ben/cluster-state
1
0
Fork 0
Code Issues 1 Pull requests Activity Actions

fix(elk): add CA certificate binding and template for connectors

Browse source
This commit is contained in:
Ben Martin 2024-12-23 20:26:10 +00:00
parent b140ad0ba5
commit df2fa66eea
Signed by: ben
GPG key ID: 859A655FCD290E4A
1 changed files with 34 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

58
modules/elk/jobspec.nomad.hcl
View file

@ -302,6 +302,12 @@ job "elk" {
source = "local/config.yml"
target = "/config/config.yml"
}
mount {
type = "bind"
source = "local/elasticsearch-ca.crt"
target = "/config/elasticsearch-ca.crt"
}
}
resources {
@ -314,30 +320,7 @@ job "elk" {
elasticsearch:
host: "https://{{ range service "elk-lb-nginx" }}{{ .Address }}:{{ .Port }}{{ end }}"
api_key: "{{ with nomadVar "nomad/jobs/elk/connector/connector" }}{{.api_key}}{{ end }}"
tls:
verification_mode: certificate
certificate_authorities:
- |
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIVAIBOtzcdNrOdaYVMlCwIwXEon2d5MA0GCSqGSIb3DQEB
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
ZXJhdGVkIENBMB4XDTI0MDgxODE0MjMxOFoXDTI3MDgxODE0MjMxOFowNDEyMDAG
A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX3s3QrSr8hML1aKGp6npl
bBr3CMNMvs4jddQXDrnZKklrU7AM01XzvDH0GGlq+6QaOVhQAK8gwKsuiTzog1YP
H424EWJ2oDdHBnW4xIU0JO+x9rKVIEDlxvZGfjGM+oBVCXBwRyaT/iohHdiWedtp
PAcjIrH3N5Fnhyeg8M2SE2eLbfHn+yjr0Dh2wh2us5eKRyXw/WokFSSug/pMf2x3
9xjKpYOl5WqCK1OfdxlDLtHqr+UwqZao3RDazvkXq8Pxn310xcUxCdmTkU69Hwpb
KanX8ES/KOO40fHvo9MaRKPFpNa4B7ZQ4MfPWJbx9G8/rU2MdWA+DvEcxJwEv/Cn
AgMBAAGjUzBRMB0GA1UdDgQWBBRhHqO4e2XbUOrVsWO7q8eFrzSnhjAfBgNVHSME
GDAWgBRhHqO4e2XbUOrVsWO7q8eFrzSnhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQB7sds4bt/LlY3KEKLzb84e7YCd6tUVtQgFRsVFKTTC1sqW
FOctXN1IijX3IP9nLs4LfUy+K/XmCtMJPwI4GB1k+Sj0GMoVgggduGKVrRqaafU1
yl3m8fHZimN/vE5yO+jgsnEw8p47O5Op2y8DZM50Z9LTsiCVIiPhXmReSYJvebja
uT5BUhul5laraZwLfVpPSgNQ278AE5BUjhM/Lh3FjaIkUGKJEGH2lik4mQJEK7Ge
PcZADj93MaxqPOl0H3BMJRcm0tpWVLDqOwFuWFrAb48WgwvJjX4aM5G2zORwjAub
3MDhLOwZNtEqgKgmQD8jptUPZqA7fRYAFVxMS4OH
-----END CERTIFICATE-----
ca_certs: "/config/elasticsearch-ca.crt"
connectors:
- connector_id: "nKHt9JMBI0Po0M1lBKl2"
service_type: "network_drive"
@ -346,6 +329,33 @@ job "elk" {
destination = "local/config.yml"
}
template {
data = <<-EOF
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIVAIBOtzcdNrOdaYVMlCwIwXEon2d5MA0GCSqGSIb3DQEB
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
ZXJhdGVkIENBMB4XDTI0MDgxODE0MjMxOFoXDTI3MDgxODE0MjMxOFowNDEyMDAG
A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX3s3QrSr8hML1aKGp6npl
bBr3CMNMvs4jddQXDrnZKklrU7AM01XzvDH0GGlq+6QaOVhQAK8gwKsuiTzog1YP
H424EWJ2oDdHBnW4xIU0JO+x9rKVIEDlxvZGfjGM+oBVCXBwRyaT/iohHdiWedtp
PAcjIrH3N5Fnhyeg8M2SE2eLbfHn+yjr0Dh2wh2us5eKRyXw/WokFSSug/pMf2x3
9xjKpYOl5WqCK1OfdxlDLtHqr+UwqZao3RDazvkXq8Pxn310xcUxCdmTkU69Hwpb
KanX8ES/KOO40fHvo9MaRKPFpNa4B7ZQ4MfPWJbx9G8/rU2MdWA+DvEcxJwEv/Cn
AgMBAAGjUzBRMB0GA1UdDgQWBBRhHqO4e2XbUOrVsWO7q8eFrzSnhjAfBgNVHSME
GDAWgBRhHqO4e2XbUOrVsWO7q8eFrzSnhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQB7sds4bt/LlY3KEKLzb84e7YCd6tUVtQgFRsVFKTTC1sqW
FOctXN1IijX3IP9nLs4LfUy+K/XmCtMJPwI4GB1k+Sj0GMoVgggduGKVrRqaafU1
yl3m8fHZimN/vE5yO+jgsnEw8p47O5Op2y8DZM50Z9LTsiCVIiPhXmReSYJvebja
uT5BUhul5laraZwLfVpPSgNQ278AE5BUjhM/Lh3FjaIkUGKJEGH2lik4mQJEK7Ge
PcZADj93MaxqPOl0H3BMJRcm0tpWVLDqOwFuWFrAb48WgwvJjX4aM5G2zORwjAub
3MDhLOwZNtEqgKgmQD8jptUPZqA7fRYAFVxMS4OH
-----END CERTIFICATE-----
EOF
destination = "local/elasticsearch-ca.crt"
}
}
}