Open lucabelluccini opened 6 months ago
Hello @kilfoyle - it is not urgent, but I think we need to add this for air-gapped envs.
@michalpristas / @michel-laterman are the ones who worked on this feature.
For reference: https://github.com/elastic/sdh-beats/issues/4496
Description
Elastic Agent attempts to download the PGP/GPG key to validate the binaries. We had an unfortunate bug where the PGP/GPG key was downloaded even if it wasn't necessary. The bug was particularly unfortunate for air-gapped environments.
For air-gapped environments we need provide instructions to explain how to use a functionality introduced in 8.10.4 which allow Elastic Agents to download the PGP/GPG key from the Fleet Server. In particular, we need to explain how to customize the
server.pgp.upstream_url
in Fleet Serve settings in order to benefit from this new feature.I've not tested using
server.pgp.upstream_url
and in particular I do not know the behavior when:HTTP_PROXY/HTTPS_PROXY/NO_PROXY
)?Resources
https://support.elastic.dev/knowledge/view/5b5df063 (focus on Option I)
Collaboration
TBD. The docs and product team will work together to determine the best path forward.
Point of contact.
Main contact: @jlind23 / @pierrehilbert to delegate to the engineers who worked on the feature
Stakeholders: @lucabelluccini