS terminates at apache-proxy container
of the Elasticsearch-client pod, not directly to port 9200 of
elasticsearch-client container.

Since all data traffic goes through apache-proxy container,
fluentd output to Elasticsearch are configured to have TLS
enabled as well.

In additon, other Elasticsearch pods that communicate with
Elasticsearch-client endpoint are modified to provide
the cacert option with curl.

Change-Id: I3373c0c350b30c175be4a34d25a403b9caf74294

2021-04-25 09:07:33 -07:00

18 lines

298 B

YAML

Raw Blame History

 ---
 conf:
   kibana:
     elasticsearch:
       ssl:
         certificateAuthorities: ["/etc/elasticsearch/certs/ca.crt"]
         verificationMode: certificate
 endpoints:
   elasticsearch:
     scheme:
       default: "https"
     port:
       http:
         default: 443
 manifests:
   certificates: true
 ...